Articles by Ben Mesander

The heartbleed bug in OpenSSL has been all over the news. XKCD perhaps had the most succinct explanation. I’d like to take a deeper look at this bug and the process that allowed it to be created. Catastrophic failures are often caused by a chain of bad decisions or errors that finally result in a… View Article

I recently read this article by John Carbone about using UDP in embedded systems. The advice in the article is accurate, but there are some other issues to consider when designing UDP based protocols in embedded systems that Carbone did not address. I wanted to tackle them here. First and foremost: UDP datagrams are trivial… View Article

Hash-based message authentication code, or HMAC, is an important building block for proving that data transmitted between the components of a system has not been tampered with. It is a widely used cryptographic technology. I recently came across its use in an RFID system.

Attacks that are initially restricted to the realm of esoteric, government-backed spooks become accessible over time to run-of-the-mill cybercriminals. Take, for example, the Linux.Darlloz worm, which attacks embedded devices and is interesting for a couple of reasons. First, it propagates by exploiting a vulnerability that was patched in May 2012. But the firmware images on many embedded devices are much older than that. The second reason I find it particularly interesting is it targets PHP, a scripting language largely used for web development.

One of my partners pointed this Slate article out to me about healthcare.gov. It is clear at this point that there have been a ton of embarrassing problems with the rollout of this site. I don’t want to get into the politics of health care, but I do find it interesting to look at what… View Article

A simple way to avoid mutex-locking issues is to not use mutexes. This post describes a simple technique for passing objects between threads in a thread-safe manner without mutexes, which makes the entire class of possible mutex-related errors impossible to implement!

When you enable location access, Android says Allow Google’s location service to collect anonymous location data. Some data may be stored on your device. Collection may occur even when no apps are running. This seems both fair and harmless, so I didn’t think too much about it. But it turns out to be a little creepier than you might think.

CRC stands for Cyclic Redundancy Check — an error-detecting code used to determine if a block of data has been corrupted. The mathematics behind CRCs initially appears daunting, but it doesn’t have to be. I’d like to present an alternative explanation here that is useful to the software implementor of CRCs.

In a previous blog post, I mentioned I had a Kodak Zi8 video camera. This past weekend, I decided I wanted to try Windows Movie Maker (WMM) to edit videos produced with it, instead of the built-in Arcsoft MediaImpression software that the camera installs on the PC it is connected to. (Although I haven’t tested… View Article

The H.264 bitstream includes the Sequence Parameter Set (SPS) and the Picture Parameter Set (PPS). Both entities contain information that an H.264 decoder needs to decode the video data, for example, the resolution and frame rate.

Color film photography looks to be fading fast; recently the last rolls of Kodachrome film were developed by the last place in the world that can process it. While black-and-white film development is commonly done in home laboratories, color film development requires specialized chemicals that were usually only available on an industrial scale. It appears… View Article

One time last winter I shot a photo with my camera phone out the windshield of my car and got a strange image with curved wiper blades: No, my wipers don’t look like this! I’ve been meaning to track down the reason why this happened. It is clear that cellphone cameras don’t usually use mechanical… View Article