Frequently Asked Questions

 

General

Why does HobbyMetrix use PayPal?
Do I need a PayPal account to buy from HobbyMetrix?
Which credit cards does HobbyMetrix/PayPal accept (for online purchases)?
I heard that PayPal was hacked - are you sure they're safe?
What are the characteristics of the PayPal vulnerability - how would I know if I was a victim?
What personal information does HobbyMetrix collect, and how is it used?

 

Technical

In YADRO Step 4, my DC/DC converter voltages are different - is something wrong?
What does RoHS Compliant mean?

 

 

GENERAL
 

 

Q.

Why does HobbyMetrix use PayPal?

   
A.

PayPal is one of the most widely recognized online payment systems in use today - probably, the most widely used. According to a February 2006 press release issued by PayPal, it has surpassed the 100 million account mark across 55 markets worldwide ... and in that same press release, it states that in 2005 it processed more than $27 billion in total payment volume. By taking advantage of PayPal's flexible and economical merchant services, HobbyMetrix can offer a wide variety of online payment options and still keep its prices down.

We also know that Privacy and Security are likely to be high priorities for the majority of our customers. By using PayPal, we specifically and purposely avoid becoming privy to any of your personal financial/banking information. That information is never disclosed to us during the transaction process and therefore, it can never be stored on our systems.

PayPal is a well-established commercial entity which specializes in online transactions - they have the wherewithall to monitor Privacy and Security trends, and the resources to implement whatever systems are required to keep pace with current regulations. Clearly, PayPal is an industry leader and is trusted by millions of users worldwide; we hope our decision to use PayPal gives you some piece of mind when purchasing from us online.

top ]

 

 
Q. Do I need a PayPal account to buy from HobbyMetrix?
   
A.

No - a PayPal account is not required.. The PayPal merchant system accepts regular online credit card payments without the need to have a PayPal account. If you are nervous about online transactions in general, we certainly respect that and will be happy to accept a Money Order from you. Click [here] for all of the details you need to know to send us a Money Order (i.e. who to make it out to, where to mail it, and how to submit your order).

top ]

 

 
Q.

Which credit cards does HobbyMetrix/PayPal accept (for online purchases)?

   
A.

By using PayPal to process online transactions, HobbyMetrix is able to accept payments from any of the major credit cards (VISA, Master Card, American Express, Discover), eCHECK, and most debit cards from the major banks. For a complete listing of current options, click [here] to visit PayPal's site for the latest information. You do not need a PayPal account in order to pay online using any one of these cards. Of course, if you do have a PayPal account and you wish to use it, that's fine too.

top ]

 

 
Q. I heard that PayPal was hacked - are you sure they're safe?
   
A.

We are not online security experts, so please understand that the following information is provided as a "public service" only. It is certainly not our intention to encourage you to do anything that you are not comfortable with - but we do feel compelled to provide the best information we can, so that you can make an informed decision on your own. We have done our best to research various reports of PayPal vulnerabilities and exploits, and this is what we've determined for ourselves ...

It appears that the PayPal site may have been vulnerable to some form of cross-site scripting exploit from as far back as December 2004 - so the recent buzz about the vulnerability itself is really nothing new. But, by the apparent lack of any reports to the contrary, it would seem that no one figured out how to exploit it successfully until now. The good news is that once PayPal became aware of a fraudulent scheme exploiting the vulnerability, they worked quickly to address the problem. To the best of our knowledge, the vulnerability has been taken care of, and it should be safe to use PayPal.

As we mentioned in the previous question/answer, we are quite happy to accept a Money Order from anyone who is at all concerned about online transactions. Click [here] for all of the details you need to know to send us a Money Order (i.e. who to make it out to, where to mail it, and how to submit your order).

top ]

 

 
Q. What are the characteristics of the PayPal vulnerability - how would I know if I was a victim?
   
A.

Again, we do not profess to be online security experts - but we'll do our best to give you a heads-up about the recent scam. A really short description of the problem, is that it tricks the user into a false sense of security by injecting fraudulent code into an otherwise legitimate PayPal session. For those of you who are a little more technically curious, read on ...

The session does indeed show that it is using SSL to encrypt any data exchanged with the site, and a valid 256-bit SSL certificate is be presented to prove that the site belongs to PayPal. But additional malicious code is injected into the page using a method known as cross-site scripting.

The fraudulent message indicates that "Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Centre." But, the target of the redirection is actually on an external server (hosted in Korea), and it is a fake PayPal login page. The whole process is quite impressively deceiving - there really is very little to indicate that it is not legitimate.

When you reach the "Resolution Center" and you log in through what appears to be a PayPal sign-in process, the malicious page is actually harvesting your login and password. The fake Resolution Centre goes on to ask you for additional personal information (supposedly for verification purposes, so that your "account restrictions" can be removed), and if you continue through the entire process, the theives will end up harvesting such personal details as your social security number, credit card number, expiration date, verification digits, and your debit/ATM PIN.

This type of scam is difficult to detect. E-mail "phishing" scams are generally easier to spot, since there is more public awareness about them and they typically contain some tell-tale clues. But as you can see from the description above, the cross-site injection technique makes this one essentially transparent.

The only thing we can suggest to help protect yourself, is to always be extremely cautious when giving out your personal information. In the case of PayPal (or other online financial institutions), if anything out of the ordinary happens, you should contact them directly using a known method other than the automatic one provided. This is similar to the safety technique used to guard against "phishing" e-mails. PayPal has often indicated that when contacting clients about account concerns, they will never provide an automatic login link within the message (because it would be too easy for fraudsters to imitate such messages, and use a fake link). So, in the case of some unexpected messages during a login session, we would suggest that you contact PayPal directly by e-mail or phone, to confirm the legitimacy of the issue.

top ]

 

 
Q. What personal information does HobbyMetrix collect, and how is it used?
   
A.

The specific information we collect about a visitor/customer varies depending on the nature of the contact. For instance, if you send us an email, we will obviously know what your e-mail address is; when you purchase something from us, we will become privy to address information as well. That's all pretty much common sense.

Integrity, honesty, and fairness are very much core values at HobbyMetrix. Remember, we are a small family-run business and we take your trust to heart. On a personal level, we hate spam, unsolicited call-center phone calls at meal time, and other similar abuses of contact information - so we would never knowingly perpetrate any such abuse on you. We do not intend to sell, rent, trade, or otherwise disclose our database (i.e. containing your contact information) to any third parties.

In the course of doing business, it may be necessary to share some contact information with our suppliers/partners (i.e. for warranty purposes, to comply with licensing requirements, etc.). In all such cases, we will actively limit the amount of information shared to only what is required.

From time to time, when we sincerely believe we have something of value and interest to share with you, we may elect to contact you (by e-mail, or regular mail). We will not continuously spam you (remember, we hate spam too). If, at any time, you decide that you no longer wish to receive communications from us, simply let us know. Rest assured that your wishes will be respected. (Did we mention that we hate spam too?)

top ]

TECHNICAL
 

 

Q. In YADRO Step 4, my DC/DC converter voltages are different - is something wrong?
   
A.

Chances are - probably not.

It has come to our attention that if you are experienced in electronics and you assemble the complete YADRO PCB before measuring the test point voltages, you will measure everything as expected.

However, if you assemble only each section and then check voltages as you proceed (per Nick's instructions), you will see some different voltages at Step 4.  Test voltages V2:1, V2:2 and V2:3 will read higher than 5v and V2:4 will read 0v.

The reason is that some European parts, originally specified by Nick, are difficult to obtain in North America. Consequently, we sourced equivalent parts; but there are some minor differences in the specifications. Mainly, the DC/DC converter will allow up to 7v output (instead of 5v as noted by Nick) if the MAX232 (or equivalent chip) and the Opto Isolators are not yet inserted.

Here is a more detailed explanation ...

Anyone who follows each of Nick's steps, and tests as they go, will see these higher voltages. Those who just forge ahead and build the entire board before testing will measure voltages in line with Nick's test point diagram. We have only had a few people report this - so most folks must be building completely before testing.

Nick wrote up his assembly and test procedures based on components which were readily available in Germany. Sourcing identical parts in North America turned out to be either difficult or much more costly - which would have driven the kit prices higher than necessary.  GHB, our consulting firm, has over 36 years experience in design, so all of the parts we substituted are from reputable vendors. However, the DC/DC converter we include does not hold its regulation tight without a load. The output can rise to nearly 7v. Apparently, the type Nick used did hold at 5v without load - so they must have included a small "dummy load" inside (see further comments below).

The manufacturer's data sheet, for the converter, says no serious harm will result from brief operation without a load - but you do need a minimum of 20ma load for it to operate correctly. If the MAX232 (or equivalent) is not plugged in, you will not have much of a load from only the 3N36 opto-isolators.  And if the optos are not plugged in either, you'll have (basically) no load at all. The DC/DC converters work on a similar basis to PC switching power supplies - which also need a load in order to operate within spec.

Of course, arguments exist for both approaches.  Without the included load, the voltage can rise beyond the spec.  With the load, the voltage stays in spec but the load reduces the device's capacity to serve up its full current rating to the chips/circuit it's powering. It's sort of a "pick your poison" choice.

If you encounter this situation during testing, there are two ways to proceed. You can plug in the opto devices and the MAX232 chip and re-test. Or, you can temporarily put a 100ohm or a 150ohm (50ma/33ma) load across the output of the DC/DC converter for testing.

Test voltage V2:4 is generated inside the MAX232 chip to provide one side of the balanced voltages needed for the RS-232 serial connection to the PC.  Consequently, V2:4 cannot be measured until the chip is inserted.

Again, all the kit parts are first quality, from reputable vendors, and this behaviour is expected and correct for the situation. It is just something to be aware of when building and testing.

top ]

 

 

 

Q.

What does RoHS Compliant mean?

   
A.

The short answer is - lead free. If you are interested in more detail, read on ...

In its continued effort to control potentially hazardous substances and manage waste, the European Parliament and the Council of the European Union have enacted two directives which are known as WEEE (Waste from Electrical and Electronic Equipment) and RoHS (Restriction of Hazardous Substances). These regulations are effective as of July 1st, 2006 and they only affect European member countries - for the moment. However, similar legislation is being enacted elsewhere and it will gradually spread to most parts of the world.

Since HobbyMetrix' main market is in North America, we could have avoided the issue until it became a problem for us. But, while we may not always agree with all of the politicians' solutions to the world's problems, we fundamentally support being responsible in managing the world's fragile resources. So, early on, we made a conscious decision to begin our new business on the right foot - by carrying as many RoHS compliant products as possible.

Sourcing RoHS Compliant parts (specifically for YADRO) took a little longer than we first expected and it delayed our official opening, but we did succeed in putting together a parts kit which is lead free. We hope you will be pleased that we made the effort.

As we add new products, we may not always be able to obtain compliant parts at first, but we will continue to monitor the supply chain and will switch as soon as the manufacturers make lead-free versions available.

For even more details on WEEE and RoHS, you can begin a long journey with these two links:

EUROPA - Waste Electrical and Electronic Equipment

WIKIPEDIA - Restriction of Hazardous Substances Directive

top ]