Embedded Muse 148 Copyright 2007 TGG August 27, 2007
You may redistribute this newsletter for noncommercial purposes. For commercial use contact email@example.com.
EDITOR: Jack Ganssle, firstname.lastname@example.org
- Editor’s Notes
- Secure Software
- Tools and Tips
- Joke for the Week
- About The Embedded Muse
Did you know it IS possible to create accurate schedules? Or that most projects consume 50% of the development time in debug and test, and that it’s not hard to slash that number drastically? Or that we know how to manage the quantitative relationship between complexity and bugs? Learn this and far more at my Better Firmware Faster class, presented at your facility. See http://www.ganssle.com/classes.htm .
I’ll be speaking at the new Embedded Systems Conference in Bangalore, India in October, the always-fun East coast show in Boston in mid-September, and at Oredev in Malmo, Sweden in November. In addition, Omniscient International is sponsoring the class in Singapore and Malaysia in October (see http://omniscient-intl.com/).
I’m always peppered with email from companies looking for consultants. A lot of Muse subscribers are. Why not send me your profile so I can connect folks based on their services? Send your specialties and geographic region.
The sheer number of blogs is overwhelming. It’s hard to find any worth following. But Steve Leibson’s at http://www.edn.com/index.asp?layout=blog&blog_id=980000298 is always interesting. He’s also a big fan of the history of this industry, and serves as a docent at The Computer History Museum (http://www.computerhistory.org/ ) in Mountain View, CA. When he gave me a tour he told me that for most folks it’s only an hour. But for us, figure on three. And what a tour it was. If you’re out there it’s a must-see.
I enjoyed an article in the August 2007 issue of IEEE Computer. Les Hatton, noted software researcher wrote “The Chimera of Software Quality.” A particularly noteworthy excerpt: “Computer Science regrettably operates in a largely measurement-free zone. Researchers do few experiments, and even fewer publish their results. … As a result, software development isn’t an engineering industry, but a fashion industry populated by unquantifiable statements and driven by marketing needs. We are exhorted to develop using JavaBeans, OO, or UML because these technologies will supposedly fulfill our wildest dreams.”
In fact, last week Forbes magazine had an article (http://www.forbes.com/security/2007/08/22/scada-hackers-infrastructure-tech-security-cx_ag_0822hack.html ) about hacking the SCADA systems that control all sorts of industrial processes, including nuclear power plants. These are all traditional embedded systems, some of quite of ancient heritage. Some are connected to the Internet.
A few companies, like Green Hills, are aggressively creating products positioned to deal with these threats, but they are in the minority. Clearly, secure embedded technology will become a huge issue in the next few years.
Rod Chapman of Praxis and SPARK fame sent me a link to a new report called Software Security Assurance (http://iac.dtic.mil/iatac/download/security.pdf ). It’s very long (396 pages) but is absolutely topical. Like all of these things it’s wordy and full of acronym soup, but does make some interesting and important points. A lot is less useful, but everyone should read the section starting on page 170 about design principles for secure software. There’s nothing startling there, but somehow these ideas continue to be neglected.
The table on pages 139-140 offers a great summary of what makes good requirements.
The report is really a compendium of pointers to other sources. I recommend at least a quick look at it.
Tools and Tips
Greg Bollendonk and I corresponded about his search for a SEC/DED EDAC algorithm. He found some useful resources: “We found a good reference for 32-bit SEC/DED EDAC (Hamming code) algorithms in Hacker's Delight by Henry S. Warren, Jr. (Addison-Wesley, 2003). This book contains a collection of programming tricks the author ran across over his career, and sells for $32.61 on Amazon. The author is a PhD in computer science and worked 40 years at IBM; it looks like he is currently working on the Blue Gene petaflop computer project.
“Lots of good stuff here - http://www.hackersdelight.org/
“Of particular note is CRC and Hamming code algorithms -
“The Hamming code example (hamming.c) includes a test driver that generates a series of random 32-bit data words, corrupts them (or their parity bits) by altering 0, 1, or 2 bits, and checks the corrected value.”
Gene Glick sent this: “Regarding free tools, are you aware of the gEda stuff? Although it's all Linux based, there's a ton of goodness there (schematic entry, spice, Verilog simulator, PCB layout, et. al). Support is via a very active mail list (btw, the list community contains people from a very large background, asking questions to just about anything will get an answer) Go check out www.geda.seul.org
“I totally agree about LT Switcher Cad. I use it constantly. Yes, third party models integrate just fine - although you have to go beyond the GUI to make them work, sometimes - which requires at least a small underlying understanding of spice syntax. Also, I have found Mike E. to be very knowledgeable and quick to answer all questions about switcher cad.”
Joke for the Week
Bob Paddock sent this link to a good cartoon about compiling: http://xkcd.com/303/