Vintage Computer Festival East This Weekend

April 4, 2025 by No comments

If you’re on the US East Coast, you should head on over to Wall, NJ and check out the Vintage Computer Festival East. After all, [Brian Kernighan] is going to be there. Yes, that [Brian Kernighan].

Events are actually well underway, and you’ve already missed the first few TRS-80 Color Computer programming workshops, but rest assured that they’re going on all weekend. If you’re from the other side of the retrocomputing fence, namely the C64 side, you’ve also got a lot to look forward to, because the theme this year is “The Sounds of Retro” which means that your favorite chiptune chips will be getting a workout.

[Tom Nardi] went to VCF East last year, so if you’re on the fence, just have a look at his writeup and you’ll probably hop in your car, or like us, wish you could. If when you do end up going, let us know how it was in the comments!

Supercon 2024: Quick High-Feature Boards With The Circuit Graver

April 4, 2025 by 1 Comment

These days, if you want to build something with modern chips and components, you probably want a custom PCB. It lets you build a neat and compact project that has a certain level of tidiness and robustness that you can’t get with a breadboard or protoboard. The only problem is that ordering PCBs takes time, and it’s easy to grow tired of shipping delays when you don’t live in the shadow of the Shenzhen board houses.

[Zach Fredin] doesn’t suffer this problem, himself. He’s whipping up high-feature PCBs at home with speed and efficiency that any maker would envy. At the 2024 Hackaday Supercon, he was kind enough to give a talk to explain the great engineering value provided by the Circuit Graver. (He was demoing it in the alley too, but you had to be there.)

Continue reading “Supercon 2024: Quick High-Feature Boards With The Circuit Graver”

Hackaday Podcast Episode 315: Conductive String Theory, Decloudified Music Players, And Wild Printing Tech

April 4, 2025 by No comments

This week, Hackaday’s Elliot Williams and Kristina Panos met up across the (stupid, lousy) time zones to bring you the latest news, mystery sound, and of course, a big bunch of hacks from the previous week.

Again, no news is good news. On What’s That Sound, Kristina didn’t get close at all, but at least had a guess this time. If you think you can identify the sound amid all the talking, you could win a Hackaday Podcast t-shirt!

After that, it’s on to the hacks and such, beginning with a Dr. Jekyll and Mr. Hyde situation when it comes to a pair of formerly-cloud music players. We take a look at a crazy keyboard hack, some even crazier conductive string, and a perfectly cromulent list of 70 DIY synths on one wild webpage. Finally, we rethink body art with LEDs, and take a look at a couple of printing techniques that are a hundred years or so apart in their invention.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download in DRM-free MP3 and savor at your leisure.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 315: Conductive String Theory, Decloudified Music Players, And Wild Printing Tech”

3D Print (and Play!) The Super Mario Tune As A Fidget Toy

April 4, 2025 by 17 Comments

[kida] has a highly innovative set of 3D-printable, musical fidget toys that play classic video game tunes. Of course there’s the classic Super Mario ditty, but there’s loads more. How they work is pretty nifty, and makes great use of a 3D printer’s strengths.

To play the device one uses a finger to drag a tab (or striker) across the top, and as it does so it twangs vertical tines one-by-one. Each tine emits a particular note — defined by how tall the thicker part is — and plays a short tune as a result. Each one plays a preprogrammed melody, with the tempo and timing up to the user. Listen to them in action in the videos embedded just under the page break!

There are some really clever bits to the design. One is that the gadget is made in two halves, which effectively doubles the notes one can fit into the space. Another is that it’s designed so that holding it against something like a tabletop makes it louder because the surface acts like a sounding board. Finally, the design is easily modified so making new tunes is easy. [kida]’s original design has loads of non-videogame tunes (like the Jeopardy! waiting theme) as well as full instructions on making your very own versions.

Fidget toys are a niche all their own when it comes to 3D printed devices. The fidget knife has a satisfying snap action to it, and this printable linear toggle design is practically a fidget toy all on its own.

Continue reading “3D Print (and Play!) The Super Mario Tune As A Fidget Toy”

This Week In Security: Target Coinbase, Leaking Call Records, And Microsoft Hotpatching

April 4, 2025 by 1 Comment

We know a bit more about the GitHub Actions supply chain attack from last month. Palo Alto’s Unit 42 has been leading the charge on untangling this attack, and they’ve just released an update to their coverage. The conclusion is that Coinbase was the initial target of the attack, with the open source agentkit package first (unsuccessfully) attacked. This attack chain started with pull_request_target in the spotbugs/sonar-findbugs repository.

The pull_request_target hook is exceptionally useful in dealing with pull requests for a GitHub repository. The workflow here is that the project defines a set of Continuous Integration (CI) tests in the repository, and when someone opens a new Pull Request (PR), those CI tests run automatically. Now there’s an obvious potential problem, and Github thought of it and fixed it a long time ago. The GitHub Actions are defined right in the repository, and letting any pull request run arbitrary actions is a recipe for disaster. So GitHub always uses actions as they are defined in the repository itself, ignoring any incoming changes in the PR. So pull_request_target is safe now, right? Yes, with some really big caveats.

The simplest security problem is that many projects have build scripts in the repository, and those are not considered part of GitHub Actions by GitHub. So include malicious code in such a build script, make it a PR that runs automatically, and you have access to internal elements like organization and repository secrets and access tokens. The most effective mitigation against this is to require approval before running workflows on incoming PRs.

So back to the story. The spotbugs/sonar-findbugs repository had this vulnerability, and an attacker used it to export secrets from a GitHub Actions run. One of those secrets happened to be a Personal Access Token (PAT) belonging to a spotbugs maintainer. That PAT was used to invite a throwaway account, [jurkaofavak], into the main spotbugs repository. Two minutes after being added, the [jurkaofavak] account created a new branch in spotbugs/spotbugs, and deleted it about a second later. This branch triggered yet another malicious CI run, now with arbitrary Github Actions access rather than just access through a build script. This run leaked yet another Personal Access Token, belonging to a maintainer that worked on both the spotbugs and reviewdog projects. Continue reading “This Week In Security: Target Coinbase, Leaking Call Records, And Microsoft Hotpatching”

Keep Bears At Bay With The Crackle Of 280,000 Volts

April 4, 2025 by 26 Comments

Bears! Are they scared of massive arcs that rip through the air, making a lot of noise in the process? [Jay] from the Plasma Channel sure hopes so, because that’s how his bear deterrent works!

[Jay] calls it the Bear Blaster 5000. Right from the drop, this thing looks like some crazy weapon out of Halo. That’s because it throws huge arcs at 280,000 volts. The basic concept behind it is simple enough—a battery drives a circuit which generates (kinda) low voltage AC. This is fed to the two voltage multipliers which are set up with opposite polarity to create the greatest possible potential difference between the two electrodes they feed. The meaty combination is able to arc across electrodes spaced over four inches apart. It’s all wrapped up in a super-cool 3D printed housing that really shows off the voltage multiplier banks.

Continue reading “Keep Bears At Bay With The Crackle Of 280,000 Volts”

A Portable Electronics Workstation

April 4, 2025 by 20 Comments

You don’t see them as often as you used to, but it used to be common to see “electronics trainers” which were usually a collection of components and simple equipment combined with a breadboard, often in a little suitcase. We think [Pro Maker_101’s] portable electronics workstation is in the same kind of spirit, and it looks pretty nice.

The device uses a 3D printed case and a custom PC board. There are a number of components, although no breadboard. There is a breakout board for Raspberry Pi GPIO, though. So you could use the screw terminals to connect to an external breadboard. We were thinking you could almost mount one as a sort of lid so it would open up like a book with the breadboard on one side and the electronics on the other. Maybe version two?

One thing we never saw on the old units? An HDMI flat-screen display! We doubt you’d make one exactly like this, of course, but that’s part of the charm. You can mix and match exactly what you want and make the prototyping station of your dreams. Throw in a small portable soldering iron, a handheld scopemeter, and you can hack anywhere.

We’d love to see something like this that was modular. Beats what you could build in 1974.

Continue reading “A Portable Electronics Workstation”