Repairdown: Disklavier DKC500RW Control Unit

June 3, 2019 by Tom Nardi 61 Comments

If you’ve been kind enough to accompany me on these regular hardware explorations, you’ve likely recognized a trend with regards to the gadgets that go under the knife. Generally speaking, the devices I take apart for your viewing pleasure come to us from the clearance rack of a big box retailer, the thrift store, or the always generous “AS-IS” section on eBay. There’s something of a cost-benefit analysis performed each time I pick up a piece of gear for dissection, and it probably won’t surprise you to find that the least expensive doggy in the window is usually the one that secures its fifteen minutes of Internet fame.

But this month I present to you, Good Reader, something a bit different. This time I’m not taking something apart just for the simple joy of seeing PCB laid bare. I’ve been given the task of repairing an expensive piece of antiquated oddball equipment because, quite frankly, nobody else wanted to do it. If we happen to find ourselves learning about its inner workings in the process, that’s just the cost of doing business with a Hackaday writer.

The situation as explained to me is that in the late 1990’s, my brother’s employer purchased a Yamaha Mark II XG “Baby Grand” piano for somewhere in the neighborhood of $20,000. This particular model was selected for its ability to play MIDI files from 3.5 inch floppy disks, complete with the rather ghostly effect of the keys moving by themselves. The idea was that you could set this piano up in your lobby with a floppy full of Barry Manilow’s greatest hits, and your establishment would instantly be dripping with automated class.

Unfortunately, about a month or so back, the piano’s Disklavier DKC500RW control unit stopped reading disks. The piano itself still worked, but now required a human to do the playing. Calls were made, but as you might expect, most repair centers politely declined around the time they heard the word “floppy” and anyone who stayed on the line quoted a price that simply wasn’t economical.

Before they resorted to hiring a pianist, perhaps a rare example of a human taking a robot’s job, my brother asked if he could remove the control unit and see if I could make any sense of it. So with that, let’s dig into this vintage piece of musical equipment and see what a five figure price tag got you at the turn of the millennium.

Continue reading “Repairdown: Disklavier DKC500RW Control Unit” →

Hackaday Links: June 2, 2019

June 2, 2019 by Brian Benchoff 17 Comments

The works of Shakespeare, Goethe, and Cervantes combined do not equal the genius of Rick And Morty. Actually, the word ‘genius’ is thrown around a bit too much these days. Rick and Morty has surpassed genius. This cartoon is sublime. It is beyond any art that could be created. Now, you might not have a high enough IQ to follow this, but Rick and Morty is, objectively, the best art that can be produced. It just draws upon so much; Rick’s drunken stammering is a cleverly hidden allusion to Dostoevsky’s Netochka Nezvanova, absolutely brilliantly providing the back-story to Rick’s character while never actually revealing anything. Now, you’re probably not smart enough to understand this, but Teenage Engineering is releasing a Rick and Morty Pocket Operator. Only the top percentages of IQs are going to understand this, but this is game-changing. Nothing like this has ever been done before.

The Microsoft IntelliMouse Explorer 3.0 is the high water mark of computer peripheral design. Originally released in 2003, the IntelliMouse Explorer 3.0 was an instant classic. The design is nearly two decades old, but it hasn’t aged a day. That said, mouse sensors have gotten better in the years since, and I believe the original tooling has long worn out. Production of the original IntelliMouse Explorer 3.0 stopped a long time ago. Microsoft tried to revive the IntelliMouse a few years ago using a ‘BlueTrack’ sensor that was ridiculed by the gaming community. Now Microsoft is reviving the IntelliMouse with a good sensor. The Pro IntelliMouse is on sale now for $60 USD.

It has come to my attention that wooden RFID cards exist. This shouldn’t come as a surprise to anyone because wood veneer exists, thin coils of wire exist, and glue exists. That said, if you’re looking for an RFID card you can throw in the laser cutter for engraving, or you just want that special, home-made touch, you can get a wooden RFID card.

Lego has just released an Apollo Lunar Lander set, number 10266. It’s 1087 pieces and costs $99. This is a full-scale (or minifig-scale, whatever) Apollo LEM, with an ascent module detachable from the descent module. Two minifigs fit comfortably inside. Previously, the only full-scale (or, again, minifig-scale) Apollo LEM set was 10029, a Lego Discovery kit from 2003 (original retail price $39.99). Set 10029 saw a limited release and has since become a collectible: the current value for a new kit is $336. The annualized ROI of Lego set 10029-1 is 13.69%, making this new Apollo LEM set a very attractive investment vehicle. I’m going to say this one more time: Lego sets, and especially minifigs, are one of the best long-term investments you can make.

A Weinermobile is for sale on Craigslist. Actually, it’s not, because this was just a prank posted by someone’s friends. Oh, I wish I had an Oscar Mayer Weinermobile.

Rumors are swirling that Apple will release a new Mac Pro at WWDC this week. Say what you will about Apple, but people who do audio and video really, really like Apple, and they need machines with fast processors and good graphics cards. Apple, unfortunately, doesn’t build that anymore. The last good expandable mac was the cheese grater tower, retired in 2013 for the trash can pro. Will Apple manage to build a machine that can hold a video card? We’ll find out this week.

This Week In Security: Baltimore, MacOS Zipfile Security, And App Store Monopolies

May 31, 2019 by Jonathan Bennett 13 Comments

Baltimore. The city was breached, crippled and held for ransom. The ransomware attack was discovered on May 7th, shutting down a major portion of the city’s infrastructure. The latest news is that an NSA-written tool, EternalBlue, is responsible for the attack. Except maybe it isn’t? First off, digging back through the history of an attack is challenging. It’s often hard to determine the initial attack vector with certainty.

The “initial attack vector” is the patient zero of the attack — how the first machine was compromised. An organization generally has a firewall separating the outside internet from the internal network. Once an attacker has found a way to access a machine inside the network, the separation is not nearly so strict. This takes many forms, but the most common is phishing. Close contenders are RDP and SMB (Remote Desktop and Windows File Sharing). A report at Ars Technica indicates that the initial vector into the Baltimore network was a phishing email.

The second step to consider is what’s called “lateral movement”, which describes an attacker using the compromised machine to target other machines in the organization. Often an attacker will have an entire toolkit of exploits to attempt to compromise other machines. One of the exploits used in this case was the same exploit contained in the NSA tool, EternalBlue. A clever program called psexec is usually part of any lateral movement campaign. While the exploit associated with EternalBlue was probably used to compromise a few of the machines on the Baltimore network, placing all the blame on the shoulders of the NSA is missing the point. The tool is only a small part of this attack.

MacOS and NFS Shares Inside Zipfiles

MacOS has a sometimes irritating feature, Gatekeeper, that only allows running signed binaries by default. The point of Gatekeeper is to prevent a user from running a malicious binary that has been downloaded from the internet. While it is sometimes an annoyance, it is helpful for some users. [Filippo Cavallarin] announced an exploit that completely bypasses Gatekeeper on the 24th. This exploit takes advantage of the fact that Gatekeeper considers network shares to be trustworthy, and doesn’t run the normal check before executing a binary located there. While interesting, this isn’t useful unless there is a way for an attacker to mount a malicious location as a network share. Enter the Mac’s ability to automatically mount network locations through the use of the /net path. The last piece of this puzzle is the fact that zip files can contain symbolic links. A zip file can be built with a link to the /net location, automounting an arbitrary NFS location. If binary files are located in this location, the OS will happily allow the user to execute those binaries whether signed or not.

This exploit may not be the most serious of the year, but it’s still a problem that needs fixing. [Filippo] contacted Apple back in February and disclosed the problem, even getting an assurance that they would fix it within 90 days. 90 days have passed, and Apple has begun ignoring his emails, so he has made the announcement and published steps to reproduce on his website.

There has been discussion in the comments of this column about vulnerability disclosure and publishing proof of concept code. This is a perfect example of why researchers publish their work. As far as [Filippo] knows, Apple has no intention of fixing the issue he discovered. He also has no reason to believe that no one else has stumbled on this discovery before he did. We mentioned EternalBlue above. The NSA discovered the SMB vulnerability that exploit targeted and used it silently for up to five years before it was stolen and finally disclosed to Microsoft and fixed. Make no mistake, public disclosures and proof of concepts get vulnerabilities fixed. For any given vulnerability, there is no guarantee that someone else hasn’t already found it.

Just a Little Document Leak

OK, maybe not so little. A Fortune 500 company, First American, managed to host millions of private documents in an accessible format. Imagine you upload a document to a company, and get a confirmation link that looks like “test.com/documents.php?id=0252234”. If you’re like me, you’re very curious what is at id=0252233. [Ben Shoval] is a real estate developer who apparently also wanted to know the answer to that question. To his surprise, millions of uploaded documents were available for anyone to view. He tried reaching out to First American, and when there was no response to his emails, he forwarded his findings on to Krebs on Security. After what was likely years of exposure, the database was finally taken offline Friday the 24th.

Walled Garden Monopolies

Staying on the Apple train, the App Store is pretty obviously a monopoly. Someone has finally asked whether it’s an illegal monopoly. As most of these questions go, it’ll take a drawn out court battle to decide. How is this security news? If the court finds that Apple has been violating antitrust laws, one possible remediation is to allow alternative app stores. While there is always the potential for a high quality alternative store like F-droid, sketchy app stores and downloaded are a real possibility. On the other hand, it would be nice to have an iOS app store that is compatible with the GPL.

Hackaday Podcast 021: Chasing Rockets, Tripping On Vintage Synthesizers, A Spectacular IoT Security Fail, And Early Alzheimer’s Detection Via VR

May 31, 2019 by Dan Maloney 5 Comments

Mike Szczys is on a well-deserved vacation this week, so staff writer Dan Maloney joins managing editor Elliot Williams for a look at all the great hacks of the week. On this episode we’re talking about licensing fees for MIDI 2.0, a two-way fail while snooping on employees, and the potential for diagnosing Alzheimer’s with virtual reality. We also dive into the well-engineered innards of a robotic cheetah, a personal assistant safe enough for kids to use, and how listening to your monitor reveals more about you than you’d think. You don’t want to miss a space nerd’s quest for fire or a hacker’s guide to solder and soldering. And you’ve got to catch the story of a hapless hacker’s contact high from a vintage synthesizer. It’s quite a trip.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 021: Chasing Rockets, Tripping On Vintage Synthesizers, A Spectacular IoT Security Fail, And Early Alzheimer’s Detection Via VR” →

Hackaday Superconference: Pushing The Boundaries Of PCB Artwork With Brian Benchoff

May 30, 2019 by Jenny List 6 Comments

The artistic elite exists in a stratum above we hoi polloi, a world of achingly trendy galleries, well-heeled collectors, and art critics who act as gatekeepers to what is considered the pinnacle du jour of culture. Artistic movements that evolve outside this bubble may be derided or ignored as naive and unsophisticated, even in complete denial of their raw creative edge. When they are discovered by the establishment a few of their artists are selected and anointed, while inevitably the crucible in which they were formed is forgotten. On the streets of Bristol the incredible work of far more graffiti artists can be seen than just that of Banksy.

Our community has an art form all of its own, in the guise of PCB artwork and the #BadgeLife community. One day you will see electronic badges from darlings of the art world behind glass in those trendy galleries, but for now they live in glorious abundance in the wild. Here at Hackaday we are lucky enough to have in Brian Benchoff a colleague who is pushing the boundaries of PCB art, and at the Hackaday Superconference he took us through one of his more recent pieces of work.

Brian's pad printer. — Brian’s pad printer.

The colour palette of a typical printed circuit board is limited by the combination of fibreglass, copper, soldermask, plating, and silkscreen its designer selects. Thus while the variety of soldermask colours and plating materials can make for an eye-catching work, they have remained a colour-tinted near monochrome. The Holy Grail of the PCB artist has been to step into the world of full colour, and Brian has been pursuing that goal by exploring pad printing to produce extra colours beyond the sodermask..

It’s a subject he’s written about here in the past, and he introduces it in the talk with a look at existing badge artwork and a mention of an expensive commercial inkjet process before considering the type of printing you see daily on the sides of promotional pens. Those company titles are deposited on pens using pad printing, an offset process in which ink is first deposited upon a photo-etched metal plate before being picked up on a silicone rubber pad for transfer to the object to be printed. It’s not the panacea for all coloured-PCB tasks, but for adding relatively small blocks of pigment to an otherwise monochromatic board it can be very successful.

The eye-catching Kiss -themed Tindie badges.

Brian’s examples are a panelised set of Tindie badges as a homage to the rock band Kiss, and his Tide pod addon containing a serial number in an EEPROM that was part of a Blockchain-inspired game. The Kiss Tindie badges use black soldermask with extensive white silkscreen and a modest area of red pad printing for the stage makeup, while the Tide addon makes clever use of the same swoosh printed in alternate colours at 180 degrees to each other.

In both cases there is some labour involved in creating the prints, and as his detailed write-up of printing the Tide pods reminds us, the process of creating the printing plate is not exactly an easy one. But it remains the best way yet to add extra colours to a board without paying a small fortune for the inkjet process, and if you’d like to put your own designs at the bleeding edge of PCB art you might wish to read his writeups and watch the video below the break.

This is just one example of the kind of manufacturing techniques, and electronic design principles on display at the Hackaday Superconference. There’s another Supercon just around the corner, so grab your ticket and send in your own talk proposal right away!

Continue reading “Hackaday Superconference: Pushing The Boundaries Of PCB Artwork With Brian Benchoff” →

Automate The Freight: Amazon’s Robotic Packaging Lines

May 29, 2019 by Dan Maloney 50 Comments

In the “Automate the Freight” series, I’ve concentrated on stories that reflect my premise that the killer app for self-driving vehicles will not be private passenger cars, but will more likely be the mundane but necessary task of toting things from place to place. The economics of replacing thousands of salary-drawing and benefit-requiring humans in the logistics chain are greatly favored compared to the profits to be made by providing a convenient and safe commuting experience to individuals. Advances made in automating deliveries will eventually trickle down to the consumer market, but it’ll be the freight carriers that drive innovation.

While I’ve concentrated on self-driving freight vehicles, there are other aspects to automating the supply chain that I’ve touched on in this series, from UAV-delivered blood and medical supplies to the potential for automating the last hundred feet of home delivery with curb-to-door robots. But automation of the other end of the supply chain holds a lot of promise too, both for advancing technology and disrupting the entire logistics field. This time around: automated packaging lines, or how the stuff you buy online gets picked and wrapped for shipping without ever being touched by human hands.

Continue reading “Automate The Freight: Amazon’s Robotic Packaging Lines” →

This Week In Security: Zombieload, And Is Your Router Leaking?

May 28, 2019 by Jonathan Bennett 8 Comments

Do you know what your router is doing? We have two stories of the embedded devices misbehaving. First, Linksys “Smart” routers keep track of every device that connects to its network. Right, so does every other router. These routers, however, also helpfully expose that stored data over JNAP/HNAP.

Some background is needed here. First, HNAP is the Home Network Administration Protocol, designed to manage routers and network devices. Originally designed by Pure Networks, HNAP is a SOAP based protocol, and has been part of security problems in the past. You may also see the term JNAP. It seems that JNAP is the JSON Network Administration Protocol, identical to HNAP except for using JSON instead of SOAP.

The odd part is that this is an old problem. CVE-2014-8244 was disclosed and fixed in 2014. According to the writeup at Badpackets.net, the problem was re-discovered as a result of observing active network attacks targeting JNAP. When Linksys was informed of the rediscovered problem, they responded that the problem was fixed in 2014, and devices with updated firmware and default settings are not accessible from the public internet. The presence of over 20,000 devices leaking data casts doubt on their response. Continue reading “This Week In Security: Zombieload, And Is Your Router Leaking?” →

Hackaday

Hackaday Columns

4567 Articles

Repairdown: Disklavier DKC500RW Control Unit

Hackaday Links: June 2, 2019