Welcome to the April 2019 edition of the Embedded Artistry Newsletter! This is a monthly newsletter of curated and original content to help you build superior embedded systems. This newsletter supplements the website and covers topics not mentioned there.
This month we'll cover:
- The grounding of the Boeing 737 MAX
- The return of the Mirai botnet
- Embedded news from around the web
- Embedded job postings
- Updates to the Embedded Artistry Website
Grounding the Boeing 737 MAX
One of the largest news stories over the past month was the grounding of Boeing 737 MAX-8 and MAX-9 aircraft after an Ethiopian Airlines crash resulted in the deaths of everyone on board. This is the second deadly crash of involving a Boeing 737 MAX. A Lion Air Boeing 737 MAX-8 crashed in October 2018, also killing everyone on board. As a result of these two crashes, Boeing 737 MAX airplanes are temporarily grounded in over 41 countries, including China, the US, and Canada. Boeing also paused delivery of these planes, although they are continuing to produce them.
We've been following the Boeing 737 MAX story closely. It serves as an interesting case study on software and systems engineering, human factors, corporate behavior, and customer service.
We started writing about the Boeing 737 MAX investigation as part of the newsletter and ended up with an 8,000 word essay on the saga. We cover the problem as it is currently understood, discuss contributing factors which are common across engineering organizations, and focus on lessons we learned from researching the crashes. I hope that all of you will take the time to read the article. There are important lessons we can all learn from this tragedy.
*Note: Both the Lion Air and Ethiopian Airlines crashes are still under investigation. Ultimately, everything you are reading about these crashes and that we discuss in the article is still in the realm of speculation. However, the situation is serious enough and well-enough understood that Boeing is addressing the problem immediately.*
In 2016, the Mirai botnet was discovered after it was used in some of the largest DDoS attacks. You were probably impacted by Mirai when the Dyn attack rendered many popular sites inaccessible, such as GitHub, Twitter, Reddit, Netflix, Paypal, Fox News, CNN, and Amazon.
Mirai is malware that targeted networked IoT devices running Linux. Many companies ship devices with default usernames and passwords enabled. Mirai takes advantage of this fact by continuously scanning for vulnerable devices and using an expansive list of factory default logins. If successful, the victim’s IP and login credentials was sent back to a collection server. Devices remain infected until they are rebooted, but they are quickly re-infected if the login is unchanged.
A new variant was discovered in January and announced this month. This new variant includes new credentials and exploits. The target list has been expanded, encompassing routers, network storage devices, IP cameras, and TVs. WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs, both of which are marketed to businesses, are two devices which are specifically targeted. Enterprises are juicy targets for botnets because they typically have access to larger bandwidths, which the attackers can use to increase the impact of DDoS attacks.
As embedded systems creators, the only thing we can do to help stem the flood of compromised devices and botnet attacks is to set our own houses in order. If you are building an embedded system, change the default passwords and ensure that you are applying security patches for your devices. If a device on your business's network has a security flaw or default login that cannot be changed, you must remove it or firewall it.
For more on the new variant of Mirai:
- New Mirai Variant Targets Enterprise Wireless Presentation & Display Systems
- Mirai Botnet Aims to Wrap Its Tentacles Around a New Crop of IoT Devices
- Mirai Botnet Returns to Target IoT Devices
For more on the original wave of Mirai attacks:
- Krebs on Security: Mirai Botnet Articles
- Inside the Infamous Mirai IoT Botnet: A Retrospective Analysis
- Mirai (DDoS) Source Code Review
- Expect More IoT Botnet Attacks: Mirai Source Code Now Freely Available
- Justice Department Announces Charges And Guilty Pleas In Three Computer Crime Cases Involving Significant Cyber Attacks
- Mirai and Botnets Make Akamai very Concerned About the State of the Internet
- The Mirai Botnet Explained: How Teen Scammers and CCTV Cameras Almost Brought Down the Internet
Around the Web
There was a lot of activity in March, so we've grouped our reading recommendations by category:
- Product Development
Kerry Scharfglass gave an absolutely wonderful talk on Design for Manufacturing. Kerry shares many of the lessons he learned the hard way about factories and manufacturing test software. If you're working on an embedded device and haven't yet been to a factory, this is a great introductory lesson and can save you a ton of pain.
The Verge published a look at the original iPhone development kit. Apple prototype development boards were the best that I've ever used as a firmware engineer - use some of these design ideas for your next dev board.
The terrible nature of IoT security has prompted Congress to introduce a bill titled The Internet of Thing Cybersecurity Improvement Act. Lawmakers are looking to legislate a bare minimum security standard that all IoT devices would have to meet. Stacey Higginbotham shared her take on the IoT bill.
Nike's self-lacing shoes stopped working after an update, even with the manual buttons. This reminds us to be extremely careful when designing products that require an Internet connection to function.
Burkhard Stubert took a small survey of companies running demos of neural networks on microcontrollers.
Neil Tan went further and wrote a guide for running a simple neural network on MCUs. Neil's guide will enable you to train and load models on a microcontroller.
Jacob Beningo published "Minimizing energy consumption in Amazon Free RTOS applications" on Embedded.com.
Piotr Grygorczuk shared his implementation of C++ threading using FreeRTOS (std::thread, std::mutex, std::condition_variable, std::chrono, std::sleep_for, etc.).
Andreas at AndWass C++ recently started his blog. He's published three great embedded-related C++ articles:
ST Micro published a great technical note addressing frequently asked questions related to Reset and Supervisor ICs.
Embedded Job Postings
iRobot is hiring for several embedded software roles in Boston, MA and Pasadena, CA. Please check out all our open jobs here: https://irobot.wd5.myworkdayjobs.com/iRobot and email Chris Svec (csvec at irobot.com) if you'd like to learn more about building robots that help make people's lives easier.
Hiring Embedded Engineers?
Is your company hiring for embedded systems roles? Send us a short (< 100 words) job ad with a link to the description and we will be happy to include it in our newsletter.
We fixed broken links on our Resources for Beginners page.
We updated our Technology Radar with the latest changes in our technology stack.
We updated the following articles with new content:
- Embedded Systems Testing Resources
- Giving Your Firmware Build a Version
- Musings on Supply Chain Vulnerability in Light of The Big Hack
- Certification Requirements for Shipping Lithium Batteries
- IEEE Consulting Agreement Template
- A GitHub Issue Template for Your Projects
- A GitHub Pull Request Template For Your Projects
- A GitHub Pull Request Template for the CCC Process
- An Introduction to std::vector
We published the following article in March:
These were our most popular articles in March:
- Creating a Circular Buffer in C/C++
- C++ Casting, or: "Oh No, They Broke Malloc!"
- Installing LLVM/Clang on OSX
- Jenkins: Configuring a Linux Slave Node
- Jenkins: Running Steps as sudo
- Migrating from C to C++: NULL vs nullptr
- Jenkins: Kick off a CI Build with GitHub Push Notifications
- An Overview of C++ STL Containers
- Demystifying Microcontroller GPIO Settings
Thanks for Reading!
Have any feedback, questions, suggestions, interesting articles, or resources to recommend to other developers? Simply reply to this email!