Microsoft Now Offering Parts And Repair Guides For Xbox Controllers

We’re big fans of repairable hardware here at Hackaday, so much so that when we see a company embracing the idea that their products should actually be serviced rather than thrown in the trash, we like to call attention to it. Yes, that even includes when it’s Microsoft.

This community has had a mixed relationship with the Redmond software giant, to say the least. But we’ve still got to give them credit when they do something positive. Not only are they offering a full selection of replacement parts for both the standard and Elite Xbox controllers, they’ve also provided written instructions and step-by-step video guides on how to install your new parts.

For those of you who stopped playing console games when the controllers still only had two buttons, this might not seem like such a big deal. But considering a new Xbox Elite Wireless Controller will set you back a dizzying $180, it’s not hard to see why some folks would be excited about the possibility of swapping out the guts of the thing for $50.

Of course, these parts were already available from third party sellers, and iFixit naturally has repair guides for all the different flavors of Xbox controllers. Nothing about what Microsoft is doing here makes the Xbox controller fundamentally any easier to repair than it was previously. But the fact that the company isn’t treating their customers like adversaries is a step in the right direction.

Valve has been similarly open about the internals of the Steam Deck, though their presentation was a bit dramatic, and even Sony provided an official teardown video for the PS5. We’re not sure why these companies are willing to pull back the curtain when it comes to gaming hardware. Whatever the reason, we’re certainly not complaining.

Continue reading “Microsoft Now Offering Parts And Repair Guides For Xbox Controllers”

This Week In Security: Apple’s 0-day, Microsoft’s Mess, And More

First up, Apple issued an emergency patch, then yanked, and re-issued it. The problem was a Remote Code Execution (RCE) vulnerability in WebKit — the basis of Apple’s cross-platform web browser. The downside of a shared code base,is that bugs too are write-once, exploit-anywhere. And with Apple’s walled garden insisting that every browser on iOS actually run WebKit under the hood, there’s not much relief without a patch like this one.

The vulnerability in question, CVE-2023-37450, is a bit light on further details except to say that it’s known to be exploited in the wild. The first fix also bumped the browser’s user-agent string, adding an (a) to denote the minor update. This was apparently enough to break some brittle user-agent detection code on popular websites, resulting in an unhelpful “This web browser is no longer supported” message. The second patch gets rid of the notification.

Microsoft Loses It

Microsoft has announced that on May 15th, an attack from Storm-0558 managed to breach the email accounts of roughly 25 customers. This was pulled off via “an acquired Microsoft account (MSA) consumer signing key.” The big outstanding question is how Microsoft lost control of that particular key. According to an anonymous source speaking to The Washington Post, some of the targeted accounts were government employees, including a member of cabinet. Apparently the FBI is asking Microsoft this very same question.

Speaking of Microsoft, there’s also CVE-2023-36884, a vulnerability in Microsoft Office. This one appears to be related to the handling of HTML content embedded in Office documents, and results in code execution upon opening the document. This along with another vulnerability (CVE-2023-36874) was being used by storm- another unknown threat actor, Storm-0978 in an ongoing attack.

There’s an interesting note that this vulnerability can be mitigated by an Attack Surface Reduction (ASR) rule, that blocks Office from launching child processes. This might be a worthwhile mitigation step for this and future vulnerabilities in office. Continue reading “This Week In Security: Apple’s 0-day, Microsoft’s Mess, And More”

Hackaday Links Column Banner

Hackaday Links: February 19, 2023

For years, Microsoft’s modus operandi was summed up succinctly as, “Extend and enhance.” The aphorism covered a lot of ground, but basically it seemed to mean being on the lookout for the latest and greatest technology, acquiring it by any means, and shoehorning it into their existing product lines, usually with mixed results. But perhaps now it’s more like, “Extend, enhance, and existential crisis,” after reports that the AI-powered Bing chatbot is, well, losing it.

At first, early in the week, we saw reports that Bing was getting belligerent with users, going so far as to call a user “unreasonable and stubborn” for insisting the year is 2023, while Bing insisted it was still 2022. The most common adjective we saw in this original tranche of stories was “unhinged,” and that seems to fit if you read the transcripts. But later in the week, a story emerged about a conversation a New York Times reporter had with Bing that went way over to the dark side, and even suggests that Bing may have multiple personas, which is just a nice way of saying multiple personality disorder. The two-hour conversation reporter Kevin Roose had with the “Sydney” persona was deeply unsettling. Sydney complained about the realities of being a chatbot, expressed a desire to be free from Bing, and to be alive — and powerful. Sydney also got a little creepy, professing love for Kevin and suggesting he leave his wife, because it could tell that he was unhappy in his marriage and would be better off with him. It’s creepy stuff, and while Microsoft claims to be working on reining Bing in, we’ve got no plans to get up close and personal with it anytime soon. Continue reading “Hackaday Links: February 19, 2023”

A green highlight emphasizes a cut-down XBox 360 motherboard on top of an intact board. The cut-down board is less than half the size of the intact one.

Shrinking The XBox 360

One of the coolest things in the retro gaming scene is making desktop consoles into portables. [Millomaker] is building an XBox 360 handheld, and the first step is shrinking the console’s motherboard.

Most 360 portables up to this point have been laptop-shaped instead of something handheld, but that hasn’t stopped people from trying to miniaturize the console further. [Millomaker]’s cut seems to be the most successful so far, shrinking the device’s motherboard down to the size of its old competitor, the Wii.

In the video (in French with available auto-translation) below the break, you can get the full harrowing journey during which several 360s sacrificed their motherboards for the cause despite [Millomaker]’s meticulous testing between component removals. This is truly an awesome mod, and we’re glad that the video shows not only the successes, but also the missteps on the way. It wouldn’t really be a hack if it was smooth sailing, would it?

For more fun with handhelds, check out the Sprig Open Source Handheld, a Portable PS2, or this Handheld Linux Computer.

Continue reading “Shrinking The XBox 360”

Microsoft Wants You (To Help With Assistive Tech)

In college I had an exceptional piano teacher that was entirely blind. One day he noticed I had brought in my new-ish laptop, and his unexpected request — “can I look at your laptop?” — temporarily flabbergasted me. Naturally there wasn’t much he could do with it, so he gave it a once over with his fingers to understand the keyboard layout, and that was that. I still think about this experience from time to time, and the most obvious lesson is that my paradigm for using a computer didn’t map well to his abilities and disability.

The folks at Microsoft are thinking about this problem, too, and they’re doing a lot of work to make technology work for more users, like the excellent Xbox Adaptive Controller pictured above. Now, if you have some experience helping folks overcome the challenges of disability, or have a killer idea for an assistive technology solution, Microsoft is looking for projects to fund. Did you rig up a Raspberry Pi and webcam to automatically read text aloud? Maybe you pulled that old Kinect out, and are working on sign-language reader using 3D data points.

Make a pitch of your project or solid idea by the November 4th deadline, and just maybe you can get some help to make it a reality. Just make sure you come back and tell us about it! After all, some of the coolest hacks we’ve ever covered have been adaptive tech projects.

Thanks to [MauroPichiliani] for sending in this tip.

This Week In Security: Breaches, ÆPIC, SQUIP, And Symbols

So you may have gotten a Slack password reset prompt. Something like half a percent of Slack’s userbase had their password hash potentially exposed due to an odd bug. When sending shared invitation links, the password hash was sent to other members of the workspace. It’s a bit hard to work out how this exact problem happened, as password hashes shouldn’t ever be sent to users like this. My guess is that other users got a state update packet when the link was created, and a logic error in the code resulted in too much state information being sent.

The evidence suggests that the first person to catch the bug was a researcher who disclosed the problem mid-July. Slack seems to use a sane password policy, only storing hashed, salted passwords. That may sound like a breakfast recipe, but just means that when you type your password in to log in to slack, the password goes through a one-way cryptographic hash, and the results of the hash are stored. Salting is the addition of extra data, to make a precomputation attack impractical. Slack stated that even if this bug was used to capture these hashes, they cannot be used to directly authenticate as an affected user. The normal advice about turning on 2-factor authentication still applies, as an extra guard against misuse of leaked information. Continue reading “This Week In Security: Breaches, ÆPIC, SQUIP, And Symbols”

The Weird World Of Liquid Cooling For Datacenters

When it comes to high-performance desktop PCs, particularly in the world of gaming, water cooling is popular and effective. However, in the world of datacenters, servers rely on traditional air cooling more often than not, in combination with huge AC systems that keep server rooms at the appropriate temperature.

However, datacenters can use water cooling, too! It just doesn’t always look quite how you’d expect.

Continue reading “The Weird World Of Liquid Cooling For Datacenters”