1x78: A Different Kind of Duction

Well, yeah, but the first thing you do is give the device your wifi ssid, because otherwise you can’t contact the device :slight_smile:

Why do you want to contact your toaster?

So you can control it from your phone. I personally don’t think this is an interesting thing to do, but a hundred and seventy million says I’m wrong, as Jeremy pointed out. (And I do think that controlling my lights, or my sockets, from my phone is useful and I do the sockets one.)

Ok, not something I will ever do, but the idea of an IOT special WiFi channel still floats, and fairly easy to do, obviously it’s something WiFi router manufacturers would need to set up, but seems a way forward to me.

Just gotta point out that the D in DNS stands for “domain”, not “distributed”.

One of the big issues with the DDoS was vanishingly tiny TTLs on records forcing clients to re-query the resolvers of record run by Dyn.

GitHub and Twitter had 30 second TTLs for god’s sake. On the other hand, short TTLs make it easy to do regular maintenance so I can see why they do it.

The impact on records with TTLs measured in days was far less.

1 Like

Using embedded Linux is a start. Then build a standard API on top of it (with the possibility to be extended if needed). In addition, a requirement for a trust or “code escrow” might make sense. All code goes into “escrow”, and if the company flounders or fails to keep up to date it’s released.

If these devices can’t receive updates, they simply shouldn’t be online. Manufacturers need to be building things to accept the modern age.

Yeah. Wasn’t sure about that when I said it :slight_smile:

Just want to tell @bryanlunduke I bought a Netgear ReadyNAS Duo eight years ago and it is still getting updates, http://kb.netgear.com/app/answers/detail/a_id/30914

So good for Netgear!

1 Like

@jonobacon raved about the assistant in his diamond encrusted pixel phone, and how it did magical things like send him photo collages. This is indeed a super feature… Of Google Photos, which, while called ‘assistant’, is available without selling a kidney to buy a Pixel phone.

I have my OnePlus X set to upload every photo to the Google overlords and frequently get sent collage notifications, including this one today, featuring “Beefy Miracle” @jonobacon himself, taken on my 5th day at Canonical, 5 years back.

2 Likes

I didn’t say security is a boolean. But if you unpatched security vulnerabilities – and a large enough install base (like, say, a toaster in every-home) – that is simply going to be exploited. And, unless the device makers (and system makers) can commit to consistent, timely security updates for the life of the device… then it is unacceptably insecure.

Not my fault Canonical is screwing up so much lately. :angel:

Here’s the thing. If we have half of every kitchen appliance connected to the internet and running a single, consolidated base platform… we want the people administrating that base platform to do so in a reliably consistent way… and be dedicated to doing so for… EVER. Or at least a good couple of decades.

Canonical changes company direction with the wind. If there is even the slightest chance of having IoT not be the total downfall of the Internet… we’re going to need something much more consistent and lasting than what Canonical has been able to deliver up till now.

And before anyone jump on me for that being an anti-Canonical statement… think about it long and hard. Consider the drastic changes over the years (and currently). Canonical is filled with awesome, brilliant people… who seem to get bored with the direction they’re taking every 9 to 15 months.

I think those were your exact words, actually :stuck_out_tongue:

I was with Bryan when he started talking about IoT but then he lost me.
The solution to a technical challenge is not that we stop progress.

Car accidents kill a lot of people but we don’t ban cars we find why the accident happened and find a way to prevent that.

You can’t stop canonical or any other company from meeting the consumer needs.

I want a toaster thata gives me a notification about when my tost is down and I probably can hook it up to my phone or any other home control device at the same time I would hate that I am late to office and can’t get a toast since it downloading updates.

One possible solution might be to limit what it can do, I don’t need an SSH server there or dnsmaq and hence reduce the attack surface and have a hub that talks to a server and nothing else.

A certification is also a pretty good idea, hardware manufacturers guarantee that this device will get updates for n years and you decide if the cost is worth those n years.

Yes, yes you did.

(clip taken from episode 1x78, around 57.30)

1 Like

Interesting; I took it as read that the “assistant” was the next evolution of “google now” and did stuff that we non-Pixel peons don’t get access to. So… what’s the assistant, then? Is it just a reorganisation of stuff that existed already?

Assistant seems to be a term Google are using for whenever they embed their AI-ish stuff into an app. So in Allo (the new, new, new chat app) you get an extra person (bot basically) in the conversation who can provide pro-forma “guessed” (based on ‘big data’) replies, or show in-line maps, allow you to reserve tables etc. In photos, it’s the thing that surfaces your best / favourite photos and makes collages, photo montages etc.

All integrated into the app, so you don’t leave the app, the assistant comes to you, as an assistant should, really. I expect to see ‘Assistant’ used in other Google branded products.

Ahhh… so the assistant is the new thing, but it’s basically there to provide an alternative route to access existing stuff. Makes sense. But I find the idea of a new participant in my conversations creepy, even though it’s logically no different from the access that Google had to those conversations before. Uncanny valley problem here, Google.

In a segment about IoT based security failures in which Canonical played precisely zero part, never let that stop @bryanlunduke turn that into an opportunity to poke at Canonical, again.

Canonical has existed for just over 12 years. In that time we’ve reliably and consistently put out releases of Ubuntu desktop & server and provided security updates for all those supported releases as per our release schedule. We respond rapidly to security alerts and keep our customers and partners well informed. A year ago we resolved a significant security issue on our phones well within a day, and with the latest ‘dirty cow’ we shipped updates to our users in hours.

Asserting that we’re somehow not to be trusted with security issues is typical Lunduke anti-Canonical bullshit.

“With the wind” is somewhat hyperbole. Desktop and server images are still produced, and last I looked we’re still the most deployed desktop Linux and easily the most popular cloud deployment by some considerable margin. The fact that we also look at new and interesting things to work on might be perplexing to simple minded individuals, but the fact remains that we still put out security updates for supported platforms as we have for a number of years now.

Yep, you’re totally right. Though, to be fair, the point was around the security of IoT devices where the software gets loaded and the device gets used for 10 to 50 years (likely with few, if any, updates). In that scenario (which was my point) the security of these devices does become a bit of a boolean. If there are unpatched security vulnerabilities, that are identical across millions of actively turned on and connected devices, eventually the benefit of exploiting those vulnerabilities – and the fact that those vulnerabilities are, likely, well documented as components of the IoT system will, in all likelihood, continue development long after that “thing” is forgotten by the manufacturer… well that just makes it extremely likely (nearing 100%) that those devices will be compromised.

Ergo… a boolean.

The concept of “security” itself is not a boolean… but when talking about the scenario we discussed in the show… it kinda does approach (if not completely become) a boolean.

I have written so many positive articles about Canonical and Ubuntu (not including declarations of support and rave reviews on podcasts, videos, and in person lectures). If you don’t like that I tell the truth, don’t listen.

Canonical has also issues several updates that have completely trashed installed systems. And changed the core guts of the system repeatedly – often re-writing their own projects that weren’t even yet complete. Canonical’s development process is the exact opposite of what is needed for devices that need to run, mostly unchanged (but fully patched and supported), for decades at a time.

Again. Canonical has received huge support from me over the years. Also I did not say what you say I asserted.

Also great job resorting to personal attacks when we’re talking about what the needs are for a specific market segment.

Complete dodge of the core issue. Also a complete misrepresentation of the truth.

Wow. You might want to walk some of that back.