We typically feature projects from people sharing what they’ve learned while building something for themselves. But our community has a healthy contingent who deploy their skills for the benefit of future generations, developing a child’s natural curiosity for play into interest in understanding the technical world they will grow up in. This field is where MIT’s release of Scratch 3.0 can open up interesting possibilities.
Scratch is a block-based programming language designed for elementary school children, letting them learn fundamental concepts while experimenting in an environment filled with visual and audible feedback. In an effort to make Scratch more widely available, version 2.0 in 2013 moved to the web. But it was built using interactive web technology of the time: Adobe Flash. As Flash has fallen out of favor and scheduled to be phased out in 2020, Scratch 3.0 used React to make the shift to HTML5.
The most immediate benefit is that Scratch can now be used on tablets, which all have modern browsers but very few of which have Flash. Another common educational hardware platform is the Raspberry Pi, which supported Scratch 2 via a convoluted software stack that was far from ideal. Now any hardware with a modern browser can run Scratch, no Flash binaries or custom wrappers are required. The Raspberry Pi foundation certainly seemed excited about this change.
But a more exciting and longer term benefit is Scratch extensions, a mechanism for Scratch programs to communicate with external hardware and online resources. This has evolved in parallel with Scratch 2.0 under the experimental ScratchX umbrella and version 3.0 brings it into core. The launch featured a few official extensions (for connecting to micro:bit, LEGO Mindstroms EV3, etc.) with the promise that custom third-party extensions will soon be possible. This will significantly streamline building a Scratch interface for kid-friendly programmable hardware. Something we’ve seen done for a drone, for exploring SDR, and even for a dollhouse. We’ll be keeping an eye out for the official release of Scratch 3.0 custom extension API, but anyone not afraid of working with fluid pre-release code are certainly welcome to dive in right now.
What do you do to someone you want to make suffer, slowly? Specifically, at around 70% speed. To [Stephen], the answer is clear, you hit them where it really hurts: YouTube.
Creatively named “Chrome Engine,” [Stephen]’s diabolical Chrome extension has one purpose: be annoying. Every day, it lowers playback rate by 1% on YouTube. It’s a linear progression: 100% the first day, 99% the second day, 98% the third day, etc. It only stops 30 days later, once it hits its target rate of 70% the original speed. This progression is designed to be slow enough not to be noticed. Its icon is nothing more than the standard Chrome icon as [Stephen] firmly believes in the tactic of hiding in plain sight.
But that’s not all, it’s the minute details that drive the ball home. For instance, rather than using local storage to keep track of playback speed, the Chrome sync storage is used. This ensures that, as long as the extension is installed, playback rate will be synchronized between all of your friend’s(if you can even call them that) devices. It even targets casual YouTube users: [Stephen] has specifically designed their extension so that it won’t drop playback by more than 1% at a time. If the victim goes on vacation, the playback speed won’t drop when they’re away and will resume as soon as they’re back.
The last feature, the one [Stephen] is the proudest of, is that the extension manages to keep the YouTube speed controls working as intended. If the victim tries to play at half speed, their videos will be at half speed … of the slower playback rate set by the extension. And it gets even better! You may not know this if you don’t dally around with playback rates, but the audio tends to stop playing when videos are reduced below 50% of their original speed. Fear not! [Stephen] has accounted for this idiosyncrasy! If the victim selects a speed at or above 0.5x, a minimum cap is added so that the actual playback rate will be equal to or above 0.5x. If they select slower than this, they don’t expect sound anyway, so all bets are off.
Check it out here, may your friends (frenemies?) beware. We’re adding it to our April Fools arsenal, even if it is a bit early.
Remember those times we all said that we wouldn’t mind it if the iPod was three times as thick but could store a lot more songs and the battery lasted forever? Well, the I-Sore will let us truly consider our stance on the subject.
The iSore would have definitely made some of us the coolest kids on the yard in Jr. High (or at the engineering office) in the 00’s. At first glance we assumed it would be one of those fancy single board computers packaged with a big hard drive masquerading as an iPod. We were surprised to discover that [jimbone] was performing a classic iPod hack.
The ipod’s back is pried off and discarded. A ZIF to SATA adapter connects it to a significantly larger hard drive. The basic battery is replaced with an 8Ah pack. The USB ports are broken out. For the case there are a few options. There’s a 3D printed case, a wooden case, and even one that looks like a Lovecraftian horror.
[jimbone] claims 100 hours of playtime on a single charge. He hasn’t claimed bulking up a bit from carrying it around, but we can make our guesses.
If you use Inkscape to lay out your laser cutter designs you might want to look into this box maker extension. Inscape is [Elliot’s] drawing software of choice since it’s easy to use, and it’s open source. After having to lay out the tabs for a box he decided it was worth his effort to develop a tool to do this automatically. The extension works inside of Inkscape, letting you start your projects with a set of automatically generated box sides.
The input window for the extension leaves you plenty of options for the joint design. In addition to the size of the box (inside or outside measurements can be selected), you need to enter the thickness of the material, the kerf size (how wide the cut will be), and how much clearance you want between the teeth. The width of the teeth is also configurable.
Our feature of a laser cut replacement case is what prompted [Elliot] to tip us off about his extension. That project used a web-based parts generator to do the joint design.
Often, software hackers are the activists that push software giants towards updating vulnerable applications. In todays example, [Eric Butler] is pushing Facebook, Twitter, Flickr, and more all at the same time. By creating a user script-kiddie friendly extension for Firefox, he has allowed just about anyone to sniff unsecured connections on public Wi-Fi access points and log into these unprotected accounts.
Right now the extension is available for Windows and Mac, with a Linux port coming soon. Temporarily, the best way for a user to avoid getting taken advantage of would be to not use these social networking sites on a public connection, or to implement a secure proxy for these connections that would keep your data safe. Hopefully these websites will have a quick rebuttal that allows for security without workarounds. With all of the bad press they are recieving, they certainly have incentive to.
Are there any software or security buffs out there? We would love to see someone port this to an iPhone or Android app that could check and log open Wi-Fi points. We’ll leave the foot work to the experts out there, but do be sure to give us a heads up if anyone manages to make it happen, okay?
One of the best tools we saw at LayerOne was the Exploit-Me series presented by [Dan Sinclair]. Security Compass created these tools to help developers easily identify cross site scripting (XSS) and SQL injection vulnerabilities.
Continue reading “Exploit-Me Firefox XSS and SQL scanning addon”