Archive for the ‘Uncategorized’ Category

A word about UL and FCC certification

Monday, May 25th, 2015 Mike Ficco

The UL (Underwriters Laboratories) and the FCC (Federal Communications Commission) are two American organizations concerned with the safe and proper operation of electronic equipment and associated power supplies. These organizations, and others like CE, CCC, KCC, etc. do much more than worry about power supplies and electronic equipment but that is my focus today.

I think everyone will agree that we can’t have our electromagnetic spectrum splattered and destroyed by noisy electronics. We can also agree that burning down your house with a poorly made power supply would be really, really bad. The problem is the cost of testing and certification – especially as related to cheap, low volume, products.

The testing itself involves some magic. In one instance, years ago, we took a new product through FCC part 15 certification. The product connected to the PC printer port and transmitted and received digital data. We took a name-brand PC and cables with us for the test. Our device failed and we were very disappointed. The helpful technician running the test looked at our disappointment and asked if he could disconnect our device. He did and observed that the PC itself was splattering the environment with emissions. The very helpful technician removed our name-brand PC and grabbed a well-tested one he had in the lab. We loaded our software on his PC and our device passed. We were awarded the magical FCC certificate. He then shared some inside information with us. “Keep these modules safe”, he said of our devices that had just passed. “Normal production variation means that many, if not all, of your production modules will fail future emission tests.”

I also remember my childhood. My father was involved in ham radio – back in the days where you built your own equipment using ARRL books, Popular Electronics, Radio Electronics, and other references. This equipment was often made from war-surplus equipment and nearly all of it was made by hobbyist, not engineers. My dad had a tower in the back yard and regularly talked to other hams in Europe and South America – and occasionally neighbors when the broadband TV receivers of the day couldn’t reject 500 watts from down the street.

Electronic splatter can be worse than annoying. It can be dangerous if it interferes with equipment operation or critical communications. So the goal is righteous but compliance and certification testing may cost many thousands of dollars – perhaps $10,000 to $15,000 for only FCC part 15. It also requires some very specific technical knowledge. All this can be a huge impediment to the development and sale of cheap, low volume products. If an entrepreneur spent $15,000 on government testing and sold 100 of her product this would add $150 to the cost of each product sold – not very cost effective…

If this imaginary entrepreneur sold 1,000 products, she would be very, very happy but the testing still would add $15 to each and every product.

I have a personal interest in this as I’ve been playing with a small Arduino based product idea and it has reached the point to start worrying about certification prior to sale. I’ve been through FCC certification several times in the past and frankly I’m looking for ways around this expense.

I’m climbing on my soapbox now and calling for a government change. The goals of the testing and certification are righteous and good but the implementation has gone astray. Many of the authorized testing labs make millions of dollars per year and the costs are simply out of reach of most people armed only with a cool idea and ambition. The government agencies, testing organizations, and such need to provide a low cost alternative to this expensive testing.

Cheap low volume products could be assigned to a specific category eligible for free or subsidized testing. Perhaps testing labs could perform some amount of pro bono testing; perhaps the government could encourage this with a tax deduction for this public service. I don’t know the right answer but this is a real problem that must be addressed. The alternative to some sort of free or low cost testing is what we see today – false certification labels applied to some imported products with cavalier disregard for any testing. Worse, we see good ideas withheld from the market due to fear of the government regulations.

Like I said in my book (p. 33), “The most explosive growth of technology occurs in the Wild West mode before the sheriff and laws move in to protect intellectual property and ensure orderly progress.”

Unfortunately, our electromagnetic spectrum is too valuable to allow its corruption and wanton destruction. Simply giving a free pass to low volume products or turning a blind eye to the problem really does risk the sanctity of a finite resource. Somebody, or some foundation, should solve this.

Gun Safety Via Embedded Engineering

Friday, May 17th, 2013 Mike Ficco

This was originally posted a few months ago. Due to a database maintenance error it was inadvertently deleted. Here it is again. There were a few comments, but they have been lost too.

==========

I recently saw a short TV special on electronically keying weapons, especially handguns, so they are useable only by the registered owner.  I first saw this concept in the 1987 movie RoboCop (Peter Weller).  His weapon was designed so that no one else could fire it.  At the time I thought this was a cute movie prop.  Now, fast forward a couple of decades and a bunch of horrific shooting sprees and bingo, real-world technology has surfaced to accomplish this.

This technology has gun control advocates and marketing VPs salivating.  This is exactly the kind of safety technology in which municipalities, congress, and the TSA seem likely to invest billions.  As a compromise, Second Amendment proponents may accept this since who could rationally argue that anyone who happens to find or steal a gun must be allowed to use it.  Just think, after a few billion dollars and some years, every new gun legally sold and every weapon used by a badge carrying policeman would be configured so only the legitimate owner could fire it.  We are safe at last from random gun violence.

Wait, nothing is ever that easy…

All the technology I saw on the TV special was based on Near Field Communication (NFC) – a ring or pocket dongle enabled the weapon.  This is the same general technology used for car entry key dongles on newer cars, RFID readers, and “swipe” security badges where you work.  A few years ago I also heard about fingerprint scanners on the trigger but that seems to have been abandon.

Now if you look over to the side, in the dark shadows, the bad guys are also salivating.  Here’s why…

>>> Begin Imaginary Story <<<

To much fanfare Metropolis announces they are the first city in the country to have 100% tagged weapons useable only by the designated officer.  They proudly point out Gotham City is lagging and has only recently awarded a $50,000,000 contract to re-arm their officers with this new technology.

Breaking news – a bank robbery went bad and three responding officers were killed.  The thieves got away uninjured.  Investigators are amazed that the officers drew their weapons but for some reason did not fire.  Several more incidents in the coming weeks result in more than thirty policemen injured or killed, but the injuries are fortuitous.  The survivors explain they tried to fire their weapons but they would not.  It turns out the bad guys had acquired jamming technology that prevented the security technology from working.

Fortunately, the provider of the secure weapons volunteered to provide an anti-jamming fix for only $8,000,000.  Note that about one year later the bad guys had upped the game and were able to jam the jam-free technology guns.

>>> End Imaginary Story <<<

Of course the bad guys could always jam plain old mechanical guns, right?  Well – they would have to be smarter than me.  After thinking about this quite a while (maybe 30 seconds) I decided I could jam a steel handgun with a big honkin magnet (with a small nuclear power supply attached) and I could jam a composite handgun by…  Well, I couldn’t think of a way.

So, gun safety via embedded engineering?  Get ready boys and girls.  There’s gonna be $ billions $ spent on this.

 

Sacred Tenets of Employment

Thursday, October 4th, 2012 Mike Ficco

There are a few sacred tenets of employment.  One that has been emphasized to some extent at every one of my many jobs has been that your salary is a private matter.   Most companies don’t bother to explain why – it’s just taken as common sense.  Well, something I learned many years ago is there’s nothing so uncommon as common sense.

Consider what may happen if every engineer knew the salary of their coworkers.  You may feel disenfranchised to find your boss makes three times as much as you.  You may feel betrayed if the new hire doing the same job as you makes 7% more.  You may exalt in the glory of making $10K per year more than that idiot in the other group.  The worst case scenario for the company is that you ask for a raise to get what you think is fair and quit if you don’t get it.  There may be some justification for this concern.  CEO salaries of publicly traded companies are posted in annual reports and these salaries have risen exponentially.  Clearly no company could afford engineers if the same thing happened to engineering salaries.  No corporate executive would want egocentric engineers comparing their salaries the same way CEOs do.

At many companies there is a concern, not only that dissatisfied employees will cause trouble by asking for more money, but also that the camaraderie, teamwork, and delicate chemistry of the staff will be disrupted by greed or perhaps a desire to make things right.  In short there are an infinite number of reasons why engineers, why employees in general, should not share their salary information.  It’s just common sense.

But wait…

Government employees have not gotten a raise in three years and, while exact salaries are not known, their service levels usually are.  To my knowledge there has been no mass exodus of government employees because of this and the teamwork is certainly no worse than that of private companies.

But wait again…

The Washington Nationals baseball team just finished the season with the best record in the major leagues.  Not only that, to a man they say the team has great chemistry and they all seem to love their manager and the organization.  By observation, they seem happy, showering each other with beer, champagne, and an occasional shaving cream pie.  Truth be told, I really can do without a shaving cream pie at work…

All this despite the fact that their salaries are public, published this week in the Washington Post, and they all know how much their teammates make.  A relative new hire (24 year old 2012 all star Stephen Strasburg) makes $3,000,000 while a journeyman that spent most of the season in the minors gets $5,000,000.  A 2012 all star (Ian Desmond) gets $512,500 while a 33 year old non-all star gets $13,000,000.

In my mind this calls into question a fundamental tenet of the engineering workplace, no, of all workplaces.  It seems that good management and clear goals are far more important than keeping your neighbor’s salary a secret.

Thoughts?

 

Job Interviewing Circa 2012

Thursday, September 20th, 2012 Mike Ficco

I recently had lunch with a friend I hadn’t seen for a while.  He was still at the company where we’d worked together some years ago but had started looking for a new job.  After ten years at the same company he was no longer excited by the projects.  He wanted something new and more exciting.

I was entertained for the first half hour by his stories about the craziness of job interviewing.  One company told him he didn’t have enough management experience (he has 20 years) and another told him he was too management oriented and they wanted somebody more hands-on.  A third told him he didn’t have enough background in Java (he has over 10 years) while another was disappointed to learn he had never designed a low noise 10 GHz receiver front end.  This disappointment, in a face-to-face interview, was despite the fact that his background is computer science and his resume makes no mention of any RF work.

Together we laughed at the silliness of the interview process.  We were able to laugh because, right now, we both have jobs.

He then mentioned an interview he’d been to only the day before.  It seemed like a good company and the interview process was very thorough.  He was interviewed by human resources, three staff members, and an executive.  He was concerned, however, that three of the interviewers (HR, one staff member, and the executive) focused heavily on his skills at keeping projects on schedule.  He thought such focus on one issue might indicate a widespread problem in the company.

Not necessarily, I said, but it might be good to know why there was an opening.  Was it from growth or had they let someone go because of their scheduling problems, or did they WANT to let someone go?  As we discussed this, an excellent question came up.  Did they want to keep projects on arbitrary and perhaps artificially accelerated schedules or did they want a skilled and experienced manager to create a realistic schedule to efficiently guide the work?  He decided to call back the executive and find out.

The executive took his call and immediately explained they were very impressed and were putting an offer together.  My friend thanked him, then asked the question.  The executive explained they wanted aggressive schedules to keep the staff highly focused.  My friend asked if it might be possible that shortcuts taken to meet an aggressive schedule were responsible for causing downstream delays.  The executive explained that it was the manager’s job to keep the project on schedule.

So far my friend has not received the promised offer.  Even if he does, his answer will be “no”, because he can’t fix the executive’s broken thinking process.  This was clearly a corporate culture that had, and would continue, making the same mistake.  He’ll let some other person try to keep projects on aggressive and arbitrary schedules.

Password Protocol

Thursday, July 12th, 2012 Mike Ficco

It seems there was recently a security breach at Yahoo that exposed more than 400,000 login credentials.  When this is reported, it seems to always be accompanied by advice on making high quality passwords.

Well, I have a password question that challenges conventional password wisdom.   I know some of the readers of this site are experts in this sort of thing, so hopefully someone will answer my question.

 

OK…

Not using passwords that contain your dog’s name or the names of your kids or wife I understand.

Not using the word “password” or “pa$$word” in the password I understand.

I even understand not using ncc1701, klaatu, or clownq.

Yep, I get all that… but what I don’t get is the recommendation to change the password regularly.  Here is the way I see this.  You have a really good password that nobody has been able to hack and then you change it and change it again.  Effectively, you are saying, “OK you failed to hack that one, now try this one”.  Eventually you will produce a password that somebody will hack.  Indeed, by using multiple passwords you are saying – here, guess ANY of these.

One argument is that if you change your password regularly, say every 30 days, that limits the amount of damage that can be done.  Ummm, bull****.  A bad guy having a password can do all the damage that needs to be done in less than an hour.

So, experts, why are we supposed to regularly change our passwords?