"When one teaches, two learn." --Robert Heinlein
In this issue:
- Could you Prove your Product is Secure?
- Download Barr Group's UPDATED Embedded C Coding Standard
- Is it a Bug or an Error?
- Further Develop Your Embedded Programming Skills this Spring
- Industry News That's Not Boring
Firmware Update is a free, monthly-ish newsletter by embedded systems expert Michael Barr. Firmware Update is a trademark and this issue is Copyright ©2019. You may forward whole issues to colleagues that design embedded systems. No other uses are permitted.
Could you Prove your Product is Secure?
Earlier this month, telecom equipment powerhouse Huawei debuted a "Cyber Security Transparency Center" in the capital city of the European Union. If you've been following the headlines, you will recall that the Shenzhen-based company has been under pressure from the U.S. government, which alleges it is an agent of spying on behalf of China and will no longer purchase its products. Furthermore, the company's CFO has been arrested in Canada on charges of violating economic sanctions against Iran, North Korea, and Syria.
So what does Huawei hope to prove by way of this new "transparency"? For one thing, that allegations of secret “back doors” for espionage in its network equipment are speculative and do not comport with reality. The company announced that at the new center in Brussels, its customers and their independent security experts will be permitted to review Huawei’s source code.
But what does this actually mean? Is all of the source code present? How will researchers be able to validate that it's all there and the right code? And, at least as importantly, is the hardware--including custom CPUs--on which all that software runs free from backdoors? Are those designs there too?
Full story at EETimes... (in which I am quoted)
Download Barr Group's UPDATED Embedded C Coding Standard
First published ten years ago, the rules in my book Embedded C Coding Standard are followed by embedded software developers who want to reduce time spent during the debugging stage of their projects as well as improve the maintainability and portability of their source code. In this updated "BARR-C:2018" edition, we've eliminated our few prior conflicts with the MISRA-C subset of C for use in safety-critical systems--so that these popular bug-killing standards can be used in combination.
Followers of earlier versions of BARR-C will find that little has changed about the rules themselves. However, many rule clarifications were added along with new code examples.
Download now... (the PDF is free)
Is it a Bug or an Error?
Probably you’ve heard the story of how Adm. Grace Hopper attached a moth that was dislodged from a relay in the Harvard Mark II mainframe to an engineering notebook and labeled it the “First actual case of bug being found.”
Designers of electronics, including Thomas Edison, had been using the term bug for decades. But it was mostly after this amusing 1947 event hat the use of words like “bugs” and “debugging” took off in the emerging software realm.
So why is it that if a bridge collapses we say it was a failure of the design and not attributable to a mere “bug”? As if it were an external force or an act of god that caused the failure? Why do only software engineers get this linguistic pass when failures are caused by their mistakes the same as other types of engineers?
Read on... (and let us know what you think!)
Further Develop Your Embedded Programming Skills this Spring
There are a number of opportunities to learn firmware development best practices in coming months:
- Embedded Systems Programming in C++ (April 8-11)
- Embedded Software Boot Camp® (May 6-9)
- Software Reverse Engineering and Security Analysis (May 13-15)
- Embedded Android® Boot Camp (May 20-23)
- Embedded Security Boot Camp® (June 3-6)
- Test-Driven Development (TDD) & Agile (June 10-12)
Alternatively, consider bringing an instructor to your office for an on-site training for your whole team. Teams of five or more usually find this is more cost effective than attending public courses.
Register today... (beware: current early pricing ends soon)
Industry News That's Not Boring
An exclusive inside look at Apple's original iPhone prototype, in all its glory: https://t.co/qkRPYa2MBs
U.S. Congress introduces a bill to regulate Internet-of-Things device security: https://t.co/wMturX4hpf
When your product relies on the Internet to work properly, you lose control of reliability. Just ask Nike: https://t.co/bLcljh2WQD
Uber won't be charged in fatal self-driving vehicle crash, though the backup human "driver" might be: https://t.co/K74llY5daB
Say farewell to talking to Alexa and hello to gadgets listening to the voice in your head: https://t.co/RQK6Dr2rft
One interesting detail about those deadly 737 MAX-8 crashes... when the second happened, the worldwide fleet was awaiting an overdue software update promised by Boeing after the first: https://t.co/s24ldsXXqh
Quick Links to Useful Stuff
How to Contact the Author
I'm always interested in hearing from embedded systems designers and happy to take a few minutes to help you find the resources to get a design done right. Send me an email anytime. And be sure to also connect with me on Twitter (@embeddedbarr) and LinkedIn (https://linkedin.com/in/embeddedbarr).