summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhellekin <hellekin@dyne.org>2016-07-31 14:07:09 +0000
committerhellekin <hellekin@dyne.org>2016-07-31 14:07:09 +0000
commit5e4cf3887c6b0a2a341abf5070e75c76cbdc2f8f (patch)
tree171ee049edf1abaf2448e1ed325efd5c3925a937
parent5cd0e56b179ad4edeccfa3ed90528502fd60d7ac (diff)
downloadwww-5e4cf3887c6b0a2a341abf5070e75c76cbdc2f8f.tar.gz
www-5e4cf3887c6b0a2a341abf5070e75c76cbdc2f8f.tar.bz2
www-5e4cf3887c6b0a2a341abf5070e75c76cbdc2f8f.zip
Add preview of next blog article 0021
-rw-r--r--content/0021-migrating-away-from-eagle-to-kicad.html110
1 files changed, 110 insertions, 0 deletions
diff --git a/content/0021-migrating-away-from-eagle-to-kicad.html b/content/0021-migrating-away-from-eagle-to-kicad.html
new file mode 100644
index 0000000..1886043
--- /dev/null
+++ b/content/0021-migrating-away-from-eagle-to-kicad.html
@@ -0,0 +1,110 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <meta charset="UTF-8" name="charset"><!-- pelican??? -->
+ <title> Migrating away from Eagle, to KiCad </title>
+ <meta name="date" content="2016-08-01 13:00:00">
+ <meta name="last modified" content="2016-08-01 13:00:00">
+ <meta name="keywords" content="neo900, eagle, kicad, n900, donation">
+ <meta name="authors" content="hellekin">
+ <meta name="description" content="Neo900 schematics now using free software KiCAD.">
+ </head>
+
+ <body>
+
+ <p class="lead">
+ The Neo900 team decided to move away from proprietary software
+ Eagle and converted its schematics production to the KiCad
+ open-source Electronics Design Automation
+ (<abbr title="Electronics Design Automation">EDA</abbr>) suite.
+ </p>
+
+ <h2>Contents</h2>
+
+ <ol>
+ <li><a href="#asn1-vulnerability">ASN.1 Vulnerability</a></li>
+ <li><a href="#more-n900-sourcing">More N900 Sourcing</a></li>
+ <li><a href="#feature">From Eagle to KiCad</a><li>
+ </ol>
+
+ <h3 id="asn1-vulnerability">ASN.1 Vulnerability</h3>
+
+ <p>Lucas Molas of <em>Programa STIC</em> discovered a <cite>Heap
+ memory corruption in ASN.1 parsing code generated by Objective
+ Systems Inc. ASN1C compiler for C/C++</cite> potentially affecting
+ billions of phone users worldwide. The proprietary software
+ vendor received a bug report via <em>plain text email</em> on
+ June, 1<sup>st</sup>, 2016, according to
+ the <a href="https://github.com/programa-stic/security-advisories/ObjSys/CVE-2016-5080/">CVE-2016-5080</a>
+ released on July, 18<sup>th</sup>, 2016 to the public in a
+ coordinated release with the vendor.</p>
+
+ <blockquote>Abstract Syntax Notation One (ASN.1) is a technical
+ standard and formal notation that describes rules and structures
+ for representing, encoding, transmitting, and decoding data in
+ telecommunications and computer networking.</blockquote>
+
+ <blockquote>A vulnerability found in the runtime support libraries
+ of the ASN1C compiler for C/C++ from Objective Systems Inc. could
+ allow an attacker to remotely execute code in software systems,
+ including embeded software and firmware, that use code generated
+ by the ASN1C compiler. The vulnerability could be triggered
+ remotely without any authentication in scenarios where the
+ vulnerable code receives and processes ASN.1 encoded data from
+ untrusted sources, these may include communications between
+ mobile devices and telecommunication network infrastructure
+ nodes, communications between nodes in a carrier's network or
+ across carrier boundaries, or communication between mutually
+ untrusted endpoints in a data network.</blockquote>
+
+ <p>The proprietary software vendor released a hot patch (v7.0.1)
+ available upon request to their customers, and will integrate the
+ fix in the upcoming v7.0.2 of their compiler.</p>
+
+ <p>On July, 1<sup>st</sup>, Programa STIC mentioned that <q>memory
+ corruption bugs in ASN.1 related components of an LTE stack have
+ been announced or hinted at in several infosec conference
+ presentations over the past few weeks and its likely the same or
+ similar bugs will become public soon.</q></p>
+
+ <h4>How is Neo900 Affected?</h4>
+
+ <p>In
+ our <a href="https://neo900.org/news/paypal-resumes-neo900-sources-again">last
+ communication</a> we noted that <q><strong>Neo900 is the only
+ phone that provides a hardware protection from remote activation
+ of the baseband chip</strong></q>, making it <strong>immune by
+ design</strong> to this class of vulnerability.</p>
+
+ <p>Our exclusive Neo900 design is more valuable than ever!</p>
+
+ <h3 id="more-n900-sourcing">More N900 Sourcing</h3>
+
+ <p>After dowsing for a while, our boots in China confirmed the
+ source mentioned previously! We already received 20 more N900
+ units responding to our quality criteria for enduring the
+ metamorphosis into brand new Neo900 units for you lucky (and
+ patient) early birds. 20 more units are on the way, and we
+ expect more to come. We're already at XXX units and
+ counting.</p>
+
+ <p>Again, if you know where to find some affordable stocks of N900
+ units,
+ please <a href="mailto:contact@neo900.org?Subject=N900%20Stock">contact
+ us</a>!</p>
+
+ <h3 id="feature">From Eagle to KiCad</h3>
+
+ <p>...</p>
+
+ <p>Thank you for your attention,</p>
+
+ <p>&ndash; hellekin for the Neo900 team</p>
+
+ <p>P.S.: Feedback is welcome! Did you enjoy reading this post?
+ What else should it have covered? What do you want to read in the
+ news? You can tell me: hellekin at neo900 dot org, or in the
+ comments.</p>
+
+</body>
+</html>