## Key Topics

* [00:30] Introduction to the listener's question about repository granularity in embedded development

* [01:15] The listener's approach: separate repositories for different work products in safety-critical industries

* [03:20] Luca's initial reaction and concerns about over-complication

* [05:45] Discussion of monorepo approaches and configuration management

* [08:10] The concept of micro-repositories and parallels to microservices

* [11:30] Using feature flags and CI pipelines instead of repository separation

## Notable Quotes

> "You're splitting something which ought to be joined together into different repositories and hiding whatever is happening within the repositories from the different users, from the different developers." — Luca Ingianni

> "The risk of course is that you will not spot divergence early enough because people just don't merge because it's a chore and because things might break, and of course that is the point - the earlier you notice that something breaks, the easier it will be to fix it." — Luca Ingianni

> "I'm willing to guarantee that you're going to get the architecture wrong at least on the first try. You think you're being really smart and you cut it up into a bunch of microservices or micro-repositories, and you're just going to get the boundaries wrong." — Luca Ingianni

> "I would opt for fewer repositories and rather do configuration management within the repositories as opposed to between repositories. Use feature flags, use tagging, use whatever you want to insulate changes that might be breaking from the rest of the code base." — Luca Ingianni

## Resources Mentioned

* John Taylor's Embedded Project Cookbook - A resource mentioned by the listener that discusses sequential events in embedded projects

* Trunk-Based Development - Development methodology discussed throughout the episode

* Minimum CD Podcast - Previous podcast episode referenced by the listener

You can find Jeff at https://jeffgable.com.
You can find Luca at https://luca.engineer.

Want to join the agile Embedded Slack? Click here

The episode discusses the concept of Minimum Viable Continuous Delivery (Minimum CD), which represents a counter-movement to heavyweight frameworks like SAFe. The hosts explore how Minimum CD provides a set of essential practices for successfully building software-based products without unnecessary complexity. The approach focuses on core principles rather than rigid frameworks, making it particularly relevant for embedded systems development.

The discussion covers the fundamental requirements for continuous delivery, including automated testing, pipeline-driven deployments, and trunk-based development. The hosts emphasize that while these practices may seem challenging for embedded systems, they become increasingly important as devices become more sophisticated and connected.

A key theme throughout the episode is the importance of building trust in the development process through automation, consistent practices, and cultural commitment. The hosts stress that while some practices may seem difficult to implement in embedded systems, the more challenging they are, the more valuable they become when successfully implemented.

Timestamps and Topics:
00:00:00 - Introduction and overview of Minimum CD
00:02:00 - Discussion of Minimum CD as counter-movement to complex frameworks
00:03:45 - Continuous Integration fundamentals
00:15:35 - Pipeline as the only way to deploy
00:27:00 - Production-like test environments
00:29:45 - Rollback capabilities for connected devices
00:32:25 - Configuration deployment with artifacts
00:34:50 - Trunk-based development principles
00:39:30 - Automated testing requirements
00:41:10 - Maintaining delivered work integrity
00:45:55 - Wrap-up and closing thoughts

Shownotes:

Link to minimumcd.org: https://minimumcd.org/
Reference to Brian Finster as instigator of Minimum CD
Reference to Raymond Chen's blog about Windows backward compatibility
Reference to previous episode on trunk-based development
Reference to interviews with Philip Johnston from Embedded Artistry
Reference to interview with Francois from Mend Fault
Link to Agile Embedded Slack group

You can find Jeff at https://jeffgable.com.
You can find Luca at https://luca.engineer.

Want to join the agile Embedded Slack? Click here

Key Topics

* [03:00] Ryan's background in offensive cybersecurity and defense contracting

* [04:30] The mindset and challenges of vulnerability research and hacking

* [09:15] How security researchers approach attacking embedded devices

* [13:45] Techniques for extracting and analyzing firmware

* [19:30] Security considerations for embedded developers

* [24:00] The importance of designing security from the beginning

* [28:45] Security challenges for small companies without dedicated security staff

* [33:20] Address Space Layout Randomization (ASLR) and other security measures

* [37:00] Emulation technology for testing embedded systems

* [45:30] Tulip Tree's approach to embedded system emulation and security testing

* [50:15] Resources for learning about cybersecurity and hacking

Notable Quotes

> "When you're on the vulnerability research side, you're trying to find a time when the software does something wrong. When it does something unexpected." — Ryan Torvik

> "Don't roll your own cryptography. Use a standard library for cryptography." — Ryan Torvik

> "We're seeing that the maintenance costs are what are getting people now. You're expected to maintain this device, but now you got to be able to actually update the device." — Ryan Torvik

> "It's so much more expensive to put security in after the fact if it's possible in the first place. Why is that even something that needs to be debated?" — Luca Ingianni

Resources Mentioned

[Tulip Tree Technology](tuliptreetech.com) - Ryan's company focused on embedded system security and emulation

* IDA Pro - Interactive disassembler for firmware analysis

* Binary Ninja - Interactive disassembler from Vector35

* Ghidra - NSA's open-source software reverse engineering tool

* Microcorruption - Beginner-friendly CTF challenge for learning embedded system hacking

* National Vulnerability Database - Public database of security vulnerabilities

Things to do

* Join the Agile Embedded Podcast Slack channel to connect with the hosts and other listeners

* Check out Tulip Tree Technology's website for their emulation tools and security services

* Try Microcorruption CTF challenges to learn about embedded system security vulnerabilities

* Consider security implications early in your design process rather than as an afterthought

* Use secure programming languages like Rust that help prevent common security issues

You can find Jeff at https://jeffgable.com.
You can find Luca at https://luca.engineer.

Want to join the agile Embedded Slack? Click here