Post by thread:[EE] Float charging Li-ion (18650) in series

Hi all, I want to build a small battery pack (self contained unit with charger and variable output power supply). The charging will most likely be from an input source of 5V (either 500mA USB source or 2A supply, but it shouldn't really matter since it's all going through a switching supply). The battery configuration will be 3 x 18650 Li-ion in series. The 18650s have a built in "protection circuit". I want to float charge these at around 4.1V, so is it just safe to line the batteries up in series and apply a steady 12.3V? Would I need 4.1V zener diodes across each of the batteries

Many of the answers from the prior LiIon charging threads apply. Current needs to be limited, of course, to the maximum allowed by the batteries used. Zeners are nowhere precise enough for balancing. A reference voltage controlled clamp (super zener) would be better. eg a TL431, opamp sectopn, clamp transisto and "glue" per cell. Small % of battery cost. If running at 4.1V you MAY get close enough to allowable termination voltage at some temperatures that charging termination is needed. (Cells charged above a certain voltage need to have charging stopped as charge current falls to some fraction of Ichgmax. Lowering Vcellmax to 4.0V would probably [tm] eliminate the need for this. You can get multi-cell balancing ICs BUT the above is easy, cheapish and would work OK. An easy termination system would be when all cell clamps are set to say 4.1V and all are clamped. With only 1 or 2 clamped charging continues. Russell On 18 June 2011 01:04, V G <spam_OUTx.solarwind.xTakeThisOuTgmail.com> wrote: {Quote hidden}> > Hi all, > > I want to build a small battery pack (self contained unit with charger and > variable output power supply). The charging will most likely be from an > input source of 5V (either 500mA USB source or 2A supply, but it shouldn't > really matter since it's all going through a switching supply). The battery > configuration will be 3 x 18650 Li-ion in series. The 18650s have a built in > "protection circuit". I want to float charge these at around 4.1V, so is it > just safe to line the batteries up in series and apply a steady 12.3V? Would > I need 4.1V zener diodes across each of the batteries? >

On Fri, Jun 17, 2011 at 9:27 AM, RussellMc <.....apptechnzKILLspam@spam@gmail.com> wrote: {Quote hidden}> Many of the answers from the prior LiIon charging threads apply. > > Current needs to be limited, of course, to the maximum allowed by the > batteries used. > > Zeners are nowhere precise enough for balancing. > A reference voltage controlled clamp (super zener) would be better. > eg a TL431, opamp sectopn, clamp transisto and "glue" per cell. Small > % of battery cost. > > If running at 4.1V you MAY get close enough to allowable termination > voltage at some temperatures that charging termination is needed. > (Cells charged above a certain voltage need to have charging stopped > as charge current falls to some fraction of Ichgmax. > Lowering Vcellmax to 4.0V would probably [tm] eliminate the need for this.. > > You can get multi-cell balancing ICs BUT the above is easy, cheapish > and would work OK. > > An easy termination system would be when all cell clamps are set to > say 4.1V and all are clamped. With only 1 or 2 clamped charging > continues. > > > > Russell > > Could you draw a simple schematic on how this "clamp" works? I'm not really understanding it

part 1 471 bytes content-type:text/plain; charset="iso-8859-1" (decoded quoted-printable) >> Could you draw a simple schematic on how this "clamp" works? I'm not really >> understanding it. Cct ex TI datasheet TL431 December 2005. R1, R2 set clamp voltage. 431 turning on turns on transistor and clamps voltage. Applying a very fully charged LiIon to this circuit may be exciting. Maybe not. Resistor in battery lead can be used - maybe 1 ohm, to reduce fun and games prospects. R part 2 15089 bytes content-type:image/jpeg; name="CCT TL431 shunt regulator.jpg" (decode) part 3 181 bytes content-type:text/plain; name="ATT00001.txt" (decoded base64) -- http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at mailman.mit.edu/mailman/listinfo/piclist

On Fri, Jun 17, 2011 at 12:06 PM, RussellMc <apptechnzKILLspamgmail.com> wrote: > >> Could you draw a simple schematic on how this "clamp" works? I'm not > really > >> understanding it. > > Cct ex TI datasheet > TL431 December 2005. > > R1, R2 set clamp voltage. > 431 turning on turns on transistor and clamps voltage. > > Applying a very fully charged LiIon to this circuit may be exciting. Maybe > not. > Resistor in battery lead can be used - maybe 1 ohm, to reduce fun and > games prospects. > > Would something like this work? Using the comparator across each battery? http://solarwind.byethost7.com/pic1.pn

On Sat, 18 Jun 2011 04:06 +1200, "RussellMc" wrote: > >> Could you draw a simple schematic on how this "clamp" works? I'm not really > >> understanding it. > > Cct ex TI datasheet > TL431 December 2005. > > R1, R2 set clamp voltage. > 431 turning on turns on transistor and clamps voltage. How large have you made the R1/R1 combination and still gotten decent voltage tolerance over "room" temperature range? The input bias current is rated at 2 to 4 uA +- 0.8 to 2.5 uA over temperature range 0 - 70. Lots better than a zener but maybe would drain the battery fairly quickly unless the R1/R2 pair was very high and then input bias current shift eats away at accuracy. Bob -- http://www.fastmail.fm - Access all of your messages and folders wherever you are

> How large have you made the R1/R1 combination and still gotten decent > voltage tolerance over "room" temperature range? > > The input bias current is rated at 2 to 4 uA +- 0.8 to 2.5 uA over > temperature range 0 - 70. > > Lots better than a zener but maybe would drain the battery fairly > quickly unless the R1/R2 pair was very high and then input bias current > shift eats away at accuracy. His app is a charger. Power will be on most of the time and even if off is not going to cause vast problems over charger residency type periods. 18650 LiIon are about 2000 mAh + . 1 mA drain at 24 hours = a bit over 1% capacity. 100 UA - ~0.1% 10 uA ... In order to avoid thinking about temperature compensation I suggested he move the voltage back another 0.1 V to 4V. This reduces capacity but (probably) allows simple float and greatly improves cycle life. Also avoids having to do current tail level triggered charge termination.

On Fri, Jun 17, 2011 at 1:44 PM, RussellMc <.....apptechnzKILLspam.....gmail.com> wrote: {Quote hidden}> > How large have you made the R1/R1 combination and still gotten decent > > voltage tolerance over "room" temperature range? > > > > The input bias current is rated at 2 to 4 uA +- 0.8 to 2.5 uA over > > temperature range 0 - 70. > > > > Lots better than a zener but maybe would drain the battery fairly > > quickly unless the R1/R2 pair was very high and then input bias current > > shift eats away at accuracy. > > His app is a charger. > Power will be on most of the time and even if off is not going to > cause vast problems over charger residency type periods. > > 18650 LiIon are about 2000 mAh + . > > 1 mA drain at 24 hours = a bit over 1% capacity. > 100 UA - ~0.1% > 10 uA ... > > In order to avoid thinking about temperature compensation I suggested > he move the voltage back another 0.1 V to 4V. > This reduces capacity but (probably) allows simple float and greatly > improves cycle life. > Also avoids having to do current tail level triggered charge termination. > > Okay so I figured out another mechanism to charge. Uses a few transistors, but simplifies the charging itself. I'm guessing many will find this design messy and unnecessary. Please comment. Here's my circuit: http://solarwind.byethost7.com/pic2.png The left side MOSFETs, when enabled, connect the batteries in series, allowing regular discharge. The right side MOSFETs and BJTs, when enabled, do a parallel current limited charge up to 4V. As far as I know, the BJTs won't allow the batteries to charge each other when the BJTs are disabled. When they are enabled, the batteries are charging anyway. My only concern with this design is reverse biasing the BJTs and the batteries charging each other when in parallel charge mode. I plan to use SOT-23 transistors to keep it small. Battery discharge I'm guessing will be maximum 1A (to charge my iPhone). Battery charge will be around 2A per cell

On Fri, Jun 17, 2011 at 3:05 PM, V G <EraseMEx.solarwind.xspam_OUTTakeThisOuTgmail.com> wrote: {Quote hidden}> On Fri, Jun 17, 2011 at 1:44 PM, RussellMc <apptechnzspam_OUTgmail.com> wrote: > >> > How large have you made the R1/R1 combination and still gotten decent >> > voltage tolerance over "room" temperature range? >> > >> > The input bias current is rated at 2 to 4 uA +- 0.8 to 2.5 uA over >> > temperature range 0 - 70. >> > >> > Lots better than a zener but maybe would drain the battery fairly >> > quickly unless the R1/R2 pair was very high and then input bias current >> > shift eats away at accuracy. >> >> His app is a charger. >> Power will be on most of the time and even if off is not going to >> cause vast problems over charger residency type periods. >> >> 18650 LiIon are about 2000 mAh + . >> >> 1 mA drain at 24 hours = a bit over 1% capacity. >> 100 UA - ~0.1% >> 10 uA ... >> >> In order to avoid thinking about temperature compensation I suggested >> he move the voltage back another 0.1 V to 4V. >> This reduces capacity but (probably) allows simple float and greatly >> improves cycle life. >> Also avoids having to do current tail level triggered charge termination.. >> >> > > Okay so I figured out another mechanism to charge. Uses a few transistors, > but simplifies the charging itself. > > I'm guessing many will find this design messy and unnecessary. Please > comment. > > Here's my circuit: http://solarwind.byethost7.com/pic2.png > > The left side MOSFETs, when enabled, connect the batteries in series, > allowing regular discharge. > > The right side MOSFETs and BJTs, when enabled, do a parallel current > limited charge up to 4V. As far as I know, the BJTs won't allow the > batteries to charge each other when the BJTs are disabled. When they are > enabled, the batteries are charging anyway. My only concern with this design > is reverse biasing the BJTs and the batteries charging each other when in > parallel charge mode. > > I plan to use SOT-23 transistors to keep it small. Battery discharge I'm > guessing will be maximum 1A (to charge my iPhone). Battery charge will be > around 2A per cell. > Whoops, just noticed that my NPNs should be low side. Will fix now

On Fri, Jun 17, 2011 at 3:07 PM, V G <@spam@x.solarwind.xKILLspamgmail.com> wrote: {Quote hidden}> On Fri, Jun 17, 2011 at 3:05 PM, V G <KILLspamx.solarwind.xKILLspamgmail.com> wrote: > >> On Fri, Jun 17, 2011 at 1:44 PM, RussellMc <RemoveMEapptechnzTakeThisOuTgmail.com> wrote: >> >>> > How large have you made the R1/R1 combination and still gotten decent >>> > voltage tolerance over "room" temperature range? >>> > >>> > The input bias current is rated at 2 to 4 uA +- 0.8 to 2.5 uA over >>> > temperature range 0 - 70. >>> > >>> > Lots better than a zener but maybe would drain the battery fairly >>> > quickly unless the R1/R2 pair was very high and then input bias current >>> > shift eats away at accuracy. >>> >>> His app is a charger. >>> Power will be on most of the time and even if off is not going to >>> cause vast problems over charger residency type periods. >>> >>> 18650 LiIon are about 2000 mAh + . >>> >>> 1 mA drain at 24 hours = a bit over 1% capacity. >>> 100 UA - ~0.1% >>> 10 uA ... >>> >>> In order to avoid thinking about temperature compensation I suggested >>> he move the voltage back another 0.1 V to 4V. >>> This reduces capacity but (probably) allows simple float and greatly >>> improves cycle life. >>> Also avoids having to do current tail level triggered charge termination. >>> >>> >> >> Okay so I figured out another mechanism to charge. Uses a few transistors, >> but simplifies the charging itself. >> >> I'm guessing many will find this design messy and unnecessary. Please >> comment. >> >> Here's my circuit: http://solarwind.byethost7.com/pic2.png >> >> The left side MOSFETs, when enabled, connect the batteries in series, >> allowing regular discharge. >> >> The right side MOSFETs and BJTs, when enabled, do a parallel current >> limited charge up to 4V. As far as I know, the BJTs won't allow the >> batteries to charge each other when the BJTs are disabled. When they are >> enabled, the batteries are charging anyway. My only concern with this design >> is reverse biasing the BJTs and the batteries charging each other when in >> parallel charge mode. >> >> I plan to use SOT-23 transistors to keep it small. Battery discharge I'm >> guessing will be maximum 1A (to charge my iPhone). Battery charge will be >> around 2A per cell. >> > > Whoops, just noticed that my NPNs should be low side. Will fix now. > Updated and much more simplified circuit. http://solarwind.byethost7.com/pic3.png<http://solarwind.byethost7.com/pic2..png> I don't know if the series MOSFETs on the left are correctly oriented and if they'll safely let current flow when enabled. Are they even biased correctly

On Fri, Jun 17, 2011 at 3:15 PM, V G <TakeThisOuTx.solarwind.xEraseMEspam_OUTgmail.com> wrote: > On Fri, Jun 17, 2011 at 3:14 PM, V G <RemoveMEx.solarwind.xTakeThisOuTgmail.com> wrote: > >> >> Updated and much more simplified circuit. >> >> http://solarwind.byethost7.com/pic3.png<http://solarwind.byethost7.com/pic2.png> >> >> I don't know if the series MOSFETs on the left are correctly oriented and >> if they'll safely let current flow when enabled. Are they even biased >> correctly? >> > > Whoops. GMail link issue. > > Updated link: > > http://solarwind.byethost7.com/pic3.png > <http://solarwind.byethost7.com/pic3.png%20> > GMail continues to give me link issues. http://solarwind.byethost7.com/pic3.png Should work

On Fri, Jun 17, 2011 at 3:22 PM, Bob Blick <bobblickEraseME.....ftml.net> wrote: > On Fri, 17 Jun 2011 15:15 -0400, "V G" wrote: > > > http://solarwind.byethost7.com/pic3.png > > Any chance of using flickr or someplace that I would actually trust to > click on? And I don't mean postimage, either :) > Seriously? I can never do anything right, can I? People were complaining about postimage, so I registered for a free, trusted webhost. That link is perfectly fine. It's my webhost. What's the difference between that link and an attachment (if I were to have attached it)? You can trust it as much as you can trust the attachments here from anyone

solarwind.byethost7.com/pic2.png was better than 3... 3 is all shorted to 4 V no more series circuit if you haven't noticed... On Fri, Jun 17, 2011 at 12:17 PM, V G <EraseMEx.solarwind.xgmail.com> wrote: {Quote hidden}> On Fri, Jun 17, 2011 at 3:15 PM, V G <RemoveMEx.solarwind.xEraseMEEraseMEgmail.com> wrote: > > > On Fri, Jun 17, 2011 at 3:14 PM, V G <RemoveMEx.solarwind.xspam_OUTKILLspamgmail.com> wrote: > > > >> > >> Updated and much more simplified circuit. > >> > >> http://solarwind.byethost7.com/pic3.png< > http://solarwind.byethost7.com/pic2.png> > >> > >> I don't know if the series MOSFETs on the left are correctly oriented > and > >> if they'll safely let current flow when enabled. Are they even biased > >> correctly? > >> > > > > Whoops. GMail link issue. > > > > Updated link: > > > > http://solarwind.byethost7.com/pic3.png > > <http://solarwind.byethost7.com/pic3.png%20> > > > > GMail continues to give me link issues. > > http://solarwind.byethost7.com/pic3.png > > Should work. >

On Fri, 17 Jun 2011 15:30 -0400, "V G" wrote: > > Seriously? > > I can never do anything right, can I? People were complaining about > postimage, so I registered for a free, trusted webhost. I didn't mean to suggest you had done anything wrong. Looking at "byethost7" doesn't inspire me to think "trusted". Still doesn't. > That link is perfectly fine. It's my webhost. What's the difference > between > that link and an attachment (if I were to have attached it)? Besides the technical difference of one being served by an unknown(to me) host and the the other coming from your computer through email? That's enough for me. But I take your point, you moved from postimage to something better. I didn't recognize the name. Maybe later I'll look at the link from a Linux box. But on a work Windows machine, I don't click links I'm unsure about. Cheers, Bob -- http://www.fastmail.fm - One of many happy users: http://www.fastmail.fm/docs/quotes.html

Problem I see with your serial discharge parallel charge approach is that now you don't have the full supply voltage anymore while charging, of course you are avoiding the need for a step up in your charger and that is nice... On Fri, Jun 17, 2011 at 1:00 PM, Tobias Gogolin <EraseMEusertogospamspamBeGonegmail.com> wrote: {Quote hidden}> http://solarwind.byethost7.com/pic2.png was better than 3... > 3 is all shorted to 4 V no more series circuit if you haven't noticed... > > On Fri, Jun 17, 2011 at 12:17 PM, V G <RemoveMEx.solarwind.xKILLspamgmail.com> wrote: > >> On Fri, Jun 17, 2011 at 3:15 PM, V G <x.solarwind.xSTOPspamspam_OUTgmail.com> wrote: >> >> > On Fri, Jun 17, 2011 at 3:14 PM, V G <spamBeGonex.solarwind.xSTOPspamEraseMEgmail.com> wrote: >> > >> >> >> >> Updated and much more simplified circuit. >> >> >> >> http://solarwind.byethost7.com/pic3.png< >> http://solarwind.byethost7.com/pic2.png> >> >> >> >> I don't know if the series MOSFETs on the left are correctly oriented >> and >> >> if they'll safely let current flow when enabled. Are they even biased >> >> correctly? >> >> >> > >> > Whoops. GMail link issue. >> > >> > Updated link: >> > >> > http://solarwind.byethost7.com/pic3.png >> > <http://solarwind.byethost7.com/pic3.png%20> >> > >> >> GMail continues to give me link issues. >> >> http://solarwind.byethost7.com/pic3.png >> >> Should work. >> -

On 17/06/2011 21:03, Bob Blick wrote: > But I take your point, you moved from postimage to something better. I > didn't recognize the name. Maybe later I'll look at the link from a > Linux box. But on a work Windows machine, I don't click links I'm unsure > about. That's fine But Firefox "attack site" feature is quite good. Also then add the "noscript" plugin Work machines you have to have whatever they give you often. What VG/Solarwind has now seems fine. Though I'd switch off Directory browsing. Put a simple index.html in your root NO-ONE should be able to see or read the .htaccess file permissions 644?

On Fri, Jun 17, 2011 at 5:37 PM, V G <@spam@x.solarwind.x@spam@spam_OUTgmail.com> wrote: > On Fri, Jun 17, 2011 at 5:23 PM, Michael Watterson <spamBeGonemikeKILLspamradioway.org>wrote: > >> That's fine >> >> But Firefox "attack site" feature is quite good. >> >> Also then add the "noscript" plugin >> >> Work machines you have to have whatever they give you often. >> >> What VG/Solarwind has now seems fine. >> >> Though I'd switch off Directory browsing. Put a simple index.html in >> your root >> > > Oh yeah, forgot about that. Thanks. > I put the .htaccess in there to turn off cache, because images get cached and I need to update stuff sometimes. Maybe I'll turn it off at some point

On 6/17/2011 3:30 PM, V G wrote: > On Fri, Jun 17, 2011 at 3:22 PM, Bob Blick<.....bobblickspam_OUTftml.net> wrote: > >> On Fri, 17 Jun 2011 15:15 -0400, "V G" wrote: >> >>> http://solarwind.byethost7.com/pic3.png >> Any chance of using flickr or someplace that I would actually trust to >> click on? And I don't mean postimage, either :) >> > Seriously? > > I can never do anything right, can I? People were complaining about > postimage, so I registered for a free, trusted webhost. > > That link is perfectly fine. It's my webhost. What's the difference between > that link and an attachment (if I were to have attached it)? > > You can trust it as much as you can trust the attachments here from anyone. The links are not fine, it tried to hijack my browser to who knows where. It activated my no-script protection to the point of popping up a dialog asking me to report this. Use flickr, it's trusted.

On Fri, Jun 17, 2011 at 6:07 PM, Andrew Herdman <TakeThisOuTandrew.....TakeThisOuTwhine.com> wrote: > The links are not fine, it tried to hijack my browser to who knows > where. It activated my no-script protection to the point of popping up > a dialog asking me to report this. > > Use flickr, it's trusted. > Haha. That made me chuckle a little. Then it pissed me off. Flickr my ass. I don't trust anything that replaces an -er with an -r. If my links caused your browser/os to go haywire, then the fault lies with your operating system. Get better security and stop blaming the world for your viruses, security holes, etc. I heard Linux/BSD/QNX offer great security

On Fri, Jun 17, 2011 at 8:30 PM, V G <.....x.solarwind.xRemoveMEgmail.com> wrote: > That link is perfectly fine. It's my webhost. What's the difference between > that link and an attachment (if I were to have attached it)? > > You can trust it as much as you can trust the attachments here from anyone. > It is not about the link if the DNS resolves the address or not or the webs server transfers the file or not. It is about net hygiene. First of all not all clicks on all type of links whatever is posted for various security reasons. Secondly not all web hosting services providing sufficient protection against getting compromised -- so even if we know you have set up that site and we trust you, we cannot be sure if your web site is still intact or compromised. Maybe yes maybe not -- and that is the principle, does not matter which one. We trust more on a big names that are less likely to taken over control by a hacker... Now the serious side: This bytehost7.com was created on Feb 2011, fairly new. The whois database does not show correct owner information, and I have checked with our ThreatSeeker Network and it shows that the IP address shares with many malicious web sites (over 4k sites I am talking about!), and the IP is blocked! I would delete my account from this hosting service straight away and buy one from a trusted company instead... Tamas >

On 6/17/2011 6:31 PM, V G wrote: > On Fri, Jun 17, 2011 at 6:07 PM, Andrew Herdman<RemoveMEandrewspamBeGonewhine.com> wrote: > >> The links are not fine, it tried to hijack my browser to who knows >> where. It activated my no-script protection to the point of popping up >> a dialog asking me to report this. >> >> Use flickr, it's trusted. >> > Haha. That made me chuckle a little. > > Then it pissed me off. > > Flickr my ass. I don't trust anything that replaces an -er with an -r. > > If my links caused your browser/os to go haywire, then the fault lies with > your operating system. Get better security and stop blaming the world for > your viruses, security holes, etc. I heard Linux/BSD/QNX offer great > security. So I don't think anyone here actually cares if you trust something that removes an e from their name. Flickr has a reputation to maintain, bytehost7 has no such reputation, and has already shown to be malicious. You're posting links to thousands of people asking them for their help on your projects, putting their systems at risk, no matter what OS they choose to use is disrespectful to all the people that have contributed to your continued learning process. I'd also like to point out, that I only dabble in electronics. I am however a professional Systems and Network Designer for the past 18 years. I have designed and implemented secure and trusted systems for governments and businesses in several parts of the world. I have deployed hundreds of Linux systems, many FBSD, many Solaris systems in my history. I do use MS for my laptop OS for several reasons, mostly business ones. That aside, the script that tripped up Firefox and no-script would have tripped up Firefox on Linux, FBSD, Solaris etc... If you wish to continue to erode your station on this list, feel free to ignore the comments of others on this list who are much better known for their calm and rational statements. If you have nothing pleasant or useful to say to this response, feel free to just delete it. Andrew

This left the topic a long time ago, but I don't understand what you guys are afraid of, the link goes straight to a png, not an executable, its very simple to verify that with virtually any browser; are you guys claiming they are trying to exploit some kind of weakness in the png display plugin of some browser or what? On Fri, Jun 17, 2011 at 3:44 PM, Tamas Rudnai <spamBeGonetamas.rudnai@spam@spam_OUTgmail.com>wrote: {Quote hidden}> On Fri, Jun 17, 2011 at 8:30 PM, V G <TakeThisOuTx.solarwind.xspamgmail.com> wrote: > > > That link is perfectly fine. It's my webhost. What's the difference > between > > that link and an attachment (if I were to have attached it)? > > > > You can trust it as much as you can trust the attachments here from > anyone. > > > > It is not about the link if the DNS resolves the address or not or the webs > server transfers the file or not. It is about net hygiene. > > First of all not all clicks on all type of links whatever is posted for > various security reasons. Secondly not all web hosting > services providing sufficient protection against getting compromised -- so > even if we know you have set up that site and we trust you, we cannot be > sure if your web site is still intact or compromised. Maybe yes maybe not > -- > and that is the principle, does not matter which one. We trust more on a > big > names that are less likely to taken over control by a hacker... > > Now the serious side: > This bytehost7.com was created on Feb 2011, fairly new. The whois database > does not show correct owner information, and I have checked with our > ThreatSeeker Network and it shows that the IP address shares with many > malicious web sites (over 4k sites I am talking about!), and the IP is > blocked! I would delete my account from this hosting service straight away > and buy one from a trusted company instead... > > Tamas > > > > > > > --

On Fri, Jun 17, 2011 at 7:20 PM, Tobias Gogolin <usertogoEraseMEgmail.com> wrote: > This left the topic a long time ago, but I don't understand what you guys > are afraid of, the link goes straight to a png, not an executable, its very > simple to verify that with virtually any browser; are you guys claiming > they > are trying to exploit some kind of weakness in the png display plugin of > some browser or what? > That's exactly what I'm saying. There's virtually no harm to their systems by clicking a link. If your system is sufficiently secured, clicking a link will NOT harm it in any way

On Fri, Jun 17, 2011 at 6:44 PM, Tamas Rudnai <RemoveMEtamas.rudnaiEraseMEspam_OUTgmail.com>wrote: {Quote hidden}> It is not about the link if the DNS resolves the address or not or the > webs > server transfers the file or not. It is about net hygiene. > > First of all not all clicks on all type of links whatever is posted for > various security reasons. Secondly not all web hosting > services providing sufficient protection against getting compromised -- so > even if we know you have set up that site and we trust you, we cannot be > sure if your web site is still intact or compromised. Maybe yes maybe not > -- > and that is the principle, does not matter which one. We trust more on a > big > names that are less likely to taken over control by a hacker... > > Now the serious side: > This bytehost7.com was created on Feb 2011, fairly new. The whois database > does not show correct owner information, and I have checked with our > ThreatSeeker Network and it shows that the IP address shares with many > malicious web sites (over 4k sites I am talking about!), and the IP is > blocked! I would delete my account from this hosting service straight away > and buy one from a trusted company instead... > > Tamas > It doesn't matter. I'm only asking for people to view an image. What are you afraid of? Seriously. Tell me. Doesn't matter where the image came from. If your computer somehow becomes compromised from viewing an image, you have to question the security of your own machine. Not that of the server

On Fri, Jun 17, 2011 at 6:29 PM, V G <@spam@x.solarwind.xRemoveMEEraseMEgmail.com> wrote: > On Fri, Jun 17, 2011 at 7:20 PM, Tobias Gogolin <EraseMEusertogo@spam@gmail.com> wrote: > >> This left the topic a long time ago, but I don't understand what you guys >> are afraid of, the link goes straight to a png, not an executable, its very >> simple to verify that with virtually any browser; are you guys claiming >> they >> are trying to exploit some kind of weakness in the png display plugin of >> some browser or what? >> > > That's exactly what I'm saying. There's virtually no harm to their systems > by clicking a link. If your system is sufficiently secured, clicking a link > will NOT harm it in any way. Some links are more prestigious than others. When I mail boring intranet links to my coworkers, I make sure to use this service: http://www.shadyurl.com/ Regards, Mark markrages@gmai

On Fri, Jun 17, 2011 at 6:30 PM, V G <@spam@x.solarwind.xspam_OUT.....gmail.com> wrote: {Quote hidden}> On Fri, Jun 17, 2011 at 6:44 PM, Tamas Rudnai <spamBeGonetamas.rudnaiEraseMEgmail.com>wrote: > >> It is not about the link if the DNS resolves the address or not or the >> webs >> server transfers the file or not. It is about net hygiene. >> >> First of all not all clicks on all type of links whatever is posted for >> various security reasons. Secondly not all web hosting >> services providing sufficient protection against getting compromised -- so >> even if we know you have set up that site and we trust you, we cannot be >> sure if your web site is still intact or compromised. Maybe yes maybe not >> -- >> and that is the principle, does not matter which one. We trust more on a >> big >> names that are less likely to taken over control by a hacker... >> >> Now the serious side: >> This bytehost7.com was created on Feb 2011, fairly new. The whois database >> does not show correct owner information, and I have checked with our >> ThreatSeeker Network and it shows that the IP address shares with many >> malicious web sites (over 4k sites I am talking about!), and the IP is >> blocked! I would delete my account from this hosting service straight away >> and buy one from a trusted company instead... >> >> Tamas >> > > It doesn't matter. I'm only asking for people to view an image. What are you > afraid of? Seriously. Tell me. > > Doesn't matter where the image came from. If your computer somehow becomes > compromised from viewing an image, you have to question the security of your > own machine. Not that of the server. But a malicious server can serve any MIME type to a URL ending in ..png. On the web, the extension is not used to determine file type. -- Mark Rages, Engineer Midwest Telecine LLC markragesspamBeGonemidwesttelecine.com

On Fri, Jun 17, 2011 at 7:41 PM, V G <.....x.solarwind.x@spam@EraseMEgmail.com> wrote: > On Fri, Jun 17, 2011 at 7:37 PM, Mark Rages <.....markragesRemoveMEgmail.com> wrote: > >> But a malicious server can serve any MIME type to a URL ending in >> .png. On the web, the extension is not used to determine file type. >> > > You're absolutely right, but no computer that's not a shitty winbloze 98 > machine will automatically execute something off the Internet. It would at > least need to be through a plugin of some sort which would at least warn you > first. > I agree that certain holes can be taken advantage of (specifically, I am reminded of the early iPhone jailbreak exploits which used an image/buffer overrun technique to execute code on the client), but those are very rare, obscure, and specific to the target. Also, Apple's proprietary crappy code was to blame. This rarely happens or is patched extremely quickly on popular open source software such as Firefox. Honestly, I do a LOT of risky things on my winbloze box, but I have a solid web browser and good anti virus and I've never had problems of any sort

Gentlemen, and others. Please. Please move discussion to [OT] *immediately* when it is no longer relevant to original and to [EE] tag. (Please) keep childish behaviour, technical-religion, operating system and network security discussions out of [EE]. Where material is still [EE] relevant but subject changes please change subject line. But, please do not rewrite subject lines just for the heck of it. Childish abusive language*, adhominem attack and general rowdy behaviour with no useful purpose apart from making the poster feel good and important while making them look silly to everyone else, should be avoided. _______________ Addenda / Corregatum / Effluvium: This got unnecessarily out of hand and it was very obvious where it was going but people kept feeding it in little saunters towards disaster. As a first step - if / once the subject changes from the excellent technical one it started with (even though here all the batteries ended up fatally hard shorted positive to positive all round) then plea... , no, just *** change the tag to [OT] when the subject is no longer relevant *** Here we went from a battery charger to file hosting (use dropbox?) to hosting security to O/S religion mixed with childish behaviour. Where we can't grow up, and where the subject is drastically and manifestly not related to the original or to the [EE] tag, please be not grown up in [OT] where we can stamp on the stupidities with relative impunity and not sully Scott and Xiofan's worlds. Russell * There is no adult abusive language :-

On 17/06/2011 23:31, V G wrote: >> The links are not fine, it tried to hijack my browser to who knows >> > where. It activated my no-script protection to the point of popping up >> > a dialog asking me to report this. >> > >> > Use flickr, it's trusted. >> > > Haha. That made me chuckle a little. > > Then it pissed me off. > > Flickr my ass. I don't trust anything that replaces an -er with an -r. > > If my links caused your browser/os to go haywire, then the fault lies with > your operating system. Get better security and stop blaming the world for > your viruses, security holes, etc. I heard Linux/BSD/QNX offer great > security. Because there is stupid stuff in the .htaccess I use Linux since 1999 and Unix since 1986. It's mythical that it's more secure. I've never had to re-install Windows XP on this laptop in 9 years. Using it on Internet all that time. If links do strange stuff it's your site, not his browser or OS

Whatever, man. This pissing contest is over. Please stay on topic. On Saturday, June 18, 2011, Michael Watterson <mikespam_OUT@spam@radioway.org> wrote: > On 18/06/2011 00:41, V G wrote: >> You're absolutely right, but no computer that's not a shitty winbloze 98 >> machine will automatically execute something off the Internet. It would at >> least need to be through a plugin of some sort which would at least warn you >> first. > > Wrong. > > Though such behaviour would be unusual, it's not unknown. > > That's why I check my computer with silentrunners.vbs -all from > http://www.silentrunners.org occasionally. >