Posted on Leave a comment

Securing The New Server & Security In General

This was originally going to be part of another post, but it ended up getting more complex than I originally intended so it’s been given it’s own. I go into into many of my personal security practices, on both my public facing servers & personal machines. Since the intertubes are so central to life these days, good security is a must, especially since most people use the ‘net to do very sensitive operations, such as banking, it’s becoming even more essential to have strong security.

Since bringing the new server online & exposing it to the world, it’s been discovered in record time by the scum of the internet, SSH was under constant attack within 24 hours, and within that time there were over 20,000 failed login attempts in the logs.
This isn’t much of an issue, as I’ve got a strong Fail2Ban configuration running which at the moment is keeping track of some 30 IP addresses that are constantly trying to hammer their way in. No doubt these will be replaced with another string of attacks once they realise that those IPs are being dropped. I also prevent SSH login with passwords – RSA keys only here.
MySQL is the other main target to be concerned about – this is taken care of by disabling root login remotely, and dropping all MySQL traffic at the firewall that hasn’t come from 127.0.0.1.

Keeping the SSH keys on an external device & still keeping things simple just requires some tweaking to the .bashrc file in Linux:

This little snippet makes the ssh client look somewhere else for the keys themselves, while keeping typing to a minimum in the Terminal. This assumes the external storage with the keys always mounts to the same location.

Everything else that can’t be totally blocked from outside access (IMAP, SMTP, FTP, etc), along with Fail2Ban protection, gets very strong passwords, unique to each account, (password reuse in any situation is a big no-no) and where possible TOTP-based two factor authentication is used for front end stuff, all the SSH keys, master passwords & backup codes are themselves kept offline, on encrypted storage, except for when they’re needed. General password management is taken care of by LastPass, and while they’ve been subject to a couple of rather serious vulnerabilities recently, these have been patched & it’s still probably one of the best options out there for a password vault.
There’s more information about those vulnerabilities on the LastPass blog here & here.


This level of security paranoia ensures that unauthorized access is made extremely difficult – an attacker would have to gain physical access to one of my mobile devices with the TOTP application, and have physical access to the storage where all the master keys are kept (along with it’s encryption key, which is safely stored in Meatware), to gain access to anything.
No security can ever be 100% perfect, there’s always going to be an attack surface somewhere, but I’ll certainly go as far as is reasonable, while not making my access a total pain, to keep that attack surface as small as possible,and therefore keeping the internet scum out of my systems.
The last layer of security is a personal VPN server, which keeps all traffic totally encrypted while it’s in transit across my ISP’s network, until it hits the end point server somewhere else in the world. Again, this isn’t perfect, as the data has to be decrypted *somewhere* along the chain.

Posted on Leave a comment

Topping NX1a Portable Headphone Amplifier

NX1a Amplifier
NX1a Amplifier

Time for another teardown! Here’s a pocket-sized headphone amplifier for use with mobile devices. This unit is powered by a built-in lithium cell, and can give some pretty impressive volume levels given it’s small size.

Audio Connections
Audio Connections

The 3.5mm audio input & output jacks are on the front of the unit, along with the relatively enormous volume knob & power switch. There’s a little blue LED under the switch that lets the user know when the power is on, but this is a very sedate LED, using very little power.

Gain & Charging
Gain & Charging

On the back is the High-Low gain switch, and the µUSB charging port. There’s another indicator LED to show that the internal cell is charging, in this case a red one.

PCB Top
PCB Top

Removing a couple of cap screws allows the internals to slide out of the extruded aluminium casing. Most of the internal space is taken up by the 1Ah lithium cell, here on the top of the PCB secured by some double-sided tape. The volume potentiometer is mounted on a small daughterboard at right angles to get it to fit into the small vertical space in the case.

PCB Rear
PCB Rear

The bottom of the PCB is equally as sparse – the only ICs being the main audio amp in the centre & the battery charger IC at the top.

Amplifier IC
Amplifier IC

The main audio amplifier is a TP9260, I couldn’t find a datasheet on this, so I’m unsure of what the specs are. The row of resistors above the IC are for the gain divider circuit. There’s also a pogo pin on the right that makes contact with the back panel of the case for grounding.

Battery Charger
Battery Charger

Battery charging is taken care of by a UN8HX 500mA linear charging IC, not much special here.

This little amplifier seems to be pretty well made, considering the price point. The only issue I’ve had so far is the audio cables act like antennas, and when in close proximity to a phone some signal gets picked up & blasted into the headphones as interference.

Posted on Leave a comment

Pancake Vibration Motor Teardown

For a while I’ve wondered how these pancake type (AKA “Shaftless”) vibration motors operate, so I figured I’d mutilate one to find out.

Pancake Vibration Motor
Pancake Vibration Motor

These vibrators are found in all kinds of mobile devices as a haptic feedback device, unlike older versions, which were just micro-sized DC motors with an offset weight attached to the shaft, these don’t have any visible moving parts.

Cover Removed
Cover Removed

These devices are crimped together, so some gentle attack with a pair of snips was required to get the top cover off.
It turns out these are still a standard rotary DC motor, in this case specifically designed for the purpose. The rotor itself is the offset weight, just visible under the steel half-moon shaped section are the armature coils.

Weighted Rotor
Weighted Rotor

The armature lifts off the centre shaft, the coils can clearly be seen peeking out from under the counterweight.

Commutator
Commutator

The underside of the armature reveals the commutator, which in this device is just etched onto the PCB substrate, the connections to the pair of coils can be seen either side of the commutator segments.

Brushes
Brushes

The base of the motor holds the brushes in the centre, the outer ring is the stationary permanent magnet. These brushes are absolutely tiny, the whole motor is no more than 6mm in diameter.