[Cerowrt-devel] anyone fiddlng with these?

Discussion:

d***@deepplum.com

2018-02-15 13:46:42 UTC

This is one of things that is happening. Question is what would be the right approach? Mozilla also seems to be hacking away with little architectural thinking. Under the theory that you don't need a theory, just "good code".

What could go wrong?

How did we get Spectre in every processor implementation? Answer: processor architects all copied a flawed concept that speculation can easily undo observables. But security is often about exfiltration, not just "getting into kernel mode".

Where did the operational architecture for these InterNOT of Things devices come from? Band aid thinking. Patch on patch.

-----Original Message-----
From: "Dave Taht" <***@gmail.com>
Sent: Wed, Feb 14, 2018 at 1:15 am
To: cerowrt-***@lists.bufferbloat.net
Cc: cerowrt-***@lists.bufferbloat.net
Subject: [Cerowrt-devel] anyone fiddlng with these?

An esp32 coupled with an arm based 802.14 mcu, or an lte chip...

"With one line of code you'll be securely sending messages to the web."

what could go wrong?"

https://www.particle.io/mesh

--
Dave TÃ¤ht
CEO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-669-226-2619
_______________________________________________
Cerowrt-devel mailing list
Cerowrt-***@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel

Jonathan Morton

2018-02-15 13:51:00 UTC

Permalink

Hear, hear.

Besides - exactly how is "securely sending messages to the web" useful in
any way? That's the part I've never been able to figure out about the IoT
nonsense.

- Jonathan Morton

Toke Høiland-Jørgensen

2018-02-15 13:52:49 UTC

Permalink

Post by Jonathan Morton
Hear, hear.
Besides - exactly how is "securely sending messages to the web" useful
in any way? That's the part I've never been able to figure out about
the IoT nonsense.

How else would you make sure your toothbrush phoned home to the
mothership?

https://gizmodo.com/the-house-that-spied-on-me-1822429852

-Toke

v***@vt.edu

2018-02-15 15:41:40 UTC

Permalink

Post by Toke HÃ¸iland-JÃ¸rgensen
How else would you make sure your toothbrush phoned home to the
mothership?
https://gizmodo.com/the-house-that-spied-on-me-1822429852

Aaron Wood

2018-02-15 16:03:53 UTC

Permalink

"securely sending messages to the web" -> "Sending telemetry data to my
cloud-based data processing pipeline".

Both MQTT (over TLS) and HTTPS are both used heavily for sending data
upstream. Some companies in this space are thinking about security,
others... less so.

In general, the cloud providers for MQTT (Google Cloud IoT Core, AWS Cloud
IoT, etc) are taking it very seriously. The device platform suppliers are
starting to come around to the notion that having private keys in the
hardware is a ReallyGoodThing(tm). Companies like Maxim are making
hardware keys for making it easier to build devices that can do stronger
authentication to the cloud systems that they talk to:
http://www.microchip.com/design-centers/security-ics/cryptoauthentication/cloud-authentication/google-iot-core-atecc608a

My own view, having been around industrial automation, building controls,
and interactive home security for >20 years is that the residential market
is a small slice of IoT. Industrial and commercial uses are much, much
larger (and have a longer history, it just hasn't been called IoT).

(off soapbox)

Post by v***@vt.edu

Post by Toke HÃ¸iland-JÃ¸rgensen
How else would you make sure your toothbrush phoned home to the
mothership?
https://gizmodo.com/the-house-that-spied-on-me-1822429852

Unless the mothership is the RPi3 sitting under my TV, I probably don't
*want* it phoning home.
And yes, I'm willing to pay extra for a toothbrush or light bulb or Roomba that
can't be monetized because it only talks to a mothership that I control.
_______________________________________________
Cerowrt-devel mailing list
https://lists.bufferbloat.net/listinfo/cerowrt-devel