Hackaday Links: October 9, 2022

October 9, 2022 by Dan Maloney 16 Comments

Don’t you just hate it when you walk out of the bathroom with toilet paper stuck to your shoe? That’s a little bit like what happened when the Mars helicopter Ingenuity picked up a strange bit of debris on one of its landing pads. The foreign object was spotted on the helicopter’s down-pointing navigation camera, and looks for all the world like a streamer of toilet paper flopping around in the rotor wash. The copter eventually shed the debris, which wafted down to the Martian surface with no further incident, and without any apparent damage to the aircraft. NASA hasn’t said more about what the debris isn’t — aliens — than what it is, which of course is hard to say at this point. We’re going to go out on a limb and say it’s probably something we brought there, likely a scrap of plastic waste lost during the descent and landing phase of the mission. Or, you know, it’s getting to be close to Halloween, a time when the landscape gets magically festooned with toilet paper overnight. You never know.

Continue reading “Hackaday Links: October 9, 2022” →

Mommy, Where Do Ideas Come From?

October 8, 2022 by Elliot Williams 38 Comments

We wrote up an astounding old use of technology – François Willème’s 3D scanning and modeling apparatus from 1861, over 150 years ago. What’s amazing about this technique is that it used absolutely cutting-edge technology for the time, photography, and the essence of a technique still used today in laser-line 3D scanners, or maybe even more closely related to the “bullet time” effect.

This got me thinking of how Willème could have possibly come up with the idea of taking 24 simultaneous photographs, tracing the outline in wood, and then re-assembling them radially into a 3D model. And all of this in photography’s very infancy.

But Willème was already a sculptor, and had probably seen how he could use photos to replace still models in the studio, at least to solidify proportions. And he was probably also familiar with making cameos, where the profile was often illuminated from behind and carved, often by tracing shadows. From these two, you could certainly imagine his procedure, but there’s still an admirable spark of genius at work.

Could you have had that spark without the existence of photography? Not really. Tracing shadows in the round is impractical unless you can fix them. The existence of photography enabled this idea, and countless others, to come into existence.

That’s what I think is neat about technology, and the sharing of new technological ideas. Oftentimes they are fantastic in and of themselves, like photography indubitably was. But just as often, the new idea is a seed for more new ideas that radiate outward like ripples in a pond.

Hackaday Podcast 188: Zapping Cockroaches, Tricking AIs, Antique 3D Scanning, And Grinding Chips To QFN

October 7, 2022 by Dan Maloney 7 Comments

It’s déjà vu all over again as Hackaday Editor-in-Chief Elliot Williams gets together with Staff Writer Dan Maloney to look over the best hacks from the past week. If you’ve got a fear of giant cockroaches, don’t worry; we’ll only mention the regular ones when we talk about zapping them with lasers. What do you need to shrinkify an NES? Just a little sandpaper and a lot of finesse.

Did you know that 3D scanning is (sort of) over a century old? Or that the first real microcomputer dates all the way back to 1972 — and isn’t one of those blinkenlight deals? And watch out for what you tell GPT-3 to ignore — it might just take you very seriously. We’ll touch on solar-powered cameras, a compressor of compressors, and talk about all the unusual places to find lithium batteries for your projects. It’s an episode so good you might just want to listen to it twice!

(In case you’re wondering about all this “twice” stuff — Elliot forgot to hit record on the first take and we had to do the entire podcast over again. Oh, the humanity!)

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download here!

Continue reading “Hackaday Podcast 188: Zapping Cockroaches, Tricking AIs, Antique 3D Scanning, And Grinding Chips To QFN” →

This Week In Security: PHP Attack Defused, Scoreboard Manipulation, And Tillitis

October 7, 2022 by Jonathan Bennett 1 Comment

If you use PHP, you likely use the Composer tool for managing dependencies, at least indirectly. And the good folks at SonarSource found a nasty, potential supply chain attack in this tool, when used in the Packagist repository. The problem is the support for arbitrary README filenames. When a package update shows up on Packagist, that service uses a Version Control Service (VCS) like Git or Mercurial to pull the specified readme location. That pull operation is subject to argument injection. Name your branch --help, and Git will happily run the help argument instead of doing the pull intended. In the case of Git commands, our intrepid researchers were unable to weaponize the issue to achieve code execution.

Composer also supports projects that use Mercurial as their VCS, and Mercurial has a --config option that has… interesting potential. It allows redefining a Mecurial command as a script snippet. So a project just has to contain a malicious payload.sh, and the readme set to --config=alias.cat=!hg cat -r : payload.sh|sh;,txt. For those keeping track at home, the vulnerability is that this cursed string of ugly is accepted by Composer as a valid filename. This uses the --config trick to redefine cat as a bit of script that executes the payload. It ends in .txt because that is a requirement of Composer.

So let’s talk about what this little hack could have been used for, or maybe still used for on an unpatched, private install of Packagist. This is an unattended attack that jumps straight to remote script execution — on an official package repository. If discovered and used for evil, this would have been a massive supply chain attack against PHP deployments. Instead, thanks to SonarSource, it was discovered and disclosed privately back in April. The official Packagist repo at packagist.org was fixed the day after disclosure, and a CVE and updated packages went out six days later. Great work all around.
Continue reading “This Week In Security: PHP Attack Defused, Scoreboard Manipulation, And Tillitis” →

Immersive Cursive: Growing Up Loopy

October 6, 2022 by Kristina Panos 28 Comments

Growing up, ours was a family of handwritten notes for every occasion. The majority were left on the kitchen counter next to the sink, or in a particular spot on the all-purpose table in the breakfast nook. Whether one was professing their familial love and devotion on the back of a Valpak coupon, or simply communicating an intent to be home before dinnertime, the words were generally immortalized in BiC on whatever paper was available, and timestamped for the reader’s information. You may have learned cursive in school, but I was born in it — molded by it. The ascenders and descenders betray you because they belong to me.

Both of my parents always seemed to be incapable of printing in anything other than all caps, so I actually preferred to see their cursive most of the time. As a result, I could ~~copy~~ read it quite easily from an early age. Well, I don’t think I ever had any hope of imitating Dad’s signature. But Mom’s on the other hand — like I said in the first installment, it was important for my signature to be distinct from hers, given that we have the same name — first, middle, and last. But I could probably still bust out her signature if it came down to something going on my permanent record.

While my handwriting was sort of naturally headed towards Mom’s, I was more interested in Dad’s style and that of my older brother. He had small caps handwriting down to an art, and my attempts to copy it have always looked angry and stilted by comparison. In addition, my brother’s cursive is lovely and quick, while still being legible.

Continue reading “Immersive Cursive: Growing Up Loopy” →

The State Of The SBC Interface Ecosystem, Is It Time To Design A Standard?

October 5, 2022 by Jenny List 132 Comments

We are spoiled for choice when it comes to single board computers, whether they be based around a microcontroller or a more capable SoC capable of running an operating system such as GNU/Linux. They can be had from well-established brands such as Arduino, Adafruit, or Raspberry Pi, or from a Wild West of cheaper Far Eastern modules carrying a plethora of different architectures.

Everyone has their own favourite among them, and along with that comes an ecosystem of operating systems and software development environments. There’s another aspect to these boards which has evolved; certain among them have become de facto interface connector standards for hardware peripherals. Do these standards make any sense? Let’s talk about that.

Continue reading “The State Of The SBC Interface Ecosystem, Is It Time To Design A Standard?” →

2022 Hackaday Supercon Speakers Will Inspire You

October 4, 2022 by Elliot Williams 10 Comments

The return of Supercon is taking place in just a month. We’ve got 45 fantastic talks and workshops planned for the three-day weekend, and they are as varied and inspiring as the Hackaday community itself. From molecules to military connectors, here’s an even dozen talks to whet your appetite.

Supercon is the Ultimate Hardware Conference and you need to be there! We’ll continue to announce speakers and workshops over the next couple weeks. Supercon will sell out so get your tickets now before it’s too late. And stay tuned for the next round of talk reveals next week! Continue reading “2022 Hackaday Supercon Speakers Will Inspire You” →