Lifestyle, Photography, Technology, Cybersecurity, Nature, Wildlife Photography, Open-source software, Analogue Photography, 35mm Film Photography, Bird Photography, IndieWeb

Local network services for IoT devices

Local network services for IoT devices could be a game changer by Johannes Ernst

The next question then becomes: just what local network services? What’s the architecture going to look like so we can grow a big industry ecosystem around it, all without screwing the users? I don’t think anybody has all the answers yet, but this is going in the right direction! I will have some more thoughts in a future post.

Sounds great. Currently, poor security is the bane of IoT devices. I would suggest the industry put all effort into efforts to improved security and privacy features of their products. Security is the number one reason I am reluctant to have internet accessible devices in my home.

Does restricting IoT traffic to the local network mean we lose the ability to leverage the analytics or the analytics become too simplistic to be useful? Will the majority of consumers, the mass market of consumers who we need to make any product category viable, want or need to have a mini data centre in the home to manage all of this? I don't know.

Ignorance Is No Defense

As The AI Cold War Looms, Has Time Finally Been Called On China’s Spy Industry? by Zak Doffman

So, back to that national collection agency building in June. On this occasion, the focus is facial recognition to protect public spaces against terrorist attack. But it could just as easily be ‘lawful intercept’, cybersecurity, data warehousing, ITC infrastructure. The agency is running a process, an evaluation, against a specified requirement. After months of testing, a Chinese company makes the shortlist. It has shipped test servers inside the wire, onto the network. It has thrown engineering resource into the mix. It has committed months of investment.

When it looks like the contract is about to veer towards one of the non-Chinese options, the agency’s program manager takes the Western vendors to one side. “It doesn’t really matter what happens with the rest of the test,” he says, trying to be helpful. “The Chinese have said they won’t be beaten on price. They’ll pretty much give it away if they have to. You can’t compete.”

Within the surveillance industry, this is now commonplace in South East Asia, Africa, the Middle East, even parts of Europe. The SOP is broadly the same. Free trials and equipment. Unbeatable pricing. Seemingly unlimited numbers of Chinese engineers in matching polo shirts, flown across to support deployments. The numbers shouldn’t add up. Except they do. It isn’t meant to be commercial. It’s meant to be a national security strategy. And it has been immensely effective.

Hikvision is the world’s largest surveillance equipment manufacturer. Like ZTE, Dahua, Hytera, it has grown rapidly both at home and abroad. Huawei is much larger and more diverse than the others. Surveillance just one of its areas of focus. The usual arguments center on whether the companies are state-owned or state-controlled. That misses the point. Promoting the country’s national security is a duty across the board. Huawei is not state-owned, it insists that it’s not state-controlled. But it is a ‘national champion’, carrying obligations to support the government in return for public sector contracts, financing support, state protection.

The warnings against buying Huawei devices or deploying Hikvision or Dahua or ZTE or Hytera security equipment are certainly not new. But the latest twist in this long-running tale is AI. China has built itself an AI surveillance hothouse that is second to none. Staggering investment rounds. Access to seemingly endless state procurements of facial recognition, citizen monitoring, dystopian surveillance. The brute force oppression of the Uighur population in Xinjiang Province and the urban electronically enforced zero-tolerance policing in the major cities further east are testaments to organization and determination.

It's a brilliant strategy.

Convenience is the enemy of security

Security vs Usability by Nitin Khanna (Nitin Khanna)

99% of security is just keeping your eyes open.

Maybe. Maybe not.

I always update macOS, iOS, tvOS, whenever a security update is available, and my three Linux servers on a weekly basis. I have never had an update go wrong. To me (and many security professionals), convenience is the enemy of security.

But of course, you know what I do for a living. So maybe my advice to always, always, perform the security update for personal devices will be ignored. Fifteen years of experience and knowledge will count for nothing with people like Stephen Pieper.

I've got a wife and kids and elderly parents and elderly parents-in-law. I've got people to protect.

To quote David Halberstam writing about political leaders,

They were brilliant and they were fools.

Do you think that companies like Equifax and Yahoo should be as nonchalant about security updates?

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.