Kritik sah

The Fairchild Republic A-10 “Warthog” with its 30 mm rotary cannon has captured the imagination of friendly soldiers and military aviation enthusiasts on the ground for as long as it’s been flying. One such enthusiast created the Warthog Project , a fully functional A-10 cockpit for Digital Combat Simulator, that’s almost an exact copy of the real thing. It started as a four monitor gaming cockpit, with a Thrustmaster Warthog H.O.T.A.S. The first physical instrument panels were fuel and electrical panels bought through eBay, and over time more and more panels were added and eventually moved to dedicated left and right side units. All the panels communicate with the main PC over USB, either using Arduinos or purpose-made gaming interface boards. The Arduinos take input from switches and control knobs, but also run 7-segment displays and analog dials driven by servos. The panels were all laser-cut using MDF or perspex and backlit using LEDs. The main instrument panel is a normal mon...

Linear transforms — like a Fourier transform — are a key math tool in engineering and science. A team from UCLA recently published a paper describing how they used deep learning techniques to design an all-optical solution for arbitrary linear transforms . The technique doesn’t use any conventional processing elements and, instead, relies on diffractive surfaces. They also describe a “data free” design approach that does not rely on deep learning. There is obvious appeal to using light to compute transforms. The computation occurs at the speed of light and in a highly parallel fashion. The final system will have multiple diffractive surfaces to compute the final result. The deep learning the paper’s authors refer to was all set up with TensorFlow using the Adam optimizer. It appears that the paper relies on simulations of the diffraction surfaces, not an actual implementation. We aren’t sure how hard it is to realize high-resolution diffraction surfaces with the very specific patte...

The Super 8 camera, while a groundbreaking video recorder in its time, is borderline unusable now. Even if you can get film for it (and afford its often enormous price), it still only records on 8mm film which isn’t exactly the best quality of film around, not to mention that a good percentage of these cameras couldn’t even record audio. They were largely made obsolete by camcorders in the late ’80s and early ’90s, although some are still used for niche artistic purposes. If you’d rather not foot the bill for the film, though, you can still put one of these to work with the help of a Raspberry Pi . [befinitiv] has a knack for repurposing antique analog equipment like this while preserving its aesthetic. While the bulk of the space inside of this camera would normally be used for housing film, this makes a perfect spot to place a Raspberry Pi Zero, a rechargeable battery, and a power converter circuit all in a 3D printed enclosure that snaps into the camera just as a film roll would h...

You might remember that industrial designer [Eric Strebel] tried to make a collapsible silicone container with 3D printed molds a few weeks ago, and was finally successful after dozens of attempts. Someone commented that commercial containers are molded in the collapsed position instead of the expanded position, so naturally, [Eric] had to try it once he saw the photographic proof of these molds. This time around, [Eric] made things easier on himself by adding some handles to the mold and using both wax and spray mold release before pouring in the degassed silicone. The first one was a failure —  he had let it cure the whole time in the collapsed mold, and it just didn’t want to stay expanded. On the second attempt, [Eric] decided to pull the piece while it was curing, about 5 1/2 hours into the process. After carefully de-molding the piece, he pressed it into the grooves of one of the older molds from the days of molding containers in the expanded state. Then he filled it with...

While [MicroKits]’ MicroSynth is an all-analog synthesizer that fits on a business card-sized PCB, and he actually does use it to break the ice in business meetings, that’s not really the idea behind this project. Rather, [MicroKits] is keen to get people playing with synths, and what better way than a synth you can build yourself? There was an ulterior motive behind this project, too: prototyping circuits for a more complete synthesizer. Thus, the design is purposely very simple — no microcontrollers, no logic chips, and not even a 555 to be found. It doesn’t even have buttons; instead, the one-octave keyboard just has interdigitated traces that are bridged by the player’s fingers, forming resistive touchpads. The keyboard interface circuit is clever, too — [MicroKits] uses a pair of op-amps to convert the linear change in resistance across the keyboard to a nearly exponential voltage to drive the synth’s voltage-controlled oscillator (VCO). The video below shows what it can do. W...

PlaceOS version 1.2109.1 suffers from an open redirection vulnerability. from Packet Storm https://ift.tt/3AZcQ7U

Ubuntu Security Notice 5095-1 - It was discovered that Apache Commons IO incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. from Packet Storm https://ift.tt/3F9cmOW

Cmsimple version 5.4 authenticated remote code execution exploit. from Packet Storm https://ift.tt/3AXjQlZ

Red Hat Security Advisory 2021-3694-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability. from Packet Storm https://ift.tt/3kVTvPC

Whitepaper that discusses deserialization of untrusted data in jsoniter. from Packet Storm https://ift.tt/3omOWzG

WordPress JS Jobs Manager plugin version 1.1.7 suffers from an unauthenticated plugin installation and activation vulnerability. from Packet Storm https://ift.tt/2Wq62RK

Red Hat Security Advisory 2021-3635-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.32. from Packet Storm https://ift.tt/3uv9PKm

Pharmacy Point of Sale System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Janik Wehrli in September of 2021. from Packet Storm https://ift.tt/3mfCkb0

This code is a proof-of-concept of the recently revealed Azure Active Directory password brute-forcing vulnerability announced by Secureworks. from Packet Storm https://ift.tt/3B2eVQA

We can count on one hand the number of times that we haven’t needed a coat on Halloween night around here. Even if it was fair and sunny the day before, you can count on Halloween being appropriately windy, cold, and spooky. Trick-or-treating only keeps a kid so warm, and we would have loved to happen upon a house with a spider-stomping sugar-burning good time of a game going on in the driveway. [Kyle Maas] built this game a few years ago, and it has proved quite popular ever since. It’s so popular, in fact, that they have to have someone on duty with a vaudeville hook to yank spectators off the playing field. The point is to stomp as many spiders as you can in a set amount of time, though you only need to stomp one to win. It can handle one to four players, depending on the size of the projection, but [Kyle] says it’s kind of hard to track more than two at a time. The setup is fairly simple, provided you can reliably affix your projector to something sturdy. [Kyle] used a Structur...

The use of aluminium in wiring is unlikely to bring a smile to the face of anyone who has had to deal with it in a 1960s, or early 1970s-era house. The causes behind the fires and other accidents were myriad, including failure to deal with the higher thermal expansion of aluminium, the electrically insulating nature of aluminium oxide, and the general brittleness of aluminium when twisted. Yet while copper is superior to aluminium in terms of electrical conductivity and ease of installation, copper prices have skyrocketed since the 1970s, and are on the verge of taking off to the moon. A big part of the reason is the increased use of copper in everything from electronics and electrical motors to generators, driven by large-scale deployment of wind turbines and electrical vehicles. As the world moves to massively expand the use of electrical cars and installation of wind turbines, copper demand is predicted to outstrip current copper supply. With aluminium likely to make a big retur...

from Packet Storm https://ift.tt/3F8JCWy

from Packet Storm https://ift.tt/3AWBOoH

from Packet Storm https://ift.tt/3A2e01q

from Packet Storm https://ift.tt/2Y69TVa

Those of us who have followed the Raspberry Pi over the years will be familiar with the various revisions of the little board, with their consequent new processors. What may be less obvious is that within the lifetime of any chip there will often be minor version changes, usually to fix bugs or to fine-tune production processes. They’re the same chip, but sometimes with a few extra capabilities. [Jeff Geerling] didn’t miss this when the Raspberry Pi 400 had a BCM2711 with a newer version number than that on the Pi 4 , and now he’s notices the same chip on Pi 4 boards. Why might they run two different revisions of the chip in parallel? It seems that the update changes the amount of memory addressable by the eMMC and the PCIe bus, the former could only see the first 1GB and the latter the first 3Gb. For the lower-spec Pi 4 boards this doesn’t present a problem, but for those with 8 gigabytes of memory it could clearly be an issue. Thus the Pi 400 and the top spec Pi 4 now have a newer ...

In Banksy’s book, Wall and Piece , there is a very interesting quote; “Imagine a city where graffiti wasn’t illegal, a city where everybody could draw whatever they liked…”. This sounds like it would be a very exciting city to live in, except for those of us who do not have an artistic bone in their body. Luckily, [Niklas Roy] has come up with the solution to this problem; the Graffomat, a spray can plotter . The Graffomat is, in its creator’s own words, a “quick and dirty graffiti plotter.” It is constructed primarily from wood and driven by recycled cordless drills that pulls string pulleys to move the gantry.  The Arduino Nano at the heart of the Graffomat can be controlled by sending coordinates over serial. This allows for the connection of an SD card reader to drip-feed the machine, or a computer to enable real-time local or over-the-internet control. We are especially impressed with how [Niklas] handled positional tracking. The cordless drills were certainly not repeatabl...

Standard cosplay is fun and all, but what is there for admirers to do but look you up and down and nitpick the details? Interactive cosplay, now that’s where it’s at. [Jaryd Giesen] knows this, and managed to pull together a working color Game Boy costume in a few days. The original plan was to use a small projector on an arm, like one of those worm lights that helped you see the screen, but [Jaryd] ended up getting a secondhand monitor and strapping it to his chest. Then he took the rest of the build from there. Things are pretty simple underneath all that cardboard: there’s a Raspberry Pi running the RetroPie emulator, a Pico to handle the inputs, and two batteries — one beefy 12,000 mAH battery for the monitor, and a regular power pack for the Pi and the Pico. As you’ll see in the build and demo video after the break, nearly 100 people stopped to push [Jaryd]’s buttons. They didn’t get very far in the game, but it sure looks like they had fun trying. Since we’re still in a pand...

With the push to having most of a radio receiver as part of a PC, it might seem odd to have a standalone communication receiver, but [OM0ET] reviews the latest one he picked up , an ATS25. Inside isn’t much: a battery, a speaker, an encoder, and a Si4732 that provides the RF muscle. It appears the receiver is pretty broadband which could be a problem. [OM0ET] suggests adding selectivity in the antenna or adding an extra board to use as a bandpass filter. The design is simple enough, we are sure you could easily hack the unit to do different things. Most coverage stops at 30MHz, but there is an FM band, so we wondered if you could get the thing to work on other frequencies, too. Clearly, the Arduino portion would be easily hackable. For the price, we were both impressed with the touchscreen and build, but maybe less impressed with the RF filtering. On the other hand, the small form factor would be great for backpacking or portable use and it isn’t that expensive. It does seem to wo...

Imagine you’re sending a piece of hardware to space on a satellite. Unless you’re buddy-buddy with NASA, it’s pretty unlikely you’ll ever be able to head up there and fix something if it goes wrong once it’s launched. Robust design is key, so that even in the event of a failure in one component, the rest of the hardware can keep working. The example I2C isolation circuit from [Max’s] paper. The SPI implementation is even simpler. [Max Holliday] found himself in this exact situation, running 69 I2C and SPI devices in a single satellite. Thus, he came up with circuits to auto-isolate devices from these buses in the event of an issue. That work is the subject of a research paper now available on the TechRxiv Preprint Server. The problem is that these simple buses aren’t always the most robust, being vulnerable to single-point failures where one bad part takes down other parts of the bus. [Max] notes that vast numbers of sensors and devices rely on these standards, and it can be diff...

With its copious number of GPIO pins, native USB, and MicroPython support, the Raspberry Pi Pico is arguably the ideal microcontroller for developing your own platform agnostic USB Human Input Devices. But you don’t have to take our word for it. Check out how quickly the $4 USD board allowed [Alberto Nunez] to put together a pair of foot pedals for his computer . Wiring doesn’t get much easier than this. A peek inside the enclosure reveals…well, not a whole lot. All that’s hiding inside that heavy-duty plastic box is the Pi Pico and some screw down terminals that let [Alberto] easily wire up the female bulkhead connectors for the pedals themselves. Incidentally, while you could certainly make your own pedals, the ones used for this project appear to be the sort of commercially available units we’ve seen used in similar projects . With the hardware sorted, [Alberto] just needed to write the software. While he could have taken the easy way out and hard coded everything, we apprecia...

We’ve been eagerly following the development of the WiFiWart for some time now, as a quad-core Cortex-A7 USB phone charger with dual WiFi interfaces that runs OpenWrt sounds exactly like the sort of thing we need in our lives. Unfortunately, we’ve just heard from [Walker] that progress on the project has been slowed down indefinitely by crippling chip shortages . At this point, we’ve all heard how the chip shortage is impacting the big players out there. It makes sense that automakers are feeling the pressure , since they are buying literally millions of components at a clip. But stories like this are a reminder that even an individual’s hobby project can be sidelined by parts that are suddenly 40 times as expensive as they were when you first put them in your bill of materials. The new miniature compute board. In this particular case, [Walker] explains that a power management chip you could get on DigiKey for $1.20 USD a few months ago is now in such short supply that the best o...

Pet Shop Management System version 1.0 suffers from a remote shell upload vulnerability. from Packet Storm https://ift.tt/3kRYH76

Ubuntu Security Notice 5092-2 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. Various other issues were also addressed. from Packet Storm https://ift.tt/3ijZyLX

If you’re of a certain vintage and have ever done any technical drawing, chances are good that you used a r0tring of some kind, be it pencil or pen. Well, r0tring makes more than writing implements.  They also made electronic scribers — a small plotter that pens ISO lettering on technical drawings based on typed input. This was a huge time saver over doing it freehand or stenciling each letter. The CS-50 is designed to hold the top-of-the-line r0tring drawing pen, which turned out to be the most expensive part of this restoration aside from the time spent sniffing out issues. [Atkelar] likes to open things up and give them a visual inspection before powering them on. We think this is good practice, even if the suspense kills you. But really, [Atkelar] did so much more than that . He started by replacing the likely late-80s-era coin cell even though it registered north of 3 V. Then he swapped out all the electrolytic caps and one tantalum, cleaned the rubber dome keyboard parts wi...

Mitrastar GPT-2541GNAC-N1 suffers from a privilege escalation vulnerability that provides root privileges. from Packet Storm https://ift.tt/3CVVI3x

Google's Extensible Service Proxy suffers from a header forgery vulnerability. from Packet Storm https://ift.tt/3kRVUup

Ubuntu Security Notice 5094-1 - It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. Various other issues were also addressed. from Packet Storm https://ift.tt/3Fd3cRV

Storage Unit Rental Management System version 1.0 suffers from a remote shell upload vulnerability. from Packet Storm https://ift.tt/3CTlHbS

Ubuntu Security Notice 5090-4 - USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. It was discovered that the Apache HTTP Server incorrectly handled escaping quotes. If the server was configured with...

The consumer electronics space is always in a state of flux, but perhaps nowhere is this more evident than with entertainment equipment. In the span of just a few decades we went from grainy VHS tapes on 24″ CRTs to 4K Blu-rays on 70″ LED panels, only to end up spending most of our viewing time watching streaming content on our smartphones. There’s no sign of things slowing down, either. In fact they’re arguably speeding up. Sure that 4K TV you bought a couple years back might have HDR, but does it have HDMI 2.1 and Dolby Vision? So it’s little surprise that eBay is littered with outdated A/V gadgets that can be had for a pennies on the dollar. Take for example the SB700-100 Sling Adapter we’re looking at today. This device retailed for $99 when it was released in 2010 , and enabled Dish Network users to stream content saved on their DVR to a smartphone or tablet. Being able to watch full TV shows and movies on a mobile device over the Internet was a neat trick back then, before Netf...