Commodore Floppy Drive Fixing Chaos

June 23, 2023 by Maya Posch 7 Comments

One of the best parts of retrocomputing is that you can obtain so many broken systems and peripherals for repairing and other assorted fun. This was the wholesome activity that [Drygol] embarked on recently with a gaggle of Commodore floppy disk drives that he obtained, involving a lot of cleaning, soldering, calibrating and other assorted entertainment. This follows cold on the heels of an earlier repair session of a stash of Commodore 1541 FDDs.

Testing Commodore FDD head alignment using the 1541 diagnostic cartridge.

As with any such devices, the first thing to do is to clean the heck out of them, to remove forty-odd years of dust and other debris, followed by testing of functionality, replacing dead ICs and the usual round of (electrolytic) capacitor replacement. Retrobrighting gives it that fresh-out-of-packaging look, which leaves just the calibrating of these drives. This procedure is essential to make sure the read/write head is aligned with the tracks on the disks, and is the most fiddly part of the process.

What helps a lot here is the 1541 diagnostic cartridge by [World of Jani] that displays real-time information on the drive while you are tweaking its speed and head alignment. All you have to do is tweak the speed potentiometer, and adjust the position of the drive motor, which takes a bit of patience and a steady hand. After this repair session a few Mitsumi drives unfortunately remained dead due to busted coils. Despite a valiant repair attempt on the heads by manually rewinding the coils, this remains a topic for a potential part III.

This Week In Security: NOAuth, MiniDLNA, And Ticket To Ride

June 23, 2023 by Jonathan Bennett 4 Comments

There’s a fun logic flaw in how multiple online services handle OAuth logins, that abuses Microsoft’s Azure Active Directory service to allow account takeovers. The problem is how a site handles the “Sign In With Microsoft” option, when there’s an existing account under the same email address. This is an irritating problem for an end-user, when a site offers multiple sign-in options. Trying to remember which option was used to set up an account is a struggle, so many services automatically merge accounts.

The problem is that the Microsoft Azure authentication information includes an email address, but Microsoft hasn’t done any verification that the account in question actually controls that address. And in fact, it’s trivial for the Azure admin to change that address at whim. So if the service accepts that email address as authoritative, and auto-merges the accounts, it’s a trivial account takeover. And it’s more than just a theoretical problem, as researchers at descope were able to demonstrate the attack, and have found multiple medium and large services that were vulnerable, as well as at least two authentication providers that themselves were vulnerable to this attack.

Microsoft has pushed updates to the Azure AD service to make the issue easier to avoid, though it seems that the unverified “email” field is still being sent on authentication transactions. There is a new flag, “RemoveUnverifiedEmailClaim” that eliminates the issue, and is enabled by default for new applications. Unfortunately this means that existing vulnerable applications will continue to be vulnerable until fixed on the application side. Continue reading “This Week In Security: NOAuth, MiniDLNA, And Ticket To Ride” →

Easy Modifications For Inexpensive Radios

June 23, 2023 by Bryan Cockfield 65 Comments

Over the past decade or so, amateur radio operators have benefited from an influx of inexpensive radios based around a much simpler design than what was typically commercially available, bringing the price of handheld dual-band or GMRS radios to around $20. This makes the hobby much more accessible, but they have generated some controversy as they tend to not perform as well and can generate spurious emissions and other RF interference that a higher quality radio might not create. But one major benefit besides cost is that they’re great for tinkering around, as their simplified design is excellent for modifying. This experimental firmware upgrade changes a lot about this Quansheng model.

With the obligatory warning out of the way that modifying a radio may violate various laws or regulations of some localities, it looks like this modified firmware really expands the capabilities of the radio. The chip that is the basis of the radio, the BK4819, has a frequency range of 18-660 MHz and 840-1300 MHz but not all of these frequencies will be allowed with a standard firmware in order to comply with various regulations. However, there’s typically no technical reason that a radio can’t operate on any arbitrary frequency within this range, so opening up the firmware can add a lot of functionality to a radio that might not otherwise be capable.

Some of the other capabilities this modified firmware opens up is the ability to receive in various other modes, such as FM and AM within the range of allowable frequencies. To take a more deep dive on what this firmware allows be sure to check out the original GitHub project page as well, and if you’re curious as to why these inexpensive radios often run afoul of radio purists and regulators alike, take a look at some of the problems others have had in Europe.

Powerful Water Pump Is Modular In Nature

June 23, 2023 by Lewin Day 28 Comments

If you’ve got one decently powerful DC motor, you could conceivably build a water pump. Gang up ten of them, however, and you could build something considerably more powerful, as [akashv44] demonstrates.

The design is straightforward, relying on simple impeller pumps driven by RS-775 DC motors. The pump housings and impellers are all 3D printed. They’re designed so that the motor integrates neatly with the pump housing, and so that multiple pumps can easily be ganged up into a single larger unit. [akashv44] demonstrates a build using ten individual pump units with a large manifold, allowing the output of all the pumps to be combined into one single outlet.

The concept is straightforward enough, and running on a 48-volt power supply, it’s clear that the pump can move a significant amount of water. Notably, though, it would be possible to improve significantly with some design changes. Currently, the water path from the pumps must make several 90-degree turns, harming efficiency. We’d love to see the pumps angled nicely into more advanced manifolds which would more smoothly combine the streams together. This would likely result in a far greater output from the system.

In any case, 3D printing pumps is an increasingly popular pastime around here.