1x78: A Different Kind of Duction

Je(re)my Garcia, Stuart Langri(dge), Jono Ba(con) and Bry-(in) Lunduke present Bad Voltage, in which half of us change phones, half of us go to All Things Open, and:

  • 00:02:13 Jono buys the new Google Pixel and tells us what he thinks of the big G's entry into the mobile market. Is it actually better? Is it just a new Nexus? What's the deal with software makers making hardware anyway? And is it worth the money?
  • 00:26:36 We've recently seen a large distributed denial of service, operated by shady figures in control of a huge internet-connected devices botnet. Are such things the wave of the future? What can be done to stop it? Taking in regulation, consumer purchasing decisions, the nature of the internet, next-generation platforms for IoT devices, the word "shonky", geopolitics, collective action problems and human psychology, the impact had by speaking out, and whether anyone needs an Toaster of Things anyway

Download the show now!

That pixel phone looks cool, but my reaction is the same as most people on hearing the price: 1000 dollars!!! I can sort of justify that kind of spending on a computer that I work on all day. My phone is for communicating, snapping pics and maybe surfing the web while I wait for something. Tho only way I justified ~$400 for my current one was the water-proof and rugged aspects and a great battery which I hope will see me using the same device for as long as possible. If the choice was $600 or a slightly better camera and screen, I know which I’d choose :stuck_out_tongue: That said, I can see how a Pixel phone could fit some people, so if you have the cash and really like the idea of taking billions of amazing photos and sharing them all day, go ahead :slight_smile:

I’ve got a lot of sympathy for @jonobacon’s point here; I spend probably as much time looking at my phone as my computer, and I’m fine with paying top dollar for a device which I use that much. It’s not that it costs a grand per se that’s the problem; it’s that I don’t think it’s worth a grand, and Google have charged that much to make it feel like a Veblen good, and I hate being manipulated like that…

Regarding manufacturers not being willing to do security patches, why couldn’t they come together to create a base platform so that only one team is needed? Build on top, let the base update, and then it’s only being done once. Stable API and away we go, yeah?

Also, a forward requirement is hard to do - companies go out of business all the time. Are you going to require a trust to be kept?

That’s quite a lot like what Ubuntu are trying to do, although as you’ll have heard from the show @bryanlunduke doesn’t think it’s a good idea. Presumably he doesn’t think everyone else trying to do it is correct either, but he didn’t mention any of them… just Canonical :slight_smile:

Well, it is @bryanlunduke … he’ll take any chance to piss on Canonical :smiley:

I think it’s a better idea than doing nothing, since I think trying to stop the IoT from being a … thing… is looking in the wrong place. It’s likely going to happen, so instead of trying to prevent it, let’s try to prevent it from sucking. See also, oil pipelines and environmentalists.

2 Likes

I’m with you :slight_smile:

And @bryanlunduke is dead wrong, security is in no way a boolean. Anyone who’s done the slightest bit of research will tell you that.

What price would I pay for the Pixel phone. Answer: The same as the last Nexus line up. This is coming from a Nexus 5X owner.

Did we figure out the model of indestructible Motorola it was, because that sounds interesting…

I’m thinking that @bryanlunduke has a good idea as to the new way to run the internet!

5 Likes

I was eagerly waiting for the next phone from Google - did not care if it was Nexus or Pixel. Reasons being: 1) I use MotoX Gen 1, so getting old and I can feel it now; 2) I am looking to move to Project Fi. Price tag is the probably the only reason I don’t have the phone in my hand now. I would order it for $600.

Intrigued by the idea of the internet aware toaster: what would anyone using such a device or the toaster it’s self benefit by being internet connected

I can see some areas where having internet connected small devices makes sense however

I have two very handsome horses [1] but I don’t have the land to keep them at home, I live in a two bedroom cottage without a garden. As a result 'i am renting space on a local horse yard / farm together with a few other people

I have set up a private web site, giving contact details for all the owners on site, the land owner and live web cams of the horses, some are simple wide angle views others have pan and zoom facilities. There is also a simple forum and PM service all running off a Raspberry Pi.

I won;t give details of this site, or the login credentials you would need to provide as I want to protect the horses safety and the owners identity but I suspect my knowledge of enforcing security in these matters is better than most but not as good as it should be and think we should be trying to push the security model as far as possible as @bryanlunduke argued in this episode

[1] At least I think they are - and it’s my reason for keeping them.

If it hasn’t got a .horse domain name then I don’t know what to do with you :slight_smile:

1 Like

I said to Jono that I was going to get a Pixel too. I nearly did but could not justify the cost. I went for OnePlus 3 instead and am so glad I did. The specification different between Pixel and OnePlus 3 appears to be negligible but the OnePlus 3 costs less than half the Pixel. It is a fantastic upgrade from my Nexus 5X.
I was also not a fan of Google deviating from pure Android for Pixel. It appears to be like a more Google iPhone.

I don’t get spending 1000 pounds on a phone when you can get a good Android phone for 130 quid (Moto 4G), The only reason to buy 1000 pounds on a smartphone is to make the kindof statement people who spend 1000 pounds and above on a standard watch… That is the only reason for that kind of spend but there are alot of people like that hence those sales figures for 1000 pound phones and watches.

It was a Motorola Droid Turbo 2. Here’s one being dropped from 900 feet, and still working after.

–jeremy

I see the ipad in the next video did not fare as well :slight_smile:

Best line of th shows is “keep an eagle eye on those fuckers”? BTW, Subway tomatoes are always slop.

You mean like one of the embedded Linux flavours out there? That most manufacturers already use? They are all based on a common Linux kernel and a minimal subset of common tools required by their function.

The Linux kernel deployed is customized for the device though, at a minimum to remove unnecessary drivers to reduce space and improve speed. So any fixes in the kernel would require each manufacturer to rebuild the kernel with their drivers.

(Unless you’re also suggesting a common hardware platform for all IoT devices?!)

Then the problem is how to you update all these memory and processor and connectivity constrained devices when a vulnerability is patched? They aren’t designed to handle the task of reloading their operating system. Most probably run their OS from non-modifiable memory chip and aren’t even equipped with any storage capable of storing updates (which need to be overlaid by the system when it starts-up - meaning the vulnerable code will always be present on the device).

One solution for devices that have writable memory or storage space for updates is to allow users to load their own updates. Either ones provided by the manufacturer or developed by third parties. But most manufacturers want you to buy more stuff from them - not keep using the old stuff; and very rarely will a manufacturer consider it worth their effort to support public community development.

Maybe we should move to a subscription model for all connected hardware? Then when there’s an update you just take it back to the supplier and get the latest model?

IOT devices cannot contact the internet without the owner knowing about it, you have to give them your WiFI SSID and password otherwise they’re deaf and dumb or do these devices come with a 3G sim card in them?
So the concept of a toaster connecting without the owners explicit consent is nonsense.
Could we devise some sort of throttled WiFi that we would connect IOT devices to our WiFi, one that is limited in how it can connect and what it can connect to, not sure how that would work, but we could at least make it a very slow connection so as to make its use as DDOS device painful.