Day: June 26, 2020

Get The Party Started With A Mesh WiFi Light Show

June 26, 2020 by 1 Comment

Wildly blinking LEDs may not be the ideal lighting for the average office environment, but they’ll surely spice up any party. And since a party without music is just a meeting, having both synced up is a great way to set the mood. Sure, you could simply roll out your standard LED strip instead, but that gets a bit boring, and also a bit tricky if you want to light up several places the same way. [Gerrit] might have built the perfect solution though, with his (mu)sic (R)eactive (Li)ghts, or muRLi, which are a set of individual lights that synchronize a programmable pattern over WiFi.

The system consists of muRLi itself as the base station that defines and sends the light pattern through WebSockets, and several muRLi Nodes that house a set of WS2812B LEDs to receive and display it. Both are built around a Wemos D1 Mini configured to set up a WiFi mesh network, and depending what’s in reach, the nodes connect either to the base station or other nodes, giving the system definitely enough reach for any location size. The music is picked up by a MAX4466-amplified microphone inside the base station — adding some more flexibility to positioning the system — and analyzed for volume and audio spectrum, which is also shown on an OLED.

The best part however is how the light patterns are programmed. Instead of hard-coding it into the firmware, [Gerrit] went for a modular approach with little ROM cartridges to plug into the muRLi base station. The cartridge itself contains just an I2C EEPROM, storing JavaScript code that is interpreted by the firmware using mJS. The scripts have access to the analyzed audio data and amount of LEDs within the network, and can dynamically generate the patterns as needed that way. Everything is neatly housed in 3D-printed enclosures, with all the design and source files available on the project’s GitHub page — but see for yourself in the video after the break.

If you don’t care about the wireless part but enjoy light synced up with music, have a look at a plain MIDI solution for that. As for [Gerrit], we’re definitely looking forward to seeing his next endeavor one day, since we also enjoyed his last one.

Continue reading “Get The Party Started With A Mesh WiFi Light Show”

This Week In Security: Bitdefender, Ripple20, Starbucks, And Pwned Passwords

June 26, 2020 by 13 Comments

[Wladimir Palant] seems to be on a one man crusade against security problems in security software. The name may not be immediately recognizable, but among his other infamies is originating Adblock Plus, which we have a love-hate relationship with. (Look, surf the net with an adblocker, but disable it for sites you trust and want to support, like HaD).

This week, he announced a rather serious flaw in the Bitdefender. The disclosure starts off with high praise for the Bitdefender: “security-wise Bitdefender Antivirus is one of the best antivirus products I’ve seen so far….” Even with that said, the vulnerability he found is a serious one. A malicious website can trigger the execution of arbitrary applications. The problem was fixed in an update released on the 22nd.

Image by Wladimir Palant, CC BY-SA 4.0

The vulnerability is interesting. First, Bitdefender uses an API that was added to web browsers specifically to enable security software to work without performing man-in-the-middle decryption of HTTPS connections. When a problem is detected, Bitdefender replaces the potentially malicious page with it’s own error message.

Because of the way this is implemented, the browser sees this error message as being the legitimate contents of the requested site. Were this a static page, it wouldn’t be a problem. However, Bitdefender provides an option to load the requested page anyway, and does this by embedding tokens in that error page. When a user pushes the button to load the page, Bitdefender sees the matching tokens in the outgoing request, and allows the page. Continue reading “This Week In Security: Bitdefender, Ripple20, Starbucks, And Pwned Passwords”

Double The RAM Of A Dreamcast Console For A Cool 32 MB

June 26, 2020 by 32 Comments

The Sega Dreamcast is the forgotten orphan of the console wars, an extremely capable machine never able to escape the shadow of its PlayStation rivals and because it marked the end of Sega’s console line, never redeemed in reputation by a more popular successor. It retains a significant following a couple of decades after its heyday though, and still sees hardware hacks such as [Tsowell]’s doubling of its available RAM to 32 MB.

The console shipped with 16 MB of memory in two banks, but while the SH4 processor can address twice that figure the designers at Sega never brought the required address line out from under the BGA. So it should be impossible to give it a memory expansion, but when hardware hackers are at work nothing should be ruled out. The hack involves manipulation of the bank switching addressing, and took several careful readings for us to fully understand. The new RAM chips have two address lines tied together and wired to another, a job for some fine but ultimately not impossible soldering. To take advantage of the extra RAM there are a set of patched BIOS images.

So, if you either have a spare Dreamcast you care little enough about to risk, or you consider your console hacking skills to be so advanced that it will be a piece of cake, you can now double the platform’s RAM. Extra points if you also make it portable.

Thanks [John Little] for the tip.

Header: Evan-Amos / CC BY-SA 3.0

iPhone pictured with a lock

Is Anything Really Private Anymore?

June 26, 2020 by 53 Comments

In the connected age, every day it appears privacy is becoming more and more of an idealistic fantasy as opposed to a basic human right. In our latest privacy debate per [TechCrunch], apparently the FBI is taking some shots at Apple.

You may recall the unfortunate events, leading the FBI to ask Apple to unlock an iPhone belonging to a person of interest. Apple did not capitulate to the FBI’s request on the basis of their fundamental commitment to privacy. The FBI wasn’t really thrilled with Apple’s stance given the circumstances leading to the request. Nevertheless, eventually, the FBI was able to unlock the phone without Apple’s help.

You may find it somewhat interesting that the author of the news piece appears to be more upset with the FBI for cracking the phone than at Apple (and by extension other tech companies) for making phones that are crackable to begin with.

Maybe we should take solace in knowing that Apple stood their ground for the sake of honoring their privacy commitment. But as we saw, it didn’t really matter in the end as the FBI was able to hire a third party to help them unlock the phones and were later able to repeat the process in-house. The article also noted that there are other private companies capable of doing exactly what the FBI did. We understand that no encryption is 100% safe. So it begs the question, “Is anything really private anymore?” Share your thoughts in the comments below.