javascript

134 Articles

Mastodon Comes To The IBM PC

November 15, 2022 by 49 Comments

Elon Musk has bought Twitter for an eye-watering sum, and his live adventures in chaotic mismanagement of a social media company have become a compelling performance for the rest of us. As we munch on our tasty popcorn and enjoy the show, many Twitter users have jumped ship for the open-source alternative Mastodon. It offers much to the escapee including instances tailored to particular communities, but aside from all that it’s got something Twitter never had. You can now use a Mastodon client on an IBM PC.

Many of you are no doubt looking askance at us, as you have been Tooting for years from behind the keyboard of a PC. But it’s likely that the PC you’re using is a generic modern x86 machine running an up-to-date operating system such as a GNU/Linux flavour or Microsoft Windows, by contrast here we’re referring to the original, the daddy of them all. Because the client we’re talking about is DOStodon, designed to run on a real IBM PC as though it’s the early 1980s again.

Stunt hacks aside, whether or not you fire up DOStodon on a 16-bit machine to get your Fediverse fix, it’s an interesting piece of software because it’s written in Javascript. Which in turn brings us to DOjS from the same author, a DOS Javascript canvas with sound. Not everyone will be raring to run their Javascript code on an early 1980s PC, but its existence proves that there’s plenty of life in the old platform yet.

Need more Mastodon on unexpected platforms? How about the ESP32?

Header image: Ruben de Rijcke, CC BY-SA 3.0, and Jin Nguyen, AGPL .

Using Google Calendar For Machines To Keep Track Of Human Days

October 25, 2022 by 10 Comments

Daily triggers for automation are simple in theory, unless it needs to keep track of the calendar that humans actually live by. Seasonal changes, shifting public holidays, or just being on vacation are all exceptions you may need to account for. [Jeremy Rode] likes using Google Calendar to stay on top of events, so he created CalendarScraper, a simple script to make his machines use it too.

Jeremy needed a timer for his spa heater that would reduce costs by only switching it on when his local time-of-use-based electricity rates were favorable. The rates varied based on the time of day, day of the week, and even seasons and public holidays. Instead of trying to set up everything manually in a cron job, he created a short and easy-to-modify JavaScript script to keep track of events on a Google Calendar.

We’ve seen some other projects that pull data from Google Calendar, including a recycling day reminder, and even a physical desktop calendar.

This Week In Security: 11,000 Gas Stations, TrustZone Hacks Kernel, And Unexpected Fuzzing Finds

September 16, 2022 by 6 Comments

Automated Tank Gauges (ATGs) are nifty bits of tech, sitting unseen in just about every gas station. They keep track of fuel levels, temperature, and other bits of information, and sometimes get tied into the automated systems at the station. The problem, is that a bunch of these devices are listening to port 10001 on the Internet, and some of them appear to be misconfigured. How many? Let’s start with the easier question, how many IPs have port 10001 open? Masscan is one of the best tools for this, and [RoseSecurity] found over 85,000 listening devices. An open port is just the start. How many of those respond to connections with the string In-Tank Inventory Reports? Shodan reports 11,113 IPs as of August of this year. [RoseSecurity] wrote a simple Python script that checked each of those listening IPs came up with a matching number of devices. The scary bit is that this check was done by sending a Get In-Tank Inventory Report command, and checking for a good response. It seems like that’s 11K systems, connected to the internet, with no authentication. What could possibly go wrong? Continue reading “This Week In Security: 11,000 Gas Stations, TrustZone Hacks Kernel, And Unexpected Fuzzing Finds”

A New Javascript Runtime Fresh Out Of The Oven

July 8, 2022 by 15 Comments

A sizable portion of the Hackaday audience groans and runs their eyes when some new-fangled Javascript thing comes out. So what makes Bun different? Bun is a runtime (like Node or Deno)t that offers a performant all-in-one approach. Much to the Spice Girl’s delight, it is written in Zig. It offers bundling, transpiling, module resolution, and a fantastic foreign-function interface.

Node.js and Deno run on the V8 Javascript engine and provide the Node-API to access different features, such as filesystems, that don’t apply to web browsers. However, vast amounts of tooling have built up around Node.js and NPM (node package manager). Many Javascript projects have a bundling and transpiling step that takes the source and packages it together in a more standard format. Typescript needs to be packaged into javascript, and modules need to be resolved. Continue reading “A New Javascript Runtime Fresh Out Of The Oven”

Javascript Is Everywhere. Even MSDOS

April 15, 2022 by 35 Comments

Although pundits have joked that Java’s “write once, run everywhere” slogan might be better expressed as “write once, debug everywhere,” a relative of Java — JavaScript — has delivered on both promises better than its namesake. Thanks to its proliferation in browsers, JavaScript is a veritable lingua franca of computer languages which has led to entire applications being written in it using tools like Node.js and Electron, and not just browsers. But what if you are still using MSDOS or Windows 98? We know some of you do, at least on retro machines. Don’t feel left out, the DOjS project has jSH, a JavaScript engine for DOS and related operating systems.

Continue reading “Javascript Is Everywhere. Even MSDOS”

3D ASCII art

Online Tool Turns STLs Into 3D ASCII Art

January 22, 2022 by 8 Comments

If you look hard enough, most of the projects we feature on these pages have some practical value. They may seem frivolous, but there’s usually something that compelled the hacker to commit time and effort to its doing. That doesn’t mean we don’t get our share of just-for-funsies projects, of course, which certainly describes this online 3D ASCII art generator.

But wait — maybe that’s not quite right. After all, [Andrew Sink] put a lot of time into the code for this, and for its predecessor, his automatic 3D low-poly generator. That project led to the current work, which like before takes an STL model as input, this time turning it into an ASCII art render. The character set used for shading the model is customizable; with the default set, the shading is surprisingly good, though. You can also swap to a black-on-white theme if you like, navigate around the model with the mouse, and even export the ASCII art as either a PNG or as a raw text file, no doubt suitable to send to your tractor-feed printer.

[Andrew]’s code, which is all up on GitHub, makes liberal use of the three.js library, so maybe stretching his 3D JavaScript skills is really the hidden practical aspect of this one. Not that it needs one — we think it’s cool just for the gee-whiz factor.

Continue reading “Online Tool Turns STLs Into 3D ASCII Art”

ua-parser-js compromised

Supply Chain Attack: NPM Library Used By Facebook And Others Was Compromised

October 22, 2021 by 26 Comments

Here at Hackaday we love the good kinds of hacks, but now and then we need to bring up a less good kind. Today it was learned that the NPM package ua-parser-js was compromised, and any software using it as a library may have become victim of a supply chain attack. What is ua-parser-js and why does any of this matter?

In the early days of computing, programmers would write every bit of code they used themselves. Larger teams would work together to develop larger code bases, but it was all done in-house. These days software developers don’t write every piece of code. Instead they use libraries of code supplied by others.

For better or worse, repositories of code are now available to do even the smallest of functions so that a developer doesn’t have to write the function from scratch. One such registry is npm (Node Package Manager), who organize a collection of contributed libraries written in JavaScript. One only need to use npm to include a library in their code, and all of the functions of that code are available to the developer. One such example is ua-parser-js which is a User Agent Parser written in JavaScript. This library makes it easy for developers to find out the type of device and software being used to access a web page.

On October 22 2021, the developer of ua-parser-js found that attackers had uploaded a version of his software that contained malware for both Linux and Windows computers. The malicious versions were found to steal data (including passwords and Chrome cookies, perhaps much more) from computers or run a crypto-currency miner. This prompted GitHub to issue a Critical Severity Security Advisory.

What makes this compromise so dangerous is that ua-parser-js is considered to be part of a supply chain, and has been adopted even by Facebook for use in some of its customer facing software. The developer of ua-parser-js has already secured his GitHub account and uploaded new versions of the package that are clean. If you have any software that uses this library, make sure you’ve got the latest version!

Of course this is by no means a unique occurrence. Last month Maya Posch dug into growing issues that come from some flaws of trust in package management systems. The art for that article is a house of cards, an apt metaphor for a system that is only as stable as the security of each and every package being built upon.