Day: April 21, 2023

Building A Motorized Pan Tilt Rig For Filming

April 21, 2023 by 3 Comments

Today, anyone can shoot video because cameras are cheap and readily available. But if you want to do fancy Hollywood-style moving shots, you’ll need somebody to point the thing — or a machine to do it for you. [Giovanni Aggiustatutto] went the latter route with this mechanized pan-tilt build.

The build relies on stepper motors for clean and accurate movement on both axes. Belt drives are used to step down the output of the motors for greater torque. The pan-tilt mechanism itself is built from a combination of 3D printed parts paired with wooden components and a pair of aluminium tubes for rigidity. The whole assembly comes with a standard mount for use with a regular tripod. An Arduino Uno runs the show, using TMC2208 stepper drivers to command the motors. A control pad featuring a joystick and buttons is used for control, with an LCD to provide useful feedback to the user.

Pan-tilt systems are more typically used for security purposes, but we like the application to creative work here.

Continue reading “Building A Motorized Pan Tilt Rig For Filming”

This Week In Security: Spandex Tempest, Supply Chain Chain, And NTP

April 21, 2023 by 14 Comments

Microsoft’s Threat Intelligence group has announced a new naming scheme for threat actors. It sounds great, naming groups after weather phenomenon, based on the groups motivations or nation of origin. Then each discreet group is given an additional adjective. That’s where things get interesting.

It seems like the adjectives were chosen at random, giving rise for some suitably impressive names, like Ghost Blizzard, Ruby Sleet, or Granite Typhoon. Some of the other names sound like they should be desserts: Caramel Tsunami, Peach Sandstorm, Aqua Blizzard, or Raspberry Typhoon. But then there the really special names, like Wine Tempest and Zigzag Hail. But the absolute winner is Spandex Tempest. No word yet on whether researchers managed to keep a straight face when approving that name.

Chrome 0-day Double

A pair of Chrome browser releases have been minted in the past week, both to address vulnerabilities that are actively being exploited. Up first was CVE-2022-2033, type confusion in the V8 JS engine. That flaw was reported by Google’s Threat Analysis Group, presumably discovered in the wild, and the fix was pushed as stable on the 14th.

Then, on th 18th, yet another released rolled out to fix CVE-2023-2136, also reported by the TAG, also being exploited in the wild. It seems likely that both of these 0-days were found in the same exploitation campaign. We look forward to hearing the details on this one. Continue reading “This Week In Security: Spandex Tempest, Supply Chain Chain, And NTP”

Getting The Most From Fading ThinkPads

April 21, 2023 by 40 Comments

The ThinkPad line of laptops has been widely prized not only by businesses but also by those who appreciate a high standard of hardware quality and repairability. But some think the cracks are starting to form in their reputation, as it seems that new ThinkPads are sacrificing quality for aesthetics and cost. As a result a huge modding scene has popped up around models that are a few years old like [Cal] found out when working on this X230.

At first he only made some cosmetic improvements to the laptop like replacing the worn palm rest, but quickly found himself in a rabbit hole with other upgrades like swapping out the keyboard and battery. The new keyboard is a 7-row X220 keyboard, which required modification of the connector and flashing the embedded controller with a hacked image to change the keyboard map without needing to make changes at the OS level. From there, he decided to replace the lackluster screen with a 1920×1080 matte IPS panel using an adapter board from Nitrocaster, and finished off his upgrades with a customized Coreboot BIOS for improved performance and security.

While Coreboot doesn’t remove all of the binary blobs that a bootloader like libreboot does, the latter is not compatible with more modern machines like this X230. Still, you’ll get many benefits from using Coreboot instead of the stock bootloader. For running Linux on a daily driver laptop, we appreciate all of these updates and expect that [Cal] will get plenty of years of use out of his machine. We’ve definitely seen an active modding scene for ThinkPads that were (at the time) seven years old and still going strong, so we’d expect nothing less for this one.

Linux Server, Wakey, Wakey

April 21, 2023 by 39 Comments

We all know we should save energy and not leave computers on all the time. It is probably better for the computer, too. But when you operate a home server, it isn’t feasible to just turn it on when you want to use it and then turn it off again. Or is it? [Daniel] decided that was exactly what he wanted to do, and it was quite an adventure to get there.

The trick is to use a Raspberry Pi — they don’t draw nearly the power a big computer does — to stay awake to facilitate the process. The Pi watches for ARP requests for the sleeping machine and replies on its behalf so that other network nodes can find the machine even when it isn’t on.

The server itself detects if it is idle in a cron job. When it finds that there are no SSH or other service connections for a set period of time, it suspends the machine to RAM, putting it in a low-power mode. Waking a sleeping computer up over the network is a solved problem, and [Daniel] investigated several wake-on-lan solutions.

There were several oddities to work out, including a Mac pinging an unused network share, and a router that was making NetBIOS queries. However, [Daniel] found a $30 router that could do port mirroring and that helped a lot with troubleshooting.

This is one of those things where his recipe won’t exactly fit your situation. But the post has a lot of good information and some nice tricks for troubleshooting any kind of network bizarreness.

Wireshark is a great tool for this kind of work, too. Another useful technique is recording network traffic and playing it back.