Thursday, December 29, 2016

Power Management Problems on Certain Smartphones

Extremetech reports here on power management problems on certain Google smartphones.  The phones are reported to shut down even though the battery reports substantial remaining charge.

Wednesday, December 14, 2016

NHTSA Proposed Rule on Vehicle-to-Vehicle Communication

The NHTSA announces here a proposed rule that would mandate vehicle-to-vehicle communication
 devices on all light vehicles.

Tuesday, December 13, 2016

Android Things

Google talks here about Android Things for the development of Android-based IoT devices.  Security is one of several goals of this project.

European Union Report on Security reports here on a new European Union report assessing security.  The report argues against backdoors.

Thursday, December 1, 2016

iOS 10.1.1 Charging Problems

Extremetech reports here on user reports of problems charging iPhone batteries using iOS 10.1.1.  Not clear yet where the problem lies but symptoms include low battery life and high temperatures.  These episodes are reminders of the complexity of modern battery charging: battery chemistry, charging circuits and logic, charging control software.

Wednesday, November 30, 2016

Ransomware Attack on SF Muni

Extremetech reports here on a ransomware attack on the San Francisco Muni transit system.  These sorts of attack remind us of the gray line between information systems and cyber-physical systems: safety and security can be imperiled by flaws in traditional IT systems.

Tuesday, November 29, 2016

App Performance Class SD Standard

The SD Association reports here on a new App Performance class of SD cards.  This new class of cards is designed to support execution of applications stored on the cards.

Friday, November 25, 2016

Why Not XPoint for IoT?

Tom's Hardware posted here an excellent survey on the 3D XPoint memory being introduced by Intel and Micron. XPoint is a non-volatile memory that can be written on a bit-by-bit basis, unlike flash. So far, I've seen extensive discussions of how XPoint will be used in servers and desktop/laptop systems but nothing for IoT systems.  Perhaps I'm missing something, but XPoint seems like a good match to IoT. Being able to write one bit at a time allows for very efficient use of the memory and low power overheads for writes. The endurance improvements don't seem to be as high as originally hoped for, but that may not be a big problem for IoT devices that are active only once every few seconds.  XPoint needs a volume driver to reduce costs; why not IoT?

Thursday, November 24, 2016

News on Schiaparelli Mars lander failure

Aviation Week reports here on news regarding the failure of the ESA Schiaparelli Mars lander.  They believe that the Inertial Measurement Unit saturated, leading to a bad altitude estimate and premature initiation of the landing sequence.

Tuesday, November 22, 2016

Paths to Better IoT Security

So far, the free market hasn't chosen to supply consumers with a rich variety of secure, safe IoT devices.  I can think of at least two interventions to help move things along: regulation and certification.  These two approaches are complementary.
Regulations could be established by various countries to require devices sold in that country to meet certain security requirements.  Given the low level of security provided by today's devices, that standard would not have to be particularly high to improve the overall security of the IoT installed base.  Importation helps simplify at least one aspect of enforcement.  The U. S. Customs Service, for example, already checks each shipment into the U. S. for banned items---this mechanism is widely used to enforce patents.  And the economics of semiconductors mean that standards adopted by one large market could raise the level of IoT security worldwide.  Chips need to be manufactured in huge volumes to pay off their high design and manufacturing investment.  While some manufacturers may choose to build less-secure variants,  the more secure chips would become default choices for a wider range of IoT systems.
Certification can also help to raise consumer awareness of security issues.  The EnergyStar program is a good example of a voluntary certification program that has benefited energy-efficient products.  EnergyStar works because energy efficiency has emerged as a consumer desire that can be represented by the EnergyStar badge.  In the case of IoT security, personal privacy may be the best selling point for a certification program.  Privacy is something that consumers directly relate to and already care about.  The security required for improved privacy would benefit safety and a number of other imporant goals as well.

Friday, November 18, 2016

Do Export Controls on Computer Security Make Us Less Secure?

This post's title is posed as a question, not as a declaration, as is the post itself.  But I think that recent events highlight a conundrum in embedded system security that has been brewing for quite some time: our embedded devices can be used to attack our own computer systems.
The recent DDOS attacks against DNS provider Dyn were conducted by an army of zombie IoT devices.  IoT devices, simple as they are, have enough capability to play roles in these sorts of attacks. And given that we have many more IoT devices than desktop or laptop computers, they are obvious fodder for attackers.
It is certainly true that many IoT devices are shoddily designed and constructed, making it easy for attackers to commandeer them. Some simple steps on the part of manufacturers could make these devices more secure. But it is also true that U. S. export control laws make it difficult to export security-related hardware and software that would allow an extra level of protection for these devices. And the vast majority of these inexpensive IoT devices are manufactured overseas.
If we allowed more computer security equipment to be exported, would it be used against us? Probably. Would the net threat be larger than the one we now face?  I really don't know but I think we should have this discussion.  I think that Congress and technical experts should work together to identify ways to make the United States and the world safer and more secure from IoT-based threats. Everyone should consider guidelines or regulations on how devices are certified at a given level of safety. As part of that process, we will probably end up considering what types of security devices, both hardware and software, we want to see more broadly used and what techniques we want to keep in reserve.  An ounce of prevention is worth a pound of cure.

Thursday, November 17, 2016

New Book: The Physics of Computing

My new book, The Physics of Computing, has been released. This book relates computer architectural concepts such as the memory wall and the power wall to basic physical effects.

Thursday, November 10, 2016

USB cables

Extremetech reports here on compatibility problems between USB-C cables and ports. Given that one of the uses of these cables is power delivery---USB-C has specifically been promoted as the new universal power distribution system---these compatibility problems may present some safety problems.

Wednesday, November 9, 2016

Linux Dirty COW vulnerability

Toms Hardware reports here on the Linux Dirty COW vulnerability. COW stands for copy-on-write.

Sunday, November 6, 2016

Video on Computer Battery Fires

I just added to my Embedded Systems Channel on YouTube a short video on computer battery fires. The link is here.

Tuesday, November 1, 2016

GPU Overheating Reports

Extremetech reports here on reports of overheating by particular models of GPU cards.  The problem has not been fully diagnosed but may be related to voltage regulator modules.  While not strictly embedded, these reports are another indication of the importance of thermal behavior in modern computer systems.

Thursday, October 27, 2016

NHTSA Guidelines on Automotive Cybersecurity

The National Highway Traffic Safety Administration announces here a set of guidelines on best practices for cybersecurity of motor vehicles.

Tuesday, October 25, 2016

More on IoT-Driven DDOS Attacks

Extremetech writes here on the recent DDOS attacks on the Internet and possible long-term effects.

Saturday, October 22, 2016

DDoS Attacks Against Dyn, IoT Implicated

Bruce Schneier reports here on current attacks against the DNS service provider Dyn.  These attacks have in turn slowed down a number of Internet sites.  IoT bots have been implicated as the avenue of attack.

Tuesday, October 18, 2016

Return-Oriented Programming Attacks

I just learned about return-oriented programming attacks.  Wikipedia's discussion of the topic is here. These attacks are advanced forms of stack smashing attacks, but they rely on existing code rather than inserting entirely new code.

Friday, October 14, 2016

The Fuzzy Line Between Information Technology and Cyber-Physical Systems

NBC News reports here on a pair of computer problems that have caused flight delays.  In the past few months, both Delta and Southwest suffered computer problems that severely disrupted their flight operations.<p>
These problems were all related to information technology (IT)---traditional issues related to databases, networks, etc.  Nonetheless, they disrupted the physical plants of the airlines in the form of flight delays.  We often treat CPS and IT as separate domains but in the real world they blend together.<p>
Many utilities separate their billing and management IT systems from their computer systems that operate equipment.  Nonetheless, these systems must talk---you can't bill unless you know something about the equipment's operation.  And the operational computer systems that perform cyber-physical operations such as control make extensive use of hardware and software originally designed for IT.
A chain is only as strong as its weakest link.  If we want to build safe and secure cyber-physical systems, we need to be sure that IT and CPS work together.

Thursday, October 6, 2016

More Battery Problems For Galaxy Note 7

Extremetech reports here that a replacement Galaxy Note 7---one that had been provided by Samsung to avoid battery overheating---overheated and caught fire while on board an airplane.  Luckily, the airplane was still at the gate when this happened and the airplane was safely evacuated.  However, the airplane itself was damaged by the burning phone.

Sunday, October 2, 2016

Lessons from History on Autonomous Vehicles and ADAS

Many commentators refer to the surge commercial interest in automated driver assistance systems (ADAS) and autonomous vehicles as amazing, which is entirely true.  But many also refer to ADAS and autonomous vehicles as unprecedented, which is not so true.
One key concern for completely autonomous vehicles---those for which the passengers have no vehicle controls whatsoever---is how to mix them with driven vehicles and pedestrians.  We have seen before a mixture of vastly different vehicles, namely at the dawn of the automotive age.  Cars and trucks co-existed with horses and horse-drawn vehicles for several decades.  This was a difficult combination and one that bears a surprising resemblance to the mixture of autonomous and driven vehicles.  Horses are, after all, ultimately autonomous, something that becomes clear once you mount a horse and start to ride.  Silent motion pictures give us glimpses into this world.  Many silent pictures were filmed on the streets without benefit of modern film permits.  As a result, they captured typical interactions between motorized and horse-drawn vehicles.
ADAS has clear precedent in aviation.  Airbus airliners have for several decades been full-authority control systems---the controls do not always respond to the pilot's command if the control system believes that those commands are dangerous.   The Boeing 787 is also a full-authority control system. These planes have been involved in accidents that can be attributed, at least in part, on their control systems.  Even in the absence of accidents, a long-standing concern about these control systems is that they allow the pilot's attention to lapse, resulting in longer response times by the pilot in the case of something happening.
Perhaps the car companies are studying these historical precedents internally.  I certainly hope so.  We need to learn as much from history as we can in order to make the new generation of vehicles as safe as they can be.

Wednesday, September 28, 2016

Exploding Washing Machines

ABC News reports here on a U. S. Consumer Products Safety Commission (CPSC) warning about some Samsung washing machines that exhibit extreme vibrations that witnesses describe as explosions.  The cause of the vibrations appears to be a part that can come loose, allowing the spinning tub to move.  This problem does not appear to have any computer-related cause. It is, however, an interesting example of the large amounts of energy that is harnessed by everyday objects.

Saturday, September 24, 2016

Computers as Components 4th edition

The fourth edition of Computers as Components is now available.  A highlight of this latest edition is coverage of the Internet of Things: IoT devices, protocols, systems, and applications. You can find out more about the book here.

Thursday, September 22, 2016

Internet Security Probes

Respected computer security expert Bruce Schneier reports here that many components of the core Internet infrastructure have been probed in a manner that suggests that some entity is trying to figure out how to take down the entire Internet. A complete Internet failure---even failure of a significant piece of the Internet---would pose many concerns. One of those concerns is the operation of critical infrastructure that relies on the Internet. Many agencies and companies are working to address critical infrastructure vulnerabilities; this latest report gives those efforts added impetus.

Puerto Rico blackout

7 News Miami reports here on a power blackout, apparently of the entire island of Puerto Rico. This blackout was due to a fire, not computer problems. But it does illustrate the challenges we face in providing reliable critical infrastructure.

Wednesday, September 21, 2016

U.S. DoT Policy on Automated Vehicle Development

The U. S. Department of Transportation releases here a statement on its policy on automated vehicle development.

Remote Hack of Tesla

Reuters reports here on a remote hack of a Tesla automobile.

Thursday, September 15, 2016

Uber Driverless Vehicle Experiment

This article from the Associated Press, printed in the Houston Chronicle, reports on Uber's driverless car experiments in Pittsburgh.

Tuesday, September 13, 2016

Monday, September 12, 2016

Hello, Mechanical Sewing Machine

 I have written several posts about the trials of finding a good sewing machine.  I finally decided to buy an industrial model.  The store owner told me that it would last 20 years.  I think that he underestimates.  The way this machine is built, I plan to leave it in my will.  I mention it here as an example of heavy-duty design.  So much modern software and electronics are designed to be throw-away; the modern smartphone is designed to last for 2-3 years.  While disposable devices certainly have their place, I hope that we don't lose the ability to design solid, long-lasting devices.

English is not the first language of the manual.

This machine has an oil pan.  It uses splash lubrication just like a car engine. The lubricant is mineral oil.  It has a sweet smell and should stain less in the unlikely case that it spills.  I have read quite a few complaints on the Web about the plastic gears used in portable sewing machines and other home appliances.  As I understand it, plastic gears perform better in lubrication-free environments; I don't think the average homeowner wants to oil all their appliances.  I'd rather have good plastic gears than cheap metal gears.  But the drivetrain of this machine is impressively solid.

The speed control connection to the motor is a steel rod. The pedal on my portable machine proudly proclaims "Electronic."  No wimpy electronic control here.

This machine came with a servo motor. Older machines use clutch motors, which must have been both loud and a little smelly. This machine runs at 5000 stitches per minute---that's 25 meters per minute.  The knob on the motor allows you to set the maximum speed to a lower value.  I was a little worried about the sensitivity of the speed control, but it has proven to be easy to control.

You say you want vibration control? Just the head of this machine weighs 75 pounds.  Add in the motor and table and it tips in at over 100 pounds. That's vibration control technology straight from Sir Isaac Newton---a 100 pound body at rest tends to stay at rest.

This machine only makes one stitch, a straight stitch. It is also mechanically set for medium-weight fabric. To adjust it for either very light or very heavy fabrics, I have to use a screwdriver to adjust the feed dogs that feed the fabric. I also have to adjust the thread tension by hand.  Home portable machines have sensors and controllers that automatically adjust all aspects of the machine to adapt to the fabric conditions.  They also perform a lot of different stitches; high-end machines may perform hundreds of decorative stitches.  But their stitches aren't as uniform as the ones produced by industrial machines.  Building a machine to do one thing well has advantages.

Saturday, September 10, 2016

NASA Github site

Dimitrios Serpanos pointed me to the NASA github site.  It contains a wealth of NASA code ranging from the 1970s to recent developments.

Near-Field Audio

EE Times reports here on the NXP chip used for near-field audio on the iPhone 7.

Killer USB Drives

Extremetech reports here on a USB device that will destroy a computer when the drive is plugged into the USB port.  This device works by applying a large negative voltage.  As a result, it needs no knowledge of software and can work on any type of device or operating system---it simply fries the electronics.

Friday, September 2, 2016

Galaxy Note 7 Battery Fires

In case you were wondering why batteries are important, see this Anandtech article on reported battery fires in the Galaxy Note 7.

Battery Technology

Extremetech posted an interesting article here on the non-technical challenges we face to improve battery capacity and lifetime.

Tuesday, August 23, 2016

Automotive Systems

Here is an interesting brochure from Infineon that gives block diagrams for a number of automotive electrical/electronic (E/E) systems, ranging from brakes through radar.

The Right to Tinker

Here is an interesting New York Times article on the right to tinker with automotive software.<p>
And here is the Web site of the Center for Information Technology Policy at Princeton University, with provides a link to Andrew Appel's Freedom to Tinker blog.

Friday, August 12, 2016

More Vehicle Hacks

Wired reports here on two new vehicle hacks, one affecting VW group keys and another affecting other car makes.

Monday, August 8, 2016

Monitor Hacking

Extremetech reports here on a presentation at DEFCON demonstrating how monitors can be hacked to, for example, change the pixels on the display.

Basis Peak Recall

Intel reports here that they are recalling all Basis Peak recall due to overheating of a small number of watches.  A few users reported burns due to watch overheating.

Friday, July 1, 2016

Tesla Autopilot Update

The Guardian reports here on the Tesla Autopilot, which was just involved in its first fatal crash.

Thursday, May 26, 2016

More on legacy systems

This article from CNN describes the 8" floppy disks (note even 5.25" !!!) used in the control of U. S. nuclear missiles.

Thursday, May 5, 2016

Legacy Systems

Extremetech reports here on the Compaq laptop required to service one of the early McLaren supercars.  It seems they relied on a proprietary hardware interfce.

Tuesday, April 26, 2016

Offensive Cyber Warfare

Extremetech posts here on US remarks on offensive cyber warfare. This article also quotes BYU law professor Eric Jensen's opinion that three recent cyber attacks probably constitute offensive acts under international law: Stuxnet, an attack on Saudi Aramco, and an attack on Swedish air traffic control.

Monday, April 18, 2016

Cisco on IoT protocols

Here is an interesting blog post from Paul Duffy of Cisco on IoT protocols.

Friday, March 18, 2016

IoT Device Protocol

Kurzweil reports here on an open source protocol for IoT devices, Message Querying Telemetry Transport (MQTT), developed by IBM.

Wednesday, February 24, 2016

Nissan Leaf Exploit

This article from tomshardware describes an exploit for the Nissan Leaf that allows the attacker to remotely take over the car's air conditioning and heating systems.

Sunday, February 21, 2016

War Games and Cyber Warfare

Here is an interesting article from the New York Times on the role that the Matthew Broderick movie "War Games" played in highlighting cyberwarfare threats.

Thursday, February 4, 2016

F-35 software

Two reports on the status of F-35 software development:
* one from Aviation Week;
* one from ExtremeTech.

Tuesday, January 12, 2016

Wednesday, January 6, 2016