When I heard about this I had two thoughts: "Cool" "Hey... wait a second..." It was precisely this issue: Why could John Deere shut down the tractors? They could've before the Russians took them,...
When I heard about this I had two thoughts:
"Cool"
"Hey... wait a second..."
It was precisely this issue: Why could John Deere shut down the tractors? They could've before the Russians took them, obviously, which meant this mechanism was in place for people who had paid for their hardware.
I'm not new to the issue, of course, but it's one of those things that makes a great headline, but looks scary when you poke at it. And Doctrow, from what I understand of his usual style, does a great job explaining it in detail, as well as the broader ramifications of these technologies.
Over-the-air updates (like Teslas and most computers and phones have) are a mixed blessing. Sometimes good things are done using them, and I think not having security updates is worse most of the...
Over-the-air updates (like Teslas and most computers and phones have) are a mixed blessing. Sometimes good things are done using them, and I think not having security updates is worse most of the time.
But it's not good if you are on opposite sides from the company for some reason.
The question is always how you can subscribe to a more trusted stream of security updates, without doing code reviews yourself. And largely it means trusting some organization with a good reputation.
They say that in the old days, Quakers had a reputation for honesty and this resulted in Quaker Oats being one of the first brands.
What about in modern times?
For free software, I would say that OpenBSD has a similar reputation. Which is great for installing on a router (not that I've done it), but applications where OpenBSD is appropriate are limited.
(Also, being a trusted source of updates doesn't mean having a reputation for being a nice person. Being stubborn about sticking to certain principles helps.)
I don't know if everyone would agree but the Go language maintainers have a similar reputation with me for stability and thoughtful improvements. SQLite is another example of a product with a very trusted maintainer.
I don't have an answer for browser or phone security updates. I do think professional maintainers are better, but it would be nice to have a more independent and yet trusted source.
The thing is, a trusted reputation isn't built in a day.
I highly recommend "Radicalized," Doctorow's 4-novella collection about where this sort of technology might lead. "Unauthorized Bread" is a great exploration of DRM, vendor lock-in, and...
I highly recommend "Radicalized," Doctorow's 4-novella collection about where this sort of technology might lead. "Unauthorized Bread" is a great exploration of DRM, vendor lock-in, and right-to-repair issues.
When I heard about this I had two thoughts:
"Cool"
"Hey... wait a second..."
It was precisely this issue: Why could John Deere shut down the tractors? They could've before the Russians took them, obviously, which meant this mechanism was in place for people who had paid for their hardware.
I'm not new to the issue, of course, but it's one of those things that makes a great headline, but looks scary when you poke at it. And Doctrow, from what I understand of his usual style, does a great job explaining it in detail, as well as the broader ramifications of these technologies.
Over-the-air updates (like Teslas and most computers and phones have) are a mixed blessing. Sometimes good things are done using them, and I think not having security updates is worse most of the time.
But it's not good if you are on opposite sides from the company for some reason.
The question is always how you can subscribe to a more trusted stream of security updates, without doing code reviews yourself. And largely it means trusting some organization with a good reputation.
They say that in the old days, Quakers had a reputation for honesty and this resulted in Quaker Oats being one of the first brands.
What about in modern times?
For free software, I would say that OpenBSD has a similar reputation. Which is great for installing on a router (not that I've done it), but applications where OpenBSD is appropriate are limited.
(Also, being a trusted source of updates doesn't mean having a reputation for being a nice person. Being stubborn about sticking to certain principles helps.)
I don't know if everyone would agree but the Go language maintainers have a similar reputation with me for stability and thoughtful improvements. SQLite is another example of a product with a very trusted maintainer.
I don't have an answer for browser or phone security updates. I do think professional maintainers are better, but it would be nice to have a more independent and yet trusted source.
The thing is, a trusted reputation isn't built in a day.
I highly recommend "Radicalized," Doctorow's 4-novella collection about where this sort of technology might lead. "Unauthorized Bread" is a great exploration of DRM, vendor lock-in, and right-to-repair issues.