Although I don’t do a huge amount of 3D printing, I periodically find the ability to print something incredibly useful, particularly for anything custom or low-volume.
I had been using a Diggro Alpha 3 I bought in 2020 for a long time and it continues to serve well. It is a re-branded Longer LK4 Pro or Alfawise U30 Pro (see here). It competes with the Ender 3, has a 220x220x250mm build volume, Marlin firmware, and comes standard with a variety of features that are options for the Ender like a filament run-out detector so your print isn’t ruined if the filament runs out or breaks mid-print; it can also recover from an unexpected power outage. What really stands out is its very nice touch-screen LCD user interface. Manuals and firmware are available from Longer here. I use Cura as the slicer.
Diggro Alpha 5
Having had a good experience with Diggro, I bought their newer Alpha 5 in 2023. It is similar to the Alpha 3, but offers several incremental enhancements including fully enclosed electronics, UL listed Meanwell PS, a convenient place for the filament spool. In theory, it supports automatic bed leveling, but I could never get that function to work properly. I level it by hand and once leveled, it stays level for many prints; the use of a flexible magnetic bed sticker really helps in that regard.
Through experimentation, I’ve learned a number of things that make 3D printing much nicer:
Use a flexible magnetic print bed. I bought a cheap one from BefenyBay for $13.59 on amazon and it works great. The magnetic feature lets you remove your print surface without messing up the leveling and the flexible surface makes it trivial to remove your print (just bend it and it peels right off – no more putty knives). Even better, PLA prints seem to just stick to the slightly textured surface without any painters tape or hairspray. This makes printing *soo* much better. The downside of this particular bed is that the surface is polycarbonate rather than PEI which means it can be damaged if the hot end comes down too far, pushing into the surface. A PEI surface like this is better.
Dry your filament before you print. Most filament absorbs moisture and when it does, it causes all sorts of problems: the filament becomes brittle and breaks easily; the prints become covered with stringy fibers, overall results are poor. Fortunately, there are low cost filament driers where you can place a roll of filament and it will use heated air to dry it. I like the Eibos Easdry which has a built in humidistat.
Octoprint – I run octoprint on a Raspberry Pi Zero 2W with an old Rpi camera. You must use at least a Zero 2W (not the original Pi Zero W). I tried RPi cameras version 1.3 and 2.0 and both worked great. The RPi connects to my wifi and to the printer. It provides a web interface to monitor and control the printer including uploading files, starting/stopping/pausing prints, monitoring the printer temperature, controlling the printer, and most importantly: monitoring the print remotely via the camera so if things go awry, I can easily abort the print. Octoprint basically network-enables your printer and is an essential feature IMO. You’ll never go back to running back and forth between your computer and printer with a uSD card. Octoprint requires a Raspberry Pi, a camera (strictly speaking, the camera is optional, but it’s so useful I consider it essential), a uSD card, a micro-to-B USB cable (my printer’s USB connector is type B), and a suitable power supply; I use a cheap 15W USB phone charger (make sure it is ETL or UL listed) and a micro-USB cable. The case is printed.
I continue to use (and like) Alibre as my 3D modeling CAD software.
Everyone has different taste in movies; here are some that I enjoyed; they range from silly to serious and some that are just “cultural-literacy”; YMMV. The list is very far from exhaustive (even of movies I like) and I’ll add to it over time.
Is it just me or were the 1980s an unusually good decade for movies and music?
I’ve already ranted about why I still use SVN instead of Git. That said, it isn’t always obvious how to set up an SVN server securely, especially if you want fine-grained access control so certain users only get access to certain repositories or projects within repositories. It’s actually pretty easy with a few clever tricks.
My Requirements
Lightweight server – you shouldn’t need a lot of resources. In general, I run subversion in a proxmox VM with 2GB of RAM allocated and 1 processor core. I use minimal Ubuntu server as the OS.
Server access must only be via ssh. These days, nothing should be accessible over the internet that doesn’t use ssh and public key security.
The server should support multiple repositories.
You should be able to restrict user access to certain repositories and also specific projects (folders) within a given repository.
Disaster recovery should be easy.
How To Do It
1. Setup the server VM
Download the Ubuntu Server iso and store it in the /var/lib/vz/template/iso folder of your Proxmox host machine (if you don’t use proxmox, you probably should).
Create a Proxmox VM with 2GB RAM, 32GB disk space, and 1 CPU core which should be sufficient and select the Ubuntu ISO.
During installation, select the minimal install; it has nearly everything you’ll want and installing more things is easy using apt.
During installation, enable openssh access and create your superuser account.
Once installed update and upgrade as usual.
Install your public key in your home/myUser/.ssh/authorized_keys file. If you’re not familiar with how to do this, see here.
Once you have confirmed that your public key login is working, disable root login and password access in /etc/ssh/sshd_config.
2. Install Subversion and tools
Install subversion from the ubuntu repo sudo apt-get install subversion
Install your favorite editor any other tools you might want (vim, iputils-ping, etc.)
3. Create Subversion User and Repository
Create a user named “svn” sudo adduser svn
Create a folder to hold your SVN repositories: sudo mkdir /srv/svn
Assign ownership of the SVN repository to the svn user sudo chown svn:svn /srv/svn
Create an SVN repository: sudo svnadmin create /srv/svn/myRepo
Make sure the entire new repo is owned by the svn user: sudo chown -R svn:svn /srv/svn/myRepo
4. Setup SSH access
Create folder /home/svn/.ssh (should have 700 privilege)
Create file /home/svn/.ssh/authorized_keys (should have 600 privilege)
Add the SSH public key(s) for your workstation(s) to the authorized_keys file.
In front of each key add (so this and the key are all on one line): command=”svnserve -r /srv/svn/myRepo -t –tunnel-user=myUserName” An example of two lines in the file might be: command=”svnserve -r /srv/svn/ -t –tunnel-user=bob” ecdsa-sha2-nistp521 <Bob’s ECC public key>== BobLaptop1 command=”svnserve -r /srv/svn/myRepo -t –tunnel-user=alice” ssh-rsa <Alice’s public RSA key>== AliceContractorPC
You will probably want other options in addition to the command option to keep things locked down. All options should be comma-separated with no spaces unless within double-quotes; options you might want after the command option might include: ,no-port-forwarding,no-agent-forwarding,no-pty,no-X11-forwarding So a full line for alice might look like:
command="svnserve -r /srv/svn/myRepo -t --tunnel-user=alice",no-port-forwarding,no-agent-forwarding,no-pty,no-X11-forwarding <Alice's public RSA key>== AliceContractorPC
This sets up an unrestricted user with complete access to all projects in myRepo and a restricted user who only has access to projectA within my Repo SVN authz supports groups for very flexible permissions: [groups] myGroup = userA, userB [/projectB] @myGroup = rw
Users will always access the server as user svn. The trick is in the authorized_keys file which will choose the right SVN username based on the public key that matched your login. So when Bob logs in, he will use his private key (which will match his public key in the authorized_keys file which will also assign his –tunnel-user name to “bob” (for example). When Alice logs in, she will use her private key (which will match her public key in the authorized_keys file which will also assign her –tunnel-user name to “alice” (for example). SVN will further restrict their access within each repository according to their tunnel-user name in the authz file(s).
Some nifty things to note:
You don’t have to create linux login users for bob and alice. In fact the only users who should have login shell access are you (your super-user account) and svn and they should only have public key access (no password login should be allowed).
When bob and/or alice login as the svn user, they only get access to SVN (the only command they can run is svnserve per the authorized_keys file).
You can restrict bob or alice to a specific repo in the authorized_keys file by setting their svn “root” using the -r parameter. So, for example for alice: command=”svnserve -r /srv/svn/myRepo -t –tunnel-name=alice” Alice is then restricted to the myRepo repository and may be further restricted by the authz file for that repository based on her tunnel-name to limit her to specific projects. She will not even know that there are other repos; all references to projects will be relative to the root, so for example she might checkout: svn+ssh://svn@myhost.mydomain.com/myProject Where myProject is in myRepo and Alice would not know about myRepo2.
You can implement fine-grained restrictions within each repository using the authz mechanism. You can read about that in detail here.
To access the server (e.g. from TortoiseSVN or your favorite SVN client), you access using the svn+ssh protocol with a URL like this: svn+ssh://svn@myhost.mydomain.com Your private key will grant you access as the svn user and determine which user SVN treats you as for security purposes.
Backups
Although you can always backup your repo(s) using the svn dump facility: svnadmin dump /srv/svn/myRepo | bzip2 > myRepo_dump-$(date +%Y%m%d).svn.bz2 That only backs up the repository itself; it doesn’t backup all the work you did above to setup logins and permissions.
IMO, it’s much better for disaster recovery to simply backup your entire SVN server using proxmox. That way, you can stand up a new proxmox machine, restore the backup, and you’re up and running in a few minutes!
I replaced my ancient (but working) DLink NAS with a much newer and faster QNAP NAS (Model TS-464-8G). The QNAP hardware is nice: a compact package supports 4 SATA drives in a variety of RAID configurations, 2x NVMe drives, 2x 2.5GbE ports with option to add a 10GbE card, has a slick web-based user interface, and consumes relatively little power. It runs a custom linux on an a Celeron N5095. I don’t like the custom linux.
UPS Support
Naturally, I want my data storage to be protected by a UPS and to automatically and safely shut down before the UPS battery is exhausted if there is an extended power outage. I use a CyberPower CP1500PFCLCD UPS (which I am very happy with so far) to protect several NUC servers, an L2 switch, and the NAS. The UPS is connected to one of the NUC proxmox servers via USB. I run NUT on that server, including the nut-server that allows other machines (such as the NAS) to access the UPS over the network as nut-clients. The problem is that QNAP makes this more difficult than it has to be. They support nut (which is nice), but they seem to have done so mainly to allow one QNAP NAS to access another QNAP NAS connected to the UPS.
This is what I had to do to get the QNAP NAS to run as a generic nut client:
Control Panel -> External Device -> UPS Tab
Select Network UPS Slave
Enter the IP address of your nut server
Apply changes
Reset the NAS to start the upsutil (nut-client daemon) running
How did the NAS get the NUT UPS name, user name, and password used on the nut-server? It didn’t; the NUT support from QNAP hard-coded them as ‘qnapups’, ‘admin’, ‘123456’. And folks wonder why QNAP has had security issues.
You can change the user name and password by enabling the admin user, logging into the NAS via ssh as the admin user, and editing /etc/config/ups/upsmon.conf (make a .orig copy first). Find the line that reads: MONITOR qnapups@myNutServerIp 1 admin 123456 slave and replace ‘admin’ and ‘123456’ with the user name and password you have assigned for slave devices on your nut server in /etc/nut/upsd.users
Unfortunately, QNAP doesn’t let you change the UPS name; it *must* be qnapups Fortunately, NUT provides a workaround for this that doesn’t require changing all the other nut clients. On your nut server, edit your /etc/nut/ups.conf file and add a new dummy UPS named qnapups that points back to your real UPS. For example, my ups.conf ends with:
[cp1500]
driver = usbhid-ups
port = auto
desc = "CyberPower CP1500PFCLCDa"
vendorid = 0704
productid = 0601
[qnapups]
driver = dummy-ups
port = cp1500@myNutServerIpAddress
desc = "Proxy UPS for QNAP NAS"
Restart the nut-server (sudo service nut-server restart) and voila your QNAP can then see the UPS:
Ubiqiuti is a well known manufacturer of pro-sumer/small-business networking gear. They make two main lines of equipment: UniFi and UISP. The former aims for centralized control only (you can only manage devices through their management software); the latter is more traditional and allows for both direct device management (via command line and web interface) as well as centralized management through their free network management software UNMS. I’m old fashioned so I use the latter.
I use three primary types of gear: an EdgeRouter-X serves as the primary gateway into my network, a variety of EdgeMAX intelligent (layer 2) switches form the wired backbone of the network, and AirCubes provide wireless access.
The EdgeRouter is a particularly remarkable value; at $59, it provides a very full-featured comprehensive router + 4-port GbE switch. With hardware acceleration enabled, it delivers roughly 107MB/s (i.e. it routes at full gigabit speeds) while providing extensive support for features like VLAN, ipsec, dhcp management, NAT routing, etc. It has many more advanced features that I don’t presently use.
The EdgeMax switches work well and although they cost more than some other layer 2 switches, they work well and are fully supported by UNMS. One of the main advantages of this is managing firmware updates which is handled for all of the UI devices from the UNMS management console.
The UNMS network management package can be run locally (that’s how I use it) or, if you have at least 10 Ubiquiti devices, can be run on Ubiquiti’s cloud NMS. Although I have more than 10 Ubiquiti devices, I run UNMS locally (on a proxmox VM) for better security/control.
Baofeng is a Chinese radio manufacturer that produces a line of radio transceivers. Starting with their UV-5 series, they became insanely popular because they are dramatically less expensive than competing products. A good HT from Yaesu, Icom, Kenwood, or Alinco costs over $100 and usually a few hundred dollars, but a Baofeng HT can be purchased for less than $20; a price point that was unheard of previously and simply amazing.
I couldn’t resist so I bought a few several years ago. I played with them briefly, confirmed that I could hit my local repeaters in the 70cm band, and then they sat on the shelf. Recently, I became interested in amateur radio again and decided to take a closer look at the performance of the radio. Does it reach its specified transmit power? What’s the receiver sensitivity? Most importantly, part of the responsibility of being a ham licensee is making sure you transmit in compliance with FCC regulations (FCC CFR 47 part 97) is it compliant? If it causes you to lose your license, it was no bargain.
TLDR: it turns out that most Baofeng radios are not compliant with FCC rules for amateur radio. To be compliant (47CFR Part 97.307e), any signals other than the intended (fundamental) transmit frequency must be at least -40dBc AND below -16dBm. Of the 5 Baofeng radio models I tested, only one was compliant. The rest generated unwanted (spurious) signals on multiples (harmonics) of the fundamental that violate the rules. Nevertheless, the GT-5R appears to be fully FCC compliant and an incredibly value. Details of all the radios I tested are below:
GT-5R (not Pro) – PASS!
After evaluating 4 Baofeng models that were not legal to transmit with on the amateur bands, I was delighted that the 5th time was the charm! The spectrum analyzer tells the tale (see pics below). For $18.39 with free shipping through amazon, the Baofeng GT-5R is indeed a dual-band 4W+ radio with proper harmonic suppression that allows licensed amateur radio operators to legally transmit in the 2m and 70cm bands. It’s absolutely insane that they can hit this price point; kudos to Baofeng!
GT-5R transmitting on 2m through 40dB attenuation…clean as a whistle!GT-5R transmitting on 70cm – clean signal!
Transmit power (on high) was +35.54dBm (3.58W) on 2m and +36.55dBm (4.5W) on 70cm.
The measurements do not include cable or connector loss, but that should be very low at these frequencies with 12″ of RG-316. I confirmed the 10dB and 30dB attenuators were spot on using a calibrated RF signal generator. My total amplitude measurement error should have been (a lot) less than 1dB.
I also stepped through each harmonic with the analyzer zoomed in (50kHz span, 300Hz RBW, noise floor below -50dBm) and saw nothing of interest; the only measurable harmonic when transmitting on 2m was the 2nd which was below -30dBm. I was so pleased that I bought a second GT-5R which was also clean when checked (and had higher output power).
UV-17 Pro GPS – FAIL
Would 4th time be a charm? Nope. I ordered a pair of Baofeng UV-17 Pro GPS based on several internet reviews that suggested *they* would be clean and legal to transmit with. Although it’s a neat tri-band HT, sadly, the story was the same as with the other models I tested previously (below): not legal to transmit with on 2m or 1.25m, OK on 70cm. They’re going back tomorrow. The spectrum analyzer (with 40dB of attenuation in front), shows the 2nd harmonic on 2m is at +19dBm!:
UV17 Pro GPS transmitting on 2mUV17 Pro GPS transmitting on 1.25mUV17 Pro GPS transmitting on 70cm
UV-82 – FAIL
I connected my Baofeng UV-82, a dual-band (2m, 70cm) HT rated for 1W low and 5W high output power to a spectrum analyzer through a 30dB attenuator and transmitted on 2m and 70cm; the results and discussion are below:
UV82 transmitting at high power on 145MHz (2m band)
The transmitted power on 2m at the intended frequency was 3.9W which is pretty good, but the harmonics are awful. FCC regulations (47CFR Part 97.307e) state that spurious transmissions must be at least -40dBc (40dB below the carrier level) AND less than 25uW (-16dBm). The UV82 doesn’t even come close. The second harmonic is only -19.45dBc and even the third harmonic isn’t down 40dB. Both are well above -16dBm.
I switched the radio to 70cm and again transmitted at full power:
UV82 transmitting at high power on 440MHz
These results at 70cm are much better: the fundamental is at 4W and the second harmonic is down more than 40dB and is below -16dBm. The third harmonic isn’t visible. So, while there isn’t much margin, the UV82 appears to be good for amateur use at 70cm, but is not compliant in the 2m band.
It seems likely that the UV82 contains a low-pass filter that attenuates signals above 450MHz; which makes the radio compliant in the 70cm band, but is worthless for use in the 2m band due to the 2nd and 3rd harmonics. To use the radio in the 2m band legally, you probably need to install a 200MHz low-pass filter such as Mini-Circuits VLFX-225+ between the radio and antenna.
UV-B5 – FAIL
I also have a pair of Baofeng UV-B5 transceivers. They are also problematic with respect to spurious emissions, but interestingly in different ways from the UV82.
UV-B5 2m transmit on high powerUV-B5 70cm high power
In both bands, only the second harmonic is present with good suppression of higher harmonics. Unfortunately, the second harmonic violates the FCC regulations in all cases, so the UV-B5 can’t be used to transmit legally in either band. Compliance requires spurious to be BOTH -40dBc or better AND -16dBm or lower. I tested at high and low power and the second harmonic was much too high. Note: low power was measured at 1.5W at 2m and 1.25W at 70cm.
2m High Power: second harmonic is -40dBc (good!), but is -4.82dBm (fails compliance)
2m Low Power: second harmonic is at -5.88dBm (fails compliance)
70cm High Power: second harmonic is -34.25dBc and at -0.12dBm. (fails compliance)
70cm Low Power: second harmonic is at -8.08dBm (fails compliance)
This behavior is different from the UV-82; the third harmonic and above are well suppressed in both bands so these radios likely have separate VHF and UHF PAs (or at least harmonic filters). Unfortunately, they do not seem to be adequate and, as far as I can tell, it is likely illegal to transmit with the UV-B5 in either band, even at low power, unless you add additional filtering between the transceiver and the antenna.
The UV-B5s have another serious design flaw: if you leave the battery connected, it will gradually be drained, even with the radio off; so you must store the UV-B5 with the battery disconnected. Note: this is not the case for the UV-82.
GT-5R PRO – FAIL
I contacted Baofeng and they advised that their UV-5R and GT-5R comply with FCC part 97 & 15B. On their website, the GT-5R PRO is also advertised as FCC compliant and is tri-band, so I ordered a pair of GT-5R PRO and was dismayed to see that they too appear to be non-compliant on 2m. The first unit transmits at 3.37W at high power and has a huge spur at the second harmonic.
GT-5R PRO transmit at full power in 2m band
The second unit also transmitted at 3.3W at high power in the 2m band (35dBm) with a somewhat lower spur at the second harmonic of 0 dBm: better, but still not -40dBc AND below -16dBm. Interestingly, when transmitting at low power, the fundamental drops to 1.5W, but the 2nd harmonic actually goes UP by about 4dB!
The GT-5R PRO appears to be compliant in the 70cm band with the fundamental at 4.35W and no spurs above -20dBm.
GT-5R PRO transmit at full power in 70cm band
It’s possible I’m doing something wrong in my measurements; I would have liked to filter out the fundamental with a notch or high-pass filter before measuring the harmonics, but I don’t have the right filter and with the signal already knocked down 30-40dB, I don’t think I’m over-driving the SA. So I returned the GT-5R PROs.
I ship quite a few domestic packages and am a big fan of USPS Priority Mail service. I occasionally need to send packages overseas and at first glance, USPS Priority International service looks really good: low rates, reasonable delivery times, convenient shipping process. Unfortunately, the reality is different: their international shipping seems to be a disaster.
They estimate delivery to China at 6-10 days. The first package I sent took about 3 weeks. I shipped a second package 4 weeks ago; it reached China and cleared customs in 10 days, but then the tracking stopped. Maybe it will still get to its destination, maybe not, but I couldn’t wait any longer and had to ship a replacement (using a different carrier). USPS seems to lose all control over and visibility once they hand off to China Post.
What seems clear is that USPS International has no quality control. Even though their own tracking system shows the package long overdue, they do not automatically start a search…something any company concerned about quality would do automatically. To try to find the package, I started at the post office where I mailed it. I brought them the printed tracking history and showed them that they advertise 6-10 days and it had been 4 weeks. I was very polite and told them that I love USPS domestic priority shipping but can’t use USPS for international shipping if this is representative of the service. The agent said “I’m sorry you feel that way”….not “I’m sorry we lost your package” and told me to “call this number” (i.e. the human agent wasn’t going to help and as a representative of the organization, accepted zero responsibility for a service failure). This was two quality-control problems: 1) a failure of employees to act as representatives of their company and 2) a disinterest in finding and understanding quality problems in order to improve processes.
A company that doesn’t care about quality creates obstacles to reporting problems. Unsurprisingly, when I called the number, I encountered an automated system designed to maximize customer frustration: it demands you enter a tracking number but won’t accept international tracking numbers and refuses to connect you with a human unless you provide a tracking number it likes. Eventually, by trying different menu paths, I reached a human who took down gobs of information and told me I could call back in 35 days if they didn’t find the package. So after 2 months, I might have the opportunity to spend more time filling out extensive paperwork and finding detailed shipping evidence to recover the shipping cost – of a package that their own tracking system shows that they lost.
That’s not going to happen, of course, I’m simply not going to use USPS for international shipping again and will share the experience with friends to save them from going through the same trouble. That’s what bad quality control does: it causes companies to lose business. I sent a replacement for the lost package via FedEx; it cost significantly more, but like UPS, DHL, and other big-boy shipping companies, they will track the package from start to finish and take responsibility for actually getting it there. USPS domestic shipping is wonderful, but if they want to compete in the international shipping world, they need to get their act together and start paying attention to quality.
I do a lot of work in the sub-GHz ISM band and there are a lot of antenna vendors whose quality varies broadly. Consider the case of two antennae: The first was purchased from AliExpress vendor CS Family. These were sold as 915MHz antennae with 3dBi gain (this).
It’s centered at 910MHz and its best-case SWR is 1.34:1. At the band edges, it offers 1.57:1 at 902MHz and 1.77:1 at 928MHz. This is acceptable; I consider anything better than 2:1 acceptable for a cheap antenna and this meets its spec across the band. The impedance is 75 -j47. It’s not pretty, but it will do the job.
However, compare it to one of my favorite compact antennae from TE/Linx: the ANT-916-CW-HWR-RPS (datasheet) claims 1.2dBi and better than 2:1 VSWR.
This antenna is nicely centered in the band and offers an amazing 1:08 SWR at 915MHz, 1.57:1 at 902MHz and 1.40:1 at 928MHz. Impedance is 46.59 +j0.70. Now that’s pretty!
In fairness, both antennae meet their spec (better than 2:1) and the AliExpress antenna cost only $2.16 whereas the Linx antenna cost $13.50…so I cut the AliExpress guys some slack 🙂
Measurements taken using a NanoVNA SAA-2N with VNA Qt software. I might break out a nicer VNA some time and repeat these tests, but for quick measurements, I’ve found the NanoVNA2 to be remarkably accurate; it’s insane what $110 can buy these days. Note: if you have a NanoVNA2 SAA-2N, the firmware, manual, schematic, and a version of VNA Qt that works with it can be found here. The 1.3.07 firmware (Aug 30, 2022) offers many important features and if you’re running older firmware, you probably want to update (instructions are in the manual). The only thing I couldn’t find a way to do using the LCD UI was port extension, but it’s easy with VNA Qt.
Cybersecurity (or lack thereof) is a disaster. Every website in the world is under constant attack by networks of automated hacking robots (bot nets) checking for weak security.
Everyone should use a password manager such as PasswordSafe or BitWarden . These tools will generate a different random password for each account/website you use and store it securely encrypted. You “open” your safe by entering a master password which then decrypts all the stored information. The tools will also let you securely store things like the URL of the website, and some free form information like account numbers. All you need to memorize is one master password (make it something good – an unusual phrase).
Because so many sites use bad security practices, there are now massive databases of hacked usernames and passwords available. This would have been impossible if companies followed best security practices of even 30 years ago. This means you are particularly vulnerable if you use only one or a few passwords for many sites. Even if your password is good, you re depending on the developers of the website you entered that password into for its security.
Using different randomly generated passwords for each website means that even if one site uses bad security practices and is hacked, ONLY your account at that site is compromised, not all of your accounts.
Developers: NIST has issued guidance on password practices that are quite good and everyone who writes software that requires password authentication should read this:
Some of the simple things you can (and must) do that have been common practice since at least the 1990s:
Don’t store passwords. Anywhere. Not plaintext or encrypted. You should only store a one-way hash of the salted password. Even ancient hashes like MD5 are much better than storing plaintext or encrypted passwords, but there’s really no excuse for using anything weaker than SHA256 or better these days.
Use password spinning: after every N failed attempts, add a small (1-3 second) delay. This effectively prevents brute-force/rainbow hacking.
Test new passwords against a database of known hacked passwords. (no “OpenSesame”)
Require reasonable minimum password lengths. (no “123”)
Not from the 90s, but probably a good idea these days:
If you have a fast and easy way to do 2FA (e.g. biometric), use it.
Some things you should NOT do (and that drive me crazy when I see it):
Require users change their passwords frequently – this is just nuts; it drives users crazy and incentivizes them to use simpler and easier to remember passwords.
Have special characters users must/can’t use in their passwords. This discourages the use of good random password generation and is even worse without it.
Disallow users from seeing the password as they type it (that should be an option)
Time-consuming 2FA methods (like text messages or validator apps) for things that don’t need that level of security. It introduces a super-annoying delay in accessing your data/app. Biometric 2FA is OK.
The price of oscilloscopes goes up quickly above 100MHz bandwidth, often placing them out of the budget of hobbyists and small businesses. The analog bandwidth of a scope is defined as the frequency at which amplitude is reduced by 3dB (roughly 30%)
Most oscilloscope lines offer a variety of bandwidth options (at increasing prices) such as 50, 100, 200MHz or 100, 350, 500MHz. In many cases, those are really the exact same scope hardware (the highest bandwidth) but are limited in software to a lower bandwidth. This allows manufacturers to address a broader range of potential customers (they can sell the 100MHz scope to individuals or small companies without undercutting the big margins of their 500MHz scope sales to large companies).
Some manufacturers have made it possible for hobbyists to unlock the higher bandwidths. Doing this voids any warranty or calibration of course, and so most labs or large companies simply won’t do this and if you choose to do it, it’s at your own risk. However, I have done this successfully with scopes from Siglent (SDS1104X) and Tektronix (TDS3xxx) and the results have been pretty good.
TDS3K scopes are older Tektronix models that used to cost a fortune (Tek was long the king of the oscilloscope hill and my favorite). The TDS3K line came in 100, 350, and 500MHz models. Fortunately, you can hack any TDS3K scope to 500MHz. For info on how to do this, look to the always excellent eevblog (here). Note that you will need to downgrade the firmware to 3.39 in order to perform the hack. In a nutshell:
Install a communications module in the back slot
Configure for 9600,8,N,1 (local echo on is helpful)
Check current version: *IDN?
PASSWORD PITBULL
MCONFIG TDS3052 (or whatever model you’re upgrading to)
Reboot the scope
Note too that there are downsides to the TDS3K line like calibration is stored in battery backed RAM (and the battery will eventually die). In general, to continue to use a scope of this age, you should plan to re-cap it (replace all electrolytics) and replace the battery-backed RAM module with a new one.
Siglent and Owon are Chinese companies that make a lot of test gear that isn’t quite up to Tek or Keysight standards, but still offer a great deal of bang for the buck and the Siglent products are often hackable. For info on how to hack the Siglent SDS110x scopes you can also refer to eevblog.
An important question is: how do these scopes perform after the hack, so I tested a Tektronix TDS3012 (100MHz) before and after hacking it to a TDS3052. I also tested a TDS3032 I had previously hacked to TDS3052, a Siglent SDS1104X hacked from 100 to 200MHz, and compared them with an unhacked TDS5054B (500MHz) and an Owon SDS8202 (200MHz). In each case I supplied a 0dBm tone from an IFR 2025 RF signal generator through an admittedly less-than-ideal but short coax cable with BNC connectors. For the scopes without internal 50-ohm termination, I used a BNC through terminator and a 6dB attenuator.
A 0dBm signal terminated in a 50R load should be 632mV peak-to-peak. At the bandwidth limit of the scope, that signal should be reduced by 3dB or roughly 30% (-3dBm = 448mV p-p):
MHz:
Term
10
50
100
200
300
350
400
500
TDS3012 (before hack)
Int
562
320
—
—
—
—
TDS3012 (hacked)
Int
666
648
644
640
606
580
554
510
TDS3032 #1 (hacked)
Int
680
665
660
644
630
604
578
530
TDS3032 #2 (before hack)
Int
641
627
626
598
563
546
511
457
TDS3032 #2 (hacked)
Int
658
640
637
631
619
604
576
555
TDS5054B
Int
662
642
630
627
593
575
560
566
SDS1104X (hacked)
BNC
650
638
600
514
360
264
169
57
SDS8202
BNC
680
672
664
608
512
424
300
—
Peak-to-Peak voltage measured with 0 dBm sine wave
It’s clear that the hacks really do increase the available bandwidth. In the case of the TDS3K scopes, to greater than 500MHz, making them truly the equivalent of TDS305x. I measured a 700MHz signal on a hacked TDS3032 at 466mVp-p so the 3dB bandwidth was even higher than that! The hacked scopes also show the sample rate at 5Gs/s whereas before the hack they top out at 1.25 or 2.5GS/s.
The Siglent SDS1104X (nominally 100MHz) hack also extends its bandwidth to 200MHz; mine was down -1.78dBm at 200MHz and still slightly better than 3dB at 235MHz (-2.88dBm). The trigger was able to lock cleanly out well past 400MHz and measurements remained accurate. Note: the SDS1104X does not offer internal 50R termination so measurements were made through a 6dB pad (reduces signal by half, probe set to 2x) and 50R through terminator.
The old Owon SDS8202 (nominally 200MHz) did remarkably well out past 300MHz, easily outperforming the hacked SDS1104X. Owon makes nice analog front ends! Note that frequency measurement stopped at 200MHz even though the scope was clearly able to trigger on and lock to signals out to 400MHz.
