Finding Digital Solace In An Old Nokia Phone

September 20, 2022 by 9 Comments

We don’t have to tell you that the current mobile phone market is a bit bleak for folks who value things like privacy, security, and open source. While there have been a few notable attempts to change things up, from phone-optimized versions of popular Linux distributions to the promise of modular handsets — we still find ourselves left with largely identical slabs released by a handful of companies which often seem to treat the customer as a product.

Instead of waiting for technological relief that may never come, [vrhelmutt] has decided to take matters into their own hands by looking to the past. Specifically, by embracing the relatively uncommon Nokia Asha 210. Released in 2013, this so-called “feature phone” offers a full QWERTY keyboard, Nokia’s Series 40 operating system, WiFi, Bluetooth, and a removable BL-4U battery. Unfortunately, with 2G cellular networks quickly being shut down, it’s not likely to get a signal for much longer (if at all, depending on where you live).

So why would you want to use some weird old Nokia phone in 2022? [vrhelmutt] argues that there’s a whole world of S40 software out there that can still be put to use, ranging from games to SSH clients. It’s also relatively easy to develop your own S40 applications in Java, with the original software development kit still freely available online. Combined with the solid (if considerably dated) hardware, this makes the Nokia Asha 210 a surprisingly compelling choice for a pocket hacking platform.

Whether you’re looking for a cheap device that will let you chat on IRC from your couch, or want to write your own custom software for controlling your home automation or robotics projects, you might want to check the second-hand market for a Nokia Asha 210. Or if you’re eager to get experimenting immediately, [vrhelmutt] is actually selling these phones pre-loaded with a wide array of games and programs. Don’t consider this to be an official endorsement; frankly we’re not feeling too confident about the legality of redistributing all this software, but at least it’s an option for those looking to get off the modern smartphone thrill-ride.

If you’re looking for something even farther removed from today’s mobile supercomputers, perhaps we could interest you in the Rotary Un-Smartphone.

Continue reading “Finding Digital Solace In An Old Nokia Phone”

Telephoto Lens Without The Fiscal Pain

August 24, 2022 by 20 Comments

If you’re in the market for a telephoto lens, the available range of optics for your camera is limited only by the size of your bank account. So when [Pixels and Prisms] promises a telephoto for $13 USD it has to be worth a second look, right? Where’s the catch.

The lens has a 3D printed shell containing the optics, with associated focusing and aperture, and has a mount designed for Canon cameras to give a result with 163 mm focal length and f/2.5 . When a Canon lens costs many times more it’s evident that there is some compromise involved, and it comes in the lens system being very simple and comprised of off-the-shelf surplus lenses without the great effort put in by the manufacturer to correct distortion. The result is nonetheless a very creditable lens even if not the first choice for a paparazzo in pursuit of an errant politician.

The real interest for us in this open source project comes in it being something of an experimenter’s test bed for lenses. There’s no need to use the combination shown and the design can be readily adapted for other lenses, so spinning one’s own lens system becomes a real possibility. Plus it’s achieved the all-too-easy task of engaging a Hackaday writer’s time browsing the stock of the Surplus Shed.

We’ve featured a lot of lens projects over the years, but they more often take an existing camera lens as a starting point.

Circuit-less PCB Featured As Faceplate For A Digital Clock

August 17, 2022 by 9 Comments

If there’s no circuitry on a printed circuit board, does it cease being a “PCB” and perhaps instead become just a “PB”?

Call them what you will, the fact that PCBs have become so cheap and easy to design and fabricate lends them to more creative uses than just acting as the wiring for a project. In this case, [Jeremy Cook] put one to work as the faceplate for his “742 Clock,” a name that plays on the fact that his seven-segment display is 42 mm tall, plus it’s “24/7” backward.

In addition to the actual circuit board that holds the Wemos ESP32 module and the LEDs, a circuit-less board was designed with gaps in the solder mask to act as light pipes. Sandwiched between the boards is a 3D printed mask, to control the light and direct it only through the light pipes. [Jeremy] went through a couple of iterations of diffuser and mask designs, finally coming up with a combination that works well and looks good. He mentions a possible redesign of the faceplate board to include a copper backplane for better opacity, which we think is a good idea. We’d also like to see how different substrates work; would boards of different thickness or using FR-4 with different glass transition temperatures work better? Check out the video below and see what you think.

We’re seeing more and more PCBs turn up as structural elements, from enclosures to control panels and even tools, and we approve of this trend. But what we really approve of is what [Jeremy] did here by making this clock just a dumb display that gets network time over NTP. Would that all three digital clocks in our kitchen did the same thing — maybe then they wouldn’t each be an infuriating minute out of sync with the others.

Continue reading “Circuit-less PCB Featured As Faceplate For A Digital Clock”

This Week In Security: Breaches, ÆPIC, SQUIP, And Symbols

August 12, 2022 by 9 Comments

So you may have gotten a Slack password reset prompt. Something like half a percent of Slack’s userbase had their password hash potentially exposed due to an odd bug. When sending shared invitation links, the password hash was sent to other members of the workspace. It’s a bit hard to work out how this exact problem happened, as password hashes shouldn’t ever be sent to users like this. My guess is that other users got a state update packet when the link was created, and a logic error in the code resulted in too much state information being sent.

The evidence suggests that the first person to catch the bug was a researcher who disclosed the problem mid-July. Slack seems to use a sane password policy, only storing hashed, salted passwords. That may sound like a breakfast recipe, but just means that when you type your password in to log in to slack, the password goes through a one-way cryptographic hash, and the results of the hash are stored. Salting is the addition of extra data, to make a precomputation attack impractical. Slack stated that even if this bug was used to capture these hashes, they cannot be used to directly authenticate as an affected user. The normal advice about turning on 2-factor authentication still applies, as an extra guard against misuse of leaked information. Continue reading “This Week In Security: Breaches, ÆPIC, SQUIP, And Symbols”

Hackaday Links Column Banner

Hackaday Links: July 31, 2022

July 31, 2022 by 12 Comments

Don’t look up! As of the time of this writing, there’s a decent chance that a Chinese Long March 5B booster has already completed its uncontrolled return to Earth, hopefully safely. The reentry prediction was continually tweaked over the last week or so, until the consensus closed in on 30 Jul 2022 at 17:08 UTC, give or take an hour either way. That two-hour window makes for a LOT of uncertainty about where the 25-ton piece of space debris will end up. Given the last prediction by The Aerospace Corporation, the likely surface paths cover a lot of open ocean, with only parts of Mexico and South America potentially in the crosshairs, along with parts of Indonesia. It’s expected that most of the material in the massive booster will burn up in the atmosphere, but with the size of the thing, even 20% making it to the ground could be catastrophic, as it nearly was in 2020.

[Update: US Space Command confirms that the booster splashed down in the Indian Ocean region at 16:45 UTC. No word yet on how much debris survived, or if any populated areas were impacted.]

Good news, everyone — thanks to 3D printing, we now know the maximum height of a dive into water that the average human can perform without injury. And it’s surprisingly small — 8 meters for head first, 12 meters if you break the water with your hands first, and 15 meters feet first. Bear in mind this is for the average person; the record for surviving a foot-first dive is almost 60 meters, but that was by a trained diver. Researchers from Cornell came up with these numbers by printing models of human divers in various poses, fitting them with accelerometers, and comparing the readings they got with known figures for deceleration injuries. There was no mention of the maximum survivable belly flop, but based on first-hand anecdotal experience, we’d say it’s not much more than a meter.

Humans have done a lot of spacefaring in the last sixty years or so, but almost all of it has been either in low Earth orbit or as flybys of our neighbors in the Sol system. Sure we’ve landed plenty of probes, but mostly on the Moon, Mars, and a few lucky asteroids. And Venus, which is sometimes easy to forget. We were reminded of that fact by this cool video of the 1982 Soviet landing of Venera 14, one of only a few attempts to land on our so-called sister planet. The video shows the few photographs Venera 14 managed to take before being destroyed by the heat and pressure on Venus, but the real treat is the sound recording the probe managed to make. Venera 14 captured the sounds of its own operations on the Venusian surface, including what sounds like a pneumatic drill being used to sample the regolith. It also captured, as the narrator put it, “the gentle blow of the Venusian wind” — as gentle as ultra-dense carbon dioxide hot enough to melt lead can be, anyway.

Continue reading “Hackaday Links: July 31, 2022”

This Week In Security: Symbiote, Smart Locks, And CosmicStrand

July 29, 2022 by 23 Comments

Symbiote is a particularly nasty Linux rootkit, and we have the interesting case of two separate analysis releasing this week. Up first is [CyberMasterV] taking apart a very early sample of the malware. The primary purpose of Symbiote seems to be capturing SSH logins, and this version does so by hooking the Pluggable Authentication Modules (PAM) system to capture users logging in to the machine it resides on. It also watches for SSH and SCP binaries, and sniffs the terminal used by those binaries, thereby capturing outgoing credentials.

All this data gets packaged up as DNS queries and shuffled off to the Command and Control server. “Easy”, I hear you say, “just block DNS traffic to everywhere except a trusted DNS provider.” It’s more clever than that. The data is in the form of valid DNS subdomains. In full, it’s a DNS request to PacketNumber.MachineID.Data.px32.nss.atendimento-estilo[.]com, all appropriately encoded to be valid. Every request will be for a unique host name, so every request gets forwarded to the C&C controller, which does double duty as the authoritative DNS resolver for that domain. You might get some mileage out of blocking (or at least logging) very long DNS queries.

Symbiote also replaces the typical files and devices you would look at to find a potential problem. For instance, /proc/net/tcp is where the kernel reports open TCP connections. On an infected machine, a copy of this file is maintained by the malware, conveniently leaving out the connections resulting from the infections. Symbiote has a hook in fopen, so whenever a process tries to read this location, the read is redirected to the cooked version, neatly hiding the rootkit. This stealth feature is apparently also used to hide other malware from the same attackers that may be on the same machine.
Continue reading “This Week In Security: Symbiote, Smart Locks, And CosmicStrand”

Print Your Own Drill Guide Without A Linear Bearing

July 18, 2022 by 15 Comments

Typically we often don’t cover paid products here on Hackaday, but we couldn’t help but be impressed with this 3D printed drill guide from [USSA]. While you’ll need to pay the toll to access the STL files and plans, there’s an excellent video showing a bit of magic behind the curtain that you can check out free of charge. There are several interesting insights and some great techniques put into this design that anyone could take and apply to their own project.

First, what is a drill guide? Many of us don’t have the luxury of a full-sized drill press, so we have to make do with a hand drill. There are various jigs and tricks to get straighter holes, but it can be frustrating to mark out threaded screw inserts with great precision only to discover all the inserts are at an angle and the circuit board won’t fit. A drill guide ensures holes are plunged straight up and down and at a reliable depth.

[USSA] starts by showing the node-based CAD that makes up the design (a program called Grasshopper). As he assembled it, simple nuts and screws held it together. But rather than clamp two separate pieces together, the screws compress the single plastic with a clever slot in the side to allow the plastic to flex. Several 3D printed jigs were used for assembling the bearing shaft. Ultimately the results look quite impressive, and it’s an inspiration for our own printed projects.

Continue reading “Print Your Own Drill Guide Without A Linear Bearing”