Silicon ChipNet Work - July 2020 SILICON CHIP
  1. Outer Front Cover
  2. Contents
  3. Subscriptions: PE Subscription
  4. Subscriptions: PicoLog Cloud
  5. Publisher's Letter: Publisher's Statement
  6. Publisher's Letter
  7. Feature: Techno Talk by Mark Nelson
  8. Feature: Net Work by Alan Winstanley
  9. Back Issues: Net Work by Alan Winstanley
  10. Project: Speech Synthesiser with the Raspberry Pi Zero by Tim Blythman
  11. Project: AD584 Precision Voltage References by Jim Rowe
  12. Project: AM/FM/CW Scanning HF/VHF RF Signal Generator by Andrew Woodfield
  13. Project: High-current Solid-state 12V Battery Isolator by Bruce Boardman
  14. Feature: Circuit Surgery by Ian Bell
  15. Feature: AUDIO OUT by Jake Rothman
  16. Feature: Make it with Micromite by Phil Boyce
  17. Feature: PICn’Mix by Mike Hibbett
  18. Feature: Max’s Cool Beans by Max the Magnificent
  19. Feature: Electronic Building Blocks by Julian Edgar
  20. PCB Order Form
  21. Advertising Index

This is only a preview of the July 2020 issue of Practical Electronics.

You can view 0 of the 72 pages in the full issue.

Articles in this series:
  • Techno Talk (July 2020)
  • Techno Talk (July 2020)
  • Techno Talk (August 2020)
  • Techno Talk (August 2020)
  • Techno Talk (September 2020)
  • Techno Talk (September 2020)
  • Techno Talk (October 2020)
  • Techno Talk (October 2020)
  • (November 2020)
  • (November 2020)
  • Techno Talk (December 2020)
  • Techno Talk (December 2020)
  • Techno Talk (January 2021)
  • Techno Talk (January 2021)
  • Techno Talk (February 2021)
  • Techno Talk (February 2021)
  • Techno Talk (March 2021)
  • Techno Talk (March 2021)
  • Techno Talk (April 2021)
  • Techno Talk (April 2021)
  • Techno Talk (May 2021)
  • Techno Talk (May 2021)
  • Techno Talk (June 2021)
  • Techno Talk (June 2021)
  • Techno Talk (July 2021)
  • Techno Talk (July 2021)
  • Techno Talk (August 2021)
  • Techno Talk (August 2021)
  • Techno Talk (September 2021)
  • Techno Talk (September 2021)
  • Techno Talk (October 2021)
  • Techno Talk (October 2021)
  • Techno Talk (November 2021)
  • Techno Talk (November 2021)
  • Techno Talk (December 2021)
  • Techno Talk (December 2021)
  • Communing with nature (January 2022)
  • Communing with nature (January 2022)
  • Should we be worried? (February 2022)
  • Should we be worried? (February 2022)
  • How resilient is your lifeline? (March 2022)
  • How resilient is your lifeline? (March 2022)
  • Go eco, get ethical! (April 2022)
  • Go eco, get ethical! (April 2022)
  • From nano to bio (May 2022)
  • From nano to bio (May 2022)
  • Positivity follows the gloom (June 2022)
  • Positivity follows the gloom (June 2022)
  • Mixed menu (July 2022)
  • Mixed menu (July 2022)
  • Time for a total rethink? (August 2022)
  • Time for a total rethink? (August 2022)
  • What’s in a name? (September 2022)
  • What’s in a name? (September 2022)
  • Forget leaves on the line! (October 2022)
  • Forget leaves on the line! (October 2022)
  • Giant Boost for Batteries (December 2022)
  • Giant Boost for Batteries (December 2022)
  • Raudive Voices Revisited (January 2023)
  • Raudive Voices Revisited (January 2023)
  • A thousand words (February 2023)
  • A thousand words (February 2023)
  • It’s handover time (March 2023)
  • It’s handover time (March 2023)
  • AI, Robots, Horticulture and Agriculture (April 2023)
  • AI, Robots, Horticulture and Agriculture (April 2023)
  • Prophecy can be perplexing (May 2023)
  • Prophecy can be perplexing (May 2023)
  • Technology comes in different shapes and sizes (June 2023)
  • Technology comes in different shapes and sizes (June 2023)
  • AI and robots – what could possibly go wrong? (July 2023)
  • AI and robots – what could possibly go wrong? (July 2023)
  • How long until we’re all out of work? (August 2023)
  • How long until we’re all out of work? (August 2023)
  • We both have truths, are mine the same as yours? (September 2023)
  • We both have truths, are mine the same as yours? (September 2023)
  • Holy Spheres, Batman! (October 2023)
  • Holy Spheres, Batman! (October 2023)
  • Where’s my pneumatic car? (November 2023)
  • Where’s my pneumatic car? (November 2023)
  • Good grief! (December 2023)
  • Good grief! (December 2023)
  • Cheeky chiplets (January 2024)
  • Cheeky chiplets (January 2024)
  • Cheeky chiplets (February 2024)
  • Cheeky chiplets (February 2024)
  • The Wibbly-Wobbly World of Quantum (March 2024)
  • The Wibbly-Wobbly World of Quantum (March 2024)
  • Techno Talk - Wait! What? Really? (April 2024)
  • Techno Talk - Wait! What? Really? (April 2024)
  • Techno Talk - One step closer to a dystopian abyss? (May 2024)
  • Techno Talk - One step closer to a dystopian abyss? (May 2024)
  • Techno Talk - Program that! (June 2024)
  • Techno Talk - Program that! (June 2024)
  • Techno Talk (July 2024)
  • Techno Talk (July 2024)
  • Techno Talk - That makes so much sense! (August 2024)
  • Techno Talk - That makes so much sense! (August 2024)
  • Techno Talk - I don’t want to be a Norbert... (September 2024)
  • Techno Talk - I don’t want to be a Norbert... (September 2024)
  • Techno Talk - Sticking the landing (October 2024)
  • Techno Talk - Sticking the landing (October 2024)
  • Techno Talk (November 2024)
  • Techno Talk (November 2024)
  • Techno Talk (December 2024)
  • Techno Talk (December 2024)
  • Techno Talk (January 2025)
  • Techno Talk (January 2025)
  • Techno Talk (February 2025)
  • Techno Talk (February 2025)
  • Techno Talk (March 2025)
  • Techno Talk (March 2025)
  • Techno Talk (April 2025)
  • Techno Talk (April 2025)
  • Techno Talk (May 2025)
  • Techno Talk (May 2025)
  • Techno Talk (June 2025)
  • Techno Talk (June 2025)
  • Techno Talk (July 2025)
  • Techno Talk (July 2025)
Net Work Alan Winstanley Online security is a never-ending quest for effectiveness and usability. This month, Net Work looks at choosing and setting up Two-Factor Authentication. T he British love their gardens, and so, during the recent isolation period, I found myself exploring my own and making a mental To-Do list of jobs to sort out in coming weeks. I discovered that my ancient lawnmower needed a new starter motor, and after earnestly surfing eBay.com (US) I found probably the last remaining Briggs & Stratton spare part anywhere in the world. Thanks to eBay’s cross-border Global Shipping Program (facilitated by Pitney Bowes) it’s heading from Ohio to the UK as I write; and checking the tracking data online whiles away the time during lockdown! Protect your ID Exploring the garden, I then spotted some litter snagged around a shrub: it was a carelessly discarded letter bearing someone’s credit card details, with full name, address and account number laid bare for all to see. Only the 3-digit CVV (Card Verification Value) was missing, and in earlier days a less honest person could have treated themselves to a new lawnmower using this information. In Britain, credit card security measures date back to the mid 1980s when ‘space-age’ holograms were introduced to prevent counterfeiting. Later, the 3-digit CVV was lasered into the signature strip to supposedly foil ‘Cardholder Not Present’ (CNP) scams. Recent new finance regulations (Strong Customer Authentication) have tightened up credit card security even more, in an ongoing drive to thwart credit card fraud. These new measures can force banks or credit card suppliers to authenticate the customer’s identity via an SMS or phone call before a transaction can be completed. Last month’s Net Work considered current trends in accessing online services more securely, especially the use of Two-Factor Authentication (2FA) which introduces an extra step to confirm a user ID. The vast majority of websites currently rely on username and password combinations (‘credentials’) when logging into an online account, but the risk of having personal data stolen from insecure websites, or hijacked by malware, means the risks of impersonation and fraud are ever present. More than 90% of us know not to use the same or similar passwords on multiple websites, but 66% of us do anyway, says LogMeIn in their 2020 Psychology of Passwords report. Instead, try creating one specific to that website and mix in a symbol or two to make life a bit harder for hackers, or create a strong passphrase, or try the online password creator at www. lastpass.com/password-generator. If ever a ‘leaked’ or stolen password comes to light, at least you would know its source. The website https://haveibeenpwned. com is probably the best online resource for checking whether your logins have been stolen in the past. (If ever you wondered, ‘pwned’ is slang for ‘owned’ or ‘taken over’ after a games programmer once mistyped the letter ‘o’; the typo entered everyday culture). Safeguarding logins When surfing online, the major web browsers will offer to store website passwords securely. The latest version of Firefox (v.76) can also check for breached websites and compromised passwords, reporting this in its built-in password manager (Firefox Lockwise – type about:logins to see). A forthcoming Firefox tool called Private Relay can also create a disposable (or ‘burner’) email alias Online password generator provided by LastPass. during signing up, shielding your 10 real address from prying eyes as a further safeguard. To help manage multitudes of logins, dedicated password manager programs can encrypt and store credentials either on disk or in the cloud, so next I’ll summarise some popular ones. Regular readers will recall my choice of Roboform, which offers both local and cloud options. Its portable USB memory key version (Roboform2Go) has been dropped, citing increasing problems attaching the Roboform plug-in to browsers. However, Roboform Free 8.6.7 now offers unlimited login storage for a dedicated Windows or Mac machine: it encrypts and stores logins on your local disk and is worth trying on a busy machine. It can also store data from fill-in web forms (handy for complex or tiresome ones that you use regularly) as well as creating complex passwords. Roboform Everywhere is the regular paid-for cloud version that can be used across all your devices. Available for download from: www. roboform.com Keepass is a free open-source password manager for Windows and Linux (Wine), also offering a portable USB version. It is extensible through plugins. When tested, it made a decent job of importing CSV files from Roboform after mapping the data fields, and I liked the ‘Emergency Sheet’ printout idea. There are lots of options for advanced users to play with, but I found it less seamless to use than Roboform. Download the latest free version 2.44 from: https://keepass.info Password Safe for Windows (https:// pwsafe.org/) creates a single password-protected master list of all your logins. It can also support Yubikey’s USB authenticators (see Net Work last month), requiring both a Yubikey and a master password to access stored passwords. Autofill will usually complete a login automatically, and this can be reprogrammed using codes. It’s maintained by volunteers, and is probably best suited to proficient computer users. PasswordSafe2Go stores passwords on a disk-on-key instead, and costs about £10 via Digital River. Practical Electronics | July | 2020 LastPass password management apps help users to handle log-ins across all their devices. LogMeIn offers LastPass for consumers with free and paid-for ($36/$48 per year) versions, and they can be used on all your devices. It relies on a master password and supports multi-factor authentication. A password generator is included and browser extensions and mobile apps are available. See www.lastpass.com for details. LogMeIn is also the home of GoToMyPC remote accessing software and enterprise engagement tools. Rival Dashlane is another well-known cloud-based service: a free version stores 50 logins on one device. Subscriptions are available from: www.dashlane.com 1Password has apps for Mac, iOS, Windows, Android, Linux, and Chrome OS. A master password protects your (encrypted) password database and it also supports limited 2FA. It costs from $36 to $60 a year and a free trial is available from: https://1password.com Sorting out SIM-swapping As described in last month’s column, 2FA is available to safeguard access to many key web services. Normally, a OneTime Passcode (OTP) such as a PIN is sent via SMS to confirm one’s identity. Opinions vary about how robust this method actually is, because in theory sophisticated fraudsters could trick a cellphone operator into transferring your own cellphone number over to a SIM card in their possession, a fraud known as SIM-swapping. Then they could intercept SMS messages and hack into online accounts. In April, Britain’s consumer watchdog Which? stated that reports of SIM-swapping had leapt by 400% since 2015. UK cellphone operators have tightened up protocols to prevent fraud, but the system is still not perfect. You can read the report from Which? at: https://bit.ly/pe-jul20-which Which? recommends removing your phone number from any websites that use it to reset passwords, and use 2FA authenticator apps instead; they are embedded in your physical device so they circumvent SMS messaging entirely. The free Microsoft Authenticator app uses OTP and is available for Android and iOS. Apart from Microsoft accounts it will also work with Google, Amazon, Instagram, Netflix and others. The app can be installed from Google Play or App Store (more details are at: https:// tinyurl.com/ycxgnqsn) The Google Authenticator app plays a similar role for Google account holders. Another highly popular authenticator app is Authy (https://authy.com) from Twilio, which has an extra free desktop version for Mac, Windows and Linux fans. Its designers stress that Authy can replace Google Authenticator, and it works across multiple devices. It can easily capture 2FA QR codes from Facebook, Amazon, Google, Microsoft, Dropbox and many more. Google de-emphasises other 2FA apps in favour of Google Authenticator: ‘If any websites prompt you to use Google Authenticator for 2FA, note that you can always substitute the Authy 2FA app instead. Although they work in similar ways, Authy is more feature-rich and allows for multi-device syncing, cloud-backups, and easier account recovery should you change or lose your phone or device’, the developers claim; a blog at: https://tinyurl.com/ y874u5nj compares Authy with Google Authenticator. If you are Google and Microsoft-averse, then Authy is probably the authenticator app to choose. Its online support and step-by-step instructions seem excellent. Dipping into 2FA Choosing an authenticator app is only half the battle, though: 2FA has to be enabled in your accounts as well, which can be an onerous and time-consuming task involving some unintuitive and arcane security settings. To set up Authy with a Google account for example, log into https://myaccount.google.com then go to Security settings. The option of what Google cheekily dubs access by ‘Less secure access apps’ is disabled by default: it needs enabling manually for Authy to work. To activate Authy requires ‘App Passwords’ to be enabled which I found to be a convoluted procedure. For more details of setting up App Passwords, see: https://support. google.com/accounts/answer/185833 The technology is still evolving, both for users and online operators, and when disappearing down the rabbit hole of implementing 2FA for the first time, the learning curve can be frustrating. Other considerations to investigate include unforeseen ‘gotchas’ when, for example, a phone breaks or is stolen, or apps have to be reinstalled and logins are lost, or users find themselves locked out of their accounts altogether. Then what? Presently, there is perhaps a slight distrust of 2FA implementation itself: ‘Use Authy instead and don’t worry about losing all your accounts’ said one dismayed Google app reviewer. So-called hardware tokens such as the Yubico USB Security Keys are another option – simply touch the key plugged into your device to verify your ID. Yubico has sent some samples for me to test on some live accounts – I’ll update readers next month. Die-cast enclosures +fl44 1256 812812 • sales<at>hammondmfg.eu • www.hammondmfg.com anged & waterproof www.hammondmfg.com/dwgfl.htm www.hammondmfg.com/dwgw.htm 01256 812812 sales<at>hammond-electronics.co.uk Practical Electronics | July | 2020 11 www.poscope.com/epe How monthly updates will look on the new PE website: the ‘Download’ button under the cover shot links to source code files for that issue. Space roundup - USB - Ethernet - Web server - Modbus - CNC (Mach3/4) - IO - PWM - Encoders - LCD - Analog inputs - Compact PLC - up to 256 - up to 32 microsteps microsteps - 50 V / 6 A - 30 V / 2.5 A - USB configuration - Isolated PoScope Mega1+ PoScope Mega50 - up to 50MS/s - resolution up to 12bit - Lowest power consumption - Smallest and lightest - 7 in 1: Oscilloscope, FFT, X/Y, Recorder, Logic Analyzer, Protocol decoder, Signal generator 12 A new type of recovery satellite – the Mission Extension Vehicle (MEV) – developed for NASA by Northrop Grumman recently accomplished a remarkable first in commercial space technology by docking with an orbiting satellite that was running low on fuel. MEV-1 successfully latched onto a 20-year-old satellite in order to orientate and propel it for a further five years before it is finally decommissioned. The MEV will then attach itself to another orbiting satellite(!).The space-age tow truck is compatible with 80% of orbiting geostationary satellites and has a life span of 15 years, says NASA. NASA has awarded contracts to build a new human landing system (HLS) to take the first woman and another man to the moon, prior to advancing towards Mars. SpaceX, owned by Elon Musk, Blue Origin, owned by Jeff Bezos (see March 2020 column) and technology firm Dynetics have each been awarded contracts for the HLS. More about NASA’s moon shot at: https://go.nasa. gov/2B4pVmr SpaceX launched its seventh array of Starlink satellites at the end of April in its quest to stream low-latency Internet data down through a constellation of satellites. More than 420 Starlinks are now in low-earth orbit, launched using reusable rockets. A number of apps are available that allow interested observers to track satellite trails that are sometimes visible with the naked eye – try findstarlink.com (conditions and sun permitting), or the Satflare website at: https://bit.ly/pe-jul20-sat App developer Terminal Eleven offers an excellent augmented reality (AR) app called SkyView which uses the camera and GPS to locate and identify stars, planets, constellations, satellites and more besides. It’s a low-cost, good value app; seeing it listed in Google Play Store the author ran it successfully on an Android phone but could not install it on a larger Android tablet. Terminal Eleven didn’t respond to queries when asked why. The UK plans to implement its new Digital Services Tax from 1 April, levying 2% on social media, search and online marketplaces that derive profit from UK users. Other countries are following suit, but the UK rate is the lowest, as reported on: https://taxfoundation. org/digital-tax-europe-2020 The US previously threatened retaliation, but an OECD-brokered tax code, addressing the issue of multi-nationals shifting profits around to evade local taxes, is still awaited. Last, more news of the PE website: with our new shopping cart now in full swing, details of legacy projects from the past ten years have now been imported successfully and will be online by the time you read this. You can also sign up to download the corresponding month’s source code (.zip) file directly into your shopping cart, free of charge, and it will also be saved in your account for future reference. We regret that legacy PCB PDF files from the very oldest projects (2007 – 2012) are considered obsolete and will no longer be available online. Our website URLs will be configured to automatically forward users to the new website as a matter of course. See you next month for more Net Work! The author can be reached at: alan<at>epemag.net Practical Electronics | July | 2020