April 2019: Boeing 737 MAX and Mirai

Welcome to the April 2019 edition of the Embedded Artistry Newsletter! This is a monthly newsletter of curated and original content to help you build superior embedded systems. This newsletter supplements the website and covers topics not mentioned there.

This month we'll cover:

  • The grounding of the Boeing 737 MAX
  • The return of the Mirai botnet
  • Embedded news from around the web
  • Embedded job postings
  • Updates to the Embedded Artistry Website

Grounding the Boeing 737 MAX

One of the largest news stories over the past month was the grounding of Boeing 737 MAX-8 and MAX-9 aircraft after an Ethiopian Airlines crash resulted in the deaths of everyone on board. This is the second deadly crash of involving a Boeing 737 MAX. A Lion Air Boeing 737 MAX-8 crashed in October 2018, also killing everyone on board. As a result of these two crashes, Boeing 737 MAX airplanes are temporarily grounded in over 41 countries, including China, the US, and Canada. Boeing also paused delivery of these planes, although they are continuing to produce them.

We've been following the Boeing 737 MAX story closely. It serves as an interesting case study on software and systems engineering, human factors, corporate behavior, and customer service.

We started writing about the Boeing 737 MAX investigation as part of the newsletter and ended up with an 8,000 word essay on the saga. We cover the problem as it is currently understood, discuss contributing factors which are common across engineering organizations, and focus on lessons we learned from researching the crashes. I hope that all of you will take the time to read the article. There are important lessons we can all learn from this tragedy.

*Note: Both the Lion Air and Ethiopian Airlines crashes are still under investigation. Ultimately, everything you are reading about these crashes and that we discuss in the article is still in the realm of speculation. However, the situation is serious enough and well-enough understood that Boeing is addressing the problem immediately.*

Mirai Returns

In 2016, the Mirai botnet was discovered after it was used in some of the largest DDoS attacks. You were probably impacted by Mirai when the Dyn attack rendered many popular sites inaccessible, such as GitHub, Twitter, Reddit, Netflix, Paypal, Fox News, CNN, and Amazon.

Mirai is malware that targeted networked IoT devices running Linux. Many companies ship devices with default usernames and passwords enabled. Mirai takes advantage of this fact by continuously scanning for vulnerable devices and using an expansive list of factory default logins. If successful, the victim’s IP and login credentials was sent back to a collection server. Devices remain infected until they are rebooted, but they are quickly re-infected if the login is unchanged.

While the original author and his compatriots pled guilty to the Mirai-related crimes, the Mirai source code was released and used by other groups.

A new variant was discovered in January and announced this month. This new variant includes new credentials and exploits. The target list has been expanded, encompassing routers, network storage devices, IP cameras, and TVs. WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs, both of which are marketed to businesses, are two devices which are specifically targeted. Enterprises are juicy targets for botnets because they typically have access to larger bandwidths, which the attackers can use to increase the impact of DDoS attacks.

As embedded systems creators, the only thing we can do to help stem the flood of compromised devices and botnet attacks is to set our own houses in order. If you are building an embedded system, change the default passwords and ensure that you are applying security patches for your devices. If a device on your business's network has a security flaw or default login that cannot be changed, you must remove it or firewall it.

For more on the new variant of Mirai:

For more on the original wave of Mirai attacks:

Around the Web

There was a lot of activity in March, so we've grouped our reading recommendations by category:

  • Product Development
  • Firmware
  • Hardware

Product Development

Kerry Scharfglass gave an absolutely wonderful talk on Design for Manufacturing. Kerry shares many of the lessons he learned the hard way about factories and manufacturing test software. If you're working on an embedded device and haven't yet been to a factory, this is a great introductory lesson and can save you a ton of pain.

The Verge published a look at the original iPhone development kit. Apple prototype development boards were the best that I've ever used as a firmware engineer - use some of these design ideas for your next dev board.

The terrible nature of IoT security has prompted Congress to introduce a bill titled The Internet of Thing Cybersecurity Improvement Act. Lawmakers are looking to legislate a bare minimum security standard that all IoT devices would have to meet. Stacey Higginbotham shared her take on the IoT bill.

Nike's self-lacing shoes stopped working after an update, even with the manual buttons. This reminds us to be extremely careful when designing products that require an Internet connection to function.

Firmware

Burkhard Stubert took a small survey of companies running demos of neural networks on microcontrollers.

Neil Tan went further and wrote a guide for running a simple neural network on MCUs. Neil's guide will enable you to train and load models on a microcontroller.

Jacob Beningo published "Minimizing energy consumption in Amazon Free RTOS applications" on Embedded.com.

Piotr Grygorczuk shared his implementation of C++ threading using FreeRTOS (std::thread, std::mutex, std::condition_variable, std::chrono, std::sleep_for, etc.).

Rud Merriam tweeted to us about his Embedding C++ series on Hackaday, where he explores the use of C++ on embedded systems.

Andreas at AndWass C++ recently started his blog. He's published three great embedded-related C++ articles:

  1. Multitasking 1 of n
  2. A Basic Scheduler
  3. Exploring A Driver Concept

Hardware

ST Micro published a great technical note addressing frequently asked questions related to Reset and Supervisor ICs.

Not sure what IoT standard to choose for your product's radio? This article from Microcontroller Tips attempts to predict the winners of the IoT radio standards war.

Embedded Job Postings

iRobot is hiring for several embedded software roles in Boston, MA and Pasadena, CA. Please check out all our open jobs here: https://irobot.wd5.myworkdayjobs.com/iRobot and email Chris Svec (csvec at irobot.com) if you'd like to learn more about building robots that help make people's lives easier.

Hiring Embedded Engineers?

Is your company hiring for embedded systems roles? Send us a short (< 100 words) job ad with a link to the description and we will be happy to include it in our newsletter.

Website Updates

We fixed broken links on our Resources for Beginners page.

We updated our Technology Radar with the latest changes in our technology stack.

We updated the following articles with new content:

New Articles

We published the following article in March:

These were our most popular articles in March:

  1. Creating a Circular Buffer in C/C++
  2. std::string vs C-strings
  3. C++ Casting, or: "Oh No, They Broke Malloc!"
  4. Installing LLVM/Clang on OSX
  5. Jenkins: Configuring a Linux Slave Node
  6. Jenkins: Running Steps as sudo
  7. Migrating from C to C++: NULL vs nullptr
  8. Jenkins: Kick off a CI Build with GitHub Push Notifications
  9. An Overview of C++ STL Containers
  10. Demystifying Microcontroller GPIO Settings

Thanks for Reading!

Have any feedback, questions, suggestions, interesting articles, or resources to recommend to other developers? Simply reply to this email!

While you're waiting for our next edition, check out the website or follow us on Twitter.

Happy hacking!

-Phillip