Posts

Showing posts from February, 2021

Tim Hunkin Rides Again With The Secret Life Of Components

Image
Long-time readers may remember one of the occasional Engineering Heroes series that focused on the British engineer, inventor and sometime TV presenter Tim Hunkin, known for his intricate creations, unusual arcade machines, and Secret Life Of Machines TV series’ from the years around 1990. It seems we’re now in for a fresh treat as he’s returning to our screens via YouTube with a new series.  The Secret Life Of Components will be his attempt to pass on the accumulated knowledge of a long career that most of us would have given our eyeteeth for. There will be eight videos in the series which launches on the 4th of March, and judging by the snippets in the preview video below the break he’ll be covering a wide range including springs, adhesives, chains, belts, switches, and much more. His entertaining style and beautifully built working models are guaranteed to make for some very good content while giving a unique view into the workshop of a true master of the craft. As an appet...

Reliable Frequency Reference from GPS

GPS technology is a marvel of the modern world. Not only can we reliably locate positions on the planet with remarkable accuracy and relatively inexpensive hardware, but plenty of non-location-based features of the technology are available for other uses as well. GPS can be used for things like time servers, since the satellites require precise timing in order to triangulate a position, and as a result they can also be used for things like this incredibly accurate frequency reference . This project is what’s known as a GPSDO, or GPS-disciplined oscillator. Typically they use a normal oscillator, like a crystal, and improve its accuracy by pairing it with the timing signal from a GPS satellite. This one is a standalone model built by [Szabolcs Szigeti] who based the build around an STM32 board. The goal of the project was purely educational, as GPSDOs of various types are widely available, but [Szabolcs] was able to build exactly what he wanted into this one including a custom power su...

Hackaday Links: February 28, 2021

In an announcement that came as a surprise to few, NASA now says that landing humans on the Moon by 2024 is no longer likely . Acting administrator Steve Jurczyk lays the blame at the feet of Congress, for failing to provide the funds needed for Human Landing Systems development, a critical step needed to meet the aggressive overall timeline. The announcement doesn’t mark the end of the Artemis program; in fact, NASA is continuing to work on a realistic timeline for getting boots back on the lunar surface, and a decision on which of the three submitted proposals for a lunar lander will be further developed should be coming in the next few months. As far as we can see, this is simply an adjustment to the original timeline for a landing, but given the stunning recent success of Perseverance showing just what robots can do, we’d expect pushback from some quarters on the need for human exploration. The entry-level 3D design market was thrown into considerable turmoil last year when Autode...

BGA Soldering and Inspection

Image
If you want to build cool things these days, you’ve probably had to master surface mount electronics. However, for many people, ball grid array (BGA) is still intimidating. Have a look at [VoltLog’s] video about his techniques for soldering BGA and inspecting that you managed to do it right. He’s got quite a few tips about things like surface finish and flux selection. It looks easy when he does it. Of course, having a good PCB with good registration markings will help too. You can’t get a soldering iron under the part, of course. A hot plate provides heat from underneath. A gentle push from a hot air gun will push the solder balls over the melting edge. Even taking the part off the hotplate requires a special technique. Without seeing the result, how can you know if it was successful? Pros can use an X-ray machine, but you probably don’t have one of those sitting in your shop. [VoltLog] uses a DVM and tests the internal protection diodes that the chip almost certainly has on its ...

Hidden TV-Out On The Nintendo DS Lite

The Game Boy DS Lite was one of Nintendo’s most popular handheld gaming consoles, but unbeknownst to all, it has a hidden feature that could have made it even more popular. Digging through the hardware and firmware of the DS Lite, the [Lost Nintendo History] team discovered the System-on-Chip (SoC) in the Game Boy DS Lite can output a composite video signal . The SoC can output a 10-bit digital output running at 16.7 MHz, but it is disabled by the stock firmware early in the boot process, so custom firmware was required. It still needs to be converted to an analog signal, so a small adaptor board with a DAC (digital-analog converter) and op-amp is attached to the flex cable of the upper screen. A set of buttons on the board allow you to select which screen is displayed on the TV. The adaptor board is open source, and the Gerbers and schematics are available on GitHub . The current version of the adaptor board disables the upper screen, but the [Lost Nintendo History] team is consider...

Fail of the Week: How not to Build a Filament Extruder

Image
It would be great if you could create your own filament. On the face of it, it seems easy to do, but as [Thomas Sanladerer] found out when he was a student, there are a lot of details that can bedevil your design. His extruder sort of works, but he wouldn’t suggest duplicating his effort. In fact, he hopes you can learn what not to do if you try to do it yourself. In all fairness, [Thomas] was a low-budget student and was trying to economize. For example, he tried using a drill to drive the auger. Why not? It looks like a drill bit. But he found out that wasn’t satisfactory and moved to a pair of wiper motors with their built-in gear train. The wiper motors allowed him to get some ABS filament, but the machine had more troubles. Other lessons learned were to keep the water cooling tank closed so water doesn’t splash out onto electronics, and that it is hard to look at filament with a CCD sensor. The controller is a simple Arduino. There are three heat zones before the plastic reac...

Nissan’s Office Pod Concept is a Productivity Paradise on Wheels

Image
All this working from home is pretty great, but we have to admit that we miss packing up the Hackaday office and heading for the local coffeehouse once in a while to spend a few hours writing against the buzzing background. One thing we don’t miss about the experience is that you’re never guaranteed a place to sit and spread out. And unless you trust a friendly stranger to keep an eye on your stuff while you’re in the bathroom, you have to take it with you at the risk of losing your table. If only we could afford one of Nissan’s mobile office pod concept vehicles . We’ve always wanted to pretend we’re doing surveillance and would probably have the thing wrapped with graphics for a fake flower shop or something. That would certainly make it easier to park somewhere and borrow someone’s open Wi-Fi network  — maybe even from the coffeehouse parking lot after we hit the drive-thru. As you’ll see in the extended tour video below, Nissan seem to have thought of everything except restro...

OnShape to Robot Models Made Easier

Image
We live in a time where our phones have computing power that would have been the envy of NASA a few decades ago. So, in theory, we should be able to simulate just about anything. Thanks to [rhoban], robots you design in OnShape — a popular CAD tool — are now easier to simulate using several common simulation tools . Electronic circuits are pretty easy to simulate, because we typically draw schematics and circuit simulators can capture those schematics readily. But simulating physics for robotic designs is a bit trickier. Gazebo and Pybullet both can use SDF files or URDF. However, building those files is often a separate process from actual physical design even though you probably did the design using a CAD tool. Even if you don’t use OnShape, you can probably import your preferred format and then bridge to the simulation file format without having to manually recreate your design. You can see the author walk through the process in the video below. The program does use the OnShape A...

How to Monitor Blood Pressure Without Raising It

Does anyone actually enjoy the sensation of being squeezed by a blood pressure cuff? Well, as Mom used to say, it takes all kinds. For those who find the feeling nearly faint-inducing, take heart: researchers at UC San Diego have created a non-invasive medical wearable with a suite of sensors that can measure blood pressure and monitor multiple biochemicals at the same time . The device is a small, flexible patch that adheres to the skin. So how does it manage to measure blood pressure without causing discomfort? The blood pressure sensor consists of eight customized piezoelectric transducers that bounce ultrasonic waves off the near and far walls of the artery. Then the sensor calculates the time of flight of the resulting echoes to gauge arterial dilation and contraction, which amounts to a blood pressure reading. This patch also has a chemical sensor that uses a drug called pilocarpine to induce the skin to sweat, and then measures the levels of lactate, caffeine, and alcohol foun...

A PCB for a Quarter?

Image
As time has gone by and PCB assembly companies have reached further into the space of affordability for our community, the available types of board have multiplied. No longer are we limited to FR4 with a green solder mask, we can have all colours of the rainbow and a variety of substrates. The folks at BotFactory have taken things a step further with their PCB printer though, by printing a fully-functional PCB on a quarter . As a base layer the printed five passes of insulation on the coin, before printing the traces. Holes are left in the insulation to create a form of via that connects to the coin. On the board is an ATtiny2313 microcontroller that flashes an LED, and on the reverse side of the coin is a CR2032 cell that’s secured with a set of bolts and washers. You can see it taking shape in the video below the break. It’s true that an LED flasher isn’t exciting, and that this is a marketing stunt for BotFactory’s printer. But it’s an inventive one, and reminds us that with a bit...

Pool Noodle Robot Shines A Light On The Pros and Cons Of Soft Robots

Image
[James Bruton]’s impressive portfolio of robots has always used conventional rigid components, so he decided to take a bit of a detour and try his hand at a soft robot. Using a couple of few inflatable pool noodles for quick prototyping, his experiments quickly showed some of the strengths and weaknesses of soft robots . Most of the soft robots we see require an external air source to inflate cells in the robot and make the limbs actuate. Taking inspiration from a recent Stanford research project , [James] decided to take an alternative approach, using partially inflated tubes and squeezing them in one section to make the other sections more rigid. He bought a couple of cheap pool noodles and experimented with different methods of turning them into actuators. The approach he settled on was a pair of noodles tied together side by side, and then folded in half by an elastic cord. As one end is squeezed by a servo bellows, the internal pressure overcomes the tension from the elastic cor...

Circle Full of LEDs Becomes a Clock

Image
Building a clock of some sorts seems to be a time honored tradition for hackers and LED clocks seem one of the most popular. You can build anything from a seven-segment display to a binary clock or something even more fancy. [Clueless] found a circle of LED rings online and with made an LED version of an analog clock . The rings aren’t wired together, and it seems like these are designed to be separated, but it’s pretty easy to wire them together in order to have a circle of individually accessible RGB LEDs.  Each hand of the clock is a different color and is antialiased to give a smoother look, since the LEDs don’t line up.  [Clueless] wanted the second hand to rotate smoothly, so it is updated using the milliseconds as an offset to the second.  An ESP8266 runs the code and controls the LEDs getting the time from an NTP server. Occasionally, [Clueless] has the clock display a quick effect, such as a Pac-man or a radar scan animation. All the files are up on the Githu...

Exploring The Open Source That Really Goes Into A RISC-V Chip

Image
It’s an exciting time in the world of microprocessors, as the long-held promise of devices with open-source RISC-V cores is coming to fruition. Finally we might be about to see open-source from the silicon to the user interface, or so  goes the optimistic promise. In fact the real story is considerably more complex than that, and it’s a topic [Andreas Speiss] explores in a video that looks at the issue with a wide lens. He starts with the basics, looking at the various layers of a computer from the user level down to the instruction set architecture. It’s a watchable primer even for those familiar with the topic, and gives a full background to the emergence of RISC-V. He then takes Espressif’s ESP32-C3 as an example, and breaks down its open-source credentials. The ISA of the processor core is RISC-V with some extensions, but he makes the point that the core hardware itself can still be closed source even though it implements an open-source instruction set. His conclusion is that...

Printing Yoda Heads: Re-Makers Riffing!

Image
We had a comment recently from a nasty little troll (gasp! on the Internet!). The claim was that most makers are really just “copiers” because they’re not doing original work, whatever that would mean, but instead just re-making projects that other people have already done. People who print other peoples’ 3D models, or use other peoples’ hardware or software modules are necessarily not being creative. Debunking a cheap troll isn’t enough because, on deeper reflection, I’m guilty of the same generic sentiment; that feeling that copying other people’s work isn’t as worthy as making your own. And I think that’s wrong! In the 3D printing world in particular, I’m guilty of dismissively classifying projects as “Yoda Heads”. About ten years ago, [chylld] uploaded a clean, high-res model of Yoda to Thingiverse, and everyone printed it out. Heck, my wife still has hers on her desk; and alone this is proof that straight-up copying has worth, because it made a sweet little gift. After a while, ...

A Very Modern Tube Headphone Amplifier

Once a discarded relic, over the years the humble vacuum tube has been rehabilitated in the arena of specialist audio. There are plenty of tube amplifiers now being manufactured, with a popular choice being headphone amplifiers that use a tube as a gain stage followed by an op-amp as a buffer with a low impedance output. This forms the basis of [ Ratti3 ]’s amplifier , but with the added interest of a battery supply and a Bluetooth connection. The tube circuit is a very conventional anode follower using an EF95 pentode. This provides plenty of gain and of course that “valve sound” beloved of audio enthusiasts, but suffers from an output impedance too high to drive a set of headphones. An NE5532 steps in for the op-amp buffer role, making for a very simple circuit. Power comes from a set of four 18650 Lithium-Ion cells with associated charger and balance boards, while a little switching boost converter provides the 100 volt HT for the tubes. We’ve visited this type of amplifier before...

Sounding the Humble LED

Image
Here at Hackaday we’re no strangers to the colorful glow of LEDs. But what if there was more to appreciate beneath the surface? Back in 2011 [Windell] over at Evil Mad Scientist dug into a certain variety of LED and discovered they had a song to sing . Over the last couple decades, you’ve likely encountered the flickering “candle flame” variety of LED. Often found embedded in small plastic candle simulacra they are shaped like typical through hole “gumdrop” style LEDs, but pack some extra magic which causes them to flicker erratically. Coupled with a warm white color temperature the effect isn’t entirely dissimilar to the flickering of a candle flame. To the Hackaday reader (and [Windell]) the cause of the flickering may be fairly clear, there is an IC embedded in the lens of the LED. See photo at top for an example of how this might look, helpfully magnified by the lens of the LED itself. Looking through the lens the captive die is visible, as well as the bond wires connecting it to...

Bottle Filler Perfectly Tops Your Cup

Image
You know those bottle fillers at schools and airports? What if you had one of those at home? We know what you’re going to say: “My fridge has one of those!” Well ours doesn’t, and even though [Chris Courses’] fridge did, his bottle of choice didn’t fit in the vertically-challenged water and ice hutch, nor did it fill autonomously. The solution was to build a dubiously placed, but nonetheless awesome custom bottle filler in his kitchen . The plumbing for the project couldn’t be more straight-forward: a 5-year undersink water filter, electronically actuated valve, some tubing, and a T to splice into the existing water line going to the fridge. Where the rubber hits the road is making this look nice. [Chris] spends a lot of time printing face plates, pouring resin as a diffuser, and post processing. After failing on one formulation of resin, the second achieves a nice look, and the unit is heavily sanded, filled, painted, prayed over, and given the green light for installation. For the...

The Famous Basic Computer Games Book Gets a 2021 Update

If you are a certain age, your first programming language was almost certainly BASIC. You probably at least saw the famous book by Ahl, titled BASIC Computer Games or 1010 BASIC Computer Games. The book, published in 1973 by [David Ahl] was a staple in its day and the first computer book to sell over one million copies. Of course, if you want to run Super Star Trek or Hamurabi, you better fire up an old retrocomputer or a simulator because BASIC in 1973 doesn’t look like what we have today. Or, you can head to GitHub where [coding-horror] is inviting people to help update the programs using modern languages. One of our favorites, Bagels, is there with directories for C#, Java, Javascript, Python, Ruby, and VB.net. It doesn’t appear that all of the games are in all the languages, though. There’s also a .Net solution file that apparently has a few entries in it. We were also happy to see Super Star Trek represented, along with a link to an article about a C++ language port . The origin...

3D Printed Printing Press Turns You into Gutenberg

A few machines have truly changed the world, such as the wheel, steam engines, or the printing press. Maybe 3D printers will be on that list one day too. But for today, you can use your 3D printer to produce a working printing press by following plans from [Ian Mackay] . The machine, Hi-Bred , allows you to place printed blocks in a chase — that’s the technical term — run a brayer laden with ink over the type blocks and hand press a piece of paper with the platen. The idea is more or less like a giant rubber stamp. As [Ian] points out, one way to think about it is that white pixels are 0mm high and black pixels are 3mm high. He suggests looking at old woodcuts for inspiration. This might be just the thing for doing something fancy like custom invitations. Seems like it would be pretty hard to do a booklet or magazine, although anything is possible if you are patient. Real type was made with lead and we doubt the plastic type will be quite as durable. Of course, if you just want the...

Ubuntu Security Notice USN-4754-2

Ubuntu Security Notice 4754-2 - USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. from Packet Storm https://ift.tt/3dO4yHc

Ubuntu Security Notice USN-4754-1

Ubuntu Security Notice 4754-1 - It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. from Packet Storm https://ift.tt/3suzvEv

Ubuntu Security Notice USN-4755-1

Ubuntu Security Notice 4755-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. from Packet Storm https://ift.tt/2MwUO9g

Trojan-Proxy.Win32.Delf.ai Buffer Overflow

Trojan-Proxy.Win32.Delf.ai malware suffers from a buffer overflow vulnerability. from Packet Storm https://ift.tt/3koS626

Doctor Appointment System 1.0 Cross Site Scripting

Doctor Appointment System version 1.0 suffers from multiple cross site scripting vulnerabilities. from Packet Storm https://ift.tt/3dOrd6k

Trojan-Dropper.Win32.Daws.etlm Unauthenticated Reboot

Trojan-Dropper.Win32.Daws.etlm malware suffers from a remote unauthenticated system reboot vulnerability. from Packet Storm https://ift.tt/37RCHlF

Online Catering Reservation System 1.0 SQL Injection

Online Catering Reservation System version 1.0 suffers from a remote SQL injection vulnerability. from Packet Storm https://ift.tt/3st3Pzo

VisualWare MyConnection Server 11.x Remote Code Execution

VisualWare MyConnection Server version 11.x suffers from a remote code execution vulnerability. from Packet Storm https://ift.tt/3sxQtSG

Triconsole 3.75 Cross Site Scripting

Triconsole version 3.75 suffers from a cross site scripting vulnerability. from Packet Storm https://ift.tt/3pXqL8c

Zenphoto CMS 1.5.7 Shell Upload

Zenphoto CMS versions 1.5.7 and below suffer from a remote shell upload vulnerability. from Packet Storm https://ift.tt/3bI4giv

Remote Desktop Web Access Authentication Timing Attack

Remote Desktop Web Access suffers form an authentication timing attack vulnerability. from Packet Storm https://ift.tt/2MrFiv9

Trojan.Win32.Hotkeychick.am Insecure Permissions

Trojan.Win32.Hotkeychick.am malware suffers from an insecure permissions vulnerability. from Packet Storm https://ift.tt/3dOGBQ9

Backdoor.Win32.Azbreg.amw Insecure Permissions

Backdoor.Win32.Azbreg.amw malware suffers from an insecure permissions vulnerability. from Packet Storm https://ift.tt/3uy4FwB

Should I Use Wheels Or Tracks?

Image
When it comes to dominating offroad performance, many people’s first thought is of tracked vehicles. Bulldozers, tanks and excavators all use treads, and manage to get around in difficult terrain without breaking a sweat. Today, we’re exploring just what makes tracked vehicles so capable, as well as their weaknesses. It’s All About Ground Pressure The various parts of a tank’s propulsion system. Let’s first look at how tank tracks work. There are a huge variety of designs, with differences depending on application. Different trends have been followed over time, and designs for military use in combat differ from those used for low-speed construction machines, for example. But by looking at a basic tank track design, we can understand the basic theory. On tanks, the track or tread itself is usually made up of individual steel links that are connected together with hinges, though other machines may use rubber tracks instead. The tracks are wrapped around one or more drive wheels, oft...

Go Malware Is Now Common, Having Been Adopted By Both APT And E-Crime Groups

from Packet Storm https://ift.tt/3aUD8NZ

Round Two Coming In Congressional Grilling Over SolarWinds

from Packet Storm https://ift.tt/3sw6Df2

Oxford Lab With COVID-19 Research Links Targeted By Hackers

from Packet Storm https://ift.tt/3pYLeJK

Old Foe Or New Enemy? Here's How Researchers Handle APT Attribution

from Packet Storm https://ift.tt/2PhsGYH

DIY All-Transistor Addressable Pixel

By now most readers should be used to addressable LEDs, devices that when strung out in a connected chain can be individually lit or extinguished by a serial data stream. Should you peer at one under a microscope you’ll see alongside the LED dies an integrated circuit that handles all the address decoding. It’s likely to be quite a complex device, but how simply can its functions be replicated? It’s a theme [Tim] has explored in the TransistorPixel , and addressable LED board that achieves addressability with only 17 transistors. It uses a surprisingly straightforward protocol, in which a pulse longer than 500ns enables the LED while a shorter one turns it off. Subsequent pulses in a train are passed on down the line to the next device. A 20µs absence of a pulse resets the string and sets it to wait for the next pulse train. Unlike the commercial addressable LEDS there is only a single colour and no suport for gradated brightness, but it’s still an impressive circuit. Under the hood ...

Homebrew Metrology the CERN Way

Image
We won’t pretend to fully grok everything going on with this open-source 8.5-digit voltmeter that [Marco Reps] built. After all, the design came from the wizards at CERN, the European Organization for Nuclear Research, home to the Large Hadron Collider and other implements of Big Science. But we will admit to finding the level of this build quality absolutely gobsmacking, and totally worth watching the video for. As [Marco] relates, an upcoming experiment at CERN will demand a large number of precision voltmeters, the expense of which led to a homebrew design that was released on the Open Hardware Repository . “Homebrew” perhaps undersells the build a bit, though. The design calls for a consistent thermal environment for the ADC, so there’s a mezzanine level on the board with an intricately designed Peltier thermal control system, including a custom-machined heat spreader blocker. There’s also a fascinatingly complex PCB dedicated solely to provide a solid ground between the analog i...

Tired of Popcorn? Roast Coffee Instead

Image
We’ve seen a lot of coffee roaster builds over the years. [Ben Eagan] started his with a hot-air popcorn maker . If you think it is as simple as putting beans in place of the popcorn, think again. You need to have good control of the heat, and that requires some temperature monitoring and a controller — in this case, an Arduino. [Ben’s] video below shows how it all goes together. With the Arduino and the power supply strapped to the sides, it looks a bit like something out of a bad post-apocalypse movie. But it looks like it gets the job done. In addition to the Arduino, a thermocouple measures the temperature and that takes a little circuitry in the form of a MAX31855. There’s also a relay to turn the heater on and off. There are other ways to control AC power, of course, and if a relay offends your sensibilities you can always opt for a solid state one. The only other wrinkle was the addition of an extra power supply so the fan could operate without the heater. There might have b...

Oddball x86 Instructions

Image
David Letterman made the top ten list famous. [Creel] has a top ten that should appeal to many Hackaday readers: the top 10 craziest x86 assembly language instructions . You have to admit that the percentage of assembly language programmers is decreasing every year, so this isn’t going to have mass appeal, but if you are interested in assembly or CPU architecture, this is a fun way to kill 15 minutes. Some would say that all x86 instructions are crazy, especially if you are accustomed to reduced instruction set computers. The x86, like other non-RISC processors, has everything but the kitchen sink. Some of these instructions might help you get that last 10 nanoseconds shaved off a time-critical loop. There are also interesting instructions like RDSEED, which generates a real random number. That can be useful but it takes many clock cycles to run, and like anything that purports to generate random numbers, is subject to a lot of controversies. Our favorite, though, was PSHUFB. As so...

“MORPH” LED Ball is a There-Is-No-Spoon, Reality-Bending Art Installation

Image
Marvelously conceived and exquisitely executed, this huge ball made up of hexagon tiles combines the best of blinky LEDs and animatronics into one amorphic ball. The creation of [Nicholas Perillo] of Augmentl along with [ MindBuffer ], full details of the “morph v2” project have not yet been published . However, some tantilizing build progress is documented on [Nicholas’] Insta — most especially through the snapshots in the story thread spanning the last seven months. The scope of the project is brought into focus with time lapse video of hundreds of heat-set inserts, bundles of twisted wire, a pile of 1500 sliding rails, cases full of custom-order stepper motors, and thick cuts of copper bus bars to feed power up the shaft and out to the panels. The demo video after the break is mesmerizing, shot by [nburdy] during a demo at MotionLab Berlin where it was built. Each hex tile is backed by numerous LEDs and a stepper motor assembly that lets it move in and out from the center of t...

Npower App Attack Exposed Customers' Bank Details

from Packet Storm https://ift.tt/3qWSqrb

McDonald's Has An Intel Team Spying On Workers

from Packet Storm https://ift.tt/3bwHNEU

Ubuntu Security Notice USN-4752-1

Ubuntu Security Notice 4752-1 - Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed. from Packet Storm https://ift.tt/2NVCmr8

Ubuntu Security Notice USN-4751-1

Ubuntu Security Notice 4751-1 - It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information. Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information. Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed. from Packet Storm https://ift.tt/3aUheuA

Ubuntu Security Notice USN-4753-1

Ubuntu Security Notice 4753-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. from Packet Storm https://ift.tt/3bBkw4Z

Ubuntu Security Notice USN-4750-1

Ubuntu Security Notice 4750-1 - Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service. Various other issues were also addressed. from Packet Storm https://ift.tt/3bCjOUV

Ubuntu Security Notice USN-4749-1

Ubuntu Security Notice 4749-1 - Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service. Various other issues were also addressed. from Packet Storm https://ift.tt/37J6aOI

Ubuntu Security Notice USN-4748-1

Ubuntu Security Notice 4748-1 - It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service. It was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. Various other issues were also addressed. from Packet Storm https://ift.tt/3uwZSLW

Ubuntu Security Notice USN-4747-2

Ubuntu Security Notice 4747-2 - USN-4747-1 fixed a vulnerability in screen. This update provides the corresponding update for Ubuntu 14.04 ESM. Felix Weinmann discovered that GNU Screen incorrectly handled certain character sequences. A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed. from Packet Storm https://ift.tt/37MaD3o

Red Hat Security Advisory 2021-0100-01

Red Hat Security Advisory 2021-0100-01 - The file-integrity-operator image update is now available for OpenShift Container Platform 4.7. Issues addressed include denial of service and integer overflow vulnerabilities. from Packet Storm https://ift.tt/3dNlyNU

Red Hat Security Advisory 2020-5364-01

Red Hat Security Advisory 2020-5364-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.7. Issues addressed include denial of service and integer overflow vulnerabilities. from Packet Storm https://ift.tt/2ZMAN1s

Red Hat Security Advisory 2021-0664-01

Red Hat Security Advisory 2021-0664-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. from Packet Storm https://ift.tt/3aTsp6H

Red Hat Security Advisory 2020-5633-01

Red Hat Security Advisory 2020-5633-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.0. Issues addressed include bypass, denial of service, integer overflow, man-in-the-middle, and memory leak vulnerabilities. from Packet Storm https://ift.tt/3sqW5xN

Red Hat Security Advisory 2021-0661-01

Red Hat Security Advisory 2021-0661-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.8.0. from Packet Storm https://ift.tt/3sprBwa

Trojan.Win32.Gofot.htx Buffer Overflow

Trojan.Win32.Gofot.htx malware suffers from a buffer overflow vulnerability. from Packet Storm https://ift.tt/3pUBL6q

Red Hat Security Advisory 2021-0659-01

Red Hat Security Advisory 2021-0659-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR. from Packet Storm https://ift.tt/3dJ8ZmD

Red Hat Security Advisory 2020-5634-01

Red Hat Security Advisory 2020-5634-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.0. from Packet Storm https://ift.tt/3bEgIjl

Red Hat Security Advisory 2021-0662-01

Red Hat Security Advisory 2021-0662-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.8.0. from Packet Storm https://ift.tt/2Pbc058

Turn An Ender 3 Into A Belt 3D Printer Of Your Very Own

Infinite-bed 3D printers have long been an object of desire in our community, but it has taken a long time for the promise to catch up with the reality in terms of relatively affordable models that live up to expectations. They’re still a little expensive compared to their fixed-bed cousins though, so if you hanker for a Creality CR30 but only have the cash for an Ender 3, [Michael Sgroi] may have the project for you. He’s created the EnderLoop, a set of parts to perform the conversion from a stock Ender 3 to a fully-functional belt printer . It takes the Ender 3 gantry and tilts it sideways on a pair of 3D printed supports, and replaces the stock Y azis with a belt on rollers driven by a larger motor through a timing belt drive. He has a variety of suggestions for sourcing a belt, and in his case he’s chosen one from PowerBelt3D. As well as the GitHub repository already linked, it can also be found on Thingiverse . It’s clear that hacking apart a reliable printer in this way is not ...

DIY USB-C Touch Monitor Is All Polished Brass

Image
We’ve known for a while that you can buy interface boards to turn old laptop screens into standalone monitors, but complete sets with 4K panels and control boards are also now becoming widely available on sites like eBay and AliExpress, and prices are dropping. These sets are also available with low-profile connectors like micro HDMI and USB-C, which allow for some very compact builds. [Matt] from [DIY Perks] used one of these sets to build a slimline USB-C monitor with a brass enclosure . Video after the break. The enclosure consists of brass sheets and U-channel pieces soldered and screwed together. There is quite a bit of residue and discoloration after soldering, but this was removed with a bit of sanding and polishing. A pair of adjustable legs were added to allow it to stand on its own, and an additional chamber on the back holds the control board, an old smartphone battery, and a battery protection circuit. [Matt] also added a pair of removable speakers, which are sealed speake...