When you think of printing on paper, you probably think of an ink jet or a laser printer. If you happen to think of a thermal printer, we bet you think of something like a receipt printer: fast and monochrome. But in the last few decades, there’s been a family of niche printers designed to print snapshots in color using thermal technology. Some of them are built into cameras and some are about the size of a chunky cell phone battery, but they all rely on a Polaroid-developed technology for doing high-definition color printing known as Zink — a portmanteau of zero ink.

For whatever reason, these printers aren’t a household name even though they’ve been around for a while. Yet, someone must be using them. You can buy printers and paper quite readily and relatively inexpensively. Recently, I saw an HP-branded Zink printer in action, and I wasn’t expecting much. But I was stunned at the picture quality. Sure, it can’t print a very large photo, but for little wallet-size snaps, it did a great job.

The Tech

Polaroid was well known for making photographic paper with color layers used in instant photography. In the 1990s, the company was looking for something new. The Zink paper was the result. The paper has three layers of amorphochromic dyes. Initially, the dye is colorless, but will take on a particular color based on temperature.

The key to understanding the process is that you can control the temperature that will trigger a color change. The top layer of the paper requires high heat to change. The printer uses a very short pulse, so that the top layer will turn yellow, but the heat won’t travel down past that top layer.

The middle layer — magenta — will change at a medium heat level. But to get that heat to the layer, the pulse has to be longer. The top layer, however, doesn’t care because it never gets to the temperature that will cause it to turn yellow.

The bottom layer is cyan. This dye is set to take the lowest temperature of all, but since the bottom heats up slowly, it takes an even longer pulse at the lower temperature. The top two layers, again, don’t matter since they won’t get hot enough to change. A researcher involved in the project likened the process to fried ice cream. You fry the coating at a high temperature for a short time to avoid melting the ice cream. Or you can wait, and the ice cream will melt without affecting the coating.

The pulses range from about 500 microseconds for yellow up to 10 milliseconds for cyan. The dyes need to not erroneously react to, say, sunlight, so the temperature targets ranged from 100 °C to 200 °C. A solvent melts at the right temperature and causes the dye to change color. So, technically, the dye doesn’t change color with heating. The solvent causes it to change color, and the heat releases the solvent.

It works well, as you can see in the short clip below. There’s no audio, but the printer does make a little grinding noise as it prints:

youtube.com/embed/mxcW8Ul9bZM?…

The History

Zink started as research from Polaroid. The company’s instant film used color dyes that diffuse up to the surface unless blocked by a photosensitive chemical. The problem is that diffusion is difficult to control, so they were interested in finding another alternative.

Chemists at Polaroid had the idea of using a colorless chemical until exposed to light. They would eventually give up in the 1980s, but revisited the idea in the 1990s when digital photography started eroding their market share.

One program designed to save the company was to build a portable printer, and the earlier research on colorless dyes came back around. Thermal print heads were already available. You only needed a paper showing different colors based on some property the print head could control.

The team had success in the early 2000s. A 2″ x 3″ print required 200 million pulses of heat, but the results were impressive, although not quite as good as they needed to be for a commercial device. Unfortunately, in 2001, Polaroid filed for bankruptcy. The company changed hands a few times until the new owner decided it was too expensive to continue researching the new printer technology.

A New Hope

The people driving the project knew they had to find a buyer for the technology if they wanted to continue. Many companies were interested in a finished product, but not as interested in a prototype.

They were using a modified but existing thermal printer from Alps to demonstrate the technology, and when they showed it to Alps, they immediately signed on as a partner to make the hardware. This was enough to persuade an investor to step up and pull the company out of what was left of Polaroid.

Calibration

Of course, there were trials, but the new company, Zink Imaging, managed to roll out a commercially viable product. One problem solved was dealing with the slightly different paper between batches. The answer was to have each pack of paper have a barcode on the first sheet that the printer uses to calibrate itself.

Zink’s business model involves selling the paper it makes. It licenses its technology to companies like Polaroid, Dell, Kodak, and HP, which then have the usual manufacturing partners build the printers. Search your favorite retailer for “zink printer” and you’ll find plenty of options. The 2″ x 3″ paper is still popular, although you can get 4″ x 6″ printers, too.

Of course, saying it is inkless isn’t really true. The “ink” is in the paper and, as you might expect, the paper isn’t that cheap. On the other hand, inkjet ink is also expensive, and you don’t have to worry about a printer clogging up if it is unused for a few months.

More…

One of many internal photos in the FCC filing
While Skymall no longer sells from airplanes, their YouTube channel shows a high-level view of how the printer works in a video, which you can see below.

If you were hoping for a teardown, check out the FCC filings to find plenty of internal pictures (we’ve mentioned how to do this before).

We are always surprised these aren’t more common. Do you have one of these printers? Let us know in the comments. The best use we’ve seen of one of these was in a fake Polaroid camera. If you really want nostalgic photography, break out your 3D printer.

youtube.com/embed/iQYVQlhMbKo?…

hackaday.com/2025/03/31/zink-i…

Let’s say you had a SNES with a busted CPU. What would you do? Your SNES would be through! That is, unless, you had a replacement based on an FPGA. [leonllr] has been developing just such a thing.

The project was spawned out of necessity. [leonllr] had purchased a SNES which was struck down with a dead CPU—in particular, a defective S-CPU revision A. A search for replacements only found expensive examples, and ones that were most likely stripped from working machines. A better solution was necessary.

Hence, a project to build a replacement version of the chip using the ICE40HX8K FPGA. Available for less than $20 USD, it’s affordable, available, and has enough logic cells to do the job. It’s not just a theoretical or paper build, either. [leonllr] has developed a practical installation method to hook the ICE40HX8K up to real hardware, which uses two flex PCBs to go from the FPGA mainboard to the SNES motherboard itself. As for the IP on the FPGA, the core of the CPU itself sprung from the SNESTANG project, which previously recreated the Super Nintendo on Sipeed Tang FPGA boards. As it stands, boards are routed, and production is the next step.

It’s nice to see classic hardware resurrected by any means necessary. Even if you can’t get a whole bare metal SNES, you might be able to use half of one with a little help from an FPGA. We’ve seen similar work on other platforms, too. Meanwhile, if you’re working to recreate Nintendo 64 graphics chips in your own basement, or something equally weird, don’t hesitate to let us know!

hackaday.com/2025/03/31/a-snes…

In Ubuntu Linux sono stati scoperti tre metodi per aggirare le restrizioni relative allo spazio dei nomi utente, consentendo ad aggressori locali di aumentare i privilegi sul sistema. Sebbene sia stata messa in atto una protezione per prevenire questo tipo di attacco, per gli specialisti di Qualys questo è stato possibile utilizzando vari metodi e gli strumenti standard del sistema.

Le restrizioni sullo spazio dei nomi sono state introdotte in Ubuntu 23.10 e sono diventate abilitate per impostazione predefinita nella versione 24.04. Si basano sul meccanismo AppArmor e mirano a impedire la creazione di namespace con diritti amministrativi da parte di utenti comuni. Ricordiamo che lo spazio dei nomi consente di eseguire processi con privilegi di root all’interno di un ambiente isolato senza disporre degli stessi diritti sul sistema host.

Questi tre modi di bypass consentono di creare uno spazio dei nomi con pieni poteri di amministratore, ma senza fornire il controllo totale sul sistema. Il pericolo di questi metodi è che possono essere combinati con altre vulnerabilità del kernel che richiedono privilegi elevati per essere sfruttate.

Il primo metodo utilizza l’utilità aa-exec, progettata per eseguire programmi con uno specifico profilo AppArmor. Alcuni profili, come Trinity, Chrome e Flatpak, non impediscono la creazione di namespace privilegiati. Eseguendo il comando unshare tramite aa-exec con tale profilo è possibile aggirare la protezione.

Il secondo metodo prevede l’utilizzo della shell busybox, installata di default nelle edizioni server e desktop di Ubuntu. Il profilo di sicurezza per busybox consente di creare namespace personalizzati senza restrizioni. L’avvio di una shell tramite busybox apre una via per aggirare la protezione.

Il terzo metodo si basa sull’uso della variabile d’ambiente LD_PRELOAD, con la quale è possibile iniettare la libreria in un processo attendibile. Ad esempio, l’esecuzione di una shell interattiva all’interno del file manager Nautilus che dispone di un profilo AppArmor gratuito consente l’accesso allo spazio dei nomi con privilegi.

Il 15 gennaio Qualys ha informato il team di sicurezza di Ubuntu della scoperta, concordando una diffusione coordinata. Tuttavia, uno dei bypass relativi a busybox è stato pubblicato da un ricercatore indipendente il 21 marzo. Canonical ha riconosciuto i problemi e ha affermato di non considerarli vulnerabilità, bensì difetti nel suo meccanismo di sicurezza. Pertanto, gli aggiornamenti verranno rilasciati secondo il programma consueto, senza soluzioni di emergenza.

Il forum ufficiale di Ubuntu ha suggerito raccomandazioni per gli amministratori che desiderano migliorare la propria sicurezza. Tra loro:

• Attivazione del parametro kernel.apparmor_restrict_unprivileged_unconfined=1;
• disabilitare i profili troppo liberi per busybox e Nautilus;
• utilizzo di un profilo più rigido per il bwrap, se utilizzato.
• Utilizzo dell’utilità aa-status per identificare e disabilitare profili AppArmor potenzialmente pericolosi.

L'articolo Ubuntu a rischio: scoperte 3 tecniche per aggirare la sicurezza e ottenere privilegi di root! proviene da il blog della sicurezza informatica.

Are you eager to get your feet wet in the keyboard surf, but not quite ready to stand up and ride the waves of designing a full-size board? You should paddle out with a macro pad instead, and take on the foam face-first and lying down.

Image by [Robert Feranec] via Hackaday.IOLuckily, you have a great instructor in [Robert Feranec]. In a series of hour-long videos, [Robert] guides you step by step through each part of the process, from drawing the schematic, to designing a PCB and enclosure, to actually putting the thing together and entering a new world of macros and knobs and enhanced productivity.

Naturally, the fewer keys and things you want, the easier it will be to build. But [Robert] is using the versatile Raspberry Pi 2040, which has plenty of I/O pins if you want to expand on his basic plan. Not ready to watch the videos? You can see the schematic and the 3D files on GitHub.

As [Robert] says, this is a great opportunity to learn many skills at once, while ending up with something terrifically useful that could potentially live on your desk from then on. And who knows where that could lead?

Holy Leather Work, Batman!

[Notxtwhiledrive] had long wanted to design a keyboard from scratch, but could never think of a compelling concept from which to get going. Then one day while doing some leather work, it dawned on him to design a portable keyboard much the same way as he would a wallet.

Image by [Notxtwhiledrive] via redditThe result? A stunning keyboard wallet that can go anywhere and may outlast most of us. The Wallet42 is based on the FFKB layout by Fingerpunch. This hand-wired unibody split uses the Supermini nRF52840 microcontroller with ZMK firmware and rests inside 2 mm-thick chrome-tanned leather in chocolate and grey.

Switch-wise, it has Otemu low-profile reds wearing TPU keycaps. [Notxtwhiledrive] is thinking about making a hot swap version before open-sourcing everything and/or taking commissions. Even better, he apparently recorded video throughout the process and is planning to upload a video about designing and building this beautiful board.

The Centerfold: Levels, the Prototype

Image by [timbetimbe] via redditAt the risk of dating myself, this ’80s kid definitely appreciates the aesthetic of Levels, a new prototype by redditor [timbetimebe]. This is a centerfold because look at it, but also because there is like basically no detail at this time. But watch this space.

Do you rock a sweet set of peripherals on a screamin’ desk pad? Send me a picture along with your handle and all the gory details, and you could be featured here!

Historical Clackers: the Secor

When we last left Historical Clackers, we examined the Williams machine with its curious grasshopper-like type bars. If you’ll recall, the Williams Typewriter Company was acquired by Jerome Burgess Secor, a former superintendent of the Williams Typewriter Company.
Image via The Antikey Chop
Secor, an inventor in his own right, began working at Williams in 1899. By 1902, he was filing typewriter patents for frontstrike machines that looked nothing like the Williams grasshopper number. By the summer of 1910, Secor took over the failed company.

Though radically different, the Secor typewriters were not radically better than the Williams grasshopper. And though the typist could see more with the Secor, the only real hype surrounded the removable, interchangeable escapement.

The Secor Company produced about 7,000 machines between three models, one with a wide carriage. Between the impending war, competition, and alleged labor issues, the writing was on the wall for the Secor Company, and it folded in 1916.

But you shouldn’t feel sorry for Mr. Secor. His main wheelhouse was mechanical toy and sewing machine manufacture. He did well for himself in these realms, and those items are far more sought after by collectors than his typewriters, interestingly enough.

Finally, a Quick Guide to Cleaning That Awful Keyboard Of Yours

Oh, I’m pointing one finger back at myself, trust me. You should see this thing. I really should go at it with the compressor sometime soon. And I might even take all the steps outlined in this keyboard deep-cleaning guide by [Ben Smith].

[Ben] estimates that this exercise will take 30 minutes to an hour, but also talks about soaking the keycaps, so (in my experience) you can add several hours of drying time to that ballpark. Plan for that and have another keyboard to use.

Apparently he has two cats that sit directly on the keyboard at every opportunity. I’m not so lucky, so although there is definitely cat hair involved, it doesn’t blanket the switch plate or anything. But you should see [Ben]’s keyboard.

Click to judge [Ben] for his dirty keyboard. Then go de-cap yours, ya filthy animal. Image by [Ben Smith] via Pocket-lintSo basically, start by taking a picture of it so you can reassemble the keycaps later. He recommends looking up the key map online; I say just take a picture. You’re welcome. Then you should unplug the thing or power it down. Next up is removing the keycaps. This is where I would take it out to the garage and use the ol’ pancake compressor, or maybe just use the vacuum cleaner turned down low with the brushy attachment. But [Ben] uses canned air. Whatever you’ve got.

Everyone enjoys a nice shower now and then. Image by [Ben Smith] via Pocket-lintFor any hangers-on, bust out an old toothbrush and go to town on those browns. This is as good a time as any to put your keycaps in a bowl with some warm water and a bit of dish soap.

My suggestion — if they’re super gross, put them in something with a lid so you can shake the whole concoction around and knock the dirt off with force.

After about half an hour, use a colander to strain and drain them while rinsing them off. Then let them get good and dry, and put your board back together.

Enjoy the feeling of non-oily keycaps and the sound of full thock now that the blanket of cat hair has been lifted. Rejoice!

Got a hot tip that has like, anything to do with keyboards? Help me out by sending in a link or two. Don’t want all the Hackaday scribes to see it? Feel free to email me directly.

hackaday.com/2025/03/31/keebin…

Specialisti di Wiz Research hanno scoperto delle vulnerabilità su Ingress-Nginx per Kubernetes. I bug consentono a un aggressore di eseguire da remoto codice arbitrario e di ottenere il controllo completo del cluster. Gli esperti stimano che su Internet siano state scoperte più di 6.500 entry point vulnerabili, tra cui quelle di aziende Fortune 500.

I controller di Kubernetes fungono da collegamento tra il mondo esterno e le applicazioni all’interno del cluster. Elaborano oggetti in ingresso, ovvero regole che descrivono quale traffico HTTP/S esterno deve essere indirizzato e dove. Ingress-Nginx è uno dei controller più comuni basati sul server web Nginx. Converte automaticamente le descrizioni degli oggetti in ingresso nei file di configurazione Nginx e reindirizza il traffico ai servizi richiesti.

Questo vulnerabilità ha a che fare con il modo in cui Ingress-Nginx gestisce tali configurazioni. Il controllor è responsabile della verifica dei parametri di configurazione. Quando riceve un oggetto in ingresso, genera una configurazione Nginx e la passa al validatore per la verifica. È qui che è stato scoperto il bug: è possibile iniettare una configurazione dannosa che consentirà l’esecuzione di codice arbitrario direttamente all’interno del pod in cui è in esecuzione il controller.

Ciò che è particolarmente pericoloso è che il controller ha per impostazione predefinita ampi privilegi e accesso a tutti gli spazi dei nomi all’interno del cluster. Un attacco riuscito consente all’hacker non solo di eseguire il proprio codice, ma anche di ottenere l’accesso a tutti i segreti, compresi i dati sensibili delle applicazioni e dei componenti di sistema.

La vulnerabilità più pericolosa è il CVE-2025-1974 (Punteggio CVSS: 9,8). La falla consente l’esecuzione di codice remoto sul controller tramite un oggetto di ingresso appositamente creato. Altre vulnerabilità sono: CVE-2025-1097 , CVE-2025-1098 e il CVE-2025-24514 che hanno tutti punteggio CVSS di 8,8. Il problema “più semplice” è il CVE-2025-24513 con score CVSS: 4,8.

Alle vulnerabilità è stato dato il nome collettivo IngressNightmare. Wiz ha informato gli sviluppatori della scoperta alla fine del 2024. Le patch sono state rilasciate il 10 marzo 2025, ma i dettagli non sono stati ancora rivelati. Le versioni di Ingress-Nginx che hanno riscontrato problemi sono 1.12.1 e 1.11.5. disponibile per il download.

Esiste il rischio che non tutti gli amministratori aggiorneranno i propri cluster in tempo. Kubernetes viene spesso utilizzato per ospitare applicazioni aziendali critiche e l’aggiornamento dei componenti può rivelarsi un’attività complessa. In questi casi, Wiz consiglia di disabilitare temporaneamente il componente del controller di ammissione o di limitarne l’accesso tramite rete, consentendone l’accesso solo dal server API Kubernetes.

L'articolo IngressNightmare e Allarme Kubernetes: Bug Critici su Ingress-Nginx Espongono 6.500 Cluster! proviene da il blog della sicurezza informatica.

La Cybersecurity and Infrastructure Security Agency (CISA) ha emesso un avviso di sicurezza critico riguardante una vulnerabilità di bypass dell’autenticazione nei sistemi FortiOS e FortiProxy di Fortinet. La vulnerabilità, identificata come CVE-2025-24472, è attualmente sfruttata attivamente in campagne ransomware, rendendola una minaccia significativa per le organizzazioni che utilizzano questi prodotti.

Pertanto è importante assicurarsi che i prodotti Fortinet siano correttamente aggiornati e in caso contrario procedere con l’applicazione delle patch.

La falla di sicurezza, che ha ottenuto un punteggio CVSS di 8,1, consente ad aggressori remoti di ottenere privilegi di super amministratore attraverso richieste proxy CSF contraffatte, senza richiedere l’interazione dell’utente. Secondo l’avviso pubblicato da Fortinet: “Una vulnerabilità di bypass dell’autenticazione mediante un percorso o canale alternativo che interessa FortiOS e FortiProxy potrebbe consentire a un aggressore remoto di ottenere privilegi di super amministratore tramite richieste proxy CSF contraffatte.”

Versioni Interessate e implicazioni del bug di sicurezza

Questa vulnerabilità riguarda le seguenti versioni dei prodotti Fortinet:

• FortiOS: dalla versione 7.0.0 alla 7.0.16
• FortiProxy: dalla versione 7.0.0 alla 7.0.19 e dalla 7.2.0 alla 7.2.12

Uno sfruttamento riuscito di questa vulnerabilità potrebbe fornire agli attaccanti pieno accesso amministrativo ai sistemi compromessi. Le potenziali conseguenze includono:

• Creazione di account amministrativi non autorizzati
• Modifica delle policy del firewall
• Accesso non autorizzato alle VPN SSL, consentendo agli aggressori di infiltrarsi nelle reti interne

Questo livello di compromissione rende la vulnerabilità particolarmente pericolosa, soprattutto nel contesto delle operazioni ransomware.

Mitigazioni e Patch Disponibili

La CISA ha invitato tutte le organizzazioni a implementare immediatamente le misure di mitigazione suggerite dal fornitore. Fortinet ha rilasciato le seguenti patch per correggere la vulnerabilità:

• FortiOS: aggiornato alla versione 7.0.17 o successive
• FortiProxy: aggiornato alle versioni 7.0.20 o 7.2.13 o successive

Per le organizzazioni che non possono applicare subito l’aggiornamento, Fortinet raccomanda di:

• Disabilitare l’interfaccia amministrativa HTTP/HTTPS
• Implementare restrizioni basate su IP tramite policy di ingresso locale
• Monitorare i registri per individuare attività sospette, come accessi amministrativi inspiegabili o la creazione di account amministrativi con nomi utente casuali

L’Importanza del Catalogo KEV di CISA

La vulnerabilità CVE-2025-24472 è stata inserita nel catalogo KEV (Known Exploited Vulnerabilities) del CISA, una lista di vulnerabilità confermate come sfruttate attivamente. Il CISA raccomanda a tutte le organizzazioni di dare priorità alla correzione delle vulnerabilità presenti nel catalogo KEV per ridurre il rischio di compromissioni.

L’utilizzo del catalogo KEV come riferimento nella gestione delle vulnerabilità aiuta a identificare e risolvere tempestivamente le falle di sicurezza più critiche, proteggendo le infrastrutture IT da attacchi mirati.

L'articolo CISA: Fortinet FortiOS e FortiProxy sfruttati attivamente. Il Bug di Authentication Bypass finisce nel KEV proviene da il blog della sicurezza informatica.