E-ink Display Driven DIY

E-ink displays are awesome. Humans spent centuries reading non-backlit devices, and frankly it’s a lot easier on the eyes. But have you looked into driving one of these critters yourself? It’s a nightmare. So chapeau! to [Julien] for his FPGA-based implementation that not only uses our favorite open-source FPGA toolchain, and serves as an open reference implementation for anyone else who’s interested.

Getting just black and white on an E-ink display is relatively easy — just hit the ink pixels with the same signal over and over until they give up. Greyscale is made by applying much more nuanced voltages because the pixels are somewhat state-dependent. If the desired endpoint is a 50% grey, for instance, you’d hit it with a different pulse train if the pixel were now white versus if it were now black. (Ever notice that your e-book screen periodically does a white-black flash? It’s resetting all the pixels to a known state.) And that’s not even taking into account the hassles with the various crazy voltages that E-ink displays require, which [Julien] wisely handed off to a dedicated chip.

In the end, the device has to make 20-50 passes through the screen for one user-visible refresh. [Julien] found that the usual microcontrollers just weren’t capable of the speed that he wanted, hence the FPGA and custom waveform tables. We’ve seen E-ink hacks before, and [Julien] is standing on the shoulders of giants, most notably those of [Petteri Aimonen] and [Sprite_tm]. [Julien]’s hack has the fastest updates we’ve ever seen.

We still can’t wait for the day that there is a general-purpose E-ink driver chip out there for pennies, because nearly every project we make with a backlit display would look better, and chew through the batteries slower, with E-ink. In the meantime, [Julien]’s FPGA implementation is pretty close, and it’s fully open.

Continue reading “E-ink Display Driven DIY”

You Think You Can’t Be Phished?

Well, think again. At least if you are using Chrome or Firefox. Don’t believe us? Well, check out Apple new website then, at https://www.apple.com . Notice anything? If you are not using an affected browser you are just seeing a strange URL after opening the webpage, otherwise it’s pretty legit. This is a page to demonstrate a type of Unicode vulnerability in how the browser interprets and show the URL to the user. Notice the valid HTTPS. Of course the domain is not from Apple, it is actually the domain: “https://www.xn--80ak6aa92e.com/“. If you open the page, you can see the actual URL by right-clicking and select view-source.

So what’s going on? This type of phishing attack, known as IDN homograph attacks, relies on the fact that the browser, in this case Chrome or Firefox, interprets the “xn--” prefix in a URL as an ASCII compatible encoding prefix. It is called Punycode and it’s a way to represent Unicode using only the ASCII characters used in Internet host names. Imagine a sort of Base64 for domains. This allows for domains with international characters to be registered, for example, the domain “xn--s7y.co” is equivalent to “短.co”, as [Xudong Zheng] explains in his blog.

Different alphabets have different glyphs that work in this kinds of attacks. Take the Cyrillic alphabet, it contains 11 lowercase glyphs that are identical or nearly identical to Latin counterparts. These class of attacks, where an attacker replaces one letter for its counterpart is widely known and are usually mitigated by the browser:

Continue reading “You Think You Can’t Be Phished?”

Networking: Pin The Tail On The Headless Raspberry Pi

Eager to get deeper into robotics after dipping my toe in the water with my BB-8 droid, I purchased a Raspberry Pi 3 Model B. The first step was to connect to it. But while it has built-in 802.11n wireless, I at first didn’t have a wireless access point, though I eventually did get one. That meant I went through different ways of finding it and connecting to it with my desktop computer. Surely there are others seeking to do the same so let’s take a look at the secret incantations used to connect a Pi to a computer directly, and indirectly.

Continue reading “Networking: Pin The Tail On The Headless Raspberry Pi”

The Surface Area To Volume Ratio Or Why Elephants Have Big Ears

There are very few things that are so far reaching across many different disciplines, ranging from biology to engineering, as is the relation of the surface area to the volume of a body. This is not a law, as Newton’s second one, or a theory as Darwin’s evolution theory. But it has consequences in a diverse set of situations. It explains why cells are the size they are, why some animals have a strange morphology, why flour explodes while wheat grains don’t and many other phenomena that we will explore in this article.

Continue reading “The Surface Area To Volume Ratio Or Why Elephants Have Big Ears”

Brazil Wins The Raspberry Pi Overclocking Olympics

[Alex Rissato] proudly reports that he now holds the record for highest benchmark score on HWBOT (machine translation); something he sees not only as a personal achievement but admirably, of national pride. Overclocking a Raspberry Pi is not as simple as achieving the highest operational clock rate. A record constitutes just the right combination of CPU clock, memory clock, GPU clock and finally the CPU core voltage. If you’ve managed to produce that special sauce, the combination must be satisfactorily cooled and most importantly be stable enough to pass an actual performance benchmark.

More POWAAA to the CPU!

[Alex] realized that the main hurdle to achieving the desired CPU clock was the internally generated and hence restricted, CPU core voltage; This is externally LC filtered and routed back to the CPU on a stock Pi. [Alex] de-soldered the filter on the PCB and provided the CPU with an externally generated core voltage.

Next, the cooling had to be tended to. Air cooling simply wouldn’t cut it, so a Peltier based heatsink interface had to be devised with the hot side immersed in a bucket of salt water. All of this translated to a comfy 16C at a clock speed of 1600 MHz.

Was all the effort justified? We certainly think it was! Despite falling short of the Pi zero CPU clock rate record, currently set at 1620MHz,  [Alex] earned the top spot in the HWBOT Prime overclocking benchmark. Brazil can now certainly add this to its trophy cabinet, arguably overshadowing the 129 Olympic medals.

Prisoners Build DIY Computers And Hack Prison Network

The Internet is everywhere. The latest anecdotal evidence of this is a story of prison inmates that build their own computer and connected it to the internet. Back in 2015, prisoners at the Marion Correctional Institution in Ohio built two computers from discarded parts which they transported 1,100 feet through prison grounds (even passing a security checkpoint) before hiding them in the ceiling of a training room. The information has just been made public after the release of the Inspector General’s report (PDF). This report is fascinating and worth your time to read.

This Ethernet router was located in a training room in the prison. Physical access is everything in computer security.

Prisoners managed to access the Ohio Department of Rehabilitation and Corrections network using login credentials of a retired prison employee who is currently working as a contract employee. The inmates plotted to steal the identity of another inmate and file tax returns under their name. They also gained access to internal records of other prisoners and checked out websites on how to manufacture drugs and DIY weapons, before prison officers were able to find the hidden computers. From the report:

The ODAS OIT analysis also revealed that malicious activity had been occurring within the ODRC inmate network. ODAS OIT reported, “…inmates appeared to have been conducting attacks against the ODRC network using proxy machines that were connected to the inmate and department networks.” Additionally, ODAS OIT reported, “It appears the Departmental Offender Tracking System (DOTS) portal was attacked and inmate passes were created. Findings of bitcoin wallets, stripe accounts, bank accounts, and credit card accounts point toward possible identity fraud, along with other possible cyber-crimes.”

The prisoners involved knew what they were doing. From the interview with the inmate it seems the computers were set up as a remote desktop bridge between internal computers they were allowed to use and the wider internet. They would use a computer on the inmate network and use a remote desktop to access the illicit computers. These were running Kali Linux and there’s a list of “malicious tools” found on the machines. It’s pretty much what you’d expect to find on a Kali install but the most amusing one listed in the report is “Hand-Crafted Software”.

This seems crazy, but prisoners have always been coming up with new ideas to get one over on the guards — like building DIY tattoo guns, When you have a lot of time on your hands and little responsibility, crazy ideas don’t seem so crazy after all.

Victorians And Fiber, Louisville’s Quest For Fast Internet

It was a dark and stormy afternoon, the kind you get on the east side of the country. I was drinking a coffee, sitting in a camping chair in front of my door, and watching like a hawk for the treacherous cable man to show up. This day there would be no escape. There would be no gently rapping the door with a supple sheepskin leather glove before scurrying away for another union mandated coffee break. I was waiting, I was kind of grumpy, and by God today would be the day. Today would be the day that after hours on hold, after three missed appointments, after they lost my records twice; I would get an answer on whether or not they could actually service internet to my apartment. If I was lucky, and the answer was yes, then approximately two to three thousand years later they would run a cable from the telephone pole to my house and I could stop commandeering WiFi from the pizza shop across from me.

It’s important to note that I was in the middle of the city. I wasn’t out in the boonies. Every house on the block but mine had cable. While this is dumb, it begins to make more sense when you dive into the history. Louisville, Kentucky is a strange place. It used to be the gateway to the west. Ships would crawl up its river until they reached the falls. Then porters would charge an exorbitant fee to carry all those goods down to the bottom of the falls where they would be loaded on a ship and be sent ever westward. Resulting in every rich merchant, captain, and manufacturer in the region having a nice house there. Ever wonder why the Derby is in Louisville and the Queen comes to visit sometimes? It probably has something to do with it having the highest concentration of Victorian buildings and mansions outside of New York City.

Continue reading “Victorians And Fiber, Louisville’s Quest For Fast Internet”