This Week In Security: Text Rendering On Windows, GNU Poke, And Bitsquatting

Project Zero just unrestricted the details on CVE-2021-24093, a potentially nasty vulnerability in Windows 10’s DirectWrite, a text rendering library. The flaw got fixed in this month’s patch Tuesday roundup. The flaw is accessible in all the major browsers on Windows 10, as they use DirectWrite for font rendering. The trick here is to use a malicious font that uses some nonsense values. Those values result in a buffer allocation that is too small for complex characters such as Æ.

Because the vulnerability is a Windows library, it’s possible that an exploit would automatically work as a sandbox escape, but I haven’t seen confirmation either way. Let us know if you have some insight there.

Via Bleeping Computer

GNU Poke

The good folks at GNU have minted the 1.0 release of poke, a new binary editing tool. The real killer feature of poke is that it can interpret binary data, decoding it back into readable data structures. If you’re familiar with the way Wireshark can decode packets and give useful, organized output, it seems that poke will provide a similar function, but not limited to network traffic.

It looks like it could become a useful tool for getting a look inside otherwise opaque binaries. What poke brings is a system where you can write pretty-printing templates on the fly, which should be very useful when mapping out an unfamiliar binary. Distros will likely pick up and start packaging poke in the coming weeks, making it even easier to get and play with. Continue reading “This Week In Security: Text Rendering On Windows, GNU Poke, And Bitsquatting”

Arduboy FX Mod-Chip: Now You’re Playing With Power

Traditionally, a forum full of technical users trying integrate their own hardware into a game system for the purposes of gaining unfettered access to its entire software library was the kind of thing that would keep engineers at Sony and Nintendo up at night. The development and proliferation of so called “mod chips” were an existential threat to companies that made their money selling video games, and as such, sniffing out these console hackers and keeping their findings from going public for as long as possible was a top priority.

But the Arduboy is no traditional game system. Its games are distributed for free, so a chip that allows users to cram hundreds of them onto the handheld at once isn’t some shady attempt to pull a fast one on the developers, it’s a substantial usability improvement over the stock hardware. So when Arduboy creator Kevin Bates found out about the grassroots effort to expand the system’s internal storage on the official forums, he didn’t try to put a stop to it. Instead, he asked how he could help make it a reality for as many Arduboy owners as possible.

Now, a little less than three years after forum member Mr.Blinky posted his initial concept for hanging an external SPI flash chip on the system’s test pads, the official Arduboy FX Mod-Chip has arrived. Whether you go the DIY route and build your own version or buy the ready-to-go module, one thing is for sure: it’s a must-have upgrade for the Arduboy that will completely change how you use the diminutive handheld.

Continue reading “Arduboy FX Mod-Chip: Now You’re Playing With Power”

Retrotechtacular: Philips Factory Tour, Circa 1930s

If you’ve got a half-hour or so to spare, you could do worse than this video trip through a Philips factory in the 1930s.

The film is presented without narration, but from the Dutch title cards and the fact that it’s Philips, we gather that this factory of gigantic proportions was somewhere in the Netherlands. In any case, it looks like something right out of [Fritz Lang]’s Metropolis and turned the rawest of materials into finished consumer products.

Much of the film focuses on the making of vacuum tubes; the sheer physicality of the job is what really stands out here. The upper body strength that the glassblowers had to have boggles the mind. Check out the chops — and the soon-to-be very unfashionable mustache — on the glassblower at the 12:00 mark. And it wasn’t just the gents who had mad skills — the fine motor control needed for the delicate assembly of the innards of the tubes, which seems to be mostly staffed by women, is just as impressive. We were also surprised by the amount these manual crafts were assisted by automated systems.

Especially interesting is the section where they build the luidspreker. Without narration or captions, it’s a little hard to tell what’s going on, but it appears that they used an enormous press to form chips of Bakelite into sleek covers for the speakers, which themselves are super-chunky affairs made from scratch in the factory. We’re also treated to assembly of the radios, packaging of finished products, and a group of dockworkers who clearly didn’t read the “Fragile” labels pasted on the boxes.

One can’t help but wonder if these people had the slightest inkling of what was about to sweep over them and the rest of the world. And if they did, would they even begin to comprehend how much the very products that they were making would contribute to both the slaughter of the coming war as well as to the sparing of so many lives? Likely not, but the film is still an interesting glimpse into the creation of an industry, one that relied very much on craftsmanship to get it started.

Continue reading “Retrotechtacular: Philips Factory Tour, Circa 1930s”

Rube Goldberg’s Least Complicated Invention Was His Cartooning Career

The name Rube Goldberg has long been synonymous with any overly-built contraption played for laughs that solves a simple problem through complicated means. But it might surprise you to learn that the man himself was not an engineer or inventor by trade — at least, not for long. Rube’s father was adamant that he become an engineer and so he got himself an engineering degree and a job with the city. Rube lasted six months engineering San Francisco’s sewer systems before quitting to pursue his true passion: cartooning.

Rube’s most famous cartoons — the contraptions that quickly became his legacy — were a tongue-in-cheek critique meant to satirize the tendency of technology to complicate our lives in its quest to simplify them. Interestingly, a few other countries have their own version of Rube Goldberg. In the UK it’s Heath Robinson, and in Denmark it’s Robert Storm Petersen, aka Storm P.

Rube Goldberg was a living legend who loved to poke fun at everything happening in the world around him. He became a household name early in his cartooning career, and was soon famous enough to endorse everything from cough drops to cigarettes. By 1931, Rube’s name was in the Merriam-Webster dictionary, his legacy forever cemented as the inventor of complicated machinery designed to perform simple tasks. As one historian put it, Rube’s influence on culture is hard to overstate.

Continue reading “Rube Goldberg’s Least Complicated Invention Was His Cartooning Career”

World’s First EVTOL Airport Will Land This November

We have to admit that flying cars still sound pretty cool. But if we’re ever going to get this idea off the ground, there’s a truckload of harsh realities that must be faced head-on. The most obvious and pressing issue might seem to be the lack of flying cars, but that’s not really a problem. Air taxis are already in the works from companies like Airbus, Rolls-Royce, and Cadillac, who premiered theirs at CES this year.

Where we’re going, we don’t need roads. But we do need infrastructure to support this growing category of air traffic that includes shipping drones that are already in flight. Say no more, because by November 2021, the first airport built especially for flying cars is slated to be operational in England.

Image via Hyundai

British startup Urban Air Port is building their flagship eVTOL hub smack dab in the center of Coventry, UK, a city once known as Britain’s Detroit due to the dozens of automobile makers who have called it home. They’re calling this grounded flying saucer-looking thing Air One, and they are building it in partnership with Hyundai thanks to a £1.2 million ($1.65M) grant from the British government. Hyundai are developing their own eVTOL which they are planning to release in 2028. Continue reading “World’s First EVTOL Airport Will Land This November”

Putting Lasers To Work Hack Chat

Join us on Wednesday, March 3 at noon Pacific for the Putting Lasers to Work Hack Chat with Jonathan Schwartz!

Laser cutting equipment runs the gamut in terms of cost, with low-end, almost disposable units that can be had for a song to high-power fiber lasers that only big businesses can afford. But the market has changed dramatically over the years, and there’s now a sweet-spot of affordable laser cutters that can really do some work. And while plenty of hobbyists have taken the plunge and added such a laser cutter to their shops, still others have looked at these versatile tools and realized that a business can be built around them.

For the next Hack Chat, we’ll be sitting down with Jonathan Schwartz. He started with laser cutters at his maker space, and quickly became the “laser guy” everyone turned to for answers. With about 10 years of experience, Jon set up American Laser Cutter in Los Angeles, to provide bespoke laser engraving and cutting services. He has built a business around mid-range laser cutters, and he’s ready to share what he’s learned. Join us as we talk about the machines, the materials, and the services that are part of a laser cutting business, and find out some of the tricks of the laser-jockey’s trade.

join-hack-chatOur Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, March 3 at 12:00 PM Pacific time. If time zones have you tied up, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.

 

Continue reading “Putting Lasers To Work Hack Chat”

Hackaday Links Column Banner

Hackaday Links: February 28, 2021

In an announcement that came as a surprise to few, NASA now says that landing humans on the Moon by 2024 is no longer likely. Acting administrator Steve Jurczyk lays the blame at the feet of Congress, for failing to provide the funds needed for Human Landing Systems development, a critical step needed to meet the aggressive overall timeline. The announcement doesn’t mark the end of the Artemis program; in fact, NASA is continuing to work on a realistic timeline for getting boots back on the lunar surface, and a decision on which of the three submitted proposals for a lunar lander will be further developed should be coming in the next few months. As far as we can see, this is simply an adjustment to the original timeline for a landing, but given the stunning recent success of Perseverance showing just what robots can do, we’d expect pushback from some quarters on the need for human exploration.

The entry-level 3D design market was thrown into considerable turmoil last year when Autodesk changed the licensing terms for its flagship Fusion 360 package. Hobbyists who had been enjoying relatively unfettered access to the powerful suite chafed at the new restrictions, leaving many to threaten to jump ship, apparently without much thought given to the dearth of alternative products. That may be changing now that Dassault Systèmes has announced two new versions of SolidWorks aimed at the maker and student segments. The Makers offer is intended for hobbyists who want to design for benchtop manufacturing methods like 3D-printing. The Students offer is aimed at engineering and design students looking to gain experience with the tools they’ll be expected to have mastered by the time they enter the job market. It looks like the Makers offer will be at least partly contingent on the interest expressed by the community, so you might want to make your feeling know on the subject. If the Makers edition comes to pass in the second half of this year, it will likely target a $99/year price point.

We stumbled upon an interesting YouTube series the other day that stirred the creative juices. We all probably remember the first time we learned about the Mandelbrot set, the fractal number set that looks something like a lumpy kidney bean and continues to do so no matter how far you zoom into it. The image may be complex but the math behind it is simple enough to implement in software that it’s often done as an exercise for CS students and other unfortunates. But implementing a Mandelbrot set generator in logic is possible too, which WildEngineering did in this video series. Rather than implement this as discrete logic gates, he used a neat logic simulator called Digital, which looks like a handy tool to learn all by itself. The Mandelbrot generator concepts are really instructive too, and it sure seems like the next logical step would be to gather the needed 74xx-series chips and start breadboarding. We’d love to give it a whirl ourselves, but won’t be heartbroken if someone beats us to it.

If it sometimes appears that we at Hackaday get a little frustrated with the comments section of the articles we write, rest assured that we know that we have the best readers on the planet, hands down. Where the toxicity of other corners of the Internet is often unbearable, our readers truly do make this a fabulously collaborative environment, on the whole.

In fact, some commenters even go so far as to basically write their own articles in response to one of ours, and when that happens we like to point it out. The article that spawned the effort was Kristina Panos’ excellent “What If I Never Make Version Two?”, a recent piece that dips a toe into the psychology of hacking. Peter Walsh picks up on the theme with his Hackaday.io page entitled “The Psychology of Version Two”, which we really enjoyed. After a brief look at the neurochemistry of happiness, Peter dives into some “brain hacks” to assess the need for a version 2. There are some great tips, and we really enjoyed both the original article and Peter’s response.