Apple recently patched a security problem, and fixed the Psychic Paper 0-day. This was a frankly slightly embarrasing flaw that [Siguza] discovered in how iOS processed XML data in an application’s code signature that allowed him access to any entitlement on the iOS system, including running outside a sandbox.
Entitlements on iOS are a set of permissions that an application can request. These entitlements range from the aforementioned com.apple.private.security.no-container to platform-application, which tells the system that this is an official Apple application. As one would expect, Apple controls entitlements with a firm grip, and only allows certain entitlements on apps hosted on their official store. Even developer-signed apps are extremely limited, with only two entitlements allowed.
This system works via an XML list document that is part of the signed application. XML is a relative of HTML, but with a stricter set of rules. What [Siguza] discovered is that iOS contains 4 different XML parsers, and they deal with malformed XML slightly differently. The kicker is that one of those parsers does the security check, while a different parser is used for that actual permission implementation. Is it possible that this mismatch could contain a vulnerability? Of course there is. Continue reading “This Week In Security: Psychic Paper, Spilled Salt, And Malicious Captchas”→
Typically when we select a project for “Fail to the Week” honors, it’s because something went wrong with the technology of the project. But the tech of [Leo Fernekes]’ innovative LED sign system was never the problem; it was the realities of scaling up to production as well as the broken patent process that put a nail in this promising project’s coffin, which [Leo] sums up succinctly as “The Inventor’s Paradox” in the video below.
The idea [Leo] had a few years back was pretty smart. He noticed that there was no middle ground between cheap, pre-made LED signs and expensive programmable signboards, so he sought to fill the gap. The result was an ingenious “LED pin”, a tiny module with an RGB LED and a microcontroller along with a small number of support components. The big idea is that each pin would store its own part of a display-wide animation in flash memory. Each pin has two terminals that connect to metal cladding on either side of the board they attach to. These two conductors supply not only power but synchronization for all the pins with a low-frequency square wave. [Leo]’s method for programming the animations — using a light sensor on each pin to receive signals from a video projector — is perhaps even more ingenious than the pins themselves.
[Leo]’s idea seemed destined for greatness, but alas, the cruel realities of scaling up struck hard. Each prototype pin had a low part count, but to be manufactured economically, the entire BOM would have to be reduced to almost nothing. That means an ASIC, but the time and expense involved in tooling up for that were too much to bear. [Leo] has nothing good to say about the patent game, either, which his business partners in this venture insisted on playing. There’s plenty of detail in the video, but he sums it up with a pithy proclamation: “Patents suck.”
Watching this video, it’s hard not to feel sorry for [Leo] for all the time he spent getting the tech right only to have no feasible way to get a return on that investment. It’s a sobering tale for those of us who fancy ourselves to be inventors, and a cautionary tale about the perils of participating in a patent system that clearly operates for the benefit of the corporations rather than the solo inventor. It’s not impossible to win at this game, as our own [Bob Baddeley] shows us, but it is easy to fail.
Hackers always have their eye out for a good deal, so when [Gadget Reboot] saw a good price on square stickers he had to pull the trigger. There was just one problem: his logo is a circle. He could have rectified the problem with a pair of scissors on a lazy afternoon, but we think building an elaborate circle cutting machine was a much better use of his time.
But this project isn’t just for the Giotto wannabes. Even if you don’t find yourself in need of an infinite supply of perfect paper circles, the video after the break provides an excellent case study in getting stepper motors to do your bidding; whatever that might be. [Gadget Reboot] walks the viewer through the design and construction of a dual stepper motor controller that could be used for a multitude of tasks.
With an onboard Arduino Pro Micro, OLED display, and rotary encoder, this controller just needs some custom software to make your CNC dreams come true. [Gadget Reboot] is even using low-cost optical endstops in this build, which are a great non-contact way of making sure your machine doesn’t go out of bounds. That’s particularly important when the machine happens to be wielding a razor blade.
Robots come in all shapes and sizes, from remote landers on distant planets to assembly arms working hard in auto plants. Of course, the definition is broad and can contain more frivolous entities, too. [smdavee]’s watercoloring ‘bots may not be particularly complex or sentient, but they’re a fun creative build.
The design is akin to that of the BristleBot, with a pager vibration motor allowing the ‘bot to wobble about on unsteady feet. In this case, a keyboard cap is used, with cottontips inserted in the base to act as legs. These are then dipped in watercolor paints, and the attached motor is then switched on to vibrate the ‘bot around the page.
It’s an easy build, and one that would be particularly well-suited to teaching young children basic electronic concepts. Plus, there’s the added fun of getting to make a mess with watercolors, too. If you’ve got a fun art robot hiding away in your garage, be sure to let us know. Video after the break.
If you have ever looked closely at a typical mass-produced automobile, you will be familiar with pressed-steel panels. Complex curves can be repeated thousands of times over, by putting a sheet of steel between shaped tooling in a press and applying huge force. The same work that would take a skilled panel beater weeks to do by hand, in a second. It’s something [Stuff Made Here] tackled when he wanted to wear a set of Crocs in the workshop, and needed to make the tooling to produce them in his hydraulic press. The resulting video which we’ve posted below the break shows his learning curve, and along the way is a handy primer in sheet metal pressing.
We watch as he discovers the properties of sheet metal under the stress of pressing, how it wrinkles and folds, and how the tool needs careful design and the sheet needs to be securely clamped in place to prevent this. The big surprise is that his tooling is made from CNC-machined wood, while we’re sure that it would wear given repeated use it seems that the forces on the tool are not such as to destroy this material. In the end he’s produced a multi-part tool including both halves of the press tool, a machined guide for the moving part, and a set of substantial sheet metal plates to constrain the material. The steel toecap application may not be everyone’s first idea when it comes to sheet metal forming, but we’re sure this technique could find application in many other projects. It’s a territory into which we’ve edged in the past, but never with pressings this complex.
Randomly buying some hackable gadgets just because they are cheap and seem potentially interesting for future projects is something that most of us can relate to. It also happened to [fruchti] when he bought five thermal printer modules without any specific purpose for them in mind. It was not until several years later that he put them to good use for his inverse thermal camera project.
The name perfectly summarizes the device’s function which is to convert images to heat instead of the other way around. To put it in a less cryptic manner, [fruchti] built a selfie camera that instantly prints out pictures on thermochromic paper. The project would have been easy to implement on a Raspberry Pi but instead, he chose a more minimalist approach by using an STM32 microcontroller. This involved some challenges because the MCU didn’t have enough RAM to store an entire frame and the camera module came without a FIFO buffer. To capture and store the image data [fruchti] applied a line-by-line dithering algorithm which is described in detail in his accompanying blog post while the corresponding code is available on GitHub. Even though the case was improvised from scrap PCB materials the finished device still looks great. In particular, the fuse holders that are being used to hold the paper roll make it almost steampunk.
If you do any work with high-speed signals, you quickly realize that probing is an art unto itself. Just having a fast oscilloscope isn’t enough; you’ve got to have probes fast enough to handle the signals you want to see. In this realm, just any old probe won’t do: the input capacitance of the classic RC probe you so often see on low-bandwidth scopes starts to severely load down a circuit well below 1 GHz. That’s why we were really pleased to see [Andrew Zonenberg’s] new open-source design for a 2 GHz resistive probe hit Kickstarter.
The design of this new probe looks deceptively simple. Known as a Z0-probe, transmission-line probe, or resistive probe, the circuit works as a voltage divider, created from the 50-Ohm input impedance of a high-speed oscilloscope input and an external resistor, to reduce loading on the circuit-under-test. In this case, the input resistance has been chosen to be 500 Ohms, yielding a 10x probe. In theory, building such a probe is as simple as soldering a resistor to the end of a piece of coaxial cable. You can do exactly that, but in practice, optimizing a design is much more complex. As you can see in the schematic, just choosing a resistor of the right value doesn’t cut it at these frequencies. Even the tiny 0402-size resistors have parasitic capacitance and inductance that affect the response, and choosing a combination of parts that add to the correct resistance but reduce the overall capacitive loading makes a huge difference.
2 GHz Passive Probe Schematic
Don’t be fooled: the relatively simple schematic belies the complexity of such a design. At these speeds, the PCB layout is just as much of a component as the resistors themselves, and getting the transmission-line and especially the SMA footprint launch correct is no easy task. Using a combination of modeling with the Sonnet EM simulator and empirical testing, [Andrew] has ended up with a design that’s flat (+/- 1 dB) out to 1.98 GHz, with a 10-90% rise time of 161 ps. That’s a fast probe.
The probe comes in a few options, from fully assembled with traceable specs to a DIY solder-it-yourself version. You probably know which of these options you need.
We really like to see this kind of knowledge and thoroughness go into a project, and we’d love to see the Kickstarter project reach its goals, but perhaps the best part is that the design is permissively open-source licensed. This is a case where having the board layout open-sourced is key; the schematic tells you maybe half of what’s really going on in the circuit, and getting the PCB right yourself can be a long and frustrating exercise. So, have a look at the project, and if you haven’t got probes suitable for your fastest scopes, build one, or better yet, support the development of this exciting design.
