The Smell of Molten Projects in the Morning

Ed Nisley's Blog: Shop notes, electronics, firmware, machinery, 3D printing, laser cuttery, and curiosities. Contents: 100% human thinking, 0% AI slop.

Tag: Rants

And kvetching, too

Sony DSC-H1 Shutter Button Repair: Damage Assessment
Camera Body Damage

My brother-in-law Tee dropped his Sony DSC-H1 camera, which landed atop its shutter button on the pavement.

Bad news…
- the shutter button broke off
- the bezel popped out
- the teeny little snap ring that held the shutter button stem in the bezel vanished, because…
- the stem broke and the end vanished, too
Good news…
- apart from some scuffs, the camera still works
- he managed to find the shutter button
- and the button bezel
- and the spring!
Shutter Button – Spring – Bezel

A bit of browsing reveals that many, many Sony DSC-Hx (where x is an integer from 1 through 9, inclusive) owners have the same problem, minus the inconvenience & embarrassment of first dropping the camera. Turns out that the shutter button stem breaks at that notch in normal use.

It seems the stem snaps while you’re taking pix, whereupon the spring launches itself and the button cap into the nearest river / drain grate / weedy area, never to be seen again. Tee is exceedingly fortunate to have found all the major pieces!

Shutter Button Stem – End View.

Here’s the broken end of the stem, with the button cap out of focus in the background. The stem is 1.5 mm in diameter, so the snap ring was surrounding, what, 0.75 mm of plastic? In what alternate universe did this design decision make sense?

I think the snap ring contributed to the problem by eroding the stem in the notch; that little white stub isn’t half of the stem diameter; it may have stretched under impact, but surely not all that much.

Yes, you can buy a replacement button for about 30 bucks direct from Sony, but it seems the new stem is subject to the same failure after a short while. They’re standing by the original design, marginal though it may be.

Now, obviously, this stem failed from abuse, no argument there. Everybody else had their stem fail without provocation, though, so it really isn’t adequate to the task at hand.

Bezel Socket View

Anyhow, there’s also some damage at the bezel socket on the camera body, but nothing major. The dented silver areas on either side of the switch membrane are ESD shields, so that any static discharge from your finger will (most likely) dissipate on the external frame of the camera, rather than burrow into its guts via the switch.

The bezel twist-locks into the camera body, which means that you can remove the bezel if you can get a good grip on it. It turns clockwise to remove.

Shutter Switch Closeup

Peering closer at the membrane switch, it looks as though the button stem did some damage on its way out, although Tee admits to using various pointy objects to trigger the shutter while figuring out what to do with the camera.

More good news: the switch still works correctly, including the focus function with the button half-pressed, That means the switch membrane and contacts are in good shape.

Bezel – Top View

The bezel itself is pretty well graunched, with a nest of cracks underneath that damaged arc to the left of the pictures. I think it’s in good enough condition that I can remove the bent plastic, ooze some solvent adhesive into the damage, and compress it enough to make everything stick together.

Bezel – Side View

Obviously, this calls for some Quality Shop Time!

The overall plan is to remove the remaining stem from the button, drill-and-tap the button head for a miniature brass screw (1-72, I think), reshape the screw head into a membrane-friendly plunger (about 3 mm diameter and flat), then put it all back together with a nut in place of the snap ring.

I should be able to install the bezel (without the button), then insert some drill rod through the hole to figure out how far the screw must protrude to trigger the focus & shutter switches. Perhaps a pin vise will grip the drill rod and bottom out on the bezel’s central ring, so I can do a trial-and-error fitting?

Then I can adjust the screw to that overall length below the bezel with the button pressed, whack off anything that sticks out above the button, adjust the nut to limit the button’s outward travel, slobber Loctite over everything, and put it all together for the last time.

That’s the plan, anyway. As the Yiddish proverb has it, “If you wish to hear G*d laugh, tell him your plans.”

Some useful dimensions…

Button Dimensions

The rest of the story…

Rebuilding the button

Putting it all back together again
2009-08-27
War on the Unexpected: A Screenplay
EXT. UPSTATE NY APARTMENT COMPLEX — EARLY AFTERNOON

Clouds

A STRANGER emerges from an apartment and walks through the adjacent parking lot to the complex’s central roadway. A late-middle-age white male, he is dressed casually in black trousers, red t-shirt with STAFF in large white letters on the back, well-worn blue-and-white pinstriped locomotive driver (“engineer”) cap, and dark sunglasses. His graying beard is trimmed short, but he is obviously overdue for his quarterly haircut. He carries a bulky black prosumer digital camera.

The bright blue sky is filled with large clouds from an approaching storm front and, opposite the sun, a cumulonimbus bank looms over the far horizon above a row of apartment buildings.

The Stranger studies the clouds, moves to various vantage points, examines the rest of the sky. He braces the camera against a road sign pole and fiddles extensively with the knobs & buttons while taking several pictures.

WOMAN #1 emerges from a building, enters a car, and drives along the central roadway. She slows, stops next to the Stranger, and rolls down her window.

WOMAN #1

What are you taking pictures of?

STRANGER

Those great clouds over there! Looks like we’re in for a real storm later today!

WOMAN #1

Oh. Have a nice day. (She rolls up the window and drives off)

The Stranger is joined an elderly COUPLE, WOMAN #2 who is probably his wife, and a teenage GIRL who vaguely resembles all of them. The Girl is wrapped in a large towel. They walk slowly through the apartment complex to the pool, appear baffled by the childproof latch on the gate, and are finally admitted by WOMAN #3 who shows them how to operate it.

INT. IN-GROUND POOL PATIO

They sit around a table in the corner, jockeying the uncomfortable plastic chairs for position in the shade cast by the table’s umbrella, while the Girl removes a towel to reveal a red swimsuit, enters the pool, and begins swimming laps.

Coming up for air

Various other PEOPLE occupy the area near the pool, including older couples, males of various ages, several curvaceous mid-twenty-ish females clad in revealing swim / sunbathing attire, and a group of middle-age couples.

The Stranger takes several pictures of the Girl in the pool.

Time passes.

The Stranger, realizing that he’s about to spend the next three hours sitting on his well-flattened butt in the van while driving home, stands up, stretches, and walks to the gate. He intently studies the labels on the childproof latch, which is misinterpreted as being baffled, and leaves the pool area.

EXT. APARTMENT COMPLEX ROADS

Manhole cover

The Stranger strolls around the apartment complex to the side entrance road, and returns along a different route. He seems to take a particular interest in drain grates, manhole covers, garage doors, and infrastructure in general. He scuffs the dirt from one manhole cover and takes a picture of it. He continues walking around the complex and returns to the pool.

His companions gather themselves together and emerge from the pool gate.

EXT. POOL AREA

A New York State Police car drives slowly into the complex through the side entrance. The TROOPER scans the area, spots the Stranger, and pulls up beside him.

TROOPER

Good day. How are you doing?

STRANGER

(Smiling) So far, so good.

TROOPER

What brings you here today?

STRANGER

We’re visiting my wife’s parents. (Gestures to indicate the Couple among his companions)

TROOPER

(Eyes the group) We’ve had a report of someone in the area taking pictures of buildings and possibly people.

STRANGER

Well, I’ve been taking pictures of clouds, a manhole cover, and my daughter. (Smiles) I think it’s still permitted for me to take her picture.

TROOPER

(Getting down to business) Your name?

STRANGER

(gives name, helpfully spells last name)

TROOPER

What’s your birth date?

STRANGER

(Gives a date long in the past)

TROOPER

(Typing on laptop PC) And your address?

STRANGER

(Gives city and state)

TROOPER

(With emphasis) Your street address.

STRANGER

(Gives street address)

TROOPER

Phone number?

STRANGER

(Gives phone number, repeats when trooper misses last four digits)

TROOPER

(Types, pauses, types, reads screen) Enjoy your stay.

Trooper drives off, leaving apartment complex through main entrance.

STRANGER

(To his companions) Well, I now have a police record tagged “suspicious behavior”.

The group walks back to the apartment while discussing recent events and their plans for the remainder of the Independence Day weekend.

EXT. APARTMENT COMPLEX

P.O.V. pulls back and ascends in Google-Earth fashion to show entire Adirondacks region. The Stranger assumes the role of voice-over INTERLOCUTOR. Fade to black during narration.

INTERLOCUTOR

Despite my pique, the Trooper performed his job properly and with decorum. While the opinions of my companions differ, I contend that once a 911 call has been received, the police must follow established procedures to resolve the complaint. The response depends on the initial report and what the Trooper finds during his approach.

The fault, if any is to be found, thus resides with people who have been recently trained to suspect once-normal behavior: anything they wouldn’t do is considered threatening, if not hostile, when done by someone they don’t recognize.

Photography, in particular, is now treated as reconnaissance for an assault. Unless it’s done by surveillance cameras, in which case it’s perfectly benign.

–THE END–

Perhaps you can tell a similar story.

Extra Credit
Explore these 27 parametric variations on the theme of Stranger:
- Appearance: whitebread / black / Levantine
- Dress: casual / ripped baggies / ersatz-military-wanker-camo
- Conduct: friendly / avoids-meeting-of-eyes / arrogant
Describe the Trooper’s likely approach to and interaction with these Strangers, assuming sufficient training to avoid racial profiling:
- [white + military + friendly]
- [black + military + arrogant]
- [Levantine + ripped baggies + avoids-meeting-of-eyes]
Double Bonus
Consider the behaviour variation where a [white + casual + friendly] Stranger politely but firmly refuses to cooperate with the Trooper’s inquiries. Explore the range of perfectly legal and extremely unpleasant outcomes. Possible working title: “How to ruin the rest of your holiday weekend in five minutes flat”.

Background information, all highly recommended:
- Bruce Schneier first named The War on the Unexpected
- The BBC shows the logical endpoint: The Last Enemy
- Cory Doctorow speaks the truth: Little Brother
- LL Cool J provides the soundtrack: Illegal Search
- Bruce Schneier explains Why You Should Never Talk To The Police
- Patent 5911537: Parabolic cover for manhole
Update: Many internal links on Schneier’s blog are broken. As nearly as I can tell, all inter-word hyphens should now be underscores: the-war-on-the.html becomes the_war_on_the.html. Perhaps they switched the back-end database?
2009-07-05
Fancy Scam-by-mail Offering

Mail Spam

Just got a letter from Canada, allegedly from the Readers Digest Sweepstakes, but with a letterhead address of 1125 Cornell Ave, Atlanta GA 33412. The phone/fax number is 912-480-0353, oddly not a toll-free business number. The letter has medium production values, pixellated Readers Digest logos, surprisingly few typos, and a painfully ersatz signature.

I’m to believe I’ve won $255,069.00 in a contest I’ve never entered (the way I see constests, while you’ve got to play to win, entering doesn’t improve your chances of winning). The “69” is a nice touch, I’d say.

Enclosed is an exceedingly valid-looking check for $3892.91 “to help you cover any charges that may be required before you receive your funds.” Check number 1100912681, if you can believe that. It has excellent production values, a genuine artificial watermark on the back, and is nominally drawn on an actual Canadian bank.

Bogus check

Obviously, a fraud. International and postal, no less.

I’m impressed at the level of effort they went to, but it seems that with an actual telephone number (the address is surely faked), some branch of law enforcement should be able to fly right into their ears. No, I am not going to call that number…

I gave the FBI a tip, but I’m reasonably sure nothing will come of it.

[Update: Well, maybe the FBI didn’t do anything, but there’s an absolutely wonderful riff based on this letter. I’ll only quibble about the 57 Chevy… it was really a Studebaker.]

2009-07-02
Security by Photographic Obscurity: FAIL

Gas Storage Tank

We biked along the Poughkeepsie waterfront and spotted this stately gas storage tank. The shape tells you it’s a pressure vessel, not a simple fluid tank. I think Central Hudson has an underwater gas pipeline across the Hudson right about there; the waterfront is rife with oil storage tanks and suchlike, although less than in days of yore.

As you might expect, I took the picture from a public area, pretty much in front of a house across the street. It’s not like this was a risky high-security red-flag penetration operation; we rode to the end of Dutchess Avenue (the better part of 600 feet), soaked up some of the decaying industrial-age vibe, turned around, and rode back up the hill.

Dutchess Avenue – Google Obscured View

I made a ten-cent bet with myself that the Google-Eye view of the area would be blurred out “for security reasons” and, yup, won that sucker. This isn’t a case of JPG compression: notice how (relatively) crisp the railroad tracks are?

Dutchess Ave – Topo Map

The 1955 topographic map hanging on our wall (I’m a map junkie) was revised in 1981 and leaves very little to the imagination. It not only shows oil storage tanks standing on those now-empty concrete pads, but it also labels the area. Admittedly, it doesn’t show the gas tank, so the tank hasn’t been there for more than, oh, a quarter-century.

I submit to you that the best way for an evildoer to pick a high-value target is to browse the maps and look for low-res areas. Here in mid-state New York, that’s an infallible way to find things like big petroleum storage facilities (or just look along the waterfront), airports with military-grade runways (the Dutchess County Airport evidently doesn’t count), oil / coal / nuke power plants, and good stuff like that. Then the bad guy gets in his car, drives over, gets some ground truth, and away they go.

A lazy bad guy could even write a Google Maps app that quietly and slowly scanned a given area for low-res points of interest.

That’s what Bruce Schneier calls a Movie Plot Threat. Ruining the resolution doesn’t change anything; you don’t need high-res imagery to blow something up.

Sheesh & similar remarks.

2009-06-25
Experian Triple-Alert Signup: FAIL
So batteries.com had the usual security breach, lost the usual list of customer info, and sent out the usual letter advising the victims that they could get a free signup with Experian’s credit-report monitoring service.

So I signed up, which involved the usual exposure of sensitive parts of my ID anatomy, and was eventually told (despite answering everything correctly, AFAICT) that they couldn’t verify that I was, in fact, me and would send a paper form to my (presumably known-to-them) USPS address for confirmation.

The next day I get an email from “Triple Alert Redemption Customer Care <mumble-mumble@consumerinfo.com>” with this helpful offer:

We employ a rigorous identity verification system in order to protect your personal information. Unfortunately, we could not validate your identity due to either technical difficulties with the system or information submitted that could not be confirmed.

To continue the order process, please contact customer care at 1-866-mum-bles, Monday-Friday from 6 a.m. to 6 p.m., Saturday-Sunday 8 a.m. to 5 p.m. Pacific Time. Please provide this Reference number (required):

Reference number: make-up-your-own

A representative will attempt to confirm your identity by asking you questions based on the information contained in your credit report. Please be sure to familiarize yourself with data such as the names of your lenders and account balances before you call. Once your identity has been confirmed, you will be provided access to your Triple Alert(SM) Credit Monitoring membership.

Now, it’s highly likely that the email is on the up-and-up, but this seems to be precisely one of those situations they warn about:
- you get an official-looking email
- call the phone number
- talk to the nice person
- answer a bunch of probing questions
- be assured that something pleasant will happen
Instead, I called the “Contact Us” number from their website. The nice lady didn’t see anything wrong with them sending out an email like that. Nay, verily, she offered to do the deed right over the phone. I respectfully declined… I can wait.

It’s worth noting that although it’s an Experian thing, the websites & email addresses involved include:
- experian.com
- consumerinfo.com
- experiandirect.com
It’s enough to make you think longingly of cutting up your cards, digging a hole, climbing down, and pulling it in after you.

[Update: after a month or so, I got an email telling me that all was quiet on my Triple-Alert front and my delicate personal bits were in fine shape. A few days later, the long-awaited paper arrived with my confirmation numbers. So I suppose it’s working, but sheesh it doesn’t inspire much confidence.]
2009-06-12
Electronic Ballast Shoplights: So Much For Efficiency

Just picked up a batch of electronic-ballast shoplights from Lowe’s, motivated by a 10% off card they sent a while ago. Not a killer deal, but it evidently got plenty of folks into the store on a Sunday morning.

The new lights don’t claim much about their abilities, other than “Electronic Cold Weather Start (0° F)” and that the reflector sizing requires T8 (1″ dia) fluorescent tubes. One would expect an electronic ballast to have a decent power factor and improved efficiency.

Because I’m that sort of bear, I opened one up to see what was inside. Here’s the ballast:

Electronic Ballast Dataplate

Although the fixture is sized for T8 tubes, the ballast would be perfectly happy with T12s. Similarly, the box insists on F32 tubes, but the ballast is OK with F40s.

I thought a comparison with one of my old magnetic-ballast fixtures would be of interest, so I hitched up the Kill-A-Watt meter and ran some comparisons.

The results…

Amp Watt VoltAmp PF

Old magnetic ballast

F40T12 0.64 60 76 0.79

F32T8 1.11 80 126 0.62

New electronic ballast

F40T12 0.75 47 89 0.53

F32T8 0.77 49 91 0.54

The electronic ballast has a much lower power factor and thus much higher current. The box & ballast don’t say anything about power factor correction and, wow, there sure isn’t any. The power company hates gadgets like this…

I cannot compare the brightness because the F40 tubes are several years old, but it’s interesting that the electronic ballast runs both tube sizes at essentially the same power (just as the dataplate indicates, sorta-kinda). The magnetic ballast really cooks the piss out of the smaller tubes, though… or it’s dumping a lot of energy into the ballast. Hard to say.

The T12 tubes are rated for 3000 lumens & 20 k hours. The new box of T8 tubes I got a while back are 2800 lumens and 24 k hours. Frankly, I don’t believe any of those numbers, particularly given the actual power consumption: it looks like either ballast runs them at just 75% of their rated power.

Anyhow, these were the cheapest shoplights in stock; I bought eight of ’em, because I’ve been replacing one dead fixture every month or two for the last year. I’d like to think I’d get a better ballast if I spent twice as much, but to a good first approximation the additional cost seems to have gone into black plastic trim and a burnished-chrome exterior finish; not what I need in the Basement Laboratory.

I wish the boxes were more forthcoming so you didn’t need to perform exploratory surgery.

2009-06-05
Why Friends Don’t Let Friends Use Windows: Torpig

For those of you still using Windows, here’s a sobering look at why you shouldn’t: an analysis of the Torpig botnet by an academic group that managed to take over its command & control structure for a few days.

The report is tech-heavy, but well worth the effort to plow through.

Here are some of the high points…

Why do the bad guys do this? It’s all about the money, honey:

In ten days, Torpig obtained the credentials of 8,310 accounts at 410 different institutions.

… we extracted 1,660 unique credit and debit card numbers from our
collected data.

Does an antivirus program help?

Torpig has been distributed to its victims as part of Mebroot. Mebroot is a rootkit that takes control of a machine by replacing the system’s Master Boot Record (MBR). This allows Mebroot to be executed at boot time, before the operating system is loaded, and to remain undetected by most anti-virus tools

In these attacks, web pages on legitimate but vulnerable web sites are modified with the inclusion of HTML tags that cause the victim’s browser to request JavaScript code from a[nother] web site under control of the attackers. This JavaScript code launches a number of exploits against the browser or some of its components, such as ActiveX controls and plugins. If any exploit is successful, an executable is downloaded from the drive-by-download server to the victim machine, and it is executed.

What happens next?

Mebroot injects these modules […] into a number of applications. These applications include the Service Control Manager (services.exe), the file manager, and 29 other popular applications, such as web browsers (e.g., Internet Explorer, Firefox, Opera), FTP clients (Leech-FTP, CuteFTP), email clients (e.g., Thunderbird, Outlook, Eudora), instant messengers (e.g., Skype, ICQ), and system programs (e.g., the command line interpreter cmd.exe). After the injection, Torpig can inspect all the data handled by these programs and identify and store interesting pieces of information, such as credentials for online accounts and stored passwords.

If you think hiding behind a firewall router will save you, you’re wrong:

By looking at the IP addresses in the Torpig headers we are able to determine that 144,236 (78.9%) of the infected machines were behind a NAT, VPN, proxy, or firewall.

If you think you’ve got a secure password, you’re wrong:

Torpig bots stole 297,962 unique credentials (i.e., username and password pairs), sent by 52,540 different Torpig-infected machines over the ten days we controlled the botnet

If you think a separate password manager will save you, you’re wrong.

It is also interesting to observe that 38% of the credentials stolen by Torpig were obtained from the password manager of browsers, rather than by intercepting an actual login session.

Somewhat more info on Mebroot from F-Secure.

Remember, the virus / worm / Trojan / botnet attacks you read about all the time only affect Windows machines. Linux isn’t invulnerable, but it’s certainly safer right now. If you’re running Windows, it’s only a matter of time until your PC is not your own, no matter how smart you think you are.

If you have one or two must-gotta-use Windows programs, set up a dedicated Token Windows Box and use it only for those programs. Network it (behind a firewall) if you like, but don’t do any email / Web browsing / messaging / VOIP on it. Just Say No!

For everything else, run some version of Linux. It’ll do what you need to get done with less hassle and far less risk. It’s free for the download, free for the installation, and includes all the functions you’re used to paying money for. Just Do It!

If you think using Linux is too much of a hassle, imagine what putting your finances back together will be like. Remember, the bad guys will steal everything you’ve ever put on your PC, destroy your identity, and never get caught.

Now you know… why are you still stalling?

2009-05-30