For people who do not know it, there is a not so new (at time of writing) critical vulnerability in almost all recent versions of Windows. You can read the Microsoft advisory here. This vulnerability is extremely dangerous because it can be triggered with no specific action from the user. It can lead to remote code execution, which means that an attacker can execute the code he wants on your computer, without your consent, and with the rights of the user using the computer.

There is currently no patch from Microsoft to fix this problem, and as this bug is being actively exploited in the wild by malicious persons, I strongly suggest that you apply the hotfix that Ilfak Guilfanov made just a few hours ago. He speaks about it on his blog. Download and install the patch from his blog as soon as you can after having read Ilfak's post.

I did not read the source code of the patch very carefully to check if it is good or not, but Ilfak is one of the head developpers of IDA, a very well known disassembler. F-Secure, an antivirus company, recommends applying the patch on its blog. That's why I think that you can trust his hot fix

If you cannot apply the patch for any reason, you should try to protect your computer until a fix from Microsoft is available by following the steps described in Microsoft advisory under the "Suggested actions" tab. Anyway I think that Ilfak's hotfix is better than the fix of Microsoft which is NOT a total fix.

I cannot say it enough: you must do something quickly or you will very likely get some worm or spyware on your computer because of this security flaw.

Why I am publishing this on this blog ? Because what Ilfak made is a huge improvement, as he was able to hack one of Windows core DLLs so as to remove a security vulnerability ! Also because I am involved in computer security discussion groups and I feel concerned about security issues. Finally, I feel some shame because I have been trying this afternoon to modify the shimgvw.dll and I didn't succeed... and this guy did ! (he didn't modify the DLL, instead he modified another part of the system which is used by the exploit) And he did a very good job by preventing any exploitation of the security hole without changing the behavior of the system in normal operation. When I tried to modify the buggy DLL, I wanted to prevent it from recognizing WMF and EMF images: as it will no longer parse these files at all, exploitation would not be possible anymore, and it would not annoy users a lot because WMF/EMF files are not widely used.

Turbokeu's has a very particular fishtank: most of its functions are electronically controlled. Some controllers were made by himself, such as his temperature monitor, and some were bought such as his pH controller. Among the "features" of his tank, and beside the two already listed, there is a timer which controls the light intensity according to time, a CO2 monitor, some pretty plants and, of course, nice fishes.

Several photos are available on his page dedicated to his fishtank, but you could also take a look at his other projects (mostly electronic) on his website ! He made very nice nixie clocks, and a totally outstanding watercooled PC case (yea, i'm a fan...).

The photo in this post is from Turbokeu's fishtank page and is published here with his kind permission.

It's always annoying to have to press a button, while being half asleep, to light up a clock so as to see what time it is at night, if you don't have a clock that permanently generates light to display the time, such as a LED clock would do.

A LED clock ? Yes, like the ones SteveyG made. He made two clocks, the first one being made in only one day.

The two clocks have their own webpages on the bit-tech forum: version 1 and version 2. You may also want to check the led matrix clock here.

Here are some pictures of the different clocks, in this order: version 1, 2, and the matrix LED display.

Pretty cool isn't it ?

The photos in this post are from SteveyG and are published here with his kind permission.

I personnaly don't shut off my computer at night, mainly because I don't like to have to switch it on when I want to use it, because it takes some time to boot. However, there is a concern with this approach: a computer consumes a lot of power, typically more than 200W, and most of this power is transformed into heat. This heat is moved away from the sensitive components of the computer by some fans... and fans make noise. A lot of noise.

This noise if obviously a problem when you try to sleep with the computer a few meters away. As Thomas (callsign OZ2CPU), a radioamateur from Denmark says about his computer on his homemade watercooling page,

"With air cooling (using fans) it is not possible to fall asleep :-)"

Thomas made an elegant watercooling system for his PC. Almost every heat-generator component is watercooled, from the processor to the graphic accelerator chipset, including the power supply unit of the PC. And unlike other watercooling systems, he didn't need a fan for the radiator, which cools down the water. The only moving part of his system is the pump that generates the necessary water flow. The good thing with this pump is that it could actually be moved in another room if it were making too much noise !

See how well finished is the waterblock of his graphic accelerator card...

Thomas can now afford sleeping without having to turn off his computer. He made a 4 channel temperature monitor (also homemade !) and he made some benchmark of his watercooling system which turned out to be very efficient.

The homemade temperature monitor looks rather good !

Maybe I should make my own watercooling too... Will you do so ? You have all the necessary informations on his website, which also presents other of his interesting projects !

Note: this post wouldn't be complete if I didn't post a link to the Zero Fan Zone !

The photos in this post are from OZ2CPU's website and are published here with his kind permission.

I don't happen to find interesting websites each day. However, I do have some favorites, and I will start by publishing these.

There are some fearless dudes on the Internet that play with mains voltage, and who creates usefull and... useless things. One of them is the so called Big Clive, who shows on his website (http://www.bigclive.com), in the "Things to make and do" section, some of his creations.

It was rather hard to choose one of his inventions, but I will speak about the Joule Thief (which is an useful invention !). These days we are having more and more environnemental problems, and we try hard to reduce the power we use. One challenge is to light up our houses at night, without using kilowatts of power. New technologies appeared in the last decades, and they have been improved a lot since their creation. One of them is the fluorescent lamp technology. Fluorescent lamps are efficient, but their life is limited, from 6000 and up to 20000 hours (according to Sylvania website, one of the most known brand for fluorescent lamps - link)

There is a new technology that is becoming more and more popular as it improved: the LED technology. LED stands for Light Emitting Diode: a LED is a diode, a simple electronic component, that can emit light when a current flows through it. Some brands like Nichia, Lumileds and others have created very bright LED lamps, but they sometimes require a high voltage (electronically speaking) that can be hard to obtain especially from tiny battery powered devices. LEDs have important advantages over the other technologies: they do not waste a lot of power into heat, and they can last for long ! For example, some Lumileds models can last up to 100000 hours.

Big Clive adapted a small electronic circuit he has found in an electronic engineering magazine to fit in a small, common bulb, which light up thousands of models of portable lamps. This circuit allows the incandescent filament to be replaced by a LED, and it is so small that it can fit into the bulb itself ! Using this clever improvement, one can easily convert a power-wasting incandescent torch into an efficient LED-based torch that will last much longer than the original, unmodified torch with the same battery. Big Clive called his invention the Joule Thief because it is so efficient that it can light up a LED from a nearly totally discharged battery !

Read more about this invention at Big Clive's website here.

The two photos in this post are from Big Clive's website and are published here with his kind permission.