The Smell of Molten Projects in the Morning
Ed Nisley's Blog: Shop notes, electronics, firmware, machinery, 3D printing, laser cuttery, and curiosities. Contents: 100% human thinking, 0% AI slop.
Things around the home & hearth
We hived a giant swarm!
They’re doing well in their new home, building out comb on the foundation. The queen is in good shape, laying eggs as soon as the workers finish the cells. The workers seem to be feeding pollen directly to the larvae rather than storing it, which makes perfect sense. They’re taking two quarts of 1:1 sugar water every day!
Either you already know what this is all about or you really don’t want to know.
‘Nuff said…
Luggage now comes with a pair of sliders on each zipper, which means that the two sliders come together when the zipper is closed. That allows you to lock the slider pulls together, which is a nice touch for those of you who think luggage locks actually improve security.
It also means that the metallic pull tabs jingle and jangle merrily together in the back of the van all the way to grandmother’s house as we go, we go.
Not to be tolerated, sez I.
Apply a length of heat shrink tubing to each tab. If you’re a locking kind of person, leave the holes on the end exposed. If you’re a real cheapskate, you could get away with shrinking just one tube per pair, but even I’m not that far gone.
I have a Virgin Mobile Kyocera Marbl phone, for reasons discussed there. It’s sufficiently nonstandard that the “fits most phones” headsets and chargers don’t. In particular, I have yet to see a charger with the proper adapter dingus for this phone.
Fortunately, the charger is rated at 5 V @ 350 mA… that’s easy enough.
Cut the charger’s cable in the middle, more or less, and install Anderson Powerpole connectors. The standard color code for 5 V is white / black; don’t use red / black for fear you’ll eventually plug it into a 12 V source and toast the phone.
The charger wires are most likely a far smaller gauge than the 15 A (!) connector pins prefer, so strip the conductors twice as long, double the ’em over and perhaps add a short length of multistrand hookup wire to fill out the barrel before you crimp it.
Check the polarity before you poke the pins in the housings: you want the +5 V pin in the white housing!
I aligned the housings to match the ARES / RACES standard, as described there, as that’s what I’ve done with all my other Powerpole connectors. If your phone expects some weird-ass voltage, maybe you want to make certain it can’t possibly mate with anything that’ll kill it stone cold dead. Oh, and in that case pick a suitably different color. Blue seems to be the standard for 9 V, at least in the ham radio arena, for whatever that’s worth.
Add heatshrink tubing for strain relief (it might slip over the finished pins if you forget), wrap cold-vulcanizing rubber tape around the whole connector for more strain relief, and you’re done. It’ll make your charger cable resemble an anaconda eating a pig, but that’s OK with me.
Now the phone can commune with a bench power supply, a bulk 5 V supply, or nearly anything that you’ve hacked into using Powerpoles. It’s your job to make sure the voltage matches up!
Now, if you haven’t already, make a USB-to-Powerpole adapter. Alas, even though the phone uses 5 V, it draws too much current to charge directly from a standard USB port. However, I have a Black & Decker Pocket Power battery pack with a regulated USB outlet that can allegedly supply 250 mA and seems to handle the phone just fine.
So: cut a spare USB cable, verify that the red conductor is 5 V and the black is common (hell hath no fury like that of an unjustified assumption and we’re dealing with bottom-dollar suppliers here), crimp, align housings, add strain relief, and try it out.
This should work for any phone with a dumb, bulk-power charger. If you cut the cable and find three conductors, solder that devil back together again; there’s no telling what’s passing along that third rail!
So batteries.com had the usual security breach, lost the usual list of customer info, and sent out the usual letter advising the victims that they could get a free signup with Experian’s credit-report monitoring service.
So I signed up, which involved the usual exposure of sensitive parts of my ID anatomy, and was eventually told (despite answering everything correctly, AFAICT) that they couldn’t verify that I was, in fact, me and would send a paper form to my (presumably known-to-them) USPS address for confirmation.
The next day I get an email from “Triple Alert Redemption Customer Care <mumble-mumble@consumerinfo.com>” with this helpful offer:
We employ a rigorous identity verification system in order to protect your personal information. Unfortunately, we could not validate your identity due to either technical difficulties with the system or information submitted that could not be confirmed.
To continue the order process, please contact customer care at 1-866-mum-bles, Monday-Friday from 6 a.m. to 6 p.m., Saturday-Sunday 8 a.m. to 5 p.m. Pacific Time. Please provide this Reference number (required):
Reference number: make-up-your-own
A representative will attempt to confirm your identity by asking you questions based on the information contained in your credit report. Please be sure to familiarize yourself with data such as the names of your lenders and account balances before you call. Once your identity has been confirmed, you will be provided access to your Triple Alert(SM) Credit Monitoring membership.
Now, it’s highly likely that the email is on the up-and-up, but this seems to be precisely one of those situations they warn about:
Instead, I called the “Contact Us” number from their website. The nice lady didn’t see anything wrong with them sending out an email like that. Nay, verily, she offered to do the deed right over the phone. I respectfully declined… I can wait.
It’s worth noting that although it’s an Experian thing, the websites & email addresses involved include:
It’s enough to make you think longingly of cutting up your cards, digging a hole, climbing down, and pulling it in after you.
[Update: after a month or so, I got an email telling me that all was quiet on my Triple-Alert front and my delicate personal bits were in fine shape. A few days later, the long-awaited paper arrived with my confirmation numbers. So I suppose it’s working, but sheesh it doesn’t inspire much confidence.]
Bicycles, in general, aren’t set up for heavy load carrying, so I use a BOB Yak trailer for groceries, garden goodies, recycling, dead PCs, and this and that and the other thing. It works surprisingly well, tracks nicely, and tends to push cars another half-lane to the left.
Word: if you want plenty of clearance in traffic, haul a 20-pound propane cylinder in your bike trailer!
Anyhow, storing the trailer is a bit of a nuisance, as it’s not particularly stable on its own and takes up a remarkable amount of floor space.
I finally figured out that it would hang neatly from the garage door tracks, just beyond where the door stops at the top of its travel. There’s a set of shelves against the wall, filled with the usual crap found on garage shelves (well, maybe you don’t have beekeeping supplies, but you get the idea), so the trailer isn’t blocking anything really important.
I lean my bike against those same shelves and the trailer hangs neatly between the seat and the fairing. The ladies’ bikes are just out of sight to the right.
We have a two-car garage that’s the right size for one minivan and three Tour Easy recumbents…
Just picked up a batch of electronic-ballast shoplights from Lowe’s, motivated by a 10% off card they sent a while ago. Not a killer deal, but it evidently got plenty of folks into the store on a Sunday morning.
The new lights don’t claim much about their abilities, other than “Electronic Cold Weather Start (0° F)” and that the reflector sizing requires T8 (1″ dia) fluorescent tubes. One would expect an electronic ballast to have a decent power factor and improved efficiency.
Because I’m that sort of bear, I opened one up to see what was inside. Here’s the ballast:
Although the fixture is sized for T8 tubes, the ballast would be perfectly happy with T12s. Similarly, the box insists on F32 tubes, but the ballast is OK with F40s.
I thought a comparison with one of my old magnetic-ballast fixtures would be of interest, so I hitched up the Kill-A-Watt meter and ran some comparisons.
The results…
| Amp | Watt | VoltAmp | PF | |
| Old magnetic ballast | ||||
| F40T12 | 0.64 | 60 | 76 | 0.79 |
| F32T8 | 1.11 | 80 | 126 | 0.62 |
| New electronic ballast | ||||
| F40T12 | 0.75 | 47 | 89 | 0.53 |
| F32T8 | 0.77 | 49 | 91 | 0.54 |
The electronic ballast has a much lower power factor and thus much higher current. The box & ballast don’t say anything about power factor correction and, wow, there sure isn’t any. The power company hates gadgets like this…
I cannot compare the brightness because the F40 tubes are several years old, but it’s interesting that the electronic ballast runs both tube sizes at essentially the same power (just as the dataplate indicates, sorta-kinda). The magnetic ballast really cooks the piss out of the smaller tubes, though… or it’s dumping a lot of energy into the ballast. Hard to say.
The T12 tubes are rated for 3000 lumens & 20 k hours. The new box of T8 tubes I got a while back are 2800 lumens and 24 k hours. Frankly, I don’t believe any of those numbers, particularly given the actual power consumption: it looks like either ballast runs them at just 75% of their rated power.
Anyhow, these were the cheapest shoplights in stock; I bought eight of ’em, because I’ve been replacing one dead fixture every month or two for the last year. I’d like to think I’d get a better ballast if I spent twice as much, but to a good first approximation the additional cost seems to have gone into black plastic trim and a burnished-chrome exterior finish; not what I need in the Basement Laboratory.
I wish the boxes were more forthcoming so you didn’t need to perform exploratory surgery.
For those of you still using Windows, here’s a sobering look at why you shouldn’t: an analysis of the Torpig botnet by an academic group that managed to take over its command & control structure for a few days.
The report is tech-heavy, but well worth the effort to plow through.
Here are some of the high points…
Why do the bad guys do this? It’s all about the money, honey:
In ten days, Torpig obtained the credentials of 8,310 accounts at 410 different institutions.
… we extracted 1,660 unique credit and debit card numbers from our
collected data.
Does an antivirus program help?
Torpig has been distributed to its victims as part of Mebroot. Mebroot is a rootkit that takes control of a machine by replacing the system’s Master Boot Record (MBR). This allows Mebroot to be executed at boot time, before the operating system is loaded, and to remain undetected by most anti-virus tools
In these attacks, web pages on legitimate but vulnerable web sites are modified with the inclusion of HTML tags that cause the victim’s browser to request JavaScript code from a[nother] web site under control of the attackers. This JavaScript code launches a number of exploits against the browser or some of its components, such as ActiveX controls and plugins. If any exploit is successful, an executable is downloaded from the drive-by-download server to the victim machine, and it is executed.
What happens next?
Mebroot injects these modules […] into a number of applications. These applications include the Service Control Manager (services.exe), the file manager, and 29 other popular applications, such as web browsers (e.g., Internet Explorer, Firefox, Opera), FTP clients (Leech-FTP, CuteFTP), email clients (e.g., Thunderbird, Outlook, Eudora), instant messengers (e.g., Skype, ICQ), and system programs (e.g., the command line interpreter cmd.exe). After the injection, Torpig can inspect all the data handled by these programs and identify and store interesting pieces of information, such as credentials for online accounts and stored passwords.
If you think hiding behind a firewall router will save you, you’re wrong:
By looking at the IP addresses in the Torpig headers we are able to determine that 144,236 (78.9%) of the infected machines were behind a NAT, VPN, proxy, or firewall.
If you think you’ve got a secure password, you’re wrong:
Torpig bots stole 297,962 unique credentials (i.e., username and password pairs), sent by 52,540 different Torpig-infected machines over the ten days we controlled the botnet
If you think a separate password manager will save you, you’re wrong.
It is also interesting to observe that 38% of the credentials stolen by Torpig were obtained from the password manager of browsers, rather than by intercepting an actual login session.
Somewhat more info on Mebroot from F-Secure.
Remember, the virus / worm / Trojan / botnet attacks you read about all the time only affect Windows machines. Linux isn’t invulnerable, but it’s certainly safer right now. If you’re running Windows, it’s only a matter of time until your PC is not your own, no matter how smart you think you are.
If you have one or two must-gotta-use Windows programs, set up a dedicated Token Windows Box and use it only for those programs. Network it (behind a firewall) if you like, but don’t do any email / Web browsing / messaging / VOIP on it. Just Say No!
For everything else, run some version of Linux. It’ll do what you need to get done with less hassle and far less risk. It’s free for the download, free for the installation, and includes all the functions you’re used to paying money for. Just Do It!
If you think using Linux is too much of a hassle, imagine what putting your finances back together will be like. Remember, the bad guys will steal everything you’ve ever put on your PC, destroy your identity, and never get caught.
Now you know… why are you still stalling?
The Smell of Molten Projects in the Morning 