Tag: Blog

I recently read this article by John Carbone about using UDP in embedded systems. The advice in the article is accurate, but there are some other issues to consider when designing UDP based protocols in embedded systems that Carbone did not address. I wanted to tackle them here. First and foremost: UDP datagrams are trivial... View Article

Harness Joy’s Law: Collaborate with diverse thinkers for innovative engineering solutions. Engage Cardinal Peak for expert consulting on your design challenges.

Cardinal Peak’s big data practice is expanding as we continue adding data scientists to our staff. In a recent discussion regarding a data set we’re analyzing, a probability problem conceptually equivalent to the following arose: In a room filled with N people, what is the probability that none of them have the same birthday? In... View Article

Hash-based message authentication code, or HMAC, is an important building block for proving that data transmitted between the components of a system has not been tampered with. It is a widely used cryptographic technology. I recently came across its use in an RFID system.

I’ve got a new article up at Xconomy, sharing some thoughts about how to find the right Chief Technology Officer for your startup: I’ve got a strong bias that you are likely to need at least one member of your founding team who is a strong technology visionary and evangelist. Assuming you’re an entrepreneur with... View Article

Based on the success of our last job fair, Cardinal Peak will once again be co-hosting the Boulder Tech Job Fair with the Boulder Chamber. We were thrilled by our experience at the last fair in September, so we will be joining 13 other tech companies offering more than 200 open positions ranging from entry-level... View Article

We'd like to congratulate our client Skydrop for a spectacular launch at CES this week. The Skydrop Sprinkler Controller is a great example of a next-generation Internet-of-Things product.

Out of the box, Chromecast has no idea who I am, or what my available content is. In a few simple steps I'm up and running with my content. I didn't even enter my username and password! How did Google do that? The answer involves a protocol called oAuth.

The kind folks at EDN have asked Cardinal Peak to author an occasional blog about streaming video. The first post went live this morning and discusses streaming video securely: Until recently, the accepted wisdom in the industry was that end users didn’t care about encrypting this type of video, as long as it was a... View Article

Attacks that are initially restricted to the realm of esoteric, government-backed spooks become accessible over time to run-of-the-mill cybercriminals. Take, for example, the Linux.Darlloz worm, which attacks embedded devices and is interesting for a couple of reasons. First, it propagates by exploiting a vulnerability that was patched in May 2012. But the firmware images on many embedded devices are much older than that. The second reason I find it particularly interesting is it targets PHP, a scripting language largely used for web development.

When I was a freshman in college, we had an engineering seminar where the Dean told us that we should expect to re-educate ourselves many times throughout our career. This has certainly been true in my career. In the Web and Mobile development world it seems like if you blink your skills are out of... View Article

I’ve got a new blog post up today at EE Times, discussing how to secure devices on the Internet of Things: It used to be academically interesting, perhaps, that an attacker could compromise an unconnected home thermostat. Today, it’s another thing entirely that an attacker can potentially target thousands of home thermostats from afar, determine... View Article