The Coming IT Nightmare of Unpatchable Systems

snydeq (1272828) writes "Insecure by design and trusted by default, embedded systems present security concerns that could prove crippling if not addressed by fabricators, vendors, and customers alike, InfoWorld reports. Routers, smart refrigerators, in-pavement traffic-monitoring systems, or crop-monitoring drones — 'the trend toward systems and devices that, once deployed, stubbornly "keep on ticking" regardless of the wishes of those who deploy them is fast becoming an IT security nightmare made real, affecting everything from mom-and-pop shops to power stations. This unpatchable hell is a problem with many fathers, from recalcitrant vendors to customers wary of — or hostile to — change. But with the number and diversity of connected endpoints expected to skyrocket in the next decade, radical measures are fast becoming necessary to ensure that today's "smart" devices and embedded systems don't haunt us for years down the line.'"

This "nightmare" rigns a bell

[Jailbrekr]

They had the same problem prior to the year 2000, so why wasn't this lesson already learned?

Re:This "nightmare" rigns a bell

Different lesson the lesson then was don't know a bug exists for years, know you can fix it but simply don't until the last minute.

the lesson here is "stuff might need updates some day don't be fucking retarded"

Re:This "nightmare" rigns a bell

[ZouPrime]

The lesson wasn't learned, but the problem was somewhat mitigated. Big software companies adopted regular patch cycles and deployed patch management tools on their customers. It kinda worked because PC are powerful computers well designed to be upgraded and modified.

This is not the case for many embedded systems. They are designed to be installed and then you forget about them. So the "classic" mitigation technique doesn't work. This is a big problem.

Re: This "nightmare" rigns a bell

There are two lessons here: one, if you make something non-upgradeable it may have a bug that requires a fix; two, if you make something upgradeable some nefarious actor could exploit that and install something bad.

Re:This "nightmare" rigns a bell

[Sarten-X]

I was thinking we had the same problem with work horses that got old, or with pre-OSHA workers who lost limbs in factories.

The solution is the same, but now there's no ethics to be worried about. If your system or device can no longer perform its job (including meeting security requirements), replace it. Oh, sure, there's lots of sentimental value in having something obsolete that you already own rather than paying again for something with a support life, but that's why you were able to afford the thing in the first place. It didn't need the expensive engineering for a century-long lifespan. It was designed for a few years' support, and that's what you paid for.

Re:This "nightmare" rigns a bell

[NoNonAlphaCharsHere]

Different nightmare. The Y2K embedded system nightmare was systems that wouldn't know what to do when the clock rolled over. By and large, the doomsayers were completely wrong. The current problem is *Internet enabled* embedded systems, easily hackable, out of warranty, out of support, manufacturer TU, owner/deployer isn't even sure how many they have, or where they're located, etc., etc. Picture making a botnet out of all the traffic light controllers, or the elevator controllers, or smart water meters, or internet toasters.

Re:This "nightmare" rigns a bell

[Penguinisto]

They are designed to be installed and then you forget about them. So the "classic" mitigation technique doesn't work. This is a big problem.

Hell, I thought the "classic" mitigation schemata for embedded devices was to not have them networked at all, leaving them to run for years (decades?) on end.
(See also the hordes of NT Telecom PBXes out there which are likely still around, requiring a goofball proprietary connection to a computer running OS/2 (!?) in order to patch it (or more commonly, you did it to add new/licensed features or to fix something gone corrupt).)

Therein lies the whole problem with the paradigm, truth be told - originally, embedded devices didn't communicate with jack shit - you unpacked it, turned it on, maybe configured it, and then you forget that it existed until it broke (at which time the vendor/contractor sent someone out to fix it), or got replaced.

All that said, hell, we already have a testbed for this nightmare - an ocean of smartphones whose carriers and manufacturers ceased to give a crap whether their wares ever got upgraded.

Re:This "nightmare" rigns a bell

[gbjbaanb]

its not the size - my motherboard bios can be upgraded and its tiny. The problem is that it costs effort to make them upgradeable, and companies are cheapskates.

Re:This "nightmare" rigns a bell

[Tom]

This is not the case for many embedded systems. They are designed to be installed and then you forget about them. So the "classic" mitigation technique doesn't work. This is a big problem.

Only because software development sucks and nobody takes the time and effort for not-so-much-fun things like code review.

Re:This "nightmare" rigns a bell

I think it might be more along the lines of, "We will make it cheap and non-upgradable now, and by the time it needs to be updated we can sell the next big thing." A product with a designed lifetime.

Re:This "nightmare" rigns a bell

[SuricouRaven]

The doomsayers were right. A great deal of effort went into patching and testing all critical systems before the year ticked over. There was no disaster because systematic action to avert it was taken well in advance.

Re:This "nightmare" rigns a bell

The doomsayers were wrong because we patched our systems.

Re:This "nightmare" rigns a bell

[rijrunner]

We discussed the Y2K problem in my intro to comp science class in Jan 1982..

Re:This "nightmare" rigns a bell

[Archangel+Michael]

Companies aren't "cheapskates", customers are.

Here, I'll prove my point,. You can buy something for $15 today, and have it supported until tomorrow(or whenever) or you can pay $300 for the same exact thing, only support will go for a guaranteed 10 years.

Guess what, the company didn't make the choice, you did. The company is just following the choice you've taken.

The problem is solvable. Like Cellphones, it is cheaper and easier in the long run to simply buy a new one every 2 years than it is to buy one that will last you five. And in two years, sufficient advancement means that your old cell phone won't do all the neat cool things that all the new phones want to do, and you're gonna upgrade it anyway, so buy the cheaper one now, and upgrade in two years.

Re:This "nightmare" rigns a bell

[NReitzel]

Unpatchable systems are a problem, but if you view them as a black box, they are no different than non-logical systems that break.

I'm rather fervently against systems that cannot be upgraded on the fly, but I understand why manufacturers might not like this.

Consider, if you buy a traffic light controller that can be improved and modified, then where is the motivation for a second round of purchases when "upgrade" becomes necssary. After all, I certainly want the person who sold me a refrigerator to be able to brick it when they want, or on a certain date. I can't understand those Commie Sympathizers who think that a sale means that you actually -own- the product, and can use it as long as you see fit.

Re:This "nightmare" rigns a bell

[plover]

So perhaps they should be sold like that: "You can buy our Amazing zPhone 5 for $100, guaranteed to work until 2018, or our Amazing zPhone 5c for $150, guaranteed to work until 2021. We no longer sell the Ordinary zPhone 4, whose guarantee runs out in 2015, and will in fact quit working by 2016."

Right now when someone buys a cell phone, they have it in their brains that they're making an "investment", that the phone will last for the next 20 years, or even forever. They are used to products that wear out due to usage, abuse, accidents, but for some reason they do not ascribe the same attributes of reliability to software, even though they've almost never encountered perfect software in their lives. For the most part, it's ignorable to them, even when it has bugs.

Re:This "nightmare" rigns a bell

[wonkey_monkey]

That was actually January 3982. It was easier just to let it roll over the first time round.

Re:This "nightmare" rigns a bell

[wonkey_monkey]

A deadline has a wonderful way of concentrating the mind. No deadline, less motivation.

Re:This "nightmare" rigns a bell

[ZouPrime]

"Only because software development sucks".

The solution isn't better coding. It's been CLEAR now, for many years, that we can't just wait for the world coders to magically become amazing and consistently produce flawless code. Yes, training is part of the solution, and so are advanced debugging tools and many other things, but just blaming that it is the coder's fault won't change anything. It's not a solution, it's a blame.

It's like saying that car deaths would go down if only drivers were better.

Re:This "nightmare" rigns a bell

[mythosaz]

Right now when someone buys a cell phone, they have it in their brains that they're making an "investment", that the phone will last for the next 20 years, or even forever.

They do? Who are these people?

For a sufficiently true portion of "everyone," "everyone" just gets a new phone every two years on contract anyway.

Re:This "nightmare" rigns a bell

[EmperorArthur]

A deadline has a wonderful way of concentrating the mind. No deadline, less motivation.

This is the next big one: https://en.wikipedia.org/wiki/...

Honestly I wonder how many devices it will affect. I know anything which isn't patched and relies on security certificates is hosed, but what about the network printer that nobody cares about and is running completely unsecured?

Re:This "nightmare" rigns a bell

[sugar+and+acid]

The replacement date for cell phones is upfront and written into most contracts. It is a fundamental part of cell-phone contract marketing these days. So nobody is thinking 20 years unless they are deluded, and the phone companies are definitely not promoting that at all. The 2 year upgrade cycle is transparent, and well understood between customers and vendors. So what is your point?

Re:This "nightmare" rigns a bell

[Lumpy]

Greed.

Re:This "nightmare" rigns a bell

[Rich0]

They are designed to be installed and then you forget about them. So the "classic" mitigation technique doesn't work. This is a big problem.

Hell, I thought the "classic" mitigation schemata for embedded devices was to not have them networked at all, leaving them to run for years (decades?) on end.

Unfortunately, the guys at Buffalo who sold me my router haven't heard of this principle. It contains a version of openssl known to be vulnerable to Heartbleed, and it has yet to be patched. Previously I figured I didn't use anything that depended on the library, but now the article came out that it potentially could be used for EAP - I have no idea if this is the case but I'd prefer not to wait and find out.

Fortunately it runs DD-WRT which means that OpenWRT is almost certainly a practical option. I'll just have to flash it one of these days. Still, it isn't that old, so vendor support should still be available.

Re:This "nightmare" rigns a bell

[CapOblivious2010]

They had the same problem prior to the year 2000, so why wasn't this lesson already learned?

No, it was a totally different problem.

Y2K was about an optimization made early in the history of software development, when every bit and byte was precious, and it was expected that the software would be replaced long before it became a problem. Well, not all of it got replaced before then - but everyone knew the problem was there, and exactly when it would bite us, so a lot of people worked hard patching system so that there were no major problems. And before you sneer at the short-sightedness of early developers, let me ask you this: how many of YOUR programs are Y10K compatible? Or Y2037 compatible? Or Y65536 compatible?

This is about security flaws (some due to criminally-negligent designs, some due to inevitable software bugs made even by skilled developers) that are NOT known about in advance, and that CANNOT be patched when they suddenly become a problem.

Re:This "nightmare" rigns a bell

[ShanghaiBill]

The doomsayers were right.

No they weren't. Many people updated and patched their systems. Plenty of other people did NOTHING. Neither had any significant issues. My company budgeted this much for Y2K preparations: $0. We figured we would just let the failures happen, and then deal with them after-the-fact. Here is a complete, exhaustive list of all the problems that occured on 1/1/2000:

1. A javascript bug caused the date on our homepage to say "Jan 1st, 19100". Time to fix: 30 seconds.

Re:This "nightmare" rigns a bell

[marka63]

Total BS. Phones should last 20 years. The old land line ones last 20+ years. The only thing in a modern phone that doesn't have a 20+ year life span is the battery and that is not through not trying.

As for the 2 years that is the time to pay off the phone in instalments, not when it is supposed to be unusable any more. Yes, phone companies would like you to get a new phone every 2 years as that locks you into them for 2 more years.

As for fixing bugs in the OS most of the time a bug that exists in one version of the OS exist in all versions of the OS. Once the initial diagnoses is done back porting is usually a relatively low cost apart from the regression testing. That said there does become times where back porting becomes expensive. This is usually when a new feature is in the same area of code where the old bug is.

Now in sane countries there are consumer laws about replacement parts needing to be available from the manufacture for reasonable lengths of time for any product being sold. The length of time differs depending upon the product and the price etc. For cars 10-20 years is not unreasonable. Spares are needed to be available well after the warrantee expires.

OS and application bug fixes are no more than getting a spare parts and should be available for similar lengths of time. The only reason they aren't is that consumer law hasn't caught up yet.

Re:This "nightmare" rigns a bell

[CaptnZilog]

Right now when someone buys a cell phone, they have it in their brains that they're making an "investment", that the phone will last for the next 20 years, or even forever.

They do? Who are these people?

For a sufficiently true portion of "everyone," "everyone" just gets a new phone every two years on contract anyway.

My Nokia 6102i works just fine for what I need it for, thanks. I don't even remember when I got it, has to be at least 6 years ago now, and I see no reason to get rid of it (I bought a galaxy S2 test Android programs, but I have no intention of using it as a "phone"). In fact, I have two Nokia "spares" I got on ebay for $10 ea, just in case (cat knocked my last one off the desk and broke the hinge). I don't need the internet strapped to my hip 24/7, I'd rather experience the real world around me.

Re: This "nightmare" rigns a bell

[thunderclap]

There are two lessons here: one, if you make something non-upgradeable it may have a bug that requires a fix; two, if you make something upgradeable some nefarious actor could exploit that and install something bad.

no, the lesson here is "DON"T MAKE STUFF UNUPGRADEABLE!" Otherwise, you will pay the piper and he looks like the main character from V is for Vendetta.

Re:This "nightmare" rigns a bell

[thunderclap]

no, companies are greedy.

Re:This "nightmare" rigns a bell

[thunderclap]

No. People are ignorant. The companies manipulate it to look like option 1 is better than option two. You can have both at $15 too but the CEO and board would have to sacrifice their jet and weekly golf games at the country club.

Re:This "nightmare" rigns a bell

[rtb61]

The point you seem to be missing is customer expectation of durability of product and planetary survivability of how much junk we can dump upon whilst burning resources like there is no tomorrow.

The real question now is not whether we can tolerate our current system of wasteful egoistic mass consumption but whether we can tolerate those who promote it and corruptly seek to continue it to system collapse.

Re:This "nightmare" rigns a bell

[Tom]

I didn't say it's a matter of training, though it does play a role.

It's also a matter of expectations. As long as customers accept a crash as something that "just happens every now and then", software developers have no requirement to shape up.

It's also a matter of tools, of organisation, of structure and environment.

Many factors come in. I'm just saying right now, coding is a horrible mess and it's a miracle that anything works at all.

Re:This "nightmare" rigns a bell

Your "systems" clearly didn't deal with finance, stock, ledgers, order processing, accounts payable/receivable, payroll et al. If they did you would fail elementary audits and be shut down.

Re:This "nightmare" rigns a bell

[AmiMoJo]

I work in this industry and there is huge demand for networked embedded devices. They tend to use proprietary radio networks at the moment, but there is a push to standardize those (things like Wireless MBUS and bizarrely in the UK Zigbee). Companies want to deploy devices and have them report back to central office instead of having to send out guys to collect sensor data or change settings.

We are starting to see security issues appear. For example one product uses a GPRS modem to upload data to an FTP server. Being a battery powered embedded device it can't copy with encryption so just sends data plain text. It supports passwords for FTP but there is no easy way to bulk change the password if it ever gets compromised. Having said that it isn't completely dumb - it won't allow firmware updates from files on the FTP server. It does allow commands to be sent via text message though, and will execute them without any validation. The only security is that the phone number is obscure, and yes it does have to delete a lot of spam messages.

Re:This "nightmare" rigns a bell

[knorthern+knight]

> Total BS. Phones should last 20 years. The old land line ones last 20+ years.
> The only thing in a modern phone that doesn't have a 20+ year life span is the
> battery and that is not through not trying.

I got a Nokia 6015i "Candy Bar" phone in 2006. http://nokiamuseum.info/nokia-... Back then, it could talk to the network (Virgin Mobile Canada) over 3 protocols; analog, 1XRTT, and I forget what else. Now the display only shows 1XRTT active.

I rarely use it, so I don't need anything fancier. I'll keep it until my carrier no longer supports it. They've already sent me an offer of a "low-cost upgrade to a faster phone", but I ignored it. With all the buzz about 3G, 4G, 5G, etc, etc, and VOLTE, I don't think 1XRTT will be around several years from now, but I'll cross that bridge when I get to it.

Re:This "nightmare" rigns a bell

[gbjbaanb]

bollocks.

A case in point, I have had very expensive products not be supported a year (or the minimum required by law) after purchase. I have also written a quick letter to Antec complaining that a fan of theirs I bought stopped spinning 2 years after purchase.

Now, guess which company sent me a new fan in the post.

Its all down to the company, whether they want to continue supporting a product - it might be down to marketing (ie we're so reliable you can trust us), or whether they are penny pinching to eek the last drop of profit out of products they want to fail so we purchase replacements.

For software its another matter though, its one of internal procedures. Can you imagine a company, say a network router manufacturer, when confronted with heartbleed, saying "we've got the intern checking out of source control the last firmware for all our products and he's going to patch the openssl library used, rebuild it using the CI build server, test it against the kit we have in the lab and the deploy the new firmwares to the website"? No... if they had organised themselves properly doing that would be easy enough the intern can do it. Chances are they just don't have the floppy the old firmware sources were stored on anymore.

But then, its cheaper to just knock out the firmware than to build up a way of controlling it properly.

Re:This "nightmare" rigns a bell

[cardpuncher]

Don't worry. IPv6 will solve the problem by ensuring those end-of-line internet-connected systems aren't internet-connected any more...

Re:This "nightmare" rigns a bell

[pnutjam]

Sure, however everyone has an example where they bought long term and still lost support because the company closed up shop. Corporate law makes this sort of investment too risky for most people.

Re:This "nightmare" rigns a bell

[Archangel+Michael]

You are an exception. Not the rule.

Re:This "nightmare" rigns a bell

[DutchUncle]

Therein lies the whole problem with the paradigm, truth be told - originally, embedded devices didn't communicate with jack shit - you unpacked it, turned it on, maybe configured it, and then you forget that it existed until it broke (at which time the vendor/contractor sent someone out to fix it), or got replaced.

Um m m m m . . . what's the problem with this paradigm? The holy grail of any device, from wiring to pipe to an active device, is that I install it and forget that it exists. Maybe even hide it inside a wall or something. Well, yes, maybe I have to replace the water heater every 10 years or so, and clean out the heating system burners a little more often. If the sunrise-and-DST-correcting timer on my entryway light "just works" as long as the wiring does, so much the better.

To me, the problem is more with the IOT concept; do I really need or want my entryway timer to be reporting its status anywhere, or be accessible from anywhere other than the light switch? Yes, it's cool that my computer could blink the light in morse code . . . but why?

Re:This "nightmare" rigns a bell

[kellymcdonald78]

Why should smartphones be expected to last 20 years. Do you expect your desktop or laptop to last 20 years? Why engineer something to last an arbitrary 20 year period of time, if consumer behavior shows that 99% of them will be in the trash within 5 years? Moores law is still in play for now, meaning the phone I buy today (even if built to a level of durability needed to last 20 years) will be horrendously obsolete compared to the phone I can buy in 5 years. (Which will have 4-8 times the performance and do a wide variety of new things that my existing phone can't). Consumers respond by throwing away the old phone a buying the new. Comparing a smart phone to the old bell land line phone is like saying "My abacus was able to last 50 years, why doesn't my MacBook Air do the same"

Re:This "nightmare" rigns a bell

[kellymcdonald78]

Yes, because keeping an army of developers on staff to maintain legacy applications from 20 years ago only used by 4 people doesn't cost anything. With the exception of Apple, most hardware manufacturers operate with a razor thin margin.

Re:This "nightmare" rigns a bell

[david_thornley]

In 2037, I'll be 83. If not senile, I should still be able to do K&R C. Wonder if I'll want a boost of retirement funds then.

Re:This "nightmare" rigns a bell

[david_thornley]

In other words, your software was mostly from other people, and they did all the work.

Re:This "nightmare" rigns a bell

[marka63]

Actually I do expect the desktop to last 10 years. I've got desktop machines that are 15 years old that are still functioning fine for the purpose they are put to. They don't need the extra speed. They chew up a bit of power compared to the more modern hardware that could do the same job.

I had a cable modem that lasted around 12 years. It only got replace this year because it started to stop holding sync. Presumably some capacitor failed in it. I upgraded to a new modem which supported a newer version of DOCSIS. That said I didn't need to upgrade as I didn't need the updated functionality.

As for smart phones becoming obsolete. Most smart phones already have more compute power than is needed. It's nice to have the newer radios and with them faster connections. But apart from some apps that are specifically designed for iOS 7, a 3gs will run everything fine. It has the compute power needed. The screen resolution is good enough for 90% of the population. This is ~5 year old product being first released in 2009. It will do what 90% of the population want to do. It's also still receiving security updates. I applied one over the air (WiFi) within the last month.

The household has iPhone 3gs, 4 and 5 so I've had a chance to evaluate all of them. We max out on the available memory when we buy them. They get replaced due to physical damage. The last 3gs got replaced because it had been dropped to many time and connector #4 would no longer stay seated. My daughter got my wife's 4 and she got a new 5. This was a repair or replace due to physical damage. The phone itself was still capable of doing everything my daughter wanted to do on it.

I reject the contention that in 5 years a smart phone purchased today will be horrendously obsolete because 5 year old phones today are not horrendously obsolete.

Re:This "nightmare" rigns a bell

[lsatenstein]

They had the same problem prior to the year 2000, so why wasn't this lesson already learned?

Why is this a problem. My wristwatch is an embedded system that drives the display and hands. What about vending machine software or even home washer/dryer products. So they are not maintainable, unless we upgrade.

Isn't that part of the "disposable society", where we get bored of some products and upgrade as a replacement for food or sex satisfaction?

Re:This "nightmare" rigns a bell

[kellymcdonald78]

Firstly I asked if you expected your desktop to last 20 years, you responded "yes I expect my desktop to last 10 years", nice way to move the goal posts. A 1994 top of the line desktop would be using a brand spanking new 100Mhz Pentium Chip running Windows 3.11. What exactly would you apply this powerhouse to today? Now because you (and a small handful of people) are running 15 year old machines to perform some specific task, everyone is supposed to pay more to provide you with ongoing support and spare parts? For a 20 year desktop lifespan, Microsoft for example would need to write Windows 8 to be able to run on an original Pentium (with FDIV bug), or support every version of Windows from Windows 8 down to 3.11 (an OS that didn't even have an IP stack). Tell me who gets to pay for these armies of developers? I'd argue that the 3GS IS horrendously obsolete. While the it can up upgraded to iOS6 there are several features that do not function (VIP list, Offline Reading List, Shared Photo Stream, Siri, Maps flyover, Turn-by-turn navigation, FaceTime on 3G, Hearing aid support). It does not support iO7 (Control Center, Notification Center, Air Drop, Improved multitasking, upgrades to camera and photos, iCloud photo integration, significant upgrades to Safari, Find My Phone, Car Play, plus a bunch of stuff to support enterprise usage). Oh and iOS8 comes out this fall. The 3GS doesn't support LTE, HSUPA, nor 802.11n. The iPhone5 has 4-8 times the processing power of the 3GS, 4 times the memory, 8-12 times more powerful video processing, the camera has 3 times better resolution, does HD video, image stabilization, includes a front facing camera, plus the battery lasts longer too . This all within 5 years (technically only 4 as the iPhone5S came out in 2013), now imagine a 20 year old smart phone.

Re:This "nightmare" rigns a bell

[thunderclap]

Yes, because keeping an army of developers on staff to maintain legacy applications from 20 years ago only used by 4 people doesn't cost anything. With the exception of Apple, most hardware manufacturers operate with a razor thin margin.

And why is that? Because most the money that should be invested back into production and R&D is spent on that corner office, jet, limo, and the golf games. You won't convince me that the same decisions can't me made in an office one level above the production floor that has no beautiful view.

Re:This "nightmare" rigns a bell

[marka63]

And of those item which are not available, how many are not there due to new hardware (other than memory and cpu) and how many are not there due to marketing?

FaceTime requires a forward facing camera.
Hearing aid support requires new hardware.
LTE, HSUPA, nor 802.11n new hardware.

iCloud photo integration marketing.
Safari marketing
Find My Phone marketing
Shared Photo Stream marketing
Turn-by-turn navigation marketing
Offline Reading List marketing
Air Drop marketing
Multitasking marketing

Apple want you to buy new hardware. I've got no problem with them not adding new features. If you want the new feature well and good go buy them but not having it doesn't make you horribly obsolete. All of the new stuff falls into the "nice to have" category for 99% of people and given a choice between a 3gs and 5 I would say buy a 5.

Just because Windows didn't have a IP stack 20 years ago, didn't mean you couldn't get OS with a IP stack to run on the hardware. If you look and most operating systems lots of it hasn't changed in 20+ years. 20+ year old bugs are still being found.

Re:This "nightmare" rigns a bell

[kellymcdonald78]

I take it you've never worked in hardware manufacturing. Gross margin is typically in the ~30%-35% range (that is margin after the cost of goods sold), Apple and Samsung manage to get in the 40% range. Of that 10%-15% goes to R&D, 10%-15% to marketing, leaving ~5% for profits, jets and limos. It's just that R&D is being spent on new things as opposed to supporting legacy platforms used by a handful of people.

Re:This "nightmare" rigns a bell

[kellymcdonald78]

Why exclude "memory and CPU"? You may have heard of something called Moore's Law, its one of the single biggest reasons why modern consumer electronics become obsolete so fast. Many of the "marketing" features you've listed are directly tied to memory and CPU performance (turn by turn navigation, Safari upgrades, multitasking, Siri). Windows 3.11 had 500,000 LOC, XP was 45,000,000 LOC, Windows 8.1 is 80,000,000 LOC. To say that "lots of it hasn't changed in 20+ year" is flying in the face of fact, or are those 79,500,000 LOC all "marketing" features that could easily be added to a Pentium III powered desktop.

Re:This "nightmare" rigns a bell

[thunderclap]

Marketing doesn't need 15%. People hate commercials. So the companies are pissing that money away. Move all of it but 1% to R&D or legacy and shock you are actually serving the public as opposed to collecting money for the company. Also raw materials is overpriced but that is a different argument.

Nightmare of Slashdot ads sending me to viruses

[bluefoxlucid]

Slashdot keeps forwarding me to activeplayer.us, which tries to drive-by-download an installer. It looks like Adobe's FlashPlayer site.

Re:Nightmare of Slashdot ads sending me to viruses

[david.emery]

Well, that would be less of a problem if you didn't surf SlashDot using your refrigerator or crop-monitoring drone...

Re:Nightmare of Slashdot ads sending me to viruses

[NoNonAlphaCharsHere]

You know, I'll bet if you fixed your hosts file...

Re:Nightmare of Slashdot ads sending me to viruses

[scottbomb]

You might already have a virus. I've never seen any such thing on /.

Re:Nightmare of Slashdot ads sending me to viruses

[koreanbabykilla]

Also happening to me, Chrome wont actually let it download that shit tho.

Re:Nightmare of Slashdot ads sending me to viruses

[plover]

Don't say that word, lest you summon ... him.

Re:Nightmare of Slashdot ads sending me to viruses

[hurfy]

It did it to me Friday. One of the rotating ads is/was malware. I wasn't even doing anything in browser at the time.

Along that line....

What the hell is this place like with ads turned on now? This says they are OFF and I still get 1-2 moving/sliding ads and a damn pop-over, but polls and other features are turned off as collateral damage !?!?

PS auto-audio ads might chase away many of us surfing at work which is probably a bigger audience than you really want to know :O

Driverless cars...

[russbutton]

Wait until we have driverless cars on the road. But I'm sure they'll all be bullet-proof secure, don'tcha think?

Re:Driverless cars...

[SuricouRaven]

But think of the potential for abusing car-to-car networking.

"I'm late for work!"
*hackhackhack*
"Now I'm a fire engine! Move aside, everyone! Let the emergency vehicle through."

Re:Driverless cars...

[dkf]

But I'm sure they'll all be bullet-proof secure, don'tcha think?

What kind of glass are you using?

Oh, that kind of "bullet-proof". Not the Chicago Musicians' Union kind...

Re:Driverless cars...

[UrsaMajor987]

I assume that the coding will be done to a higher standard like other life critical systems (avionics, medical devices, etc.). The thing is the software driving a car has to be more complex than typical avionics systems since it has to understand what it is driving into in addition to controlling the car and dealing with various hardware failures. How are they going to insure adequate testing? Is there even a standard for testing? Maybe more complex than the space shuttle software, which as I recall was pretty expensive.

Re:Driverless cars...

[russbutton]

Eddie Jefferson was shot outside a Detroit nightclub in 1979 by a dancer who was pissed off at him. In 1972, Lee Morgan was killed on-stage in a New York night club by his jealous girlfriend. In 1988, Chet Baker died when he "fell out of a window". One of the greatest tragedies of all was when Clifford Brown died in 1956, at the age of 25, when a car he was riding in ran off a highway on-ramp in the rain. Probably the most amazing jazz musician's death was that of Buddy Rich, who somehow managed to die of natural causes.

But I can't recall any jazz players who were killed in a Chicago nightclub.

Re:Driverless cars...

[damaki]

Human drivers are known to be bulletproof secure, rational, law-abiding and deterministic, of course.

The poster is showing his prejudice.

[mmell]

"Insecure by design". Faa.

"Poorly designed", or "incorrectly designed" - perhaps. I'm fairly sure that even the ATM designers who went with an embedded MicroSoft operating system felt that they had mediated security risks adequately to deploy their systems. Incidentally, I had a chance to peek inside a local casino's slot machines - all of them, regardless of external appearance were based on an identical piece of hardware. Watching them boot showed me a MicroSoft OS underlying those slots. Not a problem, as I'm fairly certain that none of the slot machines on the floor have any conceivable way of ever connecting directly to any network except for the dark wire casinos use for exactly this purpose.

My takeaway point is that the summary is (IMHO) slightly biased. The original article appears to be well written. Just to ask - how many embedded systems should be permitted to ever connect to the internet? ATM's, for example, should demonstrably be either confined to a darknet or (as I've seen in some places) required to use dialup access. It's not perfect, but it adds a significant obstacle for crackers to overcome. The casino I mentioned earlier seems to get this point.

I don't mind smart appliances - but again, I don't see why they need internet access. The exceptions to this (smart TV's, for example) should be viewed with suspicion specifically because they are likely to be connected to the internet in some way, but my smart refrigerator probably shouldn't be - and ATM's, slot machines, SCADA systems, etc. almost certainly should never be.

Re:The poster is showing his prejudice.

[Aqualung812]

Internet access isn't needed, though. You can do some searching and find ATM hacks using the mag card reader.
I would assume that with enough playing around, there may be a key combination that could cause an exploit on the slots, but the cameras all over the casino do a good job mitigating that threat.

Re:The poster is showing his prejudice.

[Pentium100]

For some reason companies try to put computers and networks into everything. Take cars for example, not only they are full of computers running very complex software (most of which is not really needed), now there is even internet connection for cars. Why? My 1982 car does not have internet connection and I really don't see a reason why it should.

I started preferring simpler devices, usually ones that I can repair myself if they break. Sure, computers are an exception and I have an older smartphone (Nokia E90 - it has a proper keyboard, I hate touchscreens), but my other phone is a Nokia 1100 - a simple feature phone - because I only use it for calls and SMS. I also can understand how my car works without having to disassemble hundreds of megabytes of software and the electrical diagram takes up a single A3 page and most electrical problems usually are a result of a poor connection.

And no, I don't see a reason to connect my car, refrigerator or light bulb to the internet. I can use an IPTV set top box or connect a PC to a TV, but there is not reason for me to connect the TV itself to the internet.

Re:The poster is showing his prejudice.

[plover]

I don't mind smart appliances - but again, I don't see why they need internet access. The exceptions to this (smart TV's, for example) should be viewed with suspicion specifically because they are likely to be connected to the internet in some way, but my smart refrigerator probably shouldn't be - and ATM's, slot machines, SCADA systems, etc. almost certainly should never be.

Just because you haven't encountered a specific example for yourself doesn't mean they don't exist in the real world.

• 
  The TV? Netflix, of course.

• 
  The BluRay player? New keys for new disks, and to unlock "extra special downloadable content" (whatever that may be.)

• 
  The thermostat? You're coming home from summer vacation and want to turn on the A/C a few hours before you arrive.

• 
  The laundry machines? You're upstairs, out of earshot of the dryer, and want to know when the load is done so you can hang up your clothes to prevent wrinkles.

• 
  The smart refrigerator? Maybe you're having a problem, and need the technician to connect to it to remotely diagnose it and give you an estimate without making an expensive house call.

• 
  The freeze alarms? You're out of town during the winter, and want to be alerted if your house temperature drops to the point where it's threatening to freeze your water pipes, so you can call a neighbor for help or a repairman to fix the furnace.

• 
  The door camera, locks, and security alarms? You're still out of town and want to let the repairman in, so you look at the ID he holds up to the camera and remotely unlock the door for him.

• 
  The window shades? They're located high up in the skylights where you installed a motorized system to operate them, so it was a small additional expense to add a remote control. And as today may be very sunny, you want to close them while at work to keep the house cooler.

• 
  The dishwasher? It might need to know the scheduled price of electricity in order to avoid running during peak rates, and save you money.

These are not made up examples - they happen every day. If someone already has the connectivity, and pays for the equipment to have the capabilities, there's no reason they shouldn't also enjoy the convenience.

Note that this is true whether or not you personally think it's a good idea to connect your washing machine to the internet: the reality is Sally Soccermom and Charlie Cuttingedge already have houses full of this tech. You can buy all this stuff at Best Buy and Home Depot and Verizon today.

Of all of these systems, most are designed and built with a remote update mechanism. Some that aren't (door locks, freeze alarms) are generally run through a home automation controller that is itself updatable; so even if you can't remotely patch your freeze alarm, you can at least patch the controller that interfaces with the network. Also of note, most are aware of the typical home firewall configuration, and are designed to "phone home" to check for updates. They generally don't sit on the raw internet and listen for incoming connections, so the attacker generally has to get inside the firewall to abuse them (which is not that big of a problem for many models of firewalls, that's for sure.)

Re:The poster is showing his prejudice.

[Archangel+Michael]

Not a problem, as I'm fairly certain that none of the slot machines on the floor have any conceivable way of ever connecting directly to any network except for the dark wire casinos use for exactly this purpose.

I'm sure they connect to a network. The question is, is the network attached or otherwise accessible from outside, or by other means (social engineered hack). Unless the network is 100% completely separated from the outside (and even then..) it is at risk.

Re:The poster is showing his prejudice.

[AdamHaun]

A lot of those examples are solved problems, and at worst are minor inconveniences. Many IoT proposals can easily be replaced with three existing categories of solution: "other people", "paying attention", and "non-networked computing". To address your specific examples:

Thermostat: Schedule the turn-on in advance. Alternate, come home, move your luggage inside, turn on the AC, and go out to dinner.
Laundry machines: Check a clock every so often.
Broken fridge: Show failure status on an LCD. Or have a USB port that you can plug a laptop or a smart phone into.
Freezing weather: Ask a neighbor or a friend to check on your house once every day or two. You may already be doing this if you have pets.
Door opening: See above re: neighbor or friend, or hide a key somewhere.
Out-of-reach window shades: Close them before you leave for work.
Dishwasher: Assuming that scheduling is really that much of a money-save, start it manually before you go to bed. Or use a time delay. Or load the data into the washer via USB.

The more serious problems are much more rare, and that must be weighed against the constant vulnerability from having internet-connected appliances and the upkeep required to secure them.

Perhaps a better option would be to get away from the idea that networking should imply both internet access and full remote control. Is there any reason an embedded device can't limit communications to its own subnet? Stick an upgradable, patchable PC on the network to act as a master, and have it talk to the outside world. Meanwhile, the appliance should be designed at the hardware level so that remote access only gets you status information and the ability to trigger a few well-defined fail-safe modes. Using a stove as an example, you would be able to tell if the burners are on, or force them off, but you wouldn't be able to turn them on or change the heat setting.

Re:The poster is showing his prejudice.

[radish]

Door opening: See above re: neighbor or friend, or hide a key somewhere.

A truly special reply suggesting mitigating a theoretical, limited, network security vulnerability by quite literally leaving the physical keys to the castle out in public. Please hand in your risk assessment credentials at the door.

Re:The poster is showing his prejudice.

Remote monitoring is one thing. However, I remember when houses were broken into, left and right, due to garage door openers. A friend of mine got broken into three times until she put a keyswitch in a hidden place that depowered the opener, and a conventional manual garage door lock. Rolling codes help mitigate this slightly.

As for electronic locks on the doors? That is just asking for trouble. A mechanical lock like an Abloy PROTEC2 will do quite well. If I'm worried about someone 3D printing my key, I'll go with an EVVA MKS, that uses eight magnets, or add the CLIQ functionality to the Abloy cylinder which gives electronic locking, but not connected to anything whatsoever, except the key.

Re:The poster is showing his prejudice.

[mythosaz]

Slots? Impossible :)

http://www.wired.com/images_bl...

The "hack" was to get the operator of the video poker machine to enable the "double or nothing" bonus, which had a unique bug.

Most newer video poker and slot machines allow (or can allow) you to play at various coin values. Each credit can be $0.01, $0.05, $0.25, $1, $5, etc.

This particular machine would allow you to wager at $0.01, reach the Double or Nothing screen, use a combination of keys to get to the credit value change screen, and return to the Double or Nothing wager with your bet still pending.

In short, you would put in a $100 bill. You would wager 100 of your 10,000 credits at $0.01/credit ($1) until you won, and when reaching the Double or Nothing screen, you would navigate out to the change credit screen. You'd change your credit value to $5 per credit (dropping you down to ~20 credits in the bank), return to the DoN screen with your bet IN CREDITS, NOT DOLLARS still pending and then you'd stand a chance to win 400 credits (twice your original CREDIT win) on your DoN bet. you could win $400 on $1, on what should have been a simple 2-1 (doubled) 4-1 payout.

The spread likely wasn't $0.01/$5.00, probably was $0.25/$2.00 at the most, but by picking and choosing good payouts to DoN on, they were essentially playing machines with a winning paytable. [Since DoN's didn't pay double or zero, they paid 16x or zero.]

Re:The poster is showing his prejudice.

[plover]

You completely missed the point. Nobody cares if you don't want your stuff connected to the internet, or if you have clumsy workarounds to offer them.

This stuff already exists and it is already connected to the internet. It is an existing problem that will only get worse as more stuff is added.

It doesn't matter if you personally think hooking things to the network isn't safe. They're not products under your control. Samsung and JVC and Sony and LG and Panasonic and Honeywell and everybody and his brother are already making metric butt-tons of money filling homes with this equipment. They're not going to stop making money just because you think it's a bad idea. Many people want them, and you won't persuade them otherwise.

Worse, just because you don't put them in your house doesn't mean they're not your problem: perhaps you cheesed off some gold farmer when you were playing World of Minecraft, and he hires a botnet to DDoS you out of the game. The bot herder fires up his DDoS cannon, which conscripts the help of unsecured thermostats around the world, and they all hammer you until your ISP drops your connection.

You may not be contributing to the problem, but you're not in a position to contribute to the solution, either. All we can do is deal with the fallout.

Re:The poster is showing his prejudice.

[Lumpy]

Internet enabled window shades? how dumb. just use a simple wireless non IP protocol. like this tone for UP and that tone for down, like 99% of all somfy and other motorized shades use and have used for the past 40 years.

Re:The poster is showing his prejudice.

[AdamHaun]

A truly special reply suggesting mitigating a theoretical, limited, network security vulnerability by quite literally leaving the physical keys to the castle out in public. Please hand in your risk assessment credentials at the door.

I think you misunderstand. I'm not saying you should leave a key right outside the door all the time. I'm suggesting hiding a key somewhere non-obvious, *temporarily*, as a backup method in case you can't have an actual human being present. The alternative is an always-on, globally-accessible network attack surface for your front door lock. If that's compromised, getting in is as easy as "send me X bitcoins and I'll open the door at Y o'clock".

Re:The poster is showing his prejudice.

[plover]

Here's a better use case: they're part of a home theater setup, where when the user sets the "watch movie" scene, the lights dim, the shades darken, and the A/V system powers up. They may not be directly on the internet, but controllable through a home automation system.

If you already have Somfy blinds, here's a plug in for Vera home automation systems: http://wiki.micasaverde.com/in...

Re:The poster is showing his prejudice.

[AdamHaun]

This stuff already exists and it is already connected to the internet. It is an existing problem that will only get worse as more stuff is added.

Just because the equipment is present doesn't mean it's connected. At the very least, the user has to pick a wireless network and enter the password. I see your point, though.

Re:The poster is showing his prejudice.

[Lumpy]

I have had that for well over 15 years, Two contact closures work perfectly over wires embedded in the wall.

Re:The poster is showing his prejudice.

The thermostat? You're coming home from summer vacation and want to turn on the A/C a few hours before you arrive.
It's called a timer. You know roughly when you'll be back so just set it in advance.

The laundry machines? You're upstairs, out of earshot of the dryer, and want to know when the load is done so you can hang up your clothes to prevent wrinkles.
Most bleep loudly when the load is done and most now have a display telling you how long until the wash finishes - we can all tell the time presumably?

The smart refrigerator? Maybe you're having a problem, and need the technician to connect to it to remotely diagnose it and give you an estimate without making an expensive house call.
Yeah, that'll end really well once someone finds an inevitable security floor in the firmware then searches the internet for attached devices.

The freeze alarms? You're out of town during the winter, and want to be alerted if your house temperature drops to the point where it's threatening to freeze your water pipes, so you can call a neighbor for help or a repairman to fix the furnace.
Leave your thermostat at a suitable minimum temperature and don't act like a retard.

The door camera, locks, and security alarms? You're still out of town and want to let the repairman in, so you look at the ID he holds up to the camera and remotely unlock the door for him.
And you're sure that it's the repairman right? And when he's busy rummaging through all your belongings etc being a nosy bastard because you left him there alone?

The window shades? They're located high up in the skylights where you installed a motorized system to operate them, so it was a small additional expense to add a remote control. And as today may be very sunny, you want to close them while at work to keep the house cooler.

That's more a smart-house requirement than an internet connected one.

Re:The poster is showing his prejudice.

[plover]

And I bet people had hundreds of reasons horses and carriages could do the same things as cars, only better and safer. That sure stopped Ford and Daimler and Benz and Olds from selling those worthless automobiles.

Nobody cares if you can think of workarounds that don't involve the internet, or that rely on some self-aggrandized sense of superiority. They want to get to their thermostat from the beach, and are willing to pay hundreds of dollars for the privilege. You won't stop the factories from collecting that money, certainly not with your whining about how smart or responsible other people should be.

Re:The poster is showing his prejudice.

[BadDreamer]

Thermostat: I don't know when I come home, but when I do I will be tired from a ten hour plus flight, and I will not be going out to dinner.
Laundry machine: I am busy doing other things and forget to check the time, so my clothes get wrinkled. No, I will not stop doing things just so I can remember the laundry. I literally can't do that.
Broken fridge: How do I know it's broken so I have to plug a laptop into it? And I don't want LCD's on my whiteware!
Freezing weather: I have no friend or neighbour who I trust to come by.
Door opening: See above, plus, there is NO WAY I will leave a copy of my key outside the door when I am away. Where do you live that you can do that anyway?
Out-of-reach window shades: I want to leave them open if it is cloudy. What if the weather changes faster than expected? What if I forgot to close them because the sun was not up when I left? What if I want to *open* them when I am away, because it turned cloudy?
Dishwasher: No way I will keep that running while I try to sleep. And loading by USB is the worst idea ever; it means it will never get done.

To replace automation with manual operations - in many cases complex operations requiring memorized steps or check lists - is counterproductive and will end up with the tasks not being done at all, or at best done poorly.

The whole point of the Internet of things is to remove the need to remember to look at clocks, remember to contact friends and neighbours when planning to travel (and hoping they're not traveling at the same time) and to not have to manually examine and troubleshoot appliances.

"Minor inconveniences" add up. Even if something can "easily be replaced" by paying attention or performing a manual task does not mean doing so is a good use of time and attention. I, for one, have enough tasks in a day to keep me busy, and I don't need to add to that task burden with tasks which make my life more comfortable and can be done automatically.

Why should I spend the effort trying to guesstimate when I will come home from a service trip to Asia which will take me between one and three weeks, to have the thermostat scheduled at the most likely time? And what do I do if I guess wrong, and have to stay another two weeks? Why should I carry that inconvenience just because you feel my thermostat does not belong on the Internet?

Re:The poster is showing his prejudice.

[AdamHaun]

Why should I spend the effort trying to guesstimate when I will come home from a service trip to Asia which will take me between one and three weeks, to have the thermostat scheduled at the most likely time? And what do I do if I guess wrong, and have to stay another two weeks?

Then you either have a minor increase in your electricity bill or you're a bit warm for an hour or so while your house cools down.

Why should I carry that inconvenience just because you feel my thermostat does not belong on the Internet?

Because many of these new unpatched network devices will be wreaking havoc on the rest of the internet. (Perhaps not yours personally, but you're not the only person in the world.)

How are you dealing with all of these problems now? Clearly you're able to function today. Although this:

I have no friend or neighbour who I trust to come by.

is a pretty big problem and seems like way more of a danger than bad weather or network attacks.

Re:The poster is showing his prejudice.

[BadDreamer]

I deal with them by having my household accessible on the Internet.

And apparently the havoc I wreak is insufficient to bring the Internet down.

Maybe you're having lots of problems from my appliances, but the rest of the 'net seems to cope just fine. I suggest you look over your own setup before you start blaming me for your havoc!

Re:The poster is showing his prejudice.

[AdamHaun]

I deal with them by having my household accessible on the Internet.

Sorry, I suppose I wasn't clear. Internet-controllable major appliances are a very new thing. Business travel is not. How were you dealing with these problems five or ten years ago?

Maybe you're having lots of problems from my appliances, but the rest of the 'net seems to cope just fine. I suggest you look over your own setup before you start blaming me for your havoc!

I specifically said in my reply to you that this isn't a problem with you personally, but rather with large numbers of appliances being sold to large numbers of people, many/most of whom will not maintain and protect the networked parts properly.

Re:The poster is showing his prejudice.

[BadDreamer]

Five or ten years ago I suffered from higher cognitive load and was less productive.

Problems are opportunities. Instead of whining, find out a way to gain something by providing a solution.

wait

[Charliemopps]

"Unpatchable" does not mean "Unsecured" in fact, I'd say it adds to security in many senses. A system that can't be patched, can also not be altered to do the attackers bidding. At the very least, any privileges the attacker may have access to can not be elevated to create some even worse situation. Worst case scenario you just disconnect power to the device in question. Submit it for warranty repair. If you're using a closed source software product out of warranty/support it's your own stupid fault.

Re:wait

[plover]

A system that can't be patched, can also not be altered to do the attackers bidding.

That's not completely true. Even if a device loads its code from ROM on every reboot, with no capability of flashing new software, an attacker can still patch the running instance of code to do his evil bidding. Many machines will run for months or years without rebooting, allowing the attacker to benefit from them over and over.

The attackers who are hacking into your thermostat or washing machine have little interest in making your house hot, or your clothes dirty. They want to make money. They do that by adding zombies to their bot farms, which can participate in DDoS attacks; they can broadcast spam to hundreds of victims; they can host malware; they can spy on your banking PC; they can serve as a cutout relay for other attacks, etc. In most cases, the attacker wants your thermostat and washing machine to keep working without interruption to you so you don't even know they're infected.

If the machine is rebooted, the malware is gone, but so what? The attacker already made his profits.

Re:wait

[znrt]

this makes no sense. nothing is unpatchable. where you read "unpatchable" you should read: "we will not patch it because it isn't profitable, so please upgrade to our new shiny shit which we obviously won't patch either".

of course folks with malicious intent can find a way to patch it, and will. there is nothing adding to security here, quite the contrary. it's just a big clusterfuck. industry is only interested in perceived security. then of course people get what they pay for.

time to take opensource software and hardware seriously, already? not yet? ooooooook ...

Re:wait

[plover]

There are plenty of embedded systems that are "unpatchable": those that have their programs burned into ROM instead of Flash or EEPROM. The physical hardware required to modify the ROM chips simply doesn't exist in the equipment the manufacturer shipped; or the chips themselves may not even be modifiable once burned.

However, "unpatchable" does not mean they are "unhackable", as the CPU of a von Neuman architecture chip can still be subverted to execute code dynamically loaded into a RAM buffer (and the code in the ROM can still be used by the attacker using techniques like ROP.) The chances are the manufacturer didn't leave the attacker much extra RAM to play with, but if all he's looking to do is have it execute a DDoS attack (sending ACKs to his victim in a tight loop) it's probably enough to wreak havoc. Or he might be looking for a simple IP proxy just capable enough to forward his network traffic.

Yes, a reboot will refresh the RAM and remove the malware, but that generally won't matter to the attacker. If he hacked it once, he can hack it again; or he might have a thousand more smart toasters in his robot army, all of which are sending the same DDoS attack.

Any vulnerabilities they were shipped with, they still have today; and you simply can't fix them without replacing some hardware.

Re:wait

[Bert64]

The malware may be gone, but the machine is still vulnerable and prone to being reinfected at any time...
When the hacker loads his malware into memory, he may also patch the vulnerability in the process so that someone else doesn't step on his toes.

Re:wait

[plover]

True, and they have been known to do that. Having your now-patched thermostat still hosting malware, however, still isn't an ideal situation. Such a patch grants no assurance that the hacker won't turn it into a proxy for attacking your local equipment.

Re:wait

[znrt]

There are plenty of embedded systems that are "unpatchable": those that have their programs burned into ROM instead of Flash or EEPROM.

replacing that ROM is a straightforward form of "patching" a device. at the very extreme, replacing the whole device could be seen as a patch. ergo doable. it may not be cost effective, though, so industry might be tempted to shove the cost on the customer by coercing him to buy a new device. whatever justification, this boils down to the provider refusing to take responsibility over his own work, and this alone should promptly disqualify him, but it seems to be common accepted practice. still nonsense! :-)

Fine

Explain to me where I'm supposed to get my GEOS updated for my Commodore 64? And I sent in my warranty registration card, but I never heard back from them.

Re:Fine

[CaptnZilog]

Explain to me where I'm supposed to get my GEOS updated for my Commodore 64? And I sent in my warranty registration card, but I never heard back from them.

Why, is there a security problem with it?

A systemic problem

[rijrunner]

There are two bleeding edges. One is the leading edge of cutting technology.

There other is the trailing edge where systems age out because they take a lot of effort to update.

One way the trailing edge can not be updated because the overall system is designed to where there are critical parts that can not be monkeyed with in a low risk scenario. (This does happen).

The other option on the trailing edge is where the systems are not worth the effort. Most of the Internet of Everything appliances really have zero income after the first few months and yet are expected to have a longer lifetime than many major IT infrastructure requirements.

Damnit - gotta answer myself.

[mmell]

Page two of the article used the "Insecure by Design" meme. I guess the fault's with the article, not the poster.

And - yes, these kind of incidents are mistakes. I stand by my previous assertion that nobody set out to create insecure embedded systems. Poor design, incorrect design, or just plain inept management oversight has led to these kinds of mistake. Much as I'd like to blame MicroSoft for all of it, I can't. Sorry - love to, can't. I'm still certain that all of the entities involved believed they had correctly and adequately mediated the risks . . . that, or they had some PHB breathing down their necks to do as they were told. Happens all the time - ask Scott Adams.

What happens when the behavior changes

[Marrow]

Your fridge sends out a little packet that says: "Hey, I am past my warranty! Time to up the ad volume to MAX". Or: "Please press OK to agree to the new privacy terms and conditions or your device wont work anymore".
There are many serious problems that are here NOW and must be addressed.

Re:What happens when the behavior changes

[SuricouRaven]

More likely:
"Hey, manufacturer! Spike in consumption of chocolate icecream simutainous with mustard detected. Suggest switching advertising focus to baby clothes and formula milk."

Re:What happens when the behavior changes

[plover]

Already been done: http://www.nytimes.com/2012/02...

Does not matter

[cyberspittle]

I am more worried about people not patching what can be patched.

Easy.

[roc97007]

Make them patchable over the internet by default.

Oh, wait...

Who cares? It all sucks anyway

[gelfling]

The overall level of system quality is so piss poor anyway what does it matter than your toaster is going to try to kill Sarah Connor? Anyone read the news recently? Car makers recalled about eleventy zillion cars recently and half the problems were on board computer based. Are you going to lose any sleep that your refrigerator will get hacked and join Skynet? Because the real problem is going to be that when your Refrigerator blows an 80 cent part on a 2 dollar circuit board it's going to cost $1100 to 'repair'.

Re:But if it can be hack broken, it can be hack fi

[plover]

Probably not unless the user wants it fixed, and most don't. People have plenty of experiences with patches breaking new things, or taking away old functionality they had come to depend on. When someone tells me "this patch will solve all your problems", they usually aren't advertising the list of new problems they're creating for me. Anyone who plays iPhone app games knows that the patches sometimes come with game-stopping bugs; other patches have been known to suddenly add annoying advertising.

Usually, I'm at a point of equilibrium where I am at least coping with the bugs in the devices surrounding me. If I know that the "mute button" on my GoogleTV box doesn't work unless I press it twice, I simply learn to press it twice; while I know it's a stupid workaround, it's one I can live with. What I might not be able to live with are the bugs that come with the next round of patches.

Now, we make that experience hurdle even harder to scale: as a end user, I think security patches are worse than regular patches. The end user doesn't see a physical benefit from the patches, but knows he might suffer. What does he care if his thermostat or washing machine is sending spam around the world, as long as his house is warm and his clothes are clean? But if he installs the patches, he risks having a cold house or dirty clothes, or even advertisements streaming across his refrigerator's screen. It's just not worth the risk to patch them.

And if you want to see a really risk-averse, don't-patch-me crowd, talk to the SCADA industrial control people. If you suggest you need to update the software running the sewage ejection pump, the city engineer is going to hand you an invoice for $20,000 and say "that covers my cost of testing your patch."

Re:Watch People Lose Their Shit

So you get a couple of years to use a product that is riddled with security holes which aren't going to be patched, and then you need to buy another buggy product for another round of exploits that you can't defend against because there still aren't going to be any updates. Just because a product gets an official end-of-life date doesn't mean it magically becomes secure until that date.

The software industry needs to made liable for software flaws. Way too many businesses write shoddy software for applications with a massive security footprint, always chasing first-to-market. There isn't just no incentive to get it right, there is a huge incentive to get it wrong by riding roughshod over code quality in order to save time. The situation won't improve until releasing products with exploitable software creates a dire financial risk for the manufacturer.

Trusted by default - right phrase, wrong context

[ka9dgx]

The problem IS that things are trusted by default... but not in the way the author thought. If you trust every program you run by default, you are doomed. An operating system should NEVER trust anything by default... Linux, Windows, OSX all violate this principle. So do embedded devices base on some variant of them.

Never trust by default, and you stop having to worry about side-effects, and start deciding what the limits are ahead of time.

"Coming IT Nightmare?!?"

That nightmare is a reality for most Sys/Security Admins. Very common are control systems that you simply cannot touch, or end up out of compliance with the vendor and unsupported. Companies with multi million dollar control systems don't want to hear about "patches" and "vulnerabilities", they just need them to work for business productivities sake. But of course the vendor needs remote access, so the device needs internet access.

There is no coming nightmare, its been a part of life for decades, insecure systems with business needs and no concern for security implications. The business accepts the risk despite protests and it gets setup or you get fired.

Re:"Coming IT Nightmare?!?"

[Lumpy]

And it's not a nightmare... Put it in a secure lan if it has to be on a network.
I know companies that still are running Windows NT 4 servers that they have not patched in years, and they have no problems because they have Competent IT and network Admins that know what they need to do to keep it secure.

Re:"Coming IT Nightmare?!?"

[ka9dgx]

That doesn't address the issue of unintended side effects from existing bugs. I agree that a separate LAN can help mitigate things, but it doesn't eliminate the odd things that can happen in a world where code is trusted by default.

Imagine if your garage light switch would 1 out of every 1000,000 times, cause your roof to fall off your house.... this is the world of software that can do anything.

Re:I have just one question.

[NoNonAlphaCharsHere]

Those are maggots, not Rice-A-Roni.

Embedded System Designer's Opinon

[Murdoch5]

Well as an Embedded System Designer I have to speak up here, systems are usually not insecure because of lazy development, systems are insecure because clients, managers and stakeholders don't provide proper funding, deadlines or requirements. The number of times I've had to go to a manager or project manager and ask them to clarify a customers request is almost sad. The amount of times I've had to go to the same group and ask for twice or three times the amount of time to develop a solution is almost sad and the amount of times I've had to ask for much more funding to do a proper job is sad. For some unknown reason embedded designers aren't treated like normal software developers and the truth is we aren't. We don't rely on some insecure patched to hell OS to keep us safe and we don't trust laughable memory managers and kernels to keep us crash free and running smooth. We do the real work in the development world and generally it's the GUI designer who takes the credit.

We generally don't work in the world of garbage collected and managed languages, we don't work in the world where everything is already setup and ready to be called through some piss poor abstracted class implementation of system.IO and we don't get safety nets under us to catch what falls through in some kind of completely illogical and messed up exception error system ( C# ). To say embedded systems are insecure is really another way to say one of several things:

1. You didn't allocate enough time, money or proper requirements.
2. You didn't hire someone who is qualified to the job, such as putting a desktop developer onto an embedded project.
3. You didn't consider security when you dreamed up you're fragmented and broken project idea.

This is of course mitigated by a great developer who will go back to the table of executives and tell them they need what they need and won't start until it's delivered. You can't treat an embedded project like a normal software project, when you do you'll end up with systems that make Microsoft proud ( aka 0 security and patch opportunities to fly to the moon ), you need to treat an embedded project like an embedded project and give the embedded developer what he / she needs. Doing other wise will always end up you shit creek and generally the manager or stakeholder is left with the paddle looking like a fool.

Re:Embedded System Designer's Opinon

[EmperorArthur]

But, But you can just put Linux on there. Then you can use Java for all those fancy things you mentioned. That will solve all your problems.
https://xkcd.com/801/
Seriously, I'm pretty sure I've seen this on an old Vonage box I was playing around with.

For many of the smaller microcontrollers we're lucky to have a full libc. It's always a wonderful day when I have to choose between rewriting an algorithm to use integers or taking a chance with new hardware with a built in floating point unit when the ship date is fast approaching.

Re:Embedded System Designer's Opinon

[Murdoch5]

It's hilariously funny how often I've heard, "Just put Java on it and you'll have memory management." Java is a good language for when you need portability and don't care about overhead and run time speeds, to be clear, I'm not saying Java is slow, but it's slow compared to C or ASM.

It's also funny how often that is included with the discussion about why I don't need more time because Java and languages like Java exist. The last time I had to sit in a board room and had to listen to a desktop developer tell me this, I just looked right back and said "Okay, prove I have execute your interrupt in under 1uS and I'll consider it." He just gave up and stopped talking.

The truth is that embedded development is not the same as the desktop, we generally don't get much memory, we don't have multiple cores to work with, we generally have a battery as power and we have insane run time requirements, the last one I had was 2 years on AA's ( just two ).

Repetitive (broken) OS abandonment

[fyngyrz]

<RANT>

One thing that's causing problems is the habit of Apple and Microsoft to abandon operating systems for new, often incompatible ones, instead of fixing the bugs in them. OSX 10.6.8 is full of problems; the only way to fix them is to move up to OSX 10.7 or further, which in turn can break a lot of things, because the later release isn't just fixed (if, in fact, it is fixed), it's a different animal altogether. Just one example. OS vendors take the view that you can either move forward with them, or die in a fire. Windows, Ubuntu, XP, etc... same deal.

I'm not saying these old OS's should get new features. But bugs? They should be fixed as long as humanly possible. The product was sold as having feature set X, and working. If it doesn't work as advertised, or is unreliable, it shouldn't be abandoned, it should be fixed. Except in the very rare case where it is not possible (I can't even think of one of those, actually.)

The problem is multifaceted. It isn't just that users are left with a choice of being left behind and becoming steadily more vulnerable to exploits; it is also that as the OS vendors keep jumping away from their buggy versions, the OS landscape, as it were, is left lettered with broken junk, and the new stuff is going to also be broken in new ways (plus, often, the old ways too), because:

None of these OS vendors ever intends to work any product into shape such that it becomes stable, reliable, and actually what it was advertised to be when it was sold. Instead, hey, look over here, New! Shiny!

Then we have application vendors that, for no particular good reason, make their apps not just use, but depend upon new OS features. Generally speaking, you don't have to do that. You can tie a feature to an OS, and there are very good reasons to do so (the feature may not even be possible under a previous one), but then there are things that have no sane reason to be tied to an OS, such as the ability to load a new image format (Apple, I'm thinking of Aperture here.) New interface to load images through? Sure, great idea. Abandoning the old interface? Not generally a sensible thing to do. No doubt there are applications out there that use the old interface, and there will be users with (shock!) new cameras.

I find the entire cycle of abandonment to be reprehensible and ethically bankrupt. I think applications should be maintained until they aren't broken under the OS's they were designed to run under, and OS's should be maintained until they work in every way they were supposed to in the first place, and are kept as secure as possible without actually breaking things. But that's just me.

</RANT>

Re:Repetitive (broken) OS abandonment

While I appreciate the frustration as a consumer, this is not even unique to software but a property of all economically viable engineered systems including buildings and literal holes in the ground. Nearly always, there comes a point where it is more feasible to demolish the old and replace it with contemporary solutions, rather than to keep maintaining the archaic. To stick with the old is to commit to funding the low-volume, custom work that is required to restore or maintain historic systems for the sake of preservation.

However, consumers do not seem to want to pay for such work. They only want the commodity pricing that goes along with large-scale consumerism, and not the high prices for bespoke goods. In the enterprise computing space, you do see software and hardware being supported for much longer time frames, and also much higher costs associated with this nearly bespoke work.

If the "cycle of abandonment" is reprehensible and ethically bankrupt, I'd argue that it is a larger societal problem linked to our willingness to externalize costs and focus on immediate satisfaction in all areas, rather than on sustainability or lasting value. It is both the producers and consumers who are complicit in this with every myopic transaction that borrows against the future. If it is inevitable that our economy have such churn in it, I think it would be great if more of it could be in software since that does not have to accumulate in land fills the way all our other disposable products wind up...

Re:Repetitive (broken) OS abandonment

[RightwingNutjob]

It's a two cultures problem in IT. The vast majority of Microsoft's, or Apples, or Oracles, or whoever's customers use their OS on laptops, workstations, or servers, where the consequences of bugs are fairly well approximated by "nuisance". The other culture of computer software customers are folks who use computers handle large amounts of money and control moving machinery (power plants, drones, etc), where the consequences of bugs and unintended features start at "oh shit, we've lost millions of dollars" to "oh shit, the crane dropped its load 200ft" up through "oh God, the power plant has exploded!" People in the second camp have a healthy suspicion of getting the latest and greatest upgrade from companies run by and for people in the first camp. And that dichotomy is why most embedded OS's come with source code that you get to debug yourself if it doesn't quite work for your application (VxWorks, QNX, Windows Embedded, RTLinux, etc).

Re:Repetitive (broken) OS abandonment

[scottbomb]

13 mod points but they don't work on this thread for some reason. Anyhow... +1!

Re:Repetitive (broken) OS abandonment

[scottbomb]

People shouldn't HAVE to pay for bug fixes. I sell you a product for $100 and I promise it does a, b, and c. However, sometimes it does c incorrectly. You'd demand that I fix it, no? But no, I'm a software developer so I just say, "Sorry, I don't have time for that, but here's my new version you can have for (another) $100!" What other industry gets away with this?

Re:Repetitive (broken) OS abandonment

[BoberFett]

I've never seen an OS advertised as supporting [FUTURE REQUIREMENT].

So they do A, B and C just fine. But when requirement X happens, what do you do? If you're advocating that an OS should be required to always support future software (or be resistant to some unknown malware), good luck with that.

Re:Repetitive (broken) OS abandonment

[CaptnZilog]

This applies to a lot of things - a house built in the 1940's for example might have only 2 wire electrical and little insulation, leaky wood windows, etc.

Sure, you can insulate the walls, rewire, all new doors/windows, etc... but it will probably never be as good as a more modernly constructed house can be. Now, the question is, if it's going to cost you $80K for new windows, rewire, etc, vs. $250K to tear it down and build a similarly sized house on the same lot, which is more "cost effective" in the longer term?

Re:Repetitive (broken) OS abandonment

[knightghost]

People shouldn't HAVE to pay for bug fixes. I sell you a product for $100 and I promise it does a, b, and c. However, sometimes it does c incorrectly. You'd demand that I fix it, no? But no, I'm a software developer so I just say, "Sorry, I don't have time for that, but here's my new version you can have for (another) $100!" What other industry gets away with this?

Most markets get away with that. It's called Marketing. We now live in the Marketing generation - people demand lies over facts and results.

Re:Repetitive (broken) OS abandonment

[thunderclap]

so your solution is legislation that basically says that any OS sold has to be maintained forever. I would LOVE to see that happen.

Re:Repetitive (broken) OS abandonment

[thunderclap]

It's a two cultures problem in IT. The vast majority of Microsoft's, or Apples, or Oracles, or whoever's customers use their OS on laptops, workstations, or servers, where the consequences of bugs are fairly well approximated by "nuisance". The other culture of computer software customers are folks who use computers handle large amounts of money and control moving machinery (power plants, drones, etc), where the consequences of bugs and unintended features start at "oh shit, we've lost millions of dollars" to "oh shit, the crane dropped its load 200ft" up through "oh God, the power plant has exploded!" People in the second camp have a healthy suspicion of getting the latest and greatest upgrade from companies run by and for people in the first camp. And that dichotomy is why most embedded OS's come with source code that you get to debug yourself if it doesn't quite work for your application (VxWorks, QNX, Windows Embedded, RTLinux, etc).

This is why People in the second camp should NEVER be using OS from the first group because they CAN"T make mission critical, reliable OS period. You don't need just 6 9s of uptime, you need 9 (and sigma 6 just to throw in another fun but useless buzz word. [I know what sigma 6 is])

Re:Repetitive (broken) OS abandonment

[thunderclap]

+1 to your +1

Re:Repetitive (broken) OS abandonment

[fyngyrz]

No. You can pretty much count on the fact that almost nothing I propose depends on legislation. That well has been completely poisoned.

In this instance, I'd like to see consumers realize they are being repeatedly screwed w/o lube, and hold the OS and app vendor's feet to the fire in the traditional way: by voting with their wallet.

I know the odds perfectly well. That's how I feel anyway.

Re:Repetitive (broken) OS abandonment

[fyngyrz]

So they do A, B and C just fine.

No. They don't. That's my exact point. My OSX, version 10.7, has broken UDP broadcast reception -- it can only serve one client at a time (for BROADCAST packets!) My OSX can't print UTF-8 text through the console correctly. I even know what the problem is, and Apple knows what it is too, I spoke to the guy who wrote the CUPs stuff himself while we worked out what it was, and when we did, he informed me that a compiler bug prevents the feature from working on a Mac Mini (works fine on my Mac Pro.) He also informed me it wasn't going to be fixed. I had to fix THAT problem by buying a new mac mini that used a later processor, and that in turn forced an OS upgrade, and that turn screwed me other ways. And all I bloody wanted was for printing to work! (This was for a point of sale application for the Mini where I had to print Chinese from a Python application as well as English. No UTF-8 == no Chinese.) My Safari leaks memory like a sieve with a hole in it -- a few hours use results in over 4 GIGABYTES of memory use that comes back the instant I quit Safari, every time. My OSX has a bug deep in the color balance/render routines that causes somewhat regular hangs of very busy graphics programs. And so on.

Wanting these things fixed is not about wanting "new feature X", it's about wanting feature C, which was supposed to be there in the first place.

Now, one or more of these may (may!) be fixed in 10.7 or later. But 10.6 is the last version of OSX that supports PPC applications, of which I have a large number, and for which I paid a great deal of money all in all, AND which are still very useful to me. So you see, the idea of leaving 10.6 around, broken, not performing as advertised, is not an issue of wanting "future" features. I just want it to work as it was supposed to.

Re:Repetitive (broken) OS abandonment

[BoberFett]

Are you claiming that there was an advertised feature in OSX 10.7 that claimed to so support multiple UDP broadcast clients simultaneously? At the risk of sounding like a jerk it sounds to me more like you bought a product that did not suit your needs, based on not evaluating it prior to purchase.

Computers and the software that run on them are complicated devices. Considering how cheap they are relative to their capabilities, unless there's a specific function that a computer claims to do but does not, I can't really expect a company to support a product for free forever. Technically speaking a computer should be able to do ANYTHING you tell it to, but I'm not about to slam Atari for their 800 not being internet capable and demand a patch.

Re:Repetitive (broken) OS abandonment

[Maxo-Texas]

It's not quite the same.

It's more be like having a car that people are actively sabotaging every single night. Or perhaps making a new key to steal it every night so you have to make a new key or replace the ignition switch every day.

They sold you a product and it worked as advertised. And if no one was trying to ruin/take control of it, it would be fine.

Re:Repetitive (broken) OS abandonment

[rastos1]

Bullshit. Every product has an expected lifetime. Once that passes you do not expect to get the fixes for free. If you want to get fixes for longer time you will have to pay for that. If you do not want to pay for each fix after the lifetime expires you will have to pay higher price upfront. How much are you willing to pay? For ballpark figures check how much it costs to develop software for space ships.

Re:Repetitive (broken) OS abandonment

[AmiMoJo]

If you want that kind of security and long term reliability/support try OpenBSD. It's a trade-off though, there is stuff that other operating systems offer that OpenBSD doesn't. It seems that most companies look at this trade off and decide against OpenBSD.

I'm glad my Panasonic TV didn't though.

Re:Repetitive (broken) OS abandonment

[CaptainDork]

Your rant is spot on, but there is another side, and that's the revenue stream of the manufacturers. Where is the profit in supporting old systems? There's more money in abandonment and offering a shiny new product. I guess manufacturers could provide an upgrade subscription fee, but someone has to foot the bill to pay top guns to keep legacy app/equipment current.

Re:Repetitive (broken) OS abandonment

[NickFortune]

People shouldn't HAVE to pay for bug fixes

Well yeah. If I sell you a potato peeler and it doesn't peel potatoes, you shouldn't have to upgrade in order to peel a spud.

The trouble is it's harder to clearly define requirements in the software world. In IT a lot of those bug reports would concern the peeler's inability to cope with Grapefruit. Or with Potato 2.0 the peel of which is made from 4 inch steel for security reasons. Or with a potato three miles in diameter.

You can't reasonably expect a single product to cover all those use cases. I won't deny that some vendors take advantage, but the situation is far from as cut and dried as you suggest.

Re: Repetitive (broken) OS abandonment

[nazsco]

and instead of suing or using another vendor you bent over and paid up. that is a sure way to show them how angry you are

Re: Repetitive (broken) OS abandonment

[nazsco]

if its out of sync with the current code (ie a bug, not missing new features) you cant sell it.

Re: Repetitive (broken) OS abandonment

[fyngyrz]

No, actually, I didn't. :)

Re:Repetitive (broken) OS abandonment

[fyngyrz]

10.7 was a typo; I use 10.6.8, sorry. Can't edit these posts.

Yes, 10.6.8 documents that it supports UDP sockets. But UDP sockets are explicitly broadcast constructs, and 10.6.8 does not support broadcast reception, only private reception. IOW, if one app is using the socket to hear broadcasts, that's all you get.

I'm not about to slam Atari for their 800 not being internet capable and demand a patch.

...aaaand you have completely missed the point. Good job.

Re:Repetitive (broken) OS abandonment

[fyngyrz]

I wrote an image manipulation system that was FAR more complex than anything most people have written, and I kept it updated from day one, fixing every bug that was reported that was my bug to fix (can't fix some of microsoft's bugs for them, sadly), never breaking compatibility with previous versions, and not using new OS features except in new application features. I stopped developing it when supporting the next OS version meant that I had to break the app for everyone else -- certain APIs went away.

More recently, I've been developing an SDR application that's just exceeded 10k users (that's not too bad for such a vertical, specialized app -- and it is *very* complex), and same thing there: It still works with the original OSX I developed it under (10.5) and so far, works all the way up to 10.9. It'll probably work in 10.10, too, is my guess, but if it doesn't, and I can fix it without breaking previous customer's installations, I will.

So let's not paint too broadly with that brush, sonny. There *are* responsible developers out in the wild.

Re:Repetitive (broken) OS abandonment

[fyngyrz]

They sold you a product and it worked as advertised.

No. They didn't. I'm not talking about security updates. I'm talking about broken features that were never fixed, just left broken and abandoned in particular OS versions.

Re:Repetitive (broken) OS abandonment

[fyngyrz]

I would be *delighted* to pay for fixes, frankly. It beats the hell out of not having them at all.

Re:Repetitive (broken) OS abandonment

[Daniel+Klugh]

I used to use my Atari 800XL to get on the Internet all the time. You just need a terminal emulator and a modem (and it's software handler). Now-a-days you can have an actual IP connection via Contiki. It's not Atari's job to support device-specific stuff. The IBM PC wasn't designed with IP in mind but people still read net-news and net-mail on the IBM clones.

Re:Repetitive (broken) OS abandonment

[Maxo-Texas]

Okay, I can agree with you here. If they advertised a feature and it didn't work, they should fix it.

But without continuous security updates, only disconnected machines are really usable. And a disconnected machine loses most of the benefit of the internet.

Re:Repetitive (broken) OS abandonment

[fyngyrz]

But without continuous security updates, only disconnected machines are really usable. And a disconnected machine loses most of the benefit of the internet.

The Internet only represents a tiny fraction of what computers can do. :)

Re:Repetitive (broken) OS abandonment

[david_thornley]

Six nines of uptime is about 32 seconds per year. There's a lot of stuff that can't go seriously haywire in that time. Seven is about 3 seconds per year, and with a few hardware interlocks there's almost nothing that's going to harm. Nine is imperceptible.

And, yes, for something where I need six nines, I'm not going to want to use Windows or Mac OSX.

Re:Repetitive (broken) OS abandonment

[david_thornley]

You know, if you buy some deck stain it will tell you on the can (or attached instructions) to try it first on an inconspicuous part of your deck to make sure it'll work. I've read the same sort of thing on hair dye. A doctor may well prescribe something that has unexpected side effects (I'm allergic to sulfa, for example), or doesn't fix the problem. This is off the top of my head.

In other words, lots of industries make things that they intend for general use, but if it fails for you that's too bad. It isn't just software.

Re: Repetitive (broken) OS abandonment

[david_thornley]

That's not my experience, and I have sold a house. The current code defines what you have to do when changing the house. It doesn't apply to existing things. For example, the stair to my third floor has no rail (and I haven't figured out where to put one) and has some curves to it. Personally, I think it was designed for back when, if a servant fell and broke her neck, you just had the body hauled off and hired another one. That doesn't prevent me from selling the house.

Re:Repetitive (broken) OS abandonment

[RockDoctor]

OS vendors take the view that you can either move forward with them, or die in a fire.

The second word of your rant is the important one. "vendor" : one who sells something. And once they've sold it, they see no reason to pay the slightest bit of attention to the buyer, except as a potential source of future sales. And after making that sale, the only interest they have is in the sale after that.

I think that it's crap too, but I don't kid myself where it's roots lay. It's i nthe infality of a sale.

While I hate it - absolutely hate it, the likely only way out of this is to move, in the software world, from software sales to software leasing. Which in turn leads directly to the nightmares of DRM, recurring license fees and so many other horrors. But unless a software house is receiving regular income from a product, then thy are simply not going to focus on it, but instead they'll focus on the new release, and the sales that will bring. And so, "Bling!", "Shiny!", the tyranny of the new.

Configure your software so it can be leased, and control the leases with hardware dongles. You'll easily be pulling in $15,000 /seat /year, and your customers will be happier with that than paying for 5 years upfront. Leasing is, after all, tax-deductible every year, unlike a purchase which amortises.

"with many fathers"?

[sideslash]

[...]affecting everything from mom-and-pop shops to power stations. This unpatchable hell is a problem with many fathers, from recalcitrant vendors to customers wary of[...]

This is a weighty issue. I will take it before the elders of my own company -- surely those wise fathers will know what to do. In the meantime, send forth the maidens to wail and weep in the streets, that all the people may know how grievous is this news.

Re:I'd tend to take the opposite view on this.

[Richy_T]

It's Bladerunner all over again.

Security

[fyngyrz]

My thermostat is just a device on my wall which regulates my furnace - it has no business being internet-enabled.

What if that could save you money? (it can.) What if it adds convenience and security? (it can.) What if it informs you about your usage such that you can improve your comfort level? (it can.) What if it gives you remote information, such as "the heater has failed, the pipes will freeze, you need to come deal with this" (it can.) What then? Still no business being Internet enabled?

It's not a failure of needlessly Internetting the device; it's a failure of vision on your part (and perhaps a failure on the manufacturer's part to make a secure device... that can be fixed, and pressure should be applied so the fix happens.) Sure, you can get along with your old thermostat. You could get along with a coal stove instead of a gas or electric range, too. But most of the time, not such a good idea.

Facilities that worry about security start with air-gapping their networks so that one simply cannot get into the system from the outside. There is a very, very good reason to keep things inaccessible. Really, there is...

The problem isn't accessibility. That's just a stopgap, though certainly a highly effective one. The real problem is security. Worthy of raving about, for sure. But with the idea of making it actually secure -- not of dumping capability out the window because of too little effort expended.

Re:Security

[TheP4st]

My thermostat is just a device on my wall which regulates my furnace - it has no business being internet-enabled.

What if that could save you money? (it can.) What if it adds convenience and security? (it can.) What if it informs you about your usage such that you can improve your comfort level? (it can.) What if it gives you remote information, such as "the heater has failed, the pipes will freeze, you need to come deal with this" (it can.) What then? Still no business being Internet enabled?

Does it really have to be internet connected to save you money? By sacrificing a little bit of convenience you could gain a lot of security on your device and at the same time avoid that some asshat script kiddie in another state or country cause your cost saving device actually make you spend more money just for the fun of it. Or worse, turns off your furnace and disable your warning system and make it generate "All is OK reports" while you are soaking away in the sun with an umbrella drink in hand blissfully unaware that your pipes just burst due to the freezing temperatures back home. Why would it need an internet connection to provide me with usage statistics that can be used to save money? It really isn't that hard to run a cable from your device to your PC to download the data for analysis. Slightly less convenient yes, and most likely an inconvenience that will be a turn-off for many potential customers.
And an internet connection is most definitely not necessary for a system to give me remote information such as "the heater has failed, the pipes will freeze, you need to come deal with this". Home alarm systems have proved messages such as "The alarm have been triggered due to a potential home intrusion...." for at least 3 decades using regular phone lines and emergency numbers set by the owner, commonly to neighbors and family.

Re:Security

[mythosaz]

You haven't ruled out the possibility that I'm a Luddite, curmudgeon or better yet, both.

Re:Security

[Lumpy]

So I will know if someone steals my toast?
there is ZERO advantage to an internet enabled toaster. Z E R O.

Re:Security

[Kittenman]

So I will know if someone steals my toast? there is ZERO advantage to an internet enabled toaster. Z E R O.

How about upgrades to your 'Talkie Toaster"? http://reddwarf.wikia.com/wiki...

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

Re:Security

[david_thornley]

If the toaster is networked inside the house, it can be triggered a minute before you want breakfast. Once it's networked, it's probably hooked up to the thermostat or whatever, which is internet-enabled.

No "Unpatchable Systems"

[NotInHere]

We don't have unpatchable systems. What we have are vendors not wanting to maintain support for too long as they want to force people to buying always the newest to generate revenue.
There is this overall trend in IT industry that hardware gets softer and softer. With every generation, more features are implemented in software, and therefore are, in theory, patchable. But the possibilities of the soft hardware don't meet the commercial interest of the companies.

We have multiple benefits when using computer machines for doing human's work. But we also need to realize this doesn't come for free. Either we live with vulnerable systems, or we update them, simple as that. When purchasing new hardware it should always be a question to ask whether the software can be updated, and how the hw will be maintained. Compliances usually have a bad performance in this. Use well known parts, and be as mainstream as possible.

Computers don't have a long history of serving humans yet. I hope these update issues are a problem of the first generations.

Re:No "Unpatchable Systems"

[AmiMoJo]

I'm an embedded developer and we do release firmware updates, but the customers don't want to apply them unless there is an actual problem. Say they have 10,000 data loggers deployed. Can't do remote updates because the data link to each device is very low bandwidth, or it doesn't have a data link. For example, some of our loggers send SMS text messages to report stats. Try sending a 128k firmware imagine over SMS.

So that means the customer has to send people to visit all 10,000 installations with a laptop so they can install an update to fix a theoretical security issue. In the worst case if someone starts exploiting that issue they will probably just try to charge the cost of doing the upgrade to the developer. As the manufacturer we can't force them to install an expensive, high bandwidth link so we can shove out firmware updates as needed. As far as the customer is concerned any security flaw is a defect that we must put right at our own cost anyway. They don't really understand the nature of networked devices yet, or how security works on the internet and how even if you do everything right (like deploying OpenSSL correctly) you can still be bitten.

Why?

[Sir+Holo]

Why would I ever want my refrigerator to have internet access?

The marketers, sure, they want me to think that I need that. But, really, what conceivable value or advantage would the ($30-extra purchase price) confer to me?

None? Well, I must be a sucker.

Or, wait, I have to actually exert more effort to maintain the internet security of my refrigerator, which wasn't and should have never been internet-connected in the first place? If you find yourself in this latter situation, you are dumber than a sucker, mark, or rube. You are the problem.

Toaster security

[mikew03]

I think we have to face the fact that we're moving beyond an era where we can secure systems and instead need to move towards mitigating the damage.

Let's think about our unupgradeable internet enabled toaster that counts our calories and orders fresh bread when it detects we've used up what we have. If that toaster gets hacked there are a few possible results:

1) It might set your house on fire. This should be mitigated by all toasters having appropriate physical sensors that are not software controlled to prevent a fire. A simple thermal fuse would cost only a cent or two. A manufacturer who builds a toaster that can be set on fire over the internet under any circumstances should face significant liability.

2) Your toaster might be turned into a spam machine or bitcoin miner or something similar. If this renders your toaster non-functional then you will throw it out because its broken and its no longer a problem.

3) Your toaster might be more carefully owned and remain functional. This is obviously the worst case. But the way to handle this is with improved perimiter defenses Routers should be enhanced to monitor for suspicious activity. You could get a virus alert or similar that notifies you your toaster is behaving oddly.

The level of protection needed depends on the device. Something with a camera or microphone needs more thoughtful security than a toaster. (Until our toasters include facial recognition to tune the desired level of toastiness).

Another related thought. One big issue we have is embedded systems are often networked together. Traffic lights for instance. My first choice would be that such devices not be on the internet, but if they must I think we could create some isolation or sandboxing. Imaging if each embedded traffic light had a mini-router chip that had some sort of unalterable channel code. Make sure that a traffic light can only talk to other traffic lights or control hardware with the same channel code. Beyond that, I think you are going to again have to rely on perimiter defenses built into routers to detect and interdict command/control from hackers and detect abuse of the traffic lights. Networked but safety critical systems such as traffic lights should have a fallback unnetworked mode (old fashioned timing in the case of traffic lights).

The point is there isn't any one size fits all solution but if we focus on risk reduction, periphery detection and, where critical, ways to disable networked behavior we can protect our infrastructure significantly better than it is now.

Re:Toaster security

[Brett+Buck]

My idea - don't hook a toaster to the internet. If you want to set it to toast before you wake up, I can get you $5 60-year-old clock radio that will switch the power on when the alarm goes off.

    Same with every other trivial example in this thread. Critical embedded system = don't hook to internet.

      Brett

Re:Toaster security

[mikew03]

I don't think that's realistic. If you are a city and you want to manage your traffic lights the desire to use the existing internet infrastructure is going to be irresistable. As I said in my post I would certainly prefer these systems not be hooked up to the internet either but cities aren't going to build out a second communications infrastructure. And even if they went to that effort you know that the computer sitting in the city managers office that controls this secondary network is going to have an internet connection because the guy managing the traffic lights needs email, HR websites, etc. For example a list of lights that needs replaced has to be sent to the city maintenance department. No one is going to air-gap that.

Re:Toaster security

[plover]

Except this is already past tense. They have already rolled out millions of internet-enabled appliances, including washers, dryers, refrigerators, thermostats, door locks, cameras, TVs, alarms, light bulbs, DVRs, cable boxes, phones, doorbells, garage door openers, and pretty much anything you can think of. (I haven't seen commercially available on-line toasters, but there are home-brew hacks out there.)

There are billions of dollars to be made in the on-line appliance market. Maybe they won't sell any to you, but they have sold millions to other people. It's already done.

WMS has slots with online links

[Joe_Dragon]

player life has a web site and is tied to games in lot's of casinos

Re:Here's an idea...

[Bengie]

You may not want to connect your thermostat to the Internet, but you may want it connected to your home network, which so happens to have Internet access. The heating and cooling system in my old home for 10 years ago kept a multi-year log of each and every time the heating or cooling kicked on, what temp it was, what the humidity was, and all kinds of other stuff. Accessing it over a serial port was annoying. It would have been a lot more convenient if it had a web server that ran over wifi or Ethernet.

Because we are all doomed!

[Lumpy]

You know, all of this stuff MUST be connected to the internet.. or it will EXPLODE!

Oh wait it wont.. so just not plugging it in makes it 100% hack proof.

Subscriptions are the fix

[mcrbids]

Microsoft doesn't want to produce a new version of Windows; they want to make money and selling new releases of Windows is how they accomplish this.

I truly do not understand why they are nixing Windows XP. The money making opportunity is tremendous: Take 1/10th of their O/S development team, and have them work on bug fixes for Windows XP. Pay them by charging subscriptions for XP support. It wouldn't have to be much: maybe $10 to $20 per year would be more than enough, and those still hanging on to Windows XP would very likely be completely happy to pay $12.95 per year to to have to mess with their obviously working system.

If you assume that the $25 or so that MS gets for a OS license from vendors covers 3 years, then $12.95 per year is at least 100% to 200% more per year, from customers that don't demand or want new features. It's like shooting fish in a barrel! If it's true that 30% of computers are still running Windows XP, this would easily become one of the most profitable divisions of MS in the near future.

Re:Subscriptions are the fix

[thunderclap]

windows xp is 1 million lines of code that is fundamentally buggy now. Its basically like making a person walk on burning glass for a 1/4 mile barefoot

Re:Subscriptions are the fix

[mcrbids]

There's no particularly good reason to believe that its bug count per line is any higher than any subsequent, later version of Windows. One million is pretty small, Did you mean 40 Million?

It's tough, going to work and doing boring stuff but the $250,000 pay scale overcomes an awful lot of developer resistance...

Re:Subscriptions are the fix

[david_thornley]

The money-making opportunities are limited. Most individuals with XP aren't going to pay a dime to have updates for their systems. They work, and they aren't going to pay to fix what isn't broken. If they cared about security, they'd have upgraded to 7 or something long since. If they needed new software, they'd have been forced to upgrade already. There are institutional exceptions, like the IRS, but the IRS is going to move off XP as fast as they can manage because staying on it costs them a good chunk of money. After a year or so, almost nobody would pay for support.

The general rule is that people with old systems are not good customers. They are unlikely to spend money on maintenance they don't see as important, and they're unlikely to spend anything on preventative maintenance.

Integrated Appliances Already Hit by This

[Carcass666]

I have an Onkyo amplifier (mid-range) and an LG BlueRay player (low-end). A few months back, the Onkyo no longer could connect to Rhapsody (yah, I know, Rhapsody, but the wife likes it). Onkyo knows about it, and basically says "tough" because it's an old model (~ 4 years). I can use Chromecast, but it's an annoyance, because now I have to have a phone or tablet around to listen to music. The BlueRay player no longer shows images for Netflix in its bundled application. I can use Chromecast, but again, it's annoying. It's apparently in neither company's interest to update the firmware (which is updateable on both devices) to fix these issues, because they believe I will go out and by a more recent device (if I do, obviously it will be from neither of these companies).

The whole concept of integrated A/V appliances continues to underwhelm me. Fortunately, I didn't drop extra coin for a "smart" TV, but it seems that it's how the market is moving.

Re:Integrated Appliances Already Hit by This

[Alpha830RulZ]

My Sony BlueRay updates itself fine over the internet, if you're looking for a replacement.

Re:Integrated Appliances Already Hit by This

[plover]

You haven't really been properly underwhemed until you've been disappointed by a Smart TV. I got to experience it because it came with a friend's flat-screen purchase, and all I can say is *!*Yawn*!* It came complete with a creepy camera that watched us wave our arms like drowning Parkinson's victims, then it let us rotate a virtual cube with stuff on it! Woo hoo, that's some damn fine User Experience right there, boy howdy!

All I can give you of value is the information that Onkyo and LG aren't the only companies that are producing WTF tech. Sony's Google TV, Samsung's Smart TV, and Panasonic's whatever-the-hell-Blu-Ray-thing, all of them rated about 4.5 cat-turds on my Useless-Shit-O-Meter. Put another way, none of them are nearly as useful as my Comcast receiver box, which I had previously held up as the litterbox standard for crappy interfaces.

And languages and libraries too!

[Paul+Fernhout]

Well said! Now if we could only get people also to apply the same ideas to fixing up programming languages and libraries (e..g Swift vs. C/D/Java/JavaScript/Smalltalk/etc.) instead of inventing new ones that just have different gaps and different bugs...

Re:This

[choprboy]

Companies aren't "cheapskates", customers are.

Here, I'll prove my point,. You can buy something for $15 today, and have it supported until tomorrow(or whenever) or you can pay $300 for the same exact thing, only support will go for a guaranteed 10 years.

And here is a counterpoint: I was evaluating a piece of robust hardware for installation at remote sites (~$5k). The hardware has a built in micro that monitors all the functions and provides configuration, it is programmed via DIP switches and a serial port, and output status on LEDs and relays (good). The company offers a $700 "TCP/IP" option that provides SNMP monitoring and configuration over IP, as well as uploads all the site info "to the cloud"... because that is all the rage these days.

... The $700 option is a rebadged BeagleBoard connected to the serial port. Do you really think this is going to be supported more than a year or two?

Re:This

[choprboy]

Beta sucks... and completely screwed the above quoting and formating....

To Serve Man

[Paul+Fernhout]

"Computers don't have a long history of serving humans yet."

http://en.wikipedia.org/wiki/T...

Or the recent Slashdot article on robots being used to rip apart mosquitoes...
http://science.slashdot.org/st...

Or previously, slugs:
http://science.slashdot.org/st...
""SlugBot is no ordinary robot. SlugBot hunts down slugs, and is powered by fermenting the slugs' corpses, producing biogas fuel. "

See also, for a different robotic dystopia from helping too much and "protecting" too much: http://en.wikipedia.org/wiki/W...

Life seems livvd between fire and ice, between order and chaos.

Computers and software have been through several generations over the last 70 years (and more). The failures we still see IMHO have more to do with our social systems (including legal frameworks) than with the possibilities of hardware or software. The same is perhaps true of nuclear power -- Fukushima happened more for social reasons than technical ones..

Infoworld? Really?

[userw014]

6 months after the whole issue of embedded systems blew up in Mom and Pop's pizza shop router is breaking news for InfoWorld.

I don't want to think about the number of times more visionary people have brought up this very topic over the past 15 years.

I wonder I'll be concerned in 20+ years - after I've retired from my career and will be paying rent on my hot-bunk from earnings I make washing dogs.

Why Even Upgrade?

[Irate+Engineer]

I'm not a software engineer, just a user, but why do we need to have new OS versions every fucking year? Really, couldn't Microsoft have an OS that looks largely like Windows 3.1 or XP or whatever to the user, but is streamlined and patched to modern standards of security and interoperability?

I'm not trying to start a flame war, but really - as a user I see more change in software as churning to turn a dollar vs. actual improvement. A model where a software might be patched and "recalled" for improvement for a long period of time would be much more satisfactory than the jiggles in UI format that seem to introduce more bugs than improvements.

And yeah, this costs money to do. What cost <X> would I have to plunk down *once* to sit and enjoy an stable OS that were patched and upgraded ad infinitum (or until I died, close enough)?

This must-churn-a-new-shiny-every-reporting-quarter is bullshit. I need a stable OS that I can operate for years without relearning everything. Is such a business model even possible?

Re:Why Even Upgrade?

[plover]

Shiny sells better.

Here's the problem at Microsoft: the biggest competitor of Microsoft X (version N) is Microsoft X (version N-1). They already produce the corporate standards for word processing, spreadsheets, and presentation software. They've incorporated every possible feature they could think to invent (or could buy from a third party.) They've dramatically changed their software engineering practices, and are now producing very stable, high quality code. There simply isn't a compelling reason for anyone to go out and buy version N+1. So instead of inventing another useless feature, they need to make some kind of visible change so that people think they're buying something better.

Frankly, I think their Office365 products are really a clever idea: they take all the bad parts of owning a computer (backups, crashes, viruses, patches, updates, laptop thefts, left my files on my other thumbdrive at home) and hide most of that away in the cloud. For only $9.95 a month, you don't have to bother with computer pain. And as a bonus, they get to market it to customers claiming they always get the newest features (glossing over the fact that they've added almost nothing of value in the last 7 years.) And the revenue stream is unending, because you always need a word processor.

As far as operating systems go, while Vista was a performance stinker, Windows 7 really hit a home run. It's good enough for just about every Windows user. But Microsoft is still stinging from their utter failures with WinCE, Windows Phone, Zune, and every single attempt at embedded systems products. Embarrassingly Apple came in and learned every painful lesson Microsoft had to teach them, and used that to redefine the smartphone experience. And just to throw sand in the vaseline, Apple then extended that to create the entire tablet market. Ironically, Microsoft failed to learn from every single lesson Apple taught them (save one): they thought that because people liked the iPhone GUI that it should be extended to the desktop, completely missing the idea that human computer interface design doesn't work like that. (The lesson they did learn is that "Walled Gardens are Profitable", but that was actually their goal about 15 years ago when they introduced .Net and began their push towards Software as a Service.)

Of course they seem to forget that users are dependent systems, just like any other system dependency, and that change generally makes their lives worse. The bigger the change, the worse it hurts. So for a long time they didn't try to change the desktop too much, but then along came Windows 8. Gestures with a mouse were studied and found to be stupid and unusable over a decade ago, but they didn't let that prevent common sense, usability testing, or the anguished cries of beta testers sway them from their path.

It's too bad that Ballmer has such an ego that he feels no shame, because his punishment for Windows 8 should have been a lot worse humiliation than simply leaving the company.

RJ-11 on the Toaster. Or WiFi.

[fyngyrz]

there is ZERO advantage to an internet enabled toaster. Z E R O.

No? What if it prints darth vader on the toast for your kids, but they want han solo? What if the fuzzy logic that makes sure the toast is properly browned doesn't work on darker bread, but they figure it out and can upgrade it and the wife LOVES darker breads? What if it prints JAR JAR on the toast but you could upgrade it to print Leia??? JAR JAR man, you HAVE to get rid of that, it'll crush your kid's very SOULS.

Re:Getting it right the first time isn't an option

[0123456]

Software has made people complacent with regard to code quality. You can always patch, can't you? Well, you can't. Get it right!

No. The Internet made them complacent; before that, patches were a major task, as the end user had to download them from a bulletin board somewhere, or an engineer might have to fly half way around the world to install it for you.

But the same Internet that has made patching easy has also made the lack of patches a remotely-exploitable route for hacking into random crap that should never have been on it in the first place.

I'm an IT consultant...

[Thyamine]

It's funny you think people patch their systems _now_

The coming nightmare?

[firesyde424]

What do they mean "the coming nightmare..." If you've worked with Industrial or smaller IT customers, it's already here. I just had to deal with a CNC machine that, no kidding, ran OS2 Warp version 3! How do you get patches for that?