Problem solved? If the problem is supplying enough lithium to build batteries for all the electric vehicles that will be needed by 2030, then a new lithium deposit in Arkansas might be a resounding “Yes!” The discovery involves the Smackover Formation — and we’ll be honest here that half the reason we chose to feature this story was to be able to write “Smackover Formation” — which is a limestone aquifer covering a vast arc from the Rio Grande River in Texas through to the western tip of the Florida panhandle. Parts of the aquifer, including the bit that bulges up into southern Arkansas, bear a brine rich in lithium salts, far more so than any of the brines currently commercially exploited for lithium metal production elsewhere in the world. Given the measured concentration and estimated volume of brine in the formation, there could be between 5 million and 19 million tons of lithium in the formation; even at the lower end of the range, that’s enough to build nine times the number of EV batteries needed.

There are still a lot of unknowns, not least of which is whether any of the lithium in the brine is recoverable, and there are surely technical and regulatory hurdles aplenty. But the mere existence of a brine deposit that rich in lithium that covers such a vast area is encouraging; surely there’s somewhere within the formation where it’ll be possible to extract and concentrate the brine in an environmentally sensitive manner. And, once again just for fun, Smackover Formation.

While not ones to cheer for interstellar catastrophes, we can’t say that we haven’t been rooting for Betelgeuse to go supernova these last few years. Ever since the red supergiant star that sits on Orion’s shoulder started its peculiar dimming a while back, talk among astronomy buffs was that the activity presaged an imminent explosion of the star, one that could make Betelgeuse the brightest object in the night sky for a few months, and possibly make it visible in the daytime as well. As thrilling — and foreboding, at least by ancient astronomy standards — as that sounds, it seems as if the unusual dimming recently observed has a more prosaic explanation: a “Betelbuddy” star. According to astronomers who pored over observations, after ruling out all the other possibilities to explain the dimming, it seems like there must be a smaller star orbiting Betelgeuse that’s periodically plowing a clear spot through the cloud of dust surrounding the dying star. That would explain the periodic dimming and brightening, but why have we not seen this Betelbuddy before? It could be that the smaller star is lost in the giant’s glare, hiding in its halo of incandescent gas. So, don’t hold your breath on seeing a supernova anytime soon.

Do you find password rules annoying? We sure do, and even using a password manager with a generator that can handle all sorts of restrictions like password length and special characters, being told how to generate a password seems silly, especially since the information on what characters a valid password would have seems like valuable clues to potential crackers. But if for some reason you haven’t had enough password pestering, try out the password game. You start by entering a password — we, of course, started with correct horse battery staple — and then deal with the consequences of your obviously poor choices. You’ll be asked to do all the silly stuff that only decreases the entropy of your password, which only makes it harder to remember and easier to guess. We haven’t played it through — it’s way too annoying — but we assume that if you ever actually manage to compose a suitable password, you’ll be asked to change it every 90 days.

And finally, we’ve managed to live long enough now to have cycled completely through all the major music recording modalities except wax cylinders. Having heard them all, we’ve got to agree with the hipsters: vinyl is the best. That’s especially true after watching this fascinating look at the LP record production process, which covers everything from mastering to packaging. The painstaking steps at the beginning are perhaps the most interesting, but anyone who doesn’t appreciate the hot vinyl squeezing out from the press is a cold, heartless monster. The video is only 15 minutes long and mercifully free of narration, so enjoy.

From the earliest days of warfare, it’s never been enough to be able to build a deadlier weapon than your enemy can. Making a sharper spear, an arrow that flies farther and straighter, or a more accurate rifle are all important, but if you can’t make a lot of those spears, arrows, or guns, their quality doesn’t matter. As the saying goes, quantity has a quality of its own.

That was the problem faced by Britain in the run-up to World War II. In the 1930s, Rolls-Royce had developed one of the finest pieces of engineering ever conceived: the Merlin engine. Planners knew they had something special in the supercharged V-12 engine, which would go on to power fighters such as the Supermarine Spitfire, and bombers like the Avro Lancaster and Hawker Hurricane. But, the engine would be needed in such numbers that an entire system would need to be built to produce enough of them to make a difference.

“Contribution to Victory,” a film that appears to date from the early 1950s, documents the expansive efforts of the Rolls-Royce corporation to ramp up Merlin engine production for World War II. Compiled from footage shot during the mid to late 1930s, the film details not just the exquisite mechanical engineering of the Merlin but how a web of enterprises was brought together under one vast, vertically integrated umbrella. Designing the engine and the infrastructure to produce it in massive numbers took place in parallel, which must have represented a huge gamble for Rolls-Royce and the Air Ministry. To manage that risk, Rolls-Royce designers made wooden scale models on the Merlin, to test fitment and look for potential interference problems before any castings were made or metal was cut. They also set up an experimental shop dedicated to looking at the processes of making each part, and how human factors could be streamlined to make it easier to manufacture the engines.

With prototype engines and processes in hand, Rolls-Royce embarked on a massive scale-up to production levels. They built huge plants in Crewe and Glasgow, hopefully as far from the Luftwaffe’s reach as possible. They also undertook a massive social engineering effort, building a network of training institutions tasked with churning out the millions of skilled workers needed. Entire towns were constructed to house the workers, and each factory had its own support services, including fire brigade and medical departments.

As fascinating as the engineering behind the engineering is, the film is still a love letter to the engine itself, of which almost 150,000 copies would eventually be manufactured. The casting processes are perhaps the most interesting, but there’s eye candy aplenty for Merlin fans at every stage of production. We were also surprised to learn that Rolls-Royce took the added step of mounting finished Merlins in the cowlings needed for the various planes they were destined for, to ensure that the engine would be properly integrated with the airframe. This must have been a huge boon to groundcrews out in the field; being able to bolt a new nose on a Spitfire and get it back in the fight with a spanking new Merlin was probably key to victory in the Battle of Britain.

With the 2024 Hackaday Supercon looming large on the horizon, Editors Elliot Williams and Tom Nardi start this episode off by talking about this year’s badge and its focus on modular add-ons. From there they’ll go over the results of a particularly challenging installment of What’s that Sound?, discuss a promising DIY lathe that utilizes 3D printed parts filled with concrete, and ponder what the implosion of Redbox means for all of their disc-dispensing machines that are still out in the wild.

You’ll also hear about custom macropads, lifting SMD pins, and how one hacker is making music with vintage electronics  learning kits. Finally, they’ll reassure listeners that the shifting geopolitical landscape probably won’t mean the end of Hackaday.io anytime soon, and how some strategically placed pin headers can completely change how you approach designing your own PCBs.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download in DRM-free MP3.

Episode 294 Show Notes:

News:

• The 2024 Hackaday Supercon SAO Badge Reveal

What’s that Sound?

• Congrats to [I can see the sounds] for guessing the HAARP.

Interesting Hacks of the Week:

• A 3D Printed, Open Source Lathe?
  • Precision CNC With Epoxy Granite
  • Experiments In Creating The Best Epoxy Granite
• Redbox Is Dead, But The Machines Are Kind Of Hanging On
  • Redbox hack reveals customer info. from 2K rentals – Ars Technica
  • Foone: “the unit I’ve got an image for has records going …” – digipres.club
• Libre Space Foundation Aims To Improve Satellite Tech
  • Flying The First Open Source Satellite
  • 32C3: So You Want To Build A Satellite?
  • Open Source CubeSats Ease The Pain Of Building Your Own
  • How To Build A CubeSat
  • SatNOGS – Global Network of Ground Stations
• Keeping Tabs On An Undergraduate Projects Lab’s Door Status
• DIY Air Bearings, No Machining Required
  • Learn 40 Years Of Mech Prototyping At Lightspeed
  • High-Precision Air Bearing CNC Lathe And Grinder
• I2C The Hard Way

Quick Hacks:

• Elliot’s Picks:
  • 3D Printed Tires, By The Numbers
  • Zero To Custom MacroPad In 37 Easy Steps
  • Make Your Own Remy The Rat This Halloween
• Tom’s Picks:
  • Give Your SMD Components A Lift
  • 75-In-One Music
  • Figuring Out The Most Efficient Way To Reuse Bags Of Desiccant

Can’t-Miss Articles:

• Will .IO Domain Names Survive A Geopolitical Rearrangement?
• Hacker Tactic: Building Blocks
  • Power Supply PCB Redesign

Leading off the week is the controversy around the Linux kernel and an unexpected change in maintainership. The exact change was that over a dozen developers with ties to or employment by Russian entities were removed as maintainers. The unfortunate thing about this patch was that it was merged without any discussion or real explanation, other than being “due to various compliance requirements”. We eventually got more answers, that this was due to US sanctions against certain Russian businesses, and that the Linux Foundation lawyers gave guidance that:

If your company is on the U.S. OFAC SDN lists, subject to an OFAC sanctions program, or owned/controlled by a company on the list, our ability to collaborate with you will be subject to restrictions, and you cannot be in the MAINTAINERS file.

So that’s that. One might observe that it’s unfortunate that a single government has that much control over the kernel’s development process. There were some questions about why Russian entities were targeted and not sanctioned Chinese companies like Huawei. [Ted Ts’o] spoke to that, explaining that in the US there are exemptions and different rules for each country and business. This was all fairly standard compliance stuff, up until a very surprising statement from [James Bottomley], a very core Kernel maintainer:

We are hoping that this action alone will be sufficient to satisfy the US Treasury department in charge of sanctions and we won’t also have to remove any existing patches.

I can only conclude from this that the US Treasury has in fact made this threat, that code would need to be removed. Now this is genuinely surprising, given the legal precedent that code is 1st Amendment protected speech. That precedent was established when dealing with encryption code that was being export restricted in the 90s. It seems particularly problematic that the US government believes it can specify what code does and does not belong in the Linux kernel.

SELinux

Since we’re in Kernel land, let’s talk SELinux. Many modern Linux systems, and Android in particular, use SELinux to provide an extra security layer. It’s not an uncommon troubleshooting step, to turn off SELinux to see if that helps with mysterious issues. What we have here in the klecko Blog is an intro to bypassing SELinux. The setup is that an exploit has achieved root, but is in a unprivileged context. What options does an attacker have to try to bypass SELinux?

The first, most obvious solution is to just disable SELinux altogether. If you can write to memory, the SELinux enabled bit can just be set to false. But that might not work, if you can’t write to memory, or have a hypervisor to wrestle with, like some Android systems. Another option is the set of permissive flags that can be overwritten, or the AVC cache that can be poisoned, both approaches resulting in every SELinux request being approved. It’s an interesting overview.

Printer Root

Xerox printers with the “Network Troubleshooting” feature have some unintended hidden functionality. The troubleshooting is done by calling tcpdump as root, and the configuration allows setting the IP address to use for the troubleshooting process. And as you might expect, that IP address was used to create a command line string, and it isn’t properly escaped. You can sneak a $(bash ...) in as part of the address, allowing code execution. The good news is that access to this troubleshooting function is locked behind the web admin account. Xerox has made fixed firmware available for this issue.

Fix Your Roundcube

The Roundcube email web client has a Cross-Site Scripting (XSS) vulnerability that is actively being exploited. The flaw is the processing of SVGs, and the addition of an extra space in an href tag, that the browser ignores. Sneaking this inside an SVG allows for arbitrary Javascript to run when opening this malicious email.

Roundcube has released 1.5.7 and 1.6.7 that address the issue. This is under active exploitation, currently being used against the Russian aligned CIS countries. It’s a simple exploit, so expect to see it more widely used soon.

The Archive

The Internet Archive continues to be under siege. The Distributed Denial of Service (DDoS) attacks were apparently done by SN-Blackmeta. But the hacker behind the data breach is still a mystery. But the news this week is that there is still someone with access to Internet Archive API keys. Specifically Zendesk, illustrated by the fact that when Mashable reached out via email, the hacker answered, “It’s dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.”

It’s obviously been a terrible, horrible, no good, and very bad month for the Internet Archive. As it’s such an important resource, we’re hoping for some additional support, and getting the service back to 100%.

Quantum Errata

You may remember last week, that we talked about a Quantum Annealing machine making progress on solving RSA cryptography. In the comments, it was pointed out that some coverage on this talks about RSA, and some talks about AES, a cryptography thought to be quantum-resistant. At least one source is claiming that this confusion is because there were actually two papers from the same team, one discussing RSA, and the other techniques that could be used against AES. This isn’t confirmed yet, and there are outstanding questions about both papers.

Bits and Bytes

SQL injection attacks are old hat by this point. [NastyStereo] has an interesting idea: Polyglot SQL injection attacks. The idea is simple. A SQL query might be escapable with a single quote or a double quote. To test it, just include both: OR 1#"OR"'OR''='"="'OR''='. There are more examples and some analysis at the link.

Kaspersky researchers found a Chrome exploit, that was being delivered in the form of an online tank battle game. In reality, the game was stolen from its original developers, and the web site was a crypto stealing scam, making use of the browser 0-day. This campaign has been pinned on Lazarus, the APT from North Korea.

And yet another example of fake software, researchers at kandji discovered a fake Cloudflare Authenticator campaign. This one is a MacOS malware dropper that does a reasonably good job of looking like it’s an official Cloudflare app. It’s malware, and places itself in the system crontab, to get launched on every boot. Follow the link for Indicators of Compromise if you need them.

The Vectrex was a unique console from the early 1980s. Developed by a company you’ve probably never heard of—Smith Engineering—it was put into production by General Consumer Electronics, and later sold by Milton Bradley. It was an outright commercial failure, but it’s remembered for its sharp vector display and oddball form factor.

The Vectrex was intended for tabletop use in a home environment. However, [Jeroen Domburg], also known as [Sprite_tm], decided to set about building a portable version. This wasn’t easy, but that just makes the development process a more interesting story. Thankfully for us, [Sprite_tm] was kind enough to tell the tale at the 2023 Hackaday Supercon.

Vectorlicious

[Sprite] starts by introducing the audience to the Vectrex, just to make sure everyone understands what was special about this thing. For comaprison’s sake, he lines it up against its contemporaries. Back in the early 1980s, the Atari 2600 and the Intellivision had incredibly low resolution video output with big ugly pixels. In contrast, the Vectrex could draw clean, sharp lines with its inbuilt vector-style display.

Basically, instead of coloring in individual pixels, the Vectrex instead drew lines from point to point on the screen. It was an entirely different way of doing graphics—fast, tidy, and effective—and it was popular in early video arcade games, too. Some Vectrex games even came with plastic overlays to create the impression of color on the screen. Unlike pixel displays, though, this technology didn’t really scale well to prettier, more lifelike graphics. Thus after the Vectrex, no other mainstream consoles adopted this technique.

From there, [Sprite_tm] walks the audience through the hardware of the Vectrex. The architecture is fairly simple, based around a 68A09 CPU, which is a Motorola CPU with some improvements over the earlier 6502. It’s paired with some ROM, RAM, and I/O glue logic, and it loads its games off cartridges. Then there’s the audio hardware, a digital-to-analog converter for video output, and all the subsequent analog electronics for driving the vector CRT display.

Unlike a modern console, what’s inside the box is no secret. Datasheets and full schematics are publicly available that lay out exactly how the whole thing works. This is hugely valuable for anyone looking to repair a Vectrex—or make a portable one. You don’t need to reverse engineer much, since it’s all laid out for you. Indeed, as [Sprite_tm] notes, a replica motherboard already exists that lets you play Vectrex games on an oscilloscope’s XY input.

Building the Portable

Some people have built small Vectrexes before, by going the emulator route with a Raspberry Pi and a small LCD display. [Sprite] wasn’t a fan of this route, as modern pixel LCDs make for jagged diagonal lines because they’re not proper vector displays like the original Vectrex CRT. Thus, to build a more authentic portable Vectrex, [Sprite_tm]’s build needed certain parts. On top of replicating the CPU and logic of the Vectrex, he needed to find a small CRT that operate as a proper vector display. Plus, he wanted to build something properly portable—”I wanna sit on the bus and then whip it out and play it,” he explains.

Obviously, finding a suitable CRT was the first big hurdle to clear. [Sprite_tm] mused over using a tube from a Sony Watchman handheld portable TV, but decided against it. He notes that these are fairly rare and valuable, and he didn’t want to destroy one for his project. But he still needed a small CRT in a practical form factor, and he found the perfect donor. In the 90s, LCDs were pretty crap and expensive, so apartment video intercoms relied on CRTs instead. Now, these systems are all largely defunct, and he notes you can find old examples of these answerphones for a few dollars online.

Of course, these answerphone CRTs weren’t designed for vector operation. However, [Sprite_tm] teaches us how you can convert one to draw straight lines on command instead of scanning like a TV. You can get legit vector operation just by squirting the right voltages into the deflection coils. Of course, getting it to work in practice is a lot harder than you might think, but perseverance got the job done in the end. Understanding the physics involved is useful, too, and [Sprite_tm] explains the theory with an apt comparison between coils and a pig.

From there, the talk explains how the rest of the hardware came together. [Sprite_tm] elected to stuff all the Vectrex magic into an FPGA, which felt cooler than software emulation but was more compact than using all-original chips on a replica mainboard. It lives on a custom PCB that also carries all the necessary electronics to drive the CRT in the desired vector mode.

The build also has a cartridge port for playing original Vectrex games. However, for ease of use, [Sprite] also fitted a RISC V CPU, some RAM, and a microSD card for loading ROMs for games that he doesn’t own in physical format. Everything was then wrapped up in a custom 3D-printed case that’s roughly twice as large as the Nintendo Game Boy Color in length and width—and about four times thicker.

This week Jonathan Bennett and David Ruggles chat with James Smith about Manyfold, the self-hosted 3D print digital asset manager that’s on the Fediverse! Does it do live renders? Does it slice? Listen to find out!

• https://floppy.org.uk/
• https://manyfold.app
• https://github.com/manyfold3d/manyfold

Did you know you can watch the live recording of the show Right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

If you want to deliver the maximum power to a load — say from a transmitter to an antenna — then both the source and the load need to have the same impedance. In much of the radio communication world, that impedance happens to be 50Ω. But in the real world, your antenna may not give you quite the match you hoped for. For that reason, many hams use antenna tuners. This is especially important for modern radios that tend to fold their power output back if the mismatch is too great to protect their circuitry from high voltage spikes. But a tuner has to be adjusted, and often, you have to put a signal out over the air to make the adjustments to match your antenna to your transmitter.

There are several common designs of antenna tuners, but they all rely on some set of adjustable capacitors and inductors. The operator keys the transmitter and adjusts the knobs looking for a dip in the SWR reading. Once you know the settings for a particular frequency, you can probably just dial it back in later, but if you change frequency by too much or your antenna changes, you may have to retune.

It is polite to turn down the power as much as possible, but to make the measurements, you have to send some signal out the antenna. Or do you?

Several methods have been used in the past to adjust antennas, ranging from grid dip meters to antenna analyzers. Of course, these instruments also send a signal to the antenna, but usually, they are tiny signals, unlike the main transmitter, which may have trouble going below a watt or even five watts.

New Gear

However, a recent piece of gear can make this task almost trivial: the vector network analyzer (VNA). Ok, so the VNA isn’t really that new, but until recently, they were quite expensive and unusual. Now, you can pick one up for nearly nothing in the form of the NanoVNA.

The VNA is, of course, a little transmitter that typically has a wide range coupled with a power detector. The transmitter can sweep a band, and the device can determine how much power goes forward and backward into the device under test. That allows it to calculate the SWR easily, among other parameters.

In Practice

This sounds good, but how does it work? Well, to find out, I took a long wire connected to an MFJ Versa Tuner II and fed the NanoVNA’s TX port to the tuner. With the tuner in bypass, the screen looked like the first image. It actually had a pretty low SWR near 14 MHz, but everywhere else was not going to work very well at all.

The next step was to switch the tuner into the circuit. Ideally, you could infinitely vary the inductor and both capacitors, but making roller inductors is a cost, so many tuners — including this one — have switches that select taps on the inductor, meaning you can only change it in fixed steps. That isn’t usually a problem, though, because you can adjust the capacitors to make up for it.

Since you aren’t transmitting, there’s no rush, and you can easily switch things around and turn knobs until you can find a null. If you were using the actual transmitter, you’d want to avoid switching the inductor “hot” because the switch contacts won’t appreciate any high-power RF.

I centered the frequency range around 7 MHz and found the lowest setting I could on the tuner. Then, I zoomed back out to the entire HF band. Not bad.

I went through and found null spots for all the ham bands. It was also possible to measure the SWR for bands I can’t transmit on (for example, 15 MHz, to listen to WWV).

Once I had jotted down all the settings, it was time to reconnect the transmitter. Well, technically, a transceiver — in this case, an Icom IC-7300. Even without transmitting, having the knobs adjusted correctly definitely helped with receiving, often strikingly so.

But Did It Really Work?

My first attempt was to use the frequency exactly where I had tuned before switching in the transmitter. As you’d expect, the transmitter saw a low SWR and had no issues, but changing frequencies was a little different.

The knobs on the tuner are not especially precise. Some high-end devices have multi-turn knobs with counters to help you get exactly back to some setting, but this tuner has no such thing. So when the dot on the knob is on, say, “2,” it is hard to know for sure if it is exactly where you had it last time it was in the same position.

However, you can get close. Changing frequencies and tuner settings would sometimes give me a great SWR, but sometimes it was a little high (never any more than, maybe, 1.5:1). A minor tweak of the two capacitors on the tuner would resolve it quite easily.

A quick CQ on 15 meters resulted in the map you can see from the reverse beacon network. The furthest away I was heard was a bit more than 1,800 miles away. Not bad for a fairly short wire hung over a tree. Subsequent testing on several bands resulted in many contacts across four continents in a few hours.

Takeaway

Do you need to use a VNA to tune? No, but it sure is handy. Sure, it generates a tiny signal, but nothing like your transmitter. I like tuning very quietly and precisely without risking the expensive final amplifiers in my station. A good tuner can load up almost anything, and while you won’t get the performance you would get out of a proper antenna, you can still get on the air and have a lot of fun.

Of course, the VNA can do other things too. It can characterize components and modules like filters. You can even use them as time domain reflectometers to troubleshoot cables. It is worth noting that while I took pictures of the VNA so you could see what it would look like, it is actually better to use one of several programs on your PC that can create graphs and data that would be easy to work with. For example, I often use this one.

Want more things to do with your VNA? You can even map antenna patterns with one.