We often see Raspberry Pi boards of various flavors stuck inside vintage computers and the like. [El Gato Guiri] has instead installed one inside a PlayStation 2 Slim, and rather artfully at that. The result is a tidy little media center device.
The PlayStation 2 was gutted, with a Raspberry Pi 3B installed inside. The original ports on the back, including the USB and Ethernet port, were then wired up to the Pi to make them fully functional. A slot was then cut into the back to allow the HDMI port to be hooked up. The front USB ports work, too, and the optical drive was removed to make way for a 2 TB Toshiba external drive. Adapters are used to make the controller ports work, as well. Finally, a Noctua fan was installed atop the Pi to make sure it never gets too hot.
Whether it’s for watching movies or playing emulated games with the PS2 controllers, the little media center build is sure to do well.
We’ve seen Raspberry Pis stuck in everything from laptops to monitors, as well as plenty of retro hardware too. When a piece of hardware is dead and gone, a Raspberry Pi can be a great way to breathe new life into an attractive old case!
There’s a problem in the unrar utility, and as a result, the Zimbra mail server was vulnerable to Remote Code Execution by simply sending an email. So first, unrar is a source-available command-line application made by RarLab, the same folks behind WinRAR. CVE-2022-30333 is the vulnerability there, and it’s a classic path traversal on archive extraction. One of the ways this attack is normally pulled off is by extracting a symlink to the intended destination, which then points to a location that should be restricted. unrar has code hardening against this attack, but is sabotaged by its cross-platform support. On a Unix machine, the archive is checked for any symbolic links containing the ../ pattern. After this check is completed, a function runs to convert any Windows paths to Unix notation. As such, the simply bypass is to include symlinks using ..\ traversal, which don’t get caught by the check, and then are converted to working directories.
That was bad enough, but Zimbra made it worse by automatically extracting .rar attachments on incoming emails, in order to run a virus and spam check. That extraction isn’t sandboxed, so an attacker’s files are written anywhere on the filesystem the zimbra user can write. It’s not hard to imagine how this turns into a full RCE very quickly. If you have an unrar binary based on RarLab code, check for version 6.1.7 or 6.12 of their binary release. While Zimbra was the application specifically called out, there are likely to be other cases where this could be used for exploitation. Continue reading “This Week In Security: Zimbra RCE, Routers Under Attack, And Old Tricks In WebAssembly”→
You might have already seen the pretty pictures in pastel colors online — a small netbook-like computer with a full-size keyboard. This, while a render, is what the MNT Pocket Reform is going to look like. Reminiscent of the netbook aesthetic in all the right ways, it’s a small device with a mechanical keyboard taking as much space as possible, trackball for navigation, and we assume, exactly the kind of screen that’d be comfortable to use.
We’ve reviewed the MNT Reform a year ago, and this device inherits a lot of its good parts. The motherboard’s connectivity is likely subject to change, but on the motherboard renders, we can spot three USB-C ports, a Micro HDMI port, a microSD card slot, ix Industrial Ethernet, and M.2 B-key and M-key slots for WWAN and SSD cards respectively.
If you expected computational specs, there isn’t really a specific CPU+RAM configuration announced – for a good reason. The Pocket Reform takes advantage of the CPU card concept designed into the MNT Reform – able to take a card with an NXP i.MX8M CPU, Raspberry Pi CM4, Pine SOQuartz, a Kintex-7 FPGA, or any of the cards yet to be developed. The design files are open-source, the prototype motherboards have been ordered, mechanical usability aspects have been worked through. This is a very compelling project, and we can’t wait to see it bear fruit!
User-friendly slicing software is arguably the key software component that makes 3D printing approachable for most users. Without it going from a CAD design to a printing part would take hours, not seconds. As a trade-off you give up a lot of control over the exact path of the hotend, but most of the time it’s worth it. However, for some niche use-cases, having complete control over the tool path is necessary. Enter FullControl GCode Designer, a tool that gives you all the control without resorting to writing GCode directly.
FullControl takes an approach similar to OpenSCAD, where you define path geometries line by line. Need an array of circles? Choose the circle feature, define its origin, radius, starting position, and extrusion height, and define the spacing and axes (including Z) of the copies. Need a mathematically defined lamp shade? Define the functions, and FullControl generates the GCode. Non-planar printing, where your print head moves along all three axes simultaneously instead of staying at a constant Z-height is also possible. In the video after the break, [Thomas Sanladerer] demonstrates how he used FullControl to reduce the print time of a functionally identical part from two hours to 30 minutes.
FullControl is built on Microsoft Excel using Visual Basic scripting, which comes at the cost of long GCode generation times. It also doesn’t show the defined tool paths graphically, so the generated code needs to be pasted into a viewer like Repetier Host to see what it’s doing. Fortunately, a Python version is coming to should hopefully elevate many of these shortcomings.