wall

12 Articles

This Week In Security: Peering Through The Wall, Apple’s GoFetch, And SHA-256

March 29, 2024 by 1 Comment

The Linux command wall is a hold-over from the way Unix machines used to be used. It’s an abbreviation of Write to ALL, and it was first included in AT&T Unix, way back in 1975. wall is a tool that a sysadmin can use to send a message to the terminal session of all logged-in users. So far nothing too exciting from a security perspective. Where things get a bit more interesting is the consideration of ANSI escape codes. Those are the control codes that moves the cursor around on the screen, also inherited from the olden days of terminals.

The modern wall binary is actually part of util-linux, rather than being a continuation of the old Unix codebase. On many systems, wall runs as a setgid, so the behavior of the system binary really matters. It’s accepted that wall shouldn’t be able to send control codes, and when processing a message specified via standard input, those control codes get rejected by the fputs_careful() function. But when a message is passed in on the command line, as an argument, that function call is skipped.

This allows any user that can send wall messages to also send ANSI control codes. Is that really a security problem? There are two scenarios where it could be. The first is that some terminals support writing to the system clipboard via command codes. The other, more creative issue, is that the output from running a binary could be overwritten with arbitrary text. Text like:
Sorry, try again.
[sudo] password for jbennett:

You may have questions. Like, how would an attacker know when such a command would be appropriate? And how would this attacker capture a password that has been entered this way? The simple answer is by watching the list of running processes and system log. Many systems have a command-not-found function, which will print the failing command to the system log. If that failing command is actually a password, then it’s right there for the taking. Now, you may think this is a very narrow attack surface that’s not going to be terribly useful in real-world usage. And that’s probably pretty accurate. It is a really fascinating idea to think through, and definitively worth getting fixed. Continue reading “This Week In Security: Peering Through The Wall, Apple’s GoFetch, And SHA-256”

3D Printed Climbing Holds, Now With Texture

February 26, 2022 by 4 Comments

Technology enables all kinds of possibilities to mold our environments in the way we best see fit. Plenty of ski resorts use snowmaking to extend their seasons, there are wave pools for surfing hundreds of miles away from oceans, and if you don’t live near any mountains you can build your own climbing wall as well. For the latter, many have turned to 3D printers to create more rock-like climbing grips but plastic doesn’t tend to behave the same as rock unless you do what [Giles Barton-Owen] did and incorporate salt into the prints.

For small manufacturers, typically the way that the rock texture is mimicked is by somehow incorporating sand, permanently, into the grip itself. This works well enough but is often too rough on climbers’ hands or otherwise doesn’t faithfully replicate a rock climbing experience. For these grips, instead of including sand, salt crystals of a particular size were added to a resin that was formed over the 3D printed grip. Once the resin cures substantially, the water-soluble salt can be washed away leaving a perfect texture to grab onto with chalked hands.

While this might not be a scalable method for large-scale climbing grip manufacturers, [Giles] hopes this method will help smaller operations or even DIY climbers to build more realistic grips without having to break the bank. In fact, he has already found some success at his local climbing gym using these grips. The method may be more difficult to scale for larger manufacturers but for anyone who wants to try it out themselves, all that’s needed for this build is a 3D printer, salt, and time.

Continue reading “3D Printed Climbing Holds, Now With Texture”

3D-printed wall builder, circa 1930s

Retrotechtacular: 3D-Printed Buildings, 1930s Style

October 6, 2021 by 35 Comments

Here we are in the future, thinking we’re so fancy and cutting edge with mega-scale 3D printers that can extrude complete, ready-to-occupy buildings, only to find out that some clever inventor came up with essentially the same idea back in the 1930s.

The inventor in question, one [William E. Urschel] of Valparaiso, Indiana, really seemed to be onto something with his “Machine for Building Walls,” as his 1941 patent describes the idea. The first video below gives a good overview of the contraption, which consists of an “extruder” mounted on the end of a counterweighted boom, the length of which determines the radius of the circular structure produced. The boom swivels on a central mast, and is cranked up manually for each course extruded. The business end has a small hopper for what appears to be an exceptionally dry concrete or mortar mix. The hopper has a bunch of cam-driven spades that drive down into the material to push it out of the hopper; the mix is constrained between two rotating disks that trowel the sides smooth and drive the extruder forward.

The device has a ravenous appetite for material, as witnessed by the hustle the workers show keeping the machine fed. Window and door openings are handled with a little manual work, and the openings are topped with lintels to support the concrete. Clever tools are used to cut pockets for roof rafters, and the finished structure, complete with faux crenellations and a coat of stucco, looks pretty decent.

Continue reading “Retrotechtacular: 3D-Printed Buildings, 1930s Style”

Useless Machine Is A Clock

September 14, 2021 by 15 Comments

Useless machines are a fun class of devices which typically turn themselves off once they are switched on, hence their name. Even though there’s no real point, they’re fun to build and to operate nonetheless. [Burke] has followed this idea in spirit by putting an old clock he had to use with his take on a useless machine of sorts. But instead of simply powering itself off when turned on, this useless machine dislodges itself from its wall mount and falls to the ground anytime anyone looks at it.

It’s difficult to tell if this clock was originally broken when he started this project, or if many rounds of checking the time have caused the clock to damage itself, but either way this project is an instant classic. Powered by a small battery driving a Raspberry Pi, the single-board computer runs OpenCV and is programmed to recognize any face pointed in its general direction. When it does, it activates a small servo which knocks it off of its wall, rendering it unarguably useless.

[Burke] doesn’t really know why he had this idea, but it’s goofy and fun. The duct tape that holds everything together is the ultimate finishing touch as well, and we can’t really justify spending too much on fit and finish for a project that tosses itself around one’s room. On the other hand, if you’re looking for a more refined useless machine, we have seen some that have an impressive level of intricacy.

Thanks to [alchemyx] for the tip!

Continue reading “Useless Machine Is A Clock”

Fail Of The Week: Roboracer Meets Wall

November 8, 2020 by 52 Comments

There comes a moment when our project sees the light of day, publicly presented to people who are curious to see the results of all our hard work, only for it to fail in a spectacularly embarrassing way. This is the dreaded “Demo Curse” and it recently befell the SIT Acronis Autonomous team. Their Roborace car gained social media infamy as it was seen launching off the starting line and immediately into a wall. A team member explained what happened.

A few explanations had started circulating, but only in the vague terms of a “steering lock” without much technical detail until this emerged. Steering lock? You mean like The Club? Well, sort of. While there was no steering wheel immobilization steel bar on the car, a software equivalent did take hold within the car’s systems.  During initialization, while a human driver was at the controls, one of the modules sent out NaN (Not a Number) instead of a valid numeric value. This was never seen in testing, and it wreaked havoc at the worst possible time.

A module whose job was to ensure numbers stay within expected bounds said “not a number, not my problem!” That NaN value propagated through to the vehicle’s CAN data bus, which didn’t define the handling of NaN so it was arbitrarily translated into a very large number causing further problems. This cascade of events resulted in a steering control system locked to full right before the algorithm was given permission to start driving. It desperately tried to steer the car back on course, without effect, for the few short seconds until it met the wall.

While embarrassing and not the kind of publicity the Schaffhausen Institute of Technology or their sponsor Acronis was hoping for, the team dug through logs to understand what happened and taught their car to handle NaN properly. Driving a backup car, round two went very well and the team took second place. So they had a happy ending after all. Congratulations! We’re very happy this problem was found and fixed on a closed track and not on public roads.

[via Engadget]

Cardboard Wall Is Surprisingly Well Built

January 18, 2018 by 48 Comments

We all built cardboard forts when we were kids. [Paintingcook] has taken it into adulthood with a hand built cardboard wall. He and his wife leased a loft apartment. Lofts are great — one giant space to work with. Plans changed a bit when they found out they had a baby on the way. A single living, working, and sleeping space definitely wouldn’t be good for a newborn, so the couple set about separating a section of the room with a wall.

Sheetrock and steel or wood lumber would be the normal path here. They instead decided to recycle their cardboard moving boxes into a wall. The boxes were formed into box beams, which created the framework of the wall. The two pillars were boxed in and incorporated into the wall itself. The skin of the wall is a random patchwork of cardboard pieces. Most of the construction is completed with 3/8 ” screws and masking tape. Tape won’t last forever, but this is a temporary wall after all.

You might be wondering about fire hazards — sure, cardboard burns more readily than gypsum board, but the apartment is outfitted with sprinklers, which should help on this front. A few commenters on [Paintingcook’s] Reddit thread asked about formaldehyde and other gasses emitting from the cardboard. Turns out he’s an inorganic chemist by trade. He says any outgassing happens shortly after the cardboard is manufactured. It should be safe for the baby.

Cardboard is a great material to work in. You can build anything from robots to computers to guns with it. So get hop the couch, grab that Amazon box, and get hacking!

What’s The Weather Like For The Next Six Hours?

May 4, 2016 by 10 Comments

The magic glowing orb that tells the future has been a popular thing to make ever since we realized we had the technology to bring it out of the fortune teller’s tent. We really like [jarek319]’s interpretation of the concept.

Sitting mystically above his umbrella stand, with a single black cord providing the needed pixies for fortune telling, a white cube plays an animation simulating the weather outside for the next six hours. If he sees falling drops, he knows to grab an umbrella before leaving the house. If he sees a thunderstorm, he knows to get the umbrella with the fiberglass core in order to prevent an intimate repeat of Mr. Franklin’s early work.
Continue reading “What’s The Weather Like For The Next Six Hours?”