Re: [Cerowrt-devel] anyone fiddlng with these?

Re: [Cerowrt-devel] anyone fiddlng with these?

[dpreed]

This is one of things that is happening. Question is what would be the right approach?  Mozilla also seems to be hacking away with little architectural thinking. Under the theory that you don't need a theory, just "good code".

What could go wrong?

How did we get Spectre in every processor implementation? Answer: processor architects all copied a flawed concept that speculation can easily undo observables. But security is often about exfiltration, not just "getting into kernel mode".

Where did the operational architecture for these InterNOT of Things devices come from? Band aid thinking. Patch on patch.

-----Original Message-----
From: "Dave Taht" <dave.taht@gmail.com>
Sent: Wed, Feb 14, 2018 at 1:15 am
To: cerowrt-devel@lists.bufferbloat.net
Cc: cerowrt-devel@lists.bufferbloat.net
Subject: [Cerowrt-devel] anyone fiddlng with these?

An esp32 coupled with an arm based 802.14 mcu, or an lte chip...

"With one line of code you'll be securely sending messages to the web."

what could go wrong?"

https://www.particle.io/mesh

-- 

Dave Täht
CEO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-669-226-2619
_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel

Re: [Cerowrt-devel] anyone fiddlng with these?

[Jonathan Morton]

[-- Attachment #1: Type: text/plain, Size: 191 bytes --]

Hear, hear.

Besides - exactly how is "securely sending messages to the web" useful in
any way?  That's the part I've never been able to figure out about the IoT
nonsense.

- Jonathan Morton

[-- Attachment #2: Type: text/html, Size: 269 bytes --]

Re: [Cerowrt-devel] anyone fiddlng with these?

[Toke Høiland-Jørgensen]

Jonathan Morton <chromatix99@gmail.com> writes:

> Hear, hear.
>
> Besides - exactly how is "securely sending messages to the web" useful
> in any way? That's the part I've never been able to figure out about
> the IoT nonsense.

How else would you make sure your toothbrush phoned home to the
mothership?

https://gizmodo.com/the-house-that-spied-on-me-1822429852

-Toke

Re: [Cerowrt-devel] anyone fiddlng with these?

[valdis.kletnieks]

[-- Attachment #1: Type: text/plain, Size: 472 bytes --]

On Thu, 15 Feb 2018 14:52:49 +0100, Toke Høiland-Jørgensen said:

> How else would you make sure your toothbrush phoned home to the
> mothership?
>
> https://gizmodo.com/the-house-that-spied-on-me-1822429852

Unless the mothership is the RPi3 sitting under my TV, I probably don't *want* it phoning home.

And yes, I'm willing to pay extra for a toothbrush or light bulb or Roomba that
can't be monetized because it only talks to a mothership that I control.


[-- Attachment #2: Type: application/pgp-signature, Size: 486 bytes --]

Re: [Cerowrt-devel] anyone fiddlng with these?

[Aaron Wood]

[-- Attachment #1: Type: text/plain, Size: 1894 bytes --]

"securely sending messages to the web" -> "Sending telemetry data to my
cloud-based data processing pipeline".

Both MQTT (over TLS) and HTTPS are both used heavily for sending data
upstream.  Some companies in this space are thinking about security,
others... less so.

In general, the cloud providers for MQTT (Google Cloud IoT Core, AWS Cloud
IoT, etc) are taking it very seriously.  The device platform suppliers are
starting to come around to the notion that having private keys in the
hardware is a ReallyGoodThing(tm).  Companies like Maxim are making
hardware keys for making it easier to build devices that can do stronger
authentication to the cloud systems that they talk to:
http://www.microchip.com/design-centers/security-ics/cryptoauthentication/cloud-authentication/google-iot-core-atecc608a

My own view, having been around industrial automation, building controls,
and interactive home security for >20 years is that the residential market
is a small slice of IoT.  Industrial and commercial uses are much, much
larger (and have a longer history, it just hasn't been called IoT).

(off soapbox)



On Thu, Feb 15, 2018 at 7:41 AM, <valdis.kletnieks@vt.edu> wrote:

> On Thu, 15 Feb 2018 14:52:49 +0100, Toke Høiland-Jørgensen said:
>
> > How else would you make sure your toothbrush phoned home to the
> > mothership?
> >
> > https://gizmodo.com/the-house-that-spied-on-me-1822429852
>
> Unless the mothership is the RPi3 sitting under my TV, I probably don't
> *want* it phoning home.
>
> And yes, I'm willing to pay extra for a toothbrush or light bulb or Roomba
> that
> can't be monetized because it only talks to a mothership that I control.
>
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
>

[-- Attachment #2: Type: text/html, Size: 3137 bytes --]

Re: [Cerowrt-devel] anyone fiddlng with these?

[Toke Høiland-Jørgensen]

Dave Taht <dave.taht@gmail.com> writes:

> An esp32 coupled with an arm based 802.14 mcu, or an lte chip...
>
> "With one line of code you'll be securely sending messages to the web."
>
> what could go wrong?"

Well at least it appears to be open source, support OTA updates and use
DTLS. That could be a lot worse... :)

-Toke

[Cerowrt-devel] anyone fiddlng with these?

[Dave Taht]

An esp32 coupled with an arm based 802.14 mcu, or an lte chip...

"With one line of code you'll be securely sending messages to the web."

what could go wrong?"

https://www.particle.io/mesh

-- 

Dave Täht
CEO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-669-226-2619