This Week In Security: Apache Nightmare, REvil Arrests? And The Ultimate RickRoll

October 8, 2021 by Jonathan Bennett 14 Comments

The Apache HTTP Server version 2.4.49 has a blistering vulnerability, and it’s already being leveraged in attacks. CVE-2021-41773 is a simple path traversal flaw, where the %2e encoding is used to bypass filtering. Thankfully the bug was introduced in 2.4.49, the latest release, and a hotfix has already been released, 2.4.50.

curl --data "echo;id" 'http://127.0.0.1:80/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh'

If that returns anything other than a 403 error, your server may be vulnerable. It’s worth pointing out that Apache is shipped with a configuration block that mitigates this vulnerability.

# Deny access to the entirety of your server's filesystem. You must # explicitly permit access to web content directories in other # blocks below. # <Directory /> AllowOverride none Require all denied </Directory>

The Day The Internet Stood Still

You might have noticed a bit of a kerfluffel on the Internet on Monday. Facebook dropped out for nearly six hours. While the break was nice for some, it was a major problem for others. What exactly happened? The most apparent cause was that the Facebook.com domain was returning nxdomain to DNS lookups. This led to some fun tweets, with screen caps showing Facebook.com for sale.
Continue reading “This Week In Security: Apache Nightmare, REvil Arrests? And The Ultimate RickRoll” →

Retrotechtacular: 3D-Printed Buildings, 1930s Style

October 6, 2021 by Dan Maloney 35 Comments

Here we are in the future, thinking we’re so fancy and cutting edge with mega-scale 3D printers that can extrude complete, ready-to-occupy buildings, only to find out that some clever inventor came up with essentially the same idea back in the 1930s.

The inventor in question, one [William E. Urschel] of Valparaiso, Indiana, really seemed to be onto something with his “Machine for Building Walls,” as his 1941 patent describes the idea. The first video below gives a good overview of the contraption, which consists of an “extruder” mounted on the end of a counterweighted boom, the length of which determines the radius of the circular structure produced. The boom swivels on a central mast, and is cranked up manually for each course extruded. The business end has a small hopper for what appears to be an exceptionally dry concrete or mortar mix. The hopper has a bunch of cam-driven spades that drive down into the material to push it out of the hopper; the mix is constrained between two rotating disks that trowel the sides smooth and drive the extruder forward.

The device has a ravenous appetite for material, as witnessed by the hustle the workers show keeping the machine fed. Window and door openings are handled with a little manual work, and the openings are topped with lintels to support the concrete. Clever tools are used to cut pockets for roof rafters, and the finished structure, complete with faux crenellations and a coat of stucco, looks pretty decent.

Continue reading “Retrotechtacular: 3D-Printed Buildings, 1930s Style” →

3D Printering: Corrugated Plastic For Cheaper & Easier Enclosures

October 6, 2021 by Donald Papp 37 Comments

Clear acrylic panels have long been a mainstay of 3D printer enclosure designs, but they can also add significant cost in terms of money, shipping, weight, and hassle. An alternative material worth looking at is corrugated plastic (also known by its trade name coroplast) which is cheap, light, an excellent insulator, and easy to work with. Many enclosure designs can be refitted to use it instead of acrylic, so let’s take a closer look at what it has to offer.

What’s Wrong With Acrylic?

It’s not just the purchase price that makes acrylic a spendy option. Acrylic is fairly heavy, and shipping pieces the size of enclosure panels can be expensive. Also, cutting acrylic without special tools can be a challenge because it cracks easily if mishandled. Acrylic cuts beautifully in a laser cutter, but most laser cutters accessible to a hobbyist are not big enough to make enclosure-sized panels. If you are stuck with needing to cut acrylic by hand, here are some tips on how to get by with the tools you have.

It is best to source acrylic from a local shop that can also cut it to size with the right tools for a reasonable price, but it is still far from being a cheap material. There’s another option: corrugated plastic has quite a few properties that make it worth considering, especially for a hobbyist.

Continue reading “3D Printering: Corrugated Plastic For Cheaper & Easier Enclosures” →

Yes, You Can Put Out A Burning Gas Well With A Nuclear Bomb

October 5, 2021 by Lewin Day 30 Comments

Nuclear explosives were first developed as weapons of war in the pitched environment of World War II. However, after the war had passed, thoughts turned to alternative uses for this new powerful technology. Scientists and engineers alike dreamed up wild schemes to dig new canals or blast humans into space with the mighty power of the atom.

Few of these ever came to pass, with radiological concerns being the most common reason why. However, the Soviet Union did in fact manage to put nuclear explosions to good use for civilian ends. One of the first examples was using a nuke to plug an out-of-control gas well in the mid 1960s.

Continue reading “Yes, You Can Put Out A Burning Gas Well With A Nuclear Bomb” →

Snails, Sensors, And Smart Dust: The Michigan Micro Mote

October 4, 2021 by Robin Kearey 17 Comments

If you want to track a snail, you need a tiny instrumentation package. How do you create an entire data acquisition system, including sensors, memory, data processing and a power supply, small enough to fit onto a snail’s shell?

Throughout history, humans have upset many ecosystems around the world by introducing invasive species. Australia’s rabbits are a famous example, but perhaps less well-known are the Giant African land snails (Lissachatina fulica) that were introduced to South Pacific islands in the mid-20th century. Originally intended as a food source (escargot africain, anyone?), they quickly turned out to be horrible pests, devouring local plants and agricultural crops alike.

Not to be deterred, biologists introduced another snail, hoping to kill off the African ones: the Rosy Wolfsnail (Euglandina rosea), native to the Southeastern United States. This predatory snail did not show great interest in the African intruders however, and instead went on to decimate the indigenous snail population, driving dozens of local species into extinction.

A snail with a solar sensor attached to its shell — A Rosy Wolfsnail carrying a light sensing Micro Mote on its back. Source: Cindy S. Bick et al., 2021

One that managed to survive the onslaught is a small white snail called Partula hyalina. Confined to the edges of the tropical forests of Tahiti, biologists hypothesized that it was able to avoid the predators by hiding in sunny places which were too bright for E. rosea. The milky-white shells of P. hyalina supposedly protected them from overheating by reflecting more sunlight than the wolf snails’ orange-brown ones.

This sounds reasonable, but biologists need proof. So a team from the University of Michigan set up an experiment to measure the amount of solar radiation experienced by both snail types. They attached tiny light sensors to the wolf snails’ shells and then released them again. The sensors measured the amount of sunlight seen by the animals and logged this information during a full day. The snails were then caught again and the data retrieved, and the results proved the original hypothesis.

So much for science, but exactly how did they pull this off? Continue reading “Snails, Sensors, And Smart Dust: The Michigan Micro Mote” →

Hackaday Links: October 3, 2021

October 3, 2021 by Dan Maloney 9 Comments

It’s one thing to speculate about what’s happening with the Mars helicopter Ingenuity, but it’s another to get an insider’s view on recent flight problems. As we previously reported, Ingenuity is starting to face a significant challenge, as a seasonal atmospheric pressure drop on Mars threatens to make the already rarefied air too thin to generate useful lift. Mission controllers tested the chopper at higher rotor speeds, and while that worked, later attempts to fly using that higher speed resulted in an abort. The article, written by one of the NASA/JPL engineers, is a deep dive into the problem, which occurred when Ingenuity sensed excessive wiggle in two of the servos controlling the rotor swashplate. The thought is that accumulated wear in the servos and linkages might be causing the problem; after all, Ingenuity has made thirteen flights so far, greatly exceeding the five flights originally programmed for it. Here’s hoping they can adapt and keep the helicopter flying, but whatever they do, it’ll have to wait a few weeks until Mars completes its conjunction and pops back out from behind the Sun.

With all the attention understandably paid to the recent 20th anniversary of the 9/11 terror attacks, it’s easy to forget that barely a month after that day, a series of what appeared to be follow-on attacks started: the Anthrax Attacks. Members of Congress and media outlets were targeted via the mail with highly refined anthrax spores, leading to the deaths of five people, with dozens more injured and exposed to anthrax. IEEE Spectrum has an interesting article that goes into some of the technology that was rapidly deployed in an attempt to sanitize the mail, including electron beam and X-ray irradiation to kill any spores. The article also points out how this wasn’t the first time people were afraid of the mail; outbreaks of yellow fever in 1899 led to fumigation of the mail with sulfur, after perforating it with a wicked-looking paddle.

Attention PCB-design newbies — now’s your chance to learn the entire PCB design process from the ground up, with the guidance of industry professionals. TeachMePCB is back again this year, offering to teach you everything you need to know about properly laying out a PCB design in pretty much any EDA software you want. The course requires a two- to five-hour commitment every week for two months, after which you’ll have designed a PCB for a macropad using a Raspberry Pi Pico. The course facilitator is Mark Hughes from Royal Circuits, who did a great Hack Chat with us last year on PCB finishes. This seems like a great way to get up to speed on PCB design, so if you’re interested, act soon — 460 people are already signed up, and the deadline is October 10.

Some of us really love factory tours, no matter what the factory is making. All the better when the factory makes cool electronics stuff, and better still when it’s our friends at Adafruit showing us around their New York City digs. True, it’s a virtual tour, but it has pretty much become a virtual world over the last couple of years, and it’s still a great look inside the Adafruit factory. Hackaday got an in-person tour back in 2015, but we didn’t know their building used to be a Westinghouse radio factory. In fact, the whole area was once part of the famed “Radio Row” that every major city seemed to have from the 1920s to the 1960s. It’s good to get a look inside a real manufacturing operation, especially one that’s right in the heart of a city.

And finally, those with a fear of heights might want to avoid watching this fascinating film on the change-out of a TV transmitter antenna. The tower is over 1,500′ (450 m) tall, lofting an aging antenna over the flat Florida terrain. Most of the footage comes from body-mounted cameras on the riggers working the job, including the one very brave soul who climbed up the partially unbolted antenna to connect it to the Sikorsky S64 Skycrane helicopter. It’s a strange combination of a carefully planned and slowly executed ballet, punctuated by moments of frenetic activity and sheer terror. The mishap when releasing the load line after the new antenna was placed could easily have swept the whole rigging crew off the antenna, but luckily nobody was injured.

Continue reading “Hackaday Links: October 3, 2021” →

Get Yer Halloween On!

October 2, 2021 by Elliot Williams 3 Comments

Halloween is basically built for the hacker. Besides the obvious fabrication of absurd costumes, there’s also the chance to showcase your skills, be they mechanical, audio, or video. It’s also a great time to show off our coolest tricks to inspire the young proto-hackers. If you need inspiration, we’ve got 150 ideas.

My personal problem with Halloween, though, is that I always start at the last minute, and my ideas far outreach my time budget. Or because it’s all done in the last minute, a whole bunch of ideas that should “just work” in theory run into the immovable object that is practice. At least that’s what happened with last year’s spooky sound effects — my son and I spent so much time collecting and recording scary audio samples that I ran out of time while still getting the sensitivity on the motion detector set just right, and then the battery died halfway through the night.

But this year will be different, I swear! I’m going to get it done early and test it out, with the luxury of time to debug the inevitable spiders. And you can swear too. Get started now on your Halloween project. Or at least next weekend.

What’s your favorite Halloween Hack?

Contests

If you need any more encouragement to fire up your black and orange hacking machine, think of Hackaday.io’s Halloween Hackfest. It runs until Oct 28, and all you have to do to enter is document your Halloween project on IO and press the “Submit” button. The deadline is the 28th, which still gives you a couple of nights to debug whatever didn’t work before the real deal. Prizes are shopping sprees at Digi-Key, and Adafruit is doubling the gift certificate if you use any Adafruit parts in the build.

If you don’t give a pumpkin about stupid ol’ Halloween, that’s cool too. (Grinch!) The 2021 Hackaday Prize has entered the final wildcard round. If your project didn’t fit in any of the previous categories, I’m pretty sure it’ll fit just fine in the anything-goes phase. Go nuts. We’d love to see what you’re working on.