Fail2ban is a great tool for dynamically blocking IP addresses that show bad behavior, like making repeated login attempts. It was just announced that a vulnerability could allow an attacker to take over a machine by being blocked by Fail2ban. The problem is in the mail-whois action, where an email is sent to the administrator containing the whois information. Whois information is potentially attacker controlled data, and Fail2ban doesn’t properly sterilize the input before piping it into the mail binary. Mailutils has a feature that uses the tilde key as an escape sequence, allowing commands to be run while composing a message. Fail2ban doesn’t sanitize those tilde commands, so malicious whois data can trivially run commands on the system. Whois is one of the old-school unix protocols that runs in the clear, so a MItM attack makes this particularly easy. If you use Fail2ban, make sure to update to 0.10.7 or 0.11.3, or purge any use of mail-whois from your active configs. Continue reading “This Week In Security: Fail2RCE, TPM Sniffing, Fishy Leaks, And Decompiling”
News3696 Articles
Orbiter Is Now Open Source
We always have it on our list to learn more about Orbiter. If you haven’t seen it, it is a hyperrealistic space simulator. Granted, you can put it in an easy mode, but its real strength is you can very accurately model spacecraft like the Space Shuttle and have very realistic controls. In order to spur development, the program is now open source.
We think this is interesting for two reasons. First, if you ever wanted to contribute into a project of this scope, here’s your chance. You might not want to write a full-blow space simulator but you might have something to add. However, open source also means you can see how the program works and either reuse it in your own open source projects or just simply learn from the techniques.
FTC Rules On Right To Repair
A few days ago, the US Federal Trade Commission (FTC) came out with a 5-0 unanimous vote on its position on right to repair. (PDF) It’s great news, in that they basically agree with us all:
Restricting consumers and businesses from choosing how they repair products can substantially increase the total cost of repairs, generate harmful electronic waste, and unnecessarily increase wait times for repairs. In contrast, providing more choice in repairs can lead to lower costs, reduce e-waste by extending the useful lifespan of products, enable more timely repairs, and provide economic opportunities for entrepreneurs and local businesses.
The long version of the “Nixing the Fix” report goes on to list ways that the FTC found firms were impeding repair: ranging from poor initial design, through restrictive firmware and digital rights management (DRM), all the way down to “disparagement of non-OEM parts and independent repair services”.
While the FTC isn’t making any new laws here, they’re conveying a willingness to use the consumer-protection laws that are already on the books: the Magnuson-Moss Warranty Act and Section 5 of the FTC Act, which prohibits unfair competitive practices.
Only time will tell if this dog really has teeth, but it’s a good sign that it’s barking. And given that the European Union is heading in a similar direction, we’d be betting that repairability increases in the future.
Thanks [deshipu] for tipping us off on this one!
Seeing Inside A Gas Regulator
We’re surrounded by interesting engineering, but some of it is sealed inside a housing, away from easy inspection. A case in point; the humble gas regulator. It’s in equipment all around us, from a propane grill to welding gear. It’s a sealed unit — have you ever seen the inside, to know how it really works? Well thanks to [FarmCraft101], we get to do just that, in the video after the break.
To let the cat out of the bag, it’s essentially a hydraulic lever. A large diaphragm is pressurized by the low pressure side of the regulator, and is held back by a spring. When the pressure compared to ambient atmosphere is high enough to overcome the spring tension, the lever is tilted, closing the high pressure valve. Hence, pressure is determined by spring strength. We also get a look at how the system can fail — in this case it seemed to be some grit interfering with the valve. We find hidden engineering to be supremely satisfying, particularly when we get to understand it so clearly as we do here. Enjoy!
Simple Tip Helps With Powder Coating Perfection On Difficult Parts
To say that that the commercially available garden path lights commonly available at dollar stores are cheap is a vast overstatement of their true worthlessness. These solar-powered lights are so cheaply built that there’s almost no point in buying them, a fact that led [Mark Presling] down a fabrication rabbit hole that ends with some great tips on powder coating parts with difficult geometries.
Powder coating might seem a bit overkill for something as mundane as garden lights, but [Mark] has a point — if you buy something and it fails after a few weeks in the sun, you might as well build it right yourself. And a proper finish is a big part of not only getting the right look, but to making these totally un-Tardis-like light fixtures last in the weather. The video series below covers the entire design and build process, which ended up having an aluminum grille with some deep grooves. Such features prove hard to reach with powder coating, where the tiny particles of the coating are attracted to the workpiece thanks to a high potential difference between them. After coating, the part is heated to melt the particles and form a tough, beautiful finish.
But for grooves and other high-aspect-ratio features, the particles tend to avoid collecting in the nooks and crannies, leading to an uneven finish. [Mark]’s solution was to turn to “hot flocking”, where the part is heated before applying uncharged coating to the deep features. This gets the corners and grooves well coated before the rest of the coating is applied in the standard way, leading to a much better finish.
We love [Presser]’s attention to detail on this build, as well as the excellent fabrication tips and tricks sprinkled throughout the series. You might want to check out some of his other builds, like this professional-looking spot welder.
Continue reading “Simple Tip Helps With Powder Coating Perfection On Difficult Parts”
Walk The First 3D-Printed Bridge And Be Counted
Way back in 2018, we brought you news of a 3D-printed stainless steel pedestrian bridge being planned to span a Dutch canal in Amsterdam. Now it’s finally in place and open to the public — the Queen made it official and everything. MX3D printed it on their M1 Metal additive manufacturing machine that is essentially a group of robots welding layers of metal together using traditional welding wire and gas.
The partnership of companies involved originally planned to build this beautiful bridge in situ, but safety concerns and other issues prevented that and it was built in a factory instead. The bridge has been printed and ready since 2018, but a string of delays got in the way, including the fact that the canal’s walls had to be refurbished to accommodate it. Since it couldn’t be made on site, the bridge was taken there by boat and placed with a crane. After all this, the bridge is only permitted to be there for two years. Hopefully, they have the option to renew.
This feat of engineering spans 40 feet (12.2 meters) long and sits 20 feet (6.3 meters) wide. It’s equipped with sensors that measure structural stuff like strain, displacement, load, and rotation, and also has environmental sensors for air quality and temperature. All of this data is sent to the bridge’s digital twin, which is an exact replica in the form of a computer model. One of the goals is to teach the bridge how to count people. Be sure to check out our previous coverage for a couple of short videos about the bridge.
Arm Researchers Announce The PlasticArm
If the Cortex family of embedded microprocessors aren’t flexible enough for your designs, an article published this week (click here for the PDF version) in the journal Nature might be of interest. We’re not talking flexibility in terms of features, but real, physical flexibility of the microprocessor itself. A research team from Arm Ltd. has developed the PlasticArm, which is a 32-bit processor derived from the Cortex-M0+ family.
They accomplished this by constructing a CPU from metal-oxide thin-film transistors (TFT) on a polyimide substrate, the resultant chip being called a natively flexible microprocessor. While much of the hype focuses on the flexibility aspect, we think the real innovation here is the low cost. The processes used to deposit transistors onto silicon wafers is much more expensive than those on this flexible substrate.
Don’t get too excited just yet, because there were some compromises made along the way. Modern microprocessor silicon dies are measured in the tens of microns, but the PlasticArm total die size is a comparatively whopping 9 mm square. The researchers were appropriately focused on the core CPU, and the auxiliary building blocks such as ROM and RAM seem almost an afterthought. With only 456 bytes of program store and 128 bytes of RAM, only the tiniest of applications are suited to this chip. Other compromises were made, such as no internal registers — they are mapped to the external RAM — and the CPU runs a lot slower than we’re used to, topping out at 29 kHz (note: k not M).
There are certainly some challenges with this new technology, and we won’t be designing with these chips any time soon. But it has the potential to offer benefits in certain niche applications where low-cost and/or flexibility is more important than processor speed and performance.






