~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Firmware Update
- March 6, 2014
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
in this issue
-- Apple's #gotofail SSL Security Bug was Easily Preventable
-- Upcoming Hands-on Embedded C Training Courses
-- The Internet of Things is Wildly Insecure
-- Embedded Systems Conference Keynote 2014
-- Industry News That's Not Boring

Firmware Update is a free newsletter by embedded guru Michael Barr. This issue is Copyright 2014 by Barr Group, but may be reprinted for non-commercial purposes. Please forward it to colleagues who may benefit from the information.


Apple's #gotofail SSL Security Bug was Easily Preventable
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Apple recently posted urgent security updates for users of devices running iOS 6, iOS 7, and OS X 10.9 (a/k/a Mavericks). These updates were prompted by a critical bug, which has apparently been lurking for over a year, in Apple's implementation of SSL/TLS.

If programmers at Apple had simply followed a couple of the rules in the Embedded C Coding Standard, they could have prevented this very serious `goto fail` SSL bug from entering their operating systems. Take a look at the programming mistakes involved and the easy-to-follow coding standard rules that could have easily prevented the bug.

Learn more...


Upcoming Hands-on Embedded C Training Courses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Embedded Software Boot Camp As you plan your April and May work schedule, take note that Barr Group will present three week-long training courses to upgrade the skills of embedded systems engineers. Each course consists of a series of detailed lectures and challenging but fun hands-on programming exercises. Register now to save your seat and take advantage of the early registration discount. Group discounts are also available.

Register now...


The Internet of Things is Wildly Insecure
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In the words of security guru and blogger Bruce Schneier "The Internet of Things is Wildly Insecure - and Often Unpatchable". As Bruce describes the current state of affairs in a recent article in Wired:

"We're at a crisis point now with regard to the security of embedded systems, where computing is embedded into the hardware itself - as with the Internet of Things. These embedded computers are riddled with vulnerabilities, and there's no good way to patch them."

I agree with Bruce and like to see mainstream security gurus talking about embedded systems. I recommend you read the whole article.

Read on...


Embedded Systems Conference Keynote 2014
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
On Tuesday April 1, I'll be keynoting the Embedded Systems Conference (a.k.a., EELive) at the San Jose Convention Center. Here's a summary of my talk:

"Embedded Software's Greatest Hit Jobs: High-profile accidents, such as Therac-25, have established that embedded software can be lethal. As embedded software's size and complexity continue to increase rapidly, user safety increasingly relies upon safe and reliable firmware implementations. Nowhere is this more evident than in the automotive industry, where self-driving vehicles are a much-hyped and potentially invaluable part of our future."

Special registration prices for the conference are still (though barely) available. To get $200 off, plug in the promo code "Edit" when you sign up.

Attend ESC...


Industry News That's Not Boring
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FDA: ~20% medical device recalls related to software (2005-2011) "Software-Related Recalls: An Analysis of Records" http://www.aami-bit.org/doi/abs/10.2345/0899-8205-47.6.514

The Lost Art of C Structure Packing http://www.catb.org/esr/structure-packing/

Isaac Asimov's predictions for 2014 (made 50 years ago). http://ow.ly/sciIM

11 Inexpensive Portable Test Tools http://www.eetimes.com/document.asp?doc_id=1320482

Gabotronics' $150 Oscilloscope/Logic Analyzer Watch! http://www.gabotronics.com/oscilloscopes/oscilloscope-watch.htm

The sunshine hitting Texas in one month contains more energy than all the oil and gas ever pumped out of the state. http://www.abb-conversations.com/2013/12/7-impressive-solar-energy-facts-charts/

The first key step in effective code commenting is descriptive variable, parameter, and function names. http://goo.gl/Qhfaf

Everything you need to know to hack your own firmware for the Sony SmartWatch. http://developer.sonymobile.com/services/open-smartwatch-project/

Turns out microSD cards are embedded systems and, when running hacked firmware, can host man-in-the-middle attacks. Details: http://www.bunniestudios.com/blog/?p=3554

"Do Not Re-Enable Interrupts In An ISR" http://feedproxy.google.com/~r/BetterEmbeddedSystemSw/~3/1A6TZLcLKfk/do-not-re-enable-interrupts-in-isr.html

Welcome to the "Internet of [unmaintained, insecure, & dangerously hackable] Things." http://arstechnica.com/gadgets/2014/01/smart-tvs-smart-fridges-smart-washing-machines-disaster-waiting-to-happen/

A first look at the Target POS malware, which was targeting embedded v's of Windows. http://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/

Here's the answer to all those who've ever asked, "Which is more secure, open source or proprietary?" (Short version: neither.) http://arstechnica.com/security/2014/03/critical-crypto-bug-leaves-linux-hundreds-of-apps-open-to-eavesdropping/

"NHTSA doesn't have a process safety standard to ensure the validity and safety of computers embedded in cars." http://www.judiciary.senate.gov/pdf/11-7-13DitlowTestimony.pdf

Barr Group engineers read Toyota's engine source code and "found what NASA would've found had it not been shut down" http://www.judiciary.senate.gov/pdf/11-7-13DitlowTestimony.pdf

Twitter feed...


Quick Links
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • Most Popular Embedded Gurus Blog Posts of 2013
  • Embedded Software Training Kits
  • FREE How-To Article Library on Embedded Software
  • Book: Embedded C Coding Standard


  • Contact Information
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    phone: 866.65.EMBED
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~