Article note: Fuckin' cool. An only slightly feeble V7 clone on the Pico.
Also, I find their notes about the Pico's C SDK very promising - I've been thinking about where I'd like to move UK's intro embedded lab long term and the quality and simplicity of documentation makes the Pico suddenly kind of appealing.
We're on Keil in legacy mode which is foul + TI TivaC Cortex M4 right now because there is a good, cheap book for it, major contenders ST CubeIDE + STM32 or TI CCS + TivaC, but maybe I should be looking at the Pico.
David Given blogs about porting Fuzix, a small V7 Unix clone, to the new Raspberry Pi Pico microcontroller:
Working with the Pico was an experience: the documentation is excellent, as is the C SDK. The SDK provides a set of libraries which are thin wrappers around the underlying hardware, making most features utter simplicity to use. Unlike the ESP8266’s libraries, the Pico SDK is unopinionated and doesn’t require you to use any of its features: if you want to talk directly to the hardware, you can (and in fact there’s library support for doing just this).
There are some high-level features like a heap, stdio emulation, multicore primitives, etc which I’m not using, but if you don’t use them you don’t pay for them. For my embedded-systems brain it’s the ideal ratio of functionality to complexity.
The Fuzix port provides:
user binaries using up to 64kB of code and data each (this could be expanded, as there’s plenty of spare RAM)
up to 15 processes
a proper Unix filesystem
SD card support, used for both the filesystem and swap space
serial console on UART0
the full set of Fuzix core binaries work — fsck, Bourne shell, the standard Unix tools, a vi clone, etc, plus some simple games
Article note: Oh this is super dumb.
Automatic dependency management tools, which are always a clusterfuck, automatically matching malicious packages uploaded in the public namespace over top of internal company-use packages whose names are easily inferred.
Last week, a researcher demonstrated a new supply-chain attack that executed counterfeit code on networks belonging to some of the biggest companies on the planet, Apple, Microsoft, and Tesla included. Now, fellow researchers are peppering the Internet with copycat packages, with more than 150 of them detected so far.
The technique was unveiled last Tuesday by security researcher Alex Birsan. His so-called dependency confusion or namespace confusion attack starts by placing malicious code in an official public repository such as NPM, PyPI, or RubyGems. By giving the submissions the same package name as dependencies used by companies such as Apple, Microsoft, Tesla, and 33 other companies, Birsan was able to get these companies to automatically download and install the counterfeit code.
Dependencies are public code libraries or packages that developers use to add common types of functionality to the software they write. By leveraging the work of thousands of their open source peers, developers are spared the hassle and expense of creating the code themselves. The developer’s code automatically downloads and incorporates the dependency, or any update to it, either from the developer’s local computer or from a public repository.