I’m with you 
And @bryanlunduke is dead wrong, security is in no way a boolean. Anyone who’s done the slightest bit of research will tell you that.
What price would I pay for the Pixel phone. Answer: The same as the last Nexus line up. This is coming from a Nexus 5X owner.
Did we figure out the model of indestructible Motorola it was, because that sounds interesting…
I was eagerly waiting for the next phone from Google - did not care if it was Nexus or Pixel. Reasons being: 1) I use MotoX Gen 1, so getting old and I can feel it now; 2) I am looking to move to Project Fi. Price tag is the probably the only reason I don’t have the phone in my hand now. I would order it for $600.
Intrigued by the idea of the internet aware toaster: what would anyone using such a device or the toaster it’s self benefit by being internet connected
I can see some areas where having internet connected small devices makes sense however
I have two very handsome horses [1] but I don’t have the land to keep them at home, I live in a two bedroom cottage without a garden. As a result 'i am renting space on a local horse yard / farm together with a few other people
I have set up a private web site, giving contact details for all the owners on site, the land owner and live web cams of the horses, some are simple wide angle views others have pan and zoom facilities. There is also a simple forum and PM service all running off a Raspberry Pi.
I won;t give details of this site, or the login credentials you would need to provide as I want to protect the horses safety and the owners identity but I suspect my knowledge of enforcing security in these matters is better than most but not as good as it should be and think we should be trying to push the security model as far as possible as @bryanlunduke argued in this episode
[1] At least I think they are - and it’s my reason for keeping them.
If it hasn’t got a .horse domain name then I don’t know what to do with you
1 Like
I said to Jono that I was going to get a Pixel too. I nearly did but could not justify the cost. I went for OnePlus 3 instead and am so glad I did. The specification different between Pixel and OnePlus 3 appears to be negligible but the OnePlus 3 costs less than half the Pixel. It is a fantastic upgrade from my Nexus 5X.
I was also not a fan of Google deviating from pure Android for Pixel. It appears to be like a more Google iPhone.
I don’t get spending 1000 pounds on a phone when you can get a good Android phone for 130 quid (Moto 4G), The only reason to buy 1000 pounds on a smartphone is to make the kindof statement people who spend 1000 pounds and above on a standard watch… That is the only reason for that kind of spend but there are alot of people like that hence those sales figures for 1000 pound phones and watches.
It was a Motorola Droid Turbo 2. Here’s one being dropped from 900 feet, and still working after.
–jeremy
I see the ipad in the next video did not fare as well 
Best line of th shows is “keep an eagle eye on those fuckers”? BTW, Subway tomatoes are always slop.
You mean like one of the embedded Linux flavours out there? That most manufacturers already use? They are all based on a common Linux kernel and a minimal subset of common tools required by their function.
The Linux kernel deployed is customized for the device though, at a minimum to remove unnecessary drivers to reduce space and improve speed. So any fixes in the kernel would require each manufacturer to rebuild the kernel with their drivers.
(Unless you’re also suggesting a common hardware platform for all IoT devices?!)
Then the problem is how to you update all these memory and processor and connectivity constrained devices when a vulnerability is patched? They aren’t designed to handle the task of reloading their operating system. Most probably run their OS from non-modifiable memory chip and aren’t even equipped with any storage capable of storing updates (which need to be overlaid by the system when it starts-up - meaning the vulnerable code will always be present on the device).
One solution for devices that have writable memory or storage space for updates is to allow users to load their own updates. Either ones provided by the manufacturer or developed by third parties. But most manufacturers want you to buy more stuff from them - not keep using the old stuff; and very rarely will a manufacturer consider it worth their effort to support public community development.
Maybe we should move to a subscription model for all connected hardware? Then when there’s an update you just take it back to the supplier and get the latest model?
IOT devices cannot contact the internet without the owner knowing about it, you have to give them your WiFI SSID and password otherwise they’re deaf and dumb or do these devices come with a 3G sim card in them?
So the concept of a toaster connecting without the owners explicit consent is nonsense.
Could we devise some sort of throttled WiFi that we would connect IOT devices to our WiFi, one that is limited in how it can connect and what it can connect to, not sure how that would work, but we could at least make it a very slow connection so as to make its use as DDOS device painful.
Well, yeah, but the first thing you do is give the device your wifi ssid, because otherwise you can’t contact the device
Why do you want to contact your toaster?
So you can control it from your phone. I personally don’t think this is an interesting thing to do, but a hundred and seventy million says I’m wrong, as Jeremy pointed out. (And I do think that controlling my lights, or my sockets, from my phone is useful and I do the sockets one.)
Ok, not something I will ever do, but the idea of an IOT special WiFi channel still floats, and fairly easy to do, obviously it’s something WiFi router manufacturers would need to set up, but seems a way forward to me.
Just gotta point out that the D in DNS stands for “domain”, not “distributed”.
One of the big issues with the DDoS was vanishingly tiny TTLs on records forcing clients to re-query the resolvers of record run by Dyn.
GitHub and Twitter had 30 second TTLs for god’s sake. On the other hand, short TTLs make it easy to do regular maintenance so I can see why they do it.
The impact on records with TTLs measured in days was far less.
1 Like
Using embedded Linux is a start. Then build a standard API on top of it (with the possibility to be extended if needed). In addition, a requirement for a trust or “code escrow” might make sense. All code goes into “escrow”, and if the company flounders or fails to keep up to date it’s released.
If these devices can’t receive updates, they simply shouldn’t be online. Manufacturers need to be building things to accept the modern age.