This Week In Security: No More CVEs, 4chan, And Recall Returns

The sky is falling. Or more specifically, it was about to fall, according to the security community this week. The MITRE Corporation came within a hair’s breadth of running out of its contract to maintain the CVE database. And admittedly, it would be a bad thing if we suddenly lost updates to the central CVE database. What’s particularly interesting is how we knew about this possibility at all. An April 15 letter sent to the CVE board warned that the specific contract that funds MITRE’s CVE and CWE work was due to expire on the 16th. This was not an official release, and it’s not clear exactly how this document was leaked.

Many people made political hay out of the apparent imminent carnage. And while there’s always an element of political maneuvering when it comes to contract renewal, it’s worth noting that it’s not unheard of for MITRE’s CVE funding to go down to the wire like this. We don’t know how many times we’ve been in this position in years past. Regardless, MITRE has spun out another non-profit, The CVE Foundation, specifically to see to the continuation of the CVE database. And at the last possible moment, CISA has announced that it has invoked an option in the existing contract, funding MITRE’s CVE work for another 11 months.

Continue reading “This Week In Security: No More CVEs, 4chan, And Recall Returns”

An electron microscope image of the aluminum alloy from the study.

D20-shaped Quasicrystal Makes High-Strength Alloy Printable

When is a crystal not a crystal? When it’s a quasi-crystal, a paradoxical form of metal recently found in some 3D printed metal alloys by [A.D. Iams et al] at the American National Institute for Standards and Technology (NIST).

As you might remember from chemistry class, crystals are made up of blocks of atoms (usually called ‘unit cells’) that fit together in perfect repetition — baring dislocations, cracks, impurities, or anything else that might throw off a theoretically perfect crystal structure. There are only so many ways to tessellate atoms in 3D space; 230 of them, to be precise. A quasicrystal isn’t any of them. Rather than repeat endlessly in 3D space, a quasicrystal never repeats perfectly, like a 3D dimensional Penrose tile. The discovery of quasicrystals dates back to the 1980s, and was awarded a noble prize in 2011.

Penrose tiling of thick and thin rhombi
Penrose tiling– the pattern never repeats perfectly. Quasicrystals do this in 3D. (Image by Inductiveload, Public Domain)

Quasicrystals aren’t exactly common in nature, so how does 3D printing come into this? Well, it turns out that, quite accidentally, a particular Aluminum-Zirconium alloy was forming small zones of quasicrystals (the black spots in the image above) when used in powder bed fusion printing. Other high strength-alloys tended to be very prone to cracking, to the point of unusability, and this Al-Zr alloy, discovered in 2017, was the first of its class.

You might imagine that the non-regular structure of a quasicrystal wouldn’t propagate cracks as easily as a regular crystal structure, and you would be right! The NIST researchers obviously wanted to investigate why the printable alloy had the properties it does. When their crystallographic analysis showed not only five-fold, but also three-fold and two-fold rotational symmetry when examined from different angles, the researchers realized they had a quasicrystal on their hands. The unit cell is in the form of a 20-sided icosahedron, providing the penrose-style tiling that keeps the alloy from cracking.

You might say the original team that developed the alloy rolled a nat-20 on their crafting skill. Now that we understand why it works, this research opens up the doors for other metallic quasi-crystals to be developed on purpose, in aluminum and perhaps other alloys.

We’ve written about 3D metal printers before, and highlighted a DIY-able plastic SLS kit, but the high-power powder-bed systems needed for aluminum aren’t often found in makerspaces. If you’re building one or know someone who is, be sure to let us know.

Track Your Circuits: A Locomotive PCB Badge

This fun PCB from [Nick Brown] features a miniature railroad implemented with 0805-sized LEDs. With an eye towards designing his own fun interactive PCB badge, the Light-Rail began its journey. He thoroughly documented his process, from shunting various late-night ideas together to tracking down discrepancies between the documentation of a part and the received part.

Continue reading “Track Your Circuits: A Locomotive PCB Badge”

Tiny, Hackable Telepresence Robot For Under $100? Meet Goby

[Charmed Labs] are responsible for bringing numerous open-source hardware products to fruition over the years, and their latest device is an adorably small robotic camera platform called Goby, currently crowdfunding for its initial release. Goby has a few really clever design features and delivers a capable (and hackable) platform for under 100 USD.

Goby embraces its small size, delivering what its creators dub “tinypresence” — or the feeling of being there, but on a very small scale. Cardboard courses, LEGO arenas, or even tabletop gaming scenery hits different when experienced from a first-person perspective. Goby is entirely reprogrammable with nothing more than a USB cable and the Arduino IDE, while costing less than most Arduino starter kits.

Recharging happens by driving over the charger, then pivoting down so the connectors (the little blunt vampire fangs under and to each side of the camera) come into contact with the charger.

One of the physical features we really like is the tail-like articulated caster at the rear. Flexing this pivots Goby up or down (and can even flip Goby completely over), allowing one to pan and tilt the view without needing to mount the camera on a gimbal. It also comes into play for recharging; Goby simply moves over the disc-shaped charger and pivots down to make contact.

At Goby‘s heart is an ESP32-S3 and OmniVision OV2640 camera sensor streaming a live video feed (and driving controls) with WebRTC. Fitting the WebRTC stack onto an ESP32 wasn’t easy, but opens up possibilities beyond just media streaming.

Goby is set up to make launching an encrypted connection as easy as sharing a URL or scanning a QR code. The link is negotiated between bot and client with the initial help of an external server, and once a peer-to-peer connection is established, the server’s job is done and it is out of the picture. [Charmed Labs]’s code for this functionality — named BitBang — is in beta and destined for an open release as well. While BitBang is being used here to make it effortless to access Goby remotely, it’s more broadly intended to make web access for any ESP32-based device easier to implement.

As far as tiny remote camera platforms go, it might not be as small as rebuilding a Hot Wheels car into a micro RC platform, but it’s definitely more accessible and probably cheaper, to boot. Check it out at the Kickstarter (see the first link in this post) and watch it in action in the video, embedded just below the page break.

Continue reading “Tiny, Hackable Telepresence Robot For Under $100? Meet Goby

Rise Of The Robots: How Robots Are Changing Dairy Farms

Running a dairy farm used to be a rather hands-on experience, with the farmer required to be around every few hours to milk the cows, feed them, do all the veterinarian tasks that the farmer can do themselves, and so on. The introduction of milking machines in the early 20th century however began a trend of increased automation whereby a single farmer could handle a hundred cows by the end of the century instead of only a couple. In a recent article in IEEE Spectrum covers the continued progress here is covered, including cows milking themselves, on-demand style as shown in the top image.

The article focuses primarily on Dutch company Lely’s recent robots, which range from said self-milking robots to a manure cleaning robot that looks like an oversized Roomba. With how labor-intensive (and low-margin) a dairy farm is, any level of automation that can improve matters will be welcomed, with so far Lely’s robots receiving a mostly positive response. Since cows are pretty smart, they will happily guide themselves to a self-milking robot when they feel that their udders are full enough, which can save the farmer a few hours of work each day, as this robot handles every task, including the cleaning of the udders prior to milking and sanitizing itself prior to inviting the next cow into its loving embrace.

As for the other tasks, speaking as a genuine Dutch dairy farm girl who was born & raised around cattle (and sheep), the idea of e.g. mucking out stables being taken over by robots is something that raises a lot more skepticism. After all, a farmer’s children have to earn their pocket money somehow, which includes mucking, herding, farm maintenance and so on. Unless those robots get really cheap and low maintenance, the idea of fully automated dairy farms may still be a long while off, but reducing the workload and making cows happier are definitely lofty goals.

Top image: The milking robot that can automatically milk a cow without human assistance. (Credit: Lely)

A Blacksmith Shows Us How To Choose An Anvil

No doubt many readers have at times wished to try their hand at blacksmithing, but it’s fair to say that acquiring an anvil represents quite the hurdle. For anyone not knowing where to turn there’s a video from [Black Bear Forge], in which he takes us through a range of budget options.

He starts with a sledgehammer, the simplest anvil of all, which we would agree makes a very accessible means to do simple forge work. He shows us a rail anvil and a couple of broken old anvils, before spending some time on a cheap Vevor anvil and going on to some much nicer more professional ones. It’s probably the Vevor which is the most interesting of the ones on show though, not because it is particularly good but because it’s a chance to see up close one of these very cheap anvils.

Are they worth taking the chance? The one he’s got has plenty of rough parts and casting flaws, an oddly-sited pritchel and a hardy hole that’s too small. These anvils are sometimes referred to as “Anvil shaped objects”, and while this one could make a reasonable starter it’s not difficult to see why it might not be the best purchase. It’s a subject we have touched on before in our blacksmithing series, so we’re particularly interested to see his take on it.

Continue reading “A Blacksmith Shows Us How To Choose An Anvil”

Designing An FM Drum Synth From Scratch

How it started: a simple repair job on a Roland drum machine. How it ended: a scratch-built FM drum synth module that’s completely analog, and completely cool.

[Moritz Klein]’s journey down the analog drum machine rabbit hole started with a Roland TR-909, a hybrid drum machine from the mid-80s that combined sampled sounds with analog synthesis. The unit [Moritz] picked up was having trouble with the decay on the kick drum, so he spread out the gloriously detailed schematic and got to work. He breadboarded a few sections of the kick drum circuit to aid troubleshooting, but one thing led to another and he was soon in new territory.

The video below is on the longish side, with the first third or so dedicated to recreating the circuits used to create the 909’s iconic sound, slightly modifying some of them to simplify construction. Like the schematic that started the whole thing, this section of the video is jam-packed with goodness, too much to detail here. But a few of the gems that caught our eye were the voltage-controlled amplifier (VCA) circuit that seems to make appearances in multiple places in the circuit, and the dead-simple wave-shaper circuit, which takes some of the harmonics out of the triangle wave oscillator’s output with just a couple of diodes and some resistors.

Once the 909’s kick and toms section had been breadboarded, [Moritz] turned his attention to adding something Roland hadn’t included: frequency modulation. He did this by adding a second, lower-frequency voltage-controlled oscillator (VCO) and using that to modulate the drum section. That resulted in a weird, metallic sound that can be tuned to imitate anything from a steel drum to a bell. He also added a hi-hat and cymbal section by mixing the square wave outputs on the VCOs through a funky XOR gate made from discrete components and a high-pass filter.

There’s a lot of information packed into this video, and by breaking everything down into small, simple blocks, [Moritz] makes it easy to understand analog synths and the circuits behind them.

Continue reading “Designing An FM Drum Synth From Scratch”