Spitballing IoT Security

Emille Blanc emille at abccommunications.com
Thu Oct 27 21:30:14 UTC 2016

(deleted for ambiguity)

> > Which is the point.  These things stay out there...like those winXP
> > boxes.  There are 2 choices
> >
> > 1) manufacturers are responsible for the devices.  No longer caring for
> >    them? Recall them.  Compensate the users.
> >
> > 2) stronger obsolescence.  eg kill switch/firmware tombstoning/network
> >    connectivity function ending timebomb
> >
> > as a user of lots of legacy tech i find either option bad :/
> >
> > alan
> Or Apple could release iOS 6.1.7.  There is nothing stopping Apple doing
> so.  Apple are the ones preventing people running iOS 10.x on the 3GS.
> This puts the responsibilty on them to supply security fixes.
> All of the PC's running XP could run a newer version of the Windows
> regardless of whether they could run the latest version.

Well, yes and no.  As $newer_better_faster_stronger gains market share, there's no drive to be backwards compatible.

iOS is no different from any other operating system in that regard, it's designed for hardware A, B, C, D's 1 through 4 (probably more, but I'm trying to be somewhat abstract).  If it has to support E through Z also, for 12+ years of backwards compatibility, bad things can happen (bloat, instability, bugs).
I don't get upset for example, when I transplant a Win2k or Win98 drive into a box built up with 3 year old hardware, of which not a single device is supported.
That's not even taking into account the challenge of developing for different architectures. ARM, x86, PPC, AMD64, PowerISA, SPARC, to name a few. I won't even get into microcontrollers.

Don't get me wrong. I'd love to update my 12 year old Macbook Pro to Sierra, but I've accepted that it, like most electronics, were almost certainly not engineered, let alone expected, to last even half that long.
I'm reminded of that fact every time I open Youtube, and Flash Player spins both of its 2.33ghz Core2 Duo cores to 100% for a 460p video.
Even then, I've had to stop updating Flash sometime around mid 2014, as any newer versions cease to function entirely.

More information about the NANOG mailing list