Apple Forces The Signing Of Applications In MacOS Sequoia 15.1

November 1, 2024 by Maya Posch 137 Comments

The dialogue that greets you when you try to open an unsigned application in MacOS Sequoia 15.1.

Many MacOS users are probably used by now to the annoyance that comes with unsigned applications, as they require a few extra steps to launch them. This feature is called Gatekeeper and checks for an Apple Developer ID certificate. Starting with MacOS Sequoia 15, the easy bypassing of this feature with e.g. holding Control when clicking the application icon is now no longer an option, with version 15.1 disabling ways to bypass this completely. Not unsurprisingly, this change has caught especially users of open source software like OpenSCAD by surprise, as evidenced by a range of forum posts and GitHub tickets.

The issue of having to sign applications you run on MacOS has been a longstanding point of contention, with HomeBrew applications affected and the looming threat for applications sourced from elsewhere, with OpenSCAD issue ticket #880 from 2014 covering the saga for one OSS project. Now it would seem that to distribute MacOS software you need to have an Apple Developer Program membership, costing $99/year.

So far it appears that this forcing is deliberate on Apple’s side, with the FOSS community still sorting through possible workarounds and the full impact.

Thanks to [Robert Piston] for the tip.

This Week In Security: Playing Tag, Hacking Cameras, And More

November 1, 2024 by Jonathan Bennett 3 Comments

Wired has a fascinating story this week, about the length Sophos has gone to for the last 5 years, to track down a group of malicious but clever security researchers that were continually discovering vulnerabilities and then using those findings to attack real-world targets. Sophos believes this adversary to be overlapping Chinese groups known as APT31, APT41, and Volt Typhoon.

The story is actually refreshing in its honesty, with Sophos freely admitting that their products, and security products from multiple other vendors have been caught in the crosshairs of these attacks. And indeed, we’ve covered stories about these vulnerabilities over the past weeks and months right here on this column. The sneaky truth is that many of these security products actually have pretty severe security problems.

The issues at Sophos started with an infection of an informational computer at a subsidiary office. They believe this was an information gathering exercise, that was a precursor to the widespread campaign. That campaign used multiple 0-days to crack “tens of thousands of firewalls around the world”. Sophos rolled out fixes for those 0-days, and included just a bit of extra logging as an undocumented feature. That logging paid off, as Sophos’ team of researchers soon identified an early signal among the telemetry. This wasn’t merely the first device to be attacked, but was actually a test device used to develop the attack. The game was on. Continue reading “This Week In Security: Playing Tag, Hacking Cameras, And More” →

2024 Supercon: Last Minute Announcements

October 29, 2024 by Tom Nardi 4 Comments

If you’re hear a rushing noise, don’t be alarmed — that’s just the rapidly approaching 2024 Hackaday Supercon. As hard as it is to believe, a whole year has gone by, and we’re now just a few days away from kicking off our annual hardware hacking extravaganza in Pasadena. Tickets just sold out over the weekend — thank you procrastinators!

For those of you who have tickets to join us this weekend, we’ve got a few last minute announcements and bits of information we wanted to get out to you. As a reminder, you can find the full schedule for all three days on the official Supercon site.

Continue reading “2024 Supercon: Last Minute Announcements” →

Raspberry Pi OS’s Wayland Transition Completed With Switch To Labwc

October 28, 2024 by Maya Posch 88 Comments

With the latest release of Raspberry Pi OS (formerly Raspbian) the end of the X Window System has become reality, completing a years-long transition period. Although this change between display servers is not something which should be readily apparent to the casual user, the change from the client-server-based X11 protocol to the monolithic Wayland protocol has a number of implications. A major change is that with the display server and window manager no longer being separate units, features such as network transparency (e.g. remote X-sessions) are no longer a native feature, but have to be implemented separately by e.g. the Wayland compositor. Continue reading “Raspberry Pi OS’s Wayland Transition Completed With Switch To Labwc” →

The Pound ( Or Euro, Or Dollar ) Can Still Be In Your Pocket

October 27, 2024 by Jenny List 88 Comments

A British journalistic trope involves the phrase “The pound in your pocket”, a derisory reference to the 1960s Prime Minister Harold Wilson’s use of it to try to persuade the public that a proposed currency devaluation wouldn’t affect them. Nearly six decades later not so many Brits carry physical pounds in their pockets as electronic transfers have become more prevalent, but the currency remains. So much so that the governor of the Bank of England has had to reassure the world that the pound won’t be replaced by a proposed “Britcoin” cryptocurrency should that be introduced.

Normally matters of monetary policy aren’t within Hackaday’s remit, but since the UK is not the only country to mull over the idea of a tightly regulated cryptocurrency tied to their existing one, there’s a privacy angle to be considered while still steering clear of the fog of cryptocurrency enthusiasts. The problem is that reading the justification for the new digital pound from the Bank of England, it’s very difficult to see much it offers which isn’t already offered by existing cashless payment systems. Meanwhile it offers to them a blank regulatory sheet upon which they can write any new rules they want, and since that inevitably means some of those rules will affect digital privacy in a negative manner, it should be a worry to anyone whose government has considered the idea. Being at pains to tell us that we’ll still be able to see a picture of the King (or a dead President, or a set of bridges) on a bit of paper thus feels like an irrelevance as increasingly few of us handle banknotes much anyway these days. Perhaps that act in itself will now become more of an act of protest. And just when we’d persuaded our hackerspaces to go cashless, too.

Header: Wikitropia, CC BY-SA 3.0.

McDonalds Ice Cream Machines Gain A DMCA Exemption

October 26, 2024 by Jenny List 71 Comments

An unlikely theatre for an act in the right-to-repair saga came last year in the form of McDonalds restaurants, whose McFlurry ice cream machines are prone to breakdown. The manufacturer had locked them down, and a franchisee with a broken machine had no option but to call them for an expensive repair job. iFixit and Public Knowledge challenged this with a request for a DMCA exemption from the Copyright Office, and now news emerges that this has been granted.

The exemption in question isn’t specific to McDonalds, instead it applies to retail food preparation equipment in general, which includes ice-cream machines. We’re guessing that franchisees won’t be breaking out the screwdrivers either, instead it’s likely to lower significantly the cost of a service contract for them and any other food industry operators hit with the same problem. Meanwhile any hackers who’ve picked up an old machine can now fix it themselves without breaking the law, and maybe the chances of your local Mickey D’s having no McFlurries have gone down.

This story has featured more than once on these pages, so catch up here, and here.

DIY 3D Hand Controller Using A Webcam And Scripting

October 25, 2024 by Heidi Ulrich 3 Comments

Are you ready to elevate your interactive possibilities without breaking the bank? If so, explore [Caio Bassetti]’s tutorial on creating a full 3D hand controller using only a webcam, MediaPipe Hands, and Three.js. This hack lets you transform a 2D screen into a fully interactive 3D scene—all with your hand movements. If you’re passionate about low-cost, accessible tech, try this yourself – not much else is needed but a webcam and a browser!

The magic of the project lies in using MediaPipe Hands to track key points on your hand, such as the middle finger and wrist, to calculate depth and positioning. Using clever Three.js tricks, the elements can be controlled on a 3D axis. This setup creates a responsive virtual controller, interpreting hand gestures for intuitive movement in the 3D space. The hack also implements a closed-fist gesture to grab and drag objects and detects collisions to add interactivity. It’s a simple, practical build and it performs reliably in most browsers.

For more on this innovation or other exciting DIY hand-tracking projects, browse our archive on gesture control projects, or check out the full article on Codrops. With tools such as MediaPipe and Three.js, turning ideas into reality gets more accessible than ever.