nanog mailing list archives

RE: Spitballing IoT Security

From: Emille Blanc <emille () abccommunications com>
Date: Thu, 27 Oct 2016 14:30:14 -0700

(deleted for ambiguity)

Which is the point.  These things stay out there...like those winXP
boxes.  There are 2 choices

1) manufacturers are responsible for the devices.  No longer caring for
   them? Recall them.  Compensate the users.

2) stronger obsolescence.  eg kill switch/firmware tombstoning/network
   connectivity function ending timebomb

as a user of lots of legacy tech i find either option bad :/

alan


Or Apple could release iOS 6.1.7.  There is nothing stopping Apple doing
so.  Apple are the ones preventing people running iOS 10.x on the 3GS.
This puts the responsibilty on them to supply security fixes.

All of the PC's running XP could run a newer version of the Windows
regardless of whether they could run the latest version.


Well, yes and no.  As $newer_better_faster_stronger gains market share, there's no drive to be backwards compatible.

iOS is no different from any other operating system in that regard, it's designed for hardware A, B, C, D's 1 through 4 
(probably more, but I'm trying to be somewhat abstract).  If it has to support E through Z also, for 12+ years of 
backwards compatibility, bad things can happen (bloat, instability, bugs).
I don't get upset for example, when I transplant a Win2k or Win98 drive into a box built up with 3 year old hardware, 
of which not a single device is supported.
That's not even taking into account the challenge of developing for different architectures. ARM, x86, PPC, AMD64, 
PowerISA, SPARC, to name a few. I won't even get into microcontrollers.

Don't get me wrong. I'd love to update my 12 year old Macbook Pro to Sierra, but I've accepted that it, like most 
electronics, were almost certainly not engineered, let alone expected, to last even half that long.
I'm reminded of that fact every time I open Youtube, and Flash Player spins both of its 2.33ghz Core2 Duo cores to 100% 
for a 460p video.
Even then, I've had to stop updating Flash sometime around mid 2014, as any newer versions cease to function entirely.

Current thread:

Re: Spitballing IoT Security, (continued)
- - - Re: Spitballing IoT Security Brandon Butterworth (Oct 26)
    - Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)
    - Re: Spitballing IoT Security Mark Andrews (Oct 26)
    - Re: Spitballing IoT Security bzs (Oct 27)
    - Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)
    - Re: Spitballing IoT Security Mark Andrews (Oct 27)
    - Re: Spitballing IoT Security Ronald F. Guilmette (Oct 27)
    - Re: Spitballing IoT Security Edward Dore (Oct 27)
    - Re: Spitballing IoT Security Alan Buxey (Oct 27)
    - Re: Spitballing IoT Security Mark Andrews (Oct 27)
    - RE: Spitballing IoT Security Emille Blanc (Oct 27)
    - Re: Spitballing IoT Security Edward Dore (Oct 27)
    - Re: Spitballing IoT Security -- Dancing around a solution Stephen Satchell (Oct 27)
    - Re: Spitballing IoT Security Leo Bicknell (Oct 27)
    - Re: Spitballing IoT Security Ronald F. Guilmette (Oct 27)
    - Re: Spitballing IoT Security Mark Andrews (Oct 27)
    - Re: Spitballing IoT Security Ca By (Oct 27)
    - Re: Spitballing IoT Security Ronald F. Guilmette (Oct 27)
    - Re: Spitballing IoT Security Jon Lewis (Oct 27)
    - RE: Spitballing IoT Security Emille Blanc (Oct 27)
    - Re: Spitballing IoT Security Rich Kulawiec (Oct 28)

(Thread continues...)