The last two weeks have been among the busiest weeks I’ve had in years. Most of the security work I’ve done in the last eight years or so has been largely confined to the realm of embedded systems, IoT, SCADA & friends, but these trying times have brought enough trouble that there’s something to be done for everyone.
This has given me renewed insight into the social dimension of security. It’s something that everyone talks about in the background but it’s never quite as vivid as in these days, when the entire social landscape is shifting.
Continue reading Quarantine and The Social Aspect of Security
During the last few months, I’ve been working on something entirely unlike anything I’ve done before: a game for the Nintendo Entertainment System, a console that’s about as old as I am. And I love it!
Continue reading The Uncanny Elegance of the NES
There’s an old saying that I mistrust deeply: users don’t know what they want. I think they do, and I think that products that are designed based on the unshakeable conviction that users don’t know what they want routinely turn out to be terrible.
You don’t see it because sometimes this frame of mind produces good results: specifically, it produces good results when the team that builds it wants the same things that users want. The bad results that it produces — which far outnumber the good ones — don’t live long enough to be reviewed and discussed over and over and over again on Hacker News.
In my experience, users do know what they want. It’s just that they can’t always state it in a useful form — which is completely understandable, given that it’s really not their job to do that. They’re a bit like an ancient oracle.
Continue reading Users: The Most Unhelpful Oracle
I’m getting old, and there are things that I don’t notice too well anymore. But I’m pretty sure UI elements have been getting bigger. Everywhere.
That makes a lot of sense on touch devices. Fingers are big and bulky, and the widgets that press them need to be big and bulky. But why are UI elements getting bigger everywhere, even on devices that aren’t touch-enabled, or for applications that are nowhere near being productively used on touch-enabled devices, like IDEs?
There is a reason that everyone is citing ad nauseam these days: Fitts’ law. It’s “popular” formulation states that bigger widgets are easier to hit, and the obvious interpretation is that we need to make them bigger. The reason why you can fit about as much code on your 24″ Full HD monitor as you could fit on the old Trinitron you had back you saw The Matrix at the cinema is SCIENCE!
I want to argue that:
- This is an incomplete and narrow interpretation of Fitts’ law, and
- That this is an unproductive use of Fitts’ law, because
2a) It is routinely applied without any numerical analysis, and
2b) It fails to account for other metrics, and consequently it rarely results in good design trade-offs
Continue reading The Limits and Interpretation Pitfalls of Fitts’ Law
It’s very hard to write an introduction to an article about BLE without sounding a little ridiculous. What are you going to say, that it’s all around us today? It’s been all around us for five years. It’s the #1 choice for IoT applications today, owing in no small part to the fact that you can connect to any IoT device with a phone.
Today, I’m going to “talk” you through one of the most common, but also one of the most illustrative tasks that BLE development involves: writing a custom service (or a “vendor-specific service”, in BLE jargon). We’re going to do it from scratch, and we’ll discuss all the background on why we do things as we do — a lengthy discussion but, I hope, a useful one.
Continue reading Custom BLE Services with the nRF SDK
systemd, the (init?) system that everyone loves to hate, needs no introduction. It’s pretty ubiquitous today — to the point where you can find it, for example, in Yocto.
When it comes to its use in embedded systems, the (vocal) community response is either that it’s too bloated, or that it’s probably a fringe case where systemd is actually useful because it can speed up booting. Since the notorious optimum-in-the-middle — rule 8 in my favourite set of rules ever — is pretty hard to figure out in the climate of systemd-related online discussions, I figured I’d offer my non-flamebait take on the topic.
Fresh out of the oven, from someone who really does work on embedded systems — some of them systemd-
Continue reading Systemd in Embedded Systems: Don’t Listen to the Hatemob
Modbus is a quaint protocol. It’s one of my favourite protocols — it’s not very convenient to use, but it’s pretty convenient to implement and remarkably flexible for an otherwise pretty opinionated protocol. Its specs are very self-contained and easy to follow.
That being said, like all protocols that are a) from an entirely different era of computing and b) royalty-free, there are a lot of non-conforming devices out there. When you run into one, you quickly start to doubt the specs, your documentation, your code and eventually your sanity. My favourite stumbling block? The endianness of the CRC value.
It’s not so much that nobody gets it right — in fact, it’s the one thing that even non-conforming devices get right, because their developers end up swapping the bytes until they get the order right, otherwise the device can’t talk to anything. It’s just that a lot of people don’t understand why they got it right.
Continue reading The Modbus CRC Endianness Kerfuffle
A few days ago I got a Perf-V board. In case you’re wondering what that is, the Perf-V is an FPGA development board, supposedly “designed for [the] RISC-V opensource community” by PerfXLab, a Beijing-based company that does some pretty interesting things in addition to this particular board.
PerfXLab does (rightfully) claim that you can use the board and the enclosed JTAG adapter with Vivado, but they aren’t very forthcoming on the details. Since a lot of RISC-V enthusiasts are software developers who have never touched Vivado, I figured I’d fill you in about the missing piece of the puzzle.
Continue reading Perf-V, Vivado and Linux
It’s been nearly 20 years since Rob Pike’s infamously won the “Best at saying what we’re all thinking” prize with his talk about how systems software research is irrelevant. And, while systems software research is doing slightly (though not glamorously) better than in 2000, it’s still mostly circling the drain.
That being said, it’s not a field that’s devoid of challenges. But I think the main challenge of the next 10-15 years is going to be even less glamorous than we like to think.
I think the main challenge of the next 15 years will be to keep existing software and, more importantly, existing programming models, up and running.
Continue reading The Compatibility Struggle Looming Over the Horizon
Twenty years later, I’m loving Gopher, again.
Continue reading Rediscovering Gopher