This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.
A few days ago, I ran into an online post where someone pointed out the book “Learn to Program with Assembly” and asked if anyone had ever learned assembly language as a first programming language. I had to smile because, if you are a certain age, your first language may well have been assembly, even if it was assembly for machines that never existed.
Of course, that was a long time ago. It is more likely, these days, if you are over 40, you might have learned BASIC first. Go younger, and you start skewing towards Java, Javascript, or even C. It got me thinking, though: should people learn assembly, and if so, when?
Elliot Williams and Tom Nardi start this week’s episode by addressing the ongoing Red Hat drama and the trend towards “renting” software. The discussion then shifts to homebrew VR gear, a particularly impressive solar-powered speaker, and some promising developments in the world of low-cost thermal cameras. Stay tuned to hear about color-changing breadboards, an unofficial logo for repairable hardware, and five lines of Bash that aim to unseat the entrenched power of Slack. Finally, we’ll take the first steps in an epic deep-dive into the world of DisplayPort, and take a journey of the imagination aboard an experimental nuclear ocean liner.
Check out the complete show notes below, and as always, let us know what you think in the comments.
First up, Apple issued an emergency patch, then yanked, and re-issued it. The problem was a Remote Code Execution (RCE) vulnerability in WebKit — the basis of Apple’s cross-platform web browser. The downside of a shared code base,is that bugs too are write-once, exploit-anywhere. And with Apple’s walled garden insisting that every browser on iOS actually run WebKit under the hood, there’s not much relief without a patch like this one.
The vulnerability in question, CVE-2023-37450, is a bit light on further details except to say that it’s known to be exploited in the wild. The first fix also bumped the browser’s user-agent string, adding an (a) to denote the minor update. This was apparently enough to break some brittle user-agent detection code on popular websites, resulting in an unhelpful “This web browser is no longer supported” message. The second patch gets rid of the notification.
Microsoft Loses It
Microsoft has announced that on May 15th, an attack from Storm-0558 managed to breach the email accounts of roughly 25 customers. This was pulled off via “an acquired Microsoft account (MSA) consumer signing key.” The big outstanding question is how Microsoft lost control of that particular key. According to an anonymous source speaking to The Washington Post, some of the targeted accounts were government employees, including a member of cabinet. Apparently the FBI is asking Microsoft this very same question.
Speaking of Microsoft, there’s also CVE-2023-36884, a vulnerability in Microsoft Office. This one appears to be related to the handling of HTML content embedded in Office documents, and results in code execution upon opening the document. This along with another vulnerability (CVE-2023-36874) was being used by storm- another unknown threat actor, Storm-0978 in an ongoing attack.
If you hack things in the real world, you probably have one or more rolls of duck tape. Outside of the cute brand name, many people think that duck tape is a malapropism, but in truth it is the type of cloth traditionally used in our favorite tape: cotton duck. However, as we’ll see, it’s not entirely wrong to call it duct tape either. Whatever you call it, a cloth material has an adhesive backing and is coated with something like polyethylene.
Actually, the original duck tape wasn’t adhesive at all. It was simply strips of cotton duck used for several purposes, including making shoes and wrapping steel cables like the ones placed in 1902 at the Manhattan Bridge. By 1910, the tape was made with adhesive on one side and soaked in rubber, found use in hospitals for binding wounds. In May 1930, Popular Mechanics advised melting rubber from an old tire and adding rosin to create a compound to coat cotton tape, among other things.
Not long after the first desktop 3D printers were created, folks started wondering what other materials they could extrude. After all, plastic is only good for so much, and there’s plenty of other interesting types of goop that lend themselves to systematic squirting. Clay, cement, wax, solder, even biological material. The possibilities are vast, and even today, we’re still exploring new ways to utilize additive manufacturing.
Ellie Weinstein
But while most of the research has centered on the practical, there’s also been interest in the tastier applications of 3D printing. Being able to print edible materials offers some fascinating culinary possibilities, from producing realistic marbling in artificial steaks to creating dodecahedron candies with bespoke fillings. Unfortunately for us, the few food-safe printers that have actually hit the market haven’t exactly been intended for the DIY crowd.
That is, until now. After nearly a decade in development, Ellie Weinstein’s Cocoa Press chocolate 3D printer kit is expected to start shipping before the end of the year. Derived from the Voron 0.1 design, the kit is meant to help those with existing 3D printing experience expand their repertoire beyond plastics and into something a bit sweeter.
So who better to host our recent 3D Printing Food Hack Chat? Ellie took the time to answer questions not just about the Cocoa Press itself, but the wider world of printing edible materials. While primarily designed for printing chocolate, with some tweaks, the hardware is capable of extruding other substances such as icing or peanut butter. It’s just a matter of getting the printers in the hands of hackers and makers, and seeing what they’ve got an appetite for.
Usually, if you are listening to people debate about nuclear issues, it is one of two topics: how to deal with nuclear weapon stockpiles or if we want nuclear power plants in our backyard. But there was a time when the US and the USSR had more peaceful plans for nuclear bombs. While peaceful plans for nuclear bombs might sound like an oxymoron, there was somewhat of a craze for all things nuclear at some point, and it wasn’t clear that nuclear power and explosives wouldn’t take over many industries as the transistor did, or the vacuum tube before it.
You may have heard about Project (or Operation) Plowshare, the US effort to find a peaceful use for all those atom bombs. The Atomic Energy Commission video below touts the benefits “for all nations.” What benefits? Mostly moving earth, including widening the Panama Canal or creating a new canal, cutting highways through mountains, assisting mining and natural gas production, and creating an artificial harbor. There was also talk of using atomic blasts to create new materials and, of course, furthering the study of the atom.
Boomboxes are one of those status symbols that define the 1980s and part of the 1990s, being both a miracle of integration and the best way to share your love of music with as many people as possible. Naturally, this led Joe Grand to figure that it would make it a perfect subject for a modern take on such an iconic device. The primary inspiration for this came from a piezo speaker developed by TDK called the ‘PiezoListen’. These are piezo devices that can be less than a millimeter thick, while still claiming to reproduce a broad range of audio frequencies.
Just having these speakers is only part of the solution, of course, which led Joe down the rabbithole of not only figuring out the components that should go into the system, but also how to get it all on a single PCB and see how far one can push different solder mask colors with an appropriately boombox-like design. At its core is a Raspberry Pi Zero 2 W that runs Mopidy, to provide music server functionality. Also added are some RGB lighting and touch controls.
