Arduboy Gets Even Smaller With New Nano Edition

One of the selling points of the Arduboy is how slim [Kevin Bates] was able to get the Arduino-compatible game system, which is perhaps less surprising when you realize that it originally started out as a design for an electronic business card. But compared to the recently unveiled Nano version, it might as well be the old school “brick” Game Boy.

Now to be clear, [Kevin] isn’t looking to put these into official production. Though it does sound like the bare PCBs might be going up for sale in the near future. This was simply an experiment to see how far he could shrink the core Arduboy hardware while still keeping it not only playable but also code-compatible with the full-size version. While “playable” might be a tad subjective in this case, the video after the break clearly demonstrates that it’s fully functional.

Inside the 3D printed case is the same ATmega32U4 that powers the Arduboy, a 64×32 0.49″ OLED display, and a tiny 25 mAh pouch battery. There’s even a miniature piezo speaker for the bleeps and bloops. All of the pinouts have remained the same so existing code can be moved right over, though the screen is now connected over I2C. [Kevin] has released the schematics for the board in keeping with the general open nature of the Arduboy project, though for now he’s decided to hold onto the board files until it’s clear whether or not there’s a commercial future for the Nano.

We’ve seen attempts to shrink the Arduboy down before, most notably down to the point it could fit inside of a Dreamcast Visual Memory Unit, but the Nano certainly raises (or is that lowers?) the bar considerably.

Continue reading “Arduboy Gets Even Smaller With New Nano Edition”

This Week In Security: Perl.com, The Great Suspender, And Google’s Solution

Perl has been stolen. Well, perl.com, at least. The perl.com domain was transferred to a different registrar on January 27, without the permission of the rightful owner. The first to notice the hack seems to have been [xtaran], who raised the alarm on a Reddit thread. The proper people quickly noticed, and started the process of getting control of the domain again. It seems that several other unrelated domains were also stolen in the same attack.

I’ve seen a couple of theories tossed around about how the domains were stolen. With multiple domains being moved, it initially seemed that the registrar had been compromised in some way. One of the other victims was told that a set of official looking documents had been supplied, “proving” that the attacker was the rightful owner of the domain. In any case, the damage is slowly being unwound. Perl.com is once again in the proper hands, evidenced by the proper SSL certificate issued back in December.

The Great Suspender, Suspended

I was greeted by a particularly nasty surprise on Thursday of this week. One of the Chrome extensions I’ve come to rely on was removed by Google for containing malware. The Great Suspender automatically hibernates unused tabs, saving ram and processor cycles that would otherwise be spent on those 150 open tabs that should really be bookmarks. What happened here?

I’ll point out that I’m extremely careful about installing extensions. It’s code written by a third party, often very difficult to inspect, and can view and modify the sites you visit. You can manage what sites an extension has access to, but for a tool like the Suspender, it essentially needs access to all of them. The solution is to use open source extensions, right? “Well yes, but actually no.” Suspender is open source, after all. The link above goes to the project’s Github page. In that repo you’ll find an announcement from last year, that the founding developer is finished with the project, and is selling the rights to an unknown third party, who took over maintainership. If this sounds familiar, there are echoes of the event-stream debacle.

It’s not clear exactly what malicious behavior Google found that led to the extension being pulled, but a more careful look at the project reveals that there were potential problems as early as October of 2020. An addition to the extension introduced execution of code from a remote server, never a good idea. For what it’s worth, the original maintainer has made a statement, defending the new owners, and suggesting that this was all an innocent mistake.

The lesson here? It’s not enough to confirm that an extension checks the “open source” box. Make sure there is an active community, and that there isn’t a 6 month old bug report detailing potentially malicious activity.

Libgcrypt

It’s not everyday you see a developer sending out a notice that everyone should stop using his latest release. That’s exactly what happened with Libgcrypt 1.9.0. Our friends over at Google’s Project Zero discovered an extremely nasty vulnerability in the code. It’s a buffer overflow that happens during the decryption process, before even signature verification. Since libgcrypt is used in many PGP implementations, the ramifications could be nasty. Receive an encrypted email, and as soon as your client decrypts it, code is executing. Thankfully, an update that fixes the issue has already been released.

Android Botnet

A new botnet is targeting Android devices in a peculiar way — looking for open ADB debug ports exposed to the Internet. Google makes it very clear that ADB over the network is insecure, and should only be used for development purposes, and on controlled networks. It’s astounding that so many vendors ship hardware with this service exposed. Beyond that, it’s surprising that so many people give their Android devices public IP addresses (or IPv6 addresses that aren’t behind a firewall). The botnet, named Matryosh, has another unique feature, as it uses Tor for command and control functions, making it harder to track.

Google Solution to Open-Source Security

Google published a post on their open source blog, giving an overview for their new framework for the security of open source projects. “Know, Prevent, Fix” is their name for the new effort, and it must have been written by management, because it’s full of buzzwords. The most interesting elements are their goals for critical software. They identify problems like the ability of a single maintainer to push bad code into a project, and how anonymous maintainers is probably a bad idea. It will be interesting to see how these ideas develop, and how Google will help open source communities implement them.

Microsoft in My Pi

And finally, I was amused by an article lamenting the inclusion of the VSCode repository in the default Raspberry Pi OS images. He does raise a couple legitimate points. Amont them, you do send a ping to Microsoft’s servers every time you check for new updates.

The larger point is that the official VSCode binaries have telemetry code added to them — code that isn’t in the open source repository. What is it doing? You don’t know. But it probably violates European law.

Want to use VSCode, but not interested in shipping info off to Microsoft? VSCodium is a thing.

Motor Controller Reverse Engineering Releases Smoke

It may have been designed for a sewing machine, but [Haris Andrianakis] found his imported DC brushed motor was more than up to the challenge of powering his mini lathe. Of course there’s always room for improvement, so he set out to reverse engineer the motor’s controller to implement a few tweaks he had in mind. Unfortunately, things took an unexpected turn when plugging his AVR programmer into the board’s ISP socket not only released the dreaded Magic Smoke, but actually tripped the breaker and plunged his bench into darkness.

Studying how the Hall-effect sensors in the motor are wired.

Upon closer inspection, it turned out the board has no isolation between the high voltage side and its digital logic. When [Haris] connected his computer to it via the programmer, the 330 VDC coming from the controller’s rectifier shorted through the USB bus and tripped the Earth-leakage circuit breaker (ELCB). The good news is that his computer survived the ordeal, and even the board itself seemed intact. But the shock must have been too much for the microcontroller he was attempting to interface with, as the controller no longer functioned.

Now fully committed, [Haris] started mapping out the rest of the controller section by section. In the write-up on his blog, he visually masks off the various areas of the PCB so readers have an easier time following along and understanding how the schematics relate to the physical board. It’s a nice touch, and a trick worth keeping in mind during your own reverse engineering adventures.

In the end, [Haris] seems to have a good handle on what the majority of the components are up to on the board. Which is good, since getting it working again now means replacing the MCU and writing new firmware from scratch. Or perhaps he’ll just take the lessons learned from this controller and spin up his own custom hardware. In either event, we’ll be keeping an eye out for his next post on the subject.

Hands On With The Voltera V-One PCB Printer

Creating your own PC board is a rite of passage for many. These days, though, you can order super inexpensive boards and have them in very little time, so it doesn’t always make sense to build your own. Still, some people like the challenge, and others don’t want to wait even a few days. Probably everyone has dreamed of a 3D printer-like machine that would just crank out beautiful PCBs. The Voltera V-One isn’t quite at that level of sophistication, but it isn’t too far from it. [Great Scott] shows us how he built two different boards using the system in the video below. While the results were impressive, you can also see that there are several limitations, especially if you are not designing your board with the machine in mind.

One thing that is obvious is that the machine does need your help. In addition to aligning holes, you’ll need to install tiny rivets for vias and slightly less tiny rivets for through-hole components. The last time we looked at the machine, it didn’t do holes at all, but [Scott] shows the drill attachment which allows the machine to produce vias and support leaded components.

Continue reading “Hands On With The Voltera V-One PCB Printer”