One of the pleasures of consuming old science fiction movies and novels is that they capture the mood of the time in which they are written. Captain Kirk was a 1960s guy and Picard was a 1990s guy, after all. Cold war science fiction often dealt with invasion. In the 1960s and 70s, you were afraid of losing your job to a computer, so science fiction often had morality tales of robots running amok, reminding us what a bad idea it was to give robots too much power. As it turns out, robots might be dangerous, but not for the reasons we thought. The robots won’t turn on us by themselves. But they could be hacked. To that end, there’s a growing interest in robot cybersecurity and Alias Robotics is releasing Alurity, a toolbox for robot cybersecurity.
Currently, the toolbox is available for Linux and MacOS with some support for Windows. It targets 25 base robots including the usual suspects. There’s a white paper from when the product entered testing available if you want more technical details.
We often see press releases and announcements about the next big technology in batteries, memory, displays, capacitors, or any of a number of other things. Usually we are suspicious since we typically don’t see any of this new technology in the marketplace over any reasonable timescale. So when we read about correlated-electron memoryCerfe Labs, we had to wonder if it would be more of the same. IOur suspicions may be justified of course, but it is telling that the company is a spin-off from ARM, so that gives them some real-world credibility.
Correlated-electron RAM or CeRAM is the usual press release material. Nonvolatile, smaller than SRAM, and fast. It sounds as though it could replace the SRAM in PC caches, for example, and take up less die space on the CPU chip. The principle is a bit odd. When electrons are forced together in certain materials, the properties of the material can change. This Mott transition (named after the inventor [Neville Mott]) can take carbon-doped nickel oxide and switch it from its natural electrical insulating state to a conducting state and back again.
The idea of building a suit that increases the wearer’s strength is a compelling one, often featured in science fiction. There are a handful of real world examples, and [Alex] can now add his to the list. The build comes with a twist however, relying on hydrogen to do the work.
At its heart, the build is not dissimilar to other artificial muscle projects. The muscles in [Alex’s] build consist of a rubber tube inside a nylon braid. When the rubber tube is inflated, it expands, causing the nylon braid to shorten as it grows wider. Commonly, such builds rely on compressed air to power the muscles, however [Alex] took a different path. Instead, water is electrolysed in a chamber designed to look like Iron Man’s arc reactor, with the resulting gases produced being used to drive the muscles. With five muscles ganged up to pull together, the wearable arm support is capable of generating up to 15 kg of pull force.
It’s a design that has a few benefits; the electrolyser has no moving parts, and is much simpler and quieter than a typical air compressor. Obviously, there is a risk of fire thanks to the flammable gases used, but [Alex] explains the precautions taken to minimise this risk in the video.
Exosuits may not be mainstream just yet, but that doesn’t mean people aren’t working to make them a reality. We’ve featured a few before, like this open-source design. Video after the break.
When was the last time you tried listening to a new genre of music, or even explored a sub-genre of something you already like? That’s what we thought. It’s good to listen to other stuff once in a while and remind ourselves that there’s a whole lot of music out there, and our tastes are probably not all that diverse. As a reminder, [sorghum] made a spiffy little Spotify remote that can cruise through the musical taxonomy that is Every Noise at Once and control any Spotify-enabled device.
There’s a lot to like about this little remote, which is based upon a LilyGo TTGO ESP32 board with on-board display. The circuitry is basically that and a rotary encoder plus a tiny LiPo battery. Can we talk about the finish on those prints? Yes, those are both printed enclosures. Getting that buttery smooth finish took two grits of wet/dry sandpaper plus nine grits of polishing cloths.
As you can see in the brief demo after the break, there are several ways to discover new music. [sorghum] can surf through all kinds of Japanese music for example, or surf by the genre’s ending word and listen to metalcore, deathcore, and grindcore from all over the globe. For extra fun, there’s a genre-ending randomizer so you can discover just how many forms of *core there are.
We have no idea whether [Nick Goodey] is a trained engineer or not. But given the detailed design of this DIY energy recovery ventilator for his home HVAC system, we’re going to go out on a limb and say he probably knows what he’s doing.
For those not in the know, an energy recovery ventilator (ERV) is an increasingly common piece of equipment in modern residential and commercial construction. As buildings have become progressively “tighter” to decrease heating and cooling energy losses to the environment, the air inside them has gotten increasingly stale. ERVs solve the problem by bringing fresh, unconditioned air in from the outside while venting stale but conditioned air to the outside. The two streams pass each other in a heat exchanger so that much of the energy put into the conditioned air is transferred to the incoming unconditioned air.
While ERV systems are readily available commercially, [Nick] decided to roll his own after a few experiments with Coroplast and some extensive calculations convinced him it would be a viable idea. One may scoff at the idea of corrugated plastic for the heat exchanger, but the smooth channels through the material make it a great choice. He built up a block of Coroplast squares with the channels in alternate layers oriented orthogonally, letting stale inside air pass very close to fresh outside air to exchange heat without ever mixing directly. The entire system, including fans, an Arduino for control, sensors galore, and the Hubitat home automation hub, is powered by DC, so no electrician was needed. [Nick] has a ton of detail in his build log, including all the tools and calculators he used to design the system.
Given the expense of ERV systems, we’re surprised we haven’t seen more stories about DIY versions. We have talked about HVAC systems a lot, though — after all, HVAC techs are hackers who make housecalls.
Despite the popularity of social media, for communication that actually matters, e-mail reigns supreme. Crucial to the smooth operation of businesses worldwide, it’s prized for its reliability. Google is one of the world’s largest e-mail providers, both with its consumer-targeted Gmail product as well as G Suite for business customers [Jeffrey Paul] is a user of the latter, and was surprised to find that URLs in incoming emails were being modified by the service when fetched via the Internet Message Access Protocol (IMAP) used by external email readers.
This change appears to make it impossible for IMAP users to see the original email without logging into the web interface, it breaks verification of the cryptographic signatures, and it came as a surprise.
Security Matters
For a subset of users, it appears Google is modifying URLs in the body of emails to instead go through their own link-checking and redirect service. This involves actually editing the body of the email before it reaches the user. This means that even those using external clients to fetch email over IMAP are affected, with no way to access the original raw email they were sent.
The security implications are serious enough that many doubted the initial story, suspecting that the editing was only happening within the Gmail app or through the web client. However, a source claiming to work for Google confirmed that the new feature is being rolled out to G Suite customers, and can be switched off if so desired. Reaching out to Google for comment, we were directed to their help page on the topic.
The stated aim is to prevent phishing, with Google’s redirect service including a link checker to warn users who are traveling to potentially dangerous sites. For many though, this explanation doesn’t pass muster. Forcing users to head to a Google server to view the original URL they were sent is to many an egregious breach of privacy, and a security concern to boot. It allows the search giant to further extend its tendrils of click tracking into even private email conversations. For some, the implications are worse. Cryptographically signed messages, such as those using PGP or GPG, are broken by the tool; as the content of the email body is modified in the process, the message no longer checks out with respect to the original signature. Of course, this is the value of signing your messages — it becomes much easier to detect such alterations between what was sent and what was received.
Inadequate Disclosure
Understandably, many were up in arms that the company would implement such a measure with no consultation or warning ahead of time. The content of an email is sacrosanct, in many respects, and tampering with it in any form will always be condemned by the security conscious. If the feature is a choice for the user, and can be turned off at will, then it’s a useful tool for those that want it. But this discovery was a surprise to many, making it hard to believe it was adequately disclosed before roll-out. The question unfolded in the FAQ screenshot above hints at this being part of Google’s A/B test and not applied to all accounts. Features being tested on your email account should be disclosed yet they are not.
Protecting innocent users against phishing attacks is a laudable aim, and we can imagine many business owners enabling such a feature to avoid phishing attacks. It’s another case where privacy is willingly traded for the idea of security. While the uproar is limited due to the specific nature of the implementation thus far, we would expect further desertion of Google’s email services by the tech savvy if such practices were to spread to the mainstream Gmail product. Regardless of what happens next, it’s important to remember that the email you read may not be the one you were sent, and act accordingly.
Update 30/10/2020: It has since come to light that for G Suite users with Advanced Protection enabled, it may not be possible to disable this feature at all.
The organic shapes of miniature trees grown over the course of decades is the ultimate indicator of patience and persistence. For those who prefer bending copper to their will rather than saplings, producing an LED tree that looks and functions this well is an accomplishment that signals clever planning and patient fabrication. The animated result is a masterpiece that took about eighteen months to complete.
There are 128 enamel-coated wires that twist into branches holding 32 RGB light-emitting diodes. Tapping into each at the base of the tree is a chaotic mess made a bit easier by a cleverly designed circuit board.
A circular petal pattern was laid out in Inkscape that includes a hole at the center for the “trunk” to pass through. The LED matrix is designed with 8 rows and 12 columns, but 24 pads were laid out so that only four wires would need to be soldered to each copper petal. Even so, look at the alligator clip holding up this PCB to get an idea of the scale of this job!
The angular base is itself made of copper clad board soldered on the inside of the seams and painted black on the outside. This hides the “petal” PCB, as well as a breakout board for an STM32 microcontroller and a power management circuit that lets you use your choice of USB or a lithium battery.
We wonder if [fruchti] has thought about adding some interactivity to his sapling. While we haven’t seen such a beautiful, tiny, creation as this, we have seen an LED tree whose lights can be blown out like birthday candles. Wouldn’t this be an excellent entry in our Circuit Sculpture challenge? There’s still a few weeks left!