Day: January 20, 2023

Cassette Player Cupholder Is A Useful But Risky Idea

January 20, 2023 by 36 Comments

The cup was invented in 1570 BC. Despite this, infuriatingly, the cupholder didn’t become common in the automotive world until the early 2000s. Cars built in the years PCH (pre-cupholder) typically also had tape decks. Noticing this relationship, [thephatmaster] designed this useful cassette-deck cupholder accessory.

The design is simple, consisting of a 3D printed ring with a tab that neatly slides into an automotive stereo’s cassette slot. The design does require that the tape deck be empty prior to inserting the cup holder. Given that few cassette players from that era still work, this isn’t much of a drawback. Of course, if you really do need tunes, it wouldn’t be too difficult to integrate a Bluetooth cassette adapter into the printed design.

[thephatmaster] uses the cupholder in a Mercedes W202, and has posted a special inclined version to suit this model. The creator also notes that using it on vehicles like the Mercedes W210 can be a risk. The cupholder typically places the beverage directly above the transmission lever, where any spills can damage switches or other important electronics. Also, the cupholder isn’t designed to work with vertical tape decks, though modification for this layout may be possible.

This build may look silly or pointless to some. But if you’ve ever tried to pull a U-turn in an old manual car while precariously cradling a steaming latte between your legs, you’ll clearly see the value here. It only has to save one pair of pants before it’s paid for itself.

We’ve seen some other creative cupholder hacks before too, like this nifty laptop holder. If you’ve whipped up your own nifty car hacks, send them into the tipsline.

This Week In Security: Git Deep Dive, Mailchimp, And SPF

January 20, 2023 by 10 Comments

First up, git has been audited. This was an effort sponsored by the Open Source Technology Improvement Fund (OSTIF), a non-profit working to improve the security of Open Source projects. The audit itself was done by researchers from X41 and GitLab, and two critical vulnerabilities were found, both caused by the same bad coding habit — using an int to hold buffer lengths.

On modern systems, a size_t is always unsigned, and the same bit length as the architecture bit-width. This is the proper data type for string and buffer lengths, as it is guaranteed not to overflow when handling lengths up to the maximum addressable memory on the system. On the other hand, an int is usually four bytes long and signed, with a maximum value of 2^31-1, or 2147483647 — about 2 GB. A big buffer, but not an unheard amount of data. Throw something that large at git, and it will break in unexpected ways.

Our first example is CVE-2022-23521, an out of bounds write caused by an int overflowing to negative. A .gitattributes file can be committed to a repository with a modified git client, and then checking out that repository will cause the num_attrs variable to overflow. Push the overflow all the way around to a small negative number, and git will then vastly under-allocate the attributes buffer, and write all that data past the end of the allocated buffer.

CVE-2022-41903 is another signed integer overflow, this time when a pretty print format gets abused to do something unexpected. Take a look at this block of code:

Continue reading “This Week In Security: Git Deep Dive, Mailchimp, And SPF”

Building A NAS That Really Looks Like A NAS

January 20, 2023 by 18 Comments

Building your own network attached storage (NAS) for personal use isn’t all that difficult. A single board computer, a hard disk and a power supply in an enclosure is all the hardware you need. Then, choose from one of several open source NAS software solutions and you’re up and running. [tobychui] decided to notch things up by designing a NAS that really looks like a NAS. It’s tailored to his specific requirements and looks like a professional product to boot. The design features dual 3.5 inch HDD bays, a small footprint, is low cost, compatible with a variety of single board computers, and can handle high data transfer speeds by using RAM and SD card for buffering.

Not only has he done a great job with the hardware design, but he’s also developed a companion software for the NAS. “ArozOS” is a web desktop operating system that provides full-fledged desktop experience within a browser. ArozOS has a great user interface and features a lot of networking, file, disk management and security functions. He has also developed a launcher application to enable over-the-air (OTA) software updates.

Assembling the device will need some planning and preparation, even though most of the hardware is off the shelf. You will need a SATA to USB 2.0 adapter, a SBC (Orange Pi Zero, Raspberry Pi 4, Orange Pi Zero 2, etc) , three buck converters — one each to provide 12 V to the two hard disks and a third to provide 5 V to the SBC. You’ll also need a 12 V / 6 A or 24 V / 3 A external power brick, or a USB-C 65 W GaN charger with a triggering module to set the desired voltage and current.

There is also one custom power distribution board which is essentially a carrier board to mount the buck converters and connectors for power and USB data. For the 3D prints, [tobychui] recommends printing at the highest resolution for a nice finish.

The off the shelf SATA to USB adapter will need to be taken apart before it can be fixed to the 3D printed SATA adapter plate and might pose the most challenge during construction, but the rest of the assembly is fairly straightforward. Once assembly is complete, [tobychui] walks you through installation of the ArozOZ software, mounting the drives and making them accessible over the network.

Have you got your data backup act in order ? If not, it’s still not too late to make it a new Year’s resolution. And if you need help figuring things out, check out New Year Habits – What Do You Do For Data Storage?

Continue reading “Building A NAS That Really Looks Like A NAS”

Automated Drip Watering Device Keeps Plants Happy

January 20, 2023 by 10 Comments

Plants tend to need a regular supply of water to stay happy. If you’re a green thumb, it’s one of the primary things you should take care of before you go on holiday. This DIY plant watering system from [Jaychouu] offers to handle just that.

The system consists of a soda bottle acting as a water container, and an electronically-controlled valve to control the flow of water to plants. Irrigation of the plants is via dripper nozzles to provide a small but consistent feed to the plants. The use of drippers tends to disturb the soil less than pressurized jets of water. A soil humidity sensor is used to detect moisture levels and avoid over-watering. There’s also a capacitive water level sensor that fires off a warning when the reservoir’s water level is low. An ESP32 serves as the brains of the operation, allowing remote control via Blynk.

If you’re looking for a simple way to drip water your plants while you’re away, it’s hard to go wrong with this concept. If you feel like a more passive solution though, we’ve seen other viable methods too.

Continue reading “Automated Drip Watering Device Keeps Plants Happy”