blinkenlights

45 Articles

This Week In Security: PostHog, Project Zero Refresh, And Thanks For All The Fish

December 19, 2025 by 16 Comments

There’s something immensely satisfying about taking a series of low impact CVEs, and stringing them together into a full exploit. That’s the story we have from [Mehmet Ince] of Prodraft, who found a handful of issues in the default PostHog install instructions, and managed to turn it into a full RCE, though only accessible as a user with some configuration permissions.

As one might expect, it all starts with a Server Side Request Forgery (SSRF). That’s a flaw where sending traffic to a server can manipulate something on the server side to send a request somewhere else. The trick here is that a webhook worker can be primed to point at localhost by sending a request directly to a system API.

One of the systems that powers a PostHog install is the Clickhouse database server. This project had a problem in how it sanitized SQL requests, namely attempting to escape a single quote via a backslash symbol. In many SQL servers, a backslash would properly escape a single quote, but Clickhouse and other Postgresql servers don’t support that, and treat a backslash as a regular character. And with this, a read-only SQL API is vulnerable to SQL injection.

These vulnerabilities together just allow for injecting an SQL string to create and run a shell command from within the database, giving an RCE and remote shell. The vulnerabilities were reported through ZDI, and things were fixed earlier this year. Continue reading “This Week In Security: PostHog, Project Zero Refresh, And Thanks For All The Fish”

This Week In Security: Hornet, Gogs, And Blinkenlights

December 12, 2025 by 12 Comments

Microsoft has published a patch-set for the Linux kernel, proposing the Hornet Linux Security Module (LSM). If you haven’t been keeping up with the kernel contributor scoreboard, Microsoft is #11 at time of writing and that might surprise you. The reality is that Microsoft’s biggest source of revenue is their cloud offering, and Azure is over half Linux, so Microsoft really is incentivized to make Linux better.

The Hornet LSM is all about more secure eBPF programs, which requires another aside: What is eBPF? First implemented in the Berkeley Packet Filter, it’s a virtual machine in the kernel, that allows executing programs in kernel space. It was quickly realized that this ability to run a script in kernel space was useful for far more than just filtering packets, and the extended Berkeley Packet Filter was born. eBPF is now used for load balancing, system auditing, security and intrusion detection, and lots more.

This unique ability to load scripts from user space into kernel space has made eBPF useful for malware and spyware applications, too. There is already a signature scheme to restrict eBPF programs, but Hornet allows for stricter checks and auditing. The patch is considered a Request For Comments (RFC), and points out that this existing protection may be subject to Time Of Check / Time Of Use (TOCTOU) attacks. It remains to be seen whether Hornet passes muster and lands in the upstream kernel. Continue reading “This Week In Security: Hornet, Gogs, And Blinkenlights”

Blinkenlights-First Retrocomputer Design

January 11, 2025 by 10 Comments

[Boz] wants to build a retrocomputer, but where to start? You could start with the computery bits, like say the CPU or the bus architecture, but where’s the fun in that? Instead, [Boz] built a righteous blinkenlights array.

What’s cool about this display is that it’s ready to go out of the box. All of the LEDs are reverse-mount and assembled by the board maker. The 19″ 2U PCBs serve as the front plates, so [Boz] was careful not to use any through-hole parts, which also simplified the PCB assembly, of course. Each slice has its own microcontroller and a few shift registers to get the bits lit up, and that’s all there is to it. They take incoming data at 9600 baud and output blinkiness.

Right now it pulls out its bytes from his NAS. We’re not sure which bytes, and we think we see some counters in there. Anyway, it doesn’t matter because it’s so pretty. And maybe someday the prettiness will lure [Boz] into building a retrocomputer to go under it. But honestly, we’d just relax and watch the blinking lights.

Continue reading “Blinkenlights-First Retrocomputer Design”

LED Choker Is A Diamond In The Junk Pile

March 12, 2024 by 9 Comments

Isn’t it great when you find a use for something that didn’t work out for the project it was supposed to? That’s the story behind the LED strips in this lovely blinkenlights choker by [Ted].

The choker itself is a 15 mm wide leather strap with holes punched in it. According to [Ted], the hole punching sounds like the absolute worst and hardest part to do, because the spacing of the holes must be greater than that of the LEDs to account for flex in the strap. [Ted] tested several distances and found that there is little margin for error.

Controlling those blinkenlights is a Seeed Xiao S3, which fits nicely behind the neck in what looks like a heat shrink tube cocoon. [Ted] chose this because there was one lying around, and it happens to be a good fit with its LiPo charge controller.

The choker runs on four 300 mAh LiPo batteries, which makes for more bulk than [Ted] would like, but again, sometimes it’s about what you have lying around. Even so, the batteries last around two hours.

Sometimes it’s about more than just blinkenlights. Here’s an LED necklace that reports on local air quality.

Back To Basics With A 555 Deep Dive

February 17, 2024 by 28 Comments

Many of us could sit down at the bench and whip up a 555 circuit from memory. It’s really not that hard, which is a bit strange considering how flexible the ubiquitous chip is, and how many ways it can be wired up. But when was the last time you sat down and really thought about what goes on inside that little fleck of silicon?

If it’s been a while, then [DiodeGoneWild]’s back-to-basics exploration of the 555 is worth a look. At first glance, this is just a quick blinkenlights build, which is completely the point of the exercise. By focusing on the simplest 555 circuits, [Diode] can show just what each pin on the chip does, using an outsized schematic that reflects exactly what’s going on with the breadboarded circuit. Most of the demos use the timer chip in free-running mode, but circuits using bistable and monostable modes sneak in at the end too.

Yes, this is basic stuff, but there’s a lot of value in looking at things like this with a fresh set of eyes. We’re impressed by [DiodeGoneWild]’s presentation; while most 555 tutorials focus on component selection and which pins to connect to what, this one takes the time to tell you why each component makes sense, and how the values affect the final result.

Curious about how the 555 came about? We’ve got the inside scoop on that.

Continue reading “Back To Basics With A 555 Deep Dive”

Your Home Mainframe

December 28, 2023 by 36 Comments

We miss the days when computers looked like computers. You know, blinking lights, rows of switches, and cryptic displays. [Phil Tipping] must miss those days too since he built PlasMa, a “mini-mainframe simulator.”

The device would look at home on the set of any old science fiction movie. Externally, it has 540 LEDs, 100 switches, and a number of other I/O devices, including a keypad and an LCD screen. Internally, it can support three different instruction sets. Everything is run by an ATmega2560, and it has simulated paper tape, magnetic tape, and disks (all via SD cards). The magnetic tapes also have LED simulated reels to show the tape position and other status information (the round displays just above the LCD display).

Continue reading “Your Home Mainframe”

Agate Light Twinkles Just Right

November 23, 2023 by 3 Comments

Mother Nature is often a cruel mistress, but what can you do? You’ve got to make the best of what she gives you. This lovely little light was born from death — the death of a pine tree, that is, that was killed by beetles boring large holes inside.

When [Craig Lindley]’s friends gave him some slices of that pine tree, he knew he had to make a blinkenlights thing out of it. The next step was to procure slices of agate, and from the top of Pike’s Peak, no less.

Each slice of agate has three RGB LEDs behind it, and  these are controlled by an ESP32. There’s also a PIR sensor that detects people and gives them a show. More specifically, it runs through several patterns at random speeds up and down the piece.

The agate slices are embedded in the wood, which [Craig] achieved first with a Dremel, and then with a router when the Dremel proved difficult. After some troubles with resin and an unfortunate mishap with a rag, [Craig] ended up with a beautiful light with which to dazzle his friends, especially the ones who gave him the pine slice.

You know we love blinkenlights; you see them here all the time. Did you know you can use them to keep time?