Antique Mill Satisfies Food Cravings

May 9, 2025 by Tyler August 16 Comments

Everyone knows what its like to get a hankering for a specific food. In [Attoparsec]’s case, he wanted waffles. Not any waffles would do, though; he needed waffles in the form of a labyrinth. Those don’t exist, so he had to machine his own waffle maker.

Antique pantograph mill — When computers were the size of rooms, these stood in where we’d use CNC today.

Most of us would have run this off on a CNC, but [Attoparsec] isn’t into CNCing–manual machining is his hobby, and he’s not interested in getting into another one, no matter how much more productive he admits it might make him. We can respect that. After a bit of brain sweat thinking of different ways to cut out the labyrinth shape, he has the opportunity to pick up an antique Deckle pantograph mill.

These machines were what shops used to do CNC before the ‘computer numeric’ part was a thing. By tracing out a template (which [Attoparsec] 3D prints, so he’s obviously no Luddite) complex shapes can be milled with ease. Complex shapes like a labyrnthine wafflemaker. Check out the full video below; it’s full of all sorts of interesting details about the machining process and the tools involved.

If you don’t need to machine cast iron, but are interested in the techniques seen here, a wooden pantorouter might be more your speed than a one-tonne antique. If you have a hankering for waffles but would rather use CNC, check out these design tips to help you get started. If pancakes are more your style, why not print them?

Shoutout to [the gambler] for sending this into the tip line. We think he struck the jackpot on this one. If you have a tip, don’t be shy. Continue reading “Antique Mill Satisfies Food Cravings” →

This Week In Security: Encrypted Messaging, NSO’s Judgement, And AI CVE DDoS

May 9, 2025 by Jonathan Bennett 3 Comments

Cryptographic messaging has been in the news a lot recently. Like the formal audit of WhatsApp (the actual PDF). And the results are good. There are some minor potential problems that the audit highlights, but they are of questionable real-world impact. The most consequential is how easy it is to add additional members to a group chat. Or to put it another way, there are no cryptographic guarantees associated with adding a new user to a group.

The good news is that WhatsApp groups don’t allow new members to read previous messages. So a user getting added to a group doesn’t reveal historic messages. But a user added without being noticed can snoop on future messages. There’s an obvious question, as to how this is a weakness. Isn’t it redundant, since anyone with the permission to add someone to a group, can already read the messages from that group?

That’s where the lack of cryptography comes in. To put it simply, the WhatsApp servers could add users to groups, even if none of the existing users actually requested the addition. It’s not a vulnerability per se, but definitely a design choice to keep in mind. Keep an eye on the members in your groups, just in case. Continue reading “This Week In Security: Encrypted Messaging, NSO’s Judgement, And AI CVE DDoS” →

This Week In Security: AirBorne, EvilNotify, And Revoked RDP

May 2, 2025 by Jonathan Bennett 2 Comments

This week, Oligo has announced the AirBorne series of vulnerabilities in the Apple Airdrop protocol and SDK. This is a particularly serious set of issues, and notably affects MacOS desktops and laptops, the iOS and iPadOS mobile devices, and many IoT devices that use the Apple SDK to provide AirPlay support. It’s a group of 16 CVEs based on 23 total reported issues, with the ramifications ranging from an authentication bypass, to local file reads, all the way to Remote Code Execution (RCE).

AirPlay is a WiFi based peer-to-peer protocol, used to share or stream media between devices. It uses port 7000, and a custom protocol that has elements of both HTTP and RTSP. This scheme makes heavy use of property lists (“plists”) for transferring serialized information. And as we well know, serialization and data parsing interfaces are great places to look for vulnerabilities. Oligo provides an example, where a plist is expected to contain a dictionary object, but was actually constructed with a simple string. De-serializing that plist results in a malformed dictionary, and attempting to access it will crash the process.

Another demo is using AirPlay to achieve an arbitrary memory write against a MacOS device. Because it’s such a powerful primative, this can be used for zero-click exploitation, though the actual demo uses the music app, and launches with a user click. Prior to the patch, this affected any MacOS device with AirPlay enabled, and set to either “Anyone on the same network” or “Everyone”. Because of the zero-click nature, this could be made into a wormable exploit. Continue reading “This Week In Security: AirBorne, EvilNotify, And Revoked RDP” →

Single-Board Z80 Computer Draws Inspiration From Picasso

May 1, 2025 by Lewin Day 19 Comments

Picasso and the Z80 microprocessor are not two things we often think about at the same time. One is a renowned artist born in the 19th century, the other, a popular CPU that helped launch the microcomputer movement. And yet, the latter has come to inspire a computer based on the former. Meet the RC2014 Mini II Picasso!

As [concretedog] tells the story, what you’re fundamentally looking at is an RC2014 Mini II. As we’ve discussed previously, it’s a single-board Z80 retrocomputer that you can use to do fun things like run BASIC, Forth, or CP/M. However, where it gets kind of fun is in the layout. It’s the same fundamental circuitry as the RC2014, but it’s been given a rather artistic flair. The ICs are twisted this way and that, as are the passive components; even some of the resistors are dancing all over the top of one another. The kit is a limited edition, too, with each coming with a unique combination of colors where the silkscreen and sockets and LED are concerned. Kits are available via Z80Kits for those interested.

We love a good artistic PCB design; indeed, we’ve supported the artform heavily at Supercon and beyond. It’s neat to see the RC2014 designers reminding us that components need not live on a rigid grid; they too can dance and sway and flop all over the place like the eyes and or nose on a classic Picasso.

It’s weird, though; in a way, despite the Picasso inspiration, the whole thing ends up looking distinctly of the 1990s. In any case, if you’re cooking up any such kooky builds of your own, modelled after Picasso or any other Spanish master, don’t hesitate to notify the tipsline.

Creating An Electronic Board For Catan-Compatible Shenanigans

April 26, 2025 by Lewin Day No comments

[Sean Boyce] has been busy building board games. Specifically, an electronic strategy boardgame that is miraculously also compatible with Settlers of Catan.

[Sean’s] game is called Calculus. It’s about mining asteroids and bartering. You’re playing as a corporation attempting to mine the asteroid against up to three others doing the same. Do a good job of exploiting the space-based resource, and you’ll win the game.

Calculus is played on a board made out of PCBs. A Xiao RP2040 microcontroller board on the small PCB in the center of the playfield is responsible for running the show. It controls a whole ton of seven-segment displays and RGB LEDs across multiple PCBs that make up the gameboard. The lights and displays help players track the game state as they vie for asteroid mining supremacy. Amusingly, by virtue of its geometry and some smart design choices, you can also use [Sean]’s board to play Settlers of Catan. He’s even designed a smaller, cheaper travel version, too.

We do see some interesting board games around these parts, because hackers and makers are just that creative. If you’ve got your own board game hacks or builds in the works, don’t hesitate to let us know!

YKK’s Self-Propelled Zipper: Less Crazy Than It Seems

April 26, 2025 by Maya Posch 40 Comments

The self-propelled zip fastener uses a worm gear to propel itself along the teeth. (Credit: YKK)

At first glance the very idea of a zipper that unzips and zips up by itself seems somewhat ridiculous. After all, these contraptions are mostly used on pieces of clothing and gear where handling a zipper isn’t really sped up by having an electric motor sluggishly move through the rows of interlocking teeth. Of course, that’s not the goal of YKK, which is the world’s largest manufacturer of zip fasteners. The demonstrated prototype (original PR in Japanese) shows this quite clearly, with a big tent and equally big zipper that you’d be hard pressed to zip up by hand.

The basic application is thus more in industrial applications and similar, with one of the videos, embedded below, showing a large ‘air tent’ being zipped up automatically after demonstrating why for a human worker this would be an arduous task. While this prototype appears to be externally powered, adding a battery or such could make it fully wireless and potentially a real timesaver when setting up large structures such as these. Assuming the battery isn’t flat, of course.

It might conceivably be possible to miniaturize this technology to the point where it’d ensure that no fly is ever left unzipped, and school kids can show off their new self-zipping jacket to their friends. This would of course have to come with serious safety considerations, as anyone who has ever had a bit of their flesh caught in a zipper can attest to.

Continue reading “YKK’s Self-Propelled Zipper: Less Crazy Than It Seems” →

Sigrok Website Down After Hosting Data Loss

April 25, 2025 by Maya Posch 13 Comments

When it comes to open source signal analysis software for logic analyzers and many other sensors, Sigrok is pretty much the only game in town. Unfortunately after an issue with the server hosting, the website, wiki, and other documentation is down until a new hosting provider is found and the site migrated. This leaves just the downloads active, as well as the IRC channel (#sigrok) over at Libera.chat.

This is not the first time that the Sigrok site has gone down, but this time it seems that it’s more final. Although it seems a new server will be set up over the coming days, this will do little to assuage those who have been ringing the alarm bells about the Sigrok project. Currently access to documentation is unavailable, except via the WaybackMachine’s archive.

A tragic reality of FOSS projects is that they are not immortal, with them requiring constant time, money and effort to keep servers running and software maintained. This might be a good point for those who have a stake in Sigrok to consider what the project means to them, and what it might mean if it were to shutdown.