It's possible to build a hack-resistant backdoor into something like an iPhone, but it's just not economical unless the value of a key-escrow system is extremely high.
The key things that make it hack-resistant are: * Difficulty and cost of decrypting a device is high * Decrypting a device requires lots of human effort, lots of time, and physical access to many different things which are not in the same place. * Decrypting one device does not get you any closer to decrypting similar devices
One solution - listed below - amounts to a version of the key-escrow schemes proposed by the United States in the 1990s.
Each phone would have a an encrypted version of a unique random key burned into the hardware, not directly accessible by the device, and indirectly accessible only through something akin to the iPhone's security module.
The key to decrypt this key would be be that phone's "back door." If you can decrypt the key that belongs to a given phone, you can decrypt the entire phone.
In other words, if "A" is the magic key that can decrypt the phone, and "B" is encrypt(A, key), then B is burned into the phone and "key" (or its private-public counterpart) is the phone's "back door."
These "back doors" would not be stored electronically. Rather, they would be stored offline, possible even on paper, split into multiple pieces, each piece itself encrypted, and the results stored in different locations. The idea being that a significant amount of human and computational effort would be required to re-assemble the pieces even if there was a court order.
So, for each phone, "key" would be divided into many pieces, K1 through KN. Each of them would be encrypted and the encrypted versions stored offline across a wide geographic area, all under tight physical security. Of course, the key that could be used to decrypt K1 through KN would also be stored under tight security and not stored on any network-connected device.
Of course, one a computer or phone's keys had been re-assembled, for all intents and purposes that device will never be secure again.
The system has several advantages over other backdoor proposals: * There is no "you broke it for all devices" situation like when DVD encryption was broken. * It's very difficult, difficult enough to deter random "fishing expeditions" by law enforcement and even deter all but the most "high value" targeted "fishing expeditions"
As a backdoor, this system is not without its weaknesses:
* There is a short window during manufacturing where the key can be stolen without anyone knowing about it. For example, if a manufacturer were coerced by a government, or if an employee with such access were being blackmailed. * If a key is recovered and the device is not destroyed, future owners may believe they have a secure device, when in fact they do not. * There are still some sensitive keys, such as the key that can be used to decrypt the parts that are geographically dispersed. * I'm sure there are other weaknesses, after all, this is just one guy thinking off-the-cuff somewhere on the Internet, not an academic making sure his proposal will pass peer review.
Countries which are not free but who wish to have the veneer of freedom may want to have phones that are "secured" in this way. If the people correctly believe that it will cost their police force weeks of time and hundreds of thousands of dollars to decrypt their phones, it will cut down on the fear that exists in most police states, which will help those in power stay in power longer. I'm especially thinking of countries like China and Russia, but I'm sure more than a few readers have some English-speaking countries in mind as they read this.
What you're looking for came and went a decade ago. UWB HDMI Tx/Rx pairs were around in 2006.
Most of the UWB HDMI Tx/Rx pairs that I saw still need electricity at both ends. Unless the TV provides the electricity, it does not meet the original submitter's needs.
In any case, I offered a completely different solution - a consumer-grade ultra-low-power "ATSC TV station." Obviously, there would need to be a power source at the transmitter, but since the receiver is the television itself, there wouldn't need to be anything there but an antenna.
I don't think such devices are legal in the United States for consumer use.
You can buy them at walmart, target, best buy, dollar store, etc.
According to FCC:
Unlicensed operation on the AM and FM radio broadcast bands is permitted for some extremely low powered devices covered under Part 15 of the FCC's rules
By "such devices" I mean for TV, not AM or FM radio.
I'd be looking for something that I could watch with my regular ATSC television, but with the transmitter in the same room or an adjacent room.
Obviously, what I am looking for would be very very low power - any TV more than a few hundred feet away wouldn't be able to get a lock on it with just plain old rabbit ears, and anyone more than a block away would be hard-pressed to tune in with even a decent outdoor antenna.
Unlike the "transmit your CD player to your car radio" ultra-low-power transmitters, I don't think such devices are legal in the United States for consumer use.
What I'd like is to be able to wall-mount a new TV and just plug in a wireless dongle to stream the video with no extra setup required on the receiver end.
Sounds like what you need is the TV equivalent of those ultra-low-power "FCC Part 15" FM transmitters people used to "broadcast" their portable CD player's music to their car stereo systems 20 years ago.
As far as I know, they don't exist, but it sounds like there is a market for them.
The more common application for something like this would be at weddings or other parties, where a big-screen TV tuned to an unused channel could show a live feed from a camera that is walking around the party.
It doesn't apply to most consumer devices, but certain business/industrial uses require a guarantee the product's repair history is accurate and that the device has never been opened except for authorized, documented repairs.
It's not just the things like medical devices that are highly regulated already, but also things like phones used by police departments where their logs may be entered into evidence.
A good "compromise" would be a tamper-evident, serial-numbered seal that could only be re-applied by an authorized repair center. The authorized repair center would document the serial number of the seal that was on the phone and would document on paper and by video-recording all changes made to the device then re-seal it with a new seal. In most cases, a summary of the repair along with both serial numbers would be filed with the manufacturer or, for special cases where the manufacturer needed to be kept in the dark about it (think: government-owned devices where the fact that the device is even in government hands may be a state secret), with a trusted third party (perhaps a separate branch of the government, with a "digital digest/hash" published to prevent altering the records later).
Manufacturers would have to provide the information and tools necessary to make repairs to the general public at reasonable prices, as is the case under most "right to repair" proposals.
End users who do not need a "legal provenance" on their device's repairs would be free to use 3rd parties for repair. Damages unrelated to the repair done by the 3rd party would continue to be covered by the factory warranty.
For better or for worse, participating in certain industries means always being in someone's line of fire.
Providing controversial products or services such as abortion services in a "red state" or military-style guns in a "blue state"? Prepare to cave to political pressure or spend extra on security, public relations, and lawyers.
Selling cutting-edge drugs or medical equipment that has a more-than-zero-percent failure rate? Better have good lawyers or politicians in your pocket from the get-go otherwise that first lawsuit when your product does fail or your drug has a rare bad side effect is going to bankrupt you.
Running an adult-oriented business in a city or country that doesn't like them, or providing online services to such businesses (think BackPage)? Have the lawyers on standby. If you wind up competing with organized crime, you'll also need to hiring reliable, loyal private security or you might wind up doing the modern equivalent of going swimming with "cement boots."
Selling products or services ("stalker-ware") to third parties (governments or private individuals) that can hurt people (those being spied upon) who can hurt you back (some stalk-ees can fight back, you know)? Unless you are so invisible nobody but your customers/prospective customers knows who you are (selling only to or by referral from three-letter-agencies), you'll need good security for your company, its assets, and anyone associated with the company, both virtual and probably physical.
Codes of conduct are like other rules or laws that govern interpersonal behavior:
There mere existence is a sign of past failure - usually a failure in communications but not always.
I'm too ignorant to speak about FreeBSD, but I can see situations where "all else has failed" and I would actually be spearheading the effort to impose such rules as the "last, best" alternative to an organization dissolving or becoming irrelevant. On the other hand - again, I'm not speaking about FreeBSD - "blowing it up and starting over" may be better than trying to "rescue" an organization by imposing new internal rules of behavior.
In the future, market or MS/Apple-heavy-handed forces will coerce most applications to be dependent on only a small-by-today's-standards set of APIs.
Everything else will be either using non-OS-specific "outside code" such as portable libraries or "really outside" code such as internet-based or other non-local-machine-based code.
This is the way many phone apps work today: They are not much more than a front end to a web site or other internet-based resource. If the limited set of APIs needed to make such apps work were ported to Linux and and the hardware itself were virtualized or emulated, well, that's the bulk of what is needed for "it looks like a Linux app to the user" compatibility.
Some if not many phone apps are also written against cross-platform libraries so the vendor can sell to iOS and Android users with a mostly-common code base. If the library vendor has a Linux implementation and they write "glue/translation code" so that a non-Linux-binary can indirectly call the Linux version of the libraries, then, again, the bulk of the work has been done.
As far as MacOS and Windows applications go, we are far from there. However, if "walled garden stores" that enforce strict rules continue to gain popularity, I can see the day when 90+% of Windows and Mac applications that people use that don't come directly from Microsoft or Apple or hardware vendors are much easier to "seamlessly emulate" than today's mix of applications.
I can see "invisible once things are set up emulation layers" that let Windows and Mac apps run in Linux the same way that DOS apps used to run in 1990 versions of Windows, Windows 16-bit apps used to (and may still) run in Windows x86, Mac Classic 1990s apps ran in MacOSX, Mac OSX PPC apps ran in the early Intel versions of the Mac OS etc (this compatibility list is far from exhaustive).
Unless someone wants to throw tens of millions of dollars at the problem for several years in a row or the "ease" of making "Windows compatibility" or "Mac compatibility" goes way up, we will always be several years or a decade behind on the "compatibility" race.
So, will there ever be a Linux distro that runs almost all early-2018 Mac and Windows applications "as is" so they look like native Linux applications?
Sure, but I'm betting it's not until 2028 unless someone plunks down the big bucks first. Even then, it will take time to catch up.
By the way, you can run most popular 20+ year old PC and 30+ year old Mac operating systems and their programs quite nicely if you can get legal access to the Microsoft and Apple code (including Mac ROMs). In 30 years - maybe 10 - we will be able to say the same about early-2018 Windows and Mac programs.
Hmm, maybe instead of reloading ATMs with cash, just have a "module" that is the real ATM that is drop-in-replaced into the "outside box" as needed.
The "outside box" would just handle the user interface and provide additional physical security.
The "module" would be very tamper-resistant. It would be taken to a controlled location to be reloaded. It would also have a time lock on it so it could not be accessed before it unlocked without causing obvious physical damage.
This wouldn't stop ATM thefts but it would make "I got physical access and pressed a switch to make it jackpot"-type attacks much harder if not impossible.
Bonus points if the ATM released a chemical to "ruin" all remaining currency inside if it was moved without some kind of authorization. If it worked, this alone would make attempts to steal the ATM or the "inside module" pretty useless.
Countries with liberal pro-consumer trade commissions* should investigate Apple and other vendors that force users to use "their walled garden" when those same companies keep things out of their garden without a good reason (e.g. keeping malware or deceptive apps out is pro-consumer and is okay).
Google-phone vendors that allow 3rd party stores would be fine, as would the Apple Mac, since you aren't "locked in" to the App Store.
Even more common is the need to get historical and inventory information up to the business network real time so people can make proper decisions.
This is where a one-way air gap can come in handy:
Have the "secure" side continuously report real-time data 24/7 to a "less secure" device for recording/reporting over a one-way channel. Use VPNs or other controls to give access to the "recording/reporting box" as needed.
If the reporting/reporting box gets compromised, at least it can't directly leapfrog back to the "secure side."
Actual 1970s-era chips or slight revisions of them that are still being produced: Why do I need a system with an 80486 or modern-ARM-chip with a wired or wireless Ethernet Ethernet interface when a 4- or 8-bit microcontroller and a simple wired or wireless serial interface will do?
Door 4, more expensive, feasible only if you are ordering tens or hundreds of thousands:
Same microcontroller and same serial interface controller but with features you don't need removed during production, in much the same way that Intel disabled or removed some math functions in the i486SX for customers that didn't need them or who didn't want to pay for them (the difference being that in sub-million-unit runs you will probably pay MORE to have a function removed).
I'm sure there are other "doors" I haven't thought of yet.
In general, simpler systems have a smaller attack footprint.
Like the rest of the computer industry, many industrial systems are more complicated than they need to be.
Yes, industrial equipment is simpler-by-design than your average general-purpose computer, but there are still some "because we can have it and it would be a nice thing to have, we have it" or "because we can buy an off-the-shelf chip that does things we don't need cheaper than paying the chip-vendor to disable unneeded functionality, we do" situations.
There are probably innumerable industrial-control systems that can run their core functions "intelligence" on the equivalent of an early-1970s microprocessor or less. Perhaps they should.
IBM mainframes "phoned home" for tech help back before most of today's college students were born.
Robotic tape drive malfunction? Phone home and a technician was dispatched.
Even prior to the computer age, unattended automated industrial equipment had fault sensors. When a fault was detected, a remote alarm was raised and a technician was dispatched.
Same principle as 50-100+ years ago, but with 21st century sophistication and a 21st century application.
How is "it has to work offline" an answer to the question of whether there are functional solutions for voice controlling things like sending emails and other basic PC usage scenarios?
1) You cannot depend on being online 24/7.
2) Some people reasonably consider "online only" to be such an invasion of privacy that it's fundamentally broken. That is, by definition, it "does not work" even if it appears to work. Granted, that's a philosophical rather than a technical argument, but it is an argument nonetheless.
If you want to build it from scratch, you must first invent the universe.
Well, I'll settle for building it with tools available in A.D. 2018 (factories, mining equipment, etc.) and "parts" available in 2018 B.C. (natural resources).
Regression of new-bug risk is why many non-critical bugs go unfixed and why companies like IBM sometimes release patches only to those customers who complain and who are willing to accept a fix that hasn't been thoroughly tested.
Please learn to pirate, so that your video habits will stop being used to legitimize the ridiculous idea that software shouldn't be end-user maintainable.
If you can live without it, vote with your wallet and do without.
With few exceptions such as people who review movies for a living, people do not need to watch any specific movie that comes out of Hollywood.
Slashdot Mirror
It's possible to build a hack-resistant backdoor into something like an iPhone, but it's just not economical unless the value of a key-escrow system is extremely high.
The key things that make it hack-resistant are:
* Difficulty and cost of decrypting a device is high
* Decrypting a device requires lots of human effort, lots of time, and physical access to many different things which are not in the same place.
* Decrypting one device does not get you any closer to decrypting similar devices
One solution - listed below - amounts to a version of the key-escrow schemes proposed by the United States in the 1990s.
Each phone would have a an encrypted version of a unique random key burned into the hardware, not directly accessible by the device, and indirectly accessible only through something akin to the iPhone's security module.
The key to decrypt this key would be be that phone's "back door." If you can decrypt the key that belongs to a given phone, you can decrypt the entire phone.
In other words, if "A" is the magic key that can decrypt the phone, and "B" is encrypt(A, key), then B is burned into the phone and "key" (or its private-public counterpart) is the phone's "back door."
These "back doors" would not be stored electronically. Rather, they would be stored offline, possible even on paper, split into multiple pieces, each piece itself encrypted, and the results stored in different locations. The idea being that a significant amount of human and computational effort would be required to re-assemble the pieces even if there was a court order.
So, for each phone, "key" would be divided into many pieces, K1 through KN. Each of them would be encrypted and the encrypted versions stored offline across a wide geographic area, all under tight physical security. Of course, the key that could be used to decrypt K1 through KN would also be stored under tight security and not stored on any network-connected device.
Of course, one a computer or phone's keys had been re-assembled, for all intents and purposes that device will never be secure again.
The system has several advantages over other backdoor proposals:
* There is no "you broke it for all devices" situation like when DVD encryption was broken.
* It's very difficult, difficult enough to deter random "fishing expeditions" by law enforcement and even deter all but the most "high value" targeted "fishing expeditions"
As a backdoor, this system is not without its weaknesses:
* There is a short window during manufacturing where the key can be stolen without anyone knowing about it. For example, if a manufacturer were coerced by a government, or if an employee with such access were being blackmailed.
* If a key is recovered and the device is not destroyed, future owners may believe they have a secure device, when in fact they do not.
* There are still some sensitive keys, such as the key that can be used to decrypt the parts that are geographically dispersed.
* I'm sure there are other weaknesses, after all, this is just one guy thinking off-the-cuff somewhere on the Internet, not an academic making sure his proposal will pass peer review.
Countries which are not free but who wish to have the veneer of freedom may want to have phones that are "secured" in this way. If the people correctly believe that it will cost their police force weeks of time and hundreds of thousands of dollars to decrypt their phones, it will cut down on the fear that exists in most police states, which will help those in power stay in power longer. I'm especially thinking of countries like China and Russia, but I'm sure more than a few readers have some English-speaking countries in mind as they read this.
What you're looking for came and went a decade ago.
UWB HDMI Tx/Rx pairs were around in 2006.
Most of the UWB HDMI Tx/Rx pairs that I saw still need electricity at both ends. Unless the TV provides the electricity, it does not meet the original submitter's needs.
In any case, I offered a completely different solution - a consumer-grade ultra-low-power "ATSC TV station." Obviously, there would need to be a power source at the transmitter, but since the receiver is the television itself, there wouldn't need to be anything there but an antenna.
I don't think such devices are legal in the United States for consumer use.
You can buy them at walmart, target, best buy, dollar store, etc.
According to FCC:
Unlicensed operation on the AM and FM radio broadcast bands is permitted for some extremely low powered devices covered under Part 15 of the FCC's rules
By "such devices" I mean for TV, not AM or FM radio.
I'd be looking for something that I could watch with my regular ATSC television, but with the transmitter in the same room or an adjacent room.
Obviously, what I am looking for would be very very low power - any TV more than a few hundred feet away wouldn't be able to get a lock on it with just plain old rabbit ears, and anyone more than a block away would be hard-pressed to tune in with even a decent outdoor antenna.
Unlike the "transmit your CD player to your car radio" ultra-low-power transmitters, I don't think such devices are legal in the United States for consumer use.
What I'd like is to be able to wall-mount a new TV and just plug in a wireless dongle to stream the video with no extra setup required on the receiver end.
Sounds like what you need is the TV equivalent of those ultra-low-power "FCC Part 15" FM transmitters people used to "broadcast" their portable CD player's music to their car stereo systems 20 years ago.
As far as I know, they don't exist, but it sounds like there is a market for them.
The more common application for something like this would be at weddings or other parties, where a big-screen TV tuned to an unused channel could show a live feed from a camera that is walking around the party.
It doesn't apply to most consumer devices, but certain business/industrial uses require a guarantee the product's repair history is accurate and that the device has never been opened except for authorized, documented repairs.
It's not just the things like medical devices that are highly regulated already, but also things like phones used by police departments where their logs may be entered into evidence.
A good "compromise" would be a tamper-evident, serial-numbered seal that could only be re-applied by an authorized repair center. The authorized repair center would document the serial number of the seal that was on the phone and would document on paper and by video-recording all changes made to the device then re-seal it with a new seal. In most cases, a summary of the repair along with both serial numbers would be filed with the manufacturer or, for special cases where the manufacturer needed to be kept in the dark about it (think: government-owned devices where the fact that the device is even in government hands may be a state secret), with a trusted third party (perhaps a separate branch of the government, with a "digital digest/hash" published to prevent altering the records later).
Manufacturers would have to provide the information and tools necessary to make repairs to the general public at reasonable prices, as is the case under most "right to repair" proposals.
End users who do not need a "legal provenance" on their device's repairs would be free to use 3rd parties for repair. Damages unrelated to the repair done by the 3rd party would continue to be covered by the factory warranty.
In countries where employees have some privacy rights, this could expose employers to legal risks.
Any hotel using this will drive my business elsewhere.
For better or for worse, participating in certain industries means always being in someone's line of fire.
Providing controversial products or services such as abortion services in a "red state" or military-style guns in a "blue state"? Prepare to cave to political pressure or spend extra on security, public relations, and lawyers.
Selling cutting-edge drugs or medical equipment that has a more-than-zero-percent failure rate? Better have good lawyers or politicians in your pocket from the get-go otherwise that first lawsuit when your product does fail or your drug has a rare bad side effect is going to bankrupt you.
Running an adult-oriented business in a city or country that doesn't like them, or providing online services to such businesses (think BackPage)? Have the lawyers on standby. If you wind up competing with organized crime, you'll also need to hiring reliable, loyal private security or you might wind up doing the modern equivalent of going swimming with "cement boots."
Selling products or services ("stalker-ware") to third parties (governments or private individuals) that can hurt people (those being spied upon) who can hurt you back (some stalk-ees can fight back, you know)? Unless you are so invisible nobody but your customers/prospective customers knows who you are (selling only to or by referral from three-letter-agencies), you'll need good security for your company, its assets, and anyone associated with the company, both virtual and probably physical.
Ten thousand years - 833 1/3 zodiac cycles
Disagree - DONOTWANT
Xi Zedong - Mao Xi, or No Moa Xi (sounds like "no more Xi" in English)
Shameless - goes naked in public
Lifelong - until worm-food
Personality cult - cult of fake man-god
Emigrate - leave home for good
Immortality - lifetime of fake man-god
and for n, m+1
Codes of conduct are like other rules or laws that govern interpersonal behavior:
There mere existence is a sign of past failure - usually a failure in communications but not always.
I'm too ignorant to speak about FreeBSD, but I can see situations where "all else has failed" and I would actually be spearheading the effort to impose such rules as the "last, best" alternative to an organization dissolving or becoming irrelevant. On the other hand - again, I'm not speaking about FreeBSD - "blowing it up and starting over" may be better than trying to "rescue" an organization by imposing new internal rules of behavior.
At least some of them were artificially intelligent.
In the future, market or MS/Apple-heavy-handed forces will coerce most applications to be dependent on only a small-by-today's-standards set of APIs.
Everything else will be either using non-OS-specific "outside code" such as portable libraries or "really outside" code such as internet-based or other non-local-machine-based code.
This is the way many phone apps work today: They are not much more than a front end to a web site or other internet-based resource. If the limited set of APIs needed to make such apps work were ported to Linux and and the hardware itself were virtualized or emulated, well, that's the bulk of what is needed for "it looks like a Linux app to the user" compatibility.
Some if not many phone apps are also written against cross-platform libraries so the vendor can sell to iOS and Android users with a mostly-common code base. If the library vendor has a Linux implementation and they write "glue/translation code" so that a non-Linux-binary can indirectly call the Linux version of the libraries, then, again, the bulk of the work has been done.
As far as MacOS and Windows applications go, we are far from there. However, if "walled garden stores" that enforce strict rules continue to gain popularity, I can see the day when 90+% of Windows and Mac applications that people use that don't come directly from Microsoft or Apple or hardware vendors are much easier to "seamlessly emulate" than today's mix of applications.
I can see "invisible once things are set up emulation layers" that let Windows and Mac apps run in Linux the same way that DOS apps used to run in 1990 versions of Windows, Windows 16-bit apps used to (and may still) run in Windows x86, Mac Classic 1990s apps ran in MacOSX, Mac OSX PPC apps ran in the early Intel versions of the Mac OS etc (this compatibility list is far from exhaustive).
Unless someone wants to throw tens of millions of dollars at the problem for several years in a row or the "ease" of making "Windows compatibility" or "Mac compatibility" goes way up, we will always be several years or a decade behind on the "compatibility" race.
So, will there ever be a Linux distro that runs almost all early-2018 Mac and Windows applications "as is" so they look like native Linux applications?
Sure, but I'm betting it's not until 2028 unless someone plunks down the big bucks first. Even then, it will take time to catch up.
By the way, you can run most popular 20+ year old PC and 30+ year old Mac operating systems and their programs quite nicely if you can get legal access to the Microsoft and Apple code (including Mac ROMs). In 30 years - maybe 10 - we will be able to say the same about early-2018 Windows and Mac programs.
When I see buzzwords like this in the first line or two of a summary, I'm wondering if this is real "news for nerds" or a warmed-over press release.
Hmm, maybe instead of reloading ATMs with cash, just have a "module" that is the real ATM that is drop-in-replaced into the "outside box" as needed.
The "outside box" would just handle the user interface and provide additional physical security.
The "module" would be very tamper-resistant. It would be taken to a controlled location to be reloaded. It would also have a time lock on it so it could not be accessed before it unlocked without causing obvious physical damage.
This wouldn't stop ATM thefts but it would make "I got physical access and pressed a switch to make it jackpot"-type attacks much harder if not impossible.
Bonus points if the ATM released a chemical to "ruin" all remaining currency inside if it was moved without some kind of authorization. If it worked, this alone would make attempts to steal the ATM or the "inside module" pretty useless.
Countries with liberal pro-consumer trade commissions* should investigate Apple and other vendors that force users to use "their walled garden" when those same companies keep things out of their garden without a good reason (e.g. keeping malware or deceptive apps out is pro-consumer and is okay).
Google-phone vendors that allow 3rd party stores would be fine, as would the Apple Mac, since you aren't "locked in" to the App Store.
*Not the USA at this time, sadly
Even more common is the need to get historical and inventory information up to the business network real time so people can make proper decisions.
This is where a one-way air gap can come in handy:
Have the "secure" side continuously report real-time data 24/7 to a "less secure" device for recording/reporting over a one-way channel. Use VPNs or other controls to give access to the "recording/reporting box" as needed.
If the reporting/reporting box gets compromised, at least it can't directly leapfrog back to the "secure side."
You forgot doors 3 and above:
Door 3:
Actual 1970s-era chips or slight revisions of them that are still being produced: Why do I need a system with an 80486 or modern-ARM-chip with a wired or wireless Ethernet Ethernet interface when a 4- or 8-bit microcontroller and a simple wired or wireless serial interface will do?
Door 4, more expensive, feasible only if you are ordering tens or hundreds of thousands:
Same microcontroller and same serial interface controller but with features you don't need removed during production, in much the same way that Intel disabled or removed some math functions in the i486SX for customers that didn't need them or who didn't want to pay for them (the difference being that in sub-million-unit runs you will probably pay MORE to have a function removed).
I'm sure there are other "doors" I haven't thought of yet.
In general, simpler systems have a smaller attack footprint.
Like the rest of the computer industry, many industrial systems are more complicated than they need to be.
Yes, industrial equipment is simpler-by-design than your average general-purpose computer, but there are still some "because we can have it and it would be a nice thing to have, we have it" or "because we can buy an off-the-shelf chip that does things we don't need cheaper than paying the chip-vendor to disable unneeded functionality, we do" situations.
There are probably innumerable industrial-control systems that can run their core functions "intelligence" on the equivalent of an early-1970s microprocessor or less. Perhaps they should.
IBM mainframes "phoned home" for tech help back before most of today's college students were born.
Robotic tape drive malfunction? Phone home and a technician was dispatched.
Even prior to the computer age, unattended automated industrial equipment had fault sensors. When a fault was detected, a remote alarm was raised and a technician was dispatched.
Same principle as 50-100+ years ago, but with 21st century sophistication and a 21st century application.
How is "it has to work offline" an answer to the question of whether there are functional solutions for voice controlling things like sending emails and other basic PC usage scenarios?
1) You cannot depend on being online 24/7.
2) Some people reasonably consider "online only" to be such an invasion of privacy that it's fundamentally broken. That is, by definition, it "does not work" even if it appears to work. Granted, that's a philosophical rather than a technical argument, but it is an argument nonetheless.
If you want to build it from scratch, you must first invent the universe.
Well, I'll settle for building it with tools available in A.D. 2018 (factories, mining equipment, etc.) and "parts" available in 2018 B.C. (natural resources).
Regression of new-bug risk
should read
Regression or new-bug risk
The patch above is an "early-release" patch. It has not undergone rigorous testing. The reader assumes all implementation and other risks.
Regression of new-bug risk is why many non-critical bugs go unfixed and why companies like IBM sometimes release patches only to those customers who complain and who are willing to accept a fix that hasn't been thoroughly tested.
Please learn to pirate, so that your video habits will stop being used to legitimize the ridiculous idea that software shouldn't be end-user maintainable.
If you can live without it, vote with your wallet and do without.
With few exceptions such as people who review movies for a living, people do not need to watch any specific movie that comes out of Hollywood.