July 2019: Security, Security, Security!

Welcome to the July 2019 edition of the Embedded Artistry Newsletter! This is a monthly newsletter of curated and original content to help you build superior embedded systems. This newsletter supplements the website and covers topics not mentioned there.

This month we'll cover:

  • Phillip's interview on Embedded.fm
  • Atomic clocks in space
  • Stuxnet: ten years later
  • Embedded systems security resources
  • Embedded news from around the web
  • Updates to the Embedded Artistry Website

Embedded.fm Interview

Last month, Embedded.fm interviewed Phillip. Elecia, Chris, and Phillip discussed consulting, writing, learning, code reviews, rules of thumb, Boeing 737 MAX, and implementing C++ threading types with an RTOS.

Check out Embedded.fm episode 290!

Atomic Clocks in Space

We love learning about technological developments with space exploration, since they involve wonderful examples of highly reliable embedded systems.

In June, NASA’s Jet Propulsion Laboratory (JPL) announced that they were creating a deep-space atomic clock. This clock is a toaster-sized device that aims to facilitate navigational efforts for future space missions. The first clock was launched into Earth’s orbit at the end of June for a one-year trial.

You can learn more about the Deep Space Atomic Clock with these JPL links:

A Look at Stuxnet, Ten Years Later

June marked the 10th anniversary of the first Stuxnet infection, which targeted Siemens PLCs and was responsible for damaging Iran's nuclear program. Stuxnet caused centrifuges at the nuclear plant to spin out of control while operator screens reported nominal values, leading to systems failures, asset damage, safety concerns, and a national security fiasco.

It's interesting to look back on Stuxnet with the context of today's continual onslaught of security vulnerability announcements and IoT botnet attacks. What have we learned in the ten years since Stuxnet demonstrated the capability of vulnerabilities to wreak havoc on physical systems? The overall state of device security hasn't noticeably improved, and reports of hacked devices reaching into the physical world abound.

Security can no longer be an afterthought. Even if your product isn’t connected to a nuclear reactor, vulnerabilities are exploited with disastrous results. For more on Stuxnet:

For more on Stuxnet:

Embedded Systems Security Resources

A reader reached out to us on LinkedIn and requested recommendations for books and resources discussing embedded systems security. As we just mentioned, security is an area that we all need to focus on when we design and build our embedded systems. If you have recommended books or links that discuss embedded systems security, let us know! We will be collecting recommendations and publishing a post dedicated to security resources. Here’s what we’ve collected thus far.

Phil Koopman has a collection of lectures discussing embedded systems security:

The following books relate to embedded systems security:

Here are articles with general introductions to embedded systems security concepts:

These articles focus on common pitfalls with embedded device security:

Around the Web

We've grouped our July reading recommendations by these categories:

  • General
  • Software
  • Security
  • Hardware

General

Elecia at Embedded.fm wrote a great post about Giving Feedback prompted by our conversation on the podcast.

Bunnie comments on the trade war with China and its potential impact on Open Source Could Be a Casualty of the Trade War.

All About Circuits published a helpful introduction to the Advanced Microcontroller Bus Architecture (AMBA), which is the de facto standard for SoC design.

Software

If you're interested in the intersection of machine learning and embedded systems, a reader on LinkedIn shared this link for running TensorFlow Lite on a microcontroller.

The Memfault team published an excellent article on digging into firmware code size. If you're trying to reduce your binary's size, this article is a must read.

The Memfault team also published an excellent article on writing linker scripts for firmware.

Colin Walls wrote about mixing C and C++ in an embedded application. If you're interested in trying out C++ on an existing embedded product, try one of Colin's two approaches.

Burkhard Stubert added another article to his Speaking CAN series, this time analyzing write buffer overflows.

Watchdog timers are a staple element of embedded systems. Alexandru Lazar shared some Watchdog Timer Anti-patterns that we should keep in mind when building our systems.

Thread Group announced version 1.2 of the Thread wireless protocol. Stacey Higginbotham provided a summary of the changes

For a great example of applying std::variant to create a state machine, check out this C++ article: Space Game: A std::variant-Based State Machine by Example.

Security

Appropriately for the 10-year anniversary of Stuxnet, we saw an inordinate amount of articles related to security.

EE Times highlighted that the IoT security gap is widening: we're adding more devices and sending more data, but IoT devices are still a prime hacking target.

Designing Hardware for Data Privacy highlights the need to develop a thread model for our devices and to implement the appropriate countermeasures.

Enhancing Privacy and Security in the Smart Meter Lifecycle provides a look at a variety of techniques that can be used to improve IoT device security.

How Many Layers of Security Do You Have? argues that designers should consider two guiding principles: defense in depth and principle of least privilege.

Will the Real Root of Trust Stand Up? discusses the concept of a "root of trust".

Hardware

Strange Parts recorded a fantastic factory tour of the PCBWay factory in Shenzen: Inside a PCB Soldering Factory - in China. If you are curious about how circuit boards are manufactured, check out this video.

Dangerous Prototypes shared a helpful app note discussing magnetometer placement in mobile devices.

Dangerous Prototypes also shared a helpful app note discussing a method for using two accelerometers to make rotational measurements, which is useful if you already have two accelerometers and don't want to update your product to add a gyroscope.

Hiring Embedded Engineers?

Is your company hiring embedded systems hardware/software engineers? Send us a short job ad with a link to the full job description. We will be happy to include it in our newsletter.

Website Updates

Stickers are now available in the Embedded Artistry store. You can help support the website by purchasing a sticker.

We've renamed the "Embedded C++" and "Migrating from C to C++" categories to work around a Squarespace link generation issue.

We added additional acronyms to the Glossary.

We added new book recommendations and links to For Beginners, Hardware References and Software References.

We updated the following articles:

New Articles

We published the following articles in June:

These were our most popular articles in June:

  1. Creating a Circular Buffer in C/C++
  2. For Beginners
  3. std::string vs C-strings
  4. Demystifying Microcontroller GPIO Settings
  5. Installing LLVM/Clang on OSX
  6. C++ Casting, or: "Oh No, They Broke Malloc!"
  7. Improving Your Callback Game
  8. Jenkins: Configuring a Linux Slave Node
  9. An Overview of C++ STL Containers
  10. Migrating from C to C++: NULL vs nullptr

Thanks for Reading!

Have any feedback, questions, suggestions, interesting articles, or resources to recommend to other developers? Simply reply to this email!

While you're waiting for our next edition, check out the website or follow us on Twitter.

Happy hacking!

-Phillip & Rozi