Showing two MCP23017 expanders soldered onto a PCB

MCP23017 Went Through Shortage Hell, Lost Two Inputs

February 3, 2023 by 68 Comments

The MCP23017, a 16-bit I2C GPIO expander, has always been a tasty chip. With 16 GPIOs addressable over I2C, proper push/pull outputs, software-enabled pull-ups, eight addresses, maskable interrupts for all pins, and reasonably low price, there’s a reason it’s so popular. No doubt due in part to that popularity, it’s been consistently out of stock during the past year and a half, as those of us unlucky enough to rely on it in our projects will testify.

Now, the chip is back in stock, with 23,000 of them to go around on Mouser alone, but there’s a catch. Apparently, the lengthy out-of-stock period has taken a heavy toll on the IC. Whether it’s the recession or perhaps the gas shortages, the gist is — the MCP23017 now a 14/16-bit expander, with two of the pins (GPA7 and GPB7) losing their input capabilities. The chips look the same, are called the same, and act mostly the same — if you don’t download the latest version of the datasheet (Revision D), you’d never know that there’s been a change. This kind of update is bound to cause a special kind of a debugging evening for a hobbyist, and makes the chip way less suitable for quite a few applications.

It’s baffling to think about such a change happening nearly 20 years after the chip was initially released, and we wonder what could have caused it. This applies to the I2C version specifically — the SPI counterpart, MCP23S17, stays unaffected. Perhaps, using a microcontroller or shift registers for your GPIO expansion isn’t as unattractive of an option after all. Microcontroller GPIO errata are at least expected to happen, and shift registers seem to have stayed the same since the dawn of time.

The reasons for MCP23017 silicon getting cut in such a way, we might never know. At least now, hopefully, this change will be less of a bitter surprise to those of us happy to just see the chip back in stock — and for hackers who have already restocked their MCP23017 hoards, may your shelved boards magically turn out to have a compatible pinout.

This Week In Security: Github, Google, And Realtek

February 3, 2023 by 4 Comments

GitHub Desktop may have stopped working for you yesterday, Febuary 2nd. The reason was an unauthorized access to some decidedly non-public repositories. The most serious bit of information that escaped was code signing certificates, notably used for GitHub Desktop and Atom. Those certificates were password protected, so it’s unlikely they’ve been abused yet. Even so, Github is taking the proper steps of revoking those certificates.

The only active certificate that was revoked was used for signing the Mac releases of GitHub Desktop, so quite a few older versions of that software is no longer easily installed. If nothing else, it’s a reminder that even a project with a well run security team can have problems.

Sh1mmer-ing Chromebooks

There’s a new, clever attack on the Chromebook, specifically with the goal of unenrolling the device from an educational organization. And the “vulnerability” is a documented feature, the RMA Shim. That’s a special boot loader target that contains a valid signature, but allows the booting of other code, intended for troubleshooting and fixing devices in a repair center. Quite a few of those images have leaked, and Sh1mmer combines the appropriate image with a boot menu with some interesting options.

The first is unenrolling, so the device will act like a privately owned computer. This gets rid of content blocks and allows removing extensions. But wait, there’s more. Like rooting the device, a raw Bash terminal, and re-enabling developer mode. Now, as far as we can tell, this doesn’t *directly* break device encryption, but it’s likely that the RMA shim could be abused to tamper with the device’s filesystem. Meaning that the leak of a bunch of signed shims is a big problem for device security. If you use a Chromebook, it might be time to do some research on whether that model’s shim has been leaked. Continue reading “This Week In Security: Github, Google, And Realtek”

End Of An Automation Era As Twitter Closes Its Doors To Free API Access

February 3, 2023 by 40 Comments

Over the last few months since Elon Musk bought Twitter there has been a lot of comment and reaction, but not much with relevance to Hackaday readers. Today though that has changed, with an announcement from the company that as of February 9th they will end their free API tier. It’s of relevance here because Twitter has become one of those glue items for connected projects and has appeared in many featured works on this site. A week’s notice of a service termination is exceptionally short, so expect to see a lot of the Twitter bots you follow disappearing.

Twitter bot owners have the option of paying to continue with Twitter, or rebuilding their service to use a Mastodon instance such as botsin.space. If the fediverse is new to you, then the web is not short of tutorials on how to do this.

We feel that Twitter will be a poorer place without some of the creative, funny, or interesting bots which have enriched our lives over the years, and we hope that the spam bots don’t remain by paying for API access. We can’t help feeling that this is a misguided step though, because when content is the hook to bring in the users who are the product, throwing out an entire category of content seems short-sighted. We’re not so sure about it as a move towards profitability either, because the payback from a successful social media company is never profit but influence. In short: social media companies don’t make money but the conversation itself, and that can sometimes be worth more than money if you can avoid making a mess of it.

If the bots from our field depart for Mastodon, we look forward to seeing whether the new platform offers any new possibilities. Meanwhile if your projects don’t Toot yet, find out how an ESP32 can do it.

Header: D J Shin, CC BY-SA 3.0.

The Struggle Of Keeping A 1950s Candlepin Bowling System Working

February 3, 2023 by 45 Comments

When we hear the term ‘bowling’, most of us think of what is known as ten-pin bowling, yet this is only one of the many variations. Candlepin bowling — so called because of the distinctive pin shape — has been around since 1880, yet is mostly played within the US New England and Canadian Maritime provinces. Because of how relatively uncommon it is, candlepin bowling alleys such as the one that [Autumn Mowery]’s family runs is struggling to keep the system working, much of it due to a lack of spare parts.

On [Autumn]’s YouTube channel she goes through many of the behind the scene details at the Ellsworth, Maine-based bowling alley, the repairs and the scavenging of spare parts from the sacrificial bowling lanes that are used to keep the other lanes going for as long as possible. With the mechanics of the installed candlepin bowling system dating back to the 1940s and having been use constantly since the 1950s, it’s an every day struggle to keep the system from breaking down, with no spare parts available for sale.

Although the financially responsible approach might be to give up on the system and have a readily available tenpin bowling system installed instead, there’s a lot more to this form of bowling than the difference in pin shape. Differences include the much stricter rules, the use of a smaller ball without finger holes, lower chance of hitting a pin, and so on. This, along with the historical significance of the sport and this particular system would make it appear to be something that’s right up the (bowling) alley of our audience.

How’d you keep a 1950s-era bowling system up and running?

Thanks to [Tara Calishain] for the tip!

Picture of the dumper board, with a ROM chip and a Pi Pico inserted

A Disposable Dumper For ROM Chips With A Pi Pico

February 2, 2023 by 26 Comments

ROM dumping is vital for preserving old hardware, and we’ve seen many hacks dedicated to letting someone dump a ROM and send its contents to some hacker stuck with a piece of technology that lost its firmware. However, that requires ROM dumping tools of some kind, and it’s often that the lucky ROM-equipped hacker doesn’t own such tools. Now, you could mail the chip to someone else, but postal services in many countries are known to be UDP-like — lossy and without delivery guarantees. The risk of leaving both hackers without a ROM chip is quite real, so, instead of mailing ROM chips or expensive devices around, [Amen] proposes a cheap and disposable flash dumping tool that you could mail instead.

The ROMs in question are 24-pin 2332 and 2364 chips, which run at 5 V and can easily be read with any microcontroller. Thus, his concept is a very simple board, with a Pi Pico and flash chip socket on it, as well as some resistors. Those are used to provide rudimentary GPIO over-voltage protection, since the RP2040 runs its GPIOs at 3.3 V. All the magic is in the software – the tool can both write the chip contents in the RP2040’s internal memory, as well as dump it over USB to the computer. Everything is open-source – if you ever need to dump a rare chip on the other side of the world, modify the design to your liking, order a few copies and then mail them to the hacker involved – losing such a package is way less significant than losing a ROM chip with last-of-its-kind firmware on it.

Old ROM chips are dying out, causing whole generations of hardware, like synths, to fade away – with tools like this one, you can lend a hand in preserving the legacy of many an industry and hobby, and many hackers do. Looking to learn about the basics of parallel flash dumping? This post from 2012 will be a good start, and then check out a more recent venture to learn how things are done with more recent parts.

Brass Hardware Makes For Pretty Potentiometer Knobs

February 2, 2023 by 18 Comments

Knobs and switches can make or break the aesthetic and tactile appeal of a project. Fine hi-fi hardware goes hard on these details, while cheap knock-off guitar pedals often go the other way. If you’re looking for a unique, cheap, and compelling solution for potentiometer knobs, you might like to consider using converted brass hardware for the job.

Gorgeous, no?

The idea comes from [Kevin Jordan], who realized that some simple 3D printed parts would enable him to repurpose brass hardware for use with common split-shaft potentiometers. He grabbed a bunch of brass flare caps intended for use with gas piping, and got to work.

The result is the simple 3D printed cap converter. It has a threaded outer portion, which screws neatly inside a brass flare cap. Inside, it features a hole to mate to the potentiometer shaft. While this could be done with a spline, it also works with a simple hole since the plastic is soft enough to simply push the potentiometer shaft into.

The flare caps look great when pressed into service as knobs. [Kevin] uses them on a tennis racket guitar he built, and the brass knobs beautifully set off against the natural wood finishes of the build. If you’re looking for some unique adornments for your own projects, you might like to experiment with this concept yourself! Alternatively, you can try making your own knobs from scratch.

Continue reading “Brass Hardware Makes For Pretty Potentiometer Knobs”

Building An All-in-One Desktop Out Of Framework Parts

February 2, 2023 by 10 Comments

The Framework laptop prides itself on having reusable parts, and hackers all around routinely challenge the claims by building projects reusing them. Yet again, [whatthefilament] puts the Framework hardware to the test, by taking all the laptop internals and building an AiO (All-in-One) desktop computer with it. Hot on the heels of his Framework tablet project we covered a few months ago, this desktop reuses as much as possible – the mainboard, the display and the expansion cards in particular, and even one of the hinges is reused for adjusting the monitor’s angle.

Of course, this build required a custom case – and [whatthefilament]’s design is fully 3D-printed, with STLs and assembly instructions available for anyone interested. Parts of the desktop are held by magnets for ease of assembly and maintenance, with a few parts requiring screws held in by heat-set inserts. Complete with a webcam, speakers and even a WiFi card, all it needs for completeness is an external keyboard&mouse combo, making for a sleek desktop that anyone in possession of a few Framework parts can build.

Laptop-to-desktop builds are nice – take the X-PC project, starting with a pile of school laptops and rebuilding them into colourful and sturdy desktops for classroom use. We’ve seen quite a few fancy Framework projects already, and that’s because they provided motherboards to hackers for specifically project purposes, kickstarting a fair few creations to grace our pages. Other hacker-friendly laptops didn’t lag behind, either – for instance, here’s the hacker favourite, Novena, getting the desktop treatment.