Boat Anchor Twins Get A Little Digital Help Staying On Frequency

In the ham radio trade, gear such as the old Drake units [Dr. Scott M. Baker] has in his radio shack are often referred to as “boat anchors.” It refers to big, heavy radios that were perhaps a bit overengineered compared to the state of the art at the time they were designed, and it’s actually a shame that the name has taken on something of a pejorative connotation, since some of this gear is rock solid half a century or more after it was built.

But older gear is often harder to use, at least compared to the newer radios with microcontrollers and more stable oscillators inside. To make his 1970s-era Drake “Twins” setup of separate but linked receiver and transmitter a little more fun to use, [Scott] came up with this neat Raspberry Pi-based DDS-VFO project to keep his boat anchors afloat. Compared to the original mechanically tuned variable frequency oscillator in the Drake receiver, the direct-digital synthesis method promises more stability, meaning less knob-nudging to stay on frequency.

The hardware used for the DDS-VFO is actually pretty simple — just a Raspberry Pi Zero W driving an AD9850-based signal-generator module. Sending the signal to the Twins was another matter. That was done by tapping into the injection cable linking both units, which meant a few circuit complications to deal with signal attenuation. [Scott] also added amenities like a digital frequency display, optical encoder with crank-style knob to change frequency, and a host of Cherry MX keyswitches for quick access to different features.

From the look of the video below, the Twins are now rock-solid and a lot easier to use. This project is loosely based on a recent panadapter project [Scott] undertook for the receiver side of the Twins.

Continue reading “Boat Anchor Twins Get A Little Digital Help Staying On Frequency”

This Week In Security: DDoS Techniques, Dirty Pipe, And Lapsus$ Continued

Denial-of-Service (DoS) amplification. Relatively early in the history of the Internet — it was only 14 years old at the time — the first DoS amplification attack was discovered. [TFreak] put together smurf.c, likely in 1997, though it’s difficult to nail the date down precisely.

The first real DoS attack had only happened a year before, in 1996. Smurf worked by crafting ICMP packets with spoofed source addresses, and sending those packets to a network’s broadcast address. A host that received the request would send the packet to the target, and if multiple hosts responded, you got a bigger DoS attack for free. Fast forward to 1999, and the first botnet pulled off a Distributed DoS, DDoS, attack. Ever since then, there’s been an ongoing escalation of DDoS traffic size and the capability of mitigations.

DNS and NTP quickly became the popular choice for amplification, with NTP requests managing an amplification factor of 556, meaning that for every byte an attacker sent, the amplifying intermediary would send 556 bytes on to the victim. You may notice that so far, none of the vulnerable services use TCP. The three-way handshake of TCP generally prevents the sort of misdirection needed for an amplified attack. Put simply, you can’t effectively spoof your source address with TCP.

There are a pair of new games in town, with the first being a clever use of “middleboxes”, devices like firewalls, Intrusion Prevention Systems, and content filters. These devices watch traffic and filter content or potential attacks. The key here is that many such devices aren’t actually tracking TCP handshakes, it would be prohibitively memory and CPU intensive. Instead, most such devices just inspect as many packets as they can. This has the unexpected effect of defeating the built-in anti-spoofing of TCP.

An attacker can send a spoofed TCP packet, no handshake required, and a vulnerable middlebox will miss the fact that it’s spoofed. While that’s interesting in itself, what’s really notable is what happens when the packet appears to be a request for a vulnerable or blocked resource. The appliance tries to interrupt the stream, and inject an error message back to the requester. Since the requestor can be spoofed, this allows using these devices as DDoS amplifiers. As some of these services respond to a single packet with what is essentially an entire web page to convey the error, the amplification factor is literally off the charts. This research was published August 2021, and late February of this year, researchers at Akamai have seen DDoS attacks actually using this technique in the wild.

The second new technique is even more alien. Certain Mitel PBXs have a stress-test capability, essentially a speed test on steroids. It’s intended to only be used on an internal network, not an external target, but until a recent firmware update that wasn’t enforced. For nearly 3,000 of these devices, an attacker could send a single packet, and trigger the test against an arbitrary host. This attack, too, has recently been seen in the wild, though in what appears to be test runs. The stress test can last up to 14 hours at worst, leading to a maximum amplification factor if over four billion, measured in packets. The biggest problem is that phone systems like these a generally never touched unless there’s a problem, and there’s a decent chance that no one on site has the login credentials. That is to say, expect these to be vulnerable for a long time to come. Continue reading “This Week In Security: DDoS Techniques, Dirty Pipe, And Lapsus$ Continued”

Is Your Tape Dispenser Radioactive?

Do you have anything radioactive in your house? Most people will say no, but they are probably wrong. A host of things ranging from glow-in-the dark timepieces to smoke detectors have some amount of radioactivity. But as [Wheeler Scientific] points out, so do some old Scotch tape dispensers. You can watch the video, below.

The dispenser in question is the C-15 which was very common around offices, military bases, and homes for years. They were made up until the 1980s. You have to wonder why a tape dispenser would be radioactive, and [Wheeler] has the explanation.

When you pull tape from the dispenser, you don’t want the dispenser to slide around the desk, so it needs to be heavy. But no one wants to have a giant dispenser nor do you want to pay for one made from a dense metal. So the plastic dispenser contains a ballast to make it heavier. In the case of the C-15 that ballast is thorium-containing monazite sand. A vintage counter shows the radioactivity which isn’t much, of course, but still way less than the ordinary sand used in newer models. You can also see in the video that the material is paramagnetic.

Monazite used to be a primary source of lanthanides but getting rid of the thorium led to alternate sources in the 1960s although it is still used as an ore for thorium. We know some lenses are radioactive. If you want to search your home for radioactivity and you don’t have a Geiger counter, you don’t need much to build one.

Continue reading “Is Your Tape Dispenser Radioactive?”

kumiko from nails

Nail This Tricky Kumiko Pattern

[Pask Makes] has previously made Kumiko patterns in wood and was happy with the results, but he wondered if he could make something visually similar from metal instead of wood.

For that, he reached for nails as it is a cheap source of uniform small rods of metal. Kumiko is, funny enough, a technique known for joining small pieces of wood without nails. There are many different patterns that use the technique and most are inspired by nature. It is the pressure of the wood in the pattern itself that holds it together and requires dedicated planning and thousands of minute adjustments. Since [Pask] was using a MIG welder to hold the nails together, it isn’t technically Kumiko but rather a Kumiko pattern.

The first step was to take the coating off the nails, which is something a little acid does a wonderful job with. After dropping a little acid, his nails were prepped and he was ready to tack them together. He printed a template on a sheet of paper and used a straight edge and a palm router with a groove bit to cut little channels for each of the nails to sit in. The nails were trimmed to the correct width with the help of a small jig. After he had tacked the nails together, he came back and filled in the centers.

It’s a straightforward little project that creates a beautiful pattern and it’s a good reminder that simple materials can make complex things. If you prefer the wood look, this Kumiko guitar might be more to your taste. Video after the break.

Continue reading “Nail This Tricky Kumiko Pattern”