Let’s Buy Commodore! Well, Somebody Is.

June 7, 2025 by Jenny List 31 Comments

When a man wearing an Atari T-shirt tells you he’s buying Commodore it sounds like the plot for an improbable 1980s movie in which Nolan Bushnell and Jack Tramiel do battle before a neon synthwave sunset to a pulsating chiptune soundtrack. But here on the screen there’s that guy doing just that, It’s [Retro Recipes], and in the video below he’s assembling a licensing deal for the Commodore brand portfolio from the distant descendant of the Commodore of old.

It’s a fascinating story and we commend him for tracing a path through the mess that unfolded for Commodore in the 1990s. We tried the same research path with a friend a few years ago and ended up with an anonymous Dutch paper company that wouldn’t answer our calls, so we’re impressed. In conjunction with several other players in the Commodore retrocomputing world he’s trying to assemble a favourable percentage deal for manufacturers of new parts, computers, and other goodies, and we’re pleased to see that it’s for the smaller player as much as for the industry giant.

When looking at a story like this though, it’s important not to let your view become clouded by those rose tinted glasses. While it’s great that we’re likely to see a bunch of new Commodore-branded Commodore 64s and parts, there are many pitfalls in taking it beyond that. We’ve seen the Commodore logo on too many regrettable licensed products in the past, and we fear it might be too tempting for it to end up on yet another disappointing all-in-one video game or just another budget PC. If something new comes out under the Commodore brand we’d like it to be really special, exploiting new ground in the way the Amiga did back in the day. We can hope, because the alternative has dragged other famous brands through the mud in recent years.

If you want an insight into the roots of the original Commodore’s demise, have a read of our Hackaday colleague [Bil Herd]’s autobiography.

Continue reading “Let’s Buy Commodore! Well, Somebody Is.” →

This Week In Security: Roundcube, Unified Threat Naming, And AI Chat Logs

June 6, 2025 by Jonathan Bennett 4 Comments

Up first, if you’re running a Roundcube install prior to 1.5.10 or 1.6.11, it’s time to update. We have an authenticated Remote Code Execution (RCE) in the Roundcube Webmail client. And while that’s not quite the level of chaos that an unauthenticated RCE would cause, it’s still to be taken seriously. Mainly because for the majority of the 53 million Roundcube installs out there, the users aren’t entirely trusted.

The magic at play in this vulnerability is the Roundcube user session code, and specifically the session deserialization scheme. There’s a weird code snippet in the unserialize function:
if ($str[$p] == '!') { $p++; $has_value = false;

The exclamation mark makes the code skip a character, and then assume that what comes next has no value. But if it does actually have a value, well then you’ve got a slightly corrupted deserialization, resulting in a slightly corrupted session. This really comes into force when combined with the file upload function, as the uploaded filename serves as a payload delivery mechanism. Use the errant exclamation mark handling to throw off deserialization, and the filename can contain arbitrary session key/value pairs. A GPG class from the PEAR library allows running an arbitrary command, and this can be hijacked with the session manipulation. Continue reading “This Week In Security: Roundcube, Unified Threat Naming, And AI Chat Logs” →

Depositing Metal On Glass With Fiber Laser

June 2, 2025 by Tyler August 17 Comments

Fiber lasers aren’t nearly as common as their diode and CO2 cousins, but if you’re lucky enough to have one in your garage or local makerspace, this technique for depositing thin films of metals in [Breaking Taps] video, embedded below, might be worth checking out.

It’s a very simple hack: a metal shim or foil is sandwiched between two pieces of glass, and the laser is focused on the metal. Etching the foil blasts off enough metal to deposit a thin film of it onto the glass. From electron microscopy, [Breaking Taps] reveals that what’s happening is that microscopic molten metal droplets are splashing up to the ̶m̶e̶t̶a̶l̶ glass, rather than this being any kind of plasma process like sputtering. He found this technique worked best with silver of all the materials tested, and there were a few. While copper worked, it was not terribly conductive — he suggests electroplating a thicker layer onto the (probably rather oxidized) copper before trying to solder, but demonstrates soldering to it regardless, which seems to work.

This might be a neat way to make artistic glass-substrate PCBs. More testing will be needed to see if this would be worth the effort over just gluing copper foil to glass, as has been done before. [Breaking Taps] suspects, and we agree, that his process would work better under an inert atmosphere, and we’d like to see it tried.

One thing to note is that, regardless of atmosphere, alloys are a bit iffy with this technique, as the ‘blast little drops off’ process can cause them to demix on the glass surface. He also reasons that ‘printing’ a large area of metal onto the glass, and then etching it off would be a more reliable technique than trying to deposit complex patterns directly to the glass in one go. Either way, though, it’s worth a try if you have a fiber laser.

Don’t have a fiber laser? Maybe you could build one.

Continue reading “Depositing Metal On Glass With Fiber Laser” →

Hot Rod Backyard Bath On Steel Spring Legs

May 31, 2025 by Heidi Ulrich 16 Comments

In a fusion of scrapyard elegance and Aussie ingenuity, [Mark Makies] has given a piece of old steel a steamy second life with his ‘CastAway Tub’. Call it a bush mechanic’s fever dream turned functional sculpture, starring two vintage LandCruiser leaf springs, and a rust-hugged cast iron tub dug up after 20 years in hiding. And put your welding goggles on, because this one is equal parts brute force and artisan flair.

What makes this hack so bold is, first of all, the reuse of unforgiving spring steel. Leaf springs, notoriously temperamental to weld, are tamed here with oxy-LPG preheating, avoiding thermal shock like a pro. The tub sits proudly atop a custom-welded frame shaped from dismantled spring packs, with each leaf ground, clamped, torched, and welded into a steampunk sled base. The whole thing looks like it might outrun a dune buggy – and possibly bathe you while it’s at it. It’s a masterclass in metalwork with zero CAD, all intuition, and a grinder that’s seen things.

Inspired? For those with a secret love for hot water and hot steel, this build is a blueprint for turning bush junk into backyard art. Read up on the full build at Instructables.

This Week In Security: CIA Star Wars, Git* Prompt Injection And More

May 30, 2025 by Jonathan Bennett 3 Comments

The CIA ran a series of web sites in the 2000s. Most of them were about news, finance, and other relatively boring topics, and they spanned 29 languages. And they all had a bit of a hidden feature: Those normal-looking websites had a secret login and hosted CIA cover communications with assets in foreign countries. A password typed in to a search field on each site would trigger a Java Applet or Flash application, allowing the spy to report back. This isn’t exactly breaking news, but what’s captured the Internet’s imagination this week is the report by [Ciro Santilli] about how to find those sites, and the fact that a Star Wars fansite was part of the network.

This particular CIA tool was intended for short-term use, and was apparently so effective, it was dragged way beyond it’s intended lifespan, right up to the point it was discovered and started getting people killed. And in retrospect, the tradecraft is abysmal. The sites were hosted on a small handful of IP blocks, with the individual domains hosted on sequential IP addresses. Once one foreign intelligence agency discovered one of these sites, the rest were fairly easily identified.
Continue reading “This Week In Security: CIA Star Wars, Git* Prompt Injection And More” →

Washington Consumers Gain Right To Repair For Cellphones And More

May 28, 2025 by Maya Posch 30 Comments

Starting January 1st, 2026, Washington state’s new Right to Repair law will come into effect. It requires manufacturers to make tools, parts and documentation available for diagnostics and repair of ‘digital electronics’, including cellphones, computers and similar appliances. The relevant House Bill 1483 was signed into law last week after years of fighting to make it a reality.

A similar bill in Oregon faced strong resistance from companies like Apple, despite backing another Right to Repair bill in California. In the case of the Washington bill, there were positive noises from the side of Google and Microsoft, proclaiming themselves and their products to be in full compliance with such consumer laws.

Of course, the devil is always in the details, with Apple in particular being a good example how to technically comply with the letter of the law, while throwing up many (financial) roadblocks for anyone interested in obtaining said tools and components. Apple’s penchant part pairing is also a significant problem when it comes to repairing devices, even if these days it’s somewhat less annoying than it used to be — assuming you’re running iOS 18 or better.

That said, we always applaud these shifts in the right direction, where devices can actually be maintained and repaired without too much fuss, rather than e.g. cellphones being just disposable items that get tossed out after two years or less.

Thanks to [Robert Piston] for the tip.

NASA Is Shutting Down The International Space Station Sighting Website

May 26, 2025 by Maya Posch 34 Comments

Starting on June 12, 2025, the NASA Spot the Station website will no longer provide ISS sighting information, per a message recently sent out. This means no information on sighting opportunities provided on the website, nor will users subscribed via the website receive email or text notifications. Instead anyone interested in this kind of information will have to download the mobile app for iOS or Android.

Obviously this has people, like [Keith Cowing] over at Nasa Watch, rather disappointed, due to how the website has been this easy to use resource that anyone could access, even without access to a smart phone. Although the assumption is often made that everyone has their own personal iOS or Android powered glass slab with them, one can think of communal settings where an internet café is the sole form of internet access. There is also the consideration that for children a website like this would be much easier to access. They would now see this opportunity vanish.

With smart phone apps hardly a replacement for a website of this type, it’s easy to see how the app-ification of the WWW continues, at the cost of us users.