Saturday, January 23, 2010

Are you stuck using dangerous and outdated tools? Like Internet Explore 6 (IE6).

I spend a lot of time working with an IT department that makes statements like "We are a Microsoft shop here" (I thought we designed Embedded Systems for Fire Fighting and Security?), and "Linux is just a toy". In the name of security Mordoc demands that only Microsoft IE6 and Outlook be used to access Internet. These are the two most attacked programs in the history of Mankind. Resume anyone?

Anyway to the point of my ramble here is that Microsoft has stated that everyone *must* upgrade to IE8, in Microsoft Security Advisory 979352. Does Mordoc care? Apparently not.

What do you do when you are forced by IT and their management to use old dangerous equipment and/or programs?

The SANS Institute newsletter for Jan/22/2010 gets into the IE6 attack code, which is worth a read, Researchers Finds Evidence in Attack Code Used on Google That Points to China. The various SANS newsletters are worth reading each week to keep up on security issues. A safe system can not be safe unless it is also a secure system.

When is it safe to restore to factory defaults? Is the answer Never?

In a EDN, Design Idea (Jan/21/2010) Algorithm keeps data safe by Luis G Uribe C, Caracas, Venezuela; Edited by Martin Rowe and Fran Granville. There is discussion of how to prevent data loss while updating memory, even if a power fail or reset happens, based on a simple Gray Code State Machine.

The article Making Nonvolatile Data Reliable by David Hinerman, covers similar ground.

Also I have previously mentioned here Offsetof, which is very useful to help keep our data safe.

Now maybe you can help me out finding something. I have been trying to find the origin of a story, without success so far for some time, related to restoring default EEPROM settings to "factory" settings. The story goes like this:

A lady took her car back to the dealer, and asked that they disable the front seat passenger Air Bags, as her young son always road in that seat. The dealer did as the lady asked, "the customer is always right". Some time later something happened, possibly a jump start due to dead battery. This event caused the Engine Control Unit (ECU) to restore the EEPROM to the default factory values. The default factory setting re-enabled the passenger side Air Bag. There was then an accident, in which the boy was killed by the Air Bag deployment.

Even if the story is not true, it still illustrates just how hard it is to do a "safe" embedded system.

"Programming is a race between writing a program that any idiot can use, and the Universe building bigger and better idiots. The Universe is winning." -- Unknown

What embedded systems related blogs and other resources do you follow?

I see that our blog here made a list of sites to follow on Stack Overflow. They do list several worth following. Maybe you know of some you would like to add to the list?

I follow Jeff Atwood Coding Horror blog myself. Jeff is the co-creator of Stack Overflow in a joint venture with Joel Spolsky.

Saturday, January 9, 2010

Medical errors caused by confusing Pounds with Kilograms and Slugs vs Newtons

Fred Trotter wrote a blog entry where he is quoting Senator Grassely of Iowa, which you can read for yourself.

The point I want to address is the important of units in Software Safety:

Over the past year, I have received complaints from patients, medical practitioners and technologies engineers regarding difficulties they have encountered with the HIT and CPOE devices in their medical facilities. These complaints include, for example, faulty software that miscalculated intracranial pressures and interchanged kilograms and pounds, resulting in incorrect medication dosages.

When I was in school getting my degree, I had a Physics teacher that gave all of his lectures in the Metric System. The book covered nothing but the Metric System. All of the tests he gave were in the *English* system!

Conversions where never mentioned, *anyplace*, not the book, not the class, not the homework. Everyone failed the first test. This kind of #)$*#$* in schools, is the kind of thing that makes me believe in Home Schooling, and left a bad taste for "higher education" from ivory towers.

The one good thing to come out of that (?), is everyone in class learned to paying attention to the 'Units'.

In the English System the unit of Weight is the Pound. The unit of Mass is the Slug. In the Metric System the unit of Weight is the Newton. The unit of Mass is the (Kilo)Gram.

So why does this box of organic cereal, first thing at hand with label, say "10 Oz (284g)"? All of these dual unit labels are comparing weight vs mass..., is it any wonder people get confused?

Federal Aviation Administration Certification Authorities Software Team (CAST) Position Papers

If you are interested in Software Safety, it is worth your time to check out the Federal Aviation Administration Certification Authorities Software Team (CAST) Position Papers.

The split between industry practice and academic research

Herb Sutter and Bjarne Stroustrup have some interesting comments on What Should We Teach New Software Developers? Why?.

I found this of particular interest:

Another CS professor: "I never code."

Another industrial manager: "We don't hire CS graduates; it's easier to teach a physicist to program than to teach a CS graduate physics."

I have personally had to teach two different freshly minted CS graduates how to code for embedded systems. They could write a compiler but they did not know the meaning of the basic C bit-wise operators, or Boolean Logic. To their personal credit they both picked up the concepts very quickly. To the schools system's credit I can give none. Personally I'd rather hire a Ham Radio operator that has the knack for tinkering and a real desire to learn, than someone that has been molded by the conventional academic system.

In Issue 7, January 2010 of PragPub there is an article Against SEMAT — Is this software development call for action necessary? asking why we need a new organization like Software Engineering Method and Theory (SEMAT), as author Jorge Aranda says "You say you want a revolution? We'd all love to see the plan."

I'd like to see that plan myself. Of particular interest to me is this in the SEMAT mission statement to addresses The split between industry practice and academic research. This being the Software Safety blog I spend a lot of time reading the academic papers, which often talk of great advances in things like object oriented languages to create bug free software.

The problem is coming from the other end of the spectrum, I spend my days designing Embedded Systems, and I can tell you that few to none of those academic papers are written with resource constrained systems in mind. My typical part is an Atmel AVR, that has 8K of Flash and 1K of RAM total.

Academia, with few exceptions, assume that we can just use more powerful parts, while the reality from Management is that we can't. If we can save a penny by using a 8K/1K part instead of 16K/2K part then that is what is going to happen, unless you are make very few units. For example from a past blog entry at my hardware site:

[T]hat takes four resistors per board, on a board that already did not have enough space. Also at 50,000 units per year, with an design lifetime of five years, that is 10,000,000 resistors. After a while these resistors start to add up to real money, for what is a single event at manufacturing time.

The same logic applies to using larger memory or faster parts, they cause costs to rise.

How do we get safe software from Academia that deals with real world economics of real hardware?