RSA SecurID Software Token Converter contains a buffer overflow vulnerability that could allow a malicious user to cause a denial of service or, possibly, execute arbitrary code on a system running the Token Converter.

Yesterday AMD officially launched the Radeon HD 7800 “Pitcairn” series as the latest hardware in their Southern Islands family to reside between the Radeon HD 7700 series and their flagship Radeon HD 7900 cards. Unfortunately, the open-source support for these latest AMD GPUs remains unavailable…

One thing you can look forward to when arriving at home after a long, arduous day at the office is some peppy theme music when you walk in the door. [Sebastian Sommer] built the system, and shows it off in the video after the break by dancing to James Brown’s I feel good.

The setup uses an Arduino as a microcontroller. It monitors a hall effect sensor on the jamb which detects a passing magnet on the door. We guess this means the system doesn’t know if you’re coming or going but perhaps a future upgrade would add an infrared beam to detect your legs as head out the door. The music itself is played by an SparkFun MP3 shield which has a decoder chip, microSD slot, and audio jack for the powered speakers. [Sebastian] grabbed a copy of [Bill Porter's] mp3 shield library to get the project up and running quickly.

This is a pretty cool addition if you’re already using an Arduino for a door lock or vice versa. Or maybe you’re not home enough to make this hack worth it, in which case you simply must take this music playing Tesla coil hat along on your commute.

Filed under: home hacks

Gentoo Linux Security Advisory 201203-3 – Multiple vulnerabilities have been found in Puppet, the worst of which might allow local attackers to gain escalated privileges. Versions less than 2.7.11 are affected.

The gang over at Waterloo Labs decided to add a team-building aspect to a plain old Etch a Sketch. Instead of just twisting the two knobs with your own mitts, they’re converting this giant pencil’s movements into Etch a Sketch art.

The challenge here is figuring out a reliable way to track the tip of the pencil as it moves through the air. You may have already guess that they are using a Microsoft Kinect depth camera for this task. The Windows SDK for the device actually has a wrapper that helps it to play nicely with LabView, where the data is converted to position commands for the display.

On the Etch a Sketch side of things they’ve chosen the time-tested technique of adding gears and stepper motors to each of the toy’s knobs. As you can see from the video after the break, the results are mixed. We’d say from the CNC ‘W’ demo that is shown there’s room for improvement when it comes to the motor driver. We can’t really tell if the Kinect data translation is working as intended or not. But we say load it up and bring to a conference. We’re sure it’ll attract a lot of attention just like this giant version did.

[Thanks Maegan]

Filed under: Kinect hacks

Our mission with Ubuntu is to deliver, in the cleanest, most economical and most reliable form, all the goodness that engineers love about free software to the widest possible audience (including engineers ). We’ve known for a long time that free software is beautiful on the inside – efficient, accurate, flexible, modifiable. For the past three years, we’ve been leading the push to make free software beautiful on the outside too – easy to use, visually pleasing and exciting. That started with the Ubuntu Netbook Remix, and is coming to fruition in 12.04 LTS, [url=http://www.ubuntu.com/]now in beta.[/url]

The TRS-80 Model 100 is a computer you owe a lot to, even if you don’t recognize it. Released in 1983 by Tandy (now known as RadioShack) for $1099 USD, the Model 100 was one of the world’s first “notebook” computers. At the time its design was radical, as computers had always been large objects tethered to bulky CRT monitors; the Model 100 helped introduce concepts we all take for granted now, such as all-in-one construction, integrated LCD display, and the ability to run on battery power. Selling over 6 million units, the Model 100 proved that a highly portable computer could be successful, and we’re still seeing the effects of that today.

[Janne Mäntyharju] wanted to get an idea as to how much electricity he consumed in his new home, mainly to see if using his fireplace for additional heat had any effect on his bill. Luckily his power meter was mounted in the utility room of his house, making it easy to keep tabs on his usage.

His meter features a small LED that blinks a fixed number of times per consumed Kilowatt hour, so he mounted a photoresistor and ATtiny2313 above it to detect the light pulses. [Janne’s] server polls the microcontroller every 5 minutes over an XBee connection, recording the power usage in an SQL database for further analysis. From this database, he generates graphs showing both the temperature in his home as well as the average electricity usage for the specified time period.

[Janne] also wanted to make the data easily accessible, so he constructed a wall-mounted display using a Beagleboard and digital picture frame. The display not only shows his electricity usage, but it toggles between the weather, calendar events, IRC logs, and pictures from his security camera.

We’ve certainly seen this sort of electric meter monitoring before, but it serves as a quick reminder that given the right tools, watching your power usage (among other things) can be as easy as taking a quick glance over at the wall.

Filed under: home hacks

The people who brought you "Jesus Camp" are moving into your neighborhood school. And there’s not a damn thing you can do about it.

The students came for a summer learning experience with a job at a classic American company. Instead, they got a crash course in the realities of the global economy.

I lean on Skype (and Macs) pretty heavily, so when a fairly substantial update for the VOIP/messaging service goes live, my ears tend to perk up. The new Skype 5.6 update has me especially tickled — it’s now available for folks of the Mac persuasion, and it thankfully packs a handful of bugfixes as well as a slew of new (and arguably overdue) features.

Perhaps most important is the ability to delete part or all of a conversation in one fell swoop. I don’t find myself needing to do this too often aside from when I’m locked in throes of a particularly nasty digital cleaning spree, but I’m sure there are more than a few of you out there sighing with relief right about now.

Textual indiscretions aside, Skype 5.6 also brings with it the ability to auto-update when new versions are released (which the Windows version has been able to do since last September), as well a new full-screen app mode that comes seven months after Apple’s Lion update added support for the feature. Better late than never, as they always say.

Throw in a new dynamic layout for video calls that puts the current speaker at the top of the window and the ability to combat background noise by fiddling with Automatic Gain Control, and that’s a wrap for the 5.6 update. Mac users will probably want to jump on this one, and fortunately they can download the new version of Skype right here.

This tutorial shows how you can install and run Roundcube webmail (version 0.7.1) web site on a Debian Squeeze or Ubuntu 11.10 system that has nginx installed instead of Apache (LEMP = Linux + nginx (pronounced “engine x”) + MySQL + PHP). Roundcube webmail is a browser-based multilingual IMAP client with an application-like user interface. nginx is a HTTP server that uses much less resources than Apache and delivers pages a lot of faster, especially static files.

This is the Doro 740, announced at Mobile World Congress in Barcelona last week and expected to ship in the summer. While other Android phone manufacturers are struggling to differentiate their phones, this one has no problems: it’s aimed at older folk.

With over 137 million worldwide registered users, Badoo is one of the hottest social networks on the planet. But, with its reputation as a massive hook-up network, Badoo is also one of the most controversial. So my first question to Badoo president Amit Shafrir, when we met recently in San Francisco, was about sex. Are all those 137 million users using Badoo, I asked Shafrir, simply to hook up with each other?

Badoo is where you go to have “fun”, Shafrir told me. That may, of course, involve sex – but it also involves friendship, tourism and just, to quote Sean Parker, “eliminating loneliness”. In fact, in Western Europe and Latin America where Badoo is particularly popular, Shafrir explained, most of its users aren’t using the service for hooking-up. Indeed, it’s only in the English speaking world, he noted, that Badoo is mostly used as a hook-up network.

Whatever the reasons for its remarkable popularity, Badoo is a great business story. According to the London-based Shafrir, the company has realized $150 million in gross sales, mainly off its freemium membership model. So there’s clearly money to be made out of loneliness. But the really interesting question is whether Badoo can lock things up before rival real-time people networks, like Sean Parker’s Airtime, get into this lucrative market.

Daily Mail: Turning the tables on Big Brother: Now internet users can watch who is spying on them

Installing Apache2 With PHP5 And MySQL Support On OpenSUSE 12.1 (LAMP)

LAMP is short for Linux, Apache, MySQL, PHP.
This tutorial shows how you can install an Apache2 webserver on an
OpenSUSE 12.1 server with PHP5 support (mod_php) and MySQL support.

Interesting development with today’s Chrome OS dev update: for the first time in the history of the Chrome OS project, Google’s own CR-48 reference device is not receiving the latest version of their experimental operating system. From the release announcement:

In this post i will show you step by step to install conky and configure this awesome conky script called Conky-Lua in Ubuntu, Linuxmint, debian and Fedora. This howtos has been done in Ubuntu 12.04 LTS Precise Pangolin Beta1.

Marco Ramilli’s Blog: An interesting tool for your SwissKnife

Cisco Zine: Cisco Linksys WAG54GS CSRF Change Admin Password

Armed with four wingtip-mounted Sienar Fleet Systems L-s9.3 laser cannons and a SFS P-s5.6 twin ion engine, the TIE Interceptor has become the scourge of the Rebel fleet, nearly capable of out-running and out-maneuvering the beloved A-wings of Nomad Squadron. Because of [Matt]‘s tireless work, we can now visualize TIE Interceptors on approach with our targeting computers oscilloscopes.

[Matt]‘s oscilloscope visualization of a TIE fighter is a huge improvement on previous scope displays we’ve seen, considering [Matt] used very minimal hardware to display 3D graphics. The build uses an ATMega88 along with a 10-bit DAC to draw lines on the screen. The capacious Mega88 with 8kB of flash and 1kB of SRAM was nearly filled to capacity with [Matt]‘s project; to improve the rendering speed of the display, sine & cosine values are pre-computed and stored in flash along with division tables for common values.

The rotation of the TIE fighter is controlled by a serial connection to [Batt]‘s desktop. It’s a very impressive piece of work that looks like it would fit into the cinematic aesthetic of The Empire Strikes Back. Check out [Matt]‘s video of the TIE rotating in space after the break.

Filed under: Microcontrollers

Whistleblowers may often be praised in the abstract, but Americans ignore or even vilify them when they dare to stir up trouble in their own workplaces.

Red Hat Enterprise Linux NFSv4 Mount Local Denial of Service Vulnerability

When the zombiepocalypse comes you’re not going to want to run out to the store for more ammo. But you can always reload great grandpa’s musket with some homemade gunpowder. All kidding aside, the invention and proliferation of gunpowder had a profound effect on the world. Here you can see just how easy it is to make with chemicals that are common in our modern world.

The two compounds that go into this experiment are ammonium nitrate and potassium chloride. Where can you get your hands on these materials? Instant cold packs use ammonium nitrate and water to start an endothermic reaction. The potassium chloride can be found in the grocery store as a table salt alternative.

The chemicals need to be measured by weight. [William Finucane] didn’t have a digital scale on hand so he made a balance using a wooden ruler, two plastic component drawers, and a Bic lighter as a fulcrum. With approximately equal parts of the two materials he sets about dissolving in water, filtering, and heating of the concoction to produce saltpeter. Combine this with powdered sugar and you’ve got gun powder. Don’t believe that it works? You can see the fiery goodness in the clip after the break.

Flammable and explosive materials are dangerous to work with, so you probably shouldn’t do this yourself. But then again, it can’t be as dangerous as working with thermite.

Filed under: chemistry hacks

Most people today are used to having a nice, intuitive graphical
environment when they sit down to use a computer. Gone are the days of
using a DOS machine or being lucky enough to have a dial-up account at
300 baud on a UNIX mainframe. more>>

ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability

Add-ons have long been the weakest link in the chain of Firefox security. In Firefox 13, Mozilla is to close the gap a little tighter by forcing add-ons to do something they should have been doing all along: Implement ASLR (Address Space Layout Randomization).

ZetaBoards suffers from a cross site scripting vulnerability.

OpenSSL DTLS CVE-2012-0050 Remote Denial of Service Vulnerability