Feed aggregator

USB-C Programmable Power Supply For Any Project

Hackaday - 6 hours 18 minก่อน

USB-C Power Delivery 3.0 (PD3.0) introduces a new Programmable Power Supply (PPS) mode, which allows a device to negotiate any supply of 3.3-21 V in 20 mV steps, and up to 5 A of current in 50 mA steps. To make use of this new standard, [Ryan Ma] create the PD Micro, an Arduino-compatible development board, and a self-contained software library to allow easy integration of PD3.0 and the older PD2.0 into projects.

The dev board is built around an ATMega32U4 microcontroller and FUSB302 USB-C PHY. The four-layer PCB is densely packed on both sides to fit in the Arduino Pro Micro Form factor. The board can deliver up to 100W (20 V at 5 A) from an appropriate power source and shows visual feedback on the PD status through a set of LEDs.

The primary goal of the project is actually in the software. [Ryan] found that existing software libraries for PD take up a lot of memory, and are difficult to integrate into small projects. Working from the PD specifications and PD PHY chip data sheet, he created a lighter weight and self-contained software library which consumes less than 8 K of flash and 1 K of RAM. This is less than half the Flash and RAM available on the ATmega32U4.

[Ryan] is running a Crowd Supply campaign (video after the break) to get some of these powerful boards out in the wild, and has released all the source code and schematics on GitHub. The PCB design files will be released during the last week of the campaign, around 25 January 2021.

USB-C and power delivery are not simple standards, but the ability to add a high-speed data interface and a programmable power supply into almost any project has real potential.

Hackability Matters

Hackaday - เสาร์, 01/16/2021 - 22:00

The Unix Way provides extreme hackability. The idea is that software should be written as tools to accomplish discrete tasks, and that it should be modular, extensible, and play well with others. It’s like software as a LEGO set — you can put the blocks together however you want, within limits, and make stuff that’s significantly cooler than any of the individual blocks alone.

Clearly this doesn’t work for all applications — things like graphics editors and web browsers don’t really lend themselves to being elegant tools that integrate well with others, right? It’s only natural that they’re bloaty walled gardens. What happens in the browser must stay in the browser, right?

But how sad is it that the one piece of software you use all day, your window into cyberspace, doesn’t play well with the rest of your system? I’d honestly never really been bothered by that fact until stumbling on TabFS. It’s an extension to Chrome that represents the tabs on your browser as if they were files on your local system — The Unix Way. And what this means is that any other program that can read from or write to a file can open tabs, collect them, change webpages on the fly, and so on. It opens up the browser to you.

This is tremendously powerful. Don’t like the bookmarking paradigm of your particular browser? Writing your own would be a snap in Python — and you could do cleverer things like apply a little machine learning to handle putting them in categories. Want to pop open (or refresh) a set of webpages at a particular time every day? Cron, or its significantly more complicated counterpart systemd, and a couple lines of code will do that. Want to make a hardware button that converts dark mode to light mode and vice-versa for every website starting with “H”? Can do.

I’m picking on browsers, but many large pieces of software are inaccessible in the same way — even if they’re open source, they don’t open up channels for interaction with user code or scripts. (Everything “in the cloud” or “as a service”, I’m looking at you! But that’s a further rant for another day.) And that’s a shame, because most of these “big” pieces of software actually do the coolest things.

So please, if you’re working on a big software package, or even just writing a plug-in for one, do think about how you can make more of its abilities available to the casual scripter. Otherwise, it’s just plastic blocks that don’t fit with the rest of the set.

This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter. Want this type of article to hit your inbox every Friday morning? You should sign up!

TV Turned Automatic Etch a Sketch with Raspberry Pi

Hackaday - เสาร์, 01/16/2021 - 19:01

Considering one of the biggest draws of the original Etch a Sketch was how simple it was, it’s always interesting to see the incredible lengths folks will go to recreate that low-tech experience with modern hardware. A perfect example is this giant wall mounted rendition of the iconic art toy created by [Ben Bernstein]. With a Raspberry Pi and some custom electronics onboard, it can even do its own drawing while you sit back and watch.

At a high level, what we’re seeing here is a standard Samsung LCD TV with a 3D printed Etch a Sketch shell mounted on top of it. That alone would be a pretty neat project, and had [Ben] just thrown some videos of designs getting sketched out onto the display, he could have achieved a similar end result with a lot less work. But where’s the fun in that?

It took hundreds of hours to print the shell.

To make his jumbo Etch a Sketch functional, [Ben] spent more than a year developing the hardware and software necessary to read the user input from the two large 3D printed knobs mounted under the TV. The knobs are connected to stepper motors with custom PCBs mounted to their backs that hold a A4988 driver chip as well as a AS5600 absolute magnetic rotary encoder. This solution allows the Raspberry Pi to not only read the rotation of the knobs when a person is using the Etch a Sketch interactively, but spin them realistically when the software takes over and starts doing an autonomous drawing.

Several Python scripts pull all the various pieces of hardware together and produce the final user interface. The software [Ben] wrote can take an image and generate paths that the Etch a Sketch can use to realistically draw it. The points that the line is to pass through, as well as variables that control knob rotation and pointer speed, are saved into a JSON file so they can easily be loaded later. Towards the end of the Imgur gallery [Ben] has created for this project, you can see the software working its way through a few example sketches.

We’ve seen several projects that motorize an Etch a Sketch to draw complex images, but this may be the first example we’ve seen where everything was done in software. This digital version doesn’t need to follow the traditional “rules”, but we appreciate that [Ben] stuck to them anyway. Incidentally this isn’t the first Etch a Sketch TV conversion to grace these pages, though to be fair, the other project took a radically different approach.

View post on imgur.com

Doing WiFi With Software Defined Radio

Hackaday - เสาร์, 01/16/2021 - 16:01

Software defined radio lets RF hardware take on a broad spectrum of tasks, all based on how that hardware is utilized in code. The bladeRF 2.0 micro xA9 is one such device, packing a fat FPGA with plenty of room for signal processing chains on board. As a demonstration of its abilities, [Robert Ghilduta] set about writing a software-defined WiFi implementation for the platform.

The work is known as bladeRF-wiphy, as it implements the PHY, or physical layer of the WiFi connection, in the 7-layer OSI networking model. Modulation and demodulation of the WiFi signal is all handled onboard the Cyclone V FPGA, with the decoded 802.11 WiFI packets handed over to the Linux mac80211 module which handles the MAC level, or medium access control. Thanks to the capability baked into mac80211, the system can act as either an access point or an individual station depending on the task at hand.

[Robert] does a great job of explaining the why and the how of implementing WiFi modulation on an FPGA, as well as some basics of modem development in both software and hardware. It’s dense stuff, so for those new to the field of software defined radio, consider taking some classes to get yourself up to speed!

Lego Tank Fires Soccer Ball Cannon

Hackaday - เสาร์, 01/16/2021 - 13:00

Back in the 20th century, Lego Technic was a popular toy designed to teach kids about mechanical technology, and be a lot of fun to boot. Motors and pneumatics were available, but by and large you had to move your creations and make the noises yourself. That’s not the case these days, as the [Brick Experiment Channel] demonstrates with this impressive Lego tank.

The drivetrain is straightforward, using standard Lego tank treads with each side given its own motor for easy skid steering. However, the real party piece is the slingshot cannon, which launches Lego soccer balls at 60 km/h. Utilizing several motors, it’s complete with elevation adjustment for accurate ranging, and a 6 round magazine so you can (slowly) prosecute your targets with rounds downrange.

What really makes this build great is the control system, with the tank being controlled by a PS4 controller via Sbrick, a device that lets Lego motors be controlled via Bluetooth. We’d love to build a couple of Lego vehicles and have them blast away at each other. We’ve seen the technology used before for a secret heist robot. Video after the break.

Manual Antenna Tuner Shows How Homebrewing is Done

Hackaday - เสาร์, 01/16/2021 - 10:00

If there’s anything about amateur radio that has more witchcraft in it than the design and implementation of antennas, we don’t know what it would be. On the face of it, hanging out a chunk of wire doesn’t seem like it should be complicated, but when you dive into the details, building effective antennas and matching them to the job at hand can be pretty complex.

That doesn’t mean antenna topics have to remain a total mystery, of course, especially once someone takes the time to explain things properly. [Charlie Morris (ZL2CTM)] recently did this with a simple antenna tuner, a device used to match impedances between a transmitter and an antenna. As he explains in the first video below, his tuner design is really just a Wheatstone bridge where the antenna forms half of one leg. A toroidal transformer with multiple taps and a variable capacitor forms an LC circuit that matches the high impedance antenna, in this case a multi-band end-fed halfwave, with the nominal 50-ohm load expected by the transceiver. A small meter and a diode detector indicate when the bridge is balanced, which means the transceiver is seeing the proper load.

The second video below shows the final implementation of the tuner; as a fan of QRP, or low-power operation, [Charlie] favors simple, lightweight homebrew gear that can be easily taken into the field, and this certainly fits the bill. A final video shows the tuner in use in the field, with a NanoVNA proving what it can do. As usual, [Charlie] protests that he not an expert and that he’s just documenting what he did, but he always does such a good job of presenting the calculations involved in component selection that any ham should be able to replicate his builds.

Extensive Modification of DSLR Includes High Quality Audio

Hackaday - เสาร์, 01/16/2021 - 07:00

Modern DSLR cameras are incredible pieces of technology that can take excellent high-quality photos as well as record video and audio. However, as they become jacks of all trades they risk being masters of none, and the audio quality in modern DSLRs certainly reflects that old cliche. To get true high-quality audio while recording with a camera like this Canon 80d, you’ll either need a secondary audio recording device or you’ll need to interface one directly into the camera itself.

This build from [Tony] aka [Carnivore] goes into the inner workings of the camera to add an audio mixer to the camera’s audio input, allowing for multiple audio streams to be recorded at once. First, he removed the plastic around the microphone port and attached a wire to it that extends out of the camera to a 1/8″ plug. While he had the case open he also wired a second shutter, added a record button to a custom location on the front of the camera, and bypassed a switch which prevents the camera from operating if the battery door isn’t closed.

With those modifications in place, he removed the internal flash from the camera before closing the body. A custom 3D printed mount was placed in the vacant space which now houses the audio mixer, a SR-AX100 from Saramonic. This plugs in to the new microphone wire from earlier in the build, allowing the camera to have an expanded capacity for recording audio.

While [Tony] has a fairly unique use case for all of these modifications to an already $1000 camera, getting into the inner workings of DSLRs isn’t something to shy away from if you need something similar done. We’ve even seen modifications to cameras like these to allow for watercooling during video recording.

HDSP clock fully through-hole

dangerous prototype - เสาร์, 01/16/2021 - 05:52

FlorinC posted an update on his HDSP clock project:

The only SMD component in the HDSP clock was the USB miniB connector. To make the kit completely beginner-friendly, this connector was replaced by either of its two (right angle or straight) through hole equivalents.

More details on Wise time with Arduino blog.

Lilbits: Linux phones and laptops, S-Pen for more phones, and an RK3566 single-board computer

Liliputing - เสาร์, 01/16/2021 - 04:00

Pine64, the company behind a line of geeky, inexpensive, and hackable smartphones, laptops, and single-board computers designed to run open source software tend to only publish one blog post each month. But it’s always a doozy, and the January update is no exception. Among other things, Pine64 unveiled that The next PinePhone Community Edition smartphone […]

The post Lilbits: Linux phones and laptops, S-Pen for more phones, and an RK3566 single-board computer appeared first on Liliputing.

You’re Going To Flip Out Over This Rocket League RC Car

Hackaday - เสาร์, 01/16/2021 - 04:00

Rocket League is a video game famous for being wildly popular despite being virtually unplayable without several hours practice. It involves hyper fast cars playing soccer, complete with the ability to flip, jump, and rocket boost into the ball. [mrak_ripple] decided he wanted some of that action in a real RC car, and set to work.

While rocket boosts were out of scope for this build, [mrak_ripple] was pretty confident he could build a jumping, flipping RC car modelled after the Rocket League Octane vehicle. Initial experiments involved a custom 3D printed spring mechanism, but the results were underwhelming. Instead, in the true hacker spirit, a jumping mechanism was taken from an existing toy, and installed in the car instead. This was combined with a mechanism built out of a brushless motor with a flywheel added to generate a flipping moment in mid-air.

The final result is impressive, with the car flipping relatively cleanly once refined and lightened from its original design. We’d love to see a two-axis build that can front- and back-flip as well. It’s a step up in complexity from the last build we saw from [mrak_ripple], the amusing mashed potato trebuchet. Video after the break.

AYA Neo handheld gaming PC with Ryzen 4500U ships in April, crowdfunding begins in Feb for $699 and up

Liliputing - เสาร์, 01/16/2021 - 03:07

The AYA Neo is a handheld gaming computer with an AMD Ryzen 5 4500U Renoir processor, AMD Radeon Vega 6 graphics, and a 7 inch touchscreen display sandwiched between two game controllers. First announced last May, the Neo has been in development for much of the past year and it went up for pre-order in […]

The post AYA Neo handheld gaming PC with Ryzen 4500U ships in April, crowdfunding begins in Feb for $699 and up appeared first on Liliputing.

Daily Deals (1-15-2021)

Liliputing - เสาร์, 01/16/2021 - 02:30

Laptops with 11th-gen Intel Core chips are already widely available and models with AMD Ryzen 5000 processors should begin hitting the streets soon. And that means PC makers and online retailers are pricing some models with older (but still decent) chips to move. You can pick up a Lenovo 14 inch laptop with an Intel […]

The post Daily Deals (1-15-2021) appeared first on Liliputing.

A Surefire Way To Make Masks

Hackaday - เสาร์, 01/16/2021 - 02:30

By now, the wearing of a facemask to protect ourselves from pandemic infection is for many of us a daily fact of life. Perhaps that means a cheap disposable mask, but there’s no reason that has to be the case. It’s easy to make more durable masks that can be washed and re-used time and time again, and our Hackaday colleague [Kristina Panos] has shared her pattern and workflow to help you do it.

Her pattern isn’t a complex cut-out but a simple rectangle, and the trick of sewing them together and flipping them inside out makes for a very tidy result. With three pleats pressed in and the elastic sewn up the result is a mask that’s neat, attractive, effective, and cheap, which is a win in our book.

It’s worth repeating her important point that these are not for use in medical environments, instead they’re the standard street-wear aerosol catchers we’re all used to. This isn’t the first time we’ve looked at masks here at Hackaday, or indeed though [Kristana]’s are by far the tidier neither is it first time one of us has made a mask. We looked at them in depth last year in our surviving the pandemic as a hacker series.

$50 Watchy hackable e-paper smartwatch goes on sale

Liliputing - เสาร์, 01/16/2021 - 01:14

Modern smartwatches can sell for hundreds of dollars and run proprietary software or for as little as $25 while running open source code. Watchy is closer to that latter category. It’s a smartwatch with a paper-like monochrome display and open source hardware and software. With a list price of $50, it’s an affordable option for […]

The post $50 Watchy hackable e-paper smartwatch goes on sale appeared first on Liliputing.

Circuit VR: Even More Op Amps

Hackaday - เสาร์, 01/16/2021 - 01:01

In the last Circuit VR we looked at some basic op amp circuits in a simulator, including the non-inverting amplifier. Sometimes you want an amplifier that inverts the signal. That is a 5V input results in a -5V output (or -10V if the amplifier has a gain of 2). This corresponds to a 180 degree phase shift which can be useful in amplifiers, filters, and other circuits. Let’s take a look at an example circuit simulated with falstad.

Remember the Rules

Last time I mentioned two made up rules that are good shortcuts for analyzing op amp circuits:

  1. The inputs of the op amp don’t connect to anything internally.
  2. The output mysteriously will do what it can to make the inputs equal, as far as it is physically possible.

As a corollary to the second rule, you can easily analyze the circuit shown here by thinking of the negative (inverting) terminal as a virtual ground. It isn’t connected to ground, yet in a properly configured op amp circuit it might as well be at ground potential. Why? Because the + terminal is grounded and rule #2 says the op amp will change conditions to make sure the two terminals are the same. Since it can’t influence the + terminal, it will drive the voltage through the resistor network to ensure the – terminal is at 0V.

This virtual ground idea makes the analysis of the circuit simple. You can see on the simulation that the amplifier has a gain of 3. So pretend the input is 5V DC or, if you like, change the voltage source. Since the – terminal is virtual ground, we know the current through the 1K resistor must be (5-0)/1000 = 5mA. Rule #1 says the input terminals aren’t going to look like they are connected to anything, so that means the current through the 3K resistor must also be 5mA and one end of it is virtually grounded.

So what’s the output voltage? (V-0)/3000=.005. If you do a little high school algebra, you can rewrite that as V=.005(3000) = 15V. In real life, you wouldn’t want the output so close to the supply rail, but you get the idea. In the simulator, we only specify the maximum and minimum output voltages for this op amp model, so perhaps the power supply is really +/- 16V. That’s my story and I’m sticking to it.


For the non-inverting amplifier the gain was equal to the reciprocal of the feedback network’s voltage divider ratio. That is, with a 1K and 3K resistor, the divider ratio is 1000/(1000+3000)=1/4, so the gain is 4. That makes sense, because in that case, we reduce the op amp’s output voltage while it is trying to make the two terminals equal.

For an inverting amplifier, the gain is the simple ratio of the two resistors, since what sets the gain is the equal current flowing through both resistors. If the two resistors were equal, a non-inverting amplifier has a gain of 2, while an inverting amplifier has a gain of 1. If you recall, to get a unity gain in the non-inverting circuit, you don’t need any resistors, just a zero ohm resistor (a wire) between the output and the – input.

What’s the Difference?

Of course, the idea of a virtual ground is really nothing more than restating rule #2. If both terminals have inputs, you have a differential amplifier. These are important for several reasons. One of the biggest use of differential amplifiers is to reduce common mode noise.

Suppose you have a temperature sensor that puts out a tone from 250 to 300 Hz depending on the reading. The wires going to the sensor are long and you find that you are picking up 60 Hz hum from the AC wiring. Your input signal might look something like the one on the right. The 60 Hz hum is about 5 times a strong as the square wave data signal. How can you recover it?

There are several answers, of course. But if you observe that both the positive and ground wire going to the sensor will pick up the hum, a good answer is to subtract the return leg from the positive leg. Since the noise is the same on both wires, it should subtract out, leaving only the signal of interest. Here’s an example circuit for removing 60 Hz hum:

Here, the + terminal will be at 50% of the input signal. That means, by rule #2, that the – terminal will also be at that same voltage. Suppose there is a steady 2V on both inputs. The + terminal will then have 1V on it. That means the – terminal will also have 1V. If the input is 1V and the – terminal is 1V, the output must be at 0V since the feedback network will be like a voltage divider. No matter how the voltages change together, the output will remain zero.

But what happens if both inputs are at 2V and suddenly the input at the + side jumps by itself to 4V? Now the + terminal is at 2V, and this causes the current flowing to change (to zero, in this case). That means the output voltage has to change to set the same current in the feedback resistor. Since that’s zero in this case, the output must also be 2V.

If the zero current is confusing, try a different voltage like 3V in this circuit. When you flip the switch to feed 3V into the circuit, the + terminal because 1.5V so you have 0.5V across the input resistor, which means you’ll need the same current through the feedback resistor and the output will be 1V.

Is That All?

There are a lot more things you can do with op amps, but those will have to wait for a future Circuit VR. While modern op amps are great, they still aren’t perfect. The inputs will have a little leakage. The outputs will not get right up the rail if you draw much current from them in a general-purpose op amp. If you are dealing with high frequency, you’ll need to carefully select parts. Precision circuits may need care for offset trimming and other special design considerations. However, compared to building precision amplifiers from bare transistors, having high-quality op amps is a real time saver.

There are many specialty op amps. Some operate on current inputs. Some have special output stages. For example, comparators are op amps with high speed output stages that tend to saturate quickly one way or the other. There are many choices depending on what’s important to your design. If you want some extracurricular reading on op amp architecture selection, Analog Devices AN-360 is a good overview of the subject.

Hackaday Podcast 101: Lasering and Milling Absolutely Everything

Hackaday - เสาร์, 01/16/2021 - 00:01

Hackaday editors Mike Szczys and Elliot Williams discuss our favorite hacks of the past week. We accidentally chose a theme, as most of the projects use lasers and are about machining work. We lead off with a really powerful laser that can directly etch circuit boards, only to be later outdone by an even more powerful laser using a chemistry trick to etch glass. We look at how to mix up your own rocket motors, bootstrap your own laser tag, and go down the rabbit hole of building tools for embedded development. The episode wraps up as we discuss what exactly NVMe is and where hardware hacking might take it.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (~65 MB)

Places to follow Hackaday podcasts:

Episode 101 Show Notes: New This Week: Interesting Hacks of the Week: Quick Hacks: Can’t-Miss Articles:

Civil Defense Disco Ball Rocks Ground Zero

Hackaday - ศุกร์, 01/15/2021 - 23:30

Old Civil Defense survey meters like the V-715 are interesting conversation starters, but of very little practical use today. These devices were intended to be a sort of litmus test that survivors of a nuclear blast could use to determine when it was safe to venture out of their radiation shelter: if the needle on the meter moves, even when it’s on the most sensitive setting, you should probably go back inside. Since [Hamilton Karl] would (hopefully) never need such an indicator, he decided to have a little fun with this Cold War holdover and turn it into a Disco Containment Unit.

Technical details are a little sparse on this one, but we can infer most of it just from the pictures. In place of the original meter [Hamilton] has mounted a tiny mirrored ball inside of a protective cage, which is spun by a geared motor that’s occupying the space that used to be taken up by the ion chamber.

A handful of Adafruit NeoPixel RGB LEDs, an Arduino Nano, and a few switches to control it all round out the functional aspects of the build, and a new disco-themed trefoil replaces the original Civil Defense logo on the side. The project page mentions there’s a piezo buzzer onboard that performs a stirring rendition of “Stayin’ Alive” by the Bee Gees, but alas there’s no video that shows it in action.

Thanks to the rugged construction and built-in handle of these old survey meters, [Hamilton] can now take the party with him wherever he goes. Not that he can really go anywhere with this whole global pandemic hanging over our heads, but at least he’ll be ready when things start trending towards normal. In a way the device’s functionality has now been reversed from how it originally worked, since the meter going wild will now be an indicator that its safe to come out.

While the V-715 isn’t of much use outside of a post-apocalyptic hellscape, the V-700 is actually a proper Geiger counter that’s still useful for surveying or research. An important distinction to remember if you ever get a chance to snap one of them up at a swap meet or flea market. Whenever we can start having those again, anyway.

US labels Xiaomi a Communist Chinese military company, pushing US investors to divest

Liliputing - ศุกร์, 01/15/2021 - 23:14

The United States Department of Defense has updated a list of companies it considers “Communist Chinese military companies,” and one of the most notable additions is Xiaomi, the world’s third-largest phone maker in terms of shipments. Thanks to an executive order signed by president Donald Trump in November, that means US investors to sell or […]

The post US labels Xiaomi a Communist Chinese military company, pushing US investors to divest appeared first on Liliputing.

This Week in Security: Ubiquiti, Nissan, Zyxel, and Dovecot

Hackaday - ศุกร์, 01/15/2021 - 22:00

You may have been one of the many of us who received an email from Ubiquiti this week, recommending a password change. The email stated that there was an unauthorized access of Ubiquiti systems, and while there wasn’t evidence of user data being accessed, there was also not enough evidence to say emphatically that user data was not accessed. Ubiquiti has mentioned that the database that may have been accessed contains a user’s name, email address, hashed password, and optionally the mailing address and phone number.

Depending on how the Ubiquiti authentication system is designed, that hashed password may be enough to log in to someone’s account. In any case, updating your password would invalidate the potentially compromised hash. This event underscores a complaint voiced by Ubiquiti users: Ubiquiti has been making it difficult to administrate hardware without a cloud-enabled account.

Nissan Source Code

Nissan was hosting a large git repository using Atlassian’s Bitbucket. That install was still using default credentials for the admin account, and someone finally noticed. The researcher who first discovered the issue has remained anonymous, and the primary source for the linked article was caught up in the recent outbreak of Twitter censorship, with an account suspension.

The repository contained code from Nissan mobile apps, marketing information, and code for internal-only services. The 18.4 GB data dump is still available on the darker corners of the internet, via torrent files.

Zyxel Scans Seen by ISC

Remember the Zyxel problem we talked about last week? Well this didn’t take long. The Internet Storm Center (ISC) is reporting that it is already seeing SSH login attempts using those hard-coded credentials.

It’s worth taking a minute to call out the ISC and similar efforts for their invaluable work. The ISC primarily serves as a clearinghouse for data from Intrusion Detection Systems and firewalls around the internet. When new patterns emerge, volunteers watching the data can quickly identify new attacks as they emerge. In some cases, this quick response can give administrators around the world time to patch the vulnerability being targeted before they are compromised.

Dovecot Hibernation

Dovecot has released version 2.3.13, and there is a fix for a notable vulnerability, CVE-2020-24386. IMAP supports an IDLE command, putting the connection to the server in a holding pattern, ready to push real-time mail notifications to the client. The vulnerability allows a client to put its connection in this state, and then send a malicious request to the server. This request can allow for limited filesystem access, most notably the downloading of messages from other accounts. It’s possible to mitigate the flaw through disabling IMAP hibernation, but the recommendation is to simply update to the latest release.

Telegram Triangulation

Telegram is one of the go-to solutions for sending secure messages. Just over a year ago, Telegram introduced “People Near Me”, a feature for finding nearby users who have opted in to the service. If you’ve opted in, you might consider going and turning that feature off. Telegram gives a very precise and accurate distance to anyone else who is within seven miles. That distance updates in real time, which is great for meetups. What might not be immediately obvious is that it’s rather trivial to spoof a device’s location to anywhere in the world. Within a few minutes, it’s possible to precisely locate anyone in the world who has Telegram’s location service turned on. Other services have prevented this problem by giving less precise location data. So far, Telegram has responded that this is not a bug, and it doesn’t plan to make any changes.

How Solarwinds Got Hacked

More details on the Solarwinds backdoor is slowly coming to light. The more information is revealed, the more interesting the story becomes. This week, we got Crowdstrike’s write-up of the malware running on Solarwinds machines. This malware, dubbed Sunspot, isn’t the Orion backdoor itself, it is a custom-written piece of malware that modifies source code surreptitiously at compile time. This brings to mind the old Trusting Trust attack.

Sunspot was written to very carefully hide from detection, and to only take action when it detects code compiling. It checks once a second for  MsBuild.exe, and whether it was building Orion. If it is, it modifies one source code file, waits for compilation to complete, and then undoes the malicious change. A developer would be hard pressed to discover the modification, because it only exists during compilation, while the developer is out getting coffee anyway. We were somewhat skeptical when Solarwinds first called this a “sophisticated and novel” hack, but the evidence seems to affirm that opinion.

HP Launches ProBook x360 11 G7 for education (Intel Jasper Lake PC with classroom features)

Liliputing - ศุกร์, 01/15/2021 - 21:00

HP’s newest laptop designed for use in classrooms features an 11.6 inch touchscreen display, a 360 degree hinge, cameras that face the front and back, and a sturdy MIL-STD-810H tested design with metal-reinforced corners, and a Gorilla Glass display and spill-resistant keyboard that can be wiped clean with “commonly used household wipes.” The HP ProBook x360 […]

The post HP Launches ProBook x360 11 G7 for education (Intel Jasper Lake PC with classroom features) appeared first on Liliputing.

Syndicate content