Re: [Spud] OS updates on embedded devices
Tom Herbert <tom@herbertland.com> Thu, 09 April 2015 21:38 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id CAA481B3325
for <spud@ietfa.amsl.com>; Thu, 9 Apr 2015 14:38:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7]
autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id X3H8ZETaDbVq for <spud@ietfa.amsl.com>;
Thu, 9 Apr 2015 14:38:46 -0700 (PDT)
Received: from mail-ig0-f170.google.com (mail-ig0-f170.google.com
[209.85.213.170])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 41A481B304A
for <spud@ietf.org>; Thu, 9 Apr 2015 14:38:41 -0700 (PDT)
Received: by igblo3 with SMTP id lo3so3287382igb.0
for <spud@ietf.org>; Thu, 09 Apr 2015 14:38:40 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:date
:message-id:subject:from:to:cc:content-type;
bh=enYQip4REEQSc+Sg3XMQysXuF8GBahKmiciVRDiwZWc=;
b=mBtMX3YvZNWxrDxeSlBgskMCPNn8UUpV7cicVgPAXN1wu6X4uvu8dbFdiy3oD/WDFm
s4WYInKajZMpMWRhFFKz9DkNld6/FEH2yuRPYOuQPMaM1jf+iGKLhrdoi5GXko7SkS1M
zqfq60GAXt8ny9ca5ktEahUzDU544EdXeWS/g9zLmGbrz40AGrDr7rkBWvlP+7CxSyX0
MhQjm/kBKXUQL9hFgOKYuzweEK9+5jXLgwDrQ9AcymMlnHo1vmqBE4OGwlSo94NTIoNd
64Sf8PNACiOw23K1A7+zuJo5OfcN718nMiTkttqGthj9Rdrkeji31dmf4JGrjd0AAQ7s
S4sA==
X-Gm-Message-State: ALoCoQmR1avlVmHfUKvSnN28DWTkRkd9d5ok9o1sUpXUJczv9mjGFCq4hPz7daPeSSuSu6XP04zB
MIME-Version: 1.0
X-Received: by 10.107.164.209 with SMTP id d78mr50219543ioj.73.1428615520713;
Thu, 09 Apr 2015 14:38:40 -0700 (PDT)
Received: by 10.107.149.15 with HTTP; Thu, 9 Apr 2015 14:38:40 -0700 (PDT)
In-Reply-To: <CAMm+LwgQ30qRyQufBTqFvyjTZ0GT6_jvgf0Z0yOPF8SD-N=ujg@mail.gmail.com>
References: <CAMm+LwgQ30qRyQufBTqFvyjTZ0GT6_jvgf0Z0yOPF8SD-N=ujg@mail.gmail.com>
Date: Thu, 9 Apr 2015 14:38:40 -0700
Message-ID: <CALx6S35n6VXOm4WN_efG9e0DQvTZGYpCS+VZ=MZ6BdxoaZrFcw@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/3bvofiGJRN47ogwlX7L0cUMUWis>
Cc: Toerless Eckert <eckert@cisco.com>,
Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Yoav Nir <ynir.ietf@gmail.com>,
"spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] OS updates on embedded devices
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>,
<mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>,
<mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Apr 2015 21:38:47 -0000
On Thu, Apr 9, 2015 at 2:09 PM, Phillip Hallam-Baker <phill@hallambaker.com> wrote: > We are quite a way afield here. But there are very good reasons for > NOT wanting automatic updates. > > Security for me means that the device does what I want it to and > nothing else. Having the system change behavior because some code > monkey decided to add some Kewl features is a security vulnerability > as far as I am concerned. > > I have Sonos devices in some of the rooms. They are practically > unusable because the idiots who make the app insist on making changes > that require the already sluggish iPhone app to be updated regularly. > > When I want to turn the radio on I want it to take less than a second. > Sonos is already slow. But when it asks for an update of the app, > someone has to bring the phone to me and have me enter the password to > update it. Then the device will often fail to find the app store. If > it does find it then it is another five minutes to load the new app. > > > If a network device did the same thing it would undoubtedly break my network. This discussion is probably more relevant in the IoT and security lists. But anyway, as we start attaching more and more devices to the the Internet they eventually become targets. One known problem we face is that security vulnerabilities, unlike simple bugs, are usually not caught in initial development. It's only after significant deployment that would-be attackers get interest in this. So our choices are: don't connect devices, update software (wherever it is) on running devices, live with security vulnerabilities, buy new HW, have devices live behind other devices that provide security, etc. Given that these devices are targeted to end users and that some serve life critical functions (like you smoke detector), a transparent solution seems essential. Tom
- Re: [Spud] OS updates on embedded devices Caitlin Bestler
- Re: [Spud] OS updates on embedded devices Christian Huitema
- Re: [Spud] OS updates on embedded devices Brian Trammell
- Re: [Spud] OS updates on embedded devices Tom Herbert
- [Spud] OS updates on embedded devices Phillip Hallam-Baker
- Re: [Spud] OS updates on embedded devices Christian Huitema
- Re: [Spud] OS updates on embedded devices Tom Herbert
- Re: [Spud] OS updates on embedded devices Eliot Lear