Maker Faire Tips in QST

My article on Bay-Net's efforts to showcase amateur radio at Maker Faire Bay Area is in QST (January 2017 edition) hitting mailboxes and digital readers now.  I blogged about this year's project back in May 2016, and that article contains links to detailed materials and presentations.  We also talked Maker Faire with the HamRadio360 team in their late June podcast.

Special thanks again to my team that worked hard on this event: +Beric Dunn, +Bernard Van Haecke, +Derek Kozel, +Marcel Stieber, +Kenneth Finnegan, +Maria Pikusova, and Bob Somers.

Also in the article is an interview with fellow Maker +Jeri Ellsworth on her journey away from and (finally) back to amateur radio, and a cameo appearance by my youngest daughter Tara.

Holiday Project: LED Flip Light

The original idea for this project came from David Bakker at draailampje.nl ("draailampje" means "flip light" in Dutch) via Make: - I've modified it slightly.  My kids both like to solder, so I wanted a project which my youngest could do mostly by herself.



Parts:

• Batteries: http://amzn.to/2gQYk9P
• Battery holders: http://amzn.to/2enJDbT
• Switches: http://amzn.to/2gWmzpN
• 10mm LEDs: http://amzn.to/2g0AOoY
• 1.5 oz jars: http://amzn.to/2gDZjME

The idea of the flip light is very simple: parts needed are a CR2032 battery, a coin battery holder, a tilt switch, and a 10mm diffused LED.












This assembly is mounted into the lid of a small hexagonal glass jar with hot glue.  We built 20 of them in assembly-line fashion, with me acting as safety observer and occasionally suggesting that she re-solder some joints.

Operation is dumb simple; flip the light over to turn it on, back again to turn it off.

The CR2032 battery drives the LED directly - no current-limiting resistor is needed.  You have to make a choice about orientation - David Bakker's original design is to have the light on when the lid is up.

My daughter decided to have it on when the lid is down, with the LED pointing up when on, so that the light comes out the bottom of the jar.  She felt this was more "pretty".

The end result was really nice - she tossed a few on the mantle, put some on the dining room table, and gave a few away as gifts.

The most expensive parts of the project were the glass jars.  You can get them for about $1 each if you buy a box of 24.  Parts list above.

Update: LED Hack for Christmas Houses

2016 Update: Updated links to parts sources - some had broken since the original post.  Also: For a festive touch, we use color-changing LED tea lights in the Fezziwig building.  That guy knew how to party!

Last weekend my wife and I started getting the Christmas decorations out of storage.  One of my wife's holiday favorites is a set of Dickens-style houses/buildings, some have signs like "Scrooge & Marley" "Fezziwig" etc.  Each has a C7 lamp and a cord.  Given the number of houses she has, cord management is always an issue.  We wind up trying to hide them with fluffy "snow" fabric, and then we have to hide a socket-strip and all the plugs.  The lights get hot, so in proximity to the fabric there's always a fire risk if one of the lights were to pop out.  The houses are fun, but it's a huge mess, so we decided to homebrew some LED lights for them.

Top removed from thread protector

We started by buying a set of small submersible LED tea lights.  These typically come in packs of 10 - 12, are used for weddings and such (toss them in the bottom of the punch bowl, etc), and cost about $0.80 each.  You can get them in white, color-changing, or a mixed set.  Each light uses a couple of CR2032 batteries, so we picked up a pack of 20 for under $8.00. The lights arrived with batteries, and only one of them was depleted, so we were good to go.  We also discovered that a color-changing light had got mixed into our set of white lights, which the kids decided was really cool because that house "looks like they're having a party". 

LED glued into thread protector

As it turns out, some of her houses have larger openings for the C7 lamps, so we just set the light on the table and put the house on top of it.  The others had smaller openings, so I needed to hack something up.  We considered using modeling clay, but I thought that might get messy.  Sugru or InstaMorph (moldable rubber) would have been great, but I used all my Sugru to make a custom mount for a Wii sensor.  Then I remembered that I had a bag of pipe thread protectors left over from an amateur radio antenna install - I use them to make custom grommets for my coax cable ingress box.

Perfect fit!

As it turns out, the LED lights friction-fit perfectly into thread protectors.  So I sliced off the end to expose the LED.  I put a few drops of hot glue on the thread protector to secure the LED.  They fit perfectly into the holes where the C7 lamps used to go, and they put off good light.

We're pleased with the end result, but if I had to make a change I would use amber/yellow LEDs instead of the pure white we have now.  Maybe over time I'll swap in some of those if the white ones fail.  In the meantime, our Dickens Village is lit up with no cords or concerns about fire danger. 

Earthquake Go-Kit - Pirate Radio?

In the wake New Zealand's recent Kaikōura earthquake, locals have been relying on an FM radio station called "Brian FM 100.3" to provide them with news about where to find food, running water, and toilets.  The broadcasters set up a similar radio station in the aftermath of the 2011 Christchurch earthquake.

Radio New Zealand article

In the US, this would probably be unnecessary - most of our broadcast stations have well-engineered towers, backup towers and power sources, and redundant studios.  New Zealand likely has a lot of idle FM spectrum, even when there's not an earthquake, so the Brian FM network can move around as needed to provide coverage and information to hard-hit or remote areas.

Build a (fire)wall and make China pay for it

I've been gradually building up a Raspberry Pi for use in my shack, and I've also been experimenting with a home control and security systems hosted on Pi platforms.  To be really useful, a home control system needs to be accessible from outside my home, and a remote radio setup would also be nice.  This has led me down a path of learning about how to conveniently but safely expose ports on my Pi platforms to the internet.

At any given moment, there are thousands of attackers active on the internet.  If you expose ports like TCP 80 (web server), or TCP 22 (ssh) you will be attacked, likely within minutes.  These attacks range from sophisticated hack attempts carried out by state-sponsored security teams, to teenagers running automated scanners that look for obvious weaknesses like unmodified default passwords.

Most attacks try to leverage brute-force methods - they start with a presumption that the superuser login is "pi" (the default) and work through a list of obvious passwords like the default "raspberry", or "pi", or "password", or "123456", etc.

Presuming you've changed your superuser password (and ideally your login name) an easy method to add security is to implement fail2ban.  The fail2ban method tracks failed login attempts over time, and if the same IP address fails more than X times within Y minutes, that address is then added to a ban list in iptables.  If your password is non-obvious, this works fairly well.  The problem is that, without additional setup, iptables exist in memory and are wiped on every reboot.  And because they exist in memory, you'll ultimately waste Pi resources trying to exclude billions of IP addresses.  It's possible to preemptively ban ranges and subnets of IP addresses, but you're still talking about nearly 8,000 entries just for a single country like China.  Also; fail2ban only works if someone actually attempts a login - it does nothing about attackers who probe connections without logging in.

The reality is, the number of IP addresses from which I want to allow connection is very small, and (unless I'm traveling) they're all US-based.  So the trick is to only allow connection from IP addresses originating in the US.  Turns out this is possible using GeoIP and some scripting.  The GeoIP method uses a file database of IP address ranges listed by country.  When an ssh client connects, their IP address is compared with the database.  If the IP address is not from the US, it refuses the connection.
I still run fail2ban, to handle any US-based attackers, and to deal with any non-ssh traffic.  Let me know in comments if you use GeoIP for security, and what you think of my strategies.