Universal Active Filters Part 1

Universal Active Filters: Part 1

Today I am experimenting with a single chip Universal Active Filter, in this case I made a small PCB for the UAF-42 from Texas Instruments. I chose this part in particular as it facilitates setting the filter frequency by changing just a pair of resistors and the somewhat critical values that are contained on the chip have been laser trimmed for accuracy. This type of active filter includes Operational Amplifiers to supply gain and it supports various configurations including simultaneous operating modes such as Band Pass, Low Pass and High Pass make it “Universal”.

Filter Basics

Speaker Crossover Example
Speaker Crossover Example

Looking at the block diagram you can see where I have inserted a dual-ganged potentiometer to change both resistors simultaneously which should allow a straight forward adjustment for our purposes here.

Looking into the components of a simple RC filter which can easily implement a simple Low Pass or High Pass filter, we see that the math is fairly straight forward and swapping the components with each other is all that is needed to change the type of filter. Continue reading “Universal Active Filters: Part 1”

Cheap DIY Microscope Sees Individual Atoms

This is not an artist’s rendering, nor a physics simulation. This device held together with hardware-store MDF and eyebolts and connected to a breadboard, is taking pictures of actual atomic structures using actual measurements. All via an 80¢ piezo buzzer? Madness.

HAD - STM6
Gold atoms in a crystal.

This apparent wizardry is called a scanning tunneling microscope which takes advantage of quantum tunneling. The device brings a needle atomically close to the object to be measured (by hand), applying a small voltage (+-15V), and stopping when it starts to conduct. Depending on the distance between the tip and the target, the voltage varies and does so precisely enough to identify whether an atom is underneath or not, and by how much.

The “pictures” are not photographs like a camera might take from a standard optical microscope, however they are neither guesses nor averages. They are representations of real physical measurements of specific individual atoms as they exist on the infinitesimal area being probed. It “sees” by measuring small voltage changes. Another difference lies in the “scanning.” The probe examines atoms the way one would draw ASCII images – single pixels at a time until an entire atom was drawn. Note that the resolution – as shown in the pictures – is sub-atomic. Sizes of atoms are apparent as are the distances between them. In this they are closer related to the far more expensive Scanning Electron Microscope technology, but are 10-100x zoomier; resolving 0.00000000001m, or 0.00000000039″.

HAD - STM4
Scan Head – Piezo cut into quadrants

One would presume that dealing with actual atoms requires precision machining vast orders of magnitude beyond the home hobbyist but, no. Any one of us could make this at home or in our hackerspaces, for nearly free. Apparently even sharpening a tip to a single atom is, as [Dan] says “not as hard to achieve as you might think!” You take some tungsten wire and pull on it as you cut so that it shatters diagonally. There are better ways he suggests, but that method is good enough.

The ordinary piezo buzzer that is key to the measurement is chopped into quadrants with an ordinary X-Acto knife by hand. Carefully, because it is fragile, but, nothing more to it than that. There are two better and common methods but they cost hundreds of dollars, not 80 cents. It should be carefully glued since soldering heat will damage it, but, [Dan] soldered his anyway because it was easier. Continue reading “Cheap DIY Microscope Sees Individual Atoms”

CastAR Hands-On And Off-Record Look At Next Version

At long last I had the opportunity to try out the CastAR, a glasses-based Augmented Reality system developed by Technical Illusions. The hardware has been in the works now for a couple of years, but every time we have come across a demo we were thwarted by the long lines that accompany them. This time I was really lucky. [Jeri] gave us a private demo in a suite at the Palazzo during CES 2015. Reflecting on the experience, CastAR is exactly the type of Virtual Reality hardware I’ve been longing for.

Continue reading “CastAR Hands-On And Off-Record Look At Next Version”

Making The CES Show… Thirty Years Ago

This year’s CES has dredged up some memories. I had assumed that as one becomes old they are supposed to become used to memories of a young vigorous person that shared their body and memories leaving little else except some scars and some old stale socks lying around plus 2 or 3 pictures to prove it was in fact not a series of hallucinations. Turns out you don’t get used to it, you just endure.

30 Years ago was our CES: Commodore had the reputation of showing something new every CES and this was a time when a Home Computer meant a Consumer Computer. I have written before about how we endeavored to make sure other’s failures didn’t become ours and we did in fact make it, just in time, to the ’85 CES with what became our flagship computer, at least for the next 4 days.

To the Very Last Minute

When I say made it just in time I am counting people hand carrying the last ten or so homebrewed and MOS cooked 80 column chips either the night before or that very morning. The C128 computers where waiting lined up and open in the room seen below; cases agape much like a row of baby birds waiting on whatever engorgement MOS had come up with for us as the seconds counted down.

And then finally we stood on the second floor of our booth (yes they built a 2 story structure for us in a couple of hours the night before) surveying the now working computers; C128’s and the never released LCD machine, when the last “issue” before the doors opened arrived; a Marketing person (panting) telling us of “yet another C128 failure” though she couldn’t actually point to any previous computers that had failed. We wouldn’t let her continue with her complaint until she retracted the previous general statement of failure, more on principle than actual meanness.

CES "Prep" room, 30 years ago this week.
The “Prep” room now empty, every CES C128 computer came through here. Note the EPROM burner and disks taped to the wall along with a residual Coors beer can

As with most highly technical in-the-field fixes this one was something to remember. My last act of “the ’85 CES show” became the simple motion of walking up to the “failed” computer station and pressing the key changing the C128 back to 40 column mode, especially important since it only had a 40 column monitor attached to it.

End of Line

Then something happened: We were done. I felt sub-processes actually end that had been consuming both CPU and I/O for months, I was suddenly unencumbered by the next “must fix”. I didn’t have a next task to pop from the stack… the phrase “End of Line” came to mind.

I was 24, in Las Vegas and had just delivered one of the major products for the best computer company in the world to the only show that mattered to us. I started walking towards the door with the uncommonly bright Las Vegas sun streaming through the windows. There were lines of people around the block waiting to enter, but the exit was completely unobstructed.

I buried myself in Las Vegas in a way that only youth, testosterone, and adrenaline can enable.

Making the Rounds

"Leaving Las Vegas", returning home from the '85 CES show.
Thats me with the long hair and the girl (Judy Braddick, a somewhat brilliant Game Programmer). Note the bottle of Tequila and empty beer bottle sitting on the table in the Las Vegas airport. Greg Berlin is on the left standing two feet taller than normal humans. (Hedley Davis of Xbox fame in the foreground). It was a good CES.

I won’t report here much of what all was done over the next days as I understand that for some things the statute of limitations never truly runs out, but inspired by [Mike’s] reporting of visiting the suites of the companies I will relate one small tale here: I had grabbed my best friend and fellow hardware designer who was the father of the 1581 disk drive, also successfully released on this day, and headed out. With the 6’8” [Greg Berlin] (grandson of the designer of the Curtis Wright P-40 Warhawk) in tow we started hitting the floors of the local hotels looking for the suites of the “important” companies that never managed to personally invite us. We had a secret weapon that opened doors as if bribed; not in Greg’s towering presence but in the simple phrase: “we’re from Commodore”.

Doors fully opened that had previously opened only 12-14 inches only to stop on the shoe of the doorman, and 5.25” floppies were stuffed in our pockets like the $20 bills of a VIP trying to impress his date. The suite that comes to mind was that of Electronic Arts (EA). With backslaps and copies of this year’s (and a few of last year’s) C64 game floppies shoved in our pockets we were welcomed like old friends; appointments were made and more than a couple of chugging contests were held. They lost or at least didn’t better us as we were young and full of testosterone.

As we made ready to leave the good folk of EA, after making sure that we would swing by their booth the next day (we did), they asked if there was anything they could get for us. This may sound like a strange or gratuitous question but I had already spied the case of Michelob (a beer from the early days of 1 micron silicon) and was pointing to it before the question was fully uttered. EA grabbed the case with no hesitation as I turned to face the door so he could set the case of teardrop shaped bottles on my shoulder for me.

Back out into Las Vegas we went with Electronic Art’s beer on my shoulder… It was a good CES.

Naenara

Messing Around With Naenara, North Korea’s Web Browser

[Robert] has been snooping around Naenara in order to learn more about how North Korea’s intranet might work. Naenara is the web browser that comes bundled with North Korea’s official Linux-based operating system known as Red Star OS. [Robert] once saw a screenshot of the browser and found it interesting that the browser seemed to automatically load a non-routable IP address immediately upon start-up. This made him curious about what other oddities one might uncover from the software.

Upon start-up, the browser tries to load a page located at IP address 10.76.1.11, which is a reserved IP address for private use. This indicated that North Korea’s “Internet” is actually more of in intranet. [Robert] suspects that the entire country may be running in private address space, similar to how your home or business likely runs.

[Robert’s] next thoughts were that the browser looks like a very old version of Mozilla Firefox, but with some default configuration changes. For one, all crashes are automatically transmitted to “the mothership”, as [Robert] calls it. He suspects this is to fix not only bugs, but also to find and repair any security vulnerabilities that may allow users more control.

There are some other interesting changes as well, such as the supported security certificates. The Naenara browser only accepts certificates issued by the DPRK, which would make it very easy for them to snoop on encrypted HTTPS traffic. there is also evidence suggesting that all traffic for the entire country is routed through a single government controlled proxy server.

None of these findings are all that surprising, but it’s still interesting to see what kind of information can be gleamed from poking around the browser and operating system. [Robert] has found more than just these few findings. You can check out the rest of his findings on his blog.

[via Reddit]

CES: Meetups, Augmented Reality, And Robots

Hackaday started off Thursday of the Consumer Electronics Show with an impromptu breakfast meetup. This turns out to be a wonderful thing as it lets you ease into a 16 hour day of standing, walking, talking, and getting lost trying to find your way from conference hall to conference hall. We had a great turnout and many brought their hacks and demos to show off. A big thanks to the Sambalatte staff who are awesome people and top tier baristas.

CastAR

DSC_0354

Before leaving for CES I was talking to [Ben Krasnow] about what we should try to see and he suggested looking for private showings that are given in the suites of the hotels at the conference. Turns out our friends at Technical Illusions are doing just that. [Jeri] and [Rick] were showing off CastAR in a suite during the week and were nice enough to make room in their booked schedule for a private Demo.

What you see above are the guts of the version they are currently shipping as part of their Kickstarter fulfillment. I also got a look at a rev2 prototype and will write a follow-up post with more information on the whole experience when I have more time.

Eureka, Startups!

There is a loop of aisles in the Sands that has startup booths and most of the interesting things I saw on Wednesday and Thursday are there. Here we have a jamming gripper robot arm. It’s designed for things like moving oddly shaped goods on a manufacturing line. Empire Robotics hit a homerun with their demo for the booth, a take on beer-bong: robot versus human. The scoreboard showed the robot winning an order of magnitude more than the humans.

[Todd] was at was at the Tinkerines booth showing off 3D printers aimed to augmented the STEM curriculum. We couldn’t help but notice his TIE fighter right and inquired about it. He modeled the design himself, send it off to be cast in silver, and inlaid the stone when the ring came back from the casting service. Sweet!

LVBots

[Sarah Petkus] clued me in and gave me a ride to the Pololu CES open house. The night coincided with the LVBots meetup which they support by providing space for the meetings. There were lots of cool robots being shown off. What you see here was just the pre-meeting warmup of line-followers and sumo robots. I shot some video of the show-and-tell which we’ll post once we’ve had a chance to edit the content.

Closing out CES

wpid-wp-1420824368323.jpegToday is the last day of the conference. I stopped by the Voltera PCB printer booth yesterday but they were nowhere to be found. Turns out they were being handed a $50k check by TechCrunch for winning the Battleground. I suppose we’ll give them a pass for not being at the table during that!

I’ll be headed over this afternoon to catch up with them. I’m also hoping to get a look at the Voxel8 printer. If you have any other “can’t-miss” suggestions let me know in the comments and I’ll try to add them to my CES dance card.

Moonpig

When Responsible Disclosure Isn’t Enough

Moonpig is a well-known greeting card company in the UK. You can use their services to send personalized greeting cards to your friends and family. [Paul] decided to do some digging around and discovered a few security vulnerabilities between the Moonpig Android app and their API.

First of all, [Paul] noticed that the system was using basic authentication. This is not ideal, but the company was at least using SSL encryption to protect the customer credentials. After decoding the authentication header, [Paul] noticed something strange. The username and password being sent with each request were not his own credentials. His customer ID was there, but the actual credentials were wrong.

[Paul] created a new account and found that the credentials were the same. By modifying the customer ID in the HTTP request of his second account, he was able to trick the website into spitting out all of the saved address information of his first account. This meant that there was essentially no authentication at all. Any user could impersonate another user. Pulling address information may not sound like a big deal, but [Paul] claims that every API request was like this. This meant that you could go as far as placing orders under other customer accounts without their consent.

[Paul] used Moonpig’s API help files to locate more interesting methods. One that stood out to him was the GetCreditCardDetails method. [Paul] gave it a shot, and sure enough the system dumped out credit card details including the last four digits of the card, expiration date, and the name associated with the card. It may not be full card numbers but this is still obviously a pretty big problem that would be fixed immediately… right?

[Paul] disclosed the vulnerability responsibly to Moonpig in August 2013. Moonpig responded by saying the problem was due to legacy code and it would be fixed promptly. A year later, [Paul] followed up with Moonpig. He was told it should be resolved before Christmas. On January 5, 2015, the vulnerability was still not resolved. [Paul] decided that enough was enough, and he might as well just publish his findings online to help press the issue. It seems to have worked. Moonpig has since disabled its API and released a statement via Twitter claiming that, “all password and payment information is and has always been safe”. That’s great and all, but it would mean a bit more if the passwords actually mattered.