If you build electronics, you will eventually need a coil. If you spend any time winding one, you are almost guaranteed to think about building a coil winder. Maybe that’s why so many people do. [Jtacha] did a take on the project, and we were impressed — it looks great.

The device has a keypad and an LCD. You can enter a number of turns or the desired inductance. It also lets you wind at an angle. So it is suitable for RF coils, Tesla coils, or any other reason you need a coil.

There are a number of 3D printed parts, so this doesn’t look like an hour project. Luckily, none of the parts are too large. The main part is 2020 extrusion, and you will need to tap the ends of some of the pieces.

There is a brief and strangely dark video in the post if you want to see the machine in operation. The resulting coil looked good, especially if you compare it to how our hand-wound ones usually look.

While most of the coil winders we see have some type of motor, that’s not a necessity.

From Blog – Hackaday via this RSS feed

The self-propelled zip fastener uses a worm gear to propel itself along the teeth. (Credit: YKK)

At first glance the very idea of a zipper that unzips and zips up by itself seems somewhat ridiculous. After all, these contraptions are mostly used on pieces of clothing and gear where handling a zipper isn’t really sped up by having an electric motor sluggishly move through the rows of interlocking teeth. Of course, that’s not the goal of YKK, which is the world’s largest manufacturer of zip fasteners. The demonstrated prototype (original PR in Japanese) shows this quite clearly, with a big tent and equally big zipper that you’d be hard pressed to zip up by hand.

The basic application is thus more in industrial applications and similar, with one of the videos, embedded below, showing a large ‘air tent’ being zipped up automatically after demonstrating why for a human worker this would be an arduous task. While this prototype appears to be externally powered, adding a battery or such could make it fully wireless and potentially a real timesaver when setting up large structures such as these. Assuming the battery isn’t flat, of course.

It might conceivably be possible to miniaturize this technology to the point where it’d ensure that no fly is ever left unzipped, and school kids can show off their new self-zipping jacket to their friends. This would of course have to come with serious safety considerations, as anyone who has ever had a bit of their flesh caught in a zipper can attest to.

https://www.theverge.com/news/656535/ykk-self-propelled-zipper-prototype

https://www.ykk.com/newsroom/g_news/2025/20250424.html

From Blog – Hackaday via this RSS feed

While most hams and hackers have at least heard of Heathkit, most people don’t know the strange origin story of the legendary company. [Ham Radio Gizmos] takes us all through the story.

In case you don’t remember, Heathkit produced everything from shortwave radios to color TVs to test equipment and even computers. But, for the most part, when you bought something from them, you didn’t get a finished product. You got a bag full of parts and truly amazing instructions about how to put them together. Why? Well, if you are reading Hackaday, you probably know why. But some people did it to learn more about electronics. Others were attracted by the lower prices you paid for some things if you built them yourself. Others just liked the challenge.

But Heathkit’s original kit wasn’t electronic at all. It was an airplane kit. Not a model airplane, it was an actual airplane. Edward Heath sold airplane kits at the affordable price around $1,000. In 1926, that was quite a bit of money, but apparently still less than a commercial airplane.

Sadly, Heath took off in a test plane in 1931, crashed, and died. The company struggled to survive until 1935, when Howard Anthony bought the company and moved it to the familiar Benton Harbor address. The company still made aircraft kits.

During World War II, the company mobilized to produce electronic parts for wartime aircraft. After the war, the government disposed of surplus, and Howard Anthony casually put in a low bid on some. He won the bid and was surprised to find out the lot took up five rail cars. Among the surplus were some five-inch CRTs used in radar equipment. This launched the first of Heathkit’s oscilloscopes — the O1. At $39.50, it was a scope people could afford, as long as they could build it. The O-series scopes would be staples in hobby workshops for many years.

There’s a lot more in the video. Well worth the twenty minutes. If you’ve never seen a Heathkit manual, definitely check out the one in the video. They were amazing. Or download a couple. No one creates instructions like this anymore.

If you watch the video, be warned, there will be a quiz, so pay attention. But here’s a hint: there’s no right answer for #3. We keep hearing that someone owns the Heathkit brand now, and there have been a few new products. But, at least so far, it hasn’t really been the same.

From Blog – Hackaday via this RSS feed

Sometimes you need random numbers — and properly random ones, at that. [Sean Boyce] whipped up a rig that serves up just that, tasty random bytes delivered fresh over MQTT.

[Sean] tells us he’s been “designing various quantum TRNGs for nearly 15 years as part of an elaborate practical joke” without further explanation. We won’t query as to why, and just examine the project itself. The main source of randomness — entropy, if you will — is a pair of transistors hooked up to create a bunch of avalanche noise that is apparently truly random, much like the zener diode method.

In any case, the noise from the transistors is then passed through a bunch of hex inverters and other supporting parts to shape the noise into a nicely random square wave. This is sampled by an ATtiny261A acting as a Von Neumann extractor, which converts the wave into individual bits of lovely random entropy. These are read by a Pi Pico W, which then assembles random bytes and pushes them out over MQTT.

Did that sound like a lot? If you’re not in the habit of building random number generators, it probably did. Nevertheless, we’ve heard from [Sean] on this topic before. Feel free to share your theories on the best random number generator designs below, or send your best builds straight to the tipsline. Randomly, of course!

From Blog – Hackaday via this RSS feed

It was probably Montesquieu who coined the proto-hacker motto “the best is the mortal enemy of the good”. He was talking about compromises in drafting national constitutions for nascent democracies, of course, but I’ll admit that I do hear his voice when I’m in get-it-done mode and start cutting corners on a project. A working project is better than a gold-plated one.

But what should I do, Monte, when good enough turns out to also be the mortal enemy of the best? I have a DIY coffee roaster that is limping along for years now on a blower box that uses a fan scavenged in anger from an old Dust Buster. Many months ago, I bought a speed-controllable and much snazzier brushless blower fan to replace it, that would solve a number of minor inconveniences with the current design, but which would also require some building and another dive into the crufty old firmware.

So far, I’ve had good enough luck that the roaster will break down from time to time, and I’ll use that as an excuse to fix that part of the system, and maybe even upgrade another as long as I have it apart. But for now, it’s running just fine. I mean, I have to turn the fan on manually, and the new one could be automatic. I have only one speed for the fan, and the new one would be variable. But the roaster roasts, and a constant source of coffee is mission critical in this house. The spice must flow!

Reflecting on this situation, it seems to me that the smart thing to do is work on smoothing the transitions from good enough to best. Like maybe I could prototype up the new fan box without taking the current one apart. Mock up some new driver code on the side while I’m at it?

Maybe Montesquieu was wrong, and the good and the best aren’t opposites after all. Maybe the good enough is just the first step on the path toward the best, and a wise man spends his energy on making the two meet in the middle, or making the transition from one to the other as painless as possible.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

From Blog – Hackaday via this RSS feed

In the 90s, a video game craze took over the youth of the world — but unlike today’s games that rely on powerful PCs or consoles, these were simple, standalone devices with monochrome screens, each home to a digital pet. Often clipped to a keychain, they could travel everywhere with their owner, which was ideal from the pet’s perspective since, like real animals, they needed attention around the clock. [ViciousSquid] is updating this 90s idea for the 20s with a digital pet squid that uses a neural network to shape its behavior.

The neural network that controls the squid’s behavior takes a large number of variables into account, including whether or not it’s hungry or sleepy, or if it sees food. The neural network adapts as different conditions are encountered, allowing the squid to make decisions and strengthen its algorithms. [ViciousSquid] is using a Hebbian learning algorithm which strengthens connections between neurons which activate often together. Additionally, the squid’s can form both short- and long-term memories, and the neural network can even form new neurons on its own as needed.

[ViciousSquid] is still working on this project, and hopes to eventually implement a management system in the future, allowing the various behavior variables to be tracked over time and overall allow it to act in a way more familiar to the 90s digital pets it’s modeled after. It’s an interesting and fun take on those games, though, and much of the code is available on GitHub for others to experiment with as well. For those looking for the original 90s games, head over to this project where an emulator for Tamagotchis was created using modern microcontroller platforms.

From Blog – Hackaday via this RSS feed

Classic demos from the demoscene are all about showing off one’s technical prowess, with a common side order of a slick banging soundtrack. That’s precisely what [BUS ERROR Collective] members [DJ_Level_3] and [Marv1994] delivered with their prize-winning Primer demo this week.

This demo is a grand example of so-called “oscilloscope music”—where two channels of audio are used to control an oscilloscope in X-Y mode. The sounds played determine the graphics on the screen, as we’ve explored previously.

The real magic is when you create very coolsounds that also draw very cool graphics on the oscilloscope. The Primerdemo achieves this goal perfectly. Indeed, it’s intended as a “primer” on the very artform itself, starting out with some simple waveforms and quickly spiraling into a graphical wonderland of spinning shapes and morphing patterns, all to a sweet electronic soundtrack. It was created with a range of tools, including Osci-Render and apparently Ableton 11, and the recording performed on a gorgeous BK Precision Model 2120 oscilloscope in a nice shade of green.

If you think this demo is fully sick, you’re not alone. It took out first place in the Wild category at the Revision 2025 demo party, as well as the Crowd Favorite award. High praise indeed.

We love a good bit of demoscene magic around these parts.

Thanks to [STrRedWolf] for the tip!

From Blog – Hackaday via this RSS feed

Sometimes, a flat display just won’t cut it. If you’re looking for something a little rounder, perhaps your vision could persist in in looking at [lhm0]’s rotating LED sphere RP2040 POV display.

As you might have guessed from that title, this persistence-of-vision display uses an RP2040 microcontroller as its beating (or spinning, rather) heart. An optional ESP01 provides a web interface for control. Since the whole assembly is rotating at high RPM, rather than slot in dev boards (like Pi Pico) as is often seen, [lhm0] has made custom PCBs to hold the actual SMD chips. Power is wireless, because who wants to deal with slip rings when they do not have to?

The LED-bending jig is a neat hack-within-a-hack.

[lhm0] has also bucked the current trend for individually-addressable LEDs, opting instead to address individual through-hole RGB LEDs via a 24-bit shift-register. Through the clever use of interlacing, those 64 LEDs produce a 128 line display. [lhm0] designed and printed an LED-bending jig to aid mounting the through-hole LEDs to the board at a perfect 90 degree angle.

What really takes this project the extra mile is that [lhm0] has also produced a custom binary video/image format for his display, .rs64, to encode images and video at the 128×256 format his sphere displays. That’s on github,while a seperate library hosts the firmware and KiCad files for the display itself.

This is hardly the first POV display we’ve highlighted, though admittedly it isn’t the cheapest one. There are even other spherical displays, but none of them seem to have gone to the trouble of creating a file format.

If you want to see it in action and watch construction, the video is embedded below.

From Blog – Hackaday via this RSS feed

In the realm of computer science, it’s hard to go too far without encountering hashing or hash functions. The concept appears throughout security, from encryption to password storage to crypto, and more generally whenever large or complex data must be efficiently mapped to a smaller, fixed-size set. Hashing makes the process of looking for data much faster for a computer than performing a search and can be incredibly powerful when mastered. [Malte] did some investigation into hash functions and seems to have found a method called Fibonacci hashing that not only seems to have been largely forgotten but which speeds up this lookup process even further.

In a typical hashing operation, the data is transformed in some way, with part of this new value used to store it in a specific location. That second step is often done with an integer modulo function. But the problem with any hashing operation is that two different pieces of data end up with the same value after the modulo operation is performed, resulting in these two different pieces of data being placed at the same point. The Fibonacci hash, on the other hand, uses the golden ratio rather than the modulo function to map the final location of the data, resulting in many fewer instances of collisions like these while also being much faster. It also appears to do a better job of using the smaller fixed-size set more evenly as a consequence of being based around Fibonacci numbers, just as long as the input data doesn’t have a large number of Fibonacci numbers themselves.

Going through the math that [Malte] goes over in his paper shows that, at least as far as performing the mapping part of a hash function, the Fibonacci hash performs much better than integer modulo. Some of the comments mention that it’s a specific type of a more general method called multiplicative hashing. For those using hash functions in their code it might be worth taking a look at either way, and [Malte] admits to not knowing everything about this branch of computer science as well but still goes into an incredible amount of depth about this specific method. If you’re more of a newcomer to this topic, take a look at this person who put an enormous bounty on a bitcoin wallet which shows why reverse-hashing is so hard.

From Blog – Hackaday via this RSS feed

[IMSAI Guy] grabbed an obsolete XOR gate and tried a classic circuit to turn it into a frequency doubler. Of course, being an old part, it won’t work at very high frequencies, but the circuit is super simple, just using the gate and an RC network. You can see a video of his exploration below.

The simple circuit seems like it should work, but in practice, it needed an extra component. In theory, the RC circuit acts as an edge detector. So, each edge of the input signal causes a pulse on the output as the second input lags the first.

That sounds good, but it looked terrible on the scope until a 1K resistor tied to the capacitor shifted the bias point of the gate. In all fairness, the original schematic used a Schmitt trigger gate, which may have made a difference had one been available. There were slight differences, though, depending on the type of device. An LS part, for example, didn’t need the extra resistor.

Of course, an RC network is just one way to delay the input, and the delay determines the width of the output pulse and constrains the input frequency and duty cycle. However, you could use other gates, including the other XOR gates in the package to realize a fast delay.

Frequency doublers are very common at microwave frequencies, but they don’t work in the same way. There are several ways to do it, but a common method is to use a nonlinear element to generate plenty of harmonics and then filter off everything but the second one. Or the third one, if you wanted a tripler instead.

From Blog – Hackaday via this RSS feed

[Tazer] built a small desktop-sized robotic arm, and it was more or less functional. However, he wanted to improve its ability to pick things up, and attaching a pneumatic gripper seemed like the perfect way to achieve that. Thus began the build!

The concept of [Tazer]’s pneumatic gripper is simple enough. When the pliable silicone gripper is filled with air, the back half is free to expand, while the inner section is limited in its expansion thanks to fabric included in the structure. This causes the gripper to deform in such a way that it folds around as it fills with air, which lets it pick up objects. [Tazer] designed the gripper so that that could be cast in silicone using 3D printed molds. It’s paired with a 3D printed manifold which delivers air to open and close the gripper as needed. Mounted on the end of [Tazer]’s robotic arm, it’s capable of lifting small objects quite well.

It’s a fun build, particularly for the lovely sounds of silicone parts being ripped out of their 3D printed molds. Proper ASMR grade stuff, here. We’ve also seen some other great work on pneumatic robot grippers over the years.

From Blog – Hackaday via this RSS feed

When it comes to open source signal analysis software for logic analyzers and many other sensors, Sigrok is pretty much the only game in town. Unfortunately after an issue with the server hosting, the website, wiki, and other documentation is down until a new hosting provider is found and the site migrated. This leaves just the downloads active, as well as the IRC channel (#sigrok) over at Libera.chat.

This is not the first time that the Sigrok site has gone down, but this time it seems that it’s more final. Although it seems a new server will be set up over the coming days, this will do little to assuage those who have been ringing the alarm bells about the Sigrok project. Currently access to documentation is unavailable, except via the WaybackMachine’s archive.

A tragic reality of FOSS projects is that they are not immortal, with them requiring constant time, money and effort to keep servers running and software maintained. This might be a good point for those who have a stake in Sigrok to consider what the project means to them, and what it might mean if it were to shutdown.

From Blog – Hackaday via this RSS feed

This week Elliot Williams was joined by fellow Europe-based Hackaday staffer Jenny List, to record the Hackaday Podcast as the dusk settled on a damp spring evening.

On the agenda first was robotic sport, as a set of bipedal robots competed in a Chinese half-marathon. Our new Robot overlords may have to wait a while before they are fast enough chase us meatbags away, but it demonstrated for us how such competitions can be used to advance the state of the art.

The week’s stand-out hacks included work on non-planar slicing to improve strength of 3D prints. It’s safe to say that the Cartesian 3D printer has matured as a device, but this work proves there’s plenty more in the world of 3D printing to be developed. Then there was a beautiful record cutting lathe project, far more than a toy and capable of producing good quality stereo recordings.

Meanwhile it’s always good to see the price of parts come down, and this time it’s the turn of LIDAR sensors. There’s a Raspberry Pi project capable of astounding resolution, for a price that wouldn’t have been imaginable only recently. Finally we retrned to 3D printing, with an entirely printable machine, including the motors and the hot end. It’s a triumph of printed engineering, and though it’s fair to say that you won’t be using it to print anything for yourself, we expect some of the very clever techniques in use to feature in many other projects.

The week’s cant-miss articles came from Maya Posch with a reality check for lovers of physical media, and Dan Maloney with a history of x-ray detection. Listen to it all below, and you’ll find all the links at the bottom of the page.

Still mourning the death of physical media?  Download an MP3 and burn it to CD like it’s 1999!Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

iTunesSpotifyStitcherRSSYouTubeCheck out our Libsyn landing page

Episode 318 Show Notes:

News:

China Hosts Robot MarathonAnnouncing The Hackaday Pet Hacks Contest

What’s that Sound:

Congrats to [Bultza] for knowing what that sound was better than we did (Instagram link)

Interesting Hacks of the Week:

Non-planar Slicing Is For The Birds Unique 3D Printer Has A Print Head With A Twist3D Printering: Non-Planar Layer FDMA Universal, Non-planar Slicer For 3D Printing Is Worth Thinking AboutImproved And Open Source: Non-Planar Infill For FDMDIY Record Cutting Lathe Is Really GroovyA Pi-Based LiDAR ScannerThe Evertop: A Low-Power, Off-Grid Solar GemRobot Picks Fruit And Changes Light Bulbs With Measuring Tape Compliant Robot Gripper Won’t Scramble Your EggsDead Simple Jamming Gripper DesignThe Most Printable 3D Printer Yet

Quick Hacks:

Elliot’s Picks: Printed Perpetual Calendar Clock Contains Clever CamsHaircuts In Space: How To Keep Your Astronauts Looking FreshJolly Wrencher Down To The MicronJenny’s Picks: Low Cost Oscilloscope Gets Low Cost UpgradesOpen Source DMR RadioA Scratch-Built Commodore 64, Turing StyleRestoration Of Six-Player Arcade Game From The Early 90s

Can’t-Miss Articles:

Why Physical Media Deserved To DieTo See Within: Detecting X-Rays

From Blog – Hackaday via this RSS feed

In the 2000s, the DVD industry was concerned about piracy, in particular the threat to their business model presented by counterfeit DVDs and downloadable movies. Their response was a campaign which could be found embedded into the intro sequences of many DVDs of the era, in which an edgy font on a black background began with “You wouldn’t steal a car.. “. It was enough of a part of the background noise of popular culture that it has become a meme in the 2020s, reaching many people with no idea of its origins. Now in a delicious twist of fate, it has been found that the font used in the campaign was itself pirated. Someone should report them.

The font in question is FF Confidential, designed by [Just van Rossum], whose brother [Guido] you may incidentally know as the originator of the Python programming language. The font in the campaign isn’t FF Confidential though, as it turns out it’s XBAND Rough, a pirated copy of the original. What a shame nobody noticed this two decades ago.

It’s a bit of fun to delight in an anti-piracy campaign being caught using a dodgy font, but if this story serves to tell us anything it’s that the web of modern intellectual property is so labyrinthine as to be almost impossible to navigate without coming a cropper somewhere. Sadly the people caught out in this case would be the last to call for reform of the intellectual property environment, but as any sane heads would surely agree, such reform is overdue.

If copyright gives you a headache, here’s our take on it.

From Blog – Hackaday via this RSS feed

Researchers at Aikido run the Aikido Intel system, an LLM security monitor that ingests the feeds from public package repositories, and looks for anything unusual. In this case, the unusual activity was five rapid-fire releases of the xrpl package on NPM. That package is the XRP Ledger SDK from Ripple, used to manage keys and build crypto wallets. While quick point releases happen to the best of developers, these were odd, in that there were no matching releases in the source GitHub repository. What changed in the first of those fresh releases?

The most obvious change is the checkValidityOfSeed() function added to index.ts. That function takes a string, and sends a request to a rather odd URL, using the supplied string as the ad-referral header for the HTML request. The name of the function is intended to blend in, but knowing that the string parameter is sent to a remote web server is terrifying. The seed is usually the root of trust for an individual’s cryptocurrency wallet. Looking at the actual usage of the function confirms, that this code is stealing credentials and keys.

The releases were made by a Ripple developer’s account. It’s not clear exactly how the attack happened, though credential compromise of some sort is the most likely explanation. Each of those five releases added another bit of malicious code, demonstrating that there was someone with hands on keyboard, watching what data was coming in.

The good news is that the malicious releases only managed a total of 452 downloads for the few hours they were available. A legitimate update to the library, version 4.2.5, has been released. If you’re one of the unfortunate 452 downloads, it’s time to do an audit, and rotate the possibly affected keys.

Zyxel FLEX

More specifically, we’re talking about Zyxel’s USG FLEX H series of firewall/routers. This is Zyxel’s new Arm64 platform, running a Linux system they call Zyxel uOS. This series is for even higher data throughput, and given that it’s a new platform, there are some interesting security bugs to find, as discovered by [Marco Ivaldi] of hn Security and [Alessandro Sgreccia] at 0xdeadc0de. Together they discovered an exploit chain that allows an authenticated user with VPN access only to perform a complete device takeover, with root shell access.

The first bug is a wild one, and is definitely something for us Linux sysadmins to be aware of. How do you handle a user on a Linux system, that you don’t want to have SSH access to the system shell? I’ve faced this problem when a customer needed SFTP access to a web site, but definitely didn’t need to run bash commands on the server. The solution is to set the user’s shell to nologin, so when SSH connects and runs the shell, it prints a message, and ends the shell, terminating the SSH connection. Based on the code snippet, the FLEX is doing something similar, perhaps with -false set as the shell instead:

$ ssh user@192.168.169.1 (user@192.168.169.1) Password: -false: unknown program '-false' Try '-false --help' for more information. Connection to 192.168.169.1 closed.

It’s slightly janky, but seems set up correctly, right? There’s one more step to do this completely: Add a Match entry to sshd_config, and disable some of the other SSH features you may not have thought about, like X11 forwarding, and TCP forwarding. This is the part that Zyxel forgot about. VPN-only users can successfully connect over SSH, and the connection terminates right away with the invalid shell, but in that brief moment, TCP traffic forwarding is enabled. This is an unintended security domain transverse, as it allows the SSH user to redirect traffic into internal-only ports.

Next question to ask, is there any service running inside the appliance that provides a pivot point? How about PostgreSQL? This service is set up to allow local connections on port 5432 — without a password. And PostgreSQL has a wonderful feature, allowing a COPY FROM command to specify a function to run using the system shell. It’s essentially arbitrary shell execution as a feature, but limited to the PostgreSQL user. It’s easy enough to launch a reverse shell to have ongoing shell access, but still limited to the PostgreSQL user account.

There are a couple directions exploitation can go from there. The /tmp/webcgi.log file is accessible, which allows for grabbing an access token from a logged-in admin. But there’s an even better approach, in that the unprivileged user can use the system’s Recovery Manager to download system settings, repack the resulting zip with a custom binary, re-upload the zip using Recovery Manager, and then interact with the uploaded files. A clever trick is to compile a custom binary that uses the setuid(0) system call, and because Recovery Manager writes it out as root, with the setuid bit set, it allows any user to execute it and jump straight to root. Impressive.

Power Glitching an STM32

Micro-controllers have a bit of a weird set of conflicting requirements. They need to be easily flashed, and easily debugged for development work. But once deployed, those same chips often need to be hardened against reading flash and memory contents. Chips like the STM32 series from ST Microelectronics have multiple settings to keep chip contents secure. And Anvil Secure has some research on how some of those protections could be defeated. Power Glitching.

The basic explanation is that these chips are only guaranteed to work when run inside their specified operating conditions. If the supply voltage is too low, be prepared for unforeseen consequences. Anvil tried this, and memory reads were indeed garbled. This is promising, as the memory protection settings are read from system memory during the boot process. In fact, one of the hardest challenges to this hack was determining the exact timing needed to glitch the right memory read. Once that was nailed down, it took about 6 hours of attempts and troubleshooting to actually put the embedded system into a state where firmware could be extracted.

MCP Line Jumping

Trail of Bits is starting a series on MCP security. This has echoes of the latest FLOSS Weekly episode, talking about agentic AI and how Model Context Protocol (MCP) is giving LLMs access to tools to interact with the outside world. The security issue covered in this first entry is Line Jumping, also known as tool poisoning.

It all boils down to the fact that MCPs advertise the tools that they make available. When an LLM client connects to that MCP, it ingests that description, to know how to use the tool. That description is an opportunity for prompt injection, one of the outstanding problems with LLMs.

Bits and Bytes

Korean SK Telecom has been hacked, though not much information is available yet. One of the notable statements is that SK Telecom is offering customers a free SIM swapping protection service, which implies that a customer database was captured, that could be used for SIM swapping attacks.

WatchTowr is back with a simple pre-auth RCE in Commvault using a malicious zip upload. It’s a familiar story, where an unauthenticated endpoint can trigger a file download from a remote server, and file traversal bugs allow unzipping it in an arbitrary location. Easy win.

SSD Disclosure has discovered a pair of Use After Free bugs in Google Chrome, and Chrome’s Miracleptr prevents them from becoming actual exploits. That technology is a object reference count, and “quarantining” deleted objects that still show active references. And for these particular bugs, it worked to prevent exploitation.

And finally, [Rohan] believes there’s an argument to be made, that the simplicity of ChaCha20 makes it a better choice as a symmetric encryption primitive than the venerable AES. Both are very well understood and vetted encryption standards, and ChaCha20 even manages to do it with better performance and efficiency. Is it time to hang up AES and embrace ChaCha20?

From Blog – Hackaday via this RSS feed

Alvin Lucier was an American experimental composer whose compositions were arguably as much science experiments as they were music. The piece he is best known for, I Am Sitting in a Room, explored the acoustics of a room and what happens when you amplify the characteristics that are imparted on sound in that space by repeatedly recording and playing back the sound from one tape machine to another. Other works have employed galvanic skin response sensors, electromagnetically activated piano strings and other components that are not conventionally used in music composition.

Undoubtedly the most unconventional thing he’s done (so far) is to perform in an exhibit at The Art Gallery of Western Australia in Perth which opened earlier this month. That in itself would not be so unconventional if it weren’t for the fact that he passed away in 2021. Let us explain.

While he was still alive, Lucier entered into a collaboration with a team of artists and biologists to create an exhibit that would push art, science and our notions of what it means to live beyond one’s death into new ground.

The resulting exhibit, titled Revivication, is a room filled with gong-like cymbals being played via actuators by Lucier’s brain…sort of. It is a brain organoid, a bundle of neurons derived from a sample of his blood which had been induced into pluripotent stem cells. The organoid sits on a mesh of electrodes, providing an interface for triggering the cymbals.

A brain organoid derived from Alvin Lucier’s blood cells sits on a mesh of electrodes.

“But the organoid isn’t aware of what’s happening, it’s not performing” we hear you say. While it is true that the bundle of neurons isn’t likely to have intuited hundreds of years of music theory or its subversion by experimental methodology, it is part of a feedback loop that potentially allows it to “perceive” in some way the result of its “actions”.

Microphones mounted at each cymbal feed electrical stimulus back to the organoid, presumably providing it with something to respond to. Whether it does so in any meaningful way is hard to say.

The exhibit asks us to think about where creativity comes from. Is it innate? Is it “in our blood” so to speak? Do we have agency or are we being conducted? Can we live on beyond our own deaths through some creative act? What, if anything, do brain organoids experience?

This makes us think about some of the interesting mind-controlled musical interfaces we’ve seen, the promise of pluripotent stem cell research, and of course those brain computer interfaces. Oh, and there was that time the Hackaday Podcast featured Alvin Lucier’s I Am Sitting in a Room on What’s that Sound.

From Blog – Hackaday via this RSS feed

It’s human nature to look at the technological achievements of the ancients — you know, anything before the 1990s — and marvel at how they were able to achieve precision results in such benighted times. How could anyone create a complicated mechanism without the aid of CNC machining and computer-aided design tools? Clearly, it was aliens.

Or, as [Chris] from Click Spring demonstrates by creating precision nesting thin-wall tubing, it was human beings running the same wetware as what’s running between our ears but with a lot more patience and ingenuity. It’s part of his series of experiments into how the craftsmen of antiquity made complicated devices like the Antikythera mechanism with simple tools. He starts by cleaning up roughly wrought brass rods on his hand-powered lathe, followed by drilling and reaming to create three tubes with incremental precision bores. He then creates matching pistons for each tube, with an almost gas-tight enough fit right off the lathe.

Getting the piston fit to true gas-tight precision came next, by lapping with a jeweler’s rouge made from iron swarf recovered from the bench. Allowed to rust and ground to a paste using a mortar and pestle, the red iron oxide mixed with olive oil made a dandy fine abrasive, perfect for polishing the metal to a high gloss finish. Making the set of tubes concentric required truing up the bores on the lathe, starting with the inner-most tube and adding the next-largest tube once the outer diameter was lapped to spec.

Easy? Not by a long shot! It looks like a tedious job that we suspect was given to the apprentice while the master worked on more interesting chores. But clearly, it was possible to achieve precision challenging today’s most exacting needs with nothing but the simplest tools and plenty of skill.

From Blog – Hackaday via this RSS feed

“TheC64” is a popular recreation of the best selling computer of all time, the original Commodore 64. [10p6] enjoys hacking on this platform, and recently whipped up a new mod — adding a 9-pin Atari joystick connector for convenience.

When it comes to TheC64 units, they ship with joysticks that look retro, but aren’t. These joysticks actually communicate with the hardware over USB. [10p6]’s hack was to add an additional 9-pin Atari joystick connector into the joystick itself. It’s a popular mod amongst owners of TheC64 and the C64 Mini. All one needs to do is hook up a 9-pin connector to the right points on the joystick’s PCB. Then, it effectively acts as a pass-through adapter for hooking up other joysticks to the system.

While this hack could have been achieved by simply chopping away at the plastic housing of the original joystick, [10p6] went a tidier route. Instead, the joystick was granted a new 3D printed base that had a perfect mounting spot for the 9-pin connector. Clean!

We’ve seen some great hacks from [10p6] lately, like the neat reimagined “C64C” build that actually appears in this project video, too.

From Blog – Hackaday via this RSS feed

While tools like CRISPR have blown the field of genome hacking wide open, being able to predict what will happen when you tinker with the code underlying the living things on our planet is still tricky. Researchers at Stanford hope their new Evo 2 DNA generative AI tool can help.

Trained on a dataset of over 100,000 organisms from bacteria to humans, the system can quickly determine what mutations contribute to certain diseases and what mutations are mostly harmless. An “area we are hopeful about is using Evo 2 for designing new genetic sequences with specific functions of interest.”

To that end, the system can also generate gene sequences from a starting prompt like any other LLM as well as cross-reference the results to see if the sequence already occurs in nature to aid in predicting what the sequence might do in real life. These synthetic sequences can then be made using CRISPR or similar techniques in the lab for testing. While the prospect of building our own Moya is exciting, we do wonder what possible negative consequences could come from this technology, despite the hand-wavy mention of not training the model on viruses to “to prevent Evo 2 from being used to create new or more dangerous diseases.”

We’ve got you covered if you need to get your own biohacking space setup for DNA gels or if you want to find out more about powering living computers using electricity. If you’re more curious about other interesting uses for machine learning, how about a dolphin translator or discovering better battery materials?

From Blog – Hackaday via this RSS feed

When you start building lots of something, you’ll know the value of accurate fixturing. [Chris Borge] learned this the hard way on a recent mass-production project, and decided to solve the problem. How? With a custom fixturing tool! A 3D printed one, of course.

Chris’s build is simple enough. He created 3D-printed workplates covered in a grid of specially-shaped apertures, each of which can hold a single bolt. Plastic fixtures can then be slotted into the grid, and fastened in place with nuts that thread onto the bolts inserted in the base. [Chris] can 3D print all kinds of different plastic fixtures to mount on to the grid, so it’s an incredibly flexible system.

3D printing fixtures might not sound the stoutest way to go, but it’s perfectly cromulent for some tasks. Indeed, for [Chris]’s use case of laser cutting, the 3D printed fixtures are more than strong enough, since the forces involved are minimal. Furthermore, [Chris] aided the stability of the 3D-printed workplate by mounting it on a laser-cut wooden frame filled with concrete. How’s that for completeness?

We’ve seen some other great fixturing tools before, too. Video after the break.

From Blog – Hackaday via this RSS feed

[Bill Dudley] had a problem. He had an Onkyo AV receiver that did a great job… until it didn’t. A DSP inside failed. When that happened, the main microprocessor running the show decided it wouldn’t play ball without the DSP operational. [Bill] knew the bulk of the audio hardware was still good, it was just the brains that were faulty. Thus started a 4-month operation to resurrect the Onkyo receiver with new intelligence instead.

[Bill’s] concept was simple. Yank the dead DSP, and the useless microprocessor as well. In their place, an ESP32 would be tasked with running things. [Bill] no longer cared if the receiver had DSP abilities or even the ability to pass video—he just wanted to use it as the quality audio receiver that it was.

His project report steps through all the hard work he went through to get things operational again. He had to teach the ESP32 to talk to the front panel display, the keys, and the radio tuner. More challenging was the core audio processor—the obscure Renaisys R2A15218FP. However, by persevering, [Bill] was able to get everything up and running, and even added some new functionality—including Internet radio and Bluetooth streaming.

It’s a heck of a build, and [Bill] ended up with an even more functional audio receiver at the end of it all. Bravo, we say. We love to see older audio gear brought back to life, particularly in creative ways. Meanwhile, if you’ve found your own way to save a piece of vintage audio hardware, don’t hesitate to let us know!

From Blog – Hackaday via this RSS feed

Most people have wished for the ability to talk to other animals at some point, until they realized their cat would mostly insult them and ask for better service, but researchers are getting closer to a dolphin translator.

DolphinGemma is an upcoming LLM based on the recordings from the Wild Dolphin Project. Using the hours and hours of dolphin sounds recorded by researchers over the decades, the hope is that the LLM will allow us to communicate more effectively with the second most intelligent species on the planet.

The LLM is designed to run in the field on Google Pixel phones, due to it being based on Google’s in-house Gemini product, which is a bit less cumbersome than hauling a mainframe on a dive. The Wild Dolphin Project currently uses the Georgia Tech developed CHAT (Cetacean Hearing Augmentation Telemetry) device which has a Pixel 6 at its heart, but the newer system will be bumped up to a Pixel 9 to take advantage of all those shiny new AI processing advances. Hopefully, we’ll have a better chance of catching when they say, “So long and thanks for all the fish.”

If you’re curious about other mysterious languages being deciphered by LLMs, we have you covered.

From Blog – Hackaday via this RSS feed

A bicycle is perhaps one of the most repairable pieces of equipment one can own — no matter what’s wrong with it, and wherever you are on the planet, you’ll be able to find somebody to fix your bike without too much trouble. Unfortunately as electric bikes become more popular, predatory manufacturers are doing everything they can to turn a bike into a closed machine, only serviceable by them.

That’s bad enough, but it’s even worse if the company happens to go under. As an example, [Fransisco] has a bike built by a company that has since gone bankrupt. He doesn’t name them, but it looks like a VanMoof to us. The bike features a light built into the front of the top tube of the frame, which if you can believe it, can only be operated by the company’s (now nonfunctional) cloud-based app.

The hack is relatively straightforward. The panel for the VanMoof electronics is removed and the works underneath are slid up the tube, leaving the connector to the front light. An off the shelf USB-C Li-Po charger and a small cell take the place of the original parts under a new 3D printed panel with a switch to run the light via a suitable resistor. If it wasn’t for the startling green color of the filament he used, you might not even know it wasn’t original.

We would advise anyone who will listen, that hardware which relies on an app and a cloud service should be avoided at all costs. We know most Hackaday readers will be on the same page as us on this one, but perhaps it’s time for a cycling manifesto to match our automotive one.

Thanks [cheetah_henry] for the tip.

From Blog – Hackaday via this RSS feed

There was a time when each and every printer and typesetter had its own quirky language. If you had a wordprocessor from a particular company, it worked with the printers from that company, and that was it. That was the situation in the 1970s when some engineers at Xerox Parc — a great place for innovation but a spotty track record for commercialization — realized there should be a better answer.

That answer would be Interpress, a language for controlling Xerox laser printers. Keep in mind that in 1980, a laser printer could run anywhere from $10,000 to $100,000 and was a serious investment. John Warnock and his boss, Chuck Geschke, tried for two years to commercialize Interpress. They failed.

So the two formed a company: Adobe. You’ve heard of them? They started out with the idea of making laser printers, but eventually realized it would be a better idea to sell technology into other people’s laser printers and that’s where we get PostScript.

Early PostScript and the Birth of Desktop Publishing

PostScript is very much like Forth, with words made specifically for page layout and laser printing. There were several key selling points that made the system successful.

First, you could easily obtain the specifications if you wanted to write a printer driver. Apple decided to use it on their LaserWriter. Of course, that meant the printer had a more powerful computer in it than most of the Macs it connected to, but for $7,000 maybe that’s expected.

Second, any printer maker could license PostScript for use in their device. Why spend a lot of money making your own when you could just buy PostScript off the shelf?

Finally, PostScript allowed device independence. If you took a PostScript file and sent it to a 300 DPI laser printer, you got nice output. If you sent it to a 2400 DPI typesetter, you got even nicer output. This was a big draw since a rasterized image was either going to look bad on high-resolution devices or have a huge file system in an era where huge files were painful to deal with. Even a page at 300 DPI is fairly large.

If you bought a Mac and a LaserWriter you only needed one other thing: software. But since the PostScript spec was freely available, software was possible. A company named Aldus came out with PageMaker and invented the category of desktop publishing. Adding fuel to the fire, giant Lionotype came out with a typesetting machine that accepted PostScript, so you could go from a computer screen to proofs to a finished print job with one file.

If you weren’t alive — or too young to pay attention — during this time, you may not realize what a big deal this was. Prior to the desktop publishing revolution, computer output was terrible. You might mock something up in a text file and print it on a daisy wheel printer, but eventually, someone had to make something that was “camera-ready” to make real printing plates. The kind of things you can do in a minute in any word processor today took a ton of skilled labor back in those days.

Take Two

Of course, you have to innovate. Adobe did try to prompt Display PostScript in the late 1980s as a way to drive screens. The NeXT used this system. It was smart, but a bit slow for the hardware of the day. Also, Adobe wanted licensing fees, which had worked well for printers, but there were cheaper alternatives available for displays by the time Display PostScript arrived.

In 1991, Adobe released PostScript Level 2 — making the old PostScript into “Level 1” retroactively. It had all the improvements you would expect in a second version. It was faster and crashed less. It had better support for things like color separation and handling compressed images. It also worked better with oddball and custom fonts, and the printer could cache fonts and graphics.

Remember how releasing the spec helped the original PostScript? For Level 2, releasing it early caused a problem. Competitors started releasing features for Level 2 before Adobe. Oops.

They finally released PostScript 3. (And dropped the “Level”.) This allowed for 12-bit colors instead of 8-bit. It also supported PDF files.

PDF?

While PostScript is a language for controlling a printer, PDF is set up as a page description language. It focuses on what the page looks like and not how to create the page. Of course, this is somewhat semantics. You can think of a PostScript file as a program that drives a Raster Image Processor (RIP) to draw a page. You can think of a PDF as somewhat akin to a compiled version of that program that describes what the program would do.

Up to PDF 1.4, released in 2001, everything you could do in a PDF file could be done in PostScript. But with PDF 1.4 there were some new things that PostScript didn’t have. In particular, PDFs support layers and transparency. Today, PDF rules the roost and PostScript is largely static and fading.

What’s Inside?

Like we said, a PostScript file is a lot like a Forth program. There’s a comment at the front (%!PS-Adobe-3.0) that tells you it is a PostScript file and the level. Then there’s a prolog that defines functions and fonts. The body section uses words like moveto, lineto, and so on to build up a path that can be stroked, filled, or clipped. You can also do loops and conditionals — PostScript is Turing-complete. A trailer appears at the end of each page and usually has a command to render the page (showpage), which may start a new page.

A simple PostScript file running in GhostScript

A PDF file has a similar structure with a %PDF-1.7 comment. The body contains objects that can refer to pages, dictionaries, references, and image or font streams. There is also a cross-reference table to help find the objects and a trailer that points to the root object.  That object brings in other objects to form the entire document. There’s no real code execution in a basic PDF file.

If you want to play with PostScript, there’s a good chance your printer might support it. If not, your printer drivers might. However, you can also grab a copy of GhostScript and write PostScript programs all day. Use GSView to render them on the screen or print them to any printer you can connect to. You can even create PDF files using the tools.

For example, try this:

%!PS % Draw square 100 100 moveto 100 0 rlineto 0 100 rlineto -100 0 rlineto closepath stroke

% Draw circle 150 150 50 0 360 arc stroke

% Draw text "Hackaday" centered in the circle /Times-Roman findfont 12 scalefont setfont % Choose font and size (Hackaday) dup stringwidth pop 2 div % Calculate half text width 150 exch sub % X = center - half width 150 % Y = vertical center moveto (Hackaday) show

showpage

If you want to hack on the code or write your own, here’s the documentation. Think it isn’t really a programming language? [Nicolas] would disagree.

From Blog – Hackaday via this RSS feed

There’s just something about a satisfying “click” that our world of touchscreens misses out on; the only thing that might be better than a good solid “click” when you hit a button is if device could “click” back in confirmation. [Craig Shultz] and his crew of fine researchers at the Interactive Display Lab at the University of Illinois seem to agree, because they have come up with an ingenious hack to provide haptic feedback using readily-available parts.

An array of shapes showing some of the different possibilities for hapticoil soft buttons.

The “hapticoil”, as they call it, has a simple microspeaker at its heart. We didn’t expect a tiny tweeter to have the oomph to produce haptic feedback, and on its own it doesn’t, as finger pressure stops the vibrations easily. The secret behind the hapticoil is to couple the speaker hydraulically to a silicone membrane. In other words, stick the thing in some water, and let that handle the pressure from a smaller soft button on the silicone membrane. That button can be virtually any shape, as seen here.

Aside from the somewhat sophisticated electronics that allow the speaker coil to be both button and actuator (by measuring inductance changes when pressure is applied, while simultaneously driven as a speaker), there’s nothing here a hacker couldn’t very easily replicate: a microspeaker, a 3D printed enclosure, and a silicone membrane that serves as the face of the haptic “soft button”. That’s not to say we aren’t given enough info replicate the electronics; the researchers are kind enough to provide a circuit diagram in figure eight of their paper.

In the video below, you can see a finger-mounted version used to let a user feel pressing a button in virtual reality, which raises some intriguing possibilities. The technology is also demonstrated on a pen stylus and a remote control.

This isn’t the first time we’ve featured hydraulic haptics — [Craig] was also involved with an electroosmotic screen we covered previously, as well as a glove that used the same trick. This new microspeaker technique does seem much more accessible to the hacker set, however.

From Blog – Hackaday via this RSS feed