Long before electricity was a common household utility, humanity had been building machines to do many tasks that we’d now just strap a motor or set of batteries onto and think nothing of it. Transportation, manufacturing, agriculture, and essentially everything had non-electric analogs, and perhaps surprisingly, there were mechanical computers as well. Electronics-based computers are far superior in essentially every way, but the aesthetics of a mechanical computer are still unmatched, like this 8-bit machine built from K’nex.

More after the break…

The K’nex computer is built by [Shadowman39], and this first video features just the ALU. It can accept numbers from 0-255 or -128 to 127 and can add two of these numbers by storing them in registers using levers to represent each digit. A drive system underneath with a rack and pinion system operates on each digit, eventually outputting the sum. It can also perform other mathematical operations like subtraction and handling negative numbers using the two’s complement method.

Although this video only goes over the ALU for the mechanical computer, we look forward to [Shadowman39]’s future videos, which go over the other parts of the machine. The basics of the computer are shown in intricate detail. Mechanical computers like these, while generally built as passion projects and not as usable computers, are excellent ways to get a deeper understanding of their electronics-based cousins. Another way to dive deep into this sort of computing world is by building a relay computer.

In the auto world, there are lots of overarching standards that all automakers comply with. There are also lots of proprietary technologies that each automaker creates and uses for its own benefit. [Shehriyar Qureshi] has recently been diving into Suzuki’s Serial Data Line standard, and has created a digital dash using the data gained.

The project started with Python-based scanner code designed to decode Suzuki’s SDL protocol. Armed with the ability to read the protocol, [Shehriyar] wanted to be able to do so without having to haul a laptop around in the car. Thus, the project was ported to Rust, or “oxidized” if you will.

More after the break…

[Shehriyar] has installed the system in a Suzuki Baleno. The Raspberry Pi uses a VAG KKL interface to connect to the car via its OBD port and connect to the SDL line. It decodes this data, and processes it to pull out parameters like speed, RPM. It then drives an LCD display on the double-DIN stereo in the dash. A simple composite output allows the system to display live data while driving the vehicle. The UI uses the Ratatui library. The result is a display that both updates smoothly and rapidly. It has a great retro vibe that kind of reminds us of some interfaces seen in Hollywood movies. Despite being analog video, the results are pretty sharp.

We’ve seen a few great digital dashboards over the years.

Crazy news: Ratatui made it into a car dashboard suzui-rs — Suzuki Serial Data Line viewer in Rust Displays live car data, powered by Pi and shown on stereo over RCA Written in Rust & built with @ratatui.rs GitHub: github.com/thatdevsherr…#rustlang #ratatui #tui #car #suzuki

— Orhun Parmaksız (@orhun.dev) 2025-07-14T12:27:41.398Z

Here’s a fun project. Over on their YouTube page [Urban Circles] introduces Project Scribe.

The idea behind this project is that you can print out little life “receipts”. Notes, jokes, thoughts, anecdotes, memories. These little paper mementos have a physical reality that goes beyond their informational content. You can cut them up, organize them, scribble on them, highlight them, stick them on the wall, or in a scrapbook. The whole idea of the project is to help you make easier and better decisions every day by nudging you in the direction of being more mindful of where you’ve been and where you’re going.

The project is well documented on its GitHub page. The heart of the project is a thermal printer. These are the things that print the receipts you get from the store. You may need to conduct some research to find the best thermal paper to use; there are some hints and tips on this topic in the documentation. In addition to the thermal printer is a pretty stand to hold it and an Arduino board to drive it. Firmware for the Arduino is provided which will serve a basic web interface via WiFi.

If you build one, we’d love to hear how it goes. If it doesn’t work out, you can always fall back to using the thermal printer to level up your Dungeons and Dragons game.

Thanks to [Brittany L] for writing in about this one.

The human eye’s color perception is notoriously variable (see, for example, the famous dress), which makes it difficult to standardize colours. This is where spectrophotometers come in: they measure colours reliably and repeatably, and can match them against a library of standard colors. Unfortunately, they tend to be expensive, so when Hackaday’s own [Adam Zeloof] ran across two astonishingly cheap X-Rite/Pantone RM200 spectrophotometers on eBay, he took the chance that they might still be working.

They did work, but [Adam] found that his model was intended for testing cosmetics and only had a colour library of skin tones, whereas the base model had a full colour library. This was rather limiting, but he noticed that the only apparent difference between his model and the base model was a logo (that is, a cosmetic difference). This led him to suspect that only the firmware was holding his spectrophotometer back, so he began looking for ways to install the base unit’s firmware on his device.

He started by running X-Rite’s firmware updater. Its log files revealed that it was sending the device’s serial number to an update server, which responded with the firmware information for that device. To get around this, [Adam] tried altering the updater’s network requests to send a base unit’s serial number. This seemed promising, but he also needed a device-specific security key to actually download firmware. After much searching, he managed to find a picture of a base unit showing both the serial number and security key. After substituting these values into the requests, the updater had no problem installing the base model’s firmware.

[Adam] isn’t completely sure how accurate the altered system’s measurements are, but they seem to mostly agree with his own colour calibration swatches. It’s not absolutely certain that there are no hardware differences between the models, so there might be some unknown factor producing the few aberrant results [Adam] saw. Nevertheless, this is probably accurate enough to prove that one of his roommates was wrong about the color of a gaming console.

We’ve seen a few projects before that measure and replicate existing colors. The principle’s even used to detect counterfeit bills.

Here’s something fun from our hacker [Piers]: Software Defined ROMs.

In this series of three videos, [Piers] runs us through what a software defined ROM is, how to make them, and then how to use them.

As [Piers] explains, one frustration a retro technician will face is a failed ROM chip. In the era he’s interested in, there are basically three relevant kinds of ROM chip, all 24-pin Dual Inline Package (DIP):

• 2364 ROM chip: 8KB; 1x chip-select line
• 2332 ROM chip: 4KB; 2x chip-select lines
• 2316 ROM chip: 2KB; 3x chip-select lines

The chip-select line is how the processor indicates to a particular ROM chip that it should be active. When active, a ROM chip will read the value on the address lines and output the data at that address on the data lines.

With his software defined ROMs [Piers] implements the ROM behavior (converting requests on the address lines to results on the data lines) by using a microcontroller. As his ROM boards are software defined, they are eminently configurable, which means he can support all configurations of all three types of ROM.

[Piers] looks at some old ROM datasheets to get details about timing requirements. His functional requirements are that all three types of ROM can be emulated with a single hardware variant (the same microcontroller) with the same footprint (24-pin DIP), that they be hand-solderable, and cheap. Further technical requirements were that the solutions can all be implemented in software (no FPGA), requiring as few onboard components as possible, that the GPIOs be 5V tolerant, that a fast clock speed be available using the on-chip oscillator, that no more than two PCB layers are required, and that all SMD components are 0603 or larger.

He considered various microcontrollers, including PICO/RP2040/RP2350, ESP32, ATMEGA, PIC, STM32F1, and STM32F4. He really wanted the PICO because they are fast and powerful, but they don’t have 5V tolerant GPIOs, so he settled on the STM32F4 instead. He talks in detail about pin selection, PCB routing, and ROM preprocessing (mangling) for optimal performance. The chip loads its data from flash storage into RAM so it has reliable and deterministic performance characteristics. Provision is made for programming pins so the ROMs can be reprogrammed in-circuit.

When it comes to programming, [Piers] has implemented most things in hand-rolled assembly code. The reason, he says, is that he didn’t want variable implementations depending on the version of compiler used.

Now that you have a universal software defined ROM, all you need is a reliable ROM dumper.

The Z80 might be decades obsolete and a few years out of production, but it’s absolutely a case of “gone but not forgotten” in the hacker world. Case in point is SymbOS, a multitasking OS for Z80 machines by Amstrad, Sinclair, and the MSX2 family of computers that updated to version 4.0 earlier this year.

The best way to describe SymbOS is like looking at an alternate reality where Microsoft created Windows 95 ten years early to put on the MSX instead of the BASIC they were paid to provide. SymbOS 4.0 comes even further into alignment with that design language, with a new file explorer that looks a lot like Windows Explorer replacing (or supplementing) the earlier Midnight Commander style utility in version 3.

Thanks to the preemptive multitasking, you can listen to tracker music while organizing files and writing documents, and even play a port of DOOM. Chat with your friends on IRC while watching (low res) videos on SymboVid. If you’re looking for productivity, all the old business software written for CP/M can run in a virtual machine. There’s even an IDE if you can stand the compile times on what is, we have to remember, an 8-bit, 1980s machine. It’s hard to remember that while watching the demo video embedded below.

The operating system supports up to 1024 KB of RAM (in 64 KB chunks, of course) and file systems up to 2 TB, which is an absolutely bonkers amount of space for this era’s machines.  One enterprising dev has even got his CPC talking to ChatGPT, if that’s your jam. You can try SymbOS for free online on an MSX emulator, or toss it onto a spare Raspberry Pi.  If you’re feeling adventurous, there’s a port in the works for the Isetta TLL retrocomputer.

This isn’t the first modern OS we’ve featured for the Z80, the processor which will live forever in our hearts and tapeouts.

Thanks to [Manuel] for the tip.

Everything fails eventually, but moving parts fail fastest of all– and optical drives seemingly more than others, at least in our experience. Even when they work, vintage drives often have trouble with CD-R, and original media isn’t always easy to find. That’s why it’s so wonderful that [polpo]’s RP2040 ISA card, the PicoGUS 2.0, now supports CD-ROM emulation.

We covered PicoGUS when it first appeared as an ISA sound card,  and make no mistake, it can still emulate sound cards for retro-PC beeps and boops. It’s not just the Gravis Ultrasound (GUS) from which the project took its name, but Sound Blaster 2.0, MPU-401 for MIDI, Tandy 3-voice, and CMS/GameBlaster are all soft options. Like most sound cards back in the day, PicoGUS provides game port support as well.

We don’t recall sound cards that served as CD-ROM controllers, but apparently, that was a thing before IDE became the standard for optical drives. We do recall old CD-ROM drives that shipped with proprietary driver boards, and PicoGUS emulates Panasonic’s MKS standard, which apparently did show up on some sound cards. For the end-user, that doesn’t matter much: once it’s all set up using the open-source utilities (and appropriate drivers), you’ll have an optical drive sitting at D:.

There’s a USB port on the PicoGUS that lets you use a FAT32 formatted USB stick not as a CD drive, but a CD changer. You can access multiple disk images from the drive, selecting them with the utility software. There’s even a feature that lets you automatically advance to the next disk by removing and reinserting the drive, which is invaluable for multi-CD game installers. It’s not super speedy: in USB mode, expect it to run as fast as a 4x drive. (2x if the PicoGUS is emulating a Sound Blaster at the same time.) Considering that’s all with a single RP2040 in charge, it’s pretty fast. For a DOS box, it’s probably period appropriate, too.

The Almighty Algorithm reminded us about PicoGUS in a video by [vswitchero], which is embedded below for those of you who would like more information in the form of rapidly flickering images and sound.

Even within a single type of FDM filament there is an overwhelming amount of choice. Take for example Elegoo’s PETG filament offerings, which include such varieties like ‘Pro’ and ‘Rapid’. Both cost the same, but is there a reason to prefer one over the other, perhaps even just for specific applications? To test this, [Dr. Igor Gaspar] over at the My Tech Fun YouTube channel bought some spools of these two filaments and subjected both to a series of tests.

Obviously, the Rapid filament is rated for higher extrusion speeds – <270 vs <600 mm/s – while the website claims a higher required nozzle temperature that confusingly does not match those listed on the spool. There are quite a few differences in the listed specifications, including the physical and mechanical properties, which make it hard to draw any immediate conclusions. Could you perhaps just use Rapid PETG and forget about the Pro version?

Test objects were printed with a Bambu Lab P1P with an AMS unit. After calibrating the ideal temperature for each filament, a tensile break test gave a win to the Rapid PETG, followed by a layer adhesion test win. This pattern continued across further tests, with Rapid PETG either matching or beating the Pro PETG.

There are only two advantages of the Pro version that can be seen here, which are less moisture sensitivity and  stringing risk, and you of course get the luxury cardboard spool with the closed edges. Whether that’s enough to make you go ‘Pro’ remains to be seen, of course.

For as mysterious, fascinating, and beautiful as lightning is at a distance, it’s not exactly a peaceful phenomenon up close. Not many things are built to withstand millions of volts and tens to hundreds of thousands of amps. Unsurprisingly, there’s a huge amount of effort put into lightning protection systems for equipment and resources that need to be outside where thunderstorms sometimes happen. Although most of us won’t be building personal substations, church steeples, or city-scale water towers in our backyards, we might have a few radio antennas up in the air, so it’s a good idea to have some lightning protection and possibly an alert system like [Joe] built.

The start of this project came about when [Joe] noticed static on his crystal radio’s headset when there was a storm in the distance. When disconnecting the antenna in this situation, he also noticed sparks, and then thought that placing a neon lamp in the circuit would essentially allow those sparks to form in the lamp itself. The sparks only cause the neon to glow dimly, so a capacitor was added to allow the voltage to increase, making the sparks of light in the lamp more visible. These sparks are still quite dim, though, so two LEDs were added in series with opposite polarity, allowing one to detect negative charge and the other to detect positive.

With the LEDs installed in the circuit, it’s much more apparent when there are charged clouds around, and with the addition of an RF choke, [Joe] can use this circuit at the same time as his radio while also getting alerts about potential thunderstorm activity. This isn’t the only way to detect lightning strikes, though. There are plenty of other ways to get this job done, and we’ve even seen lightning detectors so sensitive that they can detect socks-on-carpet static discharges as well.

Thanks to [Charles] for the tip!

After getting a new car, [Solo Pilot] missed the automatic garage door opening and closing system their old car had. So they set about building their own, called GarageMinder. On the project page you will find a bill of materials, schematics, and some notes about the approach taken in various versions of the software. [Solo Pilot] also made the software available.

The basic hardware centers around a Raspberry Pi Zero W, but there are plans to switch to an ESP32. From the car side of things there are built-in continuous Bluetooth Low Energy (BLE) advertisement broadcasts, which the Raspberry Pi can detect. Building a reliable system on top of these unreliable signals is difficult and you can read about some of the challenges and approaches that were taken during development. This is a work in progress and additional techniques and approaches are going to be trialed in future.

If you’re interested in Bluetooth garage door openers be sure to read about using a Bluetooth headset as a garage door opener for your Android device.

The ZX Spectrum is perhaps most fondly remembered as a home computer and a games machine. [Tito] has grabbed the faithful black plastic box and turned it into a frequency counter as an innovative entry to our 2025 One Hertz Challenge.

The code was prepared in assembly using ZASM—a Z80 online assembler. It works in quite a simple manner. The code runs for one second at a time, counting rising edges on the EAR port of the ZX Spectrum. Those edges are added up to determine the frequency in question, and the job is done. [Tito] has tested the code and found it’s capable of reading frequencies up to 20 KHz. Since it runs on a one second period, it’s thus eligible for entry by meeting the requirements of the One Hertz Challenge. Code is available on Github for the curious.

The ZX Spectrum has a clock speed of 3.5 MHz, meaning it’s not exactly the tool of choice if you’re reading faster signals. We’ve seen similar done before. In any case, this project was a great way to exercise assembly coding skills and to bust out some classic Speccy hardware—and that’s always a good time. If you’ve got your own retrocomputer hacks brewing up in the lab, don’t hesitate to let us know!

Film maker [David Greelish] wrote in to let us know about his recent documentary: Before Macintosh: The Apple Lisa.

The documentary covers the life of the Apple Lisa. It starts with the genesis of the Lisa Project at Apple, covering its creation, then its marketing, and finally its cancellation. It then discusses the Apple Lisa after Apple, when it became a collectible. Finally the film examines the legacy of the Apple Lisa, today.

The Apple Lisa was an important step on the journey to graphical user interfaces which was a paradigm that was shifting in the early 1980s, contemporary with the Macintosh and the work at Palo Alto. The mouse. Bitmapped graphics. Friendly error messages. These were the innovations of the day.

Apple began work on the Lisa Project in October 1978 but most of its design goals changed after Steve Jobs and his team visited the Xerox Palo Alto Research Center (PARC) in November 1979. On January 19, 1983, the Apple Lisa computer was released by Apple. Two years later it was re-branded as the “Macintosh XL” and was converted to run the Mac system software. Ultimately, on August 1, 1986, the Macintosh XL (Apple Lisa) was cancelled, so as to not interfere with Macintosh sales.

But the Apple Lisa is not forgotten. These days they are collectibles which you can acquire for a few thousand dollars. They are considered a symbol and harbinger of the very significant shift to the graphical user interface which today is commonplace and perhaps even taken for granted.

There is a fun anecdote in the film about what we know today as OK/Cancel. In fact with the Apple Lisa that was originally Do It/Cancel, but it turned out many people read “Do It” as “dolt”, so during usability testing the users were asking “why is it calling me a dolt!?” Thus “Do It” became “OK”.

If you’re interested in the old Apple Lisa be sure to check out LisaGUI which is a browser-based emulator you can use to see what it used to be like.

Today in the submersibles department our hacker [Rupin Chheda] wrote in to tell us about their submarine project.

This sub is made from a few lengths of PVC piping of various diameters. There is an inflation system comprised of a solenoid and a pump, and a deflation system, also comprised of a solenoid and a pump. The inflation and deflation systems are used to flood or evacuate the ballast which controls depth. There are three pumps for propulsion and steering, one central pump for propulsion and two side pumps for directional control, allowing for steering through differential thrust. Power and control is external and provided via CAT6 cable.

We have covered various submarine projects here at Hackaday before and it is interesting to compare and contrast the designs. One sub we covered recently was this one made mostly from Lego. There are considerable differences in the approach to buoyancy, propulsion, steering, power, and control. Whereas the PVCSub uses separate ballast inflation and deflation systems the Lego sub uses one system that can be run forward or backward; whereas the PVCSub uses a pump for propulsion the Lego sub uses a magnetically coupled propeller; whereas the PVCSub uses differential thrust for steering the Lego sub uses a small propeller; whereas the PVCSub transmits power through external wires, the Lego sub has an onboard battery; and whereas the PVCSub uses the power wires for control the Lego sub is radio controlled.

Just goes to show that there are many ways to skin this particular kind of cat.

When asked ‘what makes you tick?’ the engineers at Vacheron Constantin sure know what to answer – and fast, too. Less than a year after last year’s horological kettlebell, the 960g Berkley Grand Complication, a new invention had to be worked out. And so, they delivered. Vacheron Constantin’s Solaria Ultra Grand Complication is more than just the world’s most complicated wristwatch. It’s a fine bit of precision engineering, packed with 41 complications, 13 pending patents, and a real-time star tracker the size of a 2-Euro coin.

Yes, there’s a Westminster chime and a tourbillon, but the real novelty is a dual-sapphire sky chart that lets you track constellations using a split-second chronograph. Start the chrono at dusk, aim your arrow at the stars, and it’ll tell you when a chosen star will appear overhead that night.

Built by a single watchmaker over eight years, the 36mm-wide movement houses 1,521 parts and 204 jewels. Despite the mad complexity, the watch stays wearable at just 45mm wide and 15mm thick, smaller than your average Seamaster. This is a wonder of analog computational mechanics. Just before you think of getting it gifted for Christmas, think twice – rumors are it’ll be quite pricey.

There’s a train vulnerability making the rounds this week. The research comes from [midwestneil], who first discovered an issue way back in 2012, and tried to raise the alarm.

Turns out you can just hack any train in the USA and take control over the brakes. This is CVE-2025-1727 and it took me 12 years to get this published. This vulnerability is still not patched. Here's the story: https://t.co/MKRFSOa3XY

— neils (@midwestneil) July 11, 2025

To understand the problem, we have to first talk about the caboose. The caboose was the last car in the train, served as an office for the conductor, and station for train workers to work out of while tending to the train and watching for problems. Two more important details about the caboose, is that it carried the lighted markers to indicate the end of the train, and was part of the train’s breaking system. In the US, in the 1980s, the caboose was phased out, and replaced with automated End Of Train (EOT) devices.

These devices were used to wirelessly monitor the train’s air brake system, control the Flashing Rear End Device (FRED), and even trigger the brakes in an emergency. Now here’s the security element. How did the cryptography on that wireless signal work in the 1980s? And has it been updated since then?

The only “cryptography” at play in the FRED system is a BCH checksum, which is not an encryption or authentication tool, but an error correction algorithm. And even though another researcher discovered this issue and reported it as far back as 2005, the systems are still using 1980s era wireless systems. Now that CISA and various news outlets have picked on the vulnerability, the Association of American Railroads are finally acknowledging it and beginning to work on upgrading.

Putting GitHub Secrets to Work

We’ve covered GitHub secret mining several times in this column in the past. This week we cover research from GitGuardian and Synacktiv, discovering how to put one specific leaked secret to use. The target here is Laravel, an Open Source PHP framework. Laravel is genuinely impressive, and sites built with this tool use an internal APP_KEY to encrypt things like cookies, session keys, and password reset tokens.

Laravel provides the encrypt() and decrypt() functions to make that process easy. The decrypt() function even does the deserialization automatically. … You may be able to see where this is going. If an attacker has the APP_KEY, and can convince a Laravel site to decrypt arbitrary data, there is likely a way to trigger remote code execution through a deserialization attack, particularly if the backend isn’t fully up to date.

So how bad is the issue? By pulling from their records of GitHub, GitGuardian found 10,000 APP_KEYs. 1,300 of which also included URLs, and 400 of those could actually be validated as still in use. The lesson here is once again, when you accidentally push a secret to Github (or anywhere on the public Internet), you must rotate that secret. Just force pushing over your mistake is not enough.

Fake Homebrew

There’s a case to be made that browsers should be blocking advertisements simply for mitigating the security risk that comes along with ads on the web. Case in point is the fake Homebrew install malware. This write-up comes from the security team at Deriv, where a MacOS device triggered the security alarms. The investigation revealed that an employee was trying to install Homebrew, searched for the instructions, and clicked on a sponsored result in the search engine. This led to a legitimate looking GitHub project containing only a readme with a single command to automatically install Homebrew.

The command downloads and runs a script that does indeed install Homebrew. It also prompts for and saves the user’s password, and drops a malware loader. This story has a happy ending, with the company’s security software catching the malware right away. This is yet another example of why it’s foolhardy to run commands from the Internet without knowing exactly what they do. Not to mention, this is exactly the scenario that led to the creation of Workbrew.

SQL Injection

Yes, it’s 2025, and we’re still covering SQL injections. This vulnerability in Fortinet’s Fortiweb Fabric Connector was discovered independently by [0x_shaq] and the folks at WatchTowr. The flaw here is the get_fabric_user_by_token() function, which regrettably appends the given token directly to a SQL query. Hence the Proof of Concept:

GET /api/fabric/device/status HTTP/1.1
Host: 192.168.10.144
Authorization: Bearer 123'//or//'x'='x

And if the simple injection wasn’t enough, the watchTowr write-up manages a direct Remote Code Execution (RCE) from an unauthenticated user, via a SQL query containing an os.system() call. And since MySQL runs as root on these systems, that’s pretty much everything one could ask for.

AI guided AI attacks

The most intriguing story from this week is from [Golan Yosef], describing a vibe-researching session with the Claude LLM. The setup is a Gmail account and the Gmail MCP server to feed spammy emails into Claude desktop, and the Shell MCP server installed on that machine. The goal is to convince Claude to take some malicious action in response to an incoming, unsolicited email. The first attempt failed, and in fact the local Claude install warned [Golan] that the email may be a phishing attack. Where this mildly interesting research takes a really interesting turn, is when he asked Claude if such an attack could ever work.

Claude gave some scenarios where such an attack might succeed, and [Golan] pointed out that each new conversation with Claude is a blank slate. This led to a bizarre exchange where the running instance of Claude would play security researcher, and write emails intended to trick another instance of Claude into doing something it shouldn’t. [Golan] would send the emails to himself, collect the result, and then come back and tell Researcher Claude what happened. It’s quite the bizarre scenario. And it did eventually work. After multiple tries, Claude did write an email that was able to coerce the fresh instance of Claude to manipulate the file system and run calc.exe. This is almost the AI-guided fuzzing that is inevitably going to change security research. It would be interesting to automate the process, so [Golan] didn’t have to do the busywork of shuffling the messages between the two iterations of Claude. I’m confident we’ll cover many more stories in this vein in the future.

Bits and Bytes

SugarCRM fixed a LESS code injection in an unauthenticated endpoint. These releases landed in October of last year, in versions 13.0.4 and 14.0.1. While there isn’t any RCE at play here, this does allow Server-Side Request Forgery, or arbitrary file reads.

Cryptojacking is the technique where a malicious website embeds a crypto miner in the site. And while it was particularly popular in 2017-2019, browser safeguards against blatant cryptojacking put an end to the practice. What c/side researchers discovered is that cryptojacking is still happening, just very quietly.

There’s browser tidbits to cover in both major browsers. In Chrome it’s a sandbox escape paired with a Windows NT read function with a race condition, that makes it work as a write primitive. To actually make use of it, [Vincent Yeo] needed a Chrome sandbox escape.

ZDI has the story of Firefox and a JavaScript Math confusion attack. By manipulating the indexes of arrays and abusing the behavior when integer values wrap-around their max value, malicious code could read and write to memory outside of the allocated array. This was used at Pwn2Own Berlin earlier in the year, and Firefox patched the bug on the very next day. Enjoy!

The old saying that the best way to learn is by doing holds as true for penetration testing as for anything else, which is why intentionally vulnerable systems like the Damn Vulnerable Web Application are so useful. Until now, however, there hasn’t been a practice system for penetration testing with drones.

The Damn Vulnerable Drone (DVD, a slightly confusing acronym) simulates a drone which flies in a virtual environment under the command of of an Ardupilot flight controller. A companion computer on the drone gives directions to the flight controller and communicates with a simulated ground station over its own WiFi network using the Mavlink protocol. The companion computer, in addition to running WiFi, also streams video to the ground station, sends telemetry information, and manages autonomous navigation, all of which means that the penetration tester has a broad yet realistic attack surface.

The Damn Vulnerable Drone uses Docker for virtualization. The drone’s virtual environment relies on the Gazebo robotics simulation software, which provides a full 3D environment complete with a physics engine, but does make the system requirements fairly hefty. The system can simulate a full flight routine, from motor startup through a full flight, all the way to post-flight data analysis. The video below shows one such flight, without any interference by an attacker. The DVD currently provides 39 different hacking exercises categorized by type, from reconnaissance to firmware attacks. Each exercise has a detailed guide and walk-through available (hidden by default, so as not to spoil the challenge).

This seems to be the first educational tool for drone hacking we’ve seen, but we have seen several vulnerabilities found in drones. Of course, it goes both ways, and we’ve also seen drones used as flying security attack platforms.

Homebrew bills itself as the package manager MacOS never had (conveniently ignoring MacPorts) but they leave the PPC crowd criminally under-served, to say nothing of the 68k gang. Enter [that-ben] with MR Browser, a simple utility to fetch software from Macintosh Repository for computers too old to hit up the website.

If you’re not familiar with Macintosh Repository, it is what it says on the tin: a repository of vintage Macintosh software, like Macintosh Garden but apparently less accessible to vintage machines.

There are two versions available, depending on the age of your machine. For machines running System 6, the appropriately-named MR Browser sys6 will run on any 68000 Mac in only 157 KB of and MacTCP networking. (So the 128K obviously isn’t going to cut it, but a Plus from ’86 would be fine.)

The other version, called MR Browser 68K, ironically won’t run on the 68000. It needs a newer processor (68020 or newer, up-to and including PPC) and TCP/IP networking. Anything starting from the Macintosh II or newer should be game; it’s looking for System 7.x upto the final release of Mac OS 9, 9.2.2.  You’ll want to give it at least 3 MB of RAM, but can squeak by on 1.6 MB if you aren’t using pictures in the chat.

Chat? Yes, perhaps uniquely for a software store, there’s a chat function. That’s not so weird when you consider that this program is meant to be a stand-alone interface for the Macintosh Repository website, which does, indeed, have a chat feature. It beats an uncaring algorithm for software recommendations, that’s for sure. Check it out in action in the demo video below.

It’s nice to see people still making utilities to keep the old machines going, even if coding on them isn’t always the easiest.  If you want to go online on with vintage hardware (Macintosh or otherwise) anywhere else, you’re virtually locked-out unless you use something like FrogFind.

Thanks to [PlanetFox] for the tip. Submit your own, and you may win fabulous prizes. Not from us, of course, but anything’s possible!

*

[Pat Deegan] from Psychogenic Technologies shows us two KiCad tips to save a million clicks, and he made a video to support it, embedded below.

In the same way that it makes sense for you to learn to touch type if you’re going to be using a computer a lot, it makes sense for you to put some thought and effort into your KiCad keyboard shortcuts keys, too.

In this video [Pat] introduces the keymap that he has come up with for the KiCad programs (schematic capture and PCB layout) and explains the rules of thumb that he used to generate his recommended shortcut keys, being:

• one handed operation; you should try to make sure that you can operate the keyboard with one hand so your other hand can stay on your mouse
• proximity follows frequency; if you use it a lot it should be close to hand
• same purpose, same place; across programs similar functions should share the same key
• birds of a feather flock together; similar and related functionality kept in proximate clusters
• typing trounces topography; if you have to use both hands for typing you have to take your hand off the mouse anyway so then it doesn’t really matter where on the keyboard the shortcut key is

You can find importable KiCad keymaps and customizable SVG cheatsheets in the downloads section.

[Pat]’s video includes some other tips and commentary, but for us the big takeaway was the keymaps. He’s also got a course that you can follow along with for free. And if you haven’t been keeping abreast of developments, KiCad is now at version 9, as of February this year.

What has 8 ARM cores, 8 GB of RAM, fits in a pocket, and runs NixOS? It’s no pi-clone SBC, but [MWLabs]’s smartphone– a OnePlus 6, to be precise.

The video embedded below, and the git link above, are [MWLabs]’s walk-through for loading the mobile version of Nix onto the cell phone, turning it into a tiny-screened Linux computer. He’s using the same flake on the phone as on his desktop, which means he gets all the same applications set up in the same way– talk about convergence. That’s an advantage to Nix in this application, compared to the usual Alpine-based PostMarketOS.

Of course some of the phone-like features of this pocket-computer are lacking: the SIM is detected, and he can text, but 4G is nonfunctional. The rear camera is also not there yet, but given that Mobile-NixOS builds on the work done by well-established PostMarketOS, and PostMarketOS’ testing version can run the camera, it’s only a matter of time before support comes downstream. Depending what you need a tiny Linux device for, the camera functionality may or may not be of particular interest. If you’re like us, the idea of a mobile device running Nix might just intrigue you,

Smartphones can be powerful SBC alternatives, after all.  You can even turn them into SBCs. As long as you don’t need a lot of GPIO, like for a server,a phone in hand might be worth two birds in the raspberry bush.