This excellent content from the Hackaday writing crew highlights recurring topics and popular series like Linux-Fu, 3D-Printering, Hackaday Links, This Week in Security, Inputs of Interest, Profiles in Science, Retrotechtacular, Ask Hackaday, Teardowns, Reviews, and many more.
This week, Jonathan Bennett chats with Bashonly about yt-dlp, the audio/video downloader that carries the torch from youtube-dl! Why is this a hard problem, and what does the future hold for this swiss-army knife of video downloading? Watch to find out!
Continue reading “FLOSS Weekly Episode 827: Yt-dlp, Sometimes You Can’t See The Tail”
Tattoos. Body paint. Henna. All these are popular kinds of body art with varying histories and cultural connotations, many going back centuries or even longer. They all have something in common, though—they all change how the body reflects light back to the viewer. What if, instead, body art could shine a light of its very own?
This is the precise topic which [Katherine Connell] came to discuss at the 2024 Hackaday Supercon. Her talk concerns rethinking body art with the use of light emitting diodes—and is both thoroughly modern and aesthetically compelling. Beyond that, it’s an engineering development story with liquid metal and cutting-edge batteries that you simply don’t want to miss!
Continue reading “Supercon 2024: Rethinking Body Art With LEDs”
Are you eager to get your feet wet in the keyboard surf, but not quite ready to stand up and ride the waves of designing a full-size board? You should paddle out with a macro pad instead, and take on the foam face-first and lying down.
Naturally, the fewer keys and things you want, the easier it will be to build. But [Robert] is using the versatile Raspberry Pi 2040, which has plenty of I/O pins if you want to expand on his basic plan. Not ready to watch the videos? You can see the schematic and the 3D files on GitHub.
As [Robert] says, this is a great opportunity to learn many skills at once, while ending up with something terrifically useful that could potentially live on your desk from then on. And who knows where that could lead?
Continue reading “Keebin’ With Kristina: The One With The Leather Keyboard”
The hits just keep coming for the International Space Station (ISS), literally in the case of a resupply mission scheduled for June that is now scrubbed thanks to a heavy equipment incident that damaged the cargo spacecraft. The shipping container for the Cygnus automated cargo ship NG-22 apparently picked up some damage in transit from Northrop Grumman’s Redondo Beach plant in Los Angeles to Florida. Engineers inspected the Cygnus and found that whatever had damaged the container had also damaged the spacecraft, leading to the June mission’s scrub.
Mission controllers are hopeful that NG-22 can be patched up enough for a future resupply mission, but that doesn’t help the ISS right now, which is said to be running low on consumables. To fix that, the next scheduled resupply mission, a SpaceX Cargo Dragon slated for an April launch, will be modified to include more food and consumables for the ISS crew. That’s great, but it might raise another problem: garbage. Unlike the reusable Cargo Dragons, the Cygnus cargo modules are expendable, which makes them a great way to dispose of the trash produced by the ISS crew since everything just burns up on reentry. The earliest a Cygnus is scheduled to dock at the ISS again is sometime in this autumn, meaning it might be a long, stinky summer for the crew.
We ran a story about a wall-mounted plotter bot this week, Mural. It’s a simple, but very well implemented, take on a theme that we’ve seen over and over again in various forms. Two lines, or in this case timing belts, hang the bot on a wall, and two motors drive it around. Maybe a servo pulls the pen in and out, but that’s about it. The rest is motor driving and code.
We were thinking about the first such bot we’ve ever seen, and couldn’t come up with anything earlier than Hektor, a spray-painting version of this idea by [Juerg Lehni]. And since then, it’s reappeared in numerous variations.
Some implementations mount the motors on the wall, some on the bot. There are various geometries and refinements to try to make the system behave more like a simple Cartesian one, but in the end, you always have to deal with a little bit of geometry, or just relish the not-quite-straight lines. (We have yet to see an implementation that maps out the nonlinearities using a webcam, for instance, but that would be cool.) If you’re feeling particularly reductionist, you can even do away with the pen-lifter entirely and simply draw everything as a connected line, Etch-a-Sketch style. Maslow CNC swaps out the pen for a router, and cuts wood.
What I love about this family of wall-plotter bots is that none of them are identical, but they all clearly share the same fundamental idea. You certainly wouldn’t call any one of them a “copy” of another, but they’re all related, like riffing off of the same piece of music, or painting the same haystack in different lighting conditions: robot jazz, or a study in various mechanical implementations of the same core concept. The collection of all wall bots is more than the sum of its parts, and you can learn something from each one. Have you made yours yet?
(Fantastic plotter-bot art by [Sarah Petkus] from her write-up ten years ago!)
It might not be Pi Day anymore, but Elliot and Dan got together for the approximately 100*Pi-th episode of the Podcast to run through the week’s coolest hacks. Ultrasound seemed to be one of the themes, with a deep dive into finding bugs with sonar as well as using sound to cut the cheese — and cakes and pies, too.
The aesthetics of PCBs were much on our minds, too, from full-color graphics on demand to glow-in-the-dark silkscreens. Is automation really needed to embed fiber optics in concrete? Absolutely! How do you put plasma in a bottle? Apparently, with kombucha, Nichrome, and silicone. If you need to manage your M:TG cards, scribble on the walls, or build a mechanical chase light, we’ve got the details. And what exactly is a supercomputer? We can’t define it, but we know one when we see it.
This week, researchers from Wiz Research released a series of vulnerabilities in the Kubernetes Ingress NGINX Controller that, when chained together, allow an unauthorized attacker to completely take over the cluster. This attack chain is known as IngressNightmare, and it affected over 6500+ Kubernetes installs on the public Internet.
The background here is that web applications running on Kubernetes need some way for outside traffic to actually get routed into the cluster. One of the popular solutions for this is the Ingress NGINX Controller. When running properly, it takes incoming web requests and routes them to the correct place in the Kubernetes pod.
When a new configuration is requested by the Kubernetes API server, the Ingress Controller takes the Kubernetes Ingress objects, which is a standard way to define Kubernetes endpoints, and converts it to an NGINX config. Part of this process is the admission controller, which runs nginx -t on that NGINX config, to test it before actually deploying.
As you might have gathered, there are problems. The first is that the admission controller is just a web endpoint without authentication. It’s usually available from anywhere inside the Kubernetes cluster, and in the worst case scenario, is accessible directly from the open Internet. That’s already not great, but the Ingress Controller also had multiple vulnerabilities allowing raw NGINX config statements to be passed through into the config to be tested. Continue reading “This Week In Security: IngressNightmare, NextJS, And Leaking DNA”
