Tiny Tapeout 4: A PWM Clone Of Covox Speech Thing

Tiny Tapout is an interesting project, leveraging the power of cloud computing and collaborative purchasing to make the mysterious art of IC design more accessible for hardware hackers. [Yeo Kheng Meng] is one such hacker, and they have produced their very first custom IC for use with their retrocomputing efforts. As they lament, they left it a little late for the shuttle run submission deadline, so they came up with a very simple project with the equivalent behaviour of the Covox Speech Thing, which is just a basic R-2R ladder DAC hanging from a PC parallel port.

The computed gate-level routing of the ASIC layout

The plan was to capture an 8-bit input bus and compare it against a free-running counter. If the input value is larger than the counter, the output goes high; otherwise, it goes low. This produces a PWM waveform representing the input value. Following the digital output with an RC low-pass filter will generate an analogue representation. It’s all very simple stuff. A few details to contend with are specific to Tiny Tapout, such as taking note of the enable and global resets. These are passed down from the chip-level wrapper to indicate when your design has control of the physical IOs and is selected for operation. [Yeo] noticed that the GitHub post-synthesis simulation failed due to not taking note of the reset condition and initialising those pesky flip-flops.

After throwing the design down onto a Mimas A7 Artix 7 FPGA board for a quick test, data sent from a parallel port-connected PC popped out as a PWM waveform as expected, and some test audio could be played. Whilst it may be true that you don’t have to prototype on an FPGA, and some would argue that it’s a lot of extra effort for many cases, without a good quality graphical simulation and robust testbench, you’re practically working blind. And that’s not how working chips get made.

If you want to read into Tiny Tapeout some more, then we’ve a quick guide for that. Or, perhaps hear it direct from the team instead?

Continue reading “Tiny Tapeout 4: A PWM Clone Of Covox Speech Thing”

Screenshot of the GitHub Marketplace action listing, describing the extension

Giving Your KiCad PCB Repository Pretty Pictures

Publishing your boards on GitHub or GitLab is a must, and leads to wonderful outcomes in the hacker world. On their own, however, your board files might have the repo look a bit barren; having a picture or two in the README is the best. Making them yourself takes time – what if you could have it happen automatically? Enter kicad-render, a GitHub and GitLab integration for rendering your KiCad projects by [linalinn].

This integration makes your board pictures, top and bottom view, generated on every push into the repo – just embed two image links into your README.md. This integration is made possible thanks to the new option in KiCad 8’s kicad-cli – board image generation, and [linalinn]’s code makes KiCad run on GitHub/GitLab servers.

For even more bling, you can enable an option to generate a GIF that rotates your board, in the style of that one [arturo182] demo – in fact, this integration’s GIF code was borrowed from that script! Got a repository with many boards in one? There’s an option you could make work for yourself, too.

All you need to do is to follow a couple of simple steps; [linalinn] has documented both the GitHub and GitLab integration. We’ve recently talked about KiCad integrations in more detail, if you’re wondering what else your repository could be doing!

Push ESP32 Over The Air Updates From GitHub

Let’s say you’re working on an ESP32 project to send off to your grandma; something she can just plug in and it will start automatically monitoring her plant’s water levels. But you discover a critical flaw in the firmware and need to update it. Does she send it back? Do you walk her through dropping the update via the Arduino IDE OTA? The easiest way would be to plan and use something like esp_ghota, an OTA framework by [Justin Hammond].

OTA (Over-The-Air) updates are a fantastic feature of the ESP32, and we’ve covered libraries that make it easy. But compared to those earlier projects, esp_ghota takes a different approach. Rather than hosting a web server where someone can drop a binary, it looks at GitHub releases. [Justin] had to include a streaming JSON parser, as GitHub API responses tend to be beefy. The workflow is straightforward, push a new commit to your main branch on GitHub, and the action will trigger, building a few different versions. Your little plant watering reminder at your grandma’s will check every so often to see if a new version has been pushed and can update with rollback on littlefs, fatfs, and spiffs filesystems.

It’s an incredible project that we suspect will be very useful for many folks to update their projects. [Justin] even includes an example GitHub action and a sample ESP32 project.

This Week In Security: The Apache Fix Miss, Github (Malicious) Actions, And Shooting The Messenger

Apache 2.4.50 included a fix for CVE-2021-41773. It has since been discovered that this fix was incomplete, and this version is vulnerable to a permutation of the same vulnerability. 2.4.51 is now available, and should properly fix the vulnerability.

The original exploit used .%2e/ as the magic payload, which is using URL encoding to sneak the extra dot symbol through as part of the path. The new workaround uses .%%32%65/. This looks a bit weird, but makes sense when you decode it. URL encoding uses UTF-8, and so %32 decodes to 2, and %65 to e. Familiar? Yep, it’s just the original vulnerability with a second layer of URL encoding. This has the same requirements as the first iteration, cgi-bin has to be enabled for code execution, and require all denied has to be disabled in the configuration files. Continue reading “This Week In Security: The Apache Fix Miss, Github (Malicious) Actions, And Shooting The Messenger”