Cryptography free book
Here is a link to a very complete and easy to follow course on Applied
Cryptography delivered as a free-to-download book, keep it also as a
For those of us curios about how a startup should be started for
success (and what a "startup" is from the ground) here is a training
from one of the most successful and yet low-hyped investors, Sam Altman:
The venerable IETF documentation scheme.
IETF stands for:
The Internet Engineering Task Force (IETF) is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet.
Sounds great! The main outcome of the discussions inside IETF working
groups is a huge number of documents called "RFC" or Request for
Comment. Each RFC is actually a description of a protocol, best
practice, technical model, algorithm or whatever may be interesting in
order to effectively communicate over Internet. The name is misleading,
as very often an RFC is adopted as a "de-facto standard".
Famously, everything about TCP/IP is contained in a set of RFCs. Several
other protocols and crypto algorithms are described in RFCs as well.
Recently an interesting draft emerged with a description of how to
organize a secure firmware upgrade for connected devices:
(this is an Internet-Draft and not yet a RFC) and the interesting part
of this is the structure of the document, the details contained, and the
very simple and effective typographical format.
An essay by Sam Altman (you already know
him as one of the most successful investors of our times).
Citing from his words:
...By the way, it's useful to get good at differentiating between real trends and fake trends. A key differentiator is if the new platform is used a lot by a small number of people, or used a little by a lot of people..."
Time management, effectiveness, good ideas and working on the right features (1/3)
Enjoy reading an interview to one of the pillars of The Internet and Silicon Valley as it is today:
Time management, effectiveness, good ideas and working on the right features (2/3)
This is an interesting list of anti-patterns that we often observe in the behaviour of companies, and perhaps of ourselves sometimes:
Time management, effectiveness, good ideas and working on the right features (3/3)
The Hardware Business Review is rarely un-relevant in its offerings, and short stories like this one are very easy to read:
Automotive news (German)
This is an online magazine where you can find plenty of interesting news
on the world of Automotive and related. It's German only but using
Google Translator leads to an English or Italian version. By the way,
the correctness of Translator is astonishing these days!
Quantum Computing news
Scott Aaronson: he's Professor of Computer Science at The University of
Texas at Austin, and director of its Quantum Information Center. He
maintains very interesting blog pages on Quantum Computing and other
Computing topics. Why should we be interested at this, being "embedded
systems developers"? Because going a bit beyond our current capabilities
and knowledge is exactly our key to success and resilience. Quantum
Computing is not "a bit" beyond, is years ahead for embedded but we
need to feed our brain with interesting stuff and be prepared for
discussions on any innovation.
The car, reinvented
Personal views, hazardous forecasting and business interests are
poisoning the discussion about autonomous navigation, alternatives to
internal combustion engines and "what's next" in transportation. it's
useful to have a view on what's possible today and how companies try (or
tried) to think out of the box. So enjoy reading the description of an
experiment that explains what's the basis of autonomous drive, and how
AppleCar was trying to reinvent the Car.
And here for the coffee addicted!
Attacks to Autosar (automotive)
Security for embedded systems is based on both Software and Hardware
hardening of a product. Autosar is a very complex software architecture,
and hardware needed for Autosar to run tend to be rather powerful. This
is why assuring security on Autosar based sub-components is far from
being solved, and here a number of attacks is listed.
This Nordicsemi blog entry is an interesting example of a
technical+marketing write. It envisions a bright future for a
technology, without actually giving details on any special offering by
Nordic itself. Still, reading the entry suggests ideas for new features.
A bit out of context (but not so much) is this interesting course on
"bullshit". Something similar is being organized in Italy by volunteers
of CICAP (Comitato Italiano per il Controllo delle Affermazioni sulle
Pseudoscienze), and a very interesting annual gathering in Padova on the
topic as well.
Jack Ganssle on ISO26262
Jack Ganssle is a reference consultant for the Embedded Systems market.
He published books and essays, and a monthly newsletter that reached
400(!) recently. His newsletter contains contributions from colleagues
and readers. In the last two issues some thoughts about ISO26262 and the
concept of System Element out of Concept are shortly discoursed on:
Reading best practices about security of login processes (using secure
passwords, password reuse, sending password by email etc) it's easy to
dismiss those simple rules as super pedantic. This paper among a number
of similar findings is an example of how relatively simple is guessing
even complicated and very tricky passwords, the ones that put together
personal facts with random dates and sequencing numbers... in a matter
of seconds. Somehow this relates to the ongoing Tobia Fiorese Master
Thesis work where we try to guess that an attack is happening on a
vehicle CAN Bus with a normal/abnormal discovery tactic.
Pioneers at Silicon Valley
Steve Blank was a pioneer at Silicon Valley. He joined the very first
Silicon and Software related companies since the beginning, Faggin's
Zilog among the others. It's refreshing and very interesting reading a
short his life and hearing himself narrating some unknowns about the
Climate change scope tax
The MIT Technology Review journal is very often a source of
inspirational but also technically sound writings. They publish a lot on
climate change, here an analysis on the consequences of a proposed scope
Business communicating by writing
Out of technical context an interesting comment on the importance of
good writing for business communication:
Private institutions like McKinsey continuously publish "reports" on
technical and financial topics. Honestly most of the report are very
easy conclusions bsaed on public data, but sometimes a more in depth
analysis comes out and this one looks accurate and useful for our
5G and Claude Shannon
Are you aware of the simplicity of Shannon's Law for communication
channels? Did you know that a typical 5G mobile phone will embed an
array of 72 antennas on his PCB? These are two takeaways of this
extraordinary dense and clear article on the emerging cellular technology:
Features of a product
Sometimes our job involves understanding how a product can be
successfully designed for revenue stream generation. This is not
strictly our responsibility, but fits our interest for profitability.
Features are tagged as gamechangers, showstoppers and distractions in
this amusing paper:
Toolkit for homomorphic encryption from IBM
Fully Homomorphic Encryption is the magic that makes it possible to
perform mathematical operations on encrypted data. Searching a database,
sorting, evaluating median/max/min, aggregating data, classifying etc.
without ever knowing the content. Think about the possibility to measure
something on the edge, encrypting right away and then sending to a cloud
service (or local computing engine) and never decrypt until the very
last operation that consumes data set.
This is a great new frontier of data mining/collecting/using and IBM
recently released in the Open Source arena its Toolkit? for Homomorphic
Encryption deployment on Linux (and perhaps adaptable to embedded
devices as well):
Inspiring podcasts (1/2)
Thomas Pueyo published a series of articles on what the current pandemic
looks like and how to act, the most famous being "Coronavirus: The
Hammer and the Dance". I'm not interested here at how accurate and
useful is his analysis (looks like a lot anyway). He reached 40+millions
views of his articles in 30+ languages, with limited prior knowledge of
such topics and only lateral skills about publishing: so why not
understanding his motivations and research strategies? Learning from
success stories. The July, 27th episode of Eric Ries "Out of Crisis"
podcasts is a very long and easy interview to Thomas Pueyo:
Inspiring podcasts (2/2)
Cryptography is obviously something we will happen to use and sell a lot
in our career. Less obvious is how interesting is learning about
Negotiation: surprisingly, this topic is somehow counter intuitive in
the beginning, but very useful for an effective communication with
stakeholders of any development. So here are two top-class MOOC courses.
Vitalik Buterin and the notion of Trust
Vitalik Buterin (https://en.wikipedia.org/wiki/Vitalik_Buterin) is a
cryptocurrency researcher and programmer, and the genius behind Ethereum
or the second largest cryptocurrency platform after Bitcoin. As an
eclectic individual, he's capable of diving deep into topics that are
relevant for his work as a programmer but with a wide view. I think that
we can learn a lot from this short comment on Trust - a basis for
blockchain but also peculiar people behavior:
This paper aims to caption daily life --i.e., to create a textual description of people's activities and interactions with objects in their homes.
This is huge! Everything done by examining radio
frequency over a house, without cameras or other privacy-concerning
Creative thinking in the '80s
Alan Kay was the inventor of Smalltalk and principal creator at Xerox
PARC. In the '80s he talked about "Creative Think" during a conference,
and here is a brief account of what was said there by an Apple developer
working at Macintosh at that time (the full text or recording is not
available it seems):
By the way: don't know what Xerox PARC is? Founded by Xerox Corp. in
1970, first directed by George Pake (a physicist!) it gave birth to:
- Model-view-controller software architecture
- Laser printers
- Bitmap graphics
- Graphical user interface
- The Mouse
- WYSIWYG text editor
- Smalltalk programming language (the first Object-Oriented)
Writing in English
A bit of (written) English language for everyone:
Alan Kay on reading and learning
Alan Kay's elaboration on effective reading and learning:
Statistics on consultancy for Functional Safety
This rather old paper (2009) gives some hints on how to approach the
consultancy work of assessing Functional Safety choices made in a
design. It was presented at a conference by a consultancy after some 25
such assessments, so statistics is not that bad:
Small signals of future improvement (!)
This essay by Dave Snowden is refreshing as usual. He's starting a
series on Detecting a weak signal, meaning the ability to notice some
small signal of a future improvement.
Wrong assumption about innovation
Again on Xerox PARC (the Paolo Alto research center) and some wrong
assumptions about innovation as it goes:
Crypto-Gram by Schneier: cryptography for people
I find this issue of Crypto-Gram particularly interesting and useful.
Crypto-Gram is the monthly newsletter published by Bruce Schneier, a
famous and smart cryptographer, that deals (guess what...) with
cryptography and breaches. Interesting comments in my opinions are "Cory
Doctorow on The Age of Surveillance Capitalism" and "Seny Kamara on
Crypto for the People":
Commenting The Age of Surveillance Capitalism (italian)
And while we're here a very interesting and deep comment on the
fundamental book "The Age of Surveillance Capitalism" exists in the
format of an Italian podcast by Prof. Giovanni Ziccardi, highly
recommended during your next run or walk:
Scams in finance
We tend to think that very simple scams schemes are for high amounts of
ordinary people, in the hope that among the millions a few of them will
fall. Think of frauds by sending email with promises of an easy profit
etc. In the real world, scams are also in high end finance and
eventually they work also for experienced professionals:
Machine Learning on the Edge
From the Abstract of this recently published paper:
... presents the Edge Learning Machine (ELM) ... and exploits STM X-Cube-AI to implement Artificial NeuralNetworks (ANNs) on STM32 Nucleo boards
so this is all about something we've been learning and working during the
Doppler Effect on the go and sensing
I was impressed by this simple proof of concept using the Doppler effect
on normal portable PC audio. Could this be improved to a level of
usefulness? Another bit of knowledge on the importance of thinking about
natural ways for sensing:
Authenticate with OpenID and TOTP, explained
Two widely used authentication and authorization processes (OpenID and
TOTP) are difficult to understand. Here (another) couple of simple
explanations with examples:
Collecting data for the bad
Data science applied to making bad use of collected personal data (think
of any application and personal device in use today...) is criticized a
lot. The book "The Age of Surveillance Capitalism" was published
beginning of 2019. The European Union is moving forward from an age of
data freely collected and used by corporations to a framework of
legislations and directives in order to enable extracting the best from
available data without harming privacy:
5G between promises and reality
Did you notice the hype on 5G? Seems like cars, home automations and
mobile applications will stop working without 5G, similar to how IoT GSM
standards (NB-IoT, LTE Cat-M1 etc) promised to enable a full range of
new applications. Measured reality is a bit different. And while we're
here the seminal paper "A Mathematical Theory of Communication" by C. E.
Shannon is where modern communication started:
"How do you learn to write readable code? Like learning to write
readable English, you have to read a lot. Spend the time to try to
understand code beyond superficial qualities that don?t match your
biases and preferences." Enjoy reading this spectacular essay on
readable code, full of references and suggestions (also useful for
writing good English by the way):
Avoiding climate change should be our priority. Daily personal habits
mean a lot, both as a testimony of awareness and as effective measures.
Punishing disastrous practices can be part of this:
This one is great: a description of UNIX by Ritchie and Thompson
originally published in Communications of the ACM, 1974. Interesting for
the content and even more interesting as a crystal clear explanation of
a cornerstone in the computing industry. Please pay attention to the
format of the first few paragraphs.
We teach TDD and we're very good at writing Unit Tests, so the content
of this paper should be no news. But I find it very useful as it puts
together all Unit Test -related topics in one long explanation, with
Embedded Systems in mind.
You may need to share a terminal session (bash or whatever) with a
colleague or client, and with people during a training. This is useful
for showing how to prepare commands, finding problems together or
viewing very long logs of a host. It's also handy while explaining long
series of commands while recording the sequence (but hey, "history " is
already a recording of commands by the way!). Here are two such tools
for sharing without the need for opening firewall ports, giving away SSH
access etc. BUT with a very big warning: please always understand
what you're doing before sharing anything!!! This is not free from
danger, and first of all the full session you're session (passwords
included) is very easily recorded and mis-used!!!
Cryptocurrencies: the topic is rising again as a trend in Europe, as
many institutions (Central Banks, Governments and EU itself) are
discussing and deploying guidelines for the adoption of all sorts of
"electronic currencies". This time it seems to me that we're on the
beginning of real use cases for "kind of" cryptocurrencies, but be aware
that the term is sometimes used as a generic description for
"software-only currencies". At the foundation of a real blockchain,
which is an essential building block of a real cryptocurrency system, is
a Consensus Protocol. And so it may be worth reading this easy
compendium of the most common schemes for creating such a protocol. This
is also useful in Embedded Systems: think of an architecture with
several different computing engines (coffee machine, autonomous vehicle,
network of measuring devices, home automation system) and the need for
taking decisions with an intermittent communication between parties,
potentially broken or compromised.
A handy modern CLI for GIT. In case you're tired of typing so many
parameters while using GIT this is for you (but pay attention to the
possibility that you mess up your repo by not understanding what you're
"Agile is a strategic attitude, not a CPA exam" and this is one of the
many essays diving into our attitude to our job as a team:
One of my obsessions - Alan Kay, and this extraordinary catalog of his
publications and medias:
Mis-using the terms Encryption and Authentication is a common mistake
when talking about cyber security. This essay helps understanding the
different scope of the two technologies:
When designing a product (or part of it, or a service) features to be
implemented fill three buckets: gamechangers, showstoppers,
distractions. How to balance features and describe a mission is
elegantly explained here:
I'm personally a great fan of combining a multitude of very simple
command-line tools together instead of using complicated single-mission
monolithic applications. This is particularly true when dealing with
data sets, calculations, preparing simple documents and performing
sysadmin tasks. Here a review of what a shell command is in Linux and
how to benefit from its core feature of being built as an addition of
very simple bricks:
This is how I git
The sad and interesting story of how Nokia lost its position as first
mobile phones producer in the world, due to a negative managerial style.
With a disclaimer: Nokia is still a giant developer of networks
equipment, and incredibly profitable patents holder.
Reading scientific paper is part of our job and often a great pleasure,
if done right:
The developer that's in everyone in this audience prefer using commands
in a shell instead of clicking on a graphical user interface or webpage.
This is the most effective simple command line interface to Gitlab I
tested so far and it works against our self-hosted instance. It's
written in Go and comes as a single executable for Linux. Of course the
scope is not executing normal git commands, but instead managing issues
and the other Gitlab specific super-sets to plain git. Try it, works
What's the magic behind maintaining a database of passwords that means
totally nothing if exposed to the public Internet? Simple: hashing, with
a bit of salt. (hint: the same should be standard every time you keep a
password or secret embedded in your C/C++ code: always hash it!)
Ever wondered if binary code can be reverted back to sources? The
science is called Reverse Engineering. The original code will never come
back, but as much as 90% of this can be accomplished using some very
smart and rigorously opensourced forensic tools like Cutter. Look at the
features and start dreaming... should work with ARM Cortex as well.
Last mention is for an Italian essay on Agile development. Plenty of
important definitions and examples, worth studying and adding to our
Disclaimer: this issue is mostly (though not entirely) coming from
Hackernews, sparing a bit of my time...
It's interesting to navigate unknown domains. Prototyping mechanical
parts and enclosures is not something we do usually, but can be fun and
Writing well: it's important, gives you Supernatural Powers!
This is not the (already seen) topic of how to perform threat detect or
threat generation with Machine Learning. This is Huge, it's Machine
Learning for solving mathematical problems in cryptology. Counter
intuitive at a minimum!
Machine Learning is the new trendy buzzword. It is also an enabler with
immense power for anyone willing to learn and experiment; learning is
essential for suggesting a solution. This is one of the moments in our
engineering life when we can be part of an impact on almost all
applications we know. This is why you will find here everything Machine
Learning + something else.
Machine Learning on the Edge is one of our focuses. The players in this
this field of applications are TinyML, EdgeImpulse and of course our
friends at ST.
Machine Learning helps leading Cryptoanalysts like the great Prof. Bill
Buchanan implement new cybersecurity applications. Bill is showing how
while learning a new topic on his own here.
Safety and statistics: how to predict the margin of error of a smart
algorithm, so that our Michele Ticozzi can perform his Failure modes,
effects, and diagnostic analysis (FMEDA) over the software solution?
Did hear about this breaking news about AplhaFold, Deepmind and Protein
Folding? Well it was a bit over hyped. But the fact is that Bio
Informatics and Machine Learning are at the core of the race against
We code Machine Learning, and we do want to be organized developers with
everything committed to a git repository. No excuses, here's a help from
smart guys at Gitlab.
So much to read, we need a process.
"The next best thing to having good ideas is recognizing good ideas from
your users. Sometimes the latter is better."
This is rule number 11 out of 19 as listed in his famous essay by Eric
Steven Raymond, first published September, 2000. Everything we went to
know about Agile and Human-centric Engineering is already written here.
Among the intuitions, he reports someone saying that software project
management has five functions:
- To define goals and keep everybody pointed in the same direction
- To monitor and make sure crucial details don't get skipped
- To motivate people to do boring but necessary drudge work
- To organize the deployment of people for best productivity
- To marshal resources needed to sustain the project
Curios about who your smartphone is talking to over Wifi? This great
piece of software from KasperskyLab converts any Raspberry 3/4 into a
sniffing device with a superior UX:
"For the first time, we are forced to consider the real risk of
destabilizing the entire planet" says climate impact scholar Johan
Rockstr?m. This is also a great example of how to spread information.
Science (at www.sciencemag.org) is my preferred reading for general
advancements in all human-related topics. Here is a free access podcast
on breakthroughs, top science news and best books of 2020:
Another source of curated information is the IEEE Future Directions
Technology Blog, written by Roberto Saracco. He's now publishing an
astonishing number of well informed posts on megatrends for the next few
How can I read everything suggested here? Well, by turning my smartphone
into a boring tool and stop being distracted!