Articles by Ben Mesander

The heartbleed bug in OpenSSL has been all over the news. XKCD perhaps had the most succinct explanation. I’d like to take a deeper look at this bug and the process that allowed it to be created. Catastrophic failures are often caused by a chain of bad decisions or errors that finally result in a... View Article

I recently read this article by John Carbone about using UDP in embedded systems. The advice in the article is accurate, but there are some other issues to consider when designing UDP based protocols in embedded systems that Carbone did not address. I wanted to tackle them here. First and foremost: UDP datagrams are trivial... View Article

Hash-based message authentication code, or HMAC, is an important building block for proving that data transmitted between the components of a system has not been tampered with. It is a widely used cryptographic technology. I recently came across its use in an RFID system.

Attacks that are initially restricted to the realm of esoteric, government-backed spooks become accessible over time to run-of-the-mill cybercriminals. Take, for example, the Linux.Darlloz worm, which attacks embedded devices and is interesting for a couple of reasons. First, it propagates by exploiting a vulnerability that was patched in May 2012. But the firmware images on many embedded devices are much older than that. The second reason I find it particularly interesting is it targets PHP, a scripting language largely used for web development.

One of my partners pointed this Slate article out to me about healthcare.gov. It is clear at this point that there have been a ton of embarrassing problems with the rollout of this site. I don’t want to get into the politics of health care, but I do find it interesting to look at what... View Article

A simple way to avoid mutex-locking issues is to not use mutexes. This post describes a simple technique for passing objects between threads in a thread-safe manner without mutexes, which makes the entire class of possible mutex-related errors impossible to implement!

When you enable location access, Android says Allow Google's location service to collect anonymous location data. Some data may be stored on your device. Collection may occur even when no apps are running. This seems both fair and harmless, so I didn't think too much about it. But it turns out to be a little creepier than you might think.

CRC stands for Cyclic Redundancy Check — an error-detecting code used to determine if a block of data has been corrupted. The mathematics behind CRCs may initially appear daunting, but don’t have to be. Our engineer presents an alternative explanation useful to the software implementor of CRCs.

Learn how to edit HD videos from your Kodak Zi8 using Windows Movie Maker with our step-by-step guide and codec tips. Enhance your editing skills today!

The H.264 bitstream includes the Sequence Parameter Set (SPS) and the Picture Parameter Set (PPS). Both entities contain information that an H.264 decoder needs to decode the video data, for example, the resolution and frame rate.

Transform your digital photos with vintage charm using Gimp's cross-processing script for unique color film effects. Download now from the Gimp registry!

One time last winter I shot a photo with my camera phone out the windshield of my car and got a strange image with curved wiper blades: No, my wipers don’t look like this! I’ve been meaning to track down the reason why this happened. It is clear that cellphone cameras don’t usually use mechanical... View Article