undefined | Better HN

0 pointssamus2d ago0 comments

> And "require longer support" doesn't fix it because many of the vendors will go out of business.

Which is not a real issue in practice. It's like arguing that warranty doesn't matter because the vendor might go out of business.

0 comments

consp2d ago

It might also be illegal. Don't know about the US but forcing a bankruptcy to avoid regulations is usually frowned upon by the court system here. So putting a product in a child-dummycorp to go poof when you want and let the parent stay afloat usually puts the parent in the line of fire directly and you are screwed either way.

bluGill2d ago

It is possible to require escrow accounts for cover costs of fixing future security issues) - these survive bankruptcy. They need to be big enough to cover the costs though - insurance can calculate this but it isn't cheap.

AnthonyMouse2d ago

The obvious problem with that is the detriment to smaller companies, but it makes a good alternative to releasing the code.

Then if you're a five person shop making routers and you publish the firmware source under a license that allows anyone to make and distribute modifications you're all set. And if you're Apple or Microsoft and you want to make a router without publishing the source code, you post the enormous bond which you have no trouble doing because you're an enormous company and you're all set.

AnthonyMouse2d ago

> Which is not a real issue in practice.

Are you serious? The number of IoT companies that make a product for a couple years and then go bust is enormous.

> It's like arguing that warranty doesn't matter because the vendor might go out of business.

How are you going to use a warranty from a company that no longer exists to get a security update for a product a million consumers still have?

samusOP2d ago

The typical IoT company not surviving the typical lifecycle of their products shows that IoT is a seriously dorked up idea. Anybody deploying them who values security should choose products that can be updated even after the vendor is gone.

> How are you going to use a warranty from a company that no longer exists to get a security update for a product a million consumers still have?

I was not talking about using warranty for this.

AnthonyMouse1d ago

> The typical IoT company not surviving the typical lifecycle of their products shows that IoT is a seriously dorked up idea. Anybody deploying them who values security should choose products that can be updated even after the vendor is gone.

But then many consumers value cost or other things over security, which is why you need all the devices to be able to be updated even after the vendor is gone.

> I was not talking about using warranty for this.

Then why are you talking about a warranty to begin with?

1 more reply

j / k navigate · click thread line to collapse

0 comments

consp2d ago

bluGill2d ago

AnthonyMouse2d ago

The obvious problem with that is the detriment to smaller companies, but it makes a good alternative to releasing the code.

AnthonyMouse2d ago

> Which is not a real issue in practice.

Are you serious? The number of IoT companies that make a product for a couple years and then go bust is enormous.

> It's like arguing that warranty doesn't matter because the vendor might go out of business.

How are you going to use a warranty from a company that no longer exists to get a security update for a product a million consumers still have?

samusOP2d ago

> How are you going to use a warranty from a company that no longer exists to get a security update for a product a million consumers still have?

I was not talking about using warranty for this.

AnthonyMouse1d ago

But then many consumers value cost or other things over security, which is why you need all the devices to be able to be updated even after the vendor is gone.

> I was not talking about using warranty for this.

Then why are you talking about a warranty to begin with?

1 more reply

j / k navigate · click thread line to collapse