News

3609 Articles

Texas’ Right To Repair Bill Is A Signature Away From Becoming Law

June 9, 2025 by 20 Comments

In what could be a big step forward for consumer rights, the Texas Senate recently unanimously voted to pass HB 2963, which references the “Diagnosis, maintenance, and repair of certain digital electronic equipment”. If signed by the governor, this would make Texas the ninth US state to enact such a law, and the seventh pertaining to consumer electronics. Interestingly, this bill saw anti-parts pairing language added, which is something that got stripped from the Oregon bill.

Much like other Right to Repair bills, HB 2963 would require manufacturers to make spare parts, documentation and repair tools available to both consumers and independent repair shops. If signed, the act would take effect in September of 2026. Included in the bill are provisions to prevent overcharging for the provided parts and documentation.

As for how useful this is going to be for consumers, [Louis Rossmann] had a read of the bill and gave his  typically eloquent thoughts. The tl;dw is that while there is a lot of stuff to like, this bill leaves open potentially massive loopholes (e.g. assemblies vs parts), while also carving out massive exemptions, which leaves owners of game consoles, boats, cars, tractors, home appliances, etc. stranded with no new options.

Continue reading “Texas’ Right To Repair Bill Is A Signature Away From Becoming Law”

Let’s Buy Commodore! Well, Somebody Is.

June 7, 2025 by 63 Comments

When a man wearing an Atari T-shirt tells you he’s buying Commodore it sounds like the plot for an improbable 1980s movie in which Nolan Bushnell and Jack Tramiel do battle before a neon synthwave sunset to a pulsating chiptune soundtrack. But here on the screen there’s that guy doing just that, It’s [Retro Recipes], and in the video below he’s assembling a licensing deal for the Commodore brand portfolio from the distant descendant of the Commodore of old.

It’s a fascinating story and we commend him for tracing a path through the mess that unfolded for Commodore in the 1990s. We tried the same research path with a friend a few years ago and ended up with an anonymous Dutch paper company that wouldn’t answer our calls, so we’re impressed. In conjunction with several other players in the Commodore retrocomputing world he’s trying to assemble a favourable percentage deal for manufacturers of new parts, computers, and other goodies, and we’re pleased to see that it’s for the smaller player as much as for the industry giant.

When looking at a story like this though, it’s important not to let your view become clouded by those rose tinted glasses. While it’s great that we’re likely to see a bunch of new Commodore-branded Commodore 64s and parts, there are many pitfalls in taking it beyond that. We’ve seen the Commodore logo on too many regrettable licensed products in the past, and we fear it might be too tempting for it to end up on yet another disappointing all-in-one video game or just another budget PC. If something new comes out under the Commodore brand we’d like it to be really special, exploiting new ground in the way the Amiga did back in the day. We can hope, because the alternative has dragged other famous brands through the mud in recent years.

If you want an insight into the roots of the original Commodore’s demise, have a read of our Hackaday colleague [Bil Herd]’s autobiography.

Continue reading “Let’s Buy Commodore! Well, Somebody Is.”

This Week In Security: Roundcube, Unified Threat Naming, And AI Chat Logs

June 6, 2025 by 4 Comments

Up first, if you’re running a Roundcube install prior to 1.5.10 or 1.6.11, it’s time to update. We have an authenticated Remote Code Execution (RCE) in the Roundcube Webmail client. And while that’s not quite the level of chaos that an unauthenticated RCE would cause, it’s still to be taken seriously. Mainly because for the majority of the 53 million Roundcube installs out there, the users aren’t entirely trusted.

The magic at play in this vulnerability is the Roundcube user session code, and specifically the session deserialization scheme. There’s a weird code snippet in the unserialize function:
if ($str[$p] == '!') {
$p++;
$has_value = false;

The exclamation mark makes the code skip a character, and then assume that what comes next has no value. But if it does actually have a value, well then you’ve got a slightly corrupted deserialization, resulting in a slightly corrupted session. This really comes into force when combined with the file upload function, as the uploaded filename serves as a payload delivery mechanism. Use the errant exclamation mark handling to throw off deserialization, and the filename can contain arbitrary session key/value pairs. A GPG class from the PEAR library allows running an arbitrary command, and this can be hijacked with the session manipulation. Continue reading “This Week In Security: Roundcube, Unified Threat Naming, And AI Chat Logs”

Depositing Metal On Glass With Fiber Laser

June 2, 2025 by 17 Comments

Fiber lasers aren’t nearly as common as their diode and CO2 cousins, but if you’re lucky enough to have one in your garage or local makerspace, this technique for depositing thin films of metals in [Breaking Taps] video, embedded below, might be worth checking out. 

It’s a very simple hack: a metal shim or foil is sandwiched between two pieces of glass, and the laser is focused on the metal. Etching the foil blasts off enough metal to deposit a thin film of it onto the glass.  From electron microscopy, [Breaking Taps] reveals that what’s happening is that microscopic molten metal droplets are splashing up to the ̶m̶e̶t̶a̶l̶  glass, rather than this being any kind of plasma process like sputtering. He found this technique worked best with silver of all the materials tested, and there were a few. While copper worked, it was not terribly conductive — he suggests electroplating a thicker layer onto the (probably rather oxidized) copper before trying to solder, but demonstrates soldering to it regardless, which seems to work. 

This might be a neat way to make artistic glass-substrate PCBs. More testing will be needed to see if this would be worth the effort over just gluing copper foil to glass, as has been done before. [Breaking Taps] suspects, and we agree, that his process would work better under an inert atmosphere, and we’d like to see it tried.

One thing to note is that, regardless of atmosphere, alloys are a bit iffy with this technique, as the ‘blast little drops off’ process can cause them to demix on the glass surface. He also reasons that ‘printing’ a large area of metal onto the glass, and then etching it off would be a more reliable technique than trying to deposit complex patterns directly to the glass in one go. Either way, though, it’s worth a try if you have a fiber laser. 

Don’t have a fiber laser? Maybe you could build one. 

Continue reading “Depositing Metal On Glass With Fiber Laser”

Rusty bathtub outdoors on equally rusty car springs

Hot Rod Backyard Bath On Steel Spring Legs

May 31, 2025 by 16 Comments

In a fusion of scrapyard elegance and Aussie ingenuity, [Mark Makies] has given a piece of old steel a steamy second life with his ‘CastAway Tub’. Call it a bush mechanic’s fever dream turned functional sculpture, starring two vintage LandCruiser leaf springs, and a rust-hugged cast iron tub dug up after 20 years in hiding. And put your welding goggles on, because this one is equal parts brute force and artisan flair.

What makes this hack so bold is, first of all, the reuse of unforgiving spring steel. Leaf springs, notoriously temperamental to weld, are tamed here with oxy-LPG preheating, avoiding thermal shock like a pro. The tub sits proudly atop a custom-welded frame shaped from dismantled spring packs, with each leaf ground, clamped, torched, and welded into a steampunk sled base. The whole thing looks like it might outrun a dune buggy – and possibly bathe you while it’s at it. It’s a masterclass in metalwork with zero CAD, all intuition, and a grinder that’s seen things.

Inspired? For those with a secret love for hot water and hot steel, this build is a blueprint for turning bush junk into backyard art. Read up on the full build at Instructables.

This Week In Security: CIA Star Wars, Git* Prompt Injection And More

May 30, 2025 by 3 Comments

The CIA ran a series of web sites in the 2000s. Most of them were about news, finance, and other relatively boring topics, and they spanned 29 languages. And they all had a bit of a hidden feature: Those normal-looking websites had a secret login and hosted CIA cover communications with assets in foreign countries. A password typed in to a search field on each site would trigger a Java Applet or Flash application, allowing the spy to report back. This isn’t exactly breaking news, but what’s captured the Internet’s imagination this week is the report by [Ciro Santilli] about how to find those sites, and the fact that a Star Wars fansite was part of the network.

This particular CIA tool was intended for short-term use, and was apparently so effective, it was dragged way beyond it’s intended lifespan, right up to the point it was discovered and started getting people killed. And in retrospect, the tradecraft is abysmal. The sites were hosted on a small handful of IP blocks, with the individual domains hosted on sequential IP addresses. Once one foreign intelligence agency discovered one of these sites, the rest were fairly easily identified.
Continue reading “This Week In Security: CIA Star Wars, Git* Prompt Injection And More”

Washington Consumers Gain Right To Repair For Cellphones And More

May 28, 2025 by 30 Comments

Starting January 1st, 2026, Washington state’s new Right to Repair law will come into effect. It requires manufacturers to make tools, parts and documentation available for diagnostics and repair of ‘digital electronics’, including cellphones, computers and similar appliances. The relevant House Bill 1483 was signed into law last week after years of fighting to make it a reality.

A similar bill in Oregon faced strong resistance from companies like Apple, despite backing another Right to Repair bill in California. In the case of the Washington bill, there were positive noises from the side of Google and Microsoft, proclaiming themselves and their products to be in full compliance with such consumer laws.

Of course, the devil is always in the details, with Apple in particular being a good example how to technically comply with the letter of the law, while throwing up many (financial) roadblocks for anyone interested in obtaining said tools and components. Apple’s penchant part pairing is also a significant problem when it comes to repairing devices, even if these days it’s somewhat less annoying than it used to be — assuming you’re running iOS 18 or better.

That said, we always applaud these shifts in the right direction, where devices can actually be maintained and repaired without too much fuss, rather than e.g. cellphones being just disposable items that get tossed out after two years or less.

Thanks to [Robert Piston] for the tip.