Creating Video From A ROM

We’re used to computers with display screens, yet how many of us have created the circuitry to drive one directly? Sure, we’ve coded up an SPI display driver on a microcontroller, but create the hardware to generate a usable video signal? That’s a little more difficult. [Jdh] has given it a go though, with a TTL video card.

In this case it’s not a card so much as a collection of breadboards, but all the logic is there to generate the complex array of video timings necessary for synchronisation, and to output the bits sequentially at the right voltage levels for the analogue monitor. It’s worth pointing out though that it’s not a composite video signal that’s being created sinceit’s monochrome only with no subcarrier.

In the end he encounters the problem that his ROM isn’t fast enough for the pixel rate and thus the image has artefacts, but it does at least produce a recognisable and readable something on the screen. Old hands in the video business might point out that analogue TVs were a bit forgiving when it came to exact timings and line counts so the circuit could quite possibly be simplified, and also that trading away some of the resolution might fix the ROM speed issue. But it’s an impressive piece of work, and should be of particular interest for anyone interested in how video works.

Fans of video cards on breadboards should also check out [Ben Eater’s] 7400-series video card.

Continue reading “Creating Video From A ROM”

This Week In Security: Ghoscript In Imagemagick, Solarwinds, And DHCP Shenanigans

A PoC was just published for a potentially serious flaw in the Ghostscript interpreter. Ghostscript can load Postscript, PDF, and SVG, and it has a feature from Postscript that has been a continual security issue: the %pipe% command. This command requests the interpreter to spawn a new process — It’s RCE as part of the spec. This is obviously a problem for untrusted images and documents, and Ghostscript has fixed security vulnerabilities around this mis-feature several times over the years.

This particular vulnerability was discovered by [Emil Lerner], and described at ZeroNights X. That talk is available, but in Russian. The issue seems to be a bypass of sorts, where the pipe command appears to be working in the /tmp/ directory, but a simple semicolon allows for an arbitrary command to be executed. Now why is this a big deal? Because ImageMagick uses Ghostscript to open SVG images by default on some distributions, and ImageMagick is often used for automatically resizing and converting images for web sites. In [Emil]’s presentation, he uses this flaw as part of an attack chain against three different companies.

I was unable to reproduce the flaw on my Fedora install, but I haven’t found any notice of it being fixed in the Ghostscript or Imagemagick changelogs either. It’s unclear if this problem has already been fixed, or if this is a true 0-day for some platforms. Either way, expect attackers to start trying to make use of it.

Continue reading “This Week In Security: Ghoscript In Imagemagick, Solarwinds, And DHCP Shenanigans”

An acousto-optic tunable filter and laser

Acousto-Optic Filter Uses Sound To Bend Light

We all know that light and sound are wave phenomena, but of very different kinds. Light is electromechanical in nature, while sound is mechanical. Light can travel through a vacuum, while sound needs some sort of medium to transmit it. So it would seem that it might be difficult to use sound to modify light, but with the right equipment, it’s actually pretty easy.

Easy, perhaps, if you’re used to slinging lasers around and terms like “acousto-optic tunable filter” fall trippingly from your tongue, as is the case for [Les Wright]. An AOTF is a device that takes a radio frequency input and applies it to a piezoelectric transducer that’s bonded to a crystal of tellurium oxide. The RF signal excites the transducer, which vibrates the TeO2 crystal and sets up a standing wave within it. The alternating bands of compressed and expanded material within the crystal act like a diffraction grating. Change the excitation frequency, and the filter’s frequency changes too.

To explore the way sound can bend light, [Les] picked up a commercial AOTF from the surplus market. Sadly, it didn’t come with the RF driver, but no matter — a few quick eBay purchases put the needed RF generator and power amplifier on his bench. The modules went into an enclosure to make the driver more of an instrument and less of a one-off, with a nice multi-turn pot and vernier knob for precise filter adjustment. It’s really kind of cool to watch the output beam change colors at the twist of a knob, and cooler still to realize how it all works.

We’ve been seeing a lot of [Les]’ optics projects lately, from homemade TEA lasers to blasting the Bayer filter off a digital camera, each as impressive as the last! Continue reading “Acousto-Optic Filter Uses Sound To Bend Light”

Putting Thousands Of Minecraft Players On The Same Server

Multi-threading was the common go-to technique for extracting more performance from a machine for several years. These days it’s all about horizontal scaling or adding more virtual machines to a pool of workers. The Minecraft server is still stuck in the past in some ways as it supports neither multi-threading nor horizontal scaling. [Jackson Roberts] decided to change all that by hacking Minecraft to support thousands of players rather than dozens.

Since the server is single-threaded, having more than 100 players on a single server can slow it to a crawl. Some mods try to optimize and speed up the existing server but [Jackson] wanted more. An early proof of concept was to slice the world into separate servers, each holding 64×64 chunks (chunks are what Minecraft defines as a 16x256x16 volume of the world). When crossing a boundary, entities such as players and zombies were transferred from one server to another. While workable, the demo had issues such as parts of the world being inaccessible if a server went down. The boundaries were also jarring as you had to reconnect and couldn’t see players outside your server.

Instead of splitting the world, [Jackson] took the approach to split the players and have some backing store for persisting and broadcasting changes. A proxy sits in front of several Minecraft servers, which each have a connection to a WorldQL server (a spatial database based on Postgres). Each server reports the player’s location to the WorldQL server and receives updates for their loaded locations. When a server comes online, it catches up with the changes stored in WorldQL and starts syncing, allowing servers to auto-scale. There are still a few core game mechanics that aren’t quite ready for prime-time such as NPCs and Redstone, but the progress so far is remarkable.

The code for the Minecraft plugin is up on GitHub, but more is coming in the future. So if you’re interested in something a little more vanilla, why not marvel at the completely playable Pokemon Red inside vanilla Minecraft?