Year: 2020

Still Got Film To Scan? This Lego And Raspberry Pi Scanner Is For You

December 11, 2020 by 9 Comments

There was a time during the early years of mass digital photography, when a film scanner was a common sight. A small box usually connected to a USB port, it had a slot for slides or negatives. In 2020 they’reĀ  a rare breed, but never fear! [Bezineb5] has a solution in the shape of an automated scanner using a Radpberry Pi and a mechanism made of Lego.

The Lego mechanism is a sprocket feeder that moves the film past the field of view from an SLR camera. The software on the Pi runs in a Docker container, and features a machine learning approach to spotting frame boundaries. This is beyond the capabilities of the Pi, so is offloaded to a Google Coral accelerator.

The whole process is automated with the Pi controlling not only the Lego but also the camera, to the extent of retrieving the photos from it to the Pi. There’s a smart web interface to control everything, making the process — if you’ll excuse the pun — a snap. There’s a video of it in action, that you can see below the break.

We’ve featured many film scanner projects over the years, one that remains memorable is this 3D printed lens mount.

Continue reading “Still Got Film To Scan? This Lego And Raspberry Pi Scanner Is For You”

This Week In Security: VMWare, Microsoft Teams, Python Fuzzing, And More

December 11, 2020 by 9 Comments

There’s a VMWare problem that’s being exploited in the wild, according to the NSA (PDF). The vulnerability is a command injection on an administrative console. The web host backing this console is apparently running as root, as the vulnerability allows executing “commands with unrestricted privileges on the underlying operating system.”

The wrinkle that makes this interesting is that VMWare learned about this vuln from the NSA, which seems to indicate that it was a zero-day being used by a foreign state. The compromise chain they list is also oddly specific, making me suspect that it is a sanitized account of observed attacks.

Microsoft Teams, And the Non-CVE

[Oskars Vegeris] found a pair of interesting problems in the Microsoft Teams client, which together allows an interactionless, wormable RCE. The first vuln is an XSS problem, where a message containing a “mention” can be modified in transit to include arbitrary Javascript. To get that JS past the XSS protection filter, a unicode NULL byte is included in the payload. The second vuln is using the built-in file download code in the Teams app to download and auto-run a binary. Put together, anyone who simply loads the message in their Teams app runs the code.

Vegeris points out that since so many users have a presence in multiple rooms, it would be trivial to use this exploit to build a worm that could infect the majority of Teams users worldwide. The bug was reported privately to Microsoft and fixed back in October. A wormable RCE in a widely used tool seems like a big deal, and should net a high CVE score, right? Microsoft gave two ratings for this attack chain, for the two versions of Teams that it can affect. For the Office365 client, it’s “Important, Spoofing”, which is about as unimportant as a bug can be. The desktop app, at least, was rated “critical” for an RCE. The reason for that seems to be that the sandbox escape only works on the standalone desktop app.

But no CVE was issued for the exploit chain. In the security community, collecting CVEs is an important proof of work for your resume. Microsoft replied that they don’t issue CVEs for products that get updated automatically without user interaction. Kerfuffle ensued. Continue reading “This Week In Security: VMWare, Microsoft Teams, Python Fuzzing, And More”

CNC Router Frame Repurposed For Colorful String Art Bot

December 11, 2020 by 12 Comments

Pandemic lockdowns have been brutal, but they’ve had the side-effect of spurring creativity and undertaking projects that are involved enough and complex enough to keep from going stir crazy. This CNC string art robot is a great example of what’s possible with a little imagination and a lot of time. (Video, embedded below.)

According to [knezuld11], the robot creates its art through mathematical algorithms via a Python program that translates them into nail positions and string paths. The modified CNC router frame, constructed of laser-cut plywood, has two interchangeable tool heads. The first places the nails, which are held in a small hopper. After being picked up by a servo-controlled magnetic arm and held vertically, a gear-driven ram pushes each nail into a board at just the right coordinates. After changing to a different tool, the robot is able to pick up one of nine different thread dispensers. A laser sensor verifies the thread nozzle position, and the thread starts its long journey around the nails. It’s a little mesmerizing to watch, and the art looks great, with a vibe that brings us right back to the 70s. Groovy, man.

This reminds us a little of a recent [Barton Dring] project that makes art from overlapping strings. That one was pretty cool for what it accomplished with just one thread color, while this one really brings color to the party. Take your pick, place your nails, and get stringing.

Continue reading “CNC Router Frame Repurposed For Colorful String Art Bot”

Gigantic Working Arduino Uses 1/4″ Cables

December 11, 2020 by 25 Comments

What is it about larger-than-life versions of things that makes them so awesome? We’re not sure exactly, but this giant working Arduino definitely has the ‘it’ factor, whatever that may be. It’s twelve times the size of a regular Uno and has a Nano embedded in the back of it. To give you an idea of the scale, the reset button is an arcade button.

The Arduino Giga’s PCB is made of 3/4″ plywood, and the giant components represent a week and a half of 3D printing. The lettering and pin numbers are all carved on a CNC and filled in with what appears to be caulk. They didn’t get carved out deeply enough the first time around, but [byte sized] came up with a clever way to perfectly re-register the plywood so it carved in exactly the same places.

Although we love everything about this build, our favorite part has to be the way that [byte sized] made the female headers work. Each one has a 1/4″ audio jack embedded inside of it (a task which required a special 3D printed tool), so patch cables are the new jumper cables. [byte sized] put it to the test with some addressable RGB LEDs on his Christmas tree, which you can see in the build video after the break.

You can buy one of those giant working 555 timer kits, but why not just make one yourself?

Continue reading “Gigantic Working Arduino Uses 1/4″ Cables”

A Lambda 8300 Lives Again

December 10, 2020 by 3 Comments

If you follow retrocomputing — or you are simply old enough to remember those days — you hear the same names over and over. Commodore, Apple, Radio Shack, and Sinclair, for example. But what about the Lambda 8300? Most people haven’t heard of these but [Mike] has and he has quite a few of them. The computer is similar to a Sinclair ZX81, but not an exact clone. All of his machines need some repairs (he’s promised repair videos are on their way), but for the video below he wired a monitor directly to the PCB to get steady output, so apparently the RF modulator is the failing subsystem in this case.

Once the video cleared up, you can see a walkthrough of running a simple BASIC program. As was common in those days, the computer used an audio cassette recorder for data storage. [Mike] picked up some dedicated recorders meant for computer use, but neither were in working shape. However, a consumer player works fine.

Continue reading “A Lambda 8300 Lives Again”

Easy Frequency Counter Looks Good, Reads To 6.5 MHz

December 10, 2020 by 12 Comments

We were struck by how attractive [mircemk’s] Arduino-based frequency counter looks. It also is a reasonably simple build. It can count up to 6.5 MHz which isn’t that much, but there’s a lot you can do even with that limitation.

The LED display is decidedly retro. Inside a very modern Arduino Nano does most of the work. There is a simple shaping circuit to improve the response to irregular-shaped input waveforms. We’d have probably used a single op-amp as a zero-crossing detector. Admittedly, that’s a bit more complex, but not much more and it should give better results.

Continue reading “Easy Frequency Counter Looks Good, Reads To 6.5 MHz”

ESP32 Spectrum Analyzer Taps Into Both Cores

December 10, 2020 by 16 Comments

We probably don’t need to tell the average Hackaday reader that the ESP32 is a powerful and extremely flexible microcontroller. We’ve seen some incredible projects using this affordable chip over the last few years, and by the looks of it, the best is yet to come. That’s because it always takes some time before the community can really figure out how to get the most out of a piece of hardware.

Take for example the Bluetooth audio player that [squix] was recently working on. Getting the music going was no problem with the esp32-a2dp library, but when he wanted to add some visualizations the audio quality took a serious hit. Realizing that his Fast Fourier transform (FFT) code was eating up too much processor power, it seemed like a great time for him to explore using the ESP32’s second core.

[squix] had avoided poking around with the dual-core nature of the ESP32 in the past, believing that the second core was busy handling the WiFi communication. But by using the FreeRTOS queue system, he wrote some code that collects audio data with one core and runs the actual FFT magic on the other. By balancing the workload like this, he’s able to drive the array of 64 WS2812B LEDs on the front of the Icon64 seen in the video after the break.

Even if you’re not terribly interested in running your own microcontroller disco, this project may be just the example you’ve been waiting for to help get your mind wrapped around multitasking on the ESP32. If you want to master a device with this many tricks up its sleeve, you’ll need all the help you can get.

Continue reading “ESP32 Spectrum Analyzer Taps Into Both Cores”