2024-02-19

JLPCB

As some of you know I use JLCPCB a lot for my PCBs.

Why not UK?

We do use UK manufacturers for our FireBrick products, but for the small cheap PCBs I make, it is simply not viable. I have tried to get competitive quotes but people in the UK cannot match the prices, or even close, or the time scales. It is a real shame, and would be great if the UK could find any way to compete.

Problems?

I posted about a weird tracking issue a while back. Thankfully it was a one off.

But things have gone down hill.

Stupid rules

One issue (I don't think I posted) was that they charge a surcharge for "multiple designs" on a PCB, i.e. where cuts or v-cuts allow parts of the board to be broken off, and those have different designs on them. I don't follow the logic at all. But what is even more weird is the logic for this - any tracks or silk screen on break of parts makes it a different part. If just blank, it not and so no surcharge. They can silk screen on it at no extra (e,g. their job number). I even tried to "follow the rules" and had text done in the solder resist (they say explicitly tracks and silkscreen as separate parts, not solder resist), but they would not play. It is a shame, I just wanted a bar code (for the board) on the break of parts of a panel. Pain, but their stupid rules.

Broken search

More recently I found, when uploading, a part was not in stock, a 124k 0402 resistor. For a start, how is that not in stock, but I did the search option and it showed many 0402 parts and I picked one in stock.

What fooled me is the search did not list resistors matching the value I was searching, and I managed to pick a 0.124Ω resistor. My mistake, after a broken search, and I got a UK company to rework for me ("hot tweezers").

Broken component selection

Anyway, my mistake. This time I ordered more boards, same bill of materials I have used dozens of times before, and for this one component, the same as dozens of designs of boards over the last 6 months.

The BOM has an "R" (i.e. resistor) in an "0402" package, with a value of "124k", simple. I don't care the other aspects, it is a potential divide as a reference for the regulator, so really does not matter what 0402 124k resistor it is, hence I have not picked a specific LCSC part number for a specific manufacturer, as that could be out of stock more easily. Like simple resistors and capacitors I simply list the value I want, obviously.

As usual, it picked the parts, and showed them, not actually showing the value, as truncated. But I gate it a value, as I have done so many times before, and obviously expect it to pick a resistor of that value.

Suddenly, this time, it picked a 1.24Ω resistor. So ignored the value I specified! This happened on two orders. One I will have to pay someone to rework, again!

This is bad, I should be able to just say I want an 0402 resistor of a specific value and it pick one. That really is one of the most basic things they can handle in the BOM upload. They used to handle it.

Update: Just to be clear, I have used JLC for years and never had an issue until now, but now it is seriously broken. I re-tested, and even adding Ω to the value does not help. Magically today the 124k is working, but the 1M is suddenly 51kΩ - which makes no sense at all. Previously perfectly fine BOM files now fail randomly. I tried setting specific LCSC parts, which works, except that they are then out of stock of the specific parts and you have to search parts instead of just using a known working BOM.

Baking

And now the latest fiasco, and this really is now taking the piss,.

A part I have used on dozens of designs over at least 6 months, and hundreds of boards. A simple LED. Indeed, my Stargate designs actually have over 500 of them on each board!

The design I am ordering is one I have ordered many times, indeed, I just received some I ordered over a week ago, same BOM, same LED (wrong resistor, as above).

But now, for some reason this "is highly sensitive to humidity, and needs baking before soldering, or it will easily got moisture damaged". They suggest checking the datasheet. There is a surcharge!

The datasheet says: "If the moisture absorbent material has fade away or the LEDs have exceeded the storage time, baking treatment should be performed based on the following condition: (60±5)°C for 24 hours."

This suggests they have stored it incorrectly maybe? and want me to pay a surcharge for their bad handling of a component.

Awaiting reply, but they have gone from "quick, easy, cheap", to "pain in the arse, costly rework, and stupid rules and extra cost."

I may have to find someone else!

2024-02-02

Hiding passwords

A minor niggle, but some times you want a web form that has passwords.

The classic solution is type=password and send the password as the value. This works, and if the page is all https, then why not, it is secure. It also offers to save the password (something that is really hard to disable these days, and there are reasons to want to do that!).

But what if not https, for, reasons*

Sending a password is not ideal - but if not https, sending one back is also in the clear, but if the threat is purely snooping then it is not too daft to minimised sending it when not needing changing. You minimised the window of capturing it. You also stop someone simply requesting the page to see it, even if they are able to change it.

So a simple fix is to have a rouge value password you use to mean no change such as ********. You can send this and if a returned value is not that then it means a new password has been set.

It bugs me slightly, as it means you cannot have a password of ********.

Well, maybe.

  1. Only send when password set, as always useful to be clear if a password is set or not.
  2. Why not use something more esoteric, such as ✶✶✶✶✶✶✶✶ (unicode 6 pointed stars). Passwords should allow unicode stuff, obviously.
  3. Allow setting the password to the rogue value if not currently set, meaning you sent blank and not the rouge value, so the rouge value coming back means someone set it. This means the only limitation is changing from one password to the rouge value without unsetting it first - not a biggie (if documented).

* such as local control to a microcontroller that has limited capability to do https and limited capability to handle certificates. A problem we would all like to solve cleanly.

** And yes, I mean for those occasions where one cannot store a hash! They exist! WiFi passwords for one. But even when a hash, you need a way to know someone is trying to change the password, and this works for that too.

JLPCB

As some of you know I use JLCPCB a lot for my PCBs. Why not UK? We do use UK manufacturers for our FireBrick products, but for the small che...