On Fri, Jul 30, 2021, 14:44 Peter VanDerWal via EV <[email protected]> wrote:
> > On security: there are ways to guarantee local physical presence before > > software/firmware is changed. A physical write-protect switch or a jumper > > that must be moved is one of them. Some computers have required this kind > > of thing before BIOS updates could be made. > > > Most farmers are "physically" at their tractor when they load the hacked > software with who knows what "extra features" created by the hackers. > The point was requiring physical presence to change firmware is one way to mitigate risks of someone else remotely modifying firmware on connected devices. Similarly, a physical, manual on/off switch that actually disconnects a circuit, cannot be remotely overridden. (Well, unless you have robots or drones or servants on site who are willing to flip the switch at your command.) I also doubt the alleged "hackers" will have much interest in adding "misfeatures" that break the equipment. The primary interest is in bypassing the locks that the customer (some tractor owners) wants bypassed. The user population is not all that large either. (If the "misfeature" is something like ransomware added to a firmware...owners may already feel the manufacturers are charging a ransom to repair the hardware, and feel the risk is worth it. People will go to great lengths to bypass restrictions they feel are unjust/unfair.) All these issues could be mitigated by owner-friendly hardware and software policies from the manufacturer. In short, mfrs should not block owners from being able to maintain equipment sold to owners. (If the hardware is being leased with included complete support/maintenance, that's fine. Just don't sell something when it really is only being leased.) In some cases that may also mean giving owners some level of software access, if the software is needed to maintain the system. In other cases it may mean a giving owners a way to unlock access when the company wants to mark that hardware as 'end of life', or owner wants access before EOL, by voiding a warranty. This is a battle being fought between lots of hardware manufacturers and owners of devices ranging from cars to tractors to phones to laptops. Louis Rossmann has a lot of knowledge and experience in these matters. Article and comments: https://www.techdirt.com/articles/20170322/04582036973/tractor-owners-using-pirated-firmware-to-dodge-john-deeres-ham-fisted-attempt-to-monopolize-repair.shtml -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.evdl.org/private.cgi/ev-evdl.org/attachments/20210730/6bbf49df/attachment.html> _______________________________________________ Address messages to [email protected] No other addresses in TO and CC fields UNSUBSCRIBE: http://www.evdl.org/help/index.html#usub ARCHIVE: http://www.evdl.org/archive/ LIST INFO: http://lists.evdl.org/listinfo.cgi/ev-evdl.org
