The Internet Archive Has Been Hacked

There are a great many organizations out there, all with their own intentions—some selfish, some selfless, some that land somewhere in between. Most would put the Internet Archive in the category of the library—with its aim of preserving and providing knowledge for the aid of all who might call on it. Sadly, as [theresnotime] reports, it appears this grand institution has been hacked.

On Wednesday, users visiting the Internet Archive were greeted with a foreboding popup that stated the following:

Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!

The quote appears to refer to Have I Been Pwned (HIBP), a site that collates details of security breaches so individuals can check if their details have been compromised.

According to founder Brewster Kahle, the site was apparently DDOS’d, with the site defaced via a JavaScript library. It’s believed this may have been a polyfill supply chain attack. As for the meat of the hack, it appears the individuals involved made off with usernames, emails, and encrypted and salted passwords. Meanwhile, as Wired reports, it appears Have I Been Pwned first received the stolen data of 31 million users on September 30.

At the time of writing, it appears the Internet Archive has restored the website to some degree of normal operation. It’s sad to see one of the Internet’s most useful and humble institutions fall victim to a hack like this one. As is always the way, no connected machine is ever truly safe, no matter how much we might hope that’s not the case.

[Thanks to Sammy for the tip!]

Llama.ttf Is AI, In A Font

It’s a great joke, and like all great jokes it makes you think. [Søren Fuglede Jørgensen] managed to cram a 15 M parameter large language model into a completely valid TrueType font: llama.ttf. Being an LLM-in-a-font means that it’ll do its magic across applications – in your photo editor as well as in your text editor.

What magic, we hear you ask? Say you have some text, written in some non-AI-enabled font. Highlight that, and swap over to llama.ttf. The first thing it does is to change all “o” characters to “ø”s, just like [Søren]’s parents did with his name. But the real magic comes when you type a length of exclamation points. In any normal font, they’re just exclamation points, but llama.ttf replaces them with the output of the TinyStories LLM, run locally in the font. Switching back to another font reveals them to be exclamation points after all. Bønkers!

This is all made possible by the HarfBuzz font extensions library. In the name of making custom ligatures and other text shaping possible, HarfBuzz allows fonts to contain Web Assembly code and runs it in a virtual machine at rendering time. This gives font designers the flexibility to render various Unicode combinations as unique glyphs, which is useful for languages like Persian. But it can just as well turn all “o”s into “ø”s or run all exclamation points through an LLM.

Something screams mischief about running arbitrary WASM while you type, but we remind you that since PostScript, font rendering engines have been able to run code in order to help with the formatting problem. This ability was inherited by PDF, and has kept malicious PDFs in the top-10 infiltration vectors for the last fifteen years. [Citation needed.] So if you can model a CPU in PDF, why not an LLM in TTF? Or a Pokemon clone in an OpenType font?

We don’t think [Søren] was making a security point here, we think he was just having fun. You can see how much fun in his video demo embedded below.

Continue reading “Llama.ttf Is AI, In A Font”

Displays We Like Hacking: HDMI

I don’t like HDMI. Despite it being a pretty popular interface, I find crucial parts of it to be alien to what hackers stand for. The way I see it, it manages to be proprietary while bringing a lot of the old cruft in. It doesn’t have a native alternative like DisplayPort, so portable implementations tend to suffer power-wise; the connector situation is interesting, and the HDMI Foundation has been doing some weird stuff; in particular, they are pretty hostile to open-source technology.

This article is not the place for such feelings, however, especially since I’ve expressed them enough in the DisplayPort article. We the hackers deserve to be able to handle the interfaces we stumble upon, and I firmly believe in that way more than in my right to animosity towards HDMI.

The HDMI interface is seriously prominent wherever you look, in part because it’s the interface created by the multimedia-involved companies for the multimedia-involved companies. Over the years we’ve had it, it’s been more than sufficient for basically everything we do video-wise, save for the highest resolutions.

It’s also reasonably simple to wire up, hack on, and even bitbang. Let’s go through what makes it tick.

The Core

HDMI is, at its core, three differential pairs for data, plus one pair to clock them and in the darkness bind them. It’s a digital interface, though it is a fun one. This makes it way more suitable for higher-distance video transmissions than interfaces like VGA, and as long as you stick to relatively low resolutions, HDMI won’t have as many asks in terms of PCB layout as DisplayPort might, thanks to HDMI link speeds scaling proportionally with the display resolution.

Continue reading “Displays We Like Hacking: HDMI”

apple airtag being opened to remove the sounder

Apple AirTag: Antitheft Or Antistalking?

Occasionally, the extra features added to a product can negate some of the reasons you wanted to buy the thing in the first place. Take, for example, Apple’s AirTag — billed as an affordable way to link your physical stuff to your phone. If some light-fingered ne’er-do-well wanders by and half-inches your gear, you get notified. The thing is, the AirTag also has an anti-stalking measure, which after a while, notifies nearby iPhones, should the tag move but not be near your iPhone!

In a recent video, [David Manning] explains that this feature is great for preventing the device from being used to track people. But it also means that if said thief happens to own an iPhone, they will be notified of the nearby tag, and can find it and disable it. So in the end, it’s a bit less useful as an anti-theft measure!

The solution is to pop the back off the tag and yank out the little sounder module from the rear plastic. You lose the ability to locate the tag audibly, but you gain a little more chance of returning your stolen goods. Apple could easily remove this feature with a firmware update, but it’s a matter of picking your poison: antistalking or antitheft?

Continue reading “Apple AirTag: Antitheft Or Antistalking?”

Hackaday Prize 2022: Saving The World, One Brew At A Time

OK, so maybe [satanistik] is overreaching with his project title “Save the Coffee, Save the World” but keeping an otherwise working coffee machine out of the landfill by hacking around its broken display is nonetheless a worthy pursuit. The juice must flow!

The busted display used a SSD1303 controller OLED module, for which the SSD1305Z is an almost-compatible module. Almost. The one glitch is that the screen is filled in the opposite direction by default. Digging through the manuals, there is a screen-direction bit to set, and tracing out the communication with a logic analyzer, it’s set the wrong way with every screen refresh. If only he could flip that one bit while it’s in transit. Time to man-in-the-middle!

While we certainly would have put a microcontroller in the game, [satanistik] goes old-school. A two-IC logic solution can do exactly the same thing, trading wires for code. The final iteration of the converter board is correspondingly spartan, but it does its one job.

So if you’ve got a Nivona coffee machine with a bum display, or perhaps an Agilent U1273A multimeter, or any other piece of equipment that needs a hard-to-find SSD1303 controller, now you have a ready-made solution. But if not, and you find yourself looking for a display that you can’t find, let this serve as an example to you – with a little (fun) effort, you can hack it back.

Hard(er) Drives: Impractical, Slow, Amazing, And Incredible

Computer memory is a problem that has been solved for many years. But early on, it was more than just a small problem. We’ve many of the different kinds at Hackaday over the years, and we’ll link to some of them later on. But one of the original types of memory was called Delay Line memory, which worked by waiting for a signal to propagate slow enough through a device that it was essentially stored in the device. This was highly inefficient, but still a neat concept- one that [Tom7] has taken to entirely new levels of amazing and impractical as seen in the video below the break.

Such factors as “harm to society” are artfully considered

Starting with a demonstration of orbiting chainsaws, he then moves on to explaining how radio propagation waves could be used to temporarily store data while it’s in transit. He missed the opportunity to call it cloud storage, but we’ll forgive him. Extrapolating that further, he decided to use the Entire Internet to store data without its permission, utilizing large ICMP packets and even making it available as block storage in Linux.

Not content to use the entire Internet to store a few kb of data, he moved on to several thousand virtualized NES game systems which are all playing “an inventory management survival horror game” commonly known as Tetris. [Tom7] deconstructs Tetris, analyzing its Random Number Generator, gaming the system to store data in virtual NES consoles by the thousands. What data did he store? The source code to Tetris for the NES. And what did he do with it? Well, he mounted it and ran the program, of course!

The last Harder Drive we’ll leave for those who want to watch the video, because it’s a bit on the “ewww gross!” side of things but is also a bit less successful due to some magic smoke being released.

If none of these things we’ve mentioned were enough, then watch the video for an excellent breakdown of the cost, efficiency, and even the harm to society. For fun, he also tosses blockchain into the mix to see how it fares against the Harder Drives. There’s also at least one easter egg in the video, and the whimsical discussion of engineering is both entertaining and inspiring. How would you implement a Harder Drive?

[Tom7] also gives you the opportunity to follow along with the fun and mayhem by making much of the code available for your perusal. For more fun reading, check out this walk down computer memory lane that we covered last year, as well as a look into Acoustic Delay Line memory.

Continue reading “Hard(er) Drives: Impractical, Slow, Amazing, And Incredible”

Modular Laptop Maker Provides Mainboard Documentation For Non-Laptop Projects

If you’ve been following the latest advancements in computing for a while, you already know that there’s a big problem with laptops: When they’re no longer useful as a daily driver, it can be a struggle to find a good use for all its parts. Everything is proprietary, and serious amounts of reverse engineering are required if you decide to forge ahead. This is where Framework, a laptop company building modular laptops comes in. They’ve made it clear that when you upgrade your Framework laptop with a new mainboard they want you to be able to continue to use the old mainboard outside of the laptop.

When it's done powering your laptop, use it for a cyberdeck?
When it’s done powering your laptop, use it for a cyberdeck?

To that end, Framework have provided 2D mechanical drawings of their mainboard and 3D printable cases that can of course be modified as needed. “But what about peripherals?” you might ask. Framework has provided pinouts for all of the connectors on the board along with information on which connectors to use to interface with them. No reverse engineering needed!

While it’s possible to buy a mainboard now and use it, their stated goal is to help people make use of used mainboards leftover from upgrades down the line. With just a stick of memory and a USB-C power adapter, the board will spring to life and even has i2c and USB immediately available.

What would you do with a powerful Intel i5-1135G7 mainboard? Framework wants to know, and to that end, they are actually giving away 100 mainboards to makers and developers. Mind you this is a program created and ran by Framework — and is not associated in any way Hackaday or our overlords at Supplyframe.

If you’ve read this far and still don’t know what the Framework laptop is, go check out this introduction by our own [Jenny List].