Anatomy of a Scam: the tale of the £40 3D printer.

Posted on 2015-10-05 in misc

Aliexpress Screenshot

When i saw this, I thought "£40 for a 3d printer?  Including UPS shipping? This is too good to be true!"

Though thinking about it a bit more, I couldn't think of any way they could get away with the money.  Aliexpress offers full buyer protection if you buy through alipay, and money is held in escrow.  So I bought a couple to see what the dealio is. If it does arrive and its shit, just the motors would cost more then £40 to buy, and I can definitely reuse them.  I figured going into this paranoid, I might just about be able to figure it out before they run away with my money.

This morning, I got shipping confirmation, with a china post shipping code. "Wow, maybe its not a scam?" I thought. Then I received this message:

hi. friend. Because you choose courier suspended. We send you the goods by China Post Air Parcel. Give you cause delays receive the package, so we give you $15 in compensation. You may submit disputes. A partial refund of $15 agreement. We give you a refund in a timely manner. Thank you

Ok, yeah, thats a bit odd.  This is the penny dropping.

The way AliExpress works, you can open a dispute on any order for either the full, or part of the purchase price.  If the seller agrees, the refund is paid out to you right away.  But if I open a dispute for the shipping, maybe I lose the ability to open a dispute for the remainder if the item doesn't arrive? The FAQs were unclear, so I set off to AliExpress customer support:

If I open a dispute for a partial refund (for the shipping), can I then open another dispute later if the item does not arrive

No, if the dispute has been agreed the seller with partial refund, the remaining payment will be release to the seller automatically

With this, I highly suggest to please ask a full refund instead.

So there it is.  Beautiful in its simplicity.  You ask for a dispute for the shipping charges, get your £8 shipping back, and lose the ability to claim back your £32 for the rest the item when it doesnt arrive.  Since I have 40 days of purchase protection remaining, I'm going to hold off claiming a full refund for a couple of weeks, and I'll update here if I turn out to be wrong and something does arrive!

Update!

Another message is being sent to those of us who have ignored the first message, or replied that the refund is not necessary:

Friends. Goods are in transit. Do not worry. We give you a refund of compensation today. Tomorrow no longer compensate, please submit the dispute in a timely manner, thank you

Ahh, a time limit! Best get the refund quick, otherwise they wont offer it anymore! I've received this second message, as have others. I'm guessing it wont be long until aliexpress close their account, so they've gotta try and get as much cash out asap.

Update!

Just got an email from aliexpress:

Your order --REDACTED-- has been frozen due to suspicious seller activity.

We have suspended this seller’s account because we detected unsafe trading activities. All of your pending orders with this seller have been frozen for your security.

We have asked this supplier to provide supporting evidence, such as shipping documents and qualification certificates. If the supplier is unable to provide the evidence or if the evidence is insufficient, we will close the order and process the refund for you within 5 business days (In case of certain circumstance, the processing period may be extended).

We apologize for this inconvenience. At AliExpress we are committed to ensuring you enjoy a safe shopping experience. We will continue striving to improve. Your understanding and cooperation are highly appreciated, if you have any question or suggestion, please click here

Your understanding and cooperation are highly appreciated.

Sincerely,

AliExpress Trade Security Department

I'm fairly unsurprised by this, hopefully the refund will be forthcoming fairly quickly.

Final Update

Your Order No:-REDACTED- has been closed because the supplier did not provide necessary evidence. The payment will be refunded to you within 7-10 working days.

AliExpress strives to continuously improve our trading environment. Thank you for your understanding and continued support.

Sincerely,

AliExpress Trade  Security Department

And its over. This experience has massively reaffirmed my confidence in aliexpress' customer services and payment systems. Other sales websites should take notice!


Setting up a self-healing SSH tunnel for Raspberry Pi using Debian.

Posted on 2015-04-30 in sysadmin

I use quite a few raspberry pi's in locations that dont have the ability for me do incoming SSH to update / reboot / maintain them.  This is how i set up a reverse SSH tunnel to them, allowing me to access them from anywhere with internet access!

If the site has a proxy, first you'll need to install a proxy puncher to allow you to bypass it.

1
$ sudo http_proxy="http://proxy.ip.address:port" apt-get install corkscrew

Then install screen. Screen allows you to start a process running 'detached' from your current shell, so you dont have to be logged in to keep the tunnel up.

1
$ sudo apt-get install screen

Create a user for your ssh tunnel. You could just use the default pi user, but i prefer to use a dedicated tunnel user.

1
$ sudo adduser --system tunnel

Create tunnel config

1
2
$ sudo -u tunnel mkdir /home/tunnel/.ssh
$ sudo -u tunnel vim /home/tunnel/.ssh/config

Paste the following into the file. This forwards port 22 (ssh) and 80 (http) on the raspberry pi to ports 8022 and 8080 on your VPS.

1
2
3
4
5
6
7
8
9
ProxyCommand corkscrew 127.0.0.1 3128 %h %p
Host tunnel
  Hostname your.vps.hostname
  Remoteforward 8022 localhost:22
  Remoteforward 8080 localhost:80
  Port 443
  User tunnel
  ServerAliveInterval 10
  ServerAliveCountMax 3

NOTE: If you are not using a proxy, remove the corkscrew line and the port 443 line. The port 443 line above is only needed if you are behind a proxy and firewall that disallows port 22 outgoing. I have set up my SSH daemon on the VPS to listen to port 443 (the https port) as well as the normal 22 as this will manage to punch its way through most proxies.

The ServerAliveInterval and ServerAliveMax variables above basically say "send a packet across the tunnel every 10 seconds. If you don't get anything back after 3 tries, close the tunnel"

The above config also assumes you have set up a tunnel user on the machine you are SSHing to. If not, either create a tunnel user the same way we did above, or change the user line in the config to the username you will be using on the VPS side.

Generate your RSA key and upload to the VPS

1
2
3
4
$ sudo -su tunnel
$ export HOME=/home/tunnel
$ ssh-keygen
$ ssh-copy-id tunnel

At this point, you should be able to SSH to tunnel without typing in any passwords etc.

1
2
$ ssh tunnel
Linux thinkl33t 3.2.0-4-686-pae \#1 SMP Debian 3.2.65-1+deb7u2 i686

Set up our shell scripts to automatically start the tunnel.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
$ sudo -su tunnel
$ mkdir /home/tunnel/bin
$ echo 'PATH="\$HOME/bin:\$PATH"' | tee /home/tunnel/.bashrc
$ echo '\#!/bin/bash' | tee /home/tunnel/bin/monitor\_tunnel.sh
$ echo 'APPCHK=\$(screen -ls | grep -c tunnel)' | tee -a /home/tunnel/bin/monitor\_tunnel.sh
$ echo 'if \[ \$APPCHK = "1" \]; then' | tee -a /home/tunnel/bin/monitor\_tunnel.sh
$ echo ' echo "Starting SSH tunnel"' | tee -a /home/tunnel/bin/monitor\_tunnel.sh
$ echo ' screen -mdS tunnel ssh -N tunnel' | tee -a /home/tunnel/bin/monitor\_tunnel.sh
$ echo 'fi' | tee -a /home/tunnel/bin/monitor\_tunnel.sh
$ echo 'exit' | tee -a /home/tunnel/bin/monitor\_tunnel.sh
$ chmod a+x /home/tunnel/bin/monitor\_tunnel.sh

The above script checks for an already open screen session with the name 'tunnel'. If it doesn't exist, it creates it. If it does exist it just ends. The screen session is launched in a detached state (in the background), and will automatically end when the SSH tunnel falls over.

Set up the crontab to automatically run our monitoring script once a minute

1
$ echo '\*/1 \* \* \* \* /home/tunnel/bin/monitor\_tunnel.sh' | crontab

Your tunnel should come up shortly, woo!

To test it out, from your VPS, type

1
2
3
$ ssh localhost -p 8022
parag0n@localhost's password:
Linux thinkl33t 3.2.0-4-686-pae \#1 SMP Debian 3.2.65-1+deb7u2 i686

Brill, you can now SSH in from your VPS... But by default SSH tunnel ports are only available from localhost, so you'd have to log into your VPS every time you wanted to get into the pi. So, lets edit the SSH config file on your local machine!

1
2
3
4
Host pi
  Hostname localhost
  Port 8022
  ProxyCommand ssh your.vps.hostname nc %h %p

This will allow you to type in ssh pi on your local machine, and will automatically ssh into your VPS, then SSH into localhost. Sorted.


Project - Lil' Buggers

Posted on 2014-05-12 in makes

Lil Buggers

We like to do occasional workshops at the Hackspace, so when we were asked to make something 'bug themed' for a workshop, we jumped on it.   The first thought we had was to make up some bug-shaped PCBs with a circuit to flash LEDs, and run a soldering workshop.  When we found out the workshop was a week away, we panicked a little, as that's not really enough time to get PCBs manufactured at a sensible price.

We decided instead to make little laser cut bugs with LED eyes, as they can be made with easily available materials, and infinitely customised.

Step one was to choose a material.  Our first experiments were with acrylic.  I whipped up some designs for 'joints', which would friction fit onto the side or top of a 'body'.  I attached these to a curved path in inkscape for the legs, and bug #0 was born!

Bug 0

Bug #0 had a couple of issues, mainly due to the material choice.  Acrylic thicknesses can be a bit variable, the tolerance can be as wide as ±10%, and it is fairly brittle.  the combination of these two issues caused at least one broken leg (hence #0 having 5 legs!).

We decided to have a go at laser MDF instead.  Laser MDF is basically MDF made with a glue that is less harmful to people and laser cutters than regular MDF.  It has the advantage of being very dimensionally accurate (our 3.2mm MDF was measured at 3.21mm), and having a bit of bend before it breaks.

Bug 1

Bug #1 was born.  It assembled a lot easier than #0, and has cool looking scorched edges.   At this point I started designing some add-on parts to allow attendees to customise their bugs, including wings, tails, hairy legs, and mandibles.

The only issue with #1 was losing the wide range of colours available from acrylic.  However, I had a flash of inspiration, and gave a sheet of laser MDF a light coat of red spraypaint.   This dries fast, and gives an awesome splash of colour.

Bug 2   Bug #2 is alive!  This time sporting a lovely pair of wings and some antennae. #2 was done with just one side of the wood painted, which gives a cool effect. depending on what side of the bug you're looking at.

Then things got a bit silly...

Bugs

We now have a swarm of these delightful Lil' Buggers invading the hackspace.  With a magnet and a dab of hotglue they'll stick to anything metallic, and their LED eyes last for a couple of days on a coin cell.


45 Minute Project - £4.10 XBMC Remote Receiver

Posted on 2014-03-01 in makes

I'm a big fan of XBMC, and have an Ouya running XBMC set up in my lounge, streaming from my NAS. I normally use XBMC remote on my phone for controlling it, but this gets annoying when the phone is on charge, or I'm using it for something else.

I noticed that the majority of my TV remote is completely unused when the TV is in HDMI mode, and had a bit of a lightbulb moment!

Remote Almost none of these buttons are used!

I already had an Arduino Pro Micro (£3) lying about i'd bought for testing out as an upgrade path for the minimus based projects i've been playing with.  It is leonardo compatible, small, cheap and pretty easily available.  I added an IR Receiver (£1.10) to the weekly Hackspace Farnell order to complete the parts list.

The pinout of the IR receiver makes it very easy to connect to the pro micro, using the RAW (VUSB), GND, and A3 pins.  I just bent the OUT pin (pin 1) on the receiver to the left a bit as follows:

Front Back   The body of the receiver fits perfectly behind the USB plug, flat against the voltage regulator.  I used the IRremote arduino library to grab data from the remote using the IRrecvDemo sketch and mushed some buttons:

1
8B452ADFFFFFFFFFFFFFFFF8B410EFFFFFFFFFFFFFFFFFFFFFFFFF8B4D22DFFFFFFFF8B4926DFFFFFFFFFFFFFFFF

My remote uses 0xFFFFFFFF as a 'key repeat' code, about every 200ms when the button is held down. I found that in practice I had to ignore the first of these, as it was repeating way too fast and doing double presses.

I tweaked the IRrecvDemo sample code, added in a bit of keyboard and came up with some working code:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
#include IRrecv
int RECV_PIN = A3;

IRrecv irrecv(RECV_PIN);
decode_results results;

int key;
int count;

void setup()
{
  irrecv.enableIRIn(); // Start the receiver
}

void loop() {
  if (irrecv.decode(&results)) {
    switch (results.value)
    {
      case 0x8B452AD: // up
        key = KEY_UP_ARROW;
        count = 0;
        break;
      case 0x8B410EF: // right
        key = KEY_RIGHT_ARROW;
        count = 0;
        break;
      case 0x8B4D22D: // down
        key = KEY_DOWN_ARROW;
        count = 0;
        break;
      case 0x8B4D02F: // left
        key = KEY_LEFT_ARROW;
        count = 0;
        break;
      case 0x8B4926D: // enter
        key = KEY_RETURN;
        count = 0;
        break;
      case 0x8B412ED: // red
        key = KEY_BACKSPACE;
        count = 0;
        break;
      case 0x8B4B24D: // green
        key = ' ';
        count = 0;
        break;
      case 0x8B44AB5: // yellow
        key = KEY_ESC;
        count = 0;
        break;
      case 0x8B450AF: // blue
        key = 's';
        count = 0;
        break;
      case 0xFFFFFFFF:
        count++;
        break;
      default:
        key = -1;
        break;
    }

    if ((key != -1) && (count!=1)) // if count = 1, it is the first key repeat, so ignore it.
      Keyboard.write(key);

    irrecv.resume(); // Receive the next value
  }
}

Total cost £4.10, total time 45 minutes. Sorted!

Zappp


3D printing - Bandsaw Fence

Posted on 2013-03-21 in makes

I spent some time earlier in the week getting the bandsaw at Hackspace Manchester working, so now its cutting again!  The main problem with the bandsaw is cutting straight, as it was an ebay purchase it diddnt come with a fence, so there was nothing to run the cut material against.  This model of bandsaw hasnt been made in around 30 years, so trying to buy a new one will be impossible, and ebay is too much hard work.

Though we do have a 3d printer... and a workshop.  Idea!

Step one was to have a look at the bandsaw.  It has a channel running along the front , so I took some measurements to see what I was working with.

channel paper

So, i had the measurements, it was time to take to my CAD software and design something to fit in the channel.  My choice for this is OpenSCAD.  I used it to first create the shape of the channel, then to carve this shape out of a block.

openscad1 openscad2

I extruded this to a few mm wide, then printed it to test.  There was a bit of tweaking needed to get it to fit exactly, so i ended up doing 4 iterations with the sizes tweaked slightly.

testpieces

testprint test

Once i had one that fitted, i printed it out extruded to 20mm to check it would fit and slide correctly.

testfits

It did, so i moved onto designing the actual fence.  Step one was to cut some aluminium extrusion to size, and measure it.  A month or so ago I had managed to womble a nice straight piece of 16mm x 16mm  3.2mm thick L channel, which was pretty much the perfect size.  I cut this to size, and modelled it in openscad.

cad

The actual cad modelling took a couple of hours of tweaking, but i the above picture shows the basic steps.

First off i extruded my clamp to 50mm wide, and added a wedge to the side of it.  50mm gives enough width for it to sit in the runner, and counteract twisting force from the back of the fence being pushed on.  The wedge is to give support to the top part of the L channel.

Second, I added two captive nuts and holes for M5 bolts.  Mainly because we have a massive bag of M5 hex-head bolts that are perfect for printed thumbscrews. Theoretically i could have threaded into the ABS directly, but i felt this wouldnt last, so embedding a nut seemed like the best option.

Third, i carved out the hole for the L channel.  This leaves a bit of an odd shaped unsupported piece, which may be weak. Because this piece will be in the channel, i decided to leave it, as it'll make measuring up on the built-in ruler more accurate.

Lastly, i added some pilot holes for attaching the aluminium to the 3d printed part.  i decided to use 3mm x 12mm self tapping screws for this, because i had them on hand, and they can be countersunk fairly easily.

printed

I test-assembled the whole thing in the vice, it fitted nicely in the channel, so it was ready for connecting together.  I marked, center punched, drilled and countersunk the holes for the 3 screws that hold the whole thing together.  Add some screws and we're sorted!

fits

Of course, i had to do a test cut at this point, so some of the scrap acrylic pile was chopped into little strips.

cutting

Woohoo, it worked!  All it needed to be complete is some knobs.  So i headed over to thingiverse to find a knob that'll fit nicely over an m5 nut... and found nothing useful.  No worries, i just OpenSCADdded one up.

knob

finished

So there it is, a useful thing i've made on the 3d printer that wasnt a part for a 3d printer!

Source files (stl, openscad) are available on My GitHub