Day: October 4, 2024

V-Cut Vias Test Your Whole Panel At Once

October 4, 2024 by 9 Comments

We might consider PCB panels as simply an intermediate step towards getting your PCBs manufactured on the scale of hundreds. This is due to, typically, an inability to run traces beyond your board – and most panel generators don’t give you the option, either. However, if you go for hand-crafted panels or modify a KiKit-created panel, you can easily add extra elements – for instance, why not add vias in the V-Cut path to preserve electrical connectivity between your boards?

[Adam Gulyas] went out and tried just that, and it’s a wonderfully viable method. He shows us how to calculate the via size to be just right given V-Cut and drilling tolerances, and then demonstrates design of an example board with discrete component LED blinkers you can power off a coin cell. The panel gets sent off to be manufactured and assembled, but don’t break the boards apart just yet — connect power to the two through-hole testpoints on the frame, and watch your panel light up all at once.

It’s a flashy demonstration – even more so once you put light-diffusing spheres on top of the domes. You could always do such a trick with mousebites, but you risk having the tracks tear off the board, and, V-Cuts are no doubt the cleanest way to panelize – no edge cleaning is required after breaking the boards apart. Want to learn about panel design? We’ve written and featured multiple guides for you over the years.

This Week In Security: Zimbra, DNS Poisoning, And Perfctl

October 4, 2024 by 6 Comments

Up first this week is a warning for the few of us still brave enough to host our own email servers. If you’re running Zimbra, it’s time to update, because CVE-2024-45519 is now being exploited in the wild.

That vulnerability is a pretty nasty one, though thankfully requires a specific change from default settings to be exposed. The problem is in postjournal. This logging option is off by default, but when it’s turned on, it logs incoming emails. One of the fields on an incoming SMTP mail object is the RCPT TO: field, with the recipients made of the to, cc, and bcc fields. When postjournal logs this field, it does so by passing it as a bash argument. That execution wasn’t properly sanitized, and wasn’t using a safe call like execvp(). So, it was possible to inject commands using the $() construction.

The details of the attack are known, and researchers are seeing early exploratory attempts to exploit this vulnerability. At least one of these campaigns is attempting to install webshells, so at least some of those attempts have teeth. The attack seems to be less reliable when coming from outside of the trusted network, which is nice, but not something to rely on.

New Tool Corner

What is that binary doing on your system? Even if you don’t do any security research, that’s a question you may ask yourself from time to time. A potential answer is WhoYouCalling. The wrinkle here is that WYC uses the Windows Event Tracing mechanism to collect the network traffic strictly from the application in question. So it’s a Windows only application for now. What you get is a packet capture from a specific executable and all of its children processes, with automated DNS capture to go along. Continue reading “This Week In Security: Zimbra, DNS Poisoning, And Perfctl”

The Raspberry Pi 500 Hints At Its Existence

October 4, 2024 by 61 Comments

It’s fairly insignificant in the scheme of things, and there’s no hardware as yet for us to look at, but there it is. Tucked away in a device tree file, the first mention of a Raspberry Pi 500. We take this to mean that the chances of an upgrade to the Pi 400 all-in-one giving it the heart of a Pi 5 are now quite high.

We’ve remarked before that one of the problems facing the Raspberry Pi folks is that a new revision of the regular Pi no longer carries the novelty it might once have done, and certainly in hardware terms (if not necessarily software) it could be said that the competition have very much caught up. It’s in the Compute Module and the wildcard products such as the all-in-one computers that they still shine then, because even after several years of the 400 it’s not really seen an effective competitor.

So we welcome the chance of an all-in-one with a Pi 5 heart, and if we had a wish list for it then it should include that mini PCI-E slot on board for SSDs and other peripherals. Such a machine would we think become a must-have for any space-constrained bench.

Need High-Power Li-Ion Charging? How About 100 W

October 4, 2024 by 21 Comments

Ever want a seriously powerful PCB for charging a Li-Ion pack? Whatever you want it for, [Redherring32] has got it — it’s a board bearing the TPS25750D and BQ25713 chips, that lets you push up to 100 W into your 1S Li-Ion pack through the magic of USB Power Delivery (USB-PD).

Why do you need so much power? Well, when you put together a large amount of Li-Ion cells, this is how you charge it all at once – an average laptop might charge the internal battery at 30 W, and it’s not uncommon for laptop batteries to be dwarfed by hackers’-built packs.

A 4-layer creation peppered with vias, this board’s a hefty one — it’s not often that you see a Li-Ion charger designed to push as much current as possible into a cell, and the chips are smart enough for that. As far as the onboard chips’ capabilities go, the board could handle pack configurations from 1S to 4S, and even act as a USB-PD source — check the IC configuration before you expect to use it for any specific purpose.

Want a simpler charger, even if it’s less powerful? Remember, you can use PPS-capable PD chargers for topping up Li-Ion packs, with barely any extra hardware required.