Day: December 11, 2020

Still Got Film To Scan? This Lego And Raspberry Pi Scanner Is For You

December 11, 2020 by 9 Comments

There was a time during the early years of mass digital photography, when a film scanner was a common sight. A small box usually connected to a USB port, it had a slot for slides or negatives. In 2020 they’reĀ  a rare breed, but never fear! [Bezineb5] has a solution in the shape of an automated scanner using a Radpberry Pi and a mechanism made of Lego.

The Lego mechanism is a sprocket feeder that moves the film past the field of view from an SLR camera. The software on the Pi runs in a Docker container, and features a machine learning approach to spotting frame boundaries. This is beyond the capabilities of the Pi, so is offloaded to a Google Coral accelerator.

The whole process is automated with the Pi controlling not only the Lego but also the camera, to the extent of retrieving the photos from it to the Pi. There’s a smart web interface to control everything, making the process — if you’ll excuse the pun — a snap. There’s a video of it in action, that you can see below the break.

We’ve featured many film scanner projects over the years, one that remains memorable is this 3D printed lens mount.

Continue reading “Still Got Film To Scan? This Lego And Raspberry Pi Scanner Is For You”

This Week In Security: VMWare, Microsoft Teams, Python Fuzzing, And More

December 11, 2020 by 9 Comments

There’s a VMWare problem that’s being exploited in the wild, according to the NSA (PDF). The vulnerability is a command injection on an administrative console. The web host backing this console is apparently running as root, as the vulnerability allows executing “commands with unrestricted privileges on the underlying operating system.”

The wrinkle that makes this interesting is that VMWare learned about this vuln from the NSA, which seems to indicate that it was a zero-day being used by a foreign state. The compromise chain they list is also oddly specific, making me suspect that it is a sanitized account of observed attacks.

Microsoft Teams, And the Non-CVE

[Oskars Vegeris] found a pair of interesting problems in the Microsoft Teams client, which together allows an interactionless, wormable RCE. The first vuln is an XSS problem, where a message containing a “mention” can be modified in transit to include arbitrary Javascript. To get that JS past the XSS protection filter, a unicode NULL byte is included in the payload. The second vuln is using the built-in file download code in the Teams app to download and auto-run a binary. Put together, anyone who simply loads the message in their Teams app runs the code.

Vegeris points out that since so many users have a presence in multiple rooms, it would be trivial to use this exploit to build a worm that could infect the majority of Teams users worldwide. The bug was reported privately to Microsoft and fixed back in October. A wormable RCE in a widely used tool seems like a big deal, and should net a high CVE score, right? Microsoft gave two ratings for this attack chain, for the two versions of Teams that it can affect. For the Office365 client, it’s “Important, Spoofing”, which is about as unimportant as a bug can be. The desktop app, at least, was rated “critical” for an RCE. The reason for that seems to be that the sandbox escape only works on the standalone desktop app.

But no CVE was issued for the exploit chain. In the security community, collecting CVEs is an important proof of work for your resume. Microsoft replied that they don’t issue CVEs for products that get updated automatically without user interaction. Kerfuffle ensued. Continue reading “This Week In Security: VMWare, Microsoft Teams, Python Fuzzing, And More”

CNC Router Frame Repurposed For Colorful String Art Bot

December 11, 2020 by 12 Comments

Pandemic lockdowns have been brutal, but they’ve had the side-effect of spurring creativity and undertaking projects that are involved enough and complex enough to keep from going stir crazy. This CNC string art robot is a great example of what’s possible with a little imagination and a lot of time. (Video, embedded below.)

According to [knezuld11], the robot creates its art through mathematical algorithms via a Python program that translates them into nail positions and string paths. The modified CNC router frame, constructed of laser-cut plywood, has two interchangeable tool heads. The first places the nails, which are held in a small hopper. After being picked up by a servo-controlled magnetic arm and held vertically, a gear-driven ram pushes each nail into a board at just the right coordinates. After changing to a different tool, the robot is able to pick up one of nine different thread dispensers. A laser sensor verifies the thread nozzle position, and the thread starts its long journey around the nails. It’s a little mesmerizing to watch, and the art looks great, with a vibe that brings us right back to the 70s. Groovy, man.

This reminds us a little of a recent [Barton Dring] project that makes art from overlapping strings. That one was pretty cool for what it accomplished with just one thread color, while this one really brings color to the party. Take your pick, place your nails, and get stringing.

Continue reading “CNC Router Frame Repurposed For Colorful String Art Bot”

Gigantic Working Arduino Uses 1/4″ Cables

December 11, 2020 by 25 Comments

What is it about larger-than-life versions of things that makes them so awesome? We’re not sure exactly, but this giant working Arduino definitely has the ‘it’ factor, whatever that may be. It’s twelve times the size of a regular Uno and has a Nano embedded in the back of it. To give you an idea of the scale, the reset button is an arcade button.

The Arduino Giga’s PCB is made of 3/4″ plywood, and the giant components represent a week and a half of 3D printing. The lettering and pin numbers are all carved on a CNC and filled in with what appears to be caulk. They didn’t get carved out deeply enough the first time around, but [byte sized] came up with a clever way to perfectly re-register the plywood so it carved in exactly the same places.

Although we love everything about this build, our favorite part has to be the way that [byte sized] made the female headers work. Each one has a 1/4″ audio jack embedded inside of it (a task which required a special 3D printed tool), so patch cables are the new jumper cables. [byte sized] put it to the test with some addressable RGB LEDs on his Christmas tree, which you can see in the build video after the break.

You can buy one of those giant working 555 timer kits, but why not just make one yourself?

Continue reading “Gigantic Working Arduino Uses 1/4″ Cables”