We are pleased to announce that Codethink has recently received ISO 9001:2015 certification for the provision of technical and strategic consultancy, software engineering services and software.

Outreachy is an organisation providing open source internships to people who are subject to systemic bias and underrepresentation. Find out about the project we helped to run: "Improve end-to-end testing for GNOME"

Some things we learnt when trying to build complex Rust software to a tight deadline

Last week 40+ Codethings descended upon Brussels for FOSDEM 2024 , along with thousands of members of the Free & Open Source Software community.

Codethink's updates to the automated hardware testing tool Q.A.D. and introducing the interactive Web UI tool QAnvas.

Sam Thursfield, Software Engineer at Codethink has given up his time to become an open source mentor for Outreachy.

Recently, we worked on some mirroring software using Lorry, which is a tool we developed at Codethink as part of our Software Mirroring Solution. Lorry mirrors git repos, and can also mirror other types of repo such as Subversion and Bazaar by converting them to Git.

Codethink has been developing a number of tools and processes in order to automate as much of the testing pipeline for embedded systems as possible.

Codethink is excited to announce its attendance at the upcoming SDV Europe conference in Berlin from November 26th to November 28th.

The third part of a blog series, discussing HSM-backed security requirements and how we analyse the tradeoffs offered by modern options.

The 2nd part of a blog series, discussing HSM-backed security requirements and how we analyze the tradeoffs offered by modern options.

As we work increasingly with systems that have HSM-backed security requirements, we analyze the tradeoffs offered by modern options.

Continuing our work on robust testing in support of long-term maintainability, we present a testing pipeline that makes use of both LAVA and OpenQA to perform automated kernel tests on RISC-V hardware.

Codethink has automated some end-to-end testing of Android Automotive on our public openQA instance.

GUADEC 2023 has been another great event for the GNOME community.

In June, this year, a number of Codething’s attended the Embedded Open Source Summit (EOSS) in Prague.

On one of our RISC-V projects, we were recently debugging a complex driver probing sequence in the U-Boot bootloader. Along the way we improved the debugging facilities available for U-Boot on RISC-V, specifically allowing developers and system integrators to see the callstack in the case that there is a crash during the early boot sequence.

A dive into our work to add further support for vector cryptography in RISC-V with QEMU!

Codethink's latest FOSS contribution in automated hardware testing. This article will talk about our recent tool named Q.A.D. and its impact on end-user blackbox hardware testing.

Once upon a time, you could design and build a device, flash a well-engineered firmware onto it and support it for 20 years, with minimal changes to the core software. Those days are over. A new approach is needed to provide long-term support for devices while managing the complexity of today’s embedded software stacks.

As in years past, Codethink will again be at the FOSDEM conference! An official sponsor of the event, we are pleased that more than 30 Codethings will be present and participating.

The Python package archive PyPI is a hugely successful platform for sharing open source libraries and applications. In this article we'll provide some ideas on safely using PyPI, taking into account some recent malware attacks that were delivered via the platform.

BuildStream 2.0 is finally here - with improved performance, remote execution support, and a host of new features.

Testimonial from our recent code review for ASL Holdings Ltd

GNOME OS and Atomic Upgrades on the PinePhone

Codethink collaborates with Flathub to bring forward a way to support open-source developers

Codethink is happy to sponsor GUADEC one year more

Finding and fixing an interesting reproducibility issue

Automated testing of browser-based web applications from the command line.

Laurence Urhegyi and James Thomas will be giving the talk "Automated and continuous system testing with Lava and OpenQA"

The problem with introducing these dependencies, is that part of your project now exists outside of your control.

We've ported GNOME OS to the PolarFire Icicle-Kit Devboard from Microchip.

YAML's data model can represent arbitrary data, so when an app parses a YAML document it might get back anything. It's up to the developer to check that the data is structured how the app expects and to control what happens when it isn't. Does it report an error to the user? Is the behaviour undefined? Does it crash?

Introducing the Deterministic Construction Service (DCS) design pattern

We are proud to announce that Codethink has joined the Microchip Design Partner program, specializing in Functional Safety and MPU, to assist their clients in the creation of electronic systems.

Codethink has been collaborating with Silicon Highway and The Robot Studio to program a fully open-source, standalone robot hand using an NVIDIA Jetson Development Kit.

How Codethink are using STPA for risk analysis of software-intensive systems and integrating the outputs into the engineering process.

Codethink's first ISO 26262 ASIL D Tool Certification - Deterministic Construction Service (DCS)

Codethink continues to participate in the promising RISC-V ecosystem, and we have exciting news around Freedesktop SDK and GNOME.

Everyone wants the same thing: stable software for the long term, including the latest features. To achieve this, you need to have confidence in your software and in the software you depend on, which has to come from testing.

Previously ARM servers were slower than x86, but not any more

High quality releases require high quality testing infrastructure. To show how deep OS and GUI testing can be done, let's look at the OpenQA instance we helped set up for GNOME.

As part of Codethink's interest in RISC-V, we created some simple hardware.

You’ve made a choice to use open-source software as part of your product release. That’s a great start. Open-source software projects usually have large contributing communities that help improve the software’s quality and functionality over time.

For the last few months, the BuildTeam Community has been organising a meetup to gather like-minded community members to discuss, share and exchange innovations and relevant topics and systems in build.

Applying functional safety practices to modern software-intensive systems requires a different approach to the established methods enshrined in current safety standards. Codethink have been working with Exida on a new approach to software safety for systems based on Linux.

The recent furore around University of Minnesota’s “Hypocrite commits” research, which spilled over from the Linux Kernel Mailing List and into mainstream tech media, has provoked a lot of discussion about the Linux kernel community’s processes, and arguably provided ammunition to folks who have been saying all along that open source software cannot be trusted.

If API is the way a programmer can call one program from another, then ABI is how the computer can call one program from another. This covers a whole lot of intricacies, such as calling conventions and the object format.

Consuming open-source is only the start of the journey for many companies. Whether by design or necessity, organisations find themselves adapting from being simply open-source consumers to being full-fledged producers, contributors and maintainers, eventually working in public, following ‘open by default and ‘upstream first’ principles.

As part of Codethink's interest in RISC-V I have been following the RISC-V kernel list. Whilst looking through the postings the following bug came up, titled: [syzbot] BUG: unable to handle kernel access to user memory in schedule_tail

We detail some research and development work Codethink conducted last year; building a low cost multi-camera sports tracking system. We specifically focus on camera space tracking on embedded platforms, as well as running through some of the background and state of the art of Computer Vision.

This blog post is about the Remote Asset API, describing its components and going into detail about the server-side implementation which has been worked on here at Codethink.

Codethink recently ran the Safety and Open Source devroom at FOSDEM 2021. Unfortunately, due to Covid-19, this was entirely virtual. However, this did make the conference more accessible to those who would otherwise be unable to attend. 2021 was the first year that the safety devroom had been run, and hopefully, it will become a regular occurrence at FOSDEM in future years.

One of the innovative minds that contribute to the community and work with our client’s projects is Beth White, Project Manager at Codethink, for the last 4 years. She has led and planned projects for some of our prime clients by driving the community side.

Terraform definitions are rarely defined in isolation without configurations for other tools such as Ansible, Puppet, Kubernetes. These definitions' close relationships often lead to changes in the configurations for multiple tools across various configuration languages.

The Bloodlight project was designed to test for new health metrics in the blood by testing multiple LED wavelengths of light at high-frequency and accuracy. We hoped to process the signals to determine the most appropriate wavelengths for low-power sensing and find new potential data in the signals.

As we celebrate International Women's Day, I thought I would reflect on the many inspirational women I have come across, in-person in everyday life, in articles or in history. My HR career has allowed me to see just how well women have steered their professional growth and how policies and procedures have evolved to complement changing and progressive environments.

One of the more challenging aspects of prototyping research hardware has always been the construction of plastic enclosures/cases. This is an even more fundamental issue for wearable/medical prototypes - in our example the case plays a strong role in the PPG sensor's optical properties.

Applying functional safety practices to software-intensive systems can be very challenging, and established approaches have struggled to scale and adapt to the problem. But what is meant by the assertion that "Safety is a system property, not a component property" and how should this shape our understanding of safety when applied to software?

When something as exciting as a completely open CPU architecture comes along, it's hard to stop Codethink's engineers from getting involved. We've set up an internal research project with the goal of learning about RISC-V, and we have some interesting results already.

In this episode of 'Meet the Codethings', we've asked Shaun about FOSDEM, the future of safety-critical software in automotive, and STPA. Keep up-to-date with our news about safety by just subscribing to our Safety newsletter at the end of the article.

Codethink is a company which provides software services and consultancy. We work with our clients to help them to deliver their projects effectively and efficiently. We prefer to work with a Project Manager on basis as we feel this usually results in the best possible outcome for our clients and ensures our engineering teams are well-supported.

FOSDEM is a two-day event organised by the FOSS community for FOSS the community. This event aims to gather like-minded professionals to learn, teach, and broaden their knowledge and network. This is a fun and exciting weekend for the developers and our employees since they are hosting their first devroom this year.

Ben Dooks is our Senior Engineer and Open Source Consultant with more than 15 years’ experience contributing to Linux Kernel. Dooks joined Codethink 8 years ago, and since then he's been involved in a range of projects involving the Linux kernel, such as the MEG project, amongst others.

Conferences and events are a valuable way to grow an open source project. They're a space for software engineers, team leaders, architects and open source enthusiasts to discuss ideas, share points of views, identify solutions and introduce new software developments.

We got this open source cartoon as an Xmas gift... hope you like it

FOSDEM is coming, 6th and 7th of February 2021! In addition to attending the virtual event, this time Codethink engineers will be curating the Safety and Open Source Software Dev Room.

Bazel and BuildStream are tools which are commonly used to organize and delegate the building of software. There are a few key differences between them but largely they are concerned with the same development problems.

It's that happy time of the year again! And we are not only talking about hearing "All I Want For Christmas Is You" every time you go to the supermarket. We are talking about Advent of Code.

In our previous blog post we introduced the Interrogizer project. Interrogizer is a logic analyser, which means it samples binary signals and sends the samples to a host computer as fast as possible.

Interrogizer is an Open Source project, aimed at providing developers with an affordable and easily producible tool to aid troubleshooting by enabling measurement of digital signals. Started from a desire to share hardware knowledge around Codethink, the device uses a small microcontroller placed on a simple PCB that can be easily and cheaply produced; allowing for iterations of the product as development progresses.

In an evermore software-intensive world, the security of software systems has become a critical part of product design and implementation. One way in which attackers exploit software systems is by crafting malicious inputs. The defence to such attacks is a combination of defensive programming techniques including input validation.

In this post I'm going to talk about the recent tranche of work I've put into a tool I wrote called topplot, which plots graphs from the data produced by the system utility top.

There are various roles out there on ansible-galaxy that will take care of installing this application for you, but their main advantage is the ability to install on platforms we don't use, and the ones we looked over didn't provide any configuration of openvas itself.

I recently digitally attended the 2020 STAMP workshop, hosted by MIT. This was originally planned to be in Boston in March, but for obvious reasons was moved.

We’re excited to see that Red Hat has decided to offer flatpak runtimes for RHEL with a ten year security fix plan...

Codethink staff have been predominantly based at home now for over three months. In that time the way we all interact with the world has changed considerably.

Codethink is working on a project to design a fully open-source (hardware and software) research device for experimenting with shining light into skin and detecting the light that reflects, gets absorbed and passes through. This kind of technology is widely deployed for measuring heart rates.

In the mid-2010s, Codethink developed the software suite for specifying, developing, and building Linux-based systems. The work has been used by several long-standing customers and Codethink even uses it for some of our own infrastructure. This blog will take you through work done to modernise one of the components of Baserock - Lorry.

Codethink is a software company that works on various client projects; ranging from medical, finance, automotive. In these different areas of engagement; we are trusted to work on various types of problems that clients face with their systems. One such problem encountered required us looking at a userspace software where the program was occasionally not responding on time.

In my previous blog post I introduced my work to improve Rust's support for RISC-V Linux systems. Since then I have fixed a couple of interesting compiler bugs. This blog post describes my process to track down these issues; explains some rustc internals; and discusses movement in the broader Rust community regarding RISC-V.

In 2019, electric vehicles accounted for 7.4% of total passenger car registrations in the UK. For an ever-more environmentally conscious population, this presents a very low number. Electric vehicles are often seen as a next step, or even a solution for greener transportation. Indeed, electric vehicles are becoming a more accessible option for an increasing number of consumers, and getting closer to a wider public adoption.

In 2018, Codethink worked with Lukas Bulwahn from BMW on a project investigating some core functionality of the Linux kernel that is relevant to safety considerations of an assumed system. We wanted to share some of our findings from this work, as it could prove useful to communities interested in using Linux in a safety-critical context.

Buildstream projects can easily be consumed by Bazel projects by use of a bazelize element, offering greater flexibility and an easier path to integrating third party dependencies

RISC-V is a new Instruction Set Architecture developed in the open and available for use without paying a license fee. This means there are no barriers to achieving open hardware implementations, which opens the door to performant (mostly) open hardware processors...

Building and testing at scale often involves codebases with millions of lines of code, worked upon by thousands of developers. One solution to the problem of building as quickly as possible is simply delegating that responsibility — not to the machine that the developer is working on, or even to a server that the CI job has been dispatched to, but to a server farm...

As concerns about the privacy and security implications of contract tracing apps for COVID-19 show, establishing trust in software is still a real challenge. I’ve been following reports about these apps closely, and have been interested to read medical, technical and ethical analysis from around the world. What all of these perspectives underline for me is the critical role of public trust in the success or failure of such applications.

Medical Devices are utilising software more than ever before. Recent challenges from COVID-19 have outlined some of the great benefits of utilising open source within the Medical industry. Chris looks at the benefits Open Source Software and projects could bring to the industry, as well as potential drawbacks of implementing an open-source initiative

I’ve now been working at home since early March. My colleagues and I have all adapted to be able to work at home following the coronavirus outbreak and the subsequent measures taken by the UK government and other governments around the world. This shift is one that we have all had to come to terms with quickly.

Industry leading Medical companies are turning their attention to helping combat the fight. Manufacturers of ventilators and respiratory care such as Philips and Medtronic are committing to doubling production of ventilators over the next couple of months.

Codethink has switched into home-working mode to minimise the possibility of COVID-19 infections for our team, families, customers and partners.

Codethink recently worked on platform libraries for the real-time M4 cores of the MediaTek MT3620, the first Azure Sphere chip certified by Microsoft focusing on the development of a set of drivers for the peripheral subsystems (SPI, I2C, I2S, ADC, PWM, GPIO and Timers).

Codethink has experience of developing new concepts using Wirepas Mesh technology and can assist any company with software challenges to bring such products to life. We have partnered with Wirepas to help it and its customers to take the ecosystem to the next level.

When building software, we know that we need to be fast and we know we need to minimise any wasted time in the process. Introducing Remote Execution to builds will help to achieve this, but how do the different solutions compare? That's where the Remote Execution API Testing Project comes in...

Fortran will be turning 65 this November and, though the programming language may conjure up images of punch cards and room-sized computers, it is certainly not dead. Originally developed by IBM in the early 1950s for scientists and engineers, it found early success with the target audience and is still being used today.

Codethink’s culture stems from the world of open source software. A large part of what it means to be a Codething is taking part in the sharing of knowledge across the company and learning on a daily basis. This practice drives the development of understanding in different areas of …

As mentioned in the first part of this article, An Introduction to Distributed Builds and Remote Execution, there is no single solution to the problem of building software in a distributed manner. This description will focus on a solution based on the Remote Execution API.

Building software

Part of creating software involves translating source code into instructions that can be executed by hardware and packaging the results in a way that can be consumed by users. That process is known as building (although colloquially it sometimes can be referred to as compiling).

For small programs …

Installing Linux on most PCs is easy — you pop in a DVD or a USB stick, click through the install process, and you’re most of the way there. When it comes to more specialised devices, however, installing and running an operating system isn’t quite so straight-forward.

Embedded devices …

You might have heard the term ‘FPGA’ thrown around every now and again. In several areas of the tech industry their use is growing -- particularly in automotive, aerospace, and medical applications.

Debian is over 20 years old now, and the venerable distro is keeping the ball rolling by releasing its latest version, 10.0 (Buster), last Saturday.

Free/Libre Open Source Software (F/LOSS) projects have always been community-driven affairs. Many of the tools that we use at Codethink are the result of years of passionate work put in by dedicated developers. They use their free time to provide the world with useful, thoughtful and creative software.

It is nearing the end of pride month, and over the course of June, here at Codethink we wanted to explore the question of inclusivity in the open source community. When we first wrote this article, we noted that the Wikipedia page on the matter was sparse, and we were surprised there was such a lack of detail. To address this, we contributed some of the research in this article, hoping to make it more easily accessible.

Codethink partnered with York Instruments on a project to develop a new Magnetoencephalogram (MEG) scanner to replace their existing apparatus. This is a neuroimaging device which maps brain activity by recording magnetic fields which are produced by naturally occurring electrical currents in the brain.

Here at Codethink we've recently been putting some energy into enhancing our onboarding process that we have in place for all new starters at the company. As we grow steadily in size, it's important we have a well defined approach to welcoming new employees into the company and introducing them …

Interview with Adam Jones discussing how to get into open source, and why Open source software is at the heart of Codethink.

GitOps is increasingly popular in the cloud-native world, allowing developers to deliver software to production using their native tooling—a pull request in Git. The underlying principle is that of infrastructure as code.

As a result of collaborative research with MIT, Codethink announces a new open source project AV-STPA, to analyse and document safety requirements for autonomous vehicles by applying System-Theoretic Process Analysis.

On our continuing journey to understand the implications of safety and security risk management for complex software-intensive systems, Codethink has …

For a project with one of our larger clients, Codethink engineers had been using a 3rd party debugging board, purchased by the customer. Engineers found that the debug board features were quite limited. Due to the delicate design of the board, the lead time for production was long and as …

The Civil Infrastructure Platform (CIP), a Linux Foundation Initiative, is attracting the attention of well known stakeholders in the Industrial Grade space.

The long term project goal is to create an Open Source base layer for industrial grade systems collaboratively to enable the creation of reusable building blocks that meet …

Over the course of three months and two PCB revisions, Codethink developed a USB 3 switch (See Image) in order to address issues regarding software deployment and continuous integration faced by one of our major customers.

The aim was to deliver a computer-controlled, automated deployment pipeline for testing software on …

Codethink has been collaborating with British Cycling technical staff to develop an innovative telematics system to measure performance of their athletes in training for competitive events. This system seeks to improve the recording and analysis of raw data and will aid training progress of British Cycling in preparation for the …

Systems are becoming more complex than ever before. This now allows us to accomplish tasks that once seemed impossible. With this increase in complexity from systems, there is a need for safety models that can keep up.

STAMP (System-Theoretic Accident Model and Processes) is an accident and causality model based …

The theme of International Women’s Day 2019 is ‘Balance for Better’. It is reported that 17% of those working in technology sector in the UK are female, an imbalance that has drawn a lot of attention. For International Women’s Day this year, I talked to a few of …

If you've ever looked into remote build caching and execution and read about it

Configuring Linux systems to stabilise latency

Over the course of the last few months, Codethink have conducted an investigation into whether or not Linux systems can be configured to be deterministic, so that performance over time is made to be more predictable and overall improved by tweaking the kernel in …

I attended GUADEC 2018, and really enjoyed it, and I feel that I got a lot out of it.

The talks were recorded and they should be put online some time soon, I think. They need volunteers to do some video editing first though.

There is an issue for doing …

Many embedded/automotive vendors are recommending that electronic control unit (ECU) consolidation can be best achieved by adopting an architecture with a hypervisor. The idea is to isolate functions into guest operating system virtual machines and restrict access to sensitive resources. So examples of the consolidated architecture look something like …

Traditionally ELCE has been an important annual event for Codethink. This year was no exception. ELCE 2017 was not only a great technical event but...

LONDON--(BUSINESS WIRE)-- The Institute for Strategy, Resilience & Security (ISRS) at University College London (UCL) in association with software developer Codethink Ltd, today announced the release of a new white paper entitled Towards Trustable Software – A Systematic Approach To Establishing Trust In Software. Paul Sherwood, CEO of Codethink will introduce …

FLOSS event offerings have exploded in the last few years. You can find everything from very elite, invitation-only pricey events to small, local meetings that are open to everybody...

An introduction to Error Correction, Hamming Codes, Reed-Solomon, and Locally Repairable Codes

Tristan explains his new initative BuildStream and what it could mean for GNOME in 2017.

A look at open source for Civil Infrastructure, and why we're a founding member of CIP.

This post was originally a quick email to a client and their other partners detailing what the output from the "top" tool means, which is a utility which shows a list of running processes on a UNIX system along with statistics on their memory and CPU consumption.

Here's an example …

Looking at YAML and JSON for Schemas and Validation.

Moving from a traditional product/release focused delivery model to a rolling model. Agustin talks about our team's work on the GENIVI Development Platform and the transition to a continuous delivery model.

As part of International Supercomputing Conference 2016, Codethink announced an open source Fortran parser that enables modernisation and execution of many academic, scientific, and commercial algorithms on ARM, Intel, and OpenPOWER.

Sam and Mike continue their post about the Teufel build process, talking about the implementation of a reliable caching mechanism.

Within companies producing devices, product progress continues to drive complexity and creates legacy challenges. Codethink senior engineers Sam Thursfield and Michael Drake explain how a recent embedded project for high end Home Entertainment demanded working with a complex Buildroot setup. This delivered major build time benefits, enabling rapid continuous integration.

Over the last few years Codethink has been helping a series of customers understand and manage the scale and complexity of their software integration pipelines. We've seen and tried various approaches to visualise what's happening, but many projects end up falling back to some combination of:

• architecture diagrams
• data models …

Superuser talked to Zara Zaimeche, software developer at Codethink, about StoryBoard, a task tracking system for cross-team projects.

Deep learning in Python

Standing up

We do standups to keep the team aware of what everyone is doing, and to identify roadblocks. Doing them on IRC means we can

• log the minutes
• have remote participants
• be in more than one standup at once (eg Project Manager)

Standups should be short - approx 10 minutes …

Codethink joins Automotive Grade Linux to help advance open collaboration and automotive software development for cars of the future

Codethink is delighted to be sponsoring the first systemd conference.

Maintaining 100 million lines of code on your own is not much fun, and surprisingly expensive.

Leading automotive electronics supplier Visteon and Linux software specialist Codethink are partnering to improve the long-term traceability and reproducibility of software used in in-vehicle infotainment products.

Codethink's Contributions to ARM Software Ecosystem Facilitate Commercial Deployment Among Cloud and Enterprise End Users

DataCentred announce that in a world first they have integrated servers running ARM Aarch64 processors into their OpenStack public cloud platform

First Public Baserock Meetup to be held in Manchester, England.

NVIDIA Jetson TK1 + Baserock + Linux 3.15 in one day Engineers take just 24 hours to get a new open source 3.15 Linux operating system running on new NVIDIA Jetson TK1.

Codethink Receives GENIVI Most Valuable Contributor Award. Recognised for Baserock contribution to GENIVI Baseline Integration Team.