AUTOVON: A Phone System Fit For The Military

September 9, 2020 by 55 Comments

It’s a common enough Hollywood trope that we’ve all probably seen it: the general, chest bespangled with medals and ribbons, gazes at a big screen swarming with the phosphor traces of incoming ICBMs, defeatedly picks up the phone and somberly intones, “Get me the president.” We’re left on the edge of our seats as we ponder what it must be like to have to deliver the bad news to the boss, knowing full well that his response will literally light the world on fire.

Scenes like that work because we suspect that real-life versions of it probably played out dozens of times during the Cold War, and likely once or twice since its official conclusion. Such scenes also play into our suspicion that military and political leaders have at their disposal technologies that are vastly superior to what’s available to consumers, chief among them being special communications networks that provide capabilities we could only have dreamed of back then.

As it turns out, the US military did indeed have different and better telephone capabilities during the Cold War than those enjoyed by their civilian counterparts. But as we shall see, the increased capabilities of the network that came to be known as AUTOVON didn’t come so much from better technology, but more from duplicating the existing public switched-telephone network and using good engineering principles, a lot of concrete, and a dash of paranoia to protect it.

Continue reading “AUTOVON: A Phone System Fit For The Military”

Building An Open Source ThinkPad Battery

September 2, 2020 by 13 Comments

If you own a laptop that’s got a few years on the clock, you’ve probably contemplated getting a replacement battery for it. Which means you also know how much legitimate OEM packs cost compared to the shady eBay clones. You can often get two or three of the knock-offs for the same price as a single real battery, but they never last as long as the originals. If they even work properly at all.

Which is why [Alexander Parent] decided to take the road less traveled and scratch built a custom battery for his ThinkPad T420. By reverse engineering how the battery pack communicated with the computer, he reasoned he would be able to come up with an open source firmware that worked at least as well as what the the third party ones are running. Which from the sounds of it, wasn’t a very high bar. From a more practical standpoint, it also meant he’d be able to create a higher capacity battery pack than what was commercially available should he chose to.

A logic analyzer wired in between one of the third party batteries and a spare T420 motherboard allowed [Alexander] to capture all the SMBus chatter between the two. From there he wrote some Arduino code that would mimic a battery as a proof of concept. He was slowed down a bit by an undocumented CRC check, but in the end he was able to come up with a fairly mature firmware that even allows you to provide a custom vendor name and model number for your pack.

The code was shifted over to an ATtiny85, with a voltage divider wired up to one of the pins so it can read the pack voltage. [Alexander] says his firmware still doesn’t do a great job of reporting the actual battery capacity remaining, but it’s close enough for his purposes. He came up with a simple PCB design to hold the MCU and support components,  which eventually he plans on putting inside of a 3D printed case that actually plugs into the back of his T420.

This project is obviously still in a relatively early stage, but we’re very interested to see [Alexander] take it all the way. The ThinkPad has long been the hacker’s favorite laptop, and we can think of no machine more worthy of a fully open hardware and software battery pack.

Easy-To-Use Music Player Relies On RFID

August 29, 2020 by 17 Comments

Microwaves used to be simple to use. Set the dial for the desired time, and hit start. Then, everything went digital and the average microwave now takes between four and six button presses in precise order just to start heating. Music players have gone down a similar path, and those that grew up in the era of vinyl records can find modern digital media simply too hard to work with. To solve this problem, [ananords] whipped up Juuke, a music player focused on ease of use.

The Juuke has a simplistic interface intended to be as easy to use as possible. Songs are selected using printed cards with embedded RFID tags – placing them on the Juuke triggers playback. Volume is controlled with a simple knob, and the only two buttons are for play/pause and shuffle mode.

Underneath, an Arduino Uno runs the show, hooked up to a RC522 RFID interface board. Music is handled by the DFPlayer mini, which loads tracks off a microSD card. The DFPlayer can be hooked up to a speaker directly, but there’s also a 3.5mm jack output if the device is to be used with an external amplifier.

It’s a tidy project, and one that actually looks pretty fun to use. Obviously, there’s some time investment required to prepare the SD card and produce the RFID cards, but the final product could be fun to use at a party, too. We’ve seen similar builds before, as well. Video after the break.

Continue reading “Easy-To-Use Music Player Relies On RFID”

This Week In Security: XCode Infections, Freepik, And Crypto Fails

August 28, 2020 by 8 Comments

There is a scenario that keep security gurus up at night: Malware that can detect software compilation and insert itself into the resulting binary. A new Mac malware, XCSSET (PDF), does just that, running whenever Xcode is used to build an application. Not only is there the danger of compiled apps being malicious, the malware also collects data from the developer’s machine. It seems that the malware spreads through infected Xcode projects.

WordPress Plugins

WordPress has a complicated security track record. The core project has had very few serious vulnerabilities over the years. On the other hand, WordPress sites are routinely compromised. How? Generally through vulnerable plugins. Case in point? Advanced Access Manager. It’s a third party WordPress plugin with an estimate 100,000 installations. The problem is that this plugin requires user levels, a deprecated and removed WordPress feature. The missing feature had some unexpected results, like allowing any user to request administrator privileges.

The issue has been fixed in 6.6.2 of the plugin, so if you happen to run the Advanced Access Manager plugin, make sure to get it updated. Beyond that, maybe it’s time to do an audit on your WordPress site. Uninstall unused plugins, and make sure the rest are up to date, along with the WordPress installation itself. Continue reading “This Week In Security: XCode Infections, Freepik, And Crypto Fails”

Vizy The AI Camera Aims To Ease Machine Vision

August 17, 2020 by 17 Comments

Cameras are getting smarter and more capable than ever, able to run embedded machine vision algorithms and pull off tricks far beyond what something like a serial camera and microcontroller board would be capable of, and the upcoming Vizy aims to be even smarter and easier to use yet. Vizy is the work of Charmed Labs, and this isn’t their first foray into accessible machine vision. Charmed Labs are the same folks behind the Pixy and Pixy 2 cameras. Vizy’s main goal is to make object detection and classification easy, with thoughtful hardware features and a browser-based interface.

Vizy can identify common birds with “Birdfeeder”, one of the several built-in applications that uses local processing only.

The usual way to do machine vision is to get a USB camera and run something like OpenCV on a desktop machine to handle the processing. But Vizy leverages a Raspberry Pi 4 to provide a tightly-integrated unit in a small package with a variety of ready-to-run applications. For example, the “Birdfeeder” application comes ready to take snapshots of and identify common species of bird, while also identifying party-crashers like squirrels.

The demonstration video on their page shows off using the built-in high-current I/O header to control a sprinkler, repelling non-bird intruders with a splash of water while uploading pictures and video clips. The hardware design also looks well thought out; not only is there a safe shutdown and low-power mode for the Raspberry Pi-based hardware, but the lens can be swapped and the camera unit itself even contains an electrically-switched IR filter.

Vizy has a Kickstarter campaign planned, but like many others, Charmed Labs is still adjusting to the changes the COVID-19 pandemic has brought. You can sign up to be notified when Vizy launches; we know we’ll be keen for a closer look once it does. Easier machine vision is always a good thing, because it helps free people to focus on clever ideas like machine vision-based tool alignment.

GridSound – An Audio Workstation In Your Browser

August 17, 2020 by 10 Comments

If you’re into creating music, you’ll have a surprisingly large variety of open source options at your disposal, ranging from Audacity as rather simple audio editor to Ardour as a full-blown, studio-worthy DAW — and LMMS, Rosegarden, MusE etc. for anything in between. With [Thomas Tortorini]’s GridSound project, you’ll have one additional choice on your list now, except this one runs in your browser. So if you find yourself in a sudden moment of inspiration, all you’ll need is a browser and off you go.

From the feature set’s point of view, GridSound leans towards LMMS and offers a drum kit, piano roll, and synthesizer. It appears that you won’t be able to record real world instruments at this point, but it’s also a work in progress, so who knows what the future will bring. The code is available on GitHub and you can explore GridSound itself here — no login required, unless you want to save your work. Running in a browser, GridSound is naturally written in JavaScript and uses the Web Audio API to perform the actual audio tasks.

What’s impressive is that [Thomas] opted against any UI framework-of-the-week, but instead implemented everything from scratch in pure vanilla JavaScript. In fact, the entire code base seems to be self-contained without any third party dependencies, and that alone deserves some respect. Sure, JavaScript isn’t everybody’s cup of tea — “real developers use assembly” — so if you prefer something more physical, how about some cardboard music?

Tune Into The Bonnaroo That No One Gets To Go To

August 9, 2020 by 3 Comments

Just like everything else in 2020, the four-day, multi-stage festival of music and art known as Bonnaroo has been cancelled. This would have been [Guy Dupont]’s fifth year making the journey to Tennessee with his friend. Since they couldn’t go, [Guy] decided to build an interactive Bonnaroo mix tape into an 80s clock radio as a birthday present.

[Guy] was able to re-purpose all the original buttons and dials to navigate through the schedule of acts that would have performed across four days and five stages. The conveniently four-way function slider is used to choose the day, and the radio tuning dial selects the stage, complete with delightful static between the positions. The rest of the buttons move back and forth through the scheduled set times, and one will scroll the track and artist name across the 16-segment displays. The snooze button has the honor of being the play/pause button.

All the inputs are controlled with a Feather M4 express, and the music comes through a DFPlayer Mini. We love that [Guy] was able to repurpose the analog tuning dial by coupling it to a slide potentiometer that fit perfectly in a slot on the underside of the plastic. Stay tuned for a great video that starts with an explanation and demo and then goes into the build.

Though the utility of the clock radio may have been supplanted by cell phone alarms and doomscrolling, that just means that there are theoretically more of them to gut and turn into other things, like this Fallout-inspired luggable Pip-Boy.

Continue reading “Tune Into The Bonnaroo That No One Gets To Go To”