1. 61
  1.  

  2. 8

    Way too many Chinese (aliexpress) gizmos (camera’s, door bells, phones), use an app that connects to one hard-coded Chinese IP… The cheap ring bell alternative I got works without an internet connection, but only records to an sd card. If it would just also provide a network rtmp stream, but no, it has that hard-coded Chinese IP…

    1. 1

      Sometimes people will hack them and put information about how to intercept that traffic (they almost never use TLS so they are pretty easy to MITM). On some extremely popular devices there might even be custom firmware available, but it’s rare.

      I always search for CFW or verification that you can MITM the device before I buy it (unless I’m willing to do it myself).

    2. 7

      Good on the author for explaining the terms early on and sticking to them. I wonder what has happened to all those lighting-control devices now that the firm has gone under?

      1. 3

        Mountains of e waste.

        1. 1

          Which the market prefers for continuing revenue. Best way to reduce waste is to keep recycling older electronics since they (a) just require buying/shipping rather than manufacture and (b) last longer. Maybe also throw in dedicated, cheap devices that act as link encryptors or something so nothing untrusted can reach the insecure devices. Just little connectors between those devices and the Internet which do a VPN or something. That’s a long-running practice in high-security with stuff like secure, PCI cards for networking and Type 1 Link Encryptors for Ethernet (or VPN’s for IP).

          For example on recycling side, my “new” Thinkpad 420 @vermaden recommended is flying compared to my last PC. Loving that Core i7. Got it cheaper than some netbooks, too. Only things bothering me is Fn on left instead of Control and Page Back/Forward keys right above Back/Forward. Thank goodness for browsers saving state of current page. I think I can just start using right control to optimize Fn vs Ctrl issue. Idk about other one yet.

          1. 2

            I’m not sure about The T420 but in my T460s and T470p, you can swap the roles of control and fn in bios.

            1. 1

              Yeah it is there. Thanks for the tip! I’m not sure if it will work due to keyboard design. I’m definitely trying it, though. :)

      2. 8

        I know a case in which an Azure virtual machine was deallocated and reallocated, getting a new IP address, as the static IP wasn’t reserved as an independent azure resource. This made the public lighting of a whole city unable to receive new commands (like on/off).

        We couldn’t get the old IP address, so, every single device in the city had to be changed manually to point to the new IP (luckily, it was a single device controlling chunks of 10-50 street lights).

        So, if you’re going to point to static IP addresses, at least be sure that the IP address won’t go away if someone trying to debug a cloud infrastructure issue ends up leading a city into darkness.

        1. 3
          • They probably don’t need low-stratum NTP, any “real” computer with proper clock would be sufficient (as opposed to µC using CPU clock for timekeeping), even if it’s synchronized with NTP once a year.
          • They probably had their own servers, which can return time
          • If they use http to send data (not a good idea on expensive GSM) the time is right there in Date header

          Relevant recent discussion

          1. 3

            This is probably because of “library mentality”: they thought “we should keep time synchronized — then there’s a lib for that”, and of course that lib used NTP, the standard way to synchronize clocks. IP was hardcoded probably because they decided to not use DNS.

            (sorry, I can’t edit my comment because of some bug, so I’m adding another comment)

            1. 3

              Comment editing was broken for approximately 24 hours from Saturday morning to Sunday morning CST. It’s now been fixed.

          2. 1

            This was a good story. So the obvious question is why are embedded folks so fond of hardcoding things? Is DNS resolution tricky? Obviously they have a network stack on whatever they have deployed on the field and so there must be something providing network services on the device so it should also be able to do DNS queries.

            1. 3

              Firmware for the longest time has been a hardcoded thing. You write the software once and when its working you ship and forget. Software developers deal with developing the same application for years/decades. Everything must be designed for future change. I’m guessing the firmware dev mindset is still pretty set on that even in the internet age where their devices will stop working in a few years. For some this is probably the business model so they can sell more devices next year.

              1. 1

                DNS is still overhead when you might be counting clock cycles in MHz, and storage in bytes or kilobytes.

                1. 1

                  Do you really think the folks in that story were counting cycles?

                  1. 2

                    I think at one level their engineer went “it will be faster/easier to have less of a stack” and then we got this final decision at the end. You don’t have to count cycles to not be running a large amount of a Linux stack.