Embedded Muse 145 Copyright 2007 TGG April 24, 2007

You may redistribute this newsletter for noncommercial purposes. For commercial use contact jack@ganssle.com.

EDITOR: Jack Ganssle, jack@ganssle.com

- Editor’s Notes
- Security
- Cubicles
- Tools and Tips
- Jobs!
- Joke for the Week
- About The Embedded Muse

Editor’s Notes

Boston, May 4: Learn to create accurate schedules. To minimize debugging time. Manage complexity, deal with memory problems, and so much more. Join me for my Better Firmware Faster class. You’ll earn 0.7 Continuing Education Units, learn a lot, and have a bit of fun, too. Registration and other info here: https://www.ganssle.com/classes.htm , but seats are limited.

Or I can come to your facility and teach this class. See https://www.ganssle.com/brochure-onsite.pdf .

I’ve significantly updated my Testing RAM in Embedded Systems paper (https://www.ganssle.com/testingram.pdf ), specifically including information about conducting tests in the background while the main application runs.


Paul Bennett sent a link (http://www.iee.org/oncomms/sector/electronics/magazine.cfm?issueID=178&articleID=1DC1DF6E-F382-1915-6FBE1729B2CB936D ) which talks about some security research. Turns out three types of errors account for 85% of the security holes found in software. Buffer overflows, unchecked user input, and poor handling of integer type checks (i.e., overflows, etc) conspire to make code hackable.

The study was done on web/desktop software, so doesn’t directly pertain to embedded code – or does it? Till recently “security” in embedded apps mostly focused on products like ATMs which are both connected to other machines and are rich, attractive targets for the bad guys. The embedded world was more concerned with reliability: medical instrumentation, nuke plant controllers, avionics and the like were largely not connected to the ‘net, but positively, absolutely, had to work properly.

Now everything has a ‘net connection, it seems. I’m told there are even Internet-connected toasters. Not sure how that improves my toastal experience, and I doubt that a toaster will be a target worthy of hacking (“My God Ethel, those darn teenagers in Bulgaria burned my breakfast again!”). But a lot of embedded applications are attractive: in 2003 an Ohio nuclear power plant’s safety systems were brought down for 5 hours due to the scanning overloads from the Slammer worm. I’m told, by a source that has to remain confidential, that pharmaceutical factory controllers have been successfully attacked.

Though real security in desktop applications gets a lot of press, it remains elusive. I predict that in the coming years firmware will undergo its own security scandals, which may be severe indeed. If 85% of the problems stem from three relatively-simple sets of problems, surely better designs, better inspections, and better tools can easily eliminate a large swath of vulnerabilities.


An old farmer and a young farmer are standing at the fence talking about farm-lore, and the old farmer's phone starts to ring. The old farmer just keep talking about herbicides and hybrids, until the young farmer interrupts "Aren't you going to answer that?"

"What fer?" Says the old farmer.

"Why, 'cause it's ringing. Aren't you going to get it?" says the younger.

The older farmer sighs and knowingly shakes his head. "Nope". he says. Then he looks the younger in the eye to make sure he understands, "Ya see, I bought that phone for MY convenience".

Most of us regard the ringing phone as an emergency. Drop whatever you’re doing and grab it! Stop all conversation, abandon the meeting, and respond to what is all too often some salesman pushing cheap phone services.

We know better than that. Interruptions are one of the most effective productivity killers around.

For my money the most important work on software productivity in the last 20 years is DeMarco and Lister's Peopleware (1987 Dorset House Publishing, NY NY). For a decade the authors conducted coding wars at a number of different companies, pitting teams against each other on a standard set of software problems. The results showed that, using any measure of performance (speed, defects, etc.) the average of those in the 1st quartile outperformed the average in the 4th quartile by nearly a factor of 3.

Surprisingly, none of the factors you'd expect to matter correlated to the best and worst performers. Even experience mattered little, as long as the programmers had been working for at least 6 months.

Think about this. The almost minor tweak of getting some quiet time can, according to their data, multiply your productivity by 3x! That's an astonishing result. For the same salary your boss pays you now, he'd get essentially 3 of you.

The winners - those performing almost 3 times as well as the losers - had the following environmental factors:

1st Quartile 4th Quartile
Dedicated workspace 78 sq ft 46 sq ft
Is it quiet? 57% yes 29% yes
Is it private? 62% yes 19% yes
Can you turn off phone? 52% yes 10% yes
Can you divert your calls? 76% yes 19% yes
Frequent interruptions? 38% yes 76% yes

Too many of us work in a sea of cubicles, despite the clear showing how ineffective they are. It's bad enough that there's no door and no privacy. Worse is when we're subjected to the phone calls of all of our neighbors. We hear the whispered agony as the poor sod in the cube next door tries to work it out with his spouse. We try to focus on our work... but being human the pathos of the drama grabs our attention till we're straining to hear the latest development. Is this an efficient use of an expensive person's time?

Later studies by other researchers found that after an interruption it takes 15 minutes to get into a state of “flow,” that Spock-like trance where you’re one with the computer. Yet the average developer gets interrupted every 11 minutes.

Dilbert rightly calls cubes “anti-productivity pods.”

Yet the cube police will rarely listen to data and reason. They've invested in the cubes, and they've made a decision, By God! The cubicles are here to stay!

This is a case where we can only wage a defensive action. Educate your boss but resign yourself to failure. In the meantime, take some action to minimize the downside of the environment. Here are a few ideas:

* Wear headphones and listen to music to drown out the divorce saga next door.

* Turn the phone off! If it has no "off" switch, unplug the damn thing. In desperate situations attack the wire with a pair of wire cutters. Remember that a phone is a bell that anyone in the world can ring to bring you running. Conquer this madness for your most productive hours.

* Know your most productive hours. I work best before lunch; that's when I schedule all of my creative work, all of the hard stuff. I leave the afternoons free for low-IQ activities like meetings, phone calls, and paperwork.

* Disable the email. It's worse than the phone. Your two hundred closest friends who send the joke of the day are surely a delight, but if you respond to the email reader's "bing" you're little more than one of NASA's monkeys pressing a button to get a banana.

* Put a curtain across the opening to simulate a poor man's door. Since the height of the cube rather low, use a Velcro fastener or a clip to secure the curtain across the opening. Be sure others understand that when it's closed you are not willing to hear from anyone unless it's an emergency.

The ultimate irony of cubicles is that shortly before he died in 2000, Robert Propst railed against cubes, calling them “monolithic insanity.”

Robert Propst invented the cubicle.

Tools and Tips

Thor Johnson sent this: “I've been a longtime user of Target3001 (err... was 2001). At first I thought KiCad would be a decent clone for it, but I got frustrated with KiCad. http://www.ibfriedrich.com/english/index.htm

“For a hobbyist, the pricing is pretty good for small things, but now that I'm playing with higher pin count devices I am beginning to run into the limitations of my purchase (iirc, $150 for 400 pins). Their unlimited (iirc, $4K) seems to be very reasonable when compared with OrCad.

“I did like:
- Schematic & PCB are the same program. No messing with back-annotations.
- Layout lets you space things for making better user interfaces. 3D View is nifty.
- Very responsive to inquiries (fixed a few parts for me, added some features I suggested)

“I didn't like:
- Property editor not nearly as good as DesignStation (what I use at work).
- Track properties are "by track", and not "By Net Class" (working on it)
- Panelizing a circuit means you have to have a license that can handle *all* of the panels combined
- Haven't gotten the simulator to do what I want. I've been using LTSpice instead.
- Included Autorouter is brain-dead (much better one available separately).
- Included Autoplacer is almost as brain-dead.
- Parts bin is Euro-centric (aka, most Conrad parts are there. Digikey?)

“Verdict: Great for pics. Good for MSP430 QFP packages. A pain to deal with for mixed HV/LV designs. I think you're better off routing by hand or upgrading to the Electra autorouter. But cheap ;)

“I originally got mine through an outfit called Deys Electronics, but it appears that they closed. Supposedly, they're putting it into Farnell/InOne's hands, but it isn't listed yet.”


Joke for the Week

From Mason Deaver:

"I love deadlines. I like the whooshing sound they make as they fly by."

Douglas Adams, English humorist and science fiction novelist, perhaps best known for his novel "The Hitchhiker's Guide to the Galaxy".