Posts Tagged ‘security’

Newer Entries »

Coding Standard Rule #1: Always Use Braces

Thursday, March 19th, 2009 Michael Barr


This is the first in a planned series of blog posts suggesting how to reduce firmware bugs by following a set of simple C programming rules.

Rule: Braces ({ }) shall always surround the blocks of code (a.k.a., compound statements) following if, else, switch, while, do, and for keywords. Single statements and empty statements following these keywords shall also always be surrounded by braces.

Example (don’t):
if (timer.done)
// A single statement needs braces!
timer.control = TIMER_RESTART;

Example (do):
while (!timer.done)
{
// Even an empty statement should be surrounded by braces.
}

Reasoning: There is considerable risk associated with the presence of empty statements and single statements that are not surrounded by braces. Code constructs of this type are often associated with bugs when nearby code is changed or commented out. This type of bug is entirely eliminated by the consistent use of braces.

Coding Standard #2

These rules are excerpts from the Embedded C Coding Standard book.

Tags: , , , ,
Posted in Coding Standards | 1 Comment »

SecureRF == SnakeOil?

Monday, October 16th, 2006 Michael Barr

I’m pleased to report that after years of reading Bruce Schneier, I am finally catching on. A few weeks back at the Embedded Systems Conference I attended a lunch for startup companies and venture capitalists. One of the presenting companies, SecureRF, claimed to have invented a security protocol for resource-constrained systems (such as RFID devices) that was (a) cheap mathematically and (b) even more secure than existing security techniques.

I was skeptical. I even thought of blogging here or e-mailing Bruce, but just never found the time. Encryption is mathematically hard for reasons I had learned in grad school. The company’s hand-waving about a new faster way of doing it was either bullsh*t or a major cryptology breakthrough we should all be reading about elsewhere.

It seems that Schneier has now caught wind of SecureRF. Here’s his blog post about the company, which labels the “breakthrough” nothing more than snake oil.

Tags: ,
Posted in Uncategorized | No Comments »

Newer Entries »