EmbeddedRelated.com
Forums

STM CORTEX M3

Started by justme February 25, 2011
In article <135c30ac-cbc6-4b27-91ae-c00840262314
@o7g2000prn.googlegroups.com>, d_s_klein@yahoo.com says...
> > On Feb 28, 2:33&#4294967295;pm, Mark Borgerson <mborger...@comcast.net> wrote: > > In article <d85cf734-cef1-4216-97ea-2e4caba1f752@ > > 22g2000prx.googlegroups.com>, d_s_kl...@yahoo.com says... > > > > > > > > > On Feb 25, 12:37 pm, Simon Clubley <clubley@remove_me.eisner.decus.org- > > > Earth.UFP> wrote: > > > > On 2011-02-25, NeedCleverHandle <d_s_kl...@yahoo.com> wrote: > > > > > > As well as the fact I've found Flash based websites to be bloated and slow, > > > > especially when you try browsing them from a mobile internet connection > > > > which I do a good portion of the time, I also refuse to open my machines > > > > to a major source of malware (given Flash's security history). > > > > > There are a number of viruses that are installed with flash scripts. > > > No sane person would ever require flash to view a web site. > > > > > Gee, wouldn't you want your chip vendor to be sane? > > > > > RK > > > > There are also viruses that are installed with PDF documents. &#4294967295;Does that > > mean that we should avoid PDF files from chip vendors? &#4294967295; ;-) > > > > The problem with flash on a web site has nothing to do with virus > > vulnerability. &#4294967295; I'm convinced that almost any data format can > > be used to transmit a virus. &#4294967295; The problem with flash is that it > > really &#4294967295;isn't necessary to provide engineers with appropriate data. > > > > Mark Borgerson > > Through PDF? Really? Is there an example that will survive > snopes.com? With PDF one can control the active content. Not so with > flash.
http://blogs.pcmag.com/securitywatch/2010/04/pdf_virus_demonstrated.php http://news.cnet.com/2100-1001-271267.html http://www.brighthub.com/computing/enterprise- security/articles/76970.aspx
> > But I think that we are in agreement that the use of flash on the ST > web site is "wrong". >
True. Mark Borgerson
On 28/02/11 23:51, Jon Kirwan wrote:
> On Mon, 28 Feb 2011 14:33:44 -0800, Mark Borgerson > <mborgerson@comcast.net> wrote: > >> In article<d85cf734-cef1-4216-97ea-2e4caba1f752@ >> 22g2000prx.googlegroups.com>, d_s_klein@yahoo.com says... >>> >>> On Feb 25, 12:37 pm, Simon Clubley<clubley@remove_me.eisner.decus.org- >>> Earth.UFP> wrote: >>>> On 2011-02-25, NeedCleverHandle<d_s_kl...@yahoo.com> wrote: >>>> >>>> As well as the fact I've found Flash based websites to be bloated and slow, >>>> especially when you try browsing them from a mobile internet connection >>>> which I do a good portion of the time, I also refuse to open my machines >>>> to a major source of malware (given Flash's security history). >>>> >>> >>> There are a number of viruses that are installed with flash scripts. >>> No sane person would ever require flash to view a web site. >>> >>> Gee, wouldn't you want your chip vendor to be sane? >>> >>> RK >> There are also viruses that are installed with PDF documents. Does that >> mean that we should avoid PDF files from chip vendors? ;-) >> >> The problem with flash on a web site has nothing to do with virus >> vulnerability. I'm convinced that almost any data format can >> be used to transmit a virus. The problem with flash is that it >> really isn't necessary to provide engineers with appropriate data. >> >> >> Mark Borgerson > > I can view PDF by tranferring them to the Kindle and mitigate > the risk. Now that I mention it, I suppose I could view web > pages over a smart cell phone if it supports flash and > mitigate the risk there, too. So I suppose there are > options. >
pdf's are perfectly safe as long as you use a safe pdf reader, and as long as you disable javascript on the reader. Basically, avoid Acrobat Reader. Any Linux reader (such as evince) is safe, as are all other Windows readers that I know of. Something like Foxit reader is free, safe, and /much/ faster than Acrobat.
> But to be honest, I really would like to see web pages > designed to work well with Lynx. So that if I choose, I > could avoid flash and animations and silverlight and so on > and get by just fine in a dos box viewing the web. >
Support for Lynx is not going to happen. Next you'll be wanting datasheets in txt format, not pdf, and films optimised for viewing ona black and white TV. I agree entirely about avoiding flash, etc., - except for parts of the site where it is actually useful - but making pages Lynx-friendly is an unreasonable request. Flashblock will stop the flash and other nonsense, when they are not /required/ to view a page.
> I'm not happy being forced into using flash or silverlight to > access chip vendor content. >
I agree. It's okay to add flash to /enhance/ a site - there are things that cannot be done well with HTML (though HTML 5 gives more scope), and sometimes flash can be useful - but as an extra, not a requirement. Silverlight is an abomination and has no place on a website.
> Jon
On 01/03/2011 03:01, NeedCleverHandle wrote:
> On Feb 28, 2:33 pm, Mark Borgerson<mborger...@comcast.net> wrote: >> In article<d85cf734-cef1-4216-97ea-2e4caba1f752@ >> 22g2000prx.googlegroups.com>, d_s_kl...@yahoo.com says... >> >> >> >>> On Feb 25, 12:37 pm, Simon Clubley<clubley@remove_me.eisner.decus.org- >>> Earth.UFP> wrote: >>>> On 2011-02-25, NeedCleverHandle<d_s_kl...@yahoo.com> wrote: >> >>>> As well as the fact I've found Flash based websites to be bloated and slow, >>>> especially when you try browsing them from a mobile internet connection >>>> which I do a good portion of the time, I also refuse to open my machines >>>> to a major source of malware (given Flash's security history). >> >>> There are a number of viruses that are installed with flash scripts. >>> No sane person would ever require flash to view a web site. >> >>> Gee, wouldn't you want your chip vendor to be sane? >> >>> RK >> >> There are also viruses that are installed with PDF documents. Does that >> mean that we should avoid PDF files from chip vendors? ;-) >> >> The problem with flash on a web site has nothing to do with virus >> vulnerability. I'm convinced that almost any data format can >> be used to transmit a virus. The problem with flash is that it >> really isn't necessary to provide engineers with appropriate data. >>
Data formats in themselves are not the problem, but the programs that interpret that data can have security problems. Typically you have specially mal-formed data files combined with bugs in the interpreting program to cause buffer overflows, stack faults, etc., which results in the system executing part of the "data" as code. Or you have a file format that supports some sort of scripting (say, javascript in pdf files) combined with bugs or sandboxing flaws in the interpreting program. There are also a number of formats that are considered "data" formats, but actually can contain code. People thought of "doc" as a data format until the first MS Word viruses (but remember, the flaw was in MS word - not the doc format). Microsoft is an expert at this - for example, their font file format is actually a DLL format, and therefore executable. I haven't heard of any font-file viruses, but the infrastructure for them has been supported by MS since Win3.1.
>> Mark Borgerson > > Through PDF? Really? Is there an example that will survive > snopes.com? With PDF one can control the active content. Not so with > flash. >
There are many pdf viruses/trojans around. Yes, you can control the active content by turning off javascript and other active features - but only a tiny proportion of users do so. You can also use a better pdf reader - it is only Acrobat Reader that has so many security holes and vulnerabilities.
> But I think that we are in agreement that the use of flash on the ST > web site is "wrong". > > RK
On Tue, 01 Mar 2011 07:42:32 +0100, David Brown
<david.brown@removethis.hesbynett.no> wrote:

>On 28/02/11 23:51, Jon Kirwan wrote: >> On Mon, 28 Feb 2011 14:33:44 -0800, Mark Borgerson >> <mborgerson@comcast.net> wrote: >> >>> In article<d85cf734-cef1-4216-97ea-2e4caba1f752@ >>> 22g2000prx.googlegroups.com>, d_s_klein@yahoo.com says... >>>> >>>> On Feb 25, 12:37 pm, Simon Clubley<clubley@remove_me.eisner.decus.org- >>>> Earth.UFP> wrote: >>>>> On 2011-02-25, NeedCleverHandle<d_s_kl...@yahoo.com> wrote: >>>>> >>>>> As well as the fact I've found Flash based websites to be bloated and slow, >>>>> especially when you try browsing them from a mobile internet connection >>>>> which I do a good portion of the time, I also refuse to open my machines >>>>> to a major source of malware (given Flash's security history). >>>>> >>>> >>>> There are a number of viruses that are installed with flash scripts. >>>> No sane person would ever require flash to view a web site. >>>> >>>> Gee, wouldn't you want your chip vendor to be sane? >>>> >>>> RK >>> There are also viruses that are installed with PDF documents. Does that >>> mean that we should avoid PDF files from chip vendors? ;-) >>> >>> The problem with flash on a web site has nothing to do with virus >>> vulnerability. I'm convinced that almost any data format can >>> be used to transmit a virus. The problem with flash is that it >>> really isn't necessary to provide engineers with appropriate data. >>> >>> >>> Mark Borgerson >> >> I can view PDF by tranferring them to the Kindle and mitigate >> the risk. Now that I mention it, I suppose I could view web >> pages over a smart cell phone if it supports flash and >> mitigate the risk there, too. So I suppose there are >> options. >> > >pdf's are perfectly safe as long as you use a safe pdf reader, and as >long as you disable javascript on the reader. Basically, avoid Acrobat >Reader. Any Linux reader (such as evince) is safe, as are all other >Windows readers that I know of. Something like Foxit reader is free, >safe, and /much/ faster than Acrobat.
I use Foxit, already. But I also use the Kindle reader a lot, as well. Very convenient and cheap.
>> But to be honest, I really would like to see web pages >> designed to work well with Lynx. So that if I choose, I >> could avoid flash and animations and silverlight and so on >> and get by just fine in a dos box viewing the web. > >Support for Lynx is not going to happen. Next you'll be wanting >datasheets in txt format, not pdf, and films optimised for viewing ona >black and white TV. I agree entirely about avoiding flash, etc., - >except for parts of the site where it is actually useful - but making >pages Lynx-friendly is an unreasonable request.
Well, I remember well the time when all web pages were text. If that were the case, today, I could surf quite quickly given the changes in technology I now have access to -- fiber 80Mb link, 3GHz processors, and so on. I really wouldn't mind a subset world I could access stripped of the dross. The ALT attribute for images, for example, would be nice for them to use and not hard to apply.
>Flashblock will stop the flash and other nonsense, when they are not >/required/ to view a page.
I block almost everything right now. Old habit. Harder to get by with that, these days, I admit.
>> I'm not happy being forced into using flash or silverlight to >> access chip vendor content. > >I agree. It's okay to add flash to /enhance/ a site - there are things >that cannot be done well with HTML (though HTML 5 gives more scope), and >sometimes flash can be useful - but as an extra, not a requirement. > >Silverlight is an abomination and has no place on a website.
Silverlight is Microsoft's .NET 4.0/WPF-light. They will ram it down our throats over time. In any case, I'd still like a text window on the internet. I have NOT enjoyed being dragged along unwillingly. If I want video to play or other animations and widgets active in my face, I'd like to make that choice explicitly. I'd like text access until I say otherwise. Yeah, I know. But still... Jon
On 2011-02-25, Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> wrote:
> On 2011-02-25, NeedCleverHandle <d_s_klein@yahoo.com> wrote: >> >> I didn't think it could be THAT bad. I was wrong. >> >> By the way, what browser should I use? It doesn't work with FireFox, >> Chrome, or Internet Explorer. >> > > You need Flash installed to use the ST website now which is something > I refuse to install for just one website as I do not need it for the rest > of my online activities. > > As well as the fact I've found Flash based websites to be bloated and slow, > especially when you try browsing them from a mobile internet connection > which I do a good portion of the time, I also refuse to open my machines > to a major source of malware (given Flash's security history). >
That reads as a contradiction. :-) It's using a mobile Internet connection for a good portion of the time I mean above; I've long given up on Flash based websites (I don't even need Flash for when I want a video from Youtube). There appears to have been a major change behind the scenes with the new ST website and I wonder if someone realised they are getting massively whacked in the Google rankings. When the new ST website was launched, all the links to the device specific pages were broken and you ended up with page not found errors. Now ST appears to have resurrected some device specific pages, but because of st.com's current poor Google ranking, you have to go looking for them. For example (when using https://encrypted.google.com/ as the search URL), enter STR711FR2T6 and you will not find any reference to the st.com website on the few pages. However, if you enter "STR711FR2T6 site:st.com" into Google, one of the links is for http://www.st.com/internet/mcu/product/111089.jsp and if you click on "Design support", you get a nice list of related app notes and user guides. This was not available immediately after the website launch because this is exactly what I tried to do (with this specific part number) to bypass the Flash based interface. I have tried with a couple of the Cortex part numbers but I could not find them this way. I don't know if it's because similar pages do not exist on the ST website, or if it's because Google has not yet indexed them. Simon. PS: I use the https:// google link above because it bypasses all the dynamic search results page refreshing Google has started doing. -- Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP Microsoft: Bringing you 1980s technology to a 21st century world
David Brown <david@westcontrol.removethisbit.com> wrote:

> Data formats in themselves are not the problem, but the programs that > interpret that data can have security problems.
I recommend watching the "OMG WTF PDF" presentation from the recent 27C3 event. It shows that there really is no such thing as a "well-formed" PDF file. <http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-4221-en-omg_wtf_pdf.mp4> -a
Simon Clubley <clubley@remove_me.eisner.decus.org-Earth.UFP> writes:

> On 2011-03-01, John Devereux <john@devereux.me.uk> wrote: >> Paul <paul@pcserviceselectronics.co.uk> writes:
[...]
>>> >>> A few years ago we had a debate about NXP doing something similar >> > > I remember that very clearly. :-) > > At least they didn't mess things up as much as ST have done. > >><http://www.nxp.com> fails totally for me with flash + javascript >> disabled. Just a permanent "loading page..." box. >> >> Enabling javascript does seem to let it work. >> > > True, but I never use the main NXP website when I am looking for NXP > documentation as I use Google to search websites (it's usually much > quicker than a website's own search function) and Google always seems > to point directly to the ics.nxp.com website. > >> I always use the "ICs" site <http://ics.nxp.com>, this does seem to work >> well for me, >> > > Agreed. I don't need to have Javascript enabled when browsing pages > on this website which have been indexed by Google. > > For example, I have recently been downloading a range of documentation > and example code associated with the LPC3131 and have had no problems > with this. > >> I see there is a preview of a new "beta" NXP site - now why do I get >> that sinking feeling.... ? >> >><http://beta.nxp.com/> >> >> (Actually it is at least browseable from my quick look) >> > > It's annoying that you have to enable Javascript to browse that website, > but with NoScript that's not really too much of a concern for me. My real > objection is when you have to install plugins to browse a site. > > BTW, there's one feature on this new NXP website which I really like and > that is the ability to download all related app notes/user manuals/etc for > a specific part as a combined zip file in one operation.
That is a feature of the main nxp.com site too, but I don't think it is on the ICs one. -- John Devereux
On 01/03/2011 15:09, Anders.Montonen@kapsi.spam.stop.fi.invalid wrote:
> David Brown<david.brown@removethis.hesbynett.no> wrote: >> pdf's are perfectly safe as long as you use a safe pdf reader, and as >> long as you disable javascript on the reader. Basically, avoid Acrobat >> Reader. Any Linux reader (such as evince) is safe, as are all other >> Windows readers that I know of. Something like Foxit reader is free, >> safe, and /much/ faster than Acrobat. > > Other readers have had their share of vulnerabilities as well (eg. both > Foxit and Adobe Reader used to silently run executables embedded in PDF > files, no JavaScript or exploits needed. CVE-2010-1240). PDFs have also > been used as attack vectors, for instance one iPhone jailbreak was > accomplished by exploiting a FreeType2 bug via a font embedded in a PDF. > > Adobe Reader has by far the worst track record, but claiming you're safe > just by switching to another reader is disingenuous. >
Yes, fair enough - you are not entirely safe with other readers. But you are probably a couple of orders of magnitude safer using Foxit (for example) than Acrobat Reader. One order is because Foxit simply has fewer bugs - it's small, and the developers understand it, while Acrobat Reader has grown into incredible bloatware with far more scope for problems. You get another big step up because Acrobat Reader is the most commonly used pdf reader, and it is the one targeted by malware authors.
David Brown wrote:

[...]

>Windows readers that I know of. Something like Foxit reader is free, >safe, and /much/ faster than Acrobat.
http://secunia.com/secunia_research/2011-14/ Even smaller, faster and less known is "Sumatra". Oliver -- Oliver Betz, Munich despammed.com is broken, use Reply-To: