Big Red Button Puts Toddler In Command Of Chromecast

November 3, 2023 by 12 Comments

Controversial position: the world needs more buttons. We’ve gotten so far away from physical interfaces like buttons, knobs, and switches in favor of sleek but sterile touch-screen “controls” that when we see something like this big red button so toddlers can start a TV show, we just have to latch onto the story and see what it’s all about.

As it turns out, the big red button itself is probably the least interesting part of [Mads Chr. Olesen] build. The real meat of the project is the reverse engineering effort needed to get Chromecast to start the show. As [Mads] explains, once upon a time a simple GET request to a URL was all it took to do so, but no more; Google has repeatedly nerfed the Chromecast API over the years, enough that [Mads] had some digging to do.

Luckily, pyChromecast is a thing, but using it for DRTV, a streaming service of the Danish Broadcasting Corporation, required figuring out the AppID of the DRTV app. It looks like [Mads] used Wireshark to sniff traffic to and from the Chromecast, and netlog-viewer to analyze the capture. That and a little Developer Tools action in Chrome led to all the information needed to modify pyChromecast to support DRTV. The rest of the project consisted of building a box for the huge red arcade button and wiring it up to a Wemos D1. A Raspberry Pi actually talks to the Chromecast, and now the toddler is able to call up his favorite show and pause and restart it at will, no parent required.

We appreciate the reverse engineering heroics [Mads] displays here, which provide good general lessons for other purposes. It’s been a while since we’ve seen a Chromecast physical interface build, too, so we appreciate the refresher.

This Week In Security: CVSS 4, OAuth, And ActiveMQ

November 3, 2023 by 4 Comments

We’ve talked a few times here about the issues with the CVSS system. We’ve seen CVE farming, where a moderate issue, or even a non-issue, gets assigned a ridiculously high CVSS score. There are times a minor problem in a library is a major problem in certain use cases, and not an issue at all in others. And with some of those issues in mind, let’s take a look at the fourth version of the Common Vulnerability Scoring System.

One of the first tweaks to cover is the de-emphasis of the base score. Version 3.1 did have optional metrics that were intended to temper the base score, but this revision has beefed that idea up with Threat Metrics, Environmental Metrics, and Supplemental Metrics. These are an attempt to measure how likely it is that an exploit will actually be used. The various combinations have been given names. Where CVSS-B is just the base metric, CVSS-BT is the base and threat scores together. CVSS-BE is the mix of base and environmental metrics, and CVSS-BTE is the combination of all three.

Another new feature is multiple scores for a given vulnerability. A problem in a library is first considered in a worst-case scenario, and the initial base score is published with those caveats made clear. And then for each downstream program that uses that library, a new base score should be calculated to reflect the reality of that case. Continue reading “This Week In Security: CVSS 4, OAuth, And ActiveMQ”

Machine Teaches Morse Code

November 3, 2023 by 4 Comments

If you are a ham radio operator of a certain age, you probably remember ads for “The Instructograph,” a mechanical device for learning Morse code. [Our Own Devices] has an ancient specimen of the machine and shows us how it works in the video below. The machine is a model of simplicity. You wind up a spring-driven motor like you would for an old record player or music box. A slider sets the playback rate, and paper tape starts to spin.

The paper tape looks like computer tape, but since it only has literal long and short notches, it has two distinct sides. When you learned one set of messages, you could flip the tape over and get more practice that way. How did the machine read the paper tape? With a mechanical contact. Literally, if the paper had a hole in it, you made the circuit. If it didn’t, the circuit was broken. A buzzer and batteries or some other kind of sounder was all you needed.

The company was in business for 50 years. The newer versions had more electronics, but they always used the paper tape mechanism to store the code practice sessions. A 1962 ad noted that the machine could play back the tapes from three words a minute up to 40. You could buy or rent the machine, and we always assumed it was pretty pricey for its day. Around 1965, a new unit would cost $53 but did not include a headset or a key. So that was actually more reasonable than we expected. In 1965, a brand-name clock radio cost about $50, so it wasn’t any more than that.

Everyone has their own favorite method for learning code, especially [Ludwig Koch]. At least you don’t have to learn Alex-style.

Continue reading “Machine Teaches Morse Code”

Partial Relay-Based Calculator Puts The Click Where It Counts

November 3, 2023 by 15 Comments

It looks like [Michal Zalewski] is raising the next generation the right way. First, his eldest son asks for help building a one-bit computer from discrete transistors. Not to be left behind, his little brother then asked for help with an even more retro project, which resulted in this partially relay-based calculator. Maybe there is some hope for the future.

Now, purists will no doubt notice the ATmega64 microcontroller sitting in the middle of the main PCB on this project and cry “Foul!” But perfect is the enemy of done, and as [Michal] explains, at $6 a pop for the Omron relays he and his son chose, there’s only so far you can go with relay logic before you’re taking out a second mortgage. So the relays are limited to the ALU of the calculator, along with the drivers for the six seven-segment LED displays. The microcontroller is just there for housekeeping functions like scanning the keyboard and decoding digits. All the actual calculations are in the relay logic, not silicon. And we’d be remiss not to praise his son’s stylistic choices for this design — that it uses relays with clear covers, and that it has single-sided PCBs with curvy, hand-drawn traces traces that look hand-drawn on old-school yellow substrate. [Michal]’s heart must swell with pride to have fathered someone with such exquisite taste.

For his part, [Mikal] did some really good documentation for this build, including excellent descriptions of Boolean math with half- and full-adders and how relays are used to create the basic logic gates that comprise them. The calculator itself is still a work in progress, with microcontroller code still in development, but it’s working enough that you can enjoy the display driver’s clickiness in the video below. If that doesn’t do it for you, we’ve got other relay calculators to scratch that click itch. Continue reading “Partial Relay-Based Calculator Puts The Click Where It Counts”

Robot Sunflower Follows The Sun

November 3, 2023 by 15 Comments

Real flowers do it, and even the Beatles did it. [Robo Hub] now has a plastic sunflower that tracks the sun using, of course, an Arduino. It may not qualify as a real robot, but it does mimic a real sunflower. The electronics aren’t earth-shattering, of course. An Arduino, a light sensor, and a servo motor are all you really need. But we enjoyed the whimsy and the artistic sensibility. This would be a great school project, for example. Interesting enough to get kids interested but not so hard as to be undoable. You can see a video of the ersatz flower below.

There are actually a pair of light sensors, as you might expect. That way you can determine which sensor is getting the most light. Obviously, these can’t be on-off sensors. They are, in fact, light-dependent resistors, so you get a nice analog reading.

Of course, you might not need an Arduino for this. A 555 driving a servo and a handful of discrete components could measure a bridge with the photoresistors and get the same effect. On the other hand, a microcontroller these days is inexpensive and versatile, so why not?

Usually, people tracking the sun are trying to get more energy. That doesn’t have to be any more complicated, though.

Continue reading “Robot Sunflower Follows The Sun”

Pour One Out For This Bottle-Playing Robot

November 2, 2023 by 5 Comments

If you have an iota of musicality, you’ve no doubt noticed that you can play music using glass bottles, especially if you have several of different sizes and fill them with varying levels of water. But what if you wanted to accompany yourself on the bottles? Well, then you’d need to build a bottle-playing robot.

First, [Jens Maker Adventures] wrote a song and condensed it down to eight notes. With a whole lot of tinkling with a butter knife against their collection of wine and other bottles, [Jens] was able to figure out the lowest note for a given bottle by filing it with water, and the highest note by emptying it out.

With the bottle notes selected, the original plan was to strike the bottles with sticks. As it turned out, 9g servos weren’t up to the task, so he went with solenoids instead. Using Boxes.py, he was able to parameterize a just-right bottle holder to allow for arranging the bottles in a circle and striking them from the inside, all while hiding the Arduino and the solenoid driver board. Be sure to check it out after the break.

Don’t have a bunch of bottles lying around? You can use an Arduino to play the glasses.

Continue reading “Pour One Out For This Bottle-Playing Robot”

Proposed European Electronic ID Law Raises Concerns

November 2, 2023 by 39 Comments

The harmonisation of standards for electronic identification across the EU should normally be soporific enough to send even the most Club-Mate-hyped hacker straight to sleep, but as Computer Weekly reports, discussion of this reform in the EU corridors of power has caused significant unrest among cyber security experts. Just how can providing Europeans with a harmonised digital ID be so controversial? As you might imagine, the devil lies in the detail.

At issue is the eIDAS Regulation, a system which, in the words of its website: “ensures that people and businesses can use their own national electronic identification schemes (eIDs) to access public services available online in other EU countries,” and “creates a European internal market for trust services by ensuring that they will work across borders and have the same legal status as their traditional paper-based equivalents,” and the point of concern lies with its application to websites. The EU want to ensure that Europeans can digitally verify businesses as well as individuals they deal with, and since that includes websites, they want to insert a provision allowing countries to mandate their own trusted root certificates. At a stroke, this opens the potential for state actors to snoop on all encrypted online traffic, something which would compromise the security of all.

Sadly for Europeans, this isn’t the only questionable online regulation effort from that region.

Thanks [Joyce Ng] for the tip.