Obviously this is the entertainment system and not something more critical, but it's telling. There is a huge cadence mismatch between software cycles and capital good replacement cycles. Airplanes, factories, HVAC systems, even home appliances last for decades. Software on these systems needs to get upgraded, I can't even imagine the number of security patches that have gone into the Linux kernel in the last 11 years.
I just don't feel that anything relevant to the IoT is missing from my life. At all.
And we're only worried about vendors going out of business because it's the early days and it's largely startups pushing the trend. With a Samsung or Apple, it's more that they'll quickly (by home equipment standards) stop supporting whatever doesn't stick to the wall.
There is a case to be made for self-contained objects that don't derive most of their value from an ecosystem, but work normally with no network. Work up from a toaster, not down from a computer.
I will go out of my way to buy a dumb TV next time.
The impetus there was that LG changed its net-connected TV platform in 2011, and instantly dropped all support for older devices. One would think that a final update could remove that "coming soon" box from their proprietary added-feature screen, but they haven't even bothered to do that.
So I can watch NetFlix and YouTube on that device, but not Amazon instant video, or Crackle, or Crunchyroll, or Vimeo, or any of the dozens of selections available to better supported platforms. Having learned my lesson, and aware of the increasingly stalkerish behavior of "smart" televisions, my next TV purchase was very specifically a dumb screen. If I want an internet-connected service now, I use the Wii, or XBox, or the extended desktop from the nearest computer.
I will likely refuse to buy any network-enhanced appliance in the future, unless I am able to root/jailbreak it and install software without the manufacturer's stamp of approval. I probably wouldn't do much beyond installing ChillBox, or FridgeBSD, or CryogenMod, or whatever, but it feels like the possibility might keep them a little more honest. Because you know that refrigerator hackers would be capturing and picking apart every packet that thing sends out, quickly discovering that every time someone closes the door, it sends a tattle out to fridge-use.org about how long you stood there with the fridge door open, along with before-and-after photos of your food.
Though it would also be embarrassing if they marketed value models of a product line by disabling features in software/firmware, and some NetBSD-loving punks could come along and write a simple script that turns the doohickey that retails at $200 into the one that sells for $800.
So it's already too late for me. "Smart" appliances are just another low-capability computer that I will have to support as the in-home IT guy. And I will have to presume that they come pre-loaded with all manner of crapware and spyware. I would forever need to be checking on chipsets and revision numbers and compatibility lists. No thanks. It's hard enough managing the congestion on the home WiFi already.
A company doesn't have to be out of business to not do security updates; they can not do security updates starting day one. There was an article a while ago about tons of home router vendors with insecure software from a third party, where the third party had resolved security issues years ago but the vendors had never bothered to update, leaving hundreds of thousands of devices vulnerable over the last few years.
I'm surprised IoT conversations are still happening with Linux as a contender for the OS, let alone Windows.
How well would you say that Tesla is coping with this as a company? For that matter, what about Apple?
I can't even imagine the number of security patches that have gone into the Linux kernel in the last 11 years.
Let's take a step back and think about this statement. Isn't this insane? We know enough to be able to build something much better than this. The reason that we don't, is that we've just kept on pragmatically building on what we had before. We're like a corporation that keeps pouring money into its "stovepipe" system because we keep on making short-term decisions. (Somehow "stovepipe" has come to mean "vertically isolated," but I seem to remember that it also used to refer to the tendency of iron stovepipes to corrode and need constant patching.)
Apple just kind of assumes that you have the latest shiny, because why wouldn't you? This induces a phenomenon I call the Apple Turnover: when a software update aimed at new Apple things comes out and makes your old Apple thing not run so good anymore. Sluggish iPhones are the hallmark example today, but I was bitten badly by this in the mid-2000s when Panther would no longer compile C++ files. You see, one of Apple's OS updates for Panther came with Tiger's libstdc++, which used the new Itanium ABI. This was so Xcode for Tiger could compile programs to run on Panther, but without heroic efforts to set up compiler flags in every package you built to link against the old static libstdc++, compiling on Panther would link against the new libstdc++ by default and fail horribly, rendering C++ code uncompilable. (Deleting or renaming the new libstdc++ was not an option; it was a heavily depended on system component and I think even the header files were changed for the new library.) And a lot of stuff depended on C++, including C-API stuff like SDL. And Apple did fuck all to fix it.
So if you buy a shiny Apple toy, your choices are to commit to upgrading early in the new product cycle or risk an Apple Turnover rendering your purchase, if not useless, then with degraded functionality even relative to the same device when you bought it.
And the pisser is during the 80s and 90s, Apple gear was legendary for running well, and being supported, many years if not more than a decade after its purchase date.
The appliances in my house were bought because of all the bells and whistles. I didn't buy them, but am forced to work on them when a sensor fails. They have gotten so complicated, parts so expensive, service manuals hard to get; I just throw them away when they fail. I don't like it.
I think, if consumers start demanding it, we will go back to buying a based on longevity, and not on the newest feature? Every time my dryer's alarm goes off, I am reminded it's a durable good. It's almost reminding me to save up?
[1] http://avc.com/2011/12/cheap-willl-be-smart-expensive-will-b...
The upgrade cycles are simply too long for TVs.
But more importantly, Apple's whole model is to treat things like this as just "dumb complements". Your mobile device is, from the carrier's perspective, is increasingly becoming an a dumb Internet pipe (first with the App Store, later with the likes of iMessages and how LTE works, etc).
The TV for Apple is simply a dumb display to stick an Apple TV into. A sub-$100 device you can replace every other year if need be. A $3000 TV is replaced a whole lot less often.
Why would Apple want to be in the business of (eventually) supporting 5+ year old TVs for such a low-margin business? Or what makes you think users would pay for the Apple brand and/or upgrade more often to make it worthwhile?
So as far as IoT goes, I have trouble seeing a future where someone says "I need to buy new lightbulbs because mine don't get firmware updates anymore" or "I need to buy a new fridge because it can't talk to my new phone".
Not only does it make sense to put the smarts and connectivity in devices that are either cheap, that people already have anyway, and can be easily upgraded but the user interface in a phone/tablet/etc. tends to be far better than a typical remote.
In general, I tend to prefer the Chromecast model of just casting video from a general purpose device, but the Kindle stick and Apple TV are OK as well. By contrast, I rarely used the Smart TV features on my Panasonics because they were just so painful to use.
One Windows running company I worked for long time ago simply didn't apply the patches. They said it broke things...
According to recent reports, the entertainment system is not fully isolated from the plane's navigation systems. However, Boeing has denied this.
http://www.cnn.com/2015/05/17/us/fbi-hacker-flight-computer-...
The entire story is bogus.
The systems are isolated just fine.
Edit: Just got confirmation, this software was the root cause. No hacks/whatsoever!
It would be ironic if the bug bounty program directly/indirectly lead to this.
Bugs that are not eligible for submission:
* Bugs on internal sites for United employees or agents (not customer-facing)
* Bugs on onboard Wi-Fi, entertainment systems or avionicsIronic: A state of affairs or an event that seems deliberately contrary to what one expects and is often wryly amusing as a result.
That said, the plane communication protocols aren't terribly secure, so it's certainly feasible someone is playing around with them. Maybe they'll decide it's in our interest for us to know at some point.
Imagine how much money is being lost right now as a result of this disruption. Somewhere hackers are popping champagne.
The response from United was unapologetic and absolutely disgraceful: https://hub.united.com/en-us/News/Company-Operations/Pages/s....
>>> UPDATED: Jun 3, 2015 at 1:45PM
While United did not operate the flight, Ms. Ahmad was our customer and we apologize to her for what occurred on the flight.
After investigating this matter, United has ensured that the flight attendant, a Shuttle America employee, will no longer serve United customers.
United does not tolerate behavior that is discriminatory – or that appears to be discriminatory - against our customers or employees.
All of United’s customer-facing employees undergo annual and recurrent customer service training, which includes lessons in cultural awareness. Customer-facing employees for Shuttle America also undergo cultural sensitivity training, and United will continue to work with all of our partners to deliver service that reflects United’s commitment to cultural awareness. <<<
1) The beer isn't free, the passenger paid for the entire can or used a 1K drink chit.
2) UA flight attendants are famous for making up rules and many try to avoid handing out entire cans of soda, and this one wasn't even a United flight attendant.
3) What on earth would that have to do with today's event?
Similarly, whether or not this was a United flight attendant is also of absolutely zero relevance. They may have technically been an employee of Shuttle America, but were part of the cabin crew and a representative of United on that flight, working under the United brand and wearing United uniforms. Therefore, when United releases a statement making no apology for abhorrent behavior exhibited by their representative, it reflects directly on them.
It may have nothing to do with this event, just as Chris Roberts tweeting that he hacked into the in-flight entertainment system may have nothing to do with this event. It's merely interesting that Wired explicitly ignored the actions of United as having any possible relationship to this event.
The whole fiasco is BS. Airplane networks are as safe as it gets.
In this instance, the inflight entertainment network and the avionics network were physically connected, and the security researcher was able to gain access to the avionics network by connecting to the inflight entertainment network.
The case above is an example cited as a life-critical system: > Computers used in aviation, such as FADECs and avionics
http://www.theguardian.com/technology/2015/apr/29/apple-ipad...
Who knows, maybe this is just a 16 year old who got accosted going through security and wanted to burn off some steam.
http://www.wired.com/2015/05/feds-say-banned-researcher-comm...