When was the last time you tried listening to a new genre of music, or even explored a sub-genre of something you already like? That’s what we thought. It’s good to listen to other stuff once in a while and remind ourselves that there’s a whole lot of music out there, and our tastes are probably not all that diverse. As a reminder, [sorghum] made a spiffy little Spotify remote that can cruise through the musical taxonomy that is Every Noise at Once and control any Spotify-enabled device.
There’s a lot to like about this little remote, which is based upon a LilyGo TTGO ESP32 board with on-board display. The circuitry is basically that and a rotary encoder plus a tiny LiPo battery. Can we talk about the finish on those prints? Yes, those are both printed enclosures. Getting that buttery smooth finish took two grits of wet/dry sandpaper plus nine grits of polishing cloths.
As you can see in the brief demo after the break, there are several ways to discover new music. [sorghum] can surf through all kinds of Japanese music for example, or surf by the genre’s ending word and listen to metalcore, deathcore, and grindcore from all over the globe. For extra fun, there’s a genre-ending randomizer so you can discover just how many forms of *core there are.
We have no idea whether [Nick Goodey] is a trained engineer or not. But given the detailed design of this DIY energy recovery ventilator for his home HVAC system, we’re going to go out on a limb and say he probably knows what he’s doing.
For those not in the know, an energy recovery ventilator (ERV) is an increasingly common piece of equipment in modern residential and commercial construction. As buildings have become progressively “tighter” to decrease heating and cooling energy losses to the environment, the air inside them has gotten increasingly stale. ERVs solve the problem by bringing fresh, unconditioned air in from the outside while venting stale but conditioned air to the outside. The two streams pass each other in a heat exchanger so that much of the energy put into the conditioned air is transferred to the incoming unconditioned air.
While ERV systems are readily available commercially, [Nick] decided to roll his own after a few experiments with Coroplast and some extensive calculations convinced him it would be a viable idea. One may scoff at the idea of corrugated plastic for the heat exchanger, but the smooth channels through the material make it a great choice. He built up a block of Coroplast squares with the channels in alternate layers oriented orthogonally, letting stale inside air pass very close to fresh outside air to exchange heat without ever mixing directly. The entire system, including fans, an Arduino for control, sensors galore, and the Hubitat home automation hub, is powered by DC, so no electrician was needed. [Nick] has a ton of detail in his build log, including all the tools and calculators he used to design the system.
Given the expense of ERV systems, we’re surprised we haven’t seen more stories about DIY versions. We have talked about HVAC systems a lot, though — after all, HVAC techs are hackers who make housecalls.
Despite the popularity of social media, for communication that actually matters, e-mail reigns supreme. Crucial to the smooth operation of businesses worldwide, it’s prized for its reliability. Google is one of the world’s largest e-mail providers, both with its consumer-targeted Gmail product as well as G Suite for business customers [Jeffrey Paul] is a user of the latter, and was surprised to find that URLs in incoming emails were being modified by the service when fetched via the Internet Message Access Protocol (IMAP) used by external email readers.
This change appears to make it impossible for IMAP users to see the original email without logging into the web interface, it breaks verification of the cryptographic signatures, and it came as a surprise.
Security Matters
A test email sent to verify the edits made by Google’s servers. Top, the original email, bottom, what was received.
For a subset of users, it appears Google is modifying URLs in the body of emails to instead go through their own link-checking and redirect service. This involves actually editing the body of the email before it reaches the user. This means that even those using external clients to fetch email over IMAP are affected, with no way to access the original raw email they were sent.
The security implications are serious enough that many doubted the initial story, suspecting that the editing was only happening within the Gmail app or through the web client. However, a source claiming to work for Google confirmed that the new feature is being rolled out to G Suite customers, and can be switched off if so desired. Reaching out to Google for comment, we were directed to their help page on the topic.
The stated aim is to prevent phishing, with Google’s redirect service including a link checker to warn users who are traveling to potentially dangerous sites. For many though, this explanation doesn’t pass muster. Forcing users to head to a Google server to view the original URL they were sent is to many an egregious breach of privacy, and a security concern to boot. It allows the search giant to further extend its tendrils of click tracking into even private email conversations. For some, the implications are worse. Cryptographically signed messages, such as those using PGP or GPG, are broken by the tool; as the content of the email body is modified in the process, the message no longer checks out with respect to the original signature. Of course, this is the value of signing your messages — it becomes much easier to detect such alterations between what was sent and what was received.
Inadequate Disclosure
Understandably, many were up in arms that the company would implement such a measure with no consultation or warning ahead of time. The content of an email is sacrosanct, in many respects, and tampering with it in any form will always be condemned by the security conscious. If the feature is a choice for the user, and can be turned off at will, then it’s a useful tool for those that want it. But this discovery was a surprise to many, making it hard to believe it was adequately disclosed before roll-out. The question unfolded in the FAQ screenshot above hints at this being part of Google’s A/B test and not applied to all accounts. Features being tested on your email account should be disclosed yet they are not.
Protecting innocent users against phishing attacks is a laudable aim, and we can imagine many business owners enabling such a feature to avoid phishing attacks. It’s another case where privacy is willingly traded for the idea of security. While the uproar is limited due to the specific nature of the implementation thus far, we would expect further desertion of Google’s email services by the tech savvy if such practices were to spread to the mainstream Gmail product. Regardless of what happens next, it’s important to remember that the email you read may not be the one you were sent, and act accordingly.
Update 30/10/2020: It has since come to light that for G Suite users with Advanced Protection enabled, it may not be possible to disable this feature at all.
The organic shapes of miniature trees grown over the course of decades is the ultimate indicator of patience and persistence. For those who prefer bending copper to their will rather than saplings, producing an LED tree that looks and functions this well is an accomplishment that signals clever planning and patient fabrication. The animated result is a masterpiece that took about eighteen months to complete.
There are 128 enamel-coated wires that twist into branches holding 32 RGB light-emitting diodes. Tapping into each at the base of the tree is a chaotic mess made a bit easier by a cleverly designed circuit board.
A circular petal pattern was laid out in Inkscape that includes a hole at the center for the “trunk” to pass through. The LED matrix is designed with 8 rows and 12 columns, but 24 pads were laid out so that only four wires would need to be soldered to each copper petal. Even so, look at the alligator clip holding up this PCB to get an idea of the scale of this job!
The angular base is itself made of copper clad board soldered on the inside of the seams and painted black on the outside. This hides the “petal” PCB, as well as a breakout board for an STM32 microcontroller and a power management circuit that lets you use your choice of USB or a lithium battery.
We wonder if [fruchti] has thought about adding some interactivity to his sapling. While we haven’t seen such a beautiful, tiny, creation as this, we have seen an LED tree whose lights can be blown out like birthday candles. Wouldn’t this be an excellent entry in our Circuit Sculpture challenge? There’s still a few weeks left!
The human mind is a path-planning wizard. Think back to pre-lockdown days when we all ran multiple errands back to back across town. There was always a mental dance in the back of your head to make sense of how you planned the day. It might go something like “first to the bank, then to drop off the dry-cleaning. Since the post office is on the way to the grocery store, I’ll pop by and send that box that’s been sitting in the trunk for a week.”
This sort of mental gymnastics doesn’t come naturally to machines — it’s actually a famous problem in computer science known as the traveling salesman problem. While it is classified in the industry as an NP-hard problem in combinatorial optimization, a more succinct and understandable definition would be: given a list of destinations, what’s the best round-trip route that visits every location?
Our old math teacher famously said, “You have to take what you know and use it find what you don’t know.” The same holds true for a lot of microcontroller designs including [rgco’s] clever metal detector that uses very little other than an Arduino. The principle of operation is simple. An Arduino can measure time, a coil and a resistor will create a delay proportional to the circuit values, and metal around the coil will change the coil’s inductance. As the inductance changes, so does the delay and, thus, the Arduino can sense metal, as you can see in the video below.
The simple principle is also simple in practice. Besides the Arduino and the coil, there’s a single resistor. You want a small coil since larger coils won’t detect smaller objects. If you don’t want to wind your own coil, [rgco] suggests using a roll of hookup wire as long as the resistance is under 10 ohms.
Decapsulating ICs used to be an exotic technique. (I should know, I did that professionally for one of the big IC vendors back in the 1980s.) These days, more and more people are learning to take apart ICs for a variety of reasons. If you are interested in doing it yourself, [Juan Carlos Jimenez] has a post you should read about using acid to remove epoxy from ICs.
[Juan Carlos] used several different techniques with varying degrees of success. Keep in mind, that using nitric acid is generally pretty nasty. You need safety equipment and be sure to plan for bad things to happen. Have eyewash ready because once you splash acid in your eye, it is too late to get that together.