Slider

4949 Articles

This Week In Security: XCode Infections, Freepik, And Crypto Fails

August 28, 2020 by 8 Comments

There is a scenario that keep security gurus up at night: Malware that can detect software compilation and insert itself into the resulting binary. A new Mac malware, XCSSET (PDF), does just that, running whenever Xcode is used to build an application. Not only is there the danger of compiled apps being malicious, the malware also collects data from the developer’s machine. It seems that the malware spreads through infected Xcode projects.

WordPress Plugins

WordPress has a complicated security track record. The core project has had very few serious vulnerabilities over the years. On the other hand, WordPress sites are routinely compromised. How? Generally through vulnerable plugins. Case in point? Advanced Access Manager. It’s a third party WordPress plugin with an estimate 100,000 installations. The problem is that this plugin requires user levels, a deprecated and removed WordPress feature. The missing feature had some unexpected results, like allowing any user to request administrator privileges.

The issue has been fixed in 6.6.2 of the plugin, so if you happen to run the Advanced Access Manager plugin, make sure to get it updated. Beyond that, maybe it’s time to do an audit on your WordPress site. Uninstall unused plugins, and make sure the rest are up to date, along with the WordPress installation itself. Continue reading “This Week In Security: XCode Infections, Freepik, And Crypto Fails”

VR Technology Helps Bring A Galaxy Far, Far Away To Our TV

August 27, 2020 by 18 Comments

Virtual reality is usually an isolated individual experience very different from the shared group experience of a movie screen or even a living room TV. But those worlds of entertainment are more closely intertwined than most audiences are aware. Video game engines have been taking a growing role in film and television production behind the scenes, and now they’re stepping out in front of the camera in a big way for making The Mandalorian TV series.

Big in this case is a three-quarters cylindrical LED array 75 ft (23 m) in diameter and 20 ft (6 m) high. But the LEDs covering its walls and ceiling aren’t pointing outwards like some installation for Times Square. This setup, called the Volume, points inward to display background images for camera and crew working within. It’s an immersive LED backdrop and stage environment.

Incorporating projected imagery on stage is a technique going at least as far back as 1933’s King Kong, but it is very limited. Lighting and camera motion has to be very constrained in order to avoid breaking the fragile illusion. More recently, productions have favored green screens replaced with computer imagery in post production. It removed most camera motion and lighting constraints, but costs a lot of money and time. It is also more difficult for actors to perform their roles convincingly against big blank slabs of green. The Volume solves all of those problems by putting computer-generated imagery on set, rendered in real time via video game engine Unreal.

Continue reading “VR Technology Helps Bring A Galaxy Far, Far Away To Our TV”

The Mini Console Revolution, And Why Hackers Passed Them By

August 27, 2020 by 31 Comments

The Raspberry Pi was initially developed as an educational tool. With its bargain price and digital IO, it quickly became a hacker favorite. It also packed just enough power to serve as a compact emulation platform for anyone savvy enough to load up a few ROMs on an SD card.

Video game titans haven’t turned a blind eye to this, realising there’s still a market for classic titles. Combine that with the Internet’s love of anything small and cute, and the market was primed for the release of tiny retro consoles.

Often selling out quickly upon release, the devices have met with a mixed reception at times due to the quality of the experience and the games included in the box. With so many people turning the Pi into a retrogaming machine, these mini-consoles purpose built for the same should have been immediately loved by hardware hackers, right? So what happened?

Continue reading “The Mini Console Revolution, And Why Hackers Passed Them By”

Dealing With A Hacked Brain; Let’s Talk About Depression

August 26, 2020 by 100 Comments

This post is different from normal Hackaday fare. I don’t want to presume anything about you, but I’m pretty sure the story I’m about to share resonates with at least some of you.

I’ve been having a tough time, exacerbated by this age of social distancing. This all crept up on me at first, but as I began to look back on my behavior and moods, I began noticing patterns that I hadn’t noticed before. This is certainly a relevant issue in this community, so let’s talk about mental health, beginning with my own journey.

Continue reading “Dealing With A Hacked Brain; Let’s Talk About Depression”

Art of 3D printer in the middle of printing a Hackaday Jolly Wrencher logo

3D Printering: The World Of Non-Free 3D Models Is Buyer Beware

August 26, 2020 by 32 Comments

There are more free 3D models online than one can shake a stick at, but what about paid models? Hosting models somewhere and putting a buy button in front of the download is certainly a solved problem, but after spending some time buying and printing a variety of non-free 3D models online, it’s clear that there are shortcomings in the current system.

What the problems are and how to address them depends a little on the different ways models get sold, but one thing is clear: poorly-designed 3D models are bad for consumers, and bad for the future of pay-to-download in general. Continue reading “3D Printering: The World Of Non-Free 3D Models Is Buyer Beware”

Frances Allen Optimised Your Code Without You Even Knowing

August 25, 2020 by 9 Comments

In 2020, our digital world and the software we use to create it are a towering structure, built upon countless layers of abstraction and building blocks — just think about all the translations and interactions that occur from loading a webpage. Whilst abstraction is undoubtedly a great thing, it only works if we’re building on solid ground; if the lower levels are stable and fast. What does that mean in practice? It means low-level, compiled languages, which can be heavily optimised and leveraged to make the most of computer hardware. One of the giants in this area was Frances Allen, who recently passed away in early August. Described by IBM as “a pioneer in compiler organization and optimization algorithms,” she made numerous significant contributions to the field. Continue reading “Frances Allen Optimised Your Code Without You Even Knowing”

Linux-Fu: Your Own Dynamic DNS

August 25, 2020 by 14 Comments

It is a problem as old as the Internet. You want to access your computer remotely, but it is behind a router that randomly gets different IP addresses. Or maybe it is your laptop and it winds up in different locations with, again, different IP addresses. There are many ways to solve this problem and some of them are better than others.

A lot of routers can report their IP address to a dynamic DNS server. That used to be great, but now it seems like many of them hound you to upgrade or constantly renew so you can see their ads. Some of them disappear, too. If your router vendor supplies one, that might be a good choice, until you change routers, of course. OpenWRT supports many such services and there are many lists of common services.

However, if you have a single public accessible computer, for example a Web server or even a cloud instance, and you are running your own DNS server, you really don’t need one of those services. I’m going to show you how I do it with an accessible Linux server running Bind. This is a common setup, but if you have a different system you might have to adapt a bit.

There are many ways to set up dynamic DNS if you are willing to have a great deal of structure on both sides. Most of these depend on setting up a secret key to allow for DNS updates and some sort of script that calls nsupdate or having the DHCP server do it. The problem is, I have a lot of client computers and many are set up differently. I wanted a system where the only thing needed on the client side was ssh. All the infrastructure remains on the DNS server.

Continue reading “Linux-Fu: Your Own Dynamic DNS”