Day: April 14, 2023

Low-Cost Display Saved By RP2040

April 14, 2023 by 23 Comments

Anyone looking for components for electronics projects, especially robotics, microcontrollers, and IoT devices, has likely heard of Waveshare. They are additionally well-known suppliers of low-cost displays with a wide range of resolutions, sizes, and capabilities, but as [Dmitry Grinberg] found, they’re not all winners. He thought the price on this 2.8-inch display might outweigh its poor design and lack of documentation, and documented his process of bringing it up to a much higher standard with a custom driver for it.

The display is a 320×240 full-color LCD which also has a touchscreen function, but out-of-the-box only provides documentation for sending data to it manually. This makes it slow and, as [Dmitry] puts it, “pure insanity”. His ultimate solution after much poking and prodding was to bit-bang an SPI bus using GPIO on an RP2040 but even this wasn’t as straightforward as it should have been because there are a bunch of other peripherals, like an SD card, which share the bus. Additionally, an interrupt is needed to handle the touchscreen since its default touch system is borderline useless as well, but after everything was neatly stitched together he has a much faster and more versatile driver for this display and is able to fully take advantage of its low price.

For anyone else attracted to the low price of these displays, at least the grunt work is done now if a usable driver is needed to get them up and running. And, if you were curious as to what [Dmitry] is going to use this for, he’s been slowly building up a PalmOS port on hardware he’s assembling himself, and this screen is the perfect size and supports a touch interface. We’ll keep up with that project as it progresses, and for some of [Dmitry]’s other wizardry with esoteric displays make sure to see what he’s done with some inexpensive e-ink displays as well.

This Week In Security: QueueJumper, JS VM2 Escape, And CAN Hacking

April 14, 2023 by 9 Comments

You may not be familiar with the Microsoft Message Queuing (MSMQ) service, a store and forward sort of inter-process and inter-system communication service. MSMQ has become something of a legacy product, but is still available as an optional component in Windows. And in addition to other enterprise software solutions, Microsoft Exchange turns the service on by default. That’s why it’s a bit spooky that there’s a one packet Remote Code Execution (RCE) vulnerability that was just patched in the service.

CVE-2023-21554, also known as QueueJumper, is this unauthenticated RCE with a CVSS score of 9.8. It requires sending a packet to the service on TCP port 1801. The Check Point Research team scanned for listening MSMQ endpoints on the public Internet, and found approximately 360,000 of them. And no doubt far more are listening on internal networks. A one packet exploit is a prime example of a wormable problem, and now that the story has broken, and the patch is available, expect a rapid reverse engineering. Beware, the queue jumpers are coming.

JavaScript VM Escape

The VM2 library is a rather important JavaScript package that sandboxes code, letting a project run untrusted code securely. Or, that’s the idea. CVE-2023-29017 is an example of how hard sandboxing is to get right. It’s another CVSS 9.8 vulnerability, and this one allows a sandbox escape and code execution.

This one now has public Proof of Concept code, and this package has over 16 million monthly installs, so the attack surface is potentially pretty wide. The flaw is fixed in version 3.9.15. Continue reading “This Week In Security: QueueJumper, JS VM2 Escape, And CAN Hacking”

Self-Cleaning Tech Could Help Solar Panels Keep Efficiency Up

April 14, 2023 by 58 Comments

Solar panels are a special kind of magic — turning light into useful electrical energy. However, they don’t work nearly as well when they’re covered in dust, dirt, and grime. Conventional solutions involve spraying panels down with pure water, which is expensive and wasteful, or dry scrubbing, which can cause efficiency loss through scratching the panels. However, innovative new methods may offer useful solutions in this area, as shared by EETimes.

Researchers at MIT have explored the use of electrostatic methods to remove dust from solar panels. By creating a sufficiently strong electrostatic field, dust particles can be compelled to leap off of solar panels. The cleaning method requires no water and is entirely non-contact. It uses a motor system to pass a charged electrode past the surface of the panels, with the opposite charge applied to the panels themselves. This repels the dust from the panels and onto the moving electrode.

Other methods include the use of special “self-cleaning” glass manufactured with a laser etching technique. The method, referred to as Direct Laser Interference Patterning, or DLIP, creates microscopic features on the order of 300 nm to 30 um on the surface of the glass. The pattern creates a so-called “functional surface” from which dirt simply slides off. The laser-etched pattern has no negative impact on transparency.

If these ideas prove practical, expect them to take off quickly. Commercially viable technologies spread fast in the renewable space, as we’ve seen with the rapid uptake of floating solar farms in recent years. 

It’s Opposite Day For This Novel Wankel Engine

April 14, 2023 by 28 Comments

The Wankel engine seems to pop up in surprising places every so often, only to disappear into the ether before someone ultimately resurrects it for a new application and swears to get it right this time. Ultimately they come across the same problems that other Wankels suffered from, namely poor fuel efficiency and issues with reliability. They do have a surprising power-to-weight ratio and a low parts count, though, which is why people keep returning to this well, although this time it seems like most of the problems might have been solved simply by turning the entire design inside out.

A traditional Wankel engine has a triangular-shaped rotor that rotates around a central shaft inside an oval-shaped housing. This creates three chambers which continually revolve around inside the engine as the rotor spins. The seals that separate the chambers are notoriously difficult to lubricate and maintain. Instead of using a rotor inside of a chamber, this design called the X-Engine essentially uses a chamber inside of a rotor, meaning that the combustion chamber and the seals stay in fixed locations instead of spinning around. This allows for much better lubrication of the engine and also much higher efficiency. By flipping the design on its head it is able to maintain a low moving parts count, high compression ratio, and small power-to-weight ratio all while improving reliability and performance and adding the ability to directly inject fuel rather than rely on carburetion or other less-ideal methods of fuel delivery that other Wankels require.

Astute internal combustion aficionados will note that this engine is still of a two-stroke design, and thus not likely to fully eliminate the emissions problems with Wankels in a way that is satisfactory to regulators of passenger vehicles. Instead, the company is focusing on military, commercial, and aerospace applications where weight is a key driver of design. We’ve seen time and time again how the Wankel fails to live up to its promises though, and we hope that finally someone has cracked the code on one that solves its key issues.