Whether you’re a kid or a nerdy adult, you’ll probably agree that the interactive exhibitions at the museum are the best. If you happened to get down to the Oregon Science Festival in the last couple of years, you might have enjoyed “Catch The Wave!”—a public education project to teach people about electromagnets and waves. Even better, [Justin Miller] has written up how he built this exciting project.

Catch The Wave! consists of four small tabletop cabinets. Each has physical controls and a screen, and each plays its role in teaching a lesson about electromagnets and sound waves, with a context of audio recording and playback.

The first station allows the user to power up an electromagnet and interact with it using paper clips. They can also see the effect it has on a nearby compass. The second illustrates how reversing current through an electromagnet can reverse its polarity, and demonstrates this by using it to swing a pendulum. The third station then ties this to the action of a speaker, which is effectively a fancy electromagnet—and demonstrates how it creates sound waves in this way. Finally, the fourth station demonstrates the use of a microphone to record a voice, and throws in some wacky effects for good fun.

If you’ve ever tried to explain how sound is recorded and reproduced, you’d probably have loved to had tools like these to do so. We love a good educational project around these parts, too.

hackaday.com/2024/10/04/intera…

Julian Assange è intervenuto all’Assemblea Parlamentare del Consiglio d’Europa (PACE), tenutasi a Strasburgo, con le sue prime dichiarazioni da uomo libero. Una testimonianza che ha spinto la quasi totalità dei parlamentari a riconoscere Assange come prigioniero politico “Signor Presidente, stimati membri dell’Assemblea parlamentare del Consiglio d’Europa, signore e signori. […]L’esperienza dell’isolamento per anni in una […]

freeassangeitalia.it/assange-a…

I’m sitting at a table writing this in the centre of a long and cavernous industrial building, the former print works of a local newspaper, I’m surrounded by hardware and software hackers working at their laptops, around me is a bustling crowd admiring a series of large projects on tables along the walls, and the ambient sound is one of the demoscene, chiptunes, 3D-printed guitars, and improbably hurdy-gurdy music. Laser light is playing on the walls, and even though it’s quite a journey from England to get here, I’m home. This is Hackfest Enschede, a two-day event in the Eastern Dutch city which by my estimation has managed the near-impossible feat of combining the flavour of both a hacker event and a maker faire all in one, causing the two distinct crowds to come together.

The Best Of Both Worlds, In One Place

To give an idea of what’s here it’s time for a virtual trip round the hall. I’ll start with the music, aside from the demosceners there’s Printstruments with a range of 3D-printedmusical instruments, and Nerdy Gurdy, as you may have guessed, that hacker hurdy-gurdy I mentioned. This is perhaps one of few places I could have seen a spontaneous jam session featuring a 3D-printed bass and a laser-cut hurdy-gurdy. Alongside them were the Eurorack synthesisers of Sound Force, providing analogue electronic sounds aplenty.

Competing with the musicians are the sounds of 8-bit gaming, as the Home Computer Museum are here with an array of Dutch computers including the Philips range, a Tulip PC, and the super-futuristic Holborn business computer. They’re joined by Atari Invasion, and I’m as always pleased to see youngsters discovering the machines my generation had at their age, for themselves. The more hacker side of the hardware community is here in force, with the local Fablab Saxion and Tkkrlab hackerspace. The Fablab had brought along a really neat Lego assembling robot derived from a 3D printer. Then there’s badge.team showing off their electronic event badges, and the ever-enthusiastic Mitch Altman bringing his soldering workshop. This representts only a snapshot of what’s here, I’ve also seen printing (the old-fashioned kind), combat robots, dancing corn starch, Yvo de Haas‘ robot tentacles, and Ubuntu Mobile, to name but a few others.

Can We Capture This, And Bottle It?

Such an array of cool stuff is always good to see, but my take-away from this event lies not on the tables at the hall. Instead it’s in the way that here they’ve managed to capture what was great about the early maker events, the raw edge of creativity before all the STEM and webshops selling blinky LEDs moved in, and maintain an attraction for people from the hacker community. I think the key to the success lies in combining the stuff described above with a more hacker-friendly set of talks, and oddly in the venue itself. Enschede is easy to get to but not somewhere that demands premium prices on everything, so going along wasn’t the deal-breaker that a more shiny event might have been.

It’s great to see an event’s first try draw to a close with a feeling of success, and we hope there will be another Hackfest to go to in Enschede next year. But I’m more interested to see whether this event may seed others, fresh new events trying a similar formula. I hope I’ll see you there.

What have you missed on Hackaday this week? Elliot Williams and Al Williams compare notes on their favorites from the week, and you are invited. The guys may have said too much about the Supercon badge this year — listen in for a few hints about what it will be about.

For hacks, you’ll hear about scanning tunneling microscopes, power management for small Linux systems, and lots of inertial measurement units. The guys talked about a few impossible hacks for consumer electronics, from hacking a laptop, to custom cell phones.

Of course, there are plenty more long-form articles of the week, including a brief history of what can go wrong on a spacewalk and how to get the lead out (of the ground). Don’t forget to take a stab at the What’s That Sound competition and maybe score a sweet Hackaday Podcast T-shirt.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

html5-player.libsyn.com/embed/…

Use this link to teleport a DRM-free MP3 to your location.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

• iTunes
• Spotify
• Stitcher
• RSS
• YouTube
• Check out our Libsyn landing page

Episode 291 Show Notes:

News:

• Supercon is almost here!

What’s that Sound?

• Do you know the sound? Let us know and get a chance at a coveted Hackaday Podcast T.

Interesting Hacks of the Week:

• Building A 3D Printed Scanning Tunneling Microscope
  
  • Cheap DIY Microscope Sees Individual Atoms
  • Homebrew Probe Tip Etcher Makes Amazingly Sharp Needles

  
  

• Creating Video Games With AI: A Mario Example
• Pi Zero Power Optimization Leaves No Stone Unturned
• Inside The F-4 Attitude Indicator
  
  • Retrotechtacular: Sychros Go to War and Peace

  
  

• Easily Build This IMU Array Sandbox
  
  • IMU Sensor Fusion

  
  

• Thinkpad 13 Gets NVMe Support With Three Jumpers

Quick Hacks:

• Elliot’s Picks:
  
  • MikroPhone – Open, Secure, Simple Smartphone
  • 2024 SAO Contest: We’ve Got SAOs For Your SAOs
  • Man-in-the-Middle PCB Unlocks HP Ink Cartridges

  
  

• Al’s Picks:
  
  • Blinking An LED Passively
  • 3D Printed Jellyfish Lights Up
  • Add USB-C To Your AirPods The Easy Way

  
  

Can’t-Miss Articles:

• Polaris Dawn, And The Prudence Of A Short Spacewalk
• Mining And Refining: Lead, Silver, And Zinc

hackaday.com/2024/10/04/hackad…

We might consider PCB panels as simply an intermediate step towards getting your PCBs manufactured on the scale of hundreds. This is due to, typically, an inability to run traces beyond your board – and most panel generators don’t give you the option, either. However, if you go for hand-crafted panels or modify a KiKit-created panel, you can easily add extra elements – for instance, why not add vias in the V-Cut path to preserve electrical connectivity between your boards?

[Adam Gulyas] went out and tried just that, and it’s a wonderfully viable method. He shows us how to calculate the via size to be just right given V-Cut and drilling tolerances, and then demonstrates design of an example board with discrete component LED blinkers you can power off a coin cell. The panel gets sent off to be manufactured and assembled, but don’t break the boards apart just yet — connect power to the two through-hole testpoints on the frame, and watch your panel light up all at once.

It’s a flashy demonstration – even more so once you put light-diffusing spheres on top of the domes. You could always do such a trick with mousebites, but you risk having the tracks tear off the board, and, V-Cuts are no doubt the cleanest way to panelize – no edge cleaning is required after breaking the boards apart. Want to learn about panel design? We’ve written and featured multiple guides for you over the years.

hackaday.com/2024/10/04/v-cut-…

Up first this week is a warning for the few of us still brave enough to host our own email servers. If you’re running Zimbra, it’s time to update, because CVE-2024-45519 is now being exploited in the wild.

That vulnerability is a pretty nasty one, though thankfully requires a specific change from default settings to be exposed. The problem is in postjournal. This logging option is off by default, but when it’s turned on, it logs incoming emails. One of the fields on an incoming SMTP mail object is the RCPT TO: field, with the recipients made of the to, cc, and bcc fields. When postjournal logs this field, it does so by passing it as a bash argument. That execution wasn’t properly sanitized, and wasn’t using a safe call like execvp(). So, it was possible to inject commands using the $() construction.

The details of the attack are known, and researchers are seeing early exploratory attempts to exploit this vulnerability. At least one of these campaigns is attempting to install webshells, so at least some of those attempts have teeth. The attack seems to be less reliable when coming from outside of the trusted network, which is nice, but not something to rely on.

New Tool Corner

What is that binary doing on your system? Even if you don’t do any security research, that’s a question you may ask yourself from time to time. A potential answer is WhoYouCalling. The wrinkle here is that WYC uses the Windows Event Tracing mechanism to collect the network traffic strictly from the application in question. So it’s a Windows only application for now. What you get is a packet capture from a specific executable and all of its children processes, with automated DNS capture to go along.

DNS Poisoning

Here’s a mystery. The folks at Assetnote discovered rogue subdomains from several of their customers, showing up with seemingly random IP addresses attached. A subdomain like webproxy.id.customer.vn might resolve with 10 different addresses, when querying on alibabadns.com.

That turned out to be a particularly important clue. These phantom subdomains were all linked to the Chinese Internet in some way, and it turns out that each subdomain had some interesting keyword in it, like webproxy or VPN. This seems to be a really unique way to censor the Internet, as part of the Chinese Great Firewall. The problem here is that the censorship can escape, and actually poison DNS for those subdomains for the rest of the Internet. And because sometimes the semi-random IPs point at things like Fastly CDN or old cPanel installs. A bit of legwork gets you the equivalent of subdomain takovers. Along with the story, Assetnote have shared a tool to check domains for this issue.

Virtual Name Tags Bring the Creep Factor

What do you get when you combine Internet-connected smart glasses with LLM doing facial recognition? The optimistic opinion is that you get virtual nametags for everybody you meet. I’ve played a video game or two that emulates that sort of ability. Taking a bit more cynical and realistic view, this auto-doxxing of everyone in public strays towards dystopian.

perfctl

There’s a newly discovered Linux malware, perfctl, that specializes in stealth, combined with Monero mining. The malware is also used to relay traffic, as well as install other malware in compromised machines. The malware communicates over TOR, and uses some clever tricks to avoid detection. Log in to a compromised machine, and the Monero mining stops until you log back out.

The malware is particularly difficult to get rid of, and as always, the best solution is to carefully back up and then wipe the affected machine. One of the tells to look for is a machine that’s hard charging when it has no business being spun up to 100% CPU usage, and then when you log in and look for the culprit, it drops to normal.

Bits and Bytes

[nv1t] found a kid’s toy, the Kekz Headphones, and they just begged to be taken apart. This toy has a bunch of audio on an SD Card, and individual NFC-enabled tokens that triggers playback of the right file. This one is interesting from an infosec perspective, because the token actually supplies the encryption key for the file playback, making it a nominally secure system. After pulling everything apart, it became apparent that the encryption wasn’t up to the task, with only about 56 possible keys for each file.

Something we’ve continually talked about is how the subtle mismatches in data parsing often lead to vulnerabilities. [Mahmoud Awali] has noticed this, too, and decided to put together a comparison of how different languages handle HTTP parameters. Did you know that Ruby uses the semicolon as a parameter delimiter? There are a bunch of quirks like this, and this is the sort of material that you’ll need to find that next big vulnerability.

And finally, speaking of Ruby, are you familiar with Ruby’s class pollution category of vulnerabilities? It’s akin to Python and JavaScript’s prototype pollution, and not entirely unlike Java’s deserialization issues. If Ruby is your thing, go brush up on how to avoid this particular pitfall.

hackaday.com/2024/10/04/this-w…

“Uzeda – Do it yourself” è un docufilm, realizzato dalla regista Maria Arena (e prodotto da DNA audiovisivi e dalla casa di produzione indipendente Point Nemo) che racconta la storia degli Uzeda, fondamentale alternative/math/noise rock band italiana, formatasi nel 1987, che ha tracciato il proprio percorso musicale senza scinderlo da quello umano, fortemente etico.... @Musica Agorà

iyezine.com/uzeda-arriva-nei-c…

Uzeda, arriva nei cinema il docufilm "Do it yourself"

Uzeda, arriva nei cinema il docufilm "Do it yourself" - "Uzeda - Do it yourself" è un docufilm, realizzato dalla regista Maria Arena (e prodotto da DNA audiovisivi e dalla casa di produzione indipendente Point Nemo) che racconta la storia degli Uzeda…

^{Reverend Shit-Man (In Your Eyes ezine)}

Monos : la realtà vuole però che la band nasca da una folgorazione (probabilmente non di origine divina) avuta da Mr. Bonobo e Mr. Gorilla rispettivamente alla chitarra e alla batteria. La loro prima uscita è datata 2019 mentre il nuovo album è alle porte.

@Musica Agorà

iyezine.com/monos-road-to-perv…

Monos - "Road to Perversion" e quattro chiacchiere

Monos - "Road to Perversion" e quattro chiacchiere - Monos : la realtà vuole però che la band nasca da una folgorazione (probabilmente non di origine divina) avuta da Mr. Bonobo e Mr. Gorilla rispettivamente alla chitarra e alla batteria.

^{Claudio Frandina (In Your Eyes ezine)}

I Khost sono un pianeta oscuro che vaga per lo spazio cerebrale mietendo vittime, portando con sé un rumorismo molto potente, e fatto di industrial, doom, drone, dark ambient, nosie geneticamente modificato e molto di più.
@Musica Agorà

iyezine.com/khost-many-things-…

Khost - Many Things Afflict Us Few Things Console Us

Khost - Many Things Afflict Us Few Things Console Us - I Khost sono un pianeta oscuro che vaga per lo spazio cerebrale mietendo vittime, portando con sé un rumorismo molto potente, e fatto di industrial, doom, drone, dark ambient, nosie geneticamente…

^{Massimo Argo (In Your Eyes ezine)}

storicang.it/foto-del-giorno/s…

@Storia
@Storiaweb

La spia che si finse donna per venti anni

Shi Pei Pu fu un cantante lirico cinese che lavorava come spia. Fin qui niente di strano, se non fosse perché si finse donna e diventò l'amante di un diplomatico francese per ben venti anni.

^{Abel G.M. (National Geographic Storica)}