Git Your PCBs Online

Last time, I’ve shown you how to create a local Git repository around your PCB project. That alone provides you with local backups, helping you never lose the changes you make to your files, and always be able to review the history of your project as it developed.

However, an even more significant part of Git’s usefulness is the ability to upload our creations to one of the various online Git repository hosting services, and keep it up to date at all times with a single shell command. I’d like to show you how to upload your project to GitHub and GitLab, in particular!

Continue reading “Git Your PCBs Online”

This Week In Security: Follina, Open Redirect RCE, And Annoyware

Depending on who you ask, there’s either 2 vulnerabilities at play in Follina, only one, or according to Microsoft a week ago, no security problem whatsoever. On the 27th of last month, a .docx file was uploaded to VirusTotal, and most of the tools there thought it was perfectly normal. That didn’t seem right to [@nao_sec], who raised the alarm on Twitter. It seems this suspicious file originated somewhere in Belarus, and it uses a series of tricks to run a malicious PowerShell script.
Continue reading “This Week In Security: Follina, Open Redirect RCE, And Annoyware”

Arduino And Git: Two Views

You can’t do much development without running into Git, the version control management system. Part of that is because so much code lives on GitHub which uses Git, although you don’t need to know anything about that if all you want to do is download code. [Dr. Torq] has a good primer on using Git with the Arduino IDE, if you need to get your toes wet.

You might think if you develop by yourself you don’t need something like Git. However, using a version control system is a great convenience, especially if you use it correctly. There’s a bug out in the field? What version of the firmware? You can immediately get a copy of the source code at that point in time using Git. A feature is broken? It is very easy to see exactly what changed. So even if you don’t work in a team, there are advantages to having source code under control.

Continue reading “Arduino And Git: Two Views”

Get GitHub Tickets IRL With A Raspberry Pi And A Receipt Printer

Thermal receipt printers are finding their way into all sorts of projects that are well beyond the point-of-sale environment that they normally inhabit. And while we applaud all the creative and artistic uses hackers have found for these little gems, this GitHub physical ticket printer has to be the best use for one yet.

According to [Andrew Schmelyun], seeing a fast-food order pop up on a thermal printer was the inspiration for this build. Maintaining over one hundred GitHub repos as he does, it’s easy for the details of any one bug report or feature request to get lost in the swarm of sticky notes that [Andrew] previously used to keep track of his work. To make it happen, he teamed an Epson thermal printer up to a Raspberry Pi Zero W and worked out the details of sending data to the printer using PHP. Luckily, there’s a library for that — the beauty of GitHub.

With the “Hello, World!” bit out of the way, [Andrew] turned his attention to connecting to GitHub. He set up some webhooks on the GitHub side to send a POST request every time an issue is reported on one of his repos. The POSTs are sent via ngrok to a PHP web server running on the Pi, which formats the data and sends the text to the printer. There’s a short video in the tweet below.

Between the sound of the printer working and the actual dead-tree ticket, it’ll be hard for [Andrew] to miss issues now. We’ve seen thermal printers stuffed into cameras, used to send pictures to Grannie, and even watched them commit suicide slowly, but we say hats off to [Andrew] for his solid work ethic and a fun new way to put a receipt printer to use.

Continue reading “Get GitHub Tickets IRL With A Raspberry Pi And A Receipt Printer”

screenshow showing the supposed AllSpice interface. It resembles the GitHub interface, and shows a pull request open to add some ESD protection to a device.

AllSpice Building A Hardware Development Ecosystem For Companies

In our “hardware development gets serious” news, we’ve recently learned about AllSpice, a startup building hardware development collaboration infrastructure for companies. Hardware developers are great at building hardware tools for themselves, but perhaps not always so when it comes to software, and AllSpice aims to fill that gap at the “hardware company” level. Nowadays, what commonly happens is that software development tools and integrations are repurposed for hardware needs, and the results aren’t always as stellar as they get in the software world. In other words, AllSpice is learning from the positive outcomes of software industry and building a platform that takes the best parts from these tools, aiming to get to similarly positive outcomes in areas where currently hardware team experiences are lacking.

What AllSpice is building seems to be an umbrella platform designed to augment, integrate and hook into a slew of different already-developed platforms like GitHub, GitLab, Jira (and some other ones), and add much-needed features that large-scale hardware developers can’t afford to maintain and develop themselves. “Design review by screenshot” isn’t unheard of in hardware circles, and likely a thing that everyone of us with hardware collaboration experience has partaken in. On a company scale, there’s a myriad of hardware-related problems like that to solve and polish over.

Continue reading “AllSpice Building A Hardware Development Ecosystem For Companies”

iPodRPi by production

IPod Mod Puts Pi Zero In New Bod

We sure love to see nicely designed products get a new lease on life. Just as the new Raspberry Pi Zero 2 was being announced, [production] was stuffing an original RPi Zero into an old iPod’s case.

[production] cites several previous, similar projects that showed how to interface with the click-wheel, a perfectly fitting color display from Waveshare, and open-source software called Rockbox to run on the pi. We all stand on the shoulders of giants.

iPodRPi by production interior wiring

Some nice innovations to look for are the Pi Zero’s micro-SD card and a micro-USB charging port aligned to the large slot left from the iPod’s original 40 pin connector. Having access for charging and reflashing the card without opening the case seems quite handy. There’s a nice sized battery too, though we wonder if a smaller battery and a Qi charger could fit in the same space. Check the project’s Hackaday.io for the parts list, and GitHub for the software side of things, and all the reference links you’ll need to build your own. It looks like [production] has plans to turn old iPods into Gameboy clones, you may want to check back for progress on that.

If you just want to rock like it’s 2004, there are options to just upgrade the battery and capacity but keep your vintage iPod too.

Continue reading “IPod Mod Puts Pi Zero In New Bod”

ua-parser-js compromised

Supply Chain Attack: NPM Library Used By Facebook And Others Was Compromised

Here at Hackaday we love the good kinds of hacks, but now and then we need to bring up a less good kind. Today it was learned that the NPM package ua-parser-js was compromised, and any software using it as a library may have become victim of a supply chain attack. What is ua-parser-js and why does any of this matter?

In the early days of computing, programmers would write every bit of code they used themselves. Larger teams would work together to develop larger code bases, but it was all done in-house. These days software developers don’t write every piece of code. Instead they use libraries of code supplied by others.

For better or worse, repositories of code are now available to do even the smallest of functions so that a developer doesn’t have to write the function from scratch. One such registry is npm (Node Package Manager), who organize a collection of contributed libraries written in JavaScript. One only need to use npm to include a library in their code, and all of the functions of that code are available to the developer. One such example is ua-parser-js which is a User Agent Parser written in JavaScript. This library makes it easy for developers to find out the type of device and software being used to access a web page.

On October 22 2021, the developer of ua-parser-js found that attackers had uploaded a version of his software that contained malware for both Linux and Windows computers. The malicious versions were found to steal data (including passwords and Chrome cookies, perhaps much more) from computers or run a crypto-currency miner. This prompted GitHub to issue a Critical Severity Security Advisory.

What makes this compromise so dangerous is that ua-parser-js is considered to be part of a supply chain, and has been adopted even by Facebook for use in some of its customer facing software. The developer of ua-parser-js has already secured his GitHub account and uploaded new versions of the package that are clean. If you have any software that uses this library, make sure you’ve got the latest version!

Of course this is by no means a unique occurrence. Last month Maya Posch dug into growing issues that come from some flaws of trust in package management systems. The art for that article is a house of cards, an apt metaphor for a system that is only as stable as the security of each and every package being built upon.