Kritik sah

You’d think that the 8086 microprocessor, a 40-year-old chip with a mere 29,000 transistors on board that kicked off the 16-bit PC revolution, would have no more tales left to tell. But as [Ken Shirriff] discovered, reverse engineering the chip from die photos reveals some hidden depths. The focus of [Ken]’s exploration of the venerable chip is the charge pump, a circuit that he explains was used to provide a bias voltage across the substrate of the chip. Early chips generally took this -5 volt bias voltage from a pin, which meant designers had to provide a bipolar power supply. To reduce the engineering effort needed to incorporate the 8086 into designs, Intel opted for an on-board charge pump to generate the bias voltage. The circuit consists of a ring oscillator made from a trio of inverters, a pair of transistors, and some diodes to act as check valves. By alternately charging a capacitor and switching its polarity relative to the substrate, the needed -5 volt bias is created. G...

Hand sanitizer is  the hot product of 2020, and it seems nobody can get enough. In the same way that touching a dirty tap takes the shine off washing your hands in a public bathroom, one wishes to avoid touching the hand sanitizer bottle entirely. To get around this, [makendo] whipped up a quick solution. The solution consists of a 3D printed caddy which holds a typical bottle of hand sanitizer. This is affixed to a wall with either screws or double sided tape. A long string is then attached to the dispenser nozzle, and passes down to a foot pedal. By depressing the pedal, it pulls on the string, pulling down the dispenser nozzle and delivering the required sanitizer to the hands. It’s by no means an advanced hack, but one that can be whipped up in a short time to make sanitizing one’s hands just that little bit more pain-free. If you’re still short on sanitizer, you might want to make your own. If you do, let us know how it goes. Otherwise, consider alternate methods of automa...

Red Hat Security Advisory 2020-3207-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a cross site scripting vulnerability. from Packet Storm https://ift.tt/39MzinS

Red Hat Security Advisory 2020-3253-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Issues addressed include a use-after-free vulnerability. from Packet Storm https://ift.tt/2EvKFoK

Red Hat Security Advisory 2020-3254-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Issues addressed include a use-after-free vulnerability. from Packet Storm https://ift.tt/2PfAnLQ

Online Shopping Alphaware version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. from Packet Storm https://ift.tt/3giNbgi

Online Bike Rental version 1.0 suffers from a remote shell upload vulnerability. from Packet Storm https://ift.tt/313x0wQ

Daily Tracker System version 1.0 suffers from a cross site scripting vulnerability. from Packet Storm https://ift.tt/33dQFwP

Daily Tracker System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. from Packet Storm https://ift.tt/30gNe6D

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them. from Packet Storm https://ift.tt/3gjhKSO

With the movie  Man of War shooting in Cyprus, there was a problem. They needed prop guns that looked realistic and ejected cases when fired, but that were also allowed under the country’s firearm laws. The task fell on [Paradym’s] shoulders, and he set to work producing a prop capable of doing the job. With the laws in Cyprus, using anything off-the-shelf like an Airsoft pistol was simply not allowed. Instead, he had to start from scratch, creating a design outwardly similar to the Colt 1911 to suit the era of the film. Using green gas canisters for power, the first focus was on getting a realistic semi-automatic firing cycle happening. With that done, the next goal was to get the cases to eject from the weapon on each shot. To achieve this, a lever was used, actuated by the slide moving back after a shot, pushing the “spent” cartridge out of the port. [Paradym] goes into great deal, covering the design of the 3D printed parts, the machining of springs, as well as the final ass...

Tuning a desktop router and your board designs for isolation routing can be a bit tricky, with thin traces usually being the first victim. For simple prototype boards you usually don’t need tightly packed traces, you just want to isolate the nets. To do this with a minimum amount of routing, [ Michael Schembri] created kicad-laser-min , a command-line utility that takes a Kicad PCB design and expands all the tracks and pads to their maximum possible width. Laser scribed PCB with maximum track widths The software takes one layer of the PCB layout, converts it to black and white, and then runs a C++ Voronoi algorithm on it to dilate each track and pad until it meets another expanding region. Each region is colourised, and OpenCV edge detection is used to produce the contours that need to be milled or etched. A contour following algorithm is then used to create the G-code. The header image shows the output of each step. Full source code is available on GitHub . [ Michael] has had g...

The pandemic has left my usual calendar of events in shambles this year. Where I’d have expected to have spent a significant portion of my summer mingling with our wonderful and diverse community worldwide, instead I’m sitting at home cracking open a solitary Club-Mate and listening to muffled techno music while trying to imagine myself in a field somewhere alongside several thousand hackers. As a knock-on effect of the event cancellations there’s another thing missing this summer, the explosion of creativity in the world of electronic conference badges has faltered. Badges are thin on the ground this year, so the few that have made it to production are to be treasured as reminders that life goes on and there will be another golden summer of hacker camps in the future. This year, the CampZone 2020 badge was given its own voice and perform neat tricks like presenting a programming interface via WebUSB! A Badge, That Isn’t Quite A Badge All the parts laid out CampZone is a Europe...

Hackaday editors Elliot Williams and Mike Szczys go down the rabbit hole of hacky hacks. A talented group of radio amateurs have been recording and decoding the messages from Tianwen-1, the Mars probe launched by the Chinese National Space Administration on July 23rd. We don’t know exactly how magnets work, but know they do a great job of protecting your plasma cutter. You can’t beat the retro-chic look of a Commodore 64’s menu system, even if it’s tasked with something mundane like running a meat smoker. And take a walk with us down MP3’s memory lane. Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments! Direct download (~65 MB) Places to follow Hackaday podcasts: Google Play iTunes Soundcloud Spotify Stitcher RSS Episode 078 Show Notes: New This Week: Hands-On: The Pandemic DEF CON Badge Is An Audio Cassette DEF CON 28 Badge Hacking Stay At Home, HOPE And DEF CON Will Come To You Sat...

Everyone loves a good bubble machine. These oddly satisfying novelty items have brought children and adults mindless entertainment since their inception. [8BitsAndAByte] had the same thought, but wanted to give their bubble machine a taste of the IoT-age . First, they modified an off-the-shelf bubble machine with a Raspberry Pi and relay module. The Pi can easily trigger the bubbling mechanism by controlling power to the machine using the relay. Seems simple enough. The part of this project that might be a bit more unfamiliar to you is controlling the robot over the internet using remo.tv . Remo.tv is a robot controller platform that’s both free and open-source, and we’ve seen [8BitsAndAByte] take advantage of this web controller before . Seems like they’re really getting the hang of it. Their writeup links to a detailed setup guide for configuring the Pi, so hopefully, that’s not too much trouble. Couple the IoT setup with a Pi camera and you’ve got a live stream that’s admittedly ...

from Packet Storm https://ift.tt/3gcGWui

from Packet Storm https://ift.tt/3hMwv10

from Packet Storm https://ift.tt/3k1mheS

from Packet Storm https://ift.tt/3gfQKni

from Packet Storm https://ift.tt/39VgvqV

Twilio, the cloud provider for all things telecom, had an embarrassing security fail a couple weeks ago. The problem was the Amazon S3 bucket that Twilio was using to host part of their public facing content. The bucket was configured for public read-write access. Anyone could use the Amazon S3 API to make changes to the files stored there. The files in question were protected behind Cloudflare’s CDN, but there’s a catch to Cloudflare’s service. If you know the details of the service behind Cloudflare, it can often be interacted with directly. In many cases, knowing the IP address of the server being protected is enough to totally bypass Cloudflare altogether. In this case, the service behind the CDN is Amazon’s S3. Any changes made to the files there are picked up by the CDN. Someone discovered the insecure bucket, and modified a Javascript file that is distributed as part of the Twilio JS SDK. That modification was initially described as “non-malicious”, but in the official incide...

When [Erich Styger] recently got featured on Hackaday with his meta-clock project, he probably was not expecting to get featured again so soon, this time regarding a copyright claim on the ‘meta-clock’ design . This particular case ended with [Erich] removing the original blog article and associated PCB design files, leaving just the summaries, such as the original Hackaday article on the project. Obviously, this raises the question of whether any of this is correct; if one sees a clock design, or other mechanisms that appeals and tries to replicate its looks and functioning in some fashion, is this automatically a breach of copyright? In the case of [Erich]’s project, one could argue that at first glance both devices look remarkably similar. One might also argue that this is rather unavoidable, considering the uncomplicated design of the original. Not copyright, but patent law An inherent property of copyright law in most jurisdictions is that the act of creating a work automatica...

Sometimes the most useful hacks aren’t the flashiest, they’re the ones that improve an already great tool and make something better. Through hole components are still the fastest and perhaps most satisfying way to prototype a new electronics project so it’s extra frustrating when the happy hacker discovers their new devboard is too wide to fit in a standard breadboard. [Tobias] had the same thought and redesigned the standard ESP32 “NodeMCU” style devboard to be almost exactly the same, but narrower. Interactive BOMs make assembly a snap Not to trivialize, but that’s pretty much it. And we love it! The new design retains the great support of the original devboard but adds a few nice tweaks. Obviously there’s the small size change that allows it to fit on a standard 5×5 breadboard leaving sockets available on either side for interfacing. Even in this smaller size [Tobias] managed to retain the boot mode and reset buttons though the overall pinout has changed slightly. And for easie...

Making certain games run on systems which were never designed to run such games (or any games at all) is a favorite hobby of some, with [deater] being no exception. His latest creation involves porting Myst to the Apple II , or ‘demake’ in his own words. This means taking a game that was released in 1993 for MacOS and later for Windows 3.1 and the original PlayStation, and creating a version that works on an 8-bit system from 1977. Obviously the graphical fidelity has been turned down some compared to the 1990s version, but at this stage much of the game’s levels have been implemented. For anyone who has ever played the game before, much of the visuals will be instantly recognizable. According to [deater], the game should run on any Apple II/II+/IIe, with at least 48 kB of RAM, but 64 kB needed for sound effects. If a Mockingboard sound card is installed, it will even play the intro theme. On the project page the (currently) three floppy disks can be downloaded, with the source ava...

[8BitsAndAByte] are back, and this time they’re taking on the comments section with art . They wondered whether or not they can take something as dubious as the comments section and redeem it into something more appealing like art. They started by using remo.tv, a tool they’ve used in other projects , to read comments from their video live feeds and extract random phrases. The phrases are then analyzed by text to speech, and a publicly available artificial intelligence algorithm that generates an image from a text description . They can then specify art styles like modern, abstract, cubism, etc to give their image a unique appeal. They then send the image back to the original commenter, crediting them for their comment, ensuring some level of transparency. We were a bit surprised that the phrase dog with a funny hat generated an image of a cat, so I think it’s fair to say that their AI engine could use a bit of work. But really, we could probably say that about AI as a whole . ...

Namirial SIGNificant SignAnyWhere versions 6.10.60.25434 and 6.10.100.25817 suffer from a persistent cross site scripting vulnerability. from Packet Storm https://ift.tt/2CV4ndr

Red Hat Security Advisory 2020-3248-01 - This release of Red Hat build of Quarkus 1.3.4 SP1 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include XML injection and denial of service vulnerabilities. from Packet Storm https://ift.tt/311h7qT

Red Hat Security Advisory 2020-3241-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Issues addressed include a use-after-free vulnerability. from Packet Storm https://ift.tt/30agZGe

Gentoo Linux Security Advisory 202007-60 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 68.11.0 are affected. from Packet Storm https://ift.tt/2DgRx99

Red Hat Security Advisory 2020-3233-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Issues addressed include a use-after-free vulnerability. from Packet Storm https://ift.tt/2CTzOVt

Red Hat Security Advisory 2020-3230-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and use-after-free vulnerabilities. from Packet Storm https://ift.tt/2EqvcGv

Red Hat Security Advisory 2020-3232-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability. from Packet Storm https://ift.tt/2DoZJ71

Red Hat Security Advisory 2020-3229-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Issues addressed include a use-after-free vulnerability. from Packet Storm https://ift.tt/39GERnR

Red Hat Security Advisory 2020-3226-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability. from Packet Storm https://ift.tt/3hO0u8I

Red Hat Security Advisory 2020-3224-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability. from Packet Storm https://ift.tt/3jVAXMM

Red Hat Security Advisory 2020-3228-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability. from Packet Storm https://ift.tt/3jUiIY3

Red Hat Security Advisory 2020-3227-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupd packages provide a service that allows session software to update device firmware. Issues addressed include buffer overflow, code execution, integer overflow, and use-after-free vulnerabilities. from Packet Storm https://ift.tt/33aY2oE

Red Hat Security Advisory 2020-3223-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupd packages provide a service that allows session software to update device firmware. Issues addressed include buffer overflow, code execution, integer overflow, and use-after-free vulnerabilities. from Packet Storm https://ift.tt/2XbfiGq

Red Hat Security Advisory 2020-3222-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, bypass, denial of service, and use-after-free vulnerabilities. from Packet Storm https://ift.tt/3jWOMKM

Red Hat Security Advisory 2020-3217-01 - The grub2 packages provide version 2 of the Grand Unified Boot Loader, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupdate packages provide a service that allows session software to update device firmware. Issues addressed include buffer overflow, code execution, integer overflow, and use-after-free vulnerabilities. from Packet Storm https://ift.tt/2CTJnDS

Ubuntu Security Notice 4432-1 - Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. Chris Coulson discovered that the GRUB2 function handling code did not properly handle a function being redefined, leading to a use-after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. Various other issues were also addressed. from Packet Storm https://ift.tt/39FbGSl

An obligatory “Future’s so bright I gotta wear… denim” joke is the only way to kick off this article. Sorry! Now that that’s out of the way, how would you turn your own blue jeans into sunglasses? Well you wouldn’t, unless you’ve built an intricate jig for assembling sunglasses frames like [Mosevic] has done. Boiled down, this is like making parts out of carbon fiber, except you swap in denim for the carbon fiber. Several layers of blue jean material are layered in a mold and impregnated with resin. Once hardened, parts can be milled or laser cut from this stock and then assembled into the frames all of the hipsters are after. For us its the assembly jig that’s so interesting to see. [Mosevic] shared it in an unlisted video of an update to the Kickstarter campaign which ran at the end of 2019. The jig is used to align machined parts into stack ups that include brass reinforcement and pins to align layers, as well as the joining for the three parts of the frame via the metal hinges...

With the roughly 20-day wide launch window for the Mars 2020 mission rapidly approaching, the hype train for the next big mission to the Red Planet is really building up steam. And with good reason — the Mars 2020 mission has been in the works for a better part of a decade, and as we reported earlier this year , the rover it’s delivering to the Martian surface, since dubbed Perseverance, will be among the most complex such devices ever fielded. “Percy” — come on, that nickname’s a natural — is a mobile laboratory, capable of exploring the Martian surface in search of evidence that life ever found a way there, and to do the groundwork needed if we’re ever to go there ourselves. The nuclear-powered rover bristles with scientific instruments, and assuming it survives the “Seven Minutes of Terror” as well as its fraternal twin Curiosity did in 2012, we should start seeing some amazing results come back. No prior mission to Mars has been better equipped to answer the essential question: ...

There probably aren’t many people out there who aren’t aware of what thermite is and how it demonstrates the power of runaway exothermic reactions. Practical applications that don’t involve destroying something are maybe less known. This is where the use of thermite for creating welds is rather interesting, as shown in this video by [Finn] that is also embedded after the break. In the video, one can see how [Finn] uses thermite charges to weld massive copper conductors together in a matter of seconds inside a graphite mold. Straight joints, T-joints, and others are a matter of putting the conductors into the mold, pushing a button and watching the fireworks. After a bit of cleaning the slag off, a solid, durable weld is left behind. The official name for this process is ‘ exothermic welding ‘, and it has been in use since the 19th century. Back then it was used primarily for rail welding. These days it sees a lot of use in high-voltage wiring and other applications, as in the linked...

We are fortunate to live in an age surrounded by means of easy communication, and like never before we can have friends on the other side of the world as well as just down the road. But as many readers will know, this ease of communication comes at a price of sharing public and commercial infrastructure. To communicate with privacy and entirely off-grid remains an elusive prize, but it’s one pursued by Scott Powell with his LoRa QWERTY Messenger . This is a simple pager device that forms a LoRa mesh network with its peers, and passes encrypted messages to those in the same group. At its heart is a LoRa ESP32 module with a small OLED display and a Blackberry QWERTY keyboard, and an SD card slot. The device’s identity is contained on an SD card, which gives ease of reconfiguration. It’s doubly useful, because it is also a complement to his already existing Ripple LoRa communication project , that uses a smartphone as the front end for a similar board. We feel this type of secure distri...

The 8721 PLA, or programmable logic array, was one of the chips that had to be invented to make the Commodore 128, the last of the 8-bit computers that formed the leading edge of the early PC revolution, a reality. [ Johan Grip ] got a hold of one of these chips and decided to reverse engineer it , to see what the C-128 designers had in mind back in mid-1980s. PLAs were the FPGAs of the day, with arrays of AND gates and OR gates that could be connected into complex logic circuits. [Johan]’s investigation started with liberating the 8721 die from its package, for which he used the quick and easy method favored by [CuriousMarc]. The next step was tooling up, as the microscope he was using proved insufficient to the task. Even with a better microscope in hand, [Johan] still found the need to tweak it, adding one of the new high-quality Raspberry Pi cameras and motorizing the stage with some stepper motors and a CNC controller board. With optics sorted out, he was able to identify all t...