Day: November 13, 2020

Zoom Control Box Helps Keep Meetings On Track

November 13, 2020 by 19 Comments

For many people, the biggest change of 2020 has been adjusting to a glut of online teleconferences as a part of daily working life. [p_leriche] has had to adjust the way church services are conducted, and found managing a complicated streaming meeting setup to be complicated at best. To ease the workload on the presenter, he created a simple Zoom control box.

At its heart, the box is little more than a fancy keyboard. An Arduino Pro Micro is hooked up to a series of brightly colored pushbuttons, each labelled with regularly used Zoom functions. The Pro Micro is programmed to fire off the corresponding keyboard shortcuts when the buttons are pressed, activating the relevant function.

It might be a simple build, but it greatly reduces the hand gymnastics required mid-presentation, and we’re sure the users greatly appreciate the new hardware. While this is a quick-and-dirty build thrown together in a basic enclosure, macro keyboards can be both useful and attractive if you so desire. If you’ve built your own time-saving control console, be sure to let us know!

This Week In Security: Platypus, Git.bat, TCL TVs, And Lessons From Online Gaming

November 13, 2020 by 9 Comments

Git’s Large File System is a reasonable solution to a bit of a niche problem. How do you handle large binary files that need to go into a git repository? It might be pictures or video that is part of a project’s documentation, or even a demonstration dataset. Git-lfs’s solution is to replace the binary files with a text-based pointer to where the real file is hosted. That’s not important to understanding this vulnerability, though. The problem is that git-lfs will call the main git binary as part of its operation, and when it does so, the full path is not used. On a Unix system, that’s not a problem. The $PATH variable is used to determine where to look for binaries. When git is run, /usr/bin/git is automagically run. On a Windows system, however, executing a binary name without a path will first look in the current directory, and if a matching executable file is not found, only then will the standard locations be checked.

You may already see the problem. If a repository contains a git.exe, git.bat, or another git.* file that Windows thinks is executable, git-lfs will execute that file instead of the intended git binary. This means simply checking out a malicious repository gets you immediate code execution. A standard install of git for Windows, prior to 2.29.2.2, contains the vulnerable plugin by default, so go check that you’re updated!

Then remember that there’s one more wrinkle to this vulnerability. How closely do you check the contents of a git download before you run the next git command? Even with a patched git-lfs version, if you clone a malicious repository, then run any other git command, you still run the local git.* file. The real solution is pushing the local directory higher up the path chain. Continue reading “This Week In Security: Platypus, Git.bat, TCL TVs, And Lessons From Online Gaming”

Easy Carrier Board For The Compute Module 4 Shows You Can Do It, Too

November 13, 2020 by 25 Comments

The Raspberry Pi Compute Module 4 has got many excited, with a raft of new features bringing exciting possibilities. However, for those used to the standard Raspberry Pi line, switching over to the Compute Module form factor can be daunting. To show just how easy it is to get started, [timonsku] set about producing a quick and dirty carrier board for the module at home.

The Twitter thread goes into further detail on the design of the board. The carrier features HDMI, USB-A and USB-C ports, as well as a microSD slot. It’s all put together on a single-sided copper PCB that [timonsku] routed at home. The board was built as an exercise to show that high-speed signals and many-pin connectors can be dealt with by the home gamer, with [timonsku] sharing tips on how to get the job done with cheap, accessible tools.

The board may look rough around the edges, but that’s the point. [timonsku] doesn’t recommend producing PCBs at home when multi-layer designs can be had cheaply from overseas. Instead, it serves to show how little is really required to design a carrier board that works. Even four-layer boards can be had for under $10 apiece now, so there’s never been a better time to up your game and get designing.

For those eager to learn more about the CM4, we’ve got a full breakdown to get you up to speed!

Tracking Drone Flight Path Via Video, Using Cameras We Can Get

November 13, 2020 by 4 Comments

Calculating three-dimensional position from two-dimensional projections are literal textbook examples in geometry, but those examples are the “assume a spherical cow” type of simplifications. Applicable only in an ideal world where the projections are made with mathematically perfect cameras at precisely known locations with infinite resolution. Making things work in the real world is a lot harder. But not only have [Jingtong Li, Jesse Murray et al.] worked through the math of tracking a drone’s 3D flight from 2D video, they’ve released their MultiViewUnsynch software on GitHub so we can all play with it.

Instead of laboratory grade optical instruments, the cameras used in these experiments are available at our local consumer electronics store. A table in their paper Reconstruction of 3D Flight Trajectories from Ad-Hoc Camera Networks (arXiv:2003.04784) listed several Huawei cell phone cameras, a few Sony digital cameras, and a GoPro 3. Video cameras don’t need to be placed in any particular arrangement, because positions are calculated from their video footage. Correlating overlapping footage from dissimilar cameras is a challenge all in itself, since these cameras record at varying framerates ranging from 25 to 59.94 frames per second. Furthermore, these cameras all have rolling shutters, which adds an extra variable as scanlines in a frame are taken at slightly different times. This is not an easy problem.

There is a lot of interest in tracking drone flights, especially those flying where they are not welcome. And not everyone have the budget for high-end equipment or the permission to emit electromagnetic signals. MultiViewUnsynch is not quite there yet, as it tracks a single target and video files were processed afterwards. The eventual goal is to evolve this capability to track multiple targets on live video, and hopefully help reduce frustrating public embarrassments.

[IROS 2020 Presentation video (duration 14:45) requires free registration, available until at least Nov. 25th 2020.]