Kritik sah

Released in 1984, the Commodore SX-64 Executive Computer was one of the first portable luggable color computers. It cost twice as much as a Commodore 64, had a tiny 5″ diagonal screen, and couldn’t actually support both 5¼” drives as advertised. On the upside, people say it had a slightly better keyboard than its classic cousin. [Drygol] agreed to restore the keyboard from a friend’s Commodore SX-64 sight-unseen, and boy was this thing in bad shape . Most people would probably consider the condition a shame and write it off as a lost cause, since two of the corners were missing most of their plastic. But [Drygol] isn’t most people. [Drygol] had mad restoration skills to begin with, and this project honed them to a razor’s edge. Plenty of the other vintage computer restorations [Drygol] has done required plastic welding, which uses heat or a lot of friction to smooth over cracks. Some of those have not stood the test of time, so he’s now in the habit of stabilizing cracks with brass ...

For many generations, home consoles have featured copy protection. Aiming to stop users from playing pirated games as well as running homebrew code, hackers often race to find vulnerabilities shortly after each new launch. Of course, finding workarounds can sometimes be more of a marathon than a sprint. [Grifter]’s new hack may come many years after the PlayStation 2 has since faded from store shelves, but remains impressive nonetheless. The goal was to find a way to run unsigned code on the PlayStation 2 without using any complex external hardware. Hacked memory cards, network interfaces, and other trickery were ruled out. Instead, sights were set on using the only other way in to the console – through the DVD drive. The only burnable media the PS2 DVD drive will normally read comes in the form of DVD video discs. Thus, [grifter]’s search began in the code of the on-board DVD player software. After finding potential overflow targets in the code, it was possible to exploit these to r...

The Cellebrite UFED Physical device relies on key material hardcoded within both the executable code supporting the decryption process and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software and does not appear to be changed with each new build. It is possible to reconstruct the decryption process from Packet Storm https://ift.tt/2NIdjV9

Red Hat Security Advisory 2020-2774-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include memory leak and out of bounds access vulnerabilities. from Packet Storm https://ift.tt/2AhQTHf

Red Hat Security Advisory 2020-2773-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include an out of bounds access vulnerability. from Packet Storm https://ift.tt/3ge3lam

Red Hat Security Advisory 2020-2770-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability. from Packet Storm https://ift.tt/2NLWAA4

Red Hat Security Advisory 2020-2771-01 - An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.4 Advances Update Support. Sampling issues were addressed. from Packet Storm https://ift.tt/2CZpvil

Red Hat Security Advisory 2020-2769-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability. from Packet Storm https://ift.tt/38dFmoO

Red Hat Security Advisory 2020-2768-01 - The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Issues addressed include an out of bounds read vulnerability. from Packet Storm https://ift.tt/38fMEs9

Red Hat Security Advisory 2020-2761-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 83.0.4103.116. Issues addressed include a use-after-free vulnerability. from Packet Storm https://ift.tt/3dTdtnq

This Metasploit module exploits an arbitrary file upload vulnerability together with a directory traversal flaw in ATutor versions 2.2.4, 2.2.2 and 2.2.1 in order to execute arbitrary commands. from Packet Storm https://ift.tt/2BoO0Vy

Reside Property Management version 3.0 suffers from a remote SQL injection vulnerability. from Packet Storm https://ift.tt/3dJKJ05

Victor CMS version 1.0 suffers from a user_firstname persistent cross site scripting vulnerability. from Packet Storm https://ift.tt/2BsjoCD

You might have caught Maya Posch’s article about the first open-source ASIC tools from Google and SkyWater Technology . It envisions increased access to make custom chips — Application Specific Integrated Circuits — designed using open-source tools, and made real through existing chip fabrication facilities. My first thought? How much does it cost to tape out? That is, how do I take the design on my screen and get actual parts in my hands? I asked Google’s Tim Ansel to explain some more about the project’s goals and how I was going to get my parts. The goals are pretty straightforward. Tim and his collaborators would like to see hardware open up in the same way software has. The model where teams of people build on each other’s work either in direct collaboration or indirectly has led to many very powerful pieces of software. Tim’s had some success getting people interested in FPGA development and helped produce open tools for doing so. Custom ASICs are the next logical step. Who N...

from Packet Storm https://ift.tt/3eNqEHG

from Packet Storm https://ift.tt/3dHFFt3

from Packet Storm https://ift.tt/2VwX15P

from Packet Storm https://ift.tt/2VxbKh4

With lockdown regulations sweeping the globe, many have found themselves spending altogether too much time inside with not a lot to do. [Peter Hall] is one such individual, with a penchant for flying quadcopters. With the great outdoors all but denied, he instead endeavoured to find a way to make flying inside a more exciting experience. We’d say he’s succeeded. The setup involves using a SteamVR virtual reality tracker to monitor the position of a quadcopter inside a room. This data is then passed back to the quadcopter at a high rate, giving the autopilot fast, accurate data upon which to execute manoeuvres. PyOpenVR is used to do the motion tracking, and in combination with MAVProxy, sends the information over MAVLink back to the copter’s ArduPilot. While such a setup could be used to simply stop the copter crashing into things, [Peter] doesn’t like to do things by half measures. Instead, he took full advantage of the capabilities of the system, enabling the copter to fly aggr...

Before it was officially unveiled in December 2001, the hype surrounding the Segway Human Transporter was incredible. But it wasn’t because people were excited to get their hands on the product, they just wanted to know what the thing was. Cryptic claims from inventor Dean Kamen that “Ginger” would revolutionize transportation and urban planning lead to wild speculation. When somebody says their new creation will make existing automobiles look like horse-drawn carriages in comparison, it’s hard not to get excited. Dean Kamen unveils the Segway There were some pretty outlandish theories. Some believed that Kamen, a brilliant engineer and inventor by all accounts, had stumbled upon some kind of anti-gravity technology. The kids thought they would be zipping around on their own Back to the Future hover boards by Christmas, while Mom and Dad were wondering what the down payment on a floating minivan might be. Others thought the big secret was the discovery of teleportation, and that w...

Flying a quadcopter or other drone can be pretty exciting, especially when using the video signal to do the flying. It’s almost like a real-life video game or flight simulator in a way, except the aircraft is physically real. To bring this experience even closer to the reality of flying, [Kevin] implemented stereo vision on his quadcopter which also adds an impressive amount of functionality to his drone. While he doesn’t use this particular setup for drone racing or virtual reality, there are some other interesting things that [Kevin] is able to do with it. The cameras, both ESP32 camera modules, can make use of their combined stereo vision capability to determine distances to objects. By leveraging cloud computing services from Amazon to offload some of the processing demands, the quadcopter is able to recognize faces and keep the drone flying at a fixed distance from that face without needing power-hungry computing onboard. There are a lot of other abilities that this drone unlo...

Additive manufacturing techniques like fused deposition modeling, aka 3D printing, are often used for rapid prototyping. Another advantage is that it can create shapes that are too complex to be made with traditional manufacturing like CNC milling. Now, 3D printing has even found its way into particle physics as an international collaboration led by a group from CERN is developing a new plastic scintillator production technique that involves additive manufacturing . A scintillator is a fluorescent material that can be used for particle detection through the flashes of light created by ionizing radiation. Plastic scintillators can be made by adding luminophores to a transparent polymer such as polystyrene and are usually produced by conventional techniques like injection molding. Design of the ND280 scintillation detector. The scintillator cubes are read out by wavelength shifting fibers. One end of the fiber is viewed by a photosensor, another end is covered by a reflector. Credit...

To have a proper gaming “rig”, you need more than a powerful GPU and heaps of RAM. You’ve also got to install a clear side-panel so lesser mortals can ogle your wiring, and plenty of multicolored LEDs to make sure it’s never actually dark when you’re up playing at 2 AM. Or at least, that’s what the Internet has led us to believe. The latest project from [Michael Pick] certainly isn’t doing anything to dispel that stereotype . In fact, it’s absolutely reveling in it. The goal was to recreate the look of a high-end custom gaming PC on a much smaller scale, with a Raspberry Pi standing in for the “motherboard”. Assuming you’re OK with streaming them from a more powerful machine on the network, this diminutive system is even capable of playing modern titles. But really, the case is the star of the show here. Starting with a 3D printed frame, [Michael] really went all in on the details. We especially liked the little touches such as the fiber optics used to bring the Pi’s status and powe...

Ask ordinary software developers how to code an exponential function (that is, e x ) and most will tell you to simply write an expression in their favorite high level language. But a significant slice of Hackaday readers will program tiny machines down to the bare metal or need more speed or precision than available with a customary implementation. [Pseduorandom] knows quite a few ways to do the calculation , and while it isn’t light reading for the math-phobic, it is an interesting tour. The paper covers a variety of ways to calculate the function ranging from various Taylor series approximations, Lagrange interpolation, and Chebyshev interpolation. The paper is someone abstract, but there are Python and C++ examples to help make it concrete. The paper does cover a bit about why you might want to compute e x , but, honestly, we still love the Better Explained post about how it relates to any continually growing process. If you missed it, you can see the related video, below. We su...

[Jorvon Moss] a.k.a. [Odd_Jayy] is known as a maker of “companion robots” which he carriers perched on top of his shoulders. (I don’t know about you, but we’re getting some pretty strong Ash and Pikachu vibes.) In one of his recent builds, he decided to give his companion bot a bit of sizzle. His Widget Dragon Companion Bot is an impressive 3D printed build, divided into a surprisingly few parts. The robot is controlled using an Adafruit Crickit, marketed specifically for robotics projects, and is easily programmed using the increasingly popular Microsoft MakeCode. With a few servos, [Odd Jay] was able to animate his bot giving it more of an “alive” feel. Finally, he added a vape pen to give the dragon some pyrotechnic effects. This is just the kind of energy we love to see here at Hackaday. While you’re around, take a look at some of [Odd_Jayy’s] other robot projects  and head over to his Instagram page to see more real-time project updates. from Blog – Hackaday https://i...

from Packet Storm https://ift.tt/2ZoEsli

from Packet Storm https://ift.tt/3g8AiEV

from Packet Storm https://ift.tt/3glxNPZ

This Metasploit module exploits multiple vulnerabilities in Bolt CMS version 3.7.0 and 3.6.x in order to execute arbitrary commands as the user running Bolt. Valid credentials for a Bolt CMS user are required. This module has been successfully tested against Bolt CMS 3.7.0 running on CentOS 7. from Packet Storm https://ift.tt/3dIbXEt

haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM. from Packet Storm https://ift.tt/31rTObj

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them. from Packet Storm https://ift.tt/3eJTtVb

Ubuntu Security Notice 4406-1 - It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary content in the login page. from Packet Storm https://ift.tt/2BaV8F3

Red Hat Security Advisory 2020-2737-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, code execution, and cross site scripting vulnerabilities. from Packet Storm https://ift.tt/2Ajazuo

Red Hat Security Advisory 2020-2758-01 - An update for microcode_ctl is now available for Red at Enterprise Linux 7.7 Extended Update Support. Sampling issues were addressed. from Packet Storm https://ift.tt/3ikbYCb

Red Hat Security Advisory 2020-2757-01 - An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Sampling issues were addressed. from Packet Storm https://ift.tt/2YJSIpL

Ubuntu Security Notice 4405-1 - It was discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information. from Packet Storm https://ift.tt/3dIUgEL

NetPCLinker version 1.0.0.0 SEH with egghunter shellcode buffer overflow exploit. from Packet Storm https://ift.tt/3eK1utu

Windscribe version 1.83 suffers from an unquoted service path vulnerability. from Packet Storm https://ift.tt/38bNzK2

OpenEMR version 5.0.1 suffers from a remote code execution vulnerability. from Packet Storm https://ift.tt/38cyGaH

KiteService version 1.2020.618.0 suffers from an unquoted service path vulnerability. from Packet Storm https://ift.tt/3ieYK9u

Fire Web Server Pre-Alpha version suffers from a denial of service vulnerability. from Packet Storm https://ift.tt/2YHBRUm

This morning the Open Source Hardware Association (OSHWA) announced a resolution for changing the way SPI (Serial Peripheral Interface) pins are labelled on hardware and in datasheets. The protocol originally included MOSI/MISO references that stand for “Master Out, Slave In” and “Master In, Slave Out”. Some companies and individuals have stopped using these terms over the years, but an effort is being taken up to affect widespread change, lead by Nathan Seidle of Sparkfun. The new language for SPI pin labeling recommends the use of SDO/SDI (Serial Data Out/In) for single-role hardware, and COPI/CIPO for “Controller Out, Peripheral In” and “Controller In, Peripheral Out” for devices that can be either the controller or the peripheral. The change also updates the “SS” (Slave Select) pin to use “CS” (Chip Select). SPI is widely used in embedded system design and appears in a huge range of devices, with the pin labels published numerous times in everything from datasheets and applicati...

In June, 1995, Rasmus Lerdorf made an announcement on a Usenet group. You can still read it . Announcing the Personal Home Page Tools (PHP Tools) version 1.0. These tools are a set of small tight cgi binaries written in C. Today, twenty five years on, PHP is about as ubiquitous as it could possibly have become. I’d be willing to bet that for the majority of readers of this article, their first forays into web programming involved PHP. But no matter what rich history and wide userbase PHP holds, that’s no justification for its use in a landscape that is rapidly evolving. Whilst PHP will inevitably be around for years to come in existing applications, does it have a future in new sites? Before we look to the future, we must first investigate how PHP has evolved in the past. The Beginnings Rasmus Lerdorf initially created PHP as a way to track users who visited his online CV. Once the source code had been released and the codebase had been re-written from scratch a sizeable numb...

When [Neutrino-1] saw DFRobot’s DFPlayer module, he decided he wanted to make his own retro MP3 player . This tiny module comes packed with a ton of interesting capabilities such as EQ adjustment, volume control, and a 3 watt amplifier amongst other things. It can even play ads in between songs, should you want such a thing. Controlling the DFPlayer module is easy using serial commands from a microcontroller, making it a convenient subsystem in bigger projects, and a potential alternative to the popular VLSI chips or the hard to come by WT2003S IC. [Neutrino-1] does a good job walking readers through the build making it fairly easy to remix, reuse, and reshare. With the hardware sorted, all you’ve got to do is flash the firmware and load up an SD card with some MP3s. There’s even a small Python GUI to help you get your new player up and running. [Neutrino-1] also introduces users to the U8g2 display library which he says is a bit more feature-rich than the common Adafruit SSD1306 lib...

The term “vacuum” means many different things depending whether you are working on space equipment, scientific instruments, or even internal combustion engines. In our sphere it is so often used as a means to draw bubbles out of resin castings, for which it is a relatively easily achievable partial vacuum. It’s something [Fab] is using, in a vacuum chamber made from Plexiglass . A simple Plexiglass box would collapse under the air pressure on its own, so to mitigate that it’s made from a piece of tube, and with an internal frame of aluminium extrusion with 3D printed joints to strengthen it from the inside. A pressure sensor allows regulation of the pump that drives the vacuum, and connections are made to the chamber using pneumatic hose connectors. It’s not immediately clear how it is sealed, whether there are nay gaskets or other sealant, or whether air pressure pushing the parts together provides enough of a seal. We’ve featured a lot of vacuum chambers made for this purpose over ...

There’s plenty of vintage-styled hardware out these days, with quality and functionality being mixed at best. [Huan] found such a device in the form of an attractively-styled Bluetooth speaker. Deciding he could improve on the capabilities while retaining a stock look, he got down to hacking. The aim of the project was to keep the original volume knob, buttons and screen, while replacing the internals with something a bit more capable. A Raspberry Pi Zero was sourced as the brains of the operation, with the Google Voice AIY hardware used as the sound output after early attempts with a discrete amplifier faced hum issues. An Arduino Pro Micro was pressed into service to read the volume encoder along with the buttons and drive the charlieplexed LED screen. Shairport Sync was then installed on the Pi Zero to enable Airplay functionality. It’s a basic hack that nonetheless gives [Huan] an attractive AirPlay speaker, along with plenty of useful experience working with Arduinos and Raspber...

What kid doesn’t want a Swiss Army knife? Maybe that was the idea behind Hantek’s 3-in-1 instrument that [Rui Santos] reviewed in a recent blog post . You can also watch the video version, below. The instrument is a combination oscilloscope, multimeter, and signal generator. The device is pretty inexpensive and comes in 40 MHz and 70 MHz versions. You can also get versions that drop the function generator if you want to save a little bit more. The multimeter does 4000 counts and has the usual scales along with capacitance measurements. Rechargeable batteries make it portable, and the signal generator is capable up to 25 MHz. The scope is dual channel, but the sampling drops in half (125 megasamples per second) when using both channels. The 2.8 inch color screen isn’t as big as your bench scope, but it’s good for a portable device. The review also mentions that there are few buttons so many operations require a lot of menu navigation, but — again — that’s a function of being small. Ov...

You can imagine how stressful life is for high-power CEOs of billion-dollar companies in these trying times; one is tempted to shed a tear for them as they jet around the world and plan their next big move. But now someone has gone and upset the applecart by coming up with a way to track executive private jets as they travel across North America . This may sound trivial, but then you realize that hedge fund managers pay big money for the exact same data in order to get an idea of who is meeting with whom and possibly get an idea of upcoming mergers and acquisitions. It’s also not easy, as the elites go to great lengths to guard their privacy. Luckily, the OpenSky Network lists all ADS-B traffic its web of ground stations receives, unlike other flight monitoring sites which weed out “sensitive” traffic. Python programs scrape the OpenSky API and cross-reference plane registrations with the FAA database to see which company jets are doing what. There are plenty of trips to Aspen and Jac...

Reading is big in Québec, and [pepelepoisson]’s young children have access to a free mini library nook that had seen better days and was in dire need of maintenance and refurbishing. In the process of repairing and repainting the little outdoor book nook, he took the opportunity to install a few experimental upgrades (link in French, English translation here .) The mini library pods are called Croque-Livres , part of a program of free little book nooks for children across Québec (the name is a bit tricky to translate into English, but think of it as “snack shack, but for books” because books are things to be happily devoured.) After sanding and repairs and a few coats of new paint, the Croque-Livres was enhanced with a strip of WS2812B LEDs, rechargeable battery with solar panel, magnet and reed switch as door sensor, and a 3.3 V Arduino to drive it all. [pepelepoisson]’s GitHub repository for the project contains the code and CAD files for the 3D printed pieces. The WS2812B LED ...

If you were selling computers in the early 1960s you faced a few problems, chief among them was convincing people to buy the fantastically expensive machines. But you also needed to develop an engineering force to build and maintain said machines. And in a world where most of the electrical engineers had cut their teeth on analog circuits built with vacuum tubes, that was no easy feat. To ease the transition and develop some talent, Digital Equipment Corporation went all out with devices like the DEC H-500 Computer Lab, which retrocomputing wizard [Michael Gardi] is currently building a reproduction of . DEC’s idea was to provide a selection of logic gates, flip flops, and other elements of digital electronics that could be hooked together into more complicated circuits. We can practically see the young engineers in their white short-sleeve shirts and skinny ties laboring over the H-500 in a lab somewhere. [Mike] is fortunate enough to have an original H-500, but he wants anyone to b...

All by itself, a calculator based on an Arduino isn’t necessarily very novel. However, [Volos] has a nice board that, of course, looks like a calculator. There are 16 keys and an LED display. But it seems to us the real value would be using this as a base for other projects. As an inexpensive development board, it’s handy to have a simple processor with a keyboard and a display. There’s some extra I/O pins and the first example in the video below shows using the setup as a simple organ, for example. We’d love to see an option to replace the LED with an LCD and maybe even some different CPU options, as well. The board is essentially an Arduino with a standard USB to serial chip and a MAX7219 display driver. Of course, you could breadboard up all of these things, but it wouldn’t be as neat looking. One unusual thing about the keyboard is that it is not multiplexed. Each button has a label that indicates what Arduino pin it connects with. So key 6 connects to pin 6 and pin A2 connects ...

On some 2011 Macbook Pro models, there is a tendency for the Radeon GPU to fail. This should mean game over for the computer, but surprisingly salvation is offered by its having not one but two GPUs on board. The Intel processor also has a GPU, and Apple use a pile of logic in an FPGA to switch at will between them. The community have produced fresh FPGA code to revive a dead Mac on its Intel GPU, but at the expense of losing brightness control. [Ayilm1] has brought back the brightness with a clever BGA reworking hack that gains access to a brightness control line present on the Intel BD82HM65 Platform Controller Hub chip but not used in the Macbook. We’re used to impressive soldering work here at Hackaday, and we’ve seen our share of wiring direct to the balls on an upturned BGA chip. This is a similar idea but at another level, as a section of the top insulation on an in-place BGA is removed to expose the microvia above the ball carrying the required signal. A tiny wire is soldered...

USB-C has brought the world much more powerful charging options in a slimline connector. With laptop chargers and portable battery packs using the standard, many with older hardware are converting their devices over to work with USB-C. [victorc] was trying to do just that, purchasing an adapter cable to charge a ThinkPad. Things didn’t quite work out of the box, so some hacking was required. The problem was the power rating of the adapter cable, versus the battery pack [victorc] was trying to use. In order to allow the fastest charging rates, the adapter cable features a resistor value which tells the attached Lenovo laptop it can draw up to 90 W. The battery pack in question could only deliver 45 W, so it would quickly shut down when the laptop tried to draw above this limit. To rectify this, [victorc] looked up the standard, finding the correct resistor value to set the limit lower. Then, hacking open the cable, the original resistor on the Lenovo connector was removed, and replace...

Along with the substantial rise in bread baking over the last few months, many people have been whipped into a frenzy over this tasty-looking frothy coffee beverage called Dalgona. It’s like a caffeinated meringue made from instant coffee, sugar, boiling water, and a whole lot of air that is then spooned onto milk or milk and ice. Sure, you can use a whisk to mix it up if you don’t mind doing so continuously and vigorously for at least a full three minutes. [HimanshuS8] quickly got tired of making his wife’s coffee this way, and designed a small electric hand mixer especially for this task . [HimanshuS8] happens to be a hardware design engineer, which is why it looks so minimalist and beautiful. The inside is just as beautiful, mixing junk bin parts like the 6 V motor from a cassette deck with printed gears and beaters. At the risk of reviving an old debate, we hope [HimanshuS8] used food-safe filament for those . If you replicate this, you could try to design it around standard meta...