The Smell of Molten Projects in the Morning

Ed Nisley's Blog: Shop notes, electronics, firmware, machinery, 3D printing, laser cuttery, and curiosities. Contents: 100% human thinking, 0% AI slop.

Author: Ed

Tektronix 2215A Oscilloscope Power Switch Rebuild

My trusty Tek 2215A oscilloscope might be useful for a Larval Engineer engaged in late-night debugging away from the lab, but the power switch has become flaky: sometimes the ‘scope didn’t turn on at all, sometimes the switch required multiple pokes, sometimes everything worked fine. Removing the cover revealed there’s a long plastic bar connecting the power button on the front panel (to the right in the picture) to the power switch near the rear panel AC line socket, tucked under the EMI filter with the red sticker:

Tek2215A – internal top view

Removing the high voltage shield below the PCB reveals the switch has DPDT terminals, but it’s wired as DPST:

Tek2215A power switch – PCB terminals

This knowledge will come in handy later…

Unsoldering the switch and wriggling the bar out of the front panel puts the switch on the bench, solder terminals upward. A plastic shell snapped around the actual switch insulates the top of the six terminals from prying fingers:

Tek2215A power switch – bottom

Remove the shell, remove the toggle-action U-shaped steel pin, release the spring, and pull off the top plate:

Tek2215A power switch – internal

Remove the plunger hardware, remove the rocker arms and their springs:

Tek2215A power switch – disassembled

One contact on each rocker shows signs of distress, but the other button remains pristine (having never seen any voltage differential):

Tek2215A power switch – rockers

Pull out the fixed contact tabs and note that they’ve been scorched a bit. The one on the right corresponds to the bottom rocker above:

Tek2215A power switch – contact tabs

I cleaned everything with a fiber wipe wetted in DeoxIT, then decided that I’d take the easy way out. The tabs have heavy silver plate on both sides, so I flipped them over and reinstalled them with the unused side facing the rockers. The rockers went back in with their unused contact buttons facing the flipped tabs, so we now have fresh, shiny new contact surfaces. Reassemble the switch, soldered it in place, button up the case, and a firm push on the button lights the ‘scope exactly the way it should.

While I had the cover off, I measured the ESR of all those electrolytic capacitors: they’re in fine shape!

The next time the switch needs repair, in another couple of decades, someone can swap in the completely unused tabs from the other end of the switch, then pick whichever contact buttons look best… [grin]

2013-01-11
5 mW Laser Module

A trio of 5 mW laser modules arrived with a bunch of other surplus gear after an end-of-year sale:

5 mW Laser Module

It runs on 5 V at 20 mA, determined by the 91 Ω SMD resistor soldered across the terminals at the back of the PCB. That suggests the laser diode itself runs at about 3.2 V: 5 V – 0.020 A * 91 Ω.

The brass case connects to the red (positive) wire, so you must insulate the laser module from the usual grounded metal chassis.

Two of the three lasers arrived badly defocused, but a twist of the brass barrel broke the sealing glue and a bit more twiddling found the sweet spot.

Running one of these from an Arduino would be just like the UV LED: redefine a bit in the shift register bitfield and drive the laser with a MOSFET switch.

I’d be tempted to bypass the SMD resistor and run it from an LM317-style current regulator hitched directly to the raw battery; I’m pretty sure I have some LM317 regulators in TO-92 packages. The sense resistor would be 62.5 Ω = 1.25 V / 0.02 A, dissipating 25 mW = 1.25 V * 20 mA. From a freshly charged 7.2 V Li-ion battery at 8.5 V, the regulator would dissipate something like 80 mW =(8.5 – 1.25 – 3.2 V) * 20 mA.

Or just add more series resistance and ignore the brightness variation?

2013-01-10
Traffic Signals: Green LED Failures

Traffic Signal – dead green LEDs – 2012

In our (admittedly limited) travels around New York State during the last half decade or so, I’ve seen many (as in, dozens of) traffic signals with this failure:

Apparently the topmost LED string burns out first, leaving the other two (?) strings intact. The earliest picture I have dates back to 2008, so this is a problem of long standing that’s probably wiped out any projected maintenance cost reduction for the entire purchase. The most recent failure I spotted, a few weeks after taking this picture, has a flickering upper string that means it’s not long for this world.

Somewhere up around Albany, I recently saw a green signal with only that string lit up and the other two (?) strings dead, but that’s the sole exception to the pattern.

Of late, NYS DOT has been installing a different green lamp with the LEDs in each string scattered over the entire surface and no diffuser. That means a failed string, of which I’ve already seen several examples in the area, darkens a few spots without being particularly obvious; a less common failure has a few flickering “pixels” that will eventually go dark. While that’s a net win, I wonder why only green lamps have this problem: we very rarely see red or amber lamps with any failed LEDs.

One red LED lamp down the road did fail spectacularly: the whole thing flashed, slowly and somewhat irregularly. Not a flicker, but a flash: long off and short on.

It’s hard to get pictures of failed traffic signals…

While I suppose I should report them, previous attempts to do so have only led to requests for the ID number of the traffic control box, which generally can’t be seen from the traffic lane. I am not stopping at an intersection, getting out, finding the box (perhaps crossing the intersection to get there), finding the ID number, and taking a picture for later reference; you know what happens to people who take pictures of infrastructure. You’d think the signals could phone home on their own, but they’re likely not connected.

2013-01-09
Credit Union vs. Credit Karma vs. Account Security: FAIL

You know how you’re supposed to not click on email links these days, even when they’re from “trustworthy” sources, because you might be a spear-phishing target? Well, here’s a true story about how our Credit Union handles the situation.

The backstory: I recently signed up for a service that provides an estimate of my credit score, which it does by asking the usual Big Three credit reporting agencies for my records on, presumably, a monthly basis. I’m not happy with that arrangement, but I wanted to see how well it worked and figured I’d cancel after a month or two. Based on these exchanges with their support staff, it’s time to cancel…

After I received the expected email from them, I discovered that the only way to reach the service was through an embedded link. I try to avoid doing that sort of thing, so I went directly to (what I assumed was) their website and tried to log in. That didn’t work, so I fired off a support message…

From me to CreditKarma:

Having signed up for your service through the Hudson Valley Federal Credit Union, it seems that I cannot sign on directly to your site using the email address and password I provided during the HVFCU signup.

That means the only way to sign on to my account requires clicking on the link provided in your monthly email, which redirects me through the HVFCU website.

Is that correct?

If so, how can I distinguish your email from a well-designed spear phishing attack that requires me to divulge two banking userids and passwords?

Thanks…

Their reply, which neatly avoids answering the questions:

Sorry for the confusion. Your HVFCU Credit Karma account is different from any account you may have created with www.CreditKarma.com. To log into your HVFCU Credit Karma account, you’ll first need to log into your online banking account and then log in through there.

But that’s not how it works:

OK, so I must go through the HVFCU website to reach you. That process seems to require cookies set by the redirection included in the email link, because simply signing on to the HVFCU website and clicking the appropriate link does not redirect to your website unless I have already followed the email link.

So, allow me to ask the key questions again:

The only way to sign on to my account requires clicking on the link provided in your monthly email, which redirects me through the HVFCU website.

Is that correct?

If so, how can I distinguish your email from a well-designed spear phishing attack that requires me to divulge two banking userids and passwords?

Please answer those questions, as I need to know how this works.

Thanks…

There’s been no answer after a week, so I think I’ve reached the end of their tech support.

Then I posed much the same question to the Credit Union:

Having recently signed up for the CreditKarma score monitoring service, I’m flabbergasted by the total lack of security awareness.

The only way to access the CreditKarma report is through the link in the monthly email. Clicking that link requires signing in to my HVFCU account, then to the CreditKarma account.

Without that clicking on that link, selecting the “Credit Score” menu item in the HVFCU site does nothing.

Without clicking on that link, the CreditKarma.com website does not recognize my email address.

How, exactly, can I distinguish that monthly email from a well-crafted spear phishing attack that will collect the userid and password for both of my accounts?

Is there an alternate procedure for accessing my CreditKarma account that does not require depending on a lengthy link contained in an email message?

Thanks…

Their reply seems slightly more informative, but note that they ignore the “must click the link” evidence I report and also avoid answering the hard questions:

I regret to hear of the difficulties you are experiencing with Credit Karma. If you would like to access the site directly, you should type: https://hvfcu.creditkarma.com. The https: indicates that the connection will be secured. “creditkarma.com” lets you know that you are connecting to Credit Karma’s web site. hvfcu. is the subdomain created by Credit Karma for HVFCU members. Your account will not work at http://www.creditkarma.com because the subdomain created for HVFCU is separate from their public site.

Additionally, you may also log on to Internet Banking, then click on the “My Credit Score” link near the top right of the page, and you may now log in. If you chose this option, ensure that all pop up blocker settings are adjusted since you will be required to access a separate web page. Clicking on the link in the monthly emails will direct you to the same place. We understand that you may not be comfortable clicking on a link or may be using a system or mobile device that doesn’t allow you to view the link, which would make it difficult to determine if a message was legitimate or fraudulent. In these cases, we recommend that you set a shortcut or favorite for https://hvfcu.creditkarma.com or else sign in to Internet Banking first, then click on the “My Credit Score” link.

So I tried again:

> Your account will not work at http://www.creditkarma.com because the subdomain created for HVFCU is separate from their public site.

Indeed, it doesn’t. When I asked them about that, their reply was, shall we say, unhelpful; they really want me to click on the link and didn’t even mention the HVFCU subdomain. I did tell them that I had an HVFCU account, so they weren’t completely ignorant of the situation.

They have not responded to my question about determining whether an email allegedly from them is a phishing attack, either.

> Additionally, you may also log on to Internet Banking, then click on the “My Credit Score” link near the top right of the page, and you may now log in.

As I reported, that doesn’t work unless you’ve previously clicked on the email link to set whatever tracking cookies they use. I’ve tried it immediately after clearing cookies and cache: it doesn’t work. Clicking on the link to bounce off their website sets everything up properly and then the HVFCU menu item works.

Try that and see how it works for you. I’d like to know whether it’s a peculiarity of Firefox and Chrome.

> We understand that you may not be comfortable clicking on a link

As the HVFCU page on phishing says: “Links within the email take you to a fake website that usually looks authentic because it uses graphics from the institution’s real website.” So, basically, I must regard all clickable links in all emails as suspect.

Given that the URL is total gibberish, with the both the HVFCU and Credit Karma URLs buried within tracking numbers, there’s no possibility of manually extracting and typing the address.

So, as I asked originally, please tell me exactly how I can tell that an email purporting to be from Credit Karma isn’t a very well-done phishing attack?

We both know there’s no way to do so, so why do you and Credit Karma rely on email links for such a vital function? You’re training your customers to click on emailed links, which is a terrible security practice for a bank.

Have you documented the direct sign-on process anywhere your customers can find it? I couldn’t, but maybe I’m not looking in the right place. Why not put those instructions in each email, rather than using clickable links?

Thanks…

Another week has passed, so I suspect they’re not going to answer those questions, either.

Am I the only person who thinks it’s bad practice for a bank to require you to click on emailed links?

2013-01-08
Wall Switch Failure

Here’s what happens to a really old wall switch:

Wall Switch – innards

A closeup of that broken contact:

Wall Switch – detail

This switch controlled an outlet, so I’m sure it’s hot-switched far too many vacuum cleaners, clothes irons, and suchlike over the last half century or so.

Our house is a bit fancier and originally had top-of-the-line mercury-wetted switches: the contacts sealed in the capsule don’t burn, but the springy supporting structures outside the capsule eventually wear out.

They’re still more reliable than X10 switches, though.

2013-01-07
Furnace Heat Exchanger: Temporary Repair

Which small spot on this hot-air furnace heat exchanger isn’t like all the other small spots?

Pinhole in furnace heat exchanger

Correct! The orange one at the corner of the rectangular exhaust gas flue that’s lit up like the sun, because you’re looking directly into the oil burner flame.

With the fire off and everything cooled down, it looked like this:

Pinhole in furnace heat exchanger – detail

Now, this calls for a new furnace (because replacing the heat exchanger costs as much as a new furnace), but as it turns out this was in an unoccupied house during the week before Christmas. So I scrubbed off the debris with a steel brush, bent up a snippet of 2 mil brass shimstock to fit the corner, applied a layer of JB Industro-Weld epoxy to the problem, and positioned 200 W of incandescent bulbs to help it cure slightly sooner than forever:

Furnace heat exchanger – temporary fix

That is most certainly not a final repair, not just because the heat exchanger’s normal operating temperature exceeds the epoxy’s 500 °F rating, but because where there’s one pinhole there’s bound to be more. The goal was to let us keep the furnace running until we could schedule the replacement after the holidays. Remember, the building isn’t occupied and neither of the smoke / CO detectors went off at any point in the proceedings.

Houses are trouble!

2013-01-06
Beaver Engineering

Beaver-gnawed stump on DCRT at Lake Walton

I spotted this bit of engineering while riding on the Dutchess Rail Trail at Lake Walton:

Evidently, the beaver stopped just before the tree toppled, because the last cut looks very much like a chainsaw.

I didn’t spot their lodge out in the lake; they may have tucked it under the bank below the railroad bed.

If they keep this up, they’re sure to get trapped and moved somewhere they can’t interfere with our enjoyment of the natural landscape along the rail trail. [wince]

2013-01-05