A summary of three online articles that I have found interesting in the past week.
Jack Ganssle recalls the story of an off-site consultant who died unexpectedly, taking crucial business knowledge in the form of source code to the grave with him.
The article goes on to offer several pearls of wisdom that could, if taken on board, help to prevent a similar mistake being made in the future; the summary of which would be “trust but verify”.
My own experience indicates that this problem is not strictly limited to external consultants. The advice given applies equally well to individuals within an organisation who are solely responsible for certain aspects of a project assigned to them.
“Patch and pray” warning for embedded systems developers
In this article, Dr Mike Bartley discusses one of the key challenges to be overcome by pioneering developers of the Internet of Things (IoT): security, and the need to update compromised devices in the field.
With the limited bandwidth available to devices connected to the IoT, an argument is made that the “patch and pray” approach adopted by desktop software developers will simply be inadequate.
A new British Standard – PAS 754:2014 – is then introduced, which offers guidance on how to develop IoT devices, and other embedded systems, that are “trustworthy”. That is: less likely to fail, and more resilient to attacks.
Requirements are required
This conference presentation given by Chris Hills at Phaedrus Systems earlier this year offers a robust demonstration of why requirements are critical to the success of a project.
Amongst the wealth of interesting and highly relevant information contained is the discussion of an airport lighting system (page 5), which resonates nicely with the concerns regarding in-the-field updates voiced by Dr Bartley in the article above.
The lights were installed either encased in concrete or buried in the grass around the runway, which will make updating their firmware extremely difficult as it can only be carried out at night, when the runway is not in use.
The lack of an “ease of update” requirement will now incur a cost running into hundreds of thousands of pounds.