"When one teaches, two learn." --Robert Heinlein

In this issue:

  • Could you Prove your Product is Secure?
  • Download Barr Group's UPDATED Embedded C Coding Standard
  • Is it a Bug or an Error?
  • Further Develop Your Embedded Programming Skills this Spring
  • Industry News That's Not Boring

Firmware Update is a free, monthly-ish newsletter by embedded systems expert Michael Barr. Firmware Update is a trademark and this issue is Copyright ©2019. You may forward whole issues to colleagues that design embedded systems.  No other uses are permitted.


Could you Prove your Product is Secure?

Earlier this month, telecom equipment powerhouse Huawei debuted a "Cyber Security Transparency Center" in the capital city of the European Union.  If you've been following the headlines, you will recall that the Shenzhen-based company has been under pressure from the U.S. government, which alleges it is an agent of spying on behalf of China and will no longer purchase its products.  Furthermore, the company's CFO has been arrested in Canada on charges of violating economic sanctions against Iran, North Korea, and Syria.

So what does Huawei hope to prove by way of this new "transparency"?  For one thing, that allegations of secret “back doors” for espionage in its network equipment are speculative and do not comport with reality.  The company announced that at the new center in Brussels, its customers and their independent security experts will be permitted to review Huawei’s source code.

But what does this actually mean?  Is all of the source code present?  How will researchers be able to validate that it's all there and the right code?  And, at least as importantly, is the hardware--including custom CPUs--on which all that software runs free from backdoors?  Are those designs there too?

Full story at EETimes... (in which I am quoted)

Download Barr Group's UPDATED Embedded C Coding Standard

BARR-C:2018First published ten years ago, the rules in my book Embedded C Coding Standard are followed by embedded software developers who want to reduce time spent during the debugging stage of their projects as well as improve the maintainability and portability of their source code.  In this updated "BARR-C:2018" edition, we've eliminated our few prior conflicts with the MISRA-C subset of C for use in safety-critical systems--so that these popular bug-killing standards can be used in combination.

Followers of earlier versions of BARR-C will find that little has changed about the rules themselves. However, many rule clarifications were added along with new code examples. 

Download now... (the PDF is free)

Is it a Bug or an Error?

Probably you’ve heard the story of how Adm. Grace Hopper attached a moth that was dislodged from a relay in the Harvard Mark II mainframe to an engineering notebook and labeled it the “First actual case of bug being found.”  

Designers of electronics, including Thomas Edison, had been using the term bug for decades. But it was mostly after this amusing 1947 event hat the use of words like “bugs” and “debugging” took off in the emerging software realm.

So why is it that if a bridge collapses we say it was a failure of the design and not attributable to a mere “bug”? As if it were an external force or an act of god that caused the failure? Why do only software engineers get this linguistic pass when failures are caused by their mistakes the same as other types of engineers?

Read on... (and let us know what you think!)

Further Develop Your Embedded Programming Skills this Spring

There are a number of opportunities to learn firmware development best practices in coming months:

Consult the full training calendar for prices and other details.

Alternatively, consider bringing an instructor to your office for an on-site training for your whole team.  Teams of five or more usually find this is more cost effective than attending public courses.

Register today... (beware: current early pricing ends soon) 

Industry News That's Not Boring

An exclusive inside look at Apple's original iPhone prototype, in all its glory: https://t.co/qkRPYa2MBs

U.S. Congress introduces a bill to regulate Internet-of-Things device security: https://t.co/wMturX4hpf

When your product relies on the Internet to work properly, you lose control of reliability.  Just ask Nike: https://t.co/bLcljh2WQD

Uber won't be charged in fatal self-driving vehicle crash, though the backup human "driver" might be: https://t.co/K74llY5daB

Say farewell to talking to Alexa and hello to gadgets listening to the voice in your head: https://t.co/RQK6Dr2rft

One interesting detail about those deadly 737 MAX-8 crashes... when the second happened, the worldwide fleet was awaiting an overdue software update promised by Boeing after the first: https://t.co/s24ldsXXqh


Quick Links to Useful Stuff