summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhellekin <hellekin@dyne.org>2016-08-02 10:31:40 +0000
committerhellekin <hellekin@dyne.org>2016-08-02 10:31:40 +0000
commit0bc011547b9a6d679925c278dbecced6c5b4969f (patch)
treec2f2a306925830928a8f4d9408a24d399d4b5ceb
parentfa1ec59f515e6159594f007e6ced5aefdd878001 (diff)
downloadwww-0bc011547b9a6d679925c278dbecced6c5b4969f.tar.gz
www-0bc011547b9a6d679925c278dbecced6c5b4969f.tar.bz2
www-0bc011547b9a6d679925c278dbecced6c5b4969f.zip
Introduce ASN.1 bug
-rw-r--r--content/0021-migrating-away-from-eagle-to-kicad.html75
1 files changed, 54 insertions, 21 deletions
diff --git a/content/0021-migrating-away-from-eagle-to-kicad.html b/content/0021-migrating-away-from-eagle-to-kicad.html
index 5ef0f58..37a4987 100644
--- a/content/0021-migrating-away-from-eagle-to-kicad.html
+++ b/content/0021-migrating-away-from-eagle-to-kicad.html
@@ -21,15 +21,30 @@
<h2>Contents</h2>
+ <p>Before jumping to Neo900 project updates since June, and our main
+ feature, we'd like to share with you a recent vulnerability
+ disclosure which shows the value of separating the telephony stack
+ from the rest of the system.</p>
+
<ol>
<li><a href="#asn1-vulnerability">ASN.1 Vulnerability</a></li>
<li><a href="#more-n900-sourcing">More N900 Sourcing</a></li>
<li><a href="#neo900-whitepapers">Whitepapers Update</a></li>
- <li><a href="#feature">From Eagle to KiCad</a><li>
+ <li><a href="#feature">From Eagle to KiCad</a></li>
</ol>
<h3 id="asn1-vulnerability">ASN.1 Vulnerability</h3>
+ <p>Following the decision of <abbr title="National Institute for
+ Standards and Technology">NIST</abbr> to deprecate usage of SMS in
+ two-factor authentication (we'll come back on this in an upcoming
+ installment), this vulnerability disclosure confirms the interest
+ of the unique design of Neo900 that isolates the baseband chip
+ from power supply, making it dependent on the <abbr title="Central
+ Processing Unit">CPU</abbr> (and the <abbr title="Operating
+ System">OS</abbr>) to access anything else on the system, and
+ preventing remote activation of the chip in the first place.</p>
+
<p>Lucas Molas of <em>Programa STIC</em> discovered a <cite>Heap
memory corruption in ASN.1 parsing code generated by Objective
Systems Inc. ASN1C compiler for C/C++</cite> potentially affecting
@@ -74,10 +89,11 @@
our <a href="https://neo900.org/news/paypal-resumes-neo900-sources-again">last
communication</a> we noted that <q><strong>Neo900 is the only
phone that provides a hardware protection from remote activation
- of the baseband chip</strong></q>, making it <strong>immune by
- design</strong> to this class of vulnerability.</p>
+ of the baseband chip</strong></q>. Therefore this vulnerability
+ that potentially plagues all commercial phones on the planet,
+ won't affect Neo900.</p>
- <p>Our exclusive Neo900 design is more valuable than ever!</p>
+ <p>Our exclusive Neo900 design is more valuable than ever!</p>
<h3 id="more-n900-sourcing">More N900 Sourcing</h3>
@@ -117,15 +133,17 @@
<p>When Joerg took charge of the Neo900 project, the electronics
design was made with Eagle, and was updated using that tool ever
- since. Nikolaus, of OpenPandora fame, was the Eagle virtuoso,
- but our communication with his company, Golden Delicious, was
- hampered for a long time by incompatible tools and workflow.</p>
-
- <p>In 2016, Nikolaus faded away from Neo900, absorbed by Neo900's
- sister project <a href="https://pyra-handheld.com">Pyra</a>.
- Just a few weeks ago he confirmed that he couldn't follow up on
- the layout for Neo900, which prompted Joerg and Werner to
- consider alternatives.</p>
+ since. Nikolaus Schaller, of OpenPandora fame, was the Eagle
+ virtuoso, but our communication with his company, Golden
+ Delicious, was hampered for a long time by incompatible tools and
+ workflow.</p>
+
+ <p>In 2016, Nikolaus faded away from Neo900, absorbed by the
+ finishing touch to Neo900's sister
+ project <a href="https://pyra-handheld.com">Pyra</a>. Just a few
+ weeks ago he confirmed that he couldn't follow up on the layout
+ for Neo900, which prompted Joerg and Werner to consider
+ alternatives.</p>
<p>In the <abbr title="Electronics Design Automation">EDA</abbr>
market, besides Eagle, there's Altium. But Altium has the same
@@ -150,12 +168,13 @@
<h4>How does the move to KiCad influence Neo900 development?</h4>
<p>The only major downside comes from the reduced access to
- Nikolaus' OMAP know-how, although we hope Nikolaus will be able to
- review our work. On the other hand, we're no longer slowed down
- by uncertainty with regard to the future role of Golden Delicious
- in Neo900: this caused change requests to pile up, and we used
- white papers as a means of documenting what we couldn't change in
- the schematics in a timely manner.</p>
+ Nikolaus' <abbr title="Open Multimedia Applications
+ Platform">OMAP</abbr> know-how, although we hope he will be able
+ to review our work. On the other hand, we're no longer slowed
+ down by uncertainty with regard to the future role of Golden
+ Delicious in Neo900: this used to cause change requests to pile
+ up, and we used white papers as a means of documenting what we
+ couldn't change in the schematics in a timely manner.</p>
<p>That gives us wings: with KiCad, we can now provide a more
transparent development process and can now operate in a more
@@ -163,7 +182,18 @@
actually needs explaining.</p>
<p>We found out that KiCad's routing capabilities are superior to
- Eagle's. [anything to add there?] </p>
+ Eagle's:</p>
+
+ <figure>
+ <iframe width="560" height="315" src="https://www.youtube.com/embed/CCG4daPvuVI" frameborder="0" allowfullscreen></iframe>
+ <figcaption>
+ <a href="https://www.youtube.com/watch?v=CCG4daPvuVI">Demo of the KiCad router</a>
+ </figcaption>
+ </figure>
+
+ <p>Moving to KiCad proved to be quite
+ an <a href="https://www.youtube.com/watch?v=d5oO6fiyB7o">improvement
+ over that</a>.</p>
<h4>What's the progress on converting Neo900 schematics from Eagle
to KiCad?</h4>
@@ -174,7 +204,10 @@
and <a href="https://bugs.launchpad.net/kicad/+bug/1154131/comments/9">also
in KiCad</a>.)</p>
- <p>In the coming weeks we're going to work on incorporating material <em>parked</em> in whitepapers (see above), [maybe leave that alone for now:] define the BB-mX interface for prototype v2 (...)</p>
+ <p>In the coming weeks we're going to work on incorporating
+ material <em>parked</em> in whitepapers (see above), [maybe leave
+ that alone for now:] define the BB-mX interface for prototype v2
+ (...)</p>
<p>...</p>