How to build a music-box for children

2 January 2021

The Tonibox is a music player for children. They can simply place figures on the box and depending on the figure, a corresponding audio book is then played. I like this concept and since my child loves audio books, I am going to build such a box.

Note: I never had an original Tonibox in my hands. So I don’t know about it’s exact features and also don’t know how it really works. This article simply describes how I would build such a device.

Read more..
Happy New Year 2021

31 December 2020

Happy new year! The last one was intense, let’s see what’s comming. For this blog, I hope more content. And for my readers, just the best!

Read more..
Sixth Anniversary

7 November 2020

This blog turned 6 years old. Unbelievable! I would like to thank all the people who read my articles.

Read more..
RIAA took down youtube-dl

26 October 2020

Few days ago the popular content download software “youtube-dl” was taken down by RIAA. They left a notice in the GitHub-Repository that youtube-dl violates copyrights. In my opinion this is a shame. With youtube-dl it was possible to download any content from youtube. That means you were also able to legally download content that was not protected by any content license. If we start to take down youtube-dl because we could also use it to download content illegally, then we should also take down all the browsers. We could also use browsers to illegally download content.

Read more..

10 July 2020, one of the best “alternative” social media platforms of the entire internet, will shutdown and discontinue. I don’t have a facebook or twitter account, but I really loved that I’ll miss it. The following message is from the soup-kitchen:

Read more..
Creative Contact Form: Directory Traversal (CVE-2020-9364)

9 March 2020

Identifier: AIT-SA-20200301-01
Target: Creative Contact Form (for Joomla)
Vendor: Creative Solutions
Version: 4.6.2 (before Dec 03 2019)
CVE: CVE-2020-9364
Accessibility: Remote
Severity: High
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)


Creative Contact Form is a responsive jQuery contact form for the Joomla content-management-system.

Read more..
OpenVPN: updating /etc/resolv.conf

26 December 2019

OpenVPN comes with example-scripts to update /etc/resolv.conf using “resolvconf” or systemd-resolvconf. I don’t use one of them therefore I modified the script so that it simply changes /etc/resolv.conf directly. I placed a variable “IMMUTEABLE” in this script. If IMMUTEABLE is set to 1, this script will change the fileattribute of /etc/resolv.conf to immuteable. In that way it is possible to prevent other programms like dhcp-clients to change /etc/resolv.conf while openvpn is running. I know, it’s a little bit hacky, but it works for me. The full source can be downloaded at

Read more..
HackADay: A Christmas-Machine(Merry Christmas)

21 December 2019

This year I want to send you merry christmas by creating a blog-entry for a raspberry pi christmas project. The “christmas-machine” displays merry christmas and wishes for the “christkind” on a tft display for the raspberry. It is possible to send christmas wishes using a web applications that can be accessed via wifi. I placed this installation at the coffee-kitchen in the office and it was very nice to see that my colleges had a lot of fun with it.

Blesses for “Brother Patrick” who spent me that wonderful Joy-IT TFT display.

Read more..
BSides 2019: Code diving for pop chains

11 December 2019

bsides vienna 2019 talk

I gave a talk at the BSides 2019 Vienna about PHP Object Injection. Here is the abstract of this talk:

Read more..
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti