Homebrew Doorknob Caps for High-Voltage Fun
By Dan Maloney
Mouser and Digi-Key are great for servicing most needs, and the range of parts they offer is frankly bewildering. But given the breadth of the hardware hacking community’s interests, few companies could afford to be the answer to everyone’s needs.
That’s especially true for the esoteric parts needed when one’s hobby involves high voltages and homemade lasers, like [Les Wright]. He recently came up with a DIY doorknob capacitor design that makes the hard-to-source high-voltage caps much easier to obtain. We’ve seen [Les] use these caps in his transversely excited atmospheric (TEA) lasers, a simple design that uses high-voltage discharge across a long, narrow channel filled with either room air or nitrogen. The big ceramic caps are needed for the HV supply, and while [Les] has a bunch, they’re hard to come by online. He tried a follow-up using plain radial-lead ceramic capacitors, and while the laser worked, he did get some flashover between the capacitor leads.
[Les]’s solution was to dunk the chunky caps in acetone for a week or so to remove their epoxy covering. Once denuded, the leads were bent into a more axial configuration and soldered to brass machine screws. The dielectric slug is then put in a small section of plastic tubing and potted in epoxy resin with the bolts protruding from each end. The result is hard to distinguish from a genuine doorknob cap; the video below shows the build process as well as some testing.
Hats off to [Les] for taking pity on those of us who want to replicate his work but find ourselves without these essentials. It’s nice to know there’s a way to make unobtanium parts when you need them.
[Kevin]’s build manages 12-note polyphony, an impressive feat for the ATmega328 at the heart of the Arduino Uno. It’s done by running an interrupt on a timer at a steady rate, and implementing 12 counters, one per note. When a counter overflows, a digital IO pin is flipped. This outputs a square wave at a certain pitch on the IO pin, producing the given note. The outputs of 12 digital IO pins are mixed together with a simple resistor arrangement, producing a basic square wave synth. Tuning isn’t perfect, but [Kevin] notes a few ways it could be improved down the line.
If you want to move a pen (or a CNC tool, or a 3D printing hot end) in the X and Y plane, your choices are typically pretty simple. Many machines use a simple cartesian XY motion using two motors and some sort of linear drive. There’s also the core-XY arrangement where two motors move belts that cause the head to travel in two directions. Delta printers use yet another arrangement, but one of the stranger methods we’ve seen is the dual disk polar printer which — as its name implies — uses two rotating disks.
The unique mechanism uses one motor to rotate a disk and another motor to rotate the entire assembly. The print head — in this case a pencil — stays stationary. as you can see in the video below.
We’ve often thought of using a rotary Z axis for 3D printing, although that would take some approximation math since each layer would really be a spiral depending on where you were in the rotation. However, that doesn’t help you if you wanted to make a plotter or other flat machine like a laser engraver. This setup would work for those cases, but we aren’t sure if there is any real benefit compared to existing schemes. Except that it looks cool in motion.
Practical Sensors: The Many Ways We Measure Heat Electronically
By Al Williams
Measuring temperature turns out to be a fundamental function for a huge number of devices. You furnace’s programmable thermostat and digital clocks are obvious examples. If you just needed to know if a certain temperature is exceeded, you could use a bimetalic coil and a microswitch (or a mercury switch as was the method with old thermostats). But these days we want precision over a range of readings, so there are thermocouples that generate a small voltage, RTDs that change resistance with temperature, thermistors that also change resistance with temperature, infrared sensors, and vibrating wire sensors. The bandgap voltage of a semiconductor junction varies with temperature and that’s predictable and measurable, too. There are probably other methods too, some of which are probably pretty creative.
You can often think of creative ways to do any measurement. There’s an old joke about the smart-alec student in physics class. The question was how do you find the height of a building using a barometer. One answer was to drop the barometer from the top of the building and time how long it takes to hit the ground. Another answer — doubtlessly an engineering student — wanted to find the building engineer and offer to give them the barometer in exchange for the height of the building. By the same token, you could find the temperature by monitoring a standard thermometer with a camera or even a level sensor which is a topic for another post.
The point is, there are plenty of ways to measure anything, but in every case, you are converting what you want to know (temperature) into something you know how to measure like voltage, current, or physical position. Let’s take a look at how some of the most interesting temperature sensors accomplish this.
Thermocouples take advantage of something called the Seebeck effect. When two dissimilar metals form a junction and experience a temperature gradient, an electric potential forms. The key is that it is a gradient in temperature that makes the device work. Thermocouples have a hot junction and a cold junction. If you want to measure temperature, you need a reference junction. As an aside, the effect works in reverse — the Peltier effect — where passing current through a pair of junctions makes one side hot and the other one cold.
In the old days, you’d plunge the cold junction into a bucket of ice. Today, it is more likely that you’ll use another method to get the temperature of the cold junction and then compensate. There are chips that will do that for you, of course.
Why not just use the other method to start with? Thermocouples have several advantages. For one thing, you can measure up to a few thousand degrees with one. Since they are just two pieces of wire, they are robust and reliable. In hot or harsh environments, they are easy to manage and, usually, at the cold end you have a little nicer environment.
The downside is that the temperature reading is not linear. You’ll see different types of thermocouples and each type uses two different wire materials. The type tells you what calibration curve to use and, of course, you select the metal for the application you need. For example, a type J uses iron as one of the two wires and a type T uses copper.
Thermocouples that measure infrared from a distance are known as thermopiles. These are common in non-contact thermometers and passive IR (PIR) sensors. A PIR sensor detects the difference in temperature between two sensors and infers that something has changed in the field of view.
There are several different types of material that can exhibit temperature changes with resistance. The biggest factor is if the device has a positive or negative temperature coefficient. In other words, does the resistance go up or down in response to a change in temperature?
Most of these devices are also non-linear, but they are also inexpensive and easy to use. You can measure the resistance using any method you like. A common technique is to use the resistor as part of a voltage divider or bridge and measure the output voltage. However, if you’d rather not tie up an analog input, you can connect the resistor to a capacitor and measure the time it takes to charge.
Thermistors are slightly different in construction from resistance temperature detectors, or RTDs. Usually, thermistors have less hysteresis and self-heating problems than the metal-based (often platinum) RTDs. However, in either case, you’ll have to measure resistance and fit it to a curve to get the real temperature.
Reading thermistors is a very common operation and there are a lot of tricks people have developed over the years. You can also spend math processing to get better curve fits, or do simple math and get less accuracy.
Semiconductor Junctions and Accidental Sensors
The bandgap voltage of semiconductor material varies predictably with temperature. If you ever get deep into solid state design, you’ll see the T term in the diode equation and all its manifestations. It is no surprise, then, that a lot of ICs use this property for sensing temperature.
Some chips are made to be temperature sensors. For example, the common LM34 and LM35 chips exploit this property with some additional circuits to provide a nice 10mV per degree (the LM34 measures Farhenheit and the LM35 measures Celcius). That makes them very easy to use.
Some chips, like the CPU in your PC, use the same method to measure internal temperature for reporting and thermal management. However, there are other ways non-temperature sensor ICs can measure temperature.
It turns out, almost all of our circuits are sensitive to temperature in some way. Measuring the internal clock of a CPU against an external reference can show temperature-induced changes.
There are a multitude of other ways to measure temperature. For example, a vibrating wire sensor uses what amounts to a guitar string. The measurement involves exciting the string and detecting the frequency of vibration. As the supporting structure shrinks and expands with temperature changes, the tone of the string changes.
You can get an approximate temperature in degrees Fahrenheit by counting the number of chirps crickets make. Count the number of chirps in 15 seconds and then add 37. It wouldn’t surprise me if someone’s done that in some obscure instrument. [Kevin] in Terra Haute says the number is 40 in the video below, and not 37, but I guess it isn’t an exact science.
Of course, an increasingly common way to measure temperature is to use some form of smart sensor. A module or IC can use any of the methods we’ve talked about, convert it to engineering units, and send the data over something like an I2C bus. This is a level abstraction, but you still ought to understand the underlying benefits and limitations involved with the sensor you want to use.
While there may be more, there aren’t any other common techniques for measuring temperature. But there are still lots of sensors left to talk about in future articles.
Hackaday Podcast 106: Connector Kerfuffle, Tuning Fork Time, Spinach Contact Prints, and Tesla’s Permanent Memory
By Mike Szczys
Hackaday editors Elliot Williams and Mike Szczys recount the coolest hacks from the past week. Most clocks keep time with a quartz crystal, but we discuss one that uses a tuning fork… like the kind you use to tune a piano. Ghidra is a powerful reverse engineering tool developed by the NSA that was recently put to good use changing an embedded thermometer display from Celsius to Fahrenheit. We talk turkey on the Texas power grid problems and Tesla’s eMMC failures. And of course there’s some room for nostalgia as we walk down memory lane with the BASIC programming language.
Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!
Custom Inlaid Retro Keycaps: Clay is the Way
By Kristina Panos
They say experience is the best teacher, and experience tells us they are right. When [Thomas Thiel] couldn’t find any resources about re-creating the groovy ‘caps of thocky old keebs like the Space Cadet and the C64 (or find any to buy), it was time for a little keycap experimentation.
These babies are printed in black resin and the inlay is made with white air-dry clay. After printing, they are sprayed with acrylic, and then [Thomas] works a generous amount of clay into the grooves and seals the whole thing with clear spray. [Thomas] soon figured out that the grooves had to be pretty deep for this to work right — at least 1 mm. And he had better luck thick fonts like Arial Black instead of thin fonts.
Of course, as [Thomas] mentions, you’re not restricted to white or even air-dry clay. You could go nuts with colored clay and make a retro-RGB clackable rainbow.
This Week in Security: ISNs, Patch Tuesday, and Clubhouse
By Jonathan Bennett
Let’s talk TCP. Specifically, how do the different TCP connections stay distinct, and how is a third party kept from interrupting a connection? One of the mechanisms that help accomplish this feat is the TCP sequence number. Each of the two endpoints of a TCP connection tracks an incrementing 32-bit number, corresponding to the bytes sent in the connection. It’s handy, because each side can use that value to track what parts of the data stream they have received. On missing packets, a message can be sent requesting bytes 7-15 to be resent, for instance.
Each side of the connection sets their own Initial Sequence Number (ISN), and it’s important that this number is unique, as collisions can cause stream confusion. That statement should make your security spidey sense tingle. If a collision can cause problems when it happens by chance, what can a hacker do with it intentionally? Potentially quite a bit. Knowing the current sequence number, as well as a couple other pieces of information, a third party can close a TCP stream or even inject data. The attack has been around for years, originally known as the Mitnick Attack. It was originally possible because TCP implementations used a simple counter to set the ISN. Once the security ramifications of this approach were understood, the major implementations moved to a random number generation for their ISNs.
Now to this week’s story: researchers at Forescout took the time to check 11 TCP/IP stacks for vulnerability to the old Mitnick Attack (PDF Whitepaper). Of the eleven embedded stacks texted, nine have serious weaknesses in their ISN generation. Most of the vulnerable implementations use a system time value as their ISN, while several use a predictable pseudorandom algorithm that can be easily reversed.
CVEs have been assigned, and vendors notified of “NUMBER:JACK”, Forescout’s name for the research. Most of the vulnerable software already has patches available. The problem with embedded systems is that they often never get security updates. The vulnerable network stacks are in devices like IP cameras, printers, and other “invisible” software. Time will tell if this attack shows up as part of a future IoT botnet.
Microsoft Patch Tuesday
Last week, Microsoft released their monthly round-up of patches, and there are a few interesting bugs. CVE-2021-24074 is a potential RCE resulting from improper handling of source routing packets. “Source routing” is one of the mostly forgotten IP options, though it does see some use in niche applications. Packets using this option are generally blocked by routers and security devices, making it essentially impossible to send such packets over the public internet. Windows clients also block these packets, but generate an ICMP response when such a packet is blocked. Reading between the lines, it seems that the vulnerability is triggered by the process of building the ICMP response. (Not a new problem) The patch is available, as is a simple workaround: simply dropping the incoming packets without a response.
Two other CVEs are potentially notable, though there is even less information available about them. CVE-2021-24078 is a wormable vulnerability in the Windows DNS server. Thankfully a server is only vulnerable if the DNS component has been turned on. The other is CVE-2021-26701, a rather vague “.NET Core Remote Code Execution Vulnerability”. It has a severity rating of critical, and Microsoft has indicated that the details are known in the wild.
Clubhouse Security Growing Pains
You may have heard that Clubhouse is the new social media flash-in-the-pan. Or, maybe it will stick around, who knows. If you haven’t looked into it, Clubhouse is something of an audio chatroom, where a celebrity or teacher can have a conversation with an audience. It’s still prelaunch, and there are already eight million downloads. As you might imagine, this success has put Clubhouse on the radar of security researchers, like the folks at Zerforschung. It seems that Clubhouse is built on the Agora.io platform, and the attack here is to talk directly to Agora.io rather than go through the Clubhouse app. The results? The attacker can leave the room, but maintain the connection to the backend. The username disappears, but still receives audio, and can even speak into the room. This breaks the ability to put a room into single-speaker mode and makes ejecting a user impossible.
Telegram Self-Destruct Messages
The problem? They aren’t actually destructed. [Dhiraj Mishra] did his research on the MacOS version of Telegram, and discovered that audio and video files sent in a self-destruct message is still available on the computer hard drive, even after the message timer has expired. For extra pwnage, this version of Telegram also stores the passcode in plaintext in some cases. Both issues have been fixed, so make sure you update if you use Telegram on MacOS.
More NPM Dependency Confusion
Last week we covered [Alex Birsan]’s dependency confusion attack, where a package can be uploaded to NPM that uses the name of a private package. If a company has their build system misconfigured, the public package can be pulled into the final build instead of the intended private package. Since [Alex] publicly announced the attack, nearly 300 such packages have been uploaded to NPM taking advantage of this technique. Note these are the packages that have been discovered, there are almost certainly more packages that are out there, but are yet to be discovered. [Alex] pointed out that some of these are likely other researchers aiming for bug bounties, but there might even be some legitimately malicious packages in the mix.
We’ll do our best to keep you up to date on these stories, and the rest that pop up each week, so stay tuned!
The Raspberry Pi Pico Can’t Run Linux. But It Can Run FUSIX.
By Jenny List
The great divide in terms of single board computers lies between those that can run some form of Linux-based distribution, and those that can not. For example the Raspberry Pi Zero is a Linux board, while the Raspberry Pi Pico’s RP2040 processor lacks the required hardware to run everybody’s favourite UNIX-like operating system. That’s not to say the new board from Cambridge can’t run any UNIX-like operating system though, as [David Given] shows us with his FUSIX port.
FUSIX is a UNIX-like operating system for less capable processors, more in the spirit of those original UNIXes than of a modern Linux-based distribution. It’s the work of the respected former Linux kernel developer and maintainer [Alan Cox], and consists of a kernel, a C compiler, and a set of core UNIX-like applications.
The RP2040 port maybe needs a little more work to be considered stable. For now, the multitasking support isn’t quite there and NAND flash support is broken, but it does have SD card support for a proper UNIX filesystem and the full set of core tools. Perhaps most interestingly, it only occupies a single core of the dual-core chip, leaving the possibility of the other core and those PIOs to be used for other purposes.
FUSIX has made the occasional appearance here over the years, but perhaps not as often as it should. If you’d like to learn a little more about the genesis of UNIX, we took a look in 2019.
Smart switches are fun, letting you control lights and appliances in your home over the web or even by voice if you’re so inclined. However, they can make day-to-day living more frustrating if they’re not set up properly with regards to your existing light switches. Thankfully, with some simple wiring, it’s possible to make everything play nice.
The method is demonstrated here by [MyHomeThings], in which an ESP8266 is used with a relay to create a basic smart switch. However, it’s wired up with a regular light switch in a typical “traveller” multiway switching scheme – just like when you have two traditional light switches controlling the same light at home. To make this work with the ESP8266, though, the microcontroller needs to be able to know the current state of the light. This is done by using a 240V to 3.3V power supply wired up in parallel with the light. When the light is on, the 3.3V supply is on. This supply feeds into a GPIO pin on the ESP8266, letting it know the light’s current state, and allowing it to set its output relay to the correct position as necessary.
A lot of us have nostalgia for our childhood toys, and as long as they’re not something like lawn darts that nostalgia often leads to fun upgrades since some of us are adults with industrial-sized air compressors. Classics like Super Soakers and Nerf guns are especially popular targets for improvements, and this Nerf machine gun from [Emiel] is no exception.
The build takes a Nerf ball-firing toy weapon and basically tosses it all out of the window in favor of a custom Nerf ball launching rifle. He starts with the lower receiver and machines a pneumatic mechanism that both loads a ball into the chamber and then launches it. This allows the rifle to be used in both single-shot mode and also in fully-automatic mode. From there, a barrel is fashioned along with the stock and other finishing touches.