Waveshare’s Pi CM3 Laptop Arrives a Bit Too Late

The good news it that you can now buy a pretty decent laptop that’s based around the Raspberry Pi Compute Module (CM). The bad news is that it was conceived before anyone knew the interface was going to change for the new CM4, so it doesn’t have any of the features that would make it really interesting such as support for PCI-Express. Oh, and it costs $300 before you even factor in buying the CM3.

Waveshare, the company that most of us know best as a purveyor of e-paper displays, also made some rather interesting design choices on their laptop. See that black pad under the keyboard? No, it’s not a trackpad. It’s just a decorative cover that you remove to access an LED matrix and GPIO connectors. Make no mistake, a laptop that features a GPIO breakout right on the front is definitely our jam. But the decision to install it in place of the trackpad, and then cover it with something that looks exactly like a trackpad, is honestly just bizarre. It might not be pretty, but the Pi 400 seemed to have solved this problem well enough without any confusion.

Cm3laptop DetailOn the other hand, there seems to be a lot to like about this product. For one, it’s a very sleek machine that doesn’t have the boxy and somewhat juvenile look that seems so common in other commercial Pi laptops. We also like that Waveshare included a proper Ethernet jack, something that’s becoming increasingly rare even on “real” laptops. As [ETA PRIME] points out in the video after the break, the machine also has a crisp IPS display and a surprisingly responsive keyboard. Though the fact that it still has a “Windows” key borders on being offensive considering how much it costs.

But really, the biggest issue with this laptop is when it finally hit the market. If Waveshare had rushed this out when the CM3 was first introduced, it probably would have been a more impressive technical achievement. On the other hand, had they waited a bit longer they would have been able to design it around the far more capable CM4. As it stands, the product is stuck awkwardly in the middle.

[Thanks to Sathish for the tip.]

source https://hackaday.com/2020/12/03/waveshares-pi-cm3-laptop-arrives-a-bit-too-late/

Hot Wire Foam Cutter Does Circles, Too

Foam is all kinds of useful, but trying to cut it with scissors or a serrated plastic knife is usually an exercise in futility. What you really need is a hot wire for nice clean cuts. [Elite Worm] built a hot wire foam cutter that can cut any type of foam with ease, be it Styrofoam or grey craft foam.

Foam Cutter GutsThere are a ton of ways to heat up a taut piece of nichrome wire, but few of them are as good looking as this one. [Elite Worm] designed and printed a table with an adjustable fence so it can be used like a table saw. There is also a circle-cutting jig that looks really handy.

This design uses a 12 V power regulator to heat up a piece of tension-adjustable nichrome wire for buttery smooth cuts. This thing looks fantastic all the way down to the cable management scheme. All the files are available on Thingiverse if you want to build one for yourself, but you’ll need to use something other than PLA.

This wire cutter is pretty versatile, but you could go even smaller with a handheld version, or build a larger, CNC-based machine.

source https://hackaday.com/2020/12/02/hot-wire-foam-cutter-does-circles-too/

Hot Wire Foam Cutter Does Circles, Too

Foam is all kinds of useful, but trying to cut it with scissors or a serrated plastic knife is usually an exercise in futility. What you really need is a hot wire for nice clean cuts. [Elite Worm] built a hot wire foam cutter that can cut any type of foam with ease, be it Styrofoam or grey craft foam.

Foam Cutter GutsThere are a ton of ways to heat up a taut piece of nichrome wire, but few of them are as good looking as this one. [Elite Worm] designed and printed a table with an adjustable fence so it can be used like a table saw. There is also a circle-cutting jig that looks really handy.

This design uses a 12 V power regulator to heat up a piece of tension-adjustable nichrome wire for buttery smooth cuts. This thing looks fantastic all the way down to the cable management scheme. All the files are available on Thingiverse if you want to build one for yourself, but you’ll need to use something other than PLA.

This wire cutter is pretty versatile, but you could go even smaller with a handheld version, or build a larger, CNC-based machine.

source https://hackaday.com/2020/12/02/hot-wire-foam-cutter-does-circles-too/

Smart Screen Heal Thyself

The Korea Institute of Science and Technology (KIST) have announced a transparent, self-healing polyimide material designed for smart phone screens. A KIST team from the Composite Materials Applications Research Center led by Dr Yong-chae Jung and a team at Yonsei University’s Electronics Materials Lab led by Dr Hak-soo Han collaborated on this project. While the goal was to improve the material used in folding smart phone screens, the results seem applicable to all glass screens that are prone to cracks and scratches.

This new material can heal itself in 12 hours at room temperature, even faster under UV light. As we understand it, many micro-balloons of flaxseed oil are impregnated on the surface and break open if the material is damaged. Thus liberated, the oil is now free to flow into and fill up the cracks. We imagine it’s like repairing windshield cracks, but on a much smaller scale.

The idea is to eliminate the need for user-added screen protection films and increase the life of your phone screen. But cynical people might wonder if smart phone manufacturers will embrace this new technology with much enthusiasm — after all, if people use their phones longer it might cut into sales. Those with access to academic journals can read the report here.

source https://hackaday.com/2020/12/02/smart-screen-heal-thyself/

Fridge Compressor Turned into Capable Little Four-Stroke Engine

Never underestimate the power of a well-stocked junk bin. Along with a TIG welder and mechanical ingenuity bordering on genius-level, all of which come to bear on this fridge compressor to four-stroke engine build.

The video posted by [Let’s Learn Something] is long, but watching it at double speed doesn’t take away much from the enjoyment. By using a piston-type compressor, a lot of the precision machining is already taken care of here. Adding the intake and exhaust valves, camshaft, timing chain, carburetor, and ignition system are still pretty challenging tasks, though. We loved the home-made timing chain sprockets, made with nothing more than a drill and an angle grinder. In a truly inspired moment, flat-head screws are turned into valves, rocker arms are fabricated from bits of scrap, and a bolt becomes a camshaft with built-up TIG filler. Ignition and carburetion are cobbled together from more bits of scrap, resulting in an engine that fired up the first time — and promptly melted the epoxy holding the exhaust header to the cylinder head.

Now, compressor-to-engine conversions aren’t exactly new territory. We’ve seen both fridge compressors and automotive AC compressors turned into engines before. But most of what we’ve seen has been simple two-stroke engines. We’re really impressed with the skill needed to bring off a four-stroke engine like this, and we feel like we picked up quite a few junk-box tips from this one.

Thanks to [Eric Mockler] for this tip.

source https://hackaday.com/2020/12/02/fridge-compressor-turned-into-capable-little-four-stroke-engine/

European Right To Repair: Poor Repairability Shamed With Rating System

Happily the right to repair movement is slowly gaining ground, and recently they’ve scored a major success in the European Parliament that includes a requirement that products be labelled with expected lifetime and repairability information, long-term availability of parts, and numerous measures aimed at preventing waste.

… including by requiring improved product information through mandatory labelling on the durability and reparability of a product (expected lifetime, availability of spare parts, etc.), defining durability and reparability as the main characteristics of a product…

Even the UK, whose path is diverging from the EU due to Brexit, appears to have a moment of harmony on this front. This builds upon existing rights to repair in that devices sold in Europe will eventually have to carry a clearly visible repair score to communicate the ease of repairability and supply of spare parts, making a clear incentive for manufacturers to strive for the highest score possible.

We live in an age in which our machines, appliances, and devices are becoming ever more complex, while at the same time ever more difficult to repair. Our community are the masters of fixing things, but even we are becoming increasingly stumped in the face of the latest flashy kitchen appliance or iDevice. The right to repair movement, and this measure in particular, seeks to improve the ability of all consumers, not just us hackers, to makebuying decisions for better products and lower environmental impact.

With a population of around 450 million people spread across 27 member countries, the EU represents a colossal market that no manufacturer can afford to ignore. Therefore while plenty of other regions of the planet have no such legislation this move will have a knock-on effect across the whole planet. Since the same products are routinely sold worldwide it is to be expected that an improvement in repairability for European markets will propagate also to the rest of the world. So when your next phone has a replaceable battery and easier spares availability, thank the EU-based right to repair campaigners and some European lawmakers for that convenience.

European Parliament from EU, CC BY 2.0.

source https://hackaday.com/2020/12/02/european-right-to-repair-poor-repairability-shamed-with-rating-system/

A Straightforward Guide To Unlocking The Nintendo Game And Watch

Nintendo’s reborn tiny handheld game has certainly attracted the attention of hardware hackers, and we’ve been treated to a succession of exploits as its secrets have been one by one unlocked. With relatively straightforward hardware it conceals potential far beyond a simple Mario game or two, and it’s now at the stage of having a path to dumping both its SPI Flash and internal Flash, unlocking its processor, and running arbitrary code. The process of unlocking it is now atraightforward enough to warrant a HOWTO video, to which [stacksmashing] has treated us. It’s early days and this is still touted as for developers rather than gamers, but it serves to show where work on this console is going.

The console’s STM32 architecture means that programming hardware is straightforward enough to find, though we’re cautioned against using the cheap AliExpress type we might use with a Blue Pill or similar. Instead the snap-off programmer that comes with an STM Nucleo board is a safer choice that many people are likely to have already.

The relative simplicity of the process as seen in the video below must conceal an immense amount of work from multiple people. It’s a succession of scripts to sequentially unlock and back up the various firmwares with STM payloads for each step. Finally the STM32 itself is unlocked, and the backed-up Nintendo firmware can be returned to the device or instead a custom firmware can be created. Aside from the DOOM we’ve already seen there are work-in-progress NES and Game Boy emulators, and fascinatingly also work on bare-metal games.

Given the lack of custom chips in this console it is easily possible that its hardware could be directly cloned and that Nintendo might have unintentionally created a new general purpose hacker’s handheld gaming platform. There are a few hardware works-in-progress such as increasing the SPI Flash size and finding the unconnected USB pins, so we look forward to more exciting news from this quarter.

source https://hackaday.com/2020/12/02/a-straightforward-guide-to-unlocking-the-nintendo-game-and-watch/

Diaphragm Air Engine

One of the tricky parts of engineering in the physical world is making machines work with the available resources and manufacturing technologies. [Tom Stanton] has designed and made a couple of air-powered 3D printed engines but always struggled with the problem of air leaking past the 3D-printed pistons. Instead of trying to make an air-tight piston, he added a rubber membrane and a clever valve system to create a diaphragm air engine.

Diaphragm Air Engine
This GIF is worth 115 words

A round rubber diaphragm with a hole in the center creates a seal with the piston at the top of its stroke. A brass sleeve and pin protrude through the diaphragm, and the sleeve seals create a plug with an o-ring, while the pin pushes open a ball which acts as the inlet valve to pressurize an intermediate chamber. As the piston retracts, the ball closes the inlet valve, the outlet valve of the intermediate chamber is opened, forcing the diaphragm to push against the piston. The seal between the piston and diaphragm holds until the piston reaches its bottom position, where the pressurized air is vented past the piston and out through the gearbox. For full details see the video after the break.

It took a few iterations to get the engine to run. The volume of the intermediate chamber had to increase and [Tom] had to try a few different combinations of the sleeve and pin lengths to get the inlet timing right. Since he wanted to use the motor on a plane, he compared the thrust of the latest design with that of the previous version. The latest design improved efficiency by almost 200%. We look forward to seeing it fly!

Most of our regular readers have seen [Tom]’s array of flying machines, and he has also tested alternative power sources like kinetic energy stored in a flywheel.

source https://hackaday.com/2020/12/02/diaphragm-air-engine/

Extracting A Gate From AMD and Intel

The competition between Intel and AMD has been heating up in the last few years as Intel has released chips fabbed with their 14nm++ process and AMD has been using TMSC’s 7nm process. In the wake of the two semiconductor titans clashing, a debate between the merits of 14nm++ and 7nm has sprung up with some confusion about what those numbers actually measure. Not taking either number at their face value, [der8auer] decided to extract a transistor from both Intel’s and AMD’s latest offerings to try and shed some light.

Finfet Game Diagram
Courtesy of WERBEVIDEO

Much of the confusion comes from the switch to the FinFET process. While older planar transistors could be thought of as largely 2d structures, FinFET’s are three dimensional. This means that the whole vertical fin can act as a gate, greatly reducing leakage. It is this fin or gate that [der8auer] is after. On each chip, a thin sliver from the L1 cache was chosen as caches tend to be fairly homogenous sections with transistors that are fairly indicative of the rest of the chip. Starting with a platinum gas intersecting with a focused ion beam on the surface of the chip, [der8auer] built a small deposit of platinum over several hours. This deposit protects the chip when he later cut it at an angle, forming a small lamella 100 micrometers long. In order for the lamella to be properly imaged by the scanning electron microscope, it needed to be even thinner (about 200 to 300nm).

Eventually, [der8auer] was ultimately able to measure the gate height, width, spacing, and other aspects of these two chips. The sheer amount of engineering and analysis that went into this project is remarkable and we love the deep dive into the actual gates that make up the processors we use. If you’re looking for a deep dive into the guts of a processor but perhaps at a more macro scale, why not learn about a forgotten Intel chip from the 1970s?

Thanks [paulvdh] for sending this one in!

source https://hackaday.com/2020/12/01/extracting-a-gate-from-amd-and-intel/

Watercooling A Canon DSLR Leads To Serious Engineering Upgrades

The Canon EOS R5 is a highly capable, and correspondingly very expensive, DSLR camera. Capable of recording video in 8K in a compact frame size, it unfortunately suffers from frustrating overheating issues. Always one to try an unconventional solution to a common problem, [Matt] decided to whip up a watercooling solution. What ensues is pure, top-notch engineering.

I Watercooled My Camera 13 37 Screenshot
The watercooling setup is amusing, but the real star of the show is the custom copper heatsink that transforms the camera’s performance without spoiling its practicality.

Upon its original release, Canon had the R5 camera simply shut off on a 20 minute timer when recording 8K video. When the userbase complained, an updated firmware was released that used an onboard sensor and would only shutdown when excessive temperatures were reached. Under these conditions, the camera could record for around 25 minutes at 20 °C. [Matt] set about disassembling the camera to investigate, figuring out that the main processor was the primary source of heat. With a poor connection to its heatsink and buried under a power supply PCB, there simply wasn’t anywhere for heat to go, leaving the camera to regularly overheat and take hours to cool down.

After whipping up an amusing but impractical watercooling solution and verifying it allowed the camera to record indefinitely, [Matt] set about some proper thermal engineering. A custom copper heatsink was produced for inside the camera, bonded directly to the processor and DRAM with thermal paste instead of poor-quality thermal tape. This then directs heat out through the plastic back of the camera. In cool environments, this is enough to allow the camera to record continuously. In warmer environments, simply adding a small fan to the back of the camera was enough to keep things operational indefinitely.

[Matt] finishes the video by pointing out that Canon could have made the camera far more useful for videographers by simply investing a little more time into the camera’s cooling design, while also generating more profits by selling a cooling accessory for extended recording. We’ve seen some of [Matt’s] work before too, such as this DIY 4K projector build. Video after the break.

source https://hackaday.com/2020/12/01/watercooling-a-canon-dslr-leads-to-serious-engineering-upgrades/

Watercooling A Canon DSLR Leads To Serious Engineering Upgrades

The Canon EOS R5 is a highly capable, and correspondingly very expensive, DSLR camera. Capable of recording video in 8K in a compact frame size, it unfortunately suffers from frustrating overheating issues. Always one to try an unconventional solution to a common problem, [Matt] decided to whip up a watercooling solution. What ensues is pure, top-notch engineering.

I Watercooled My Camera 13 37 Screenshot
The watercooling setup is amusing, but the real star of the show is the custom copper heatsink that transforms the camera’s performance without spoiling its practicality.

Upon its original release, Canon had the R5 camera simply shut off on a 20 minute timer when recording 8K video. When the userbase complained, an updated firmware was released that used an onboard sensor and would only shutdown when excessive temperatures were reached. Under these conditions, the camera could record for around 25 minutes at 20 °C. [Matt] set about disassembling the camera to investigate, figuring out that the main processor was the primary source of heat. With a poor connection to its heatsink and buried under a power supply PCB, there simply wasn’t anywhere for heat to go, leaving the camera to regularly overheat and take hours to cool down.

After whipping up an amusing but impractical watercooling solution and verifying it allowed the camera to record indefinitely, [Matt] set about some proper thermal engineering. A custom copper heatsink was produced for inside the camera, bonded directly to the processor and DRAM with thermal paste instead of poor-quality thermal tape. This then directs heat out through the plastic back of the camera. In cool environments, this is enough to allow the camera to record continuously. In warmer environments, simply adding a small fan to the back of the camera was enough to keep things operational indefinitely.

[Matt] finishes the video by pointing out that Canon could have made the camera far more useful for videographers by simply investing a little more time into the camera’s cooling design, while also generating more profits by selling a cooling accessory for extended recording. We’ve seen some of [Matt’s] work before too, such as this DIY 4K projector build. Video after the break.

source https://hackaday.com/2020/12/01/watercooling-a-canon-dslr-leads-to-serious-engineering-upgrades/

Watercooling A Canon DSLR Leads To Serious Engineering Upgrades

The Canon EOS R5 is a highly capable, and correspondingly very expensive, DSLR camera. Capable of recording video in 8K in a compact frame size, it unfortunately suffers from frustrating overheating issues. Always one to try an unconventional solution to a common problem, [Matt] decided to whip up a watercooling solution. What ensues is pure, top-notch engineering.

I Watercooled My Camera 13 37 Screenshot
The watercooling setup is amusing, but the real star of the show is the custom copper heatsink that transforms the camera’s performance without spoiling its practicality.

Upon its original release, Canon had the R5 camera simply shut off on a 20 minute timer when recording 8K video. When the userbase complained, an updated firmware was released that used an onboard sensor and would only shutdown when excessive temperatures were reached. Under these conditions, the camera could record for around 25 minutes at 20 °C. [Matt] set about disassembling the camera to investigate, figuring out that the main processor was the primary source of heat. With a poor connection to its heatsink and buried under a power supply PCB, there simply wasn’t anywhere for heat to go, leaving the camera to regularly overheat and take hours to cool down.

After whipping up an amusing but impractical watercooling solution and verifying it allowed the camera to record indefinitely, [Matt] set about some proper thermal engineering. A custom copper heatsink was produced for inside the camera, bonded directly to the processor and DRAM with thermal paste instead of poor-quality thermal tape. This then directs heat out through the plastic back of the camera. In cool environments, this is enough to allow the camera to record continuously. In warmer environments, simply adding a small fan to the back of the camera was enough to keep things operational indefinitely.

[Matt] finishes the video by pointing out that Canon could have made the camera far more useful for videographers by simply investing a little more time into the camera’s cooling design, while also generating more profits by selling a cooling accessory for extended recording. We’ve seen some of [Matt’s] work before too, such as this DIY 4K projector build. Video after the break.

source https://hackaday.com/2020/12/01/watercooling-a-canon-dslr-leads-to-serious-engineering-upgrades/

Wemo Smart Plug Gets Brain Transplant

Like many modern smart home gadgets, Belkin’s Wemo brand of smart plugs has a tendency to phone home every time you turn on a lamp. [Gigawatts] wasn’t having it, so they figured out how to flash the device with OpenWRT and replicated its original functionality with a web interface. Unfortunately this stopped working after awhile, and rather than trying to diagnose the issue, it seemed the time would be better spent simplifying the whole thing.

As [Gigawatts] explains, there are actually two separate boards inside the Wemo plug. One holds the relay to do the high-voltage switching, and the other provides the control. They are linked with a three wire connector, making it exceptionally simple to swap out the original controller for something different. The connector supplies 5 V and ground, all you’ve got to do is pull the third wire high to flick the switch.

While the ESP8266 probably would have been the first choice for many a Hackaday reader, [Gigawatts] actually went with the Moteino, a low-power Arduino compatible board with integrated RFM69 transceiver. With an LED to indicate status and a few lines of code tweaked, the Moteino got this once WiFi-only smart plug speaking a new language.

There’s some debate over how effective smart plugs are from an energy efficiency standpoint, but even if this reborn Wemo doesn’t help [Gigawatts] save much power, at least it won’t be blabbing about everything to a third-party.

source https://hackaday.com/2020/12/01/wemo-smart-plug-gets-brain-transplant/

Remoticon Video: How to Reverse Engineer a PCB

You hold in your hand a circuit board from a product you didn’t make. How does the thing work? What a daunting question, but it’s both solvable and approachable if you know what you’re doing. The good news is that Eric Schlaepfer knows exactly what he’s doing and boiled down the process of reverse engineering printed circuit boards into this excellent workshop. It was presented live during the 2020 Hackaday Remoticon, and the edited video, which you’ll find below, was just published. Slides for the talk have been published on the workshop project page.

Need proof that he has skills that we all want? Last year Eric successfully reverse-engineered the legendary Sound Blaster audio card and produced his own fully-functional drop-in replacement called the Snark Barker. And then re-engineered it to work with the ancient MCA bus architecture. Whoa.

Eric tackles the challenge in two parts. The first is to generate a bill of materials by harvesting as much information as possible, and then to fill in the rest of the details with liberal use of search engines and datasheets. He pulls everything into a spreadsheet, with columns for the parts designators printed on the board (U1, R53, C4, etc.), package type which you kind of get the hang of with experience, topmark (printed on the parts), and the part number gleaned from the above.

The next step is to reverse engineer the circuit board itself by taking high-resolution images, sometimes removing parts from the board to do so, and a schematic with every part you noted from the first step but no connected traces. Eric demonstrates how to use GIMP image editor to map out traces, adding nets in the schematic as he begins to solve pieces of the puzzle. As he draws the traces on their own layer, switching back and forth between images of the board immediately begins to demystify the connections split between the two layers.

He certainly makes it look both fast and easy, and for him it is. The key is getting a few of these under your belt until you can lean on experience to unstick the sticking points. But whether this is your very first rodeo, or you’re a seasoned veteran, the methodical approach is admirable and a welcomed addition to everyone’s skill set.

As an offhand comment, Eric mentions he could do an hour-long talk just on transformers. Yes please! Eric is known for his deep dives into engineering topics on his Twitter account @TubeTimeUS, some of my favorites have been his unpacking of the Camp Fire grand jury report which we reported on in September, and the story of how a patent troll brought down Commodore. He was also on the team of folks that presented one of the best IC demonstrations for truly grasping just how silicon makes the world go ’round.

source https://hackaday.com/2020/12/01/remoticon-video-how-to-reverse-engineer-a-pcb/

Let’s Encrypt Will Stop Working For Older Android Devices

Let’s Encrypt was founded in 2012, going public in 2014, with the aim to improve security on the web. The goal was to be achieved by providing free, automated access to SSL and TLS certificates that would allow websites to make the switch over to HTTPS without having to spend any money.

Encrypt Https
Hundreds of millions of sites rely on Let’s Encrypt for their HTTPS certificate needs. HTTPS security helps protect sites and users, and makes it harder for malicious actors to steal private information.

The project has just announced that, come September 1, 2021, some older software will stop trusting their certificates. Let’s look at why this has come to pass, and what it means going forward.

Certificates Expire

When Let’s Encrypt first went public in early 2016, they issued their own root certificate, by the name ISRG Root X1. However, it takes time for companies to include updated root certificates in their software, so until recently, all Let’s Encrypt certificates were cross-signed by an IdenTrust certificate, DST Root X3. This certificate had been around much longer, and was already supported by the vast majority of OSes and browsers in regular use. This allowed Let’s Encrypt to hit the ground running while they waited for the majority of software to support their own root certificate.

The problem looming on the horizon is the expiration of DST Root X3, on September 1, 2021. Of course, for those running up-to-date operating systems and browsers, there’s no major issue. But for those on platforms that haven’t been updated since 2016 or so, and don’t support the ISRG Root X1 certificate, things will break. This affects any secure communication that uses their certificates, whether it be browsing websites with HTTPS enabled or making connections over SSL or SFTP.

The company notes that perhaps the biggest area of concern is the Android handset market. As most telecommunications networks customise Android software, along with the handset manufacturer themselves, it takes coordination between many organisations to put out an OS update for an Android phone. There’s also little financial incentive for companies to support phones that have already been sold. Thus, many users find themselves locked out from OS updates entirely as networks or manufacturers simply neglect to do the work.

Encrypt Phonedist
Data on the Android installed base, as of September 2020.

Android users on versions older than 7.1.1 are the ones who will face issues when DST Root X3 expires on September 1 next year. Based on recent statistics, these users make up roughly a third of the Android userbase – a significant number. With a conservative estimate pegging Android users as a whole making up approximately 80% of the total smartphone installed base, and around 3 billion smartphone users worldwide, back of the envelope calculations show us that leaves around 750 million users that could have issues in the coming year.

Of course, workarounds are possible. While the Android OS, and presumably web browser, are long out of date, there’s nothing stopping users installing newer software that supports the ISRG Root X1 certificate. Firefox is available as a browser on the platform, and packs in its own list of trusted root certificates, so is a useful workaround for day to day web use. For developers, it’s possible to include ISRG Root X1 as a trusted certificate within an individual app, and discussions are ongoing among those taking to this route. After all, adding an new trusted certificate is just putting a file in a directory, but you need root permissions to do so, which on locked Android phones means a jailbreak.

Let’s Encrypt could also seek a cross-signature from another Certificate Authority, similar to when they started out. However, Certificate Authorities take on some responsibility for the certificates they sign, and it’s unlikely that another CA would wish to shoulder that burden for Let’s Encrypt. Particularly, as the entity is a non-profit, there is little money to be made. As a major pillar in the Internet’s shift towards HTTPS encryption as the norm, Let’s Encrypt consider it important that the project stand on its own, rather than relying on other for-profit organisations. Given that their root certificate is now widely recognised, outside these edge cases from 2016 and earlier, that seems like a sound decision.

With security on the Internet now more important than ever, this is a problem that isn’t going away. In order to play nice with all the other computers on the global network, regular updates are simply the cost of doing business. The benefit of having an open certificate provider like Let’s Encrypt around is that their transparency as to the issues and clear communication gives web hosts, developers, and end users more time to deal with the coming changes.

 

source https://hackaday.com/2020/12/01/lets-encrypt-will-stop-working-for-older-android-devices/

Let’s Encrypt Will Stop Working For Older Android Devices

Let’s Encrypt was founded in 2012, going public in 2014, with the aim to improve security on the web. The goal was to be achieved by providing free, automated access to SSL and TLS certificates that would allow websites to make the switch over to HTTPS without having to spend any money.

Encrypt Https
Hundreds of millions of sites rely on Let’s Encrypt for their HTTPS certificate needs. HTTPS security helps protect sites and users, and makes it harder for malicious actors to steal private information.

The project has just announced that, come September 1, 2021, some older software will stop trusting their certificates. Let’s look at why this has come to pass, and what it means going forward.

Certificates Expire

When Let’s Encrypt first went public in early 2016, they issued their own root certificate, by the name ISRG Root X1. However, it takes time for companies to include updated root certificates in their software, so until recently, all Let’s Encrypt certificates were cross-signed by an IdenTrust certificate, DST Root X3. This certificate had been around much longer, and was already supported by the vast majority of OSes and browsers in regular use. This allowed Let’s Encrypt to hit the ground running while they waited for the majority of software to support their own root certificate.

The problem looming on the horizon is the expiration of DST Root X3, on September 1, 2021. Of course, for those running up-to-date operating systems and browsers, there’s no major issue. But for those on platforms that haven’t been updated since 2016 or so, and don’t support the ISRG Root X1 certificate, things will break. This affects any secure communication that uses their certificates, whether it be browsing websites with HTTPS enabled or making connections over SSL or SFTP.

The company notes that perhaps the biggest area of concern is the Android handset market. As most telecommunications networks customise Android software, along with the handset manufacturer themselves, it takes coordination between many organisations to put out an OS update for an Android phone. There’s also little financial incentive for companies to support phones that have already been sold. Thus, many users find themselves locked out from OS updates entirely as networks or manufacturers simply neglect to do the work.

Encrypt Phonedist
Data on the Android installed base, as of September 2020.

Android users on versions older than 7.1.1 are the ones who will face issues when DST Root X3 expires on September 1 next year. Based on recent statistics, these users make up roughly a third of the Android userbase – a significant number. With a conservative estimate pegging Android users as a whole making up approximately 80% of the total smartphone installed base, and around 3 billion smartphone users worldwide, back of the envelope calculations show us that leaves around 750 million users that could have issues in the coming year.

Of course, workarounds are possible. While the Android OS, and presumably web browser, are long out of date, there’s nothing stopping users installing newer software that supports the ISRG Root X1 certificate. Firefox is available as a browser on the platform, and packs in its own list of trusted root certificates, so is a useful workaround for day to day web use. For developers, it’s possible to include ISRG Root X1 as a trusted certificate within an individual app, and discussions are ongoing among those taking to this route. After all, adding an new trusted certificate is just putting a file in a directory, but you need root permissions to do so, which on locked Android phones means a jailbreak.

Let’s Encrypt could also seek a cross-signature from another Certificate Authority, similar to when they started out. However, Certificate Authorities take on some responsibility for the certificates they sign, and it’s unlikely that another CA would wish to shoulder that burden for Let’s Encrypt. Particularly, as the entity is a non-profit, there is little money to be made. As a major pillar in the Internet’s shift towards HTTPS encryption as the norm, Let’s Encrypt consider it important that the project stand on its own, rather than relying on other for-profit organisations. Given that their root certificate is now widely recognised, outside these edge cases from 2016 and earlier, that seems like a sound decision.

With security on the Internet now more important than ever, this is a problem that isn’t going away. In order to play nice with all the other computers on the global network, regular updates are simply the cost of doing business. The benefit of having an open certificate provider like Let’s Encrypt around is that their transparency as to the issues and clear communication gives web hosts, developers, and end users more time to deal with the coming changes.

 

source https://hackaday.com/2020/12/01/lets-encrypt-will-stop-working-for-older-android-devices/

Zelda II Redux ROM Hack Plays How You Remember The Original

Going back to classic games can be a difficult experience. The forward passage of time leaves technology to stagnate, while the memories attached to those old games can morph in mysterious ways. Therein lies the problem with how you remember a game playing versus the reality of how it actually does. Developer [Jorge] saw that situation arising around Zelda II: The Adventure of Link, and it inspired him to create the Zelda II Redux ROM hack.

Years in the making, Zelda II Redux takes a relatively light-handed approach to revising the original NES game. Graphical enhancements include: a reworked HUD complete with the series’ tradition of hearts, animated enemy icons in the over world, a new title screen, and giving Link the shield from the Famicom Disk System release’s box art. Text speed has been increased and a revised translation of the Japanese script has been incorporated. Under the hood, all sorts of boss battles have been re-balanced while casting magic spells doesn’t require multiple return trips to the pause menu. Though Zelda II Redux’s most important feature may be the inclusion of manual saving via “Up + A” on the pause menu. There are also a whole host of other changes Zelda II Redux incorporates in order to bring Link’s second adventure more inline with the rest of the Legend of Zelda series that can be found on the project’s change log.

To play Zelda II Redux requies an IPS patching program, like LunarIPS, along with a clean dumped image of Zelda II: The Adventure of Link. Dumping NES cartridges is easier than ever these days due to many cartridge dumper devices being plug-and-play over USB. A successfully patched ROM file can be played in an emulator or on actual NES hardware through a flash cart. A video of a tool-assisted speedrun has been included below, so there may be some new strategies to employ.

source https://hackaday.com/2020/12/01/zelda-ii-redux-rom-hack-plays-how-you-remember-the-original/

USB Webcams Out of Stock? Make One With A Raspberry Pi and HQ Camera Module

More people working from home has had an impact on the cost and availability of USB webcams, so [Jeff Geerling] got around the issue with a DIY solution that rang in around $100. It consists of a Raspberry Pi and HQ camera module acting as a USB webcam, and there is no messy streaming of ffmpeg over the network masquerading as a camera device or anything. It works just as a USB camera should.

Raspberry Pi Zero Is A Pro Hq Webcam For Less Than 100 3 27 Screenshot[Jeff] chose a Raspberry Pi Zero and HQ camera module for his unit, making a tidy package that might not be quite as small as commercial webcams, but is certainly perfectly respectable as a USB camera. That being said, there are a few drawbacks, namely the lack of a microphone or autofocus, latency issues at higher resolutions, and the need to shut down the Pi cleanly.

Check out the GitHub repository for everything needed to set up your own, including a complete hardware list and some options for mounting. [Jeff] also tested whether the camera would work with the new keyboard-embedded Raspberry Pi 400, and it absolutely does. Embedded below is a video walkthrough and demonstration of the whole project, so check it out.

source https://hackaday.com/2020/11/30/usb-webcams-out-of-stock-make-one-with-a-raspberry-pi-and-hq-camera-module/

USB Webcams Out of Stock? Make One With A Raspberry Pi and HQ Camera Module

More people working from home has had an impact on the cost and availability of USB webcams, so [Jeff Geerling] got around the issue with a DIY solution that rang in around $100. It consists of a Raspberry Pi and HQ camera module acting as a USB webcam, and there is no messy streaming of ffmpeg over the network masquerading as a camera device or anything. It works just as a USB camera should.

Raspberry Pi Zero Is A Pro Hq Webcam For Less Than 100 3 27 Screenshot[Jeff] chose a Raspberry Pi Zero and HQ camera module for his unit, making a tidy package that might not be quite as small as commercial webcams, but is certainly perfectly respectable as a USB camera. That being said, there are a few drawbacks, namely the lack of a microphone or autofocus, latency issues at higher resolutions, and the need to shut down the Pi cleanly.

Check out the GitHub repository for everything needed to set up your own, including a complete hardware list and some options for mounting. [Jeff] also tested whether the camera would work with the new keyboard-embedded Raspberry Pi 400, and it absolutely does. Embedded below is a video walkthrough and demonstration of the whole project, so check it out.

source https://hackaday.com/2020/11/30/usb-webcams-out-of-stock-make-one-with-a-raspberry-pi-and-hq-camera-module/

Recovering Metal From Waste

Refining precious metals is not as simple as polishing rocks that have been dug out of the ground. Often, complex chemical processes are needed to process the materials properly or in high quantities, but these processes leave behind considerable waste. Often, there are valuable metals left over in these wastes, and [NerdRage] has gathered his chemistry equipment to demonstrate how it’s possible to recover these metals.

The process involved looks to recover copper and nitric acid from copper nitrate, a common waste byproduct of processing metal. While a process called thermal decomposition exists to accomplish this, it’s not particularly efficient, so this alternative looks to improve the yields you could otherwise expect. The first step is to react the copper nitrate with sulfuric acid, which results in nitric acid and copper sulfate. From there, the copper sulfate is placed in an electrolysis cell using a platinum cathode and copper anodes to pass current through it. After the process is complete, all of the copper will have deposited itself on the copper electrodes.

The other interesting thing about this process, besides the amount of copper that is recoverable, is that the sulfuric acid and the nitric acid are recoverable, and able to be used again in other processes. The process is much more efficient than thermal decomposition and also doesn’t involve any toxic gasses either. Of course, if collecting valuable metals from waste is up your alley, you can also take a look at recovering some gold as well.

Thanks to [Keith] for the tip!

source https://hackaday.com/2020/11/30/recovering-metal-from-waste/

Gathering Eclipse Data Via Ham Radio

A solar eclipse is coming up in just a few weeks, and although with its path of totality near the southern tip of South America means that not many people will be able to see it first-hand, there is an opportunity to get involved with it even at an extreme distance. PhD candidate [Kristina] and the organization HamSCI are trying to learn a little bit more about the effects of an eclipse on radio communications, and all that is required to help is a receiver capable of listening in the 10 MHz range during the time of the eclipse.

It’s well-known that certain radio waves can propagate further depending on the time of day due to changes in many factors such as the state of the ionosphere and the amount of solar activity. What is not known is specifically how the paths can vary over the course of the day. During the eclipse the sun’s interference is minimized, and its impact can be more directly measured in a more controlled experiment. By tuning into particular time stations and recording data during the eclipse, it’s possible to see how exactly the eclipse impacts propagation of these signals. [Kristina] hopes to take all of the data gathered during the event to observe the doppler effect that is expected to occur.

The project requires a large amount of volunteers to listen in to the time stations during the eclipse (even if it is not visible to them) and there are only a few more days before this eclipse happens. If you have the required hardware, which is essentially just a receiver capable of receiving upper-sideband signals in 10 MHz range, it may be worthwhile to give this a shot. If not, there may be some time to cobble together an SDR that can listen in (even an RTL-SDR set up for 10 MHz will work) provided you can use it to record the required samples. It’s definitely a time that ham radio could embrace the hacker community.

source https://hackaday.com/2020/11/30/gathering-eclipse-data-via-ham-radio/

How to know if it’s time to replace your car’s clutch

Are you wondering if it’s time to replace your car’s clutch? From grinding noises to difficulties getting into gear, there are plenty of signs that your clutch needs some extra attention. You can find clutches for sale, as well as automotive service providers, on Junk Mail.

Find car clutches for sale on Junk Mail

What is a clutch and how does it work?

A
clutch is a mechanical device that plays an important role in the operation of
your car. The clutch functions to engage and disengage two rotating shafts. One
of the shafts is connected to the engine and the other shaft is responsible for
the power output.

The main parts of the clutch include the following:

  • Cover
    plate
  • Pressure
    plate
  • Driven
    plate
  • Release
    bearing

If
you live in the city where you’re faced with traffic on a regular basis, it’s
likely that your car’s
clutch will wear down quicker. Frequent stopping and starting can have a
negative impact on the lifespan of your clutch. Pulling heavy loads is also likely
to wear your car’s clutch
down.

Find car clutches for sale on Junk Mail

5 signs that you need to replace your car’s clutch

  • Clutch slippage

If the
engine races but your vehicle is slow to take off, it’s an indication of a worn-out
clutch. It’s likely that the friction material has worn away so that it’s
difficult for the power to be transferred to the transmission. If this is the
case, you’ll need to replace the disc to get your vehicle back into shape.
However, there are other culprits of clutch slippage, which include problems
with the clutch linkage as well as a damaged pressure plate. A damaged motor
mount can also be the cause of this problem.

  • Getting into gear is difficult

Changing
gears can be problematic if your clutch isn’t in good condition, but issues
with changing gears could also be due to problems with the linkage adjustment,
a damaged clutch plate or a damaged cylinder fork.

  • Soft clutch

If
your clutch feels spongy, it’s advisable to have it checked out as soon as
possible. Another telltale sign of a clutch problem is if your car’s clutch shudders.
This issue is particularly noticeable when you’re travelling at low speeds. A
shuddering clutch can mean that there are impurities interfering with the
clutch plate or that the clutch plate needs to be replaced.

  • Grinding sounds

If
you notice grinding sounds when you push down the clutch, it could be a sign
that the clutch is worn. Faulty bearings could also be the culprit. It’s
important to deal with this problem as soon as possible because bearings are
cheap to replace but if you continue to drive with damaged bearings it can lead
to more expensive problems later.

How to make your car’s clutch last longer

Save
time and money by taking good care of your clutch. Clutches are a sensitive and
vital part of your vehicle, so it’s essential to know how to extend their
lifespan.

  • Don’t
    apply pressure to the clutch while you’re driving unless you’re changing gears.
    Even resting your foot on the clutch can create pressure that speeds up the
    wear and tear of your clutch.
  • Reduce
    the speed of your vehicle slowly and steadily before you come to a robot or
    stop sign. Likewise, take off slowly and steadily rather than pretending you’re
    on a racetrack. 
  • Make
    use of your parking brake when you’re taking off on an incline so that you can
    avoid putting strain on your clutch.
  • Don’t
    engage your clutch to assist with braking.
Don't keep your foot on the clutch when you drive | Junk Mail
Photo Source – www.pixabay.com

Now that you know how to maintain your car’s clutch properly, you can keep your car in good shape. Find clutches for sale on Junk Mail and enjoy great savings.

Building A Dishwasher From Scratch

[Billy] was no fan of doing the dishes, but also found commercial solutions lacking. The options on the market simply didn’t fit his cookware and flatware. Instead of compromising, he set out to build a dishwasher of his own design. 

The build consists of a whole heap of hardware all lumped in a sizeable plastic tub. A washing machine solenoid lets water into the system, and it’s heated by an element in the base of the tub. It’s then pumped through a garden sprinkler head to give the dishes a good all-over spraying. At the end of a wash cycle, the drain pump then dumps the water to let everything dry off. An ESP8266 and a bank of relays are in place to run the show, with the user selecting wash programs via buttons and a small screen.

It may have taken a couple of years to come together, but [Billy’s] dishwasher seems to get the job done. Files are on Github for those interested, however we’d caution against attempting such a build unless you’re familiar working with plumbing and mains electricity. The other benefit of building your own dishwasher is that you’re less likely to have to patch it against widespread exploits – the security is instead up to you. Video after the break.

[Thanks to Adrian for the tip!]

source https://hackaday.com/2020/11/30/building-a-dishwasher-from-scratch/

A Crust-Cutting, Carrot-Chopping Robot

[3DprintedLife] sure does hate bread crust. Not the upper portion of homemade bread, mind you — just that nasty stuff around the edges of store-bought loaves. Several dozen hours of CAD later, [3DprintedLife] had themselves a crust-cutting robot that also chops vegetables.

This De-Cruster 9000 is essentially a 2-axis robotic guillotine over a turntable. It uses a Raspberry Pi 4 and OpenCV to seek and destroy bread crusts with a dull dollar store knife. Aside from the compact design, our favorite part has to be the firmware limit switches baked into the custom control board. The stepper drivers have this fancy feature called StallGuard™ that constantly reads the back EMF to determine the load the motor is under. If you have it flag you right before the motor hits the end of the rail and stalls, bam, you have a firmware limit switch. Watch it remove crusts and chop a lot of carrots with faces after the break.

This is far from the dangerous-looking robot we’ve seen lately. Remember this hair-cutting contraption?

source https://hackaday.com/2020/11/30/a-crust-cutting-carrot-chopping-robot/

Amazon Sidewalk: Should You Be Co-Opted Into A Private Neighbourhood LoRa Network?

WiFi just isn’t very good at going through buildings. It’s fine for the main living areas of an average home, but once we venture towards the periphery of our domains it starts to become less reliable.  For connected devices outside the core of a home, this presents a problem, and it’s one Amazon hope to solve with their Sidewalk product.

It’s a low-bandwidth networking system that uses capability already built into some Echo and Ring devices, plus a portion of the owner’s broadband connection to the Internet.  The idea is to provide basic connectivity over longer distances to compatible devices even when the WiFi network is not available, but of most interest and concern is that it will also expose itself to devices owned by other people. If your Internet connection goes down, then your Ring devices will still provide a basic version of their functionality via a local low-bandwidth wide-area wireless network provided by the Amazon devices owned by your neighbours.

I Can See Your Amazon Ring From Here

It looks so harmless, doesn't it. A Ring doorbell once installed.
It looks so harmless, doesn’t it. Amin, CC BY-SA 4.0

The massive online retailer and IoT cloud provider would like to open up a portion of your home broadband connection via your home security devices over a wireless network to other similar devices owned by strangers. In the Amazon literature it is touted as providing all sorts of useful benefits to Ring and Echo owners, but it has obvious implications for both the privacy of your data should it be carried by other people’s devices, and for the security of your own network when devices you don’t own pass traffic over it. For the curious there’s a whitepaper offering more insights into the system, and aside from revealing that it uses 900 MHz FSK and LoRa as its RF layer there is a lot information on how it works. As you might expect they have addressed the privacy and security issues through encryption, minimising the data transmitted, and constantly changing identifiers. To read the Amazon document at face value is to enter a world in which some confidence can be gained in the product.

The question on the lips of skeptical readers will no doubt be this: what could possibly go wrong? We would expect that the devices themselves and the radio portion of the network will be investigated thoroughly by those who make it their business to do such things, and while there is always the chance that somebody could discover a flaw in them it’s more probable that weaknesses could be found in the applications that sit atop the system. It’s something that has plagued Amazon’s IoT offerings before, such as last year when their Neighbors app was found to sit atop a far more garrulous API than expected, leading to a little more neighbourly information being shared than they bargained for. If Amazon’s blurb is to be believed then this system is to be opened up for third-party IoT device and app developers, and with each one of those the possibility of holes waiting to be discovered increases. We’ll keep you posted as they emerge.

Products such as Amazon Echo and Ring are incredible showcases of 21st century technology. They’re the living embodiment of an automated Jetsons future, and we’d be lying if we said we didn’t want a little slice of that future. But as you all know, the version of that future peddled by them and their competitors is a deeply flawed one in which the consumers who buy the products are largely unaware of how much data is created from them. From a purely technical perspective the idea of home security products that automatically form a low bandwidth network for use in case of main network failure is an exceptionally cool one, but when coupled with the monster data slurp of the Amazon behemoth it assumes a slightly more worrying set of possibilities. Is it possible to be George Jetson without Mr. Spacely gazing over your shoulder?

source https://hackaday.com/2020/11/30/amazon-sidewalk-should-you-be-co-opted-into-a-private-neighbourhood-lora-network/