Kritik sah

The RC world was changed forever by the development of the lithium-polymer battery. No longer did models have to rely on expensive, complicated combustion engines for good performance. However, batteries still lack the energy density of other fuels, and so flying times can be limited. Aiming to build a drone with impressively long endurance, [Игорь Негода] instead turned to hydrogen power. The team fitted a power meter to the plane, aiming a camera at it to measure power draw during flight. With a wingspan of five meters, and similar length, the build is necessarily large in order to carry the hydrogen tank and fuel cell that will eventually propel the plane, which uses a conventional brushless motor for propulsion. Weighing in at 6 kilograms, plenty of wing is needed to carry the heavy components aloft. Capable of putting out a maximum of 200W for many hours at a time, the team plans to use a booster battery to supply extra power for short bursts, such as during takeoff. Thus far,...

You might think the probes in the picture are just funny looking alligator clips. But if you watch [tomtektest’s] recent video, you’ll learn they are really Kelvin probes . Kelvin probes are a special type of probe for making accurate resistance measurements using four wires and, in fact, the probe’s jaws are electrically isolated from each other. We liked [Tom’s] advice from his old instructor: you aren’t really ever measuring a resistance. You are measuring a voltage and a current. With a four-wire measurement, one pair of wires carries current to the device under test and the other pair of wires measure the voltage drop. If you wonder why that’s better than two probes, it all comes down to resistance in the test probes. Pulling supply current through the probe wires — which have some resistance — causes a voltage drop that affects the measurement. While the sense wire pair will also have resistance, the sensing current can be very small which means there will be correspondingly l...

RC cars are a fun pastime, but for many hackers, taking things to the next level involves making the cars drive themselves. For his Masters thesis, [Jon] did just that, building a self-driving robot truck that confidently cruises the floor of his laboratory . The truck is based on a 1/14th scale Tamiya chassis, and had been fitted out by a prior group with an inductive charging system. On top of this platform, [Jon] added a Jetson TX2 to act as the brains of the system, hooking it up with a Slamtec RPLIDAR scanner to map its surrounding environment. There’s also a Teensy microcontroller onboard which handles synthesizing PWM signals for the radio control hardware that drives the truck, and a Logitech webcam up front for machine vision. The truck is capable of operating in a variety of modes, from full manual operation, to driving based on LIDAR mapping or with an AI controlling the truck based on camera data. The truck is programmed to drive a route including an inductive charging pad...

An open-source canine training research tool was just been released by [Walter Arce] and [Jeffrey Stevens] at the University of Nebraska — Lincoln’s Canine Cognition and Human Interaction Lab  (C-CHIL). We didn’t realize that dog training research techniques were so high-tech. Operant conditioning, as opposed to Pavlovian, gives a positive reward, in this case dog treats, to reinforce a desired behavior. Traditionally operant conditioning involved dispensing the treat manually and some devices do exist using wireless remote controls, but they are still manually operated and can give inconsistent results (too many or too few treats). There weren’t any existing methods available to automate this process, so this team decided to rectify the situation. They took a commercial treat dispenser and retro-fitted it with an interface board that taps into the dispenser’s IR sensors to detect that the hopper is moving and treats were actually dispensed. The interface board connects to a Ras...

Many plastics are, in theory at least, highly recyclable. Unfortunately, in reality, most plastic ends up as waste instead, harming the environment and providing no ongoing value to society. Wanting to investigate possible ways to repurpose this material, [Rehaan33] built a rig to create bricks out of waste plastic for a school project. The aim of the project is to take waste plastic, in this case high-impact polystyrene, and reform it into a brick that could be used as a low-cost building material. The material is shredded, before being packed into a steel mould and heated to 270 degrees in an oven. As polystyrene is a thermoplastic, it can readily be heated in this way for reforming without harming the material’s properties. Once heated, the mould is placed into the press rig, which uses parts of an old drill press to force down a steel plate, helping shape the final form of the brick. While you’re unlikely to see old soda bottles used to build a skyscraper in New York any time so...

I did something silly. I bought a lot of ten “broken” cheesy indoor quadcopters on eBay — to hopefully cobble one working one together and to amuse my son. At this point, I’ve got eight working. The bad news is that they all come with dirt-cheap transmitters that aren’t really conducive to flying at all. They’d be a lot more fun if they could be controlled with a real remote. Enter the hackers. Most all of the cheap quads are based on one of a handful of radio chipsets, although they use different protocols. An enterprising hacker could conceivably just bundle together this handful of radio modules, and the rest would be a simple matter of software. That’s exactly what Pascal Langer’s DIY Multiprotocol TX and supporting firmware does. This hobby project was so successful that compatible hardware is manufactured by more than a few Chinese companies, and non-geeks have them installed in their radios. The module lets you control virtually anything that uses 2.4 GHz. Of course, I’ve got ...

Traditional light guns rely on quirks of CRT technology, and thus don’t play well with modern LCD televisions and monitors. However, die hard retro gamers aren’t known for moving on from the classics, and have persevered to build new hardware to suit the games of old. In just this vein, [BrittLiv] grabbed some Nerf blasters, and built a pair of light guns that work with today’s hardware. The build relies on Ultramarc’s light gun kits, which work in a similar way to the original Wiimote. A camera inside the blaster is used to triangulate an LED bar placed on top of the screen for clean and accurate tracking. [BrittLiv] combined the Ultramarc kit with some clever hacks to a Nerf DoubleStrike blaster, stealthily hiding the buttons inside to interface with the original trigger and cocking mechanism, as well as the locking tab in the rail. There’s both a wired and wireless version, and the setup looks to be a great way to enjoy classics like Duck Hunt  and  Point Blank. The blas...

The Raspberry Pi has been with us for over eight years now, and during that time it has seen a myriad operating system ports. It seems that almost anything can be run on the little computer, but generally the offerings have seen minority uptake in the face of the officially supported Raspbian, or as it’s now called , Raspberry Pi OS. Maybe that could change, with the arrival of an Ubuntu release for the platform . For those of you pointing out that this is nothing new, what makes the new version 20.10 release special is that it’s the first official full Ubuntu release, rather than an unofficial port. So Raspberry Pi 4 owners can now install the same full-fat Ubuntu they have on their PCs, and with the same official Ubuntu support. What does this really do for them that Raspberry Pi OS doesn’t? Underneath they share Debian underpinnings, and they both benefit from a huge quantity of online resources should the user find themselves in trouble. Their repositories both contain almost eve...

If you aren’t old enough to remember when computers had front panels, as [Patrick Jackson] found out after he built a replica Altair 8800, their operation can be a bit inscrutable. After figuring it out he made a pair of videos showing the basics, and then progressing to a program to add two numbers. Even when the Altair was new, the days of front panels were numbered. Cheap terminals were on their way and MITS soon released a “turnkey” system that didn’t have a front panel. But anyone who had used a minicomputer from the late 1960s or early 1970s really thought you needed a front panel. You may never program an Altair by the front panel, but it is still an interesting glimpse into what computing looked like only a few decades ago. While you might think that the front panel was a mere curiosity, it was not unusual to have to key in a bootloader program manually so you could then load other software — often a better bootloader — from paper or magnetic tape. Some computers even had t...

Back in 2018, we covered [Igor’s] Easy-SDR project that aimed to provide open hardware extensions for the chap RTL-SDR receivers. If you haven’t been there for a while, it’s worth a look as there have been many recent updates. According to the author’s Reddit post: Most of the devices are now prepared for installation in a metal case measuring 80 x 50 x 20 millimeters. There’s a completely redesigned LNA design. Now, Bias Tee powered amplifiers are housed in a 50 x 25 x 25mm metal case and have N-type connectors. There’s an added amplifier based on the PGA-103 microcircuit. Added is the ability to install filters in final amplifiers (a separate printed circuit board, depending on the filter used). A new device – SPDT antenna switch for receiving antennas. The upconverter has been redesigned. Added intermediate buffer stage between the crystal generator and mixer. RF lines in all devices were recalculated to correspond to the characteristic wave impedance of 50 Ohm. Reduced si...

Hackers love a good clock build, but its longer term cousin, the calendar, is more seldom seen in the wild. Regardless, they can be just as useful and elegant a project, as this cryptic design from [Wolfspaw] demonstrates. The project consists of a series of rotating wheels, displaying a series of arcane symbols. When the markings on the wheel align correctly with the viewing window, they display the date, month, and day of the week, respectively. The wheels themselves are fitted with 3D printed gear rings, which are turned by stepper motors under the control of an Arduino Nano. Hall effect sensors and magnets are used to keep everything appropriately aligned, while a DS3231 real time clock handles timekeeping duties. It’s a tidy build, and we think the cryptic design adds a little mystery, making this an excellent conversation piece. The build is actually a remix of a project we’ve featured before , scaled and given a unique twist to suit [Wolfspaw]’s own personal aesthetic. Video a...

Recent price drops put entry level masked stereolithography (MSLA) resin 3D printers at around $200 USD, making them a very compelling tool for makers and hackers. But as you might expect, getting the price this low often involves cutting several corners. One of the ways manufacturers have made their machines so cheap is by simplifying the electronics and paring down the feature set to the absolute minimum. So it was hardly a surprise for [Luiz Ribeiro] to find that his new Elegoo Mars Pro didn’t offer WiFi connectivity or a remote control interface . You’re supposed to just stick a USB flash drive into the printer and select the object you want to print from its menu system. But that doesn’t mean he couldn’t hack the capability in himself. Monitoring a print with Mariner. If this were a traditional 3D printer, he might have installed OctoPrint and been done with it. But resin printers are a very different beast. In the end, [Luiz] had to develop his own remote control software th...

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release. from Packet Storm https://ift.tt/3kKIu0O

The Microsoft Windows Kernel Cryptography Driver (cng.sys) exposes a \Device\CNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape). from Packet Storm https://ift.tt/35T2FDy

Simple College Website version 1.0 suffers from code execution and remote SQL injection vulnerabilities. from Packet Storm https://ift.tt/3mDYKS4

Wondershare Dr.Fone version 3.0.0 suffers from an unquoted service path vulnerability. from Packet Storm https://ift.tt/3oDGI4d

Citadel WebCit versions prior to 926 suffer from a session hijacking vulnerability. from Packet Storm https://ift.tt/3mPQgr9

Agent Tesla Botnet suffers from a cross site scripting vulnerability. from Packet Storm https://ift.tt/2TIhGSU

DedeCMS version 5.8 suffers from a cross site scripting vulnerability. from Packet Storm https://ift.tt/3mwzwEW

CSE Bookstore version 1.0 suffers from a persistent cross site scripting vulnerability. from Packet Storm https://ift.tt/35NvhOB

The animated video combined with the 3D-printed prop makes for an excellent effect. Carving Jack O’ Lanterns out of pumpkins is a favorite Hallowe’en tradition for many, but relying on candles and knives is decidedly low-tech. [Lewis] of [DIY Machines] decided to whip up something a little more animated to scare the local trick-or-treaters instead. The build consists of 3D printed pumpkins, lit from behind with a low-cost projector. Driven by a Raspberry Pi, the projector plays video files that project animated faces onto the pumpkins. The effect is great, giving the illusion of a real anthropomorphic Jack O’ Lantern sitting on your very porch. To control the system, a series of arcade buttons are hooked up to the Raspberry Pi allowing visitors to activate a song, a scare, or a story. It’s a fun build that is a great way to add some interactivity to your Hallowe’en decorations. If you want to take your work up a notch, consider projecting on to your whole house . Video after the b...

from Packet Storm https://ift.tt/2Jmx99z

from Packet Storm https://ift.tt/2Ge0mCp

from Packet Storm https://ift.tt/37XW4L0

from Packet Storm https://ift.tt/35RYEPE

It wouldn’t be October without Halloween, and it wouldn’t be Halloween without some spooky music. There’s no instrument spookier than a Theremin, which also happens to be one of the world’s first electronic instruments. Leon Theremin plays his namesake instrument. Image via Linda Hall Library You’ve no doubt heard the eerie, otherworldly tones of the Theremin in various 1950s sci-fi films, or heard the instrument’s one-of-a-kind cousin, the Electro-Theremin in “Good Vibrations” by the Beach Boys. The Theremin turns 100 years old this month, so we thought we’d take a look at this strange instrument. One hundred years ago, a young Russian physicist named Lev Sergeyevich Termen, better known as Leon Theremin, was trying to invent a device to measure the density of various gases. In addition to the standard analog needle readout, he wanted another way to indicate the density, so he devised an oscillator whistle that would change pitch based on the density. He discovered by accident ...

Hackaday editors Mike Szczys and Elliot Williams dig through the greatest hacks that ought not be missed this week. There’s a wild one that flexes engineering skills instead of muscles to beat the homerun distance record with an explosively charged bat. A more elegant use of those engineering chops is shown in a CNC software tool that produces intricate wood joinery without needing an overly fancy machine to fabricate it. If your flesh and blood pets aren’t keeping up with your interests, there’s a new robot dog on the scene that far outperforms its constituent parts which are 3D-printed and of the Pi and Arduino varieties. And just when you thought you’d seen all the craziest retrocomputers, here’s an electromechanical relay based machine that took six years to build (although there’s so much going on here that it should have taken sixteen). Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments! Direct d...

While the cost of a hobby-grade remote control transmitter has dropped significantly over the last decade or so, even the basic models are still relatively expensive. It’s not such a big deal if you only need to get one for personal use, but for a school to outfit a classroom’s worth of students their own radios, they’d need to have a serious STEM budget. Which is why [Miharix], himself an educator with a decade of experience, developed a project that leverages the ESP8266 to create affordable RC vehicles that can be controlled with a smartphone’s web browser. There’s a bit of irony at play since the smartphones are more expensive than the RC transmitters would have been; but with more and more school-age kids having their own mobile devices, it takes the cost burden off of the educators. Depending on the age of the students, the teacher would only need to keep a couple of burner phones on hand for student that doesn’t have a device of their own. A custom PCB makes connections easi...

[Masato Kinugawa] found a series of bugs that, when strung together, allowed remote code execution in the Discord desktop app . Discord’s desktop application is an Electron powered app, meaning it’s a web page rendered on a bundled light-weight browser. Building your desktop apps on JavaScript certainly makes life easier for developers, but it also means that you inherit all the problems from running a browser and JS. There’s a joke in there about finally achieving full-stack JavaScript. The big security problem with Electron is that a simple Cross Site Scripting (XSS) bug is suddenly running in the context of the desktop, instead of the browser. Yes, there is a sandboxing option, but that has to be manually enabled. And that brings us to the first bug. Neither the sandbox nor the contextIsolation options were set, and so both defaulted to false. What does this setting allow an attacker to do? Because the front-end and back-end JavaScript runs in the same context, it’s possible for...

As a general rule, it’s not nice to prank your mother. Moms have a way of exacting subtle revenge, generally in the form of guilt. That’s not to say it might not be worth the effort, especially when the prank is actually wrapped in a nice gesture, like this ever-changing e-paper family photo frame . The idea the [CNLohr] had was made possible by a new generation of multicolor e-paper displays by Waveshare . The display [Charles] chose was a generous 5.65″ unit with a total of seven colors. A little hacking revealed an eighth color was possible, adding a little more depth to the images. The pictures need a little pre-processing first, of course — dithering to accommodate the limited palette — but look surprisingly good on the display. They have a sort of stylized look, as if they were printed on a textured paper with muted inks. The prank idea was simple — present [Mrs. Lohr] with a cherished family photo to display, only to find out that it had changed to another photo overnight. The...

The Japan Aerospace Exploration Agency ( JAXA ) recently contributed their Int-Ball   technology to a Kickstarter campaign  operated by the Japanese electronics manufacturer / distributor Bit Trade One  (Japanese site). This technology is based on the Cubli project out of the Swiss Federal Institute of Technology in Zurich (ETH Zurich), which  we covered back in 2013 . The Cubli-based technology has been appearing in various projects since then, including the Nonlinear Mechatronic Cube in 2016.  Alas, the current JAXA-based “3-Axis Attitude Control Module” project doesn’t have a catchy name — yet. One interesting application of these jumping cubes, presumably how JAXA got involved with these devices, is a floating video camera  that was put to use on board the International Space Station (ISS) in 2017.  The version being offered by the Kickstarter campaign doesn’t include the cameras, and you will need to provide your own a gravity-free en...

Modern electronics such as phone and laptop chargers are pretty versatile no matter where you find yourself in the world. Capable of running off anything from 100-250V, all you need is a socket adaptor and you’re good to go. Video game consoles of the 1990s weren’t so flexible however. [MattKC] was tired of messing around with step down transformers to run his US market N64, and decided to rectify this, building a universal adapter to run the console instead. It’s a proper hacked build, assembled out of a jumble of old parts. An broken N64 power adapter was harvested for its case and unique DC plug, which carries 12V and 3.3V to the console. Few compact power supplies exist delivering this pair of voltages, so [MattKC] got creative. An old router was sourced for its 12V 2A supply, and was combined with a 3.3V buck converter to supply both rails. With some creative bodging and plenty of mounting tape, the supplies were crammed inside the original case and wired up to the original jack ...

Certified space-nerd and all-around retro-tech guru [Fran Blanche] has just outdone herself with a comprehensive look at how NASA ran the Mission Control “Big Boards” that provided flight data for controllers for Apollo and for the next 20 years of manned spaceflight. We’ve got to admit, [Fran] surprised us with this one. We had always assumed that the graphs and plots displayed in front of the rows of mint-green consoles and their skinny-tie wearing engineers were video projections using eidophor projectors. And to be sure, an eidophor, the tech of which [Jenny] profiled a while back, was used on one of the screens to feed video into Mission Control, either live from the Moon or from coverage of the launch and recovery operations. But even a cursory glance at the other screens in front of “The Pit” shows projections of a crispness and clarity that was far beyond what 1960s video could achieve. Instead, plots and diagrams were projected into the rear of the massive screens using a ...

What could be more terrifying than ghosts, goblins, or clowns? How about a shapeless pile of fright on your bedroom floor that only moves when you’re not looking at it? That’s the idea behind [Sciencish]’s nightmare robot , which is lurking after the break. The Minecraft spider outfit is just a Halloween costume. In this case, “looking at it” equates to you shining a flashlight on it, trying to figure out what’s under the pile of clothes. But here’s the thing — it never moves when light is shining on it. It quickly figures out the direction of the light source and lies in wait. After you give up and turn out the flashlight, it spins around to where the light was and starts moving in that direction. The brains of this operation is an Arduino Uno, four light-dependent resistors, and a little bit of trigonometry to find the direction of the light source. The robot itself uses two steppers and printed herringbone gears for locomotion. Its chassis has holes in it that accept filament or w...

from Packet Storm https://ift.tt/3jF3F38

from Packet Storm https://ift.tt/3oC96n9

from Packet Storm https://ift.tt/34F7RLY

from Packet Storm https://ift.tt/3mvu1GA

from Packet Storm https://ift.tt/2HKAkaC

Ubuntu Security Notice 4610-1 - It was discovered that fastd did not properly handle receive buffers under certain circumstances. A remote attacker could possibly use this issue to cause a memory leak, resulting in a denial of service. from Packet Storm https://ift.tt/3oDYjJa

Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 remote code execution exploit. from Packet Storm https://ift.tt/2TCNVDf

Microsoft Edge suffers from information disclosure and remote code execution vulnerabilities. Affected builds include 85.0.564.83, 85.0.564.86, 85.0.564.70, 86.0.622.38, 86.0.622.43, 86.0.622.48, 86.0.622.51, and 86.0.622.56. from Packet Storm https://ift.tt/37RWRNt

Red Hat Security Advisory 2020-4401-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Issues addressed include an XML injection vulnerability. from Packet Storm https://ift.tt/3oG2V1e

Genexis Platinum-4410 version P4410-V2-1.28 suffers from a cross site request forgery vulnerability. from Packet Storm https://ift.tt/3kDKYyc

Lot Reservation Management System version 1.0 suffers from a persistent cross site scripting vulnerability. from Packet Storm https://ift.tt/35FfilG

Lot Reservation Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. from Packet Storm https://ift.tt/37P2oEo

Icewarp WebMail version 11.4.5.0 suffers from a cross site scripting vulnerability. from Packet Storm https://ift.tt/3jEdrTb

Ubuntu Security Notice 4609-1 - Fabian Henneke discovered that GOsa incorrectly handled client cookies. An authenticated user could exploit this with a crafted cookie to perform file deletions in the context of the user account that runs the web server. It was discovered that GOsa incorrectly handled user access control. A remote attacker could use this issue to log into any account with a username containing the word "success". Various other issues were also addressed. from Packet Storm https://ift.tt/3e5761Y

Mailman versions 1.x up through 2.1.23 suffer from a cross site scripting vulnerability. from Packet Storm https://ift.tt/3kG8Ukv

Point of Sales version 1.0 suffers from a persistent cross site scripting vulnerability. from Packet Storm https://ift.tt/3mEL4Gt

Red Hat Security Advisory 2020-4402-01 - Red Hat JBoss Enterprise Application Platform 7.3 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3. Issues addressed include an XML injection vulnerability. from Packet Storm https://ift.tt/3oEPChx

Online Examination System version 1.0 suffers from a persistent cross site scripting vulnerability. from Packet Storm https://ift.tt/34Bkhob

We’ve all run into situations where the right part for the job isn’t something that you can just buy off the shelf. In a lot of cases, 3D-printing is the cure for that problem, but sometimes you need to go big with tough parts for a tough job. These custom molded urethane battlebot wheels are a great example of that. (Video, embedded below.) The robotic warrior in question is “Copperhead”, a heavyweight death-dealer that has competed on the “BattleBots” show on TV. It’s an incredibly stout machine with a ridiculous 50 pound (23 kg) drum of spinning tool-steel on the front to disassemble competitors. Add to that the sheer mass of the bot’s armor plating and running gear, throw in the need to withstand the punishment meted out by equally diabolical weapons, and standard wheels are not going to fly. As [Robert Cowan] details in the video below, nothing but the sturdiest wheels will do, so the bot builders mold custom wheels with integrated hubs. The four-piece mold was machined out of ...

In the Star Wars universe, not everyone uses a lightsabe, and those who do wield them had to build them themselves. There’s something to be said about that strategy. Building a car or a radio is a great way to learn how those things work. That’s what [Low Level JavaScript] points out about regular expressions. Sure, a lot of people think they are scary. So why not write your own regular expression parser and engine ? Get that under your belt and you’ll probably never fear another regular expression. Of course, most of us probably won’t do it ourselves, but you can still watch the process in the video below. The code is surprisingly short, but don’t expect all the bells and whistles you might find in Python or even Perl. In the hands of the skilled, regular expressions are very powerful and offer a quick way to split apart text data. Like a lot of powerful ideas, the basic concept — that of a finite state machine — is really simple. It is the application to real problems that becomes...

[Plasmode] has created several Z80-compatible board designs, at least four of them using the oddball Z280 . The Z280 was a special variant of a Z80 that could bootstrap itself with no external PROM, making it ideal for anyone trying to build a system on a breadboard. According to his post, the cost to build the board is about $35. Although the 8080 CPU got a lot of glory, it was much harder to use than the Zilog Z80. The Z80 only required a single clock and power supply, so it was much easier to build a system, even on a breadboard. On top of that, the bus wasn’t multiplexed and it could refresh DRAM memory by itself. Maybe that’s why you can still get Z80-derived chips readily. There was one thing, though, you needed an EPROM or some other way to run some initial code to bootstrap your system. Zilog knew this a problem. In those days, you had to use a special tool to burn a PROM and unless it was erasable (and you had the special UV light to erase it), any mistakes cost you a chip. ...

Every holiday has a few, dedicated individuals committed to “going all out.” Whether they’re trying to show up the neighbors, love the look, or just want to put a smile on the faces of those passing by; the results are often spectacular. A recent trend in decorations has been away from analog lights and ornaments and towards digital light shows via a projector. [Georgia Clegg] and [Luma Bakery] have written up a fantastic guide detailing the involved process of house projection for those feeling the holiday spirit. There is more to the effect than simply pointing a projector at a home and running a video clip. The good displays make use of the geometry of the home and the various depths of the walls don’t distort the picture. The house itself is mapped into the image being displayed. There are generally two approaches to mapping: point of view mapping and neutral/orthographic mapping. The first is just setting the projector in a fixed position and designing the graphics in such a wa...

Python is an absolutely fantastic language for tossing bits of data around and gluing different software components together. But eventually you may find yourself looking to make a program with an output a bit more advanced than the print() statement. Once you’ve crossed into the land of graphical Python programming, you’ll quickly find that the PyGame library is often recommended as a great way to start pushing pixels even if you’re not strictly making a game. Today, the project is celebrating an incredible milestone: 20 years of helping Python developers turn their ideas into reality. Started by [Pete Shinners] in 2000 as a way to interface with Simple DirectMedia Layer (SDL), the project was quickly picked up by the community and morphed into a portable 2D/3D graphics library that lets developers deploy their code on everything from Android phones to desktop computers. Things haven’t always gone smoothly for the open source library, and for awhile development had stalled out. Bu...

Red Hat Security Advisory 2020-4381-01 - The openstack-selinux package is a collection of SELinux policies for running OpenStack on Red Hat Enterprise Linux. from Packet Storm https://ift.tt/3mwXSyw

Ubuntu Security Notice 4608-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.44 version of the Mozilla certificate authority bundle. from Packet Storm https://ift.tt/3oKK31o

Oracle Business Intelligence Enterprise Edition versions 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 suffer from local file inclusion and directory traversal vulnerabilities. from Packet Storm https://ift.tt/3kDjYyP

God Kings version 0.60.1 suffers from an improper authorization issue allowing for in-game notification spoofing. from Packet Storm https://ift.tt/37P2zzC

Gentoo Linux Security Advisory 202010-8 - Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 82.0 are affected. from Packet Storm https://ift.tt/3mz9H7p

CSE Bookstore version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. from Packet Storm https://ift.tt/3kIvyZC

Ubuntu Security Notice 4607-1 - It was discovered that OpenJDK incorrectly handled deserializing Proxy class objects with many interfaces. A remote attacker could possibly use this issue to cause a denial of service via a specially crafted input. Sergey Ostanin discovered that OpenJDK incorrectly restricted authentication mechanisms. A remote attacker could possibly use this issue to obtain sensitive information over an unencrypted connection. Various other issues were also addressed. from Packet Storm https://ift.tt/3mwXNuI

Nagios XI version 5.7.3 mibs.php remote command injection exploit. from Packet Storm https://ift.tt/35CewWA