Tuesday, October 11, 2011

Repair (aka. bypass) safety switches on "dead" Krups GVX2 burr coffee grinder

Every geek needs coffee, but lately my Krups GVX2 burr coffee grinder started acting up.

Sometimes it would stop grinding prematurely, other times it just would not start. Sometimes simply pressing the top lid would do the trick, other times it had to be taken off, put back on and then pressed down. Sometimes I would just give up.

The grinder won't start unless both the top lid is on and the ground coffee container is in place. It seemed that the safety switch for the top lid was being a little over-cautious (aka. broken).

I turns out the two micro switches are held in place by thin strips of cheap plastic, which can evidently break from repeated use.

While perhaps not entirely impossible, I don't see how you can stick your fingers in the blades, unless you're trying hard. So instead of throwing out the grinder, I decided to bypass the switches entirely, so the grinder would work, regardless of the top lid and removable container.

Another option would be to fix the mount for the switches with bits of plastic and/or glue - you decide which option suits you best. In either case, do so entirely at your own risk. It is a device connected to mains electricity after all.

Here is a description of what I did (forgot to take pictures)...

Tools Needed

  • 2 small flat head screwdriver
  • Wire cutter
  • Soldering iron and solder
  • Electrical tape or heat shrink
  • (Butter knife) 

Opening the Machine

  • Remove bean hopper, ground coffee container and any beans left in the machine.
Then remove the dials. The side dial is held in place by three latches, the front dial by friction only.
  • Gently pry off the front dial, using a butter knife (or flat head screwdriver).
  • Use a small flat head screwdriver to pry the side dial a bit to the side, then use another small screwdriver one of the exposed latches. Repeat until the dial comes off.
The large outer shell is held in place by four latches in the bottom. It takes a bit of convincing, before it comes off.
  • Turn the machine upside down.
  • Pull out the four rubber feet.
  • Using a butter knife or small flat head screwdriver, release one of the latches, while pulling down on the shell. It should give a millimetre or two. Repeat for the other three latches.
  • Slide the shell off the machine and turn it again.
In my case, the front metal plate also fell off. Notice the small plastic "hook" holding the wires to the right of the circuit board.
  • Remove the two screws holding the funnel in place and remove it.
  • Unscrew and remove the micro switch from the funnel. Discard the screws if you're going to bypass the switches.
  • Carefully cut the plastic strip on the bottom left of the printed circuit board.
  • Pull up the circuit board to expose the micro switch for ground coffee container.
  • Unscrew and remove the micro switch above the container. Discard the screws if you're going to bypass the switches.
  • Turn the machine upside down, to get the small plastic pins and spring out. Discard them if you're going to bypass the switches.
Correction: It turns out the micro switch just above the container serves an additional purpose: It helps keep the container in place, when the machines spits out the ground coffee.

While it may be necessary to unscrew the switch to work with the wires, I do recommend assembling switch, plastic pins and spring again when done. Else you'll probably need to put a rubber band around the machine, like I have now c",).

Now for the fun part...

Bypassing the Switches

The two switches are serially connected and sits between the power supply and circuit board (PCB). The short wire between the PCB and container micro switch has an extra layer of insulation, to protect it from the heat from the hot resistors. The wire is short as it is, so be careful not to make it shorter, when removing insulation from the tip.
  • Following the wire from the power supply at the bottom, cut it as close to the funnel switch as possible.
  • Following the (short) wire from the PCB to the container switch, also cut this as close the switch as possible.
  • Remove the insulation from both wire ends.
  • If using heat shrink, place it on the long wire.
  • Solder the two ends together. The easiest way to do this, is to heat the wire ends separately and apply just enough solder, to make a nice shiny "coat" on the wire. Then hold the wire ends together and apply heat. Remove the soldering iron as soon as the solder melt and blow lightly.
  • Apply electrical tape or cover the wire ends with the heat shrink and use the soldering iron to shrink it.

Putting it Back Together

  • Put the plastic pin and spring for the container micro switch back in place and screw the switch back on.
  • Put the circuit board back in place, carefully aligning the newly soldered wire in front of the PCB, along the bottom.
  • Press wires back in the small  plastic "hook".
  • Put the funnel and secure it with the two screws.
  • Attach the front metal plate. There are pins that fits in the small holes on either side of the bean hopper.
  • Slide on the shell. A bit of pressure may be needed before it clicks in place.
  • Turn the machine upside down and check that the shell fits snugly.
  • Re-attach rubber feet.
  • Rejoice!

Sunday, April 3, 2011

Replacing self-signed certificate on Synology Disk Station running DSM 3.x with a StartSSL certificate using command line (advanced)

I love my Synology Disk Station but been wanting to replace the self-signed certificate, with a certificate from a widely trusted Certificate Authority for a long time.

Unfortunately, even with DSM version 3.0, there is still no way to do this through the web interface. I seem to stand corrected - At Control Panel/Web Services/HTTP Service Options, there is actually an "Import Certificate" button. Haven't tried it myself, but looks like it is possible after all. On the bright side, I gathered a lot of knowledge setting this up through the command line :-).

Through Googling, trial and error, I managed to replace the self-signed certificate with a free, validated certificate from StartSSL.

I am now better protected against man-in-the-middle attacks, as I am presented with a validated certificate from a trusted source, rather than a self-signed certificate which I must choose to trust each time I connect.

The usual disclaimer: I am by no means a *nix wiz. Since this was not as straightforward as it should have been, I decided to post the steps so other people can benefit from it. Use any of the information here to your heart's content, but do not blame me if something goes horribly wrong.

Any corrections, suggestions and other feedback is well appreciated.

Ensure telnet/SSH access to the Disk Station is enabled and login as root, e.g. using PuTTY.

DSM 3.0 seems to be missing the openssl.cnf file, which is expected at /usr/syno/ssl/openssl.cnf.

Download the sources from the appropriate version of OpenSSL from http://www.openssl.org/source/, then extract openssl.cnf from /apps/ in the tar ball to a directory on your Synology, e.g. /volume1/share/.

To check your version of OpenSSL:
openssl version
My DS207+ running DSM 3.0 has OpenSSL 1.0.0a (1 Jun 2010).

Update: After upgrading my DS207+ to DSM 3.1 (build 1636), I'm now on OpenSSL 1.0.0c (2 Dec 2010). My DS108j running DSM 3.1 (build 1748) is running OpenSSL 1.0.0d (8 Feb 2011).

Create the directory /usr/syno/ssl and copy openssl.cnf to it:
mkdir /usr/syno/ssl/
cp /volume1/share/openssl.cnf /usr/syno/ssl/
Next, generate a temporary working folder (e.g. /usr/local/ssl/) and change directory to that:
mkdir /usr/local/ssl
cd /usr/local/ssl

Generating the private key and certificate request
Now create a new private key for encryption of the SSL session. OpenSSL will force you to protect the key with a password:
openssl genrsa -out server.protected.key 2048
The password protection must be removed, before the key can be used by the web interface:
openssl rsa -in server.protected.key -out server.key
Create a certificate request (CSR) based on the new key:
openssl req -new -key server.key -out server.csr
You do not necessarily have to enter all details - it depends on what your certificate provider requires. The most important is the "Common Name", which must exactly match the DNS name used to access the Synology, e.g. mysynology.dyndns.org.

With class 1 validated certificates, much of the information you can input to the request, is often discarded by the certificate provider. E.g. only country and common name (CN) is used by StartSSL discards all information from the CSR except the public key.

Depending on your certificate providers request procedure, either upload the server.csr file or copy the contents of the file and paste into the providers website when prompted.

To output the contents:
cat server.csr

Installing the files
  • Save the issued certificate to a directory on the Synology, e.g. /volume1/share/server.crt
  • Copy the certificate to the working folder created:
    cp /volume1/share/server.crt /usr/local/ssl
  • Change into the Synology certificate folder
    cd /usr/syno/etc/ssl
  • Make a backup folder for the old files:
    mkdir bak
  • Copy the old files into the backup folder:
    cp -r ssl.crt bak
    cp -r ssl.csr bak
    cp -r ssl.key bak
  • Remove the self-signed CA certificate and associated files:
    rm ssl.crt/ca.crt
    rm ssl.csr/ca.csr
    rm ssl.key/ca.key
  • Copy the new files to the current folder:
    mv /usr/local/ssl/server.crt ssl.crt
    mv /usr/local/ssl/server.csr ssl.csr
    mv /usr/local/ssl/server.key ssl.key
  • Restart your Synology Station:

Thanks to