news

3D Printing Aluminum with Nanoparticles

September 25, 2017 by 15 Comments

We love our 3D printers. But sometimes we really wish we could print in metal. While metal printing is still out of reach for most of us, HRL Labs announced a powdered aluminum printing process that they claim is a breakthrough because it allows printing (and welding) of high-strength aluminum alloys that previously were unprintable and unweldable.

The key is treating the metal with special zirconium-based nanoparticles. The nanoparticles act as nucleation sites that allow the aluminum to form the correct microstructure. The full paper on the process appears in Nature.

Continue reading “3D Printing Aluminum with Nanoparticles”

FPGA Clocks for Software Developers (or Anyone)

September 21, 2017 by 17 Comments

It used to be that designing hardware required schematics and designing software required code. Sure, a lot of people could jump back and forth, but it was clearly a different discipline. Today, a lot of substantial digital design occurs using a hardware description language (HDL) like Verilog or VHDL. These look like software, but as we’ve pointed out many times, it isn’t really the same. [Zipcpu] has a really clear blog post that explains how it is different and why.

[Zipcpu] notes something we’ve seen all too often on the web. Some neophytes will write sequential code using Verilog or VHDL as if it was a conventional programming language. Code like that may even simulate. However, the resulting hardware will — at best — be very inefficient and at worst will not even work.

Continue reading “FPGA Clocks for Software Developers (or Anyone)”

OptionsBleed – Apache bleeds in uncommon configuration

September 19, 2017 by 8 Comments

[Hanno Böck] recently uncovered a vulnerability in Apache webserver, affecting Apache HTTP Server 2.2.x through 2.2.34 and 2.4.x through 2.4.27. This bug only affects Apache servers with a certain configuration in .htaccess file. Dubbed Optionsbleed, this vulnerability is a use after free error in Apache HTTP that causes a corrupted Allow header to be replied by the webserver in response to HTTP OPTIONS requests. This can leak pieces of arbitrary memory from the server process that may contain sensitive information. The memory pieces change after multiple requests, so for a vulnerable host an arbitrary number of memory chunks can be leaked.

Unlike the famous Heartbleed bug in the past, Optionsbleed leaks only small chunks of memory and more importantly only affects a small number of hosts by default. Nevertheless, shared hosting environments that allow for .htaccess file changes can be quite sensitive to it, as a rogue .htaccess file from one user can potentially bleed info for the whole server. Scanning the Alexa Top 1 Million revealed 466 hosts with corrupted Allow headers, so it seems the impact is not huge so far.

The bug appears if a webmaster tries to use the “Limit” directive with an invalid HTTP method. We decided to test this behaviour with a simple .htaccess file like this:

Continue reading “OptionsBleed – Apache bleeds in uncommon configuration”

Hackaday’s London Meetup Was A Corker

September 18, 2017 by 15 Comments

Upstairs at the Marquis Cornwallis pub in central London, around 75 Hackadayers convened, ate well, drank well, and were generally merry. Nearly everyone in attendance brought a hack with them, which meant that there was a lot to see in addition to all that socializing to be done.

I spoke with a huge number of people who all said the same thing: that it was fantastic to put faces to the names of the writers, hackers, and other readers. As a writer, I finally got to meet in person some of the people who’ve produced some of my favorite hacks, in addition to most that were totally new to me. I can’t say how often I heard “Oh you’re the person behind that project. I loved that one.” A real sense of the Hackaday community was on display. Continue reading “Hackaday’s London Meetup Was A Corker”

Sparky, the Electric Boat

September 15, 2017 by 13 Comments

They say the two best days of a boat owner’s life are the day that they buy the boat and the day they sell it. If you built your boat from scratch though, you might have a few more good days than that. [Paul] at [ElkinsDIY] is no stranger to building boats, but his other creations are a little too heavy for him to easily lift, so his latest is a fully electric, handmade boat that comes in at under 30 pounds and is sure to provide him with many more great days.

While the weight of the boat itself is an improvement over his older designs, this doesn’t include the weight of the batteries and the motor. To increase buoyancy to float this extra weight he made the boat slightly longer. A tiller provides steering and a trolling motor is used for propulsion. As of this video, the boat has a slight leak, but [Paul] plans to shore this up as he hammers out the kinks.

The boat is very manageable for one person and looks like a blast for cruising around the local lakes. Since it’s built with common tools and materials virtually anyone should be able to build something similar, even if you don’t have this specific type of plastic on hand.  And, while this one might not do well in heavy wind or seas, it’s possible to build a small one-person boat that can cross entire oceans.

Continue reading “Sparky, the Electric Boat”

Bluetooth Vulnerability Affects All Major OS

September 14, 2017 by 52 Comments

Security researchers from Armis Labs recently published a whitepaper unveiling eight critical 0-day Bluetooth-related vulnerabilities, affecting Linux, Windows, Android and iOS operating systems. These vulnerabilities alone or combined can lead to privileged code execution on a target device. The only requirement is: Bluetooth turned on. No user interaction is necessary to successfully exploit the flaws, the attacker does not need to pair with a target device nor the target device must be paired with some other device.

The research paper, dubbed BlueBorne (what’s a vulnerability, or a bunch, without a cool name nowadays?), details each vulnerability and how it was exploited. BlueBorne is estimated to affect over five billion devices. Some vendors, like Microsoft, have already issued a patch while others, like Samsung, remain silent. Despite the patches, some devices will never receive a BlueBorne patch since they are outside of their support window. Armis estimates this accounts for around 40% of all Bluetooth enabled devices.

A self-replicating worm that would spread and hop from a device to other nearby devices with Bluetooth turned on was mentioned by the researchers as something that could be done with some more work. That immediately reminds us of the BroadPwn vulnerability, in which the researchers implemented what is most likely the first WiFi only worm. Although it is definitely a fun security exercise to code such worm, it’s really a bad, bad idea… Right?…

So who’s affected?

Continue reading “Bluetooth Vulnerability Affects All Major OS”

Other Machine Co. Changes Name, Logo, Apparently Nothing Else

September 6, 2017 by 59 Comments

The name Other Machine Co. is now dead. In a post to the company blog, Other Machine Co. is now Bantam Tools. This news comes just months after the announcement that [Bre Pettis], one-third of the founders of MakerBot, investor in Glowforge, and undeservingly the most hated man in the 3D printer community, purchased Other Machine Co.

Over the past few years, the Othermill, Other Machine Co.’s main product, has gained a reputation for being a very, very nice CNC mill capable of producing PCBs with 6 mil trace and space. Additionally, the Othermill was excellent at very fine CNC work including wax carving jewelry, very neat inlay work on wood, and any other CNC task that doesn’t involve anything harder than aluminum and can fit inside the machine itself.

As of right now, the only change to the Othermill is the name — it’s now the Bantam Tools Desktop PCB Milling Machine. According to a Wired press release, this name change also comes with a change in focus. Bantam Tools will not focus on hobbyist makers, but instead to professionals that need PCBs and other small milling jobs done right now. For the record, I cannot recall the Othermill ever being advertised directly to ‘hobbyist makers’ — it has always seemed the target audience was professionals, or at least people who would make money from the stuff produced on their mill.

Other changes to the Othermill have been in the works for months. Since the time of the acquisition, Other Machine Co. / Bantam have introduced a PCB probing system, a desperately needed fine dust collection system, and automated material thickness probing. These new projects for Bantam mills are compatible with the old Othermill.