XP was legally sold on netbooks made as late as October 22, 2010 ( http://windows.microsoft.com/e... ). Those computers were still in the sales pipeline into early 2011.

Really? So a $100,000 medical device, robot in a factory, or SCADA platform running a $100 copy of XP (well, $200 if Pro, less if XP Embedded) can't "cost the lives of the user"??? I wouldn't want to be in front of a dental x-ray machine with a copy of XP that is now sending spam or worse, being used to cause harm to users... Ever hear of the Therac-25 accidents of the mid-80s? http://en.wikipedia.org/wiki/T...

Unfortunately, easier said than done. All of these have unbelievably steep learning curves to do anything reasonable. Ironically, my interest in programming started with my TI-99/4A in 1983-1985. I used to get magazines that would provide programs (that I'd spend an hour-plus typing in) to see how it works. I didn't really know the limits of that machine, so it was cool to see what I could do with it--and how I could change the programs to do certain things...

Unfortunately, with Dreamspark tools above, there's no "just start coding & see what happens". There's no really basic / for kids "how to make fun little programs with Visual Studio" that come with Dreamspark. I don't see a child using a $60 book from SAMS or Microsoft Press ("Learn Visual Studio in 24 Hours!") as 1) the books aren't aimed for them, 2) the cost to buy one is at a price point questioned by most parents.

iPads are even worse... You can't program for them on them (not that you'd want to attempt such a thing with the on-screen keyboard) and you need an expensive Mac to do so, tethered to your iPad. (So there's no immediate gratification...)

Kids nowadays see what their computers are capable of--by playing video games that test the limits of their PCs. Why write a little program that draws some lines when the child could play a video game that's much more visually stimulating & engaging???

Let's see... I'm going to trust that an appliance vendor, some of whom have yet to add an OS (Linux, Android, etc.) to their devices, will properly create the security for said IoT device? Cisco is clearly looking to become such a vendor, and I don't think they're prepared to deal with the consequences & unbelievably protracted support schedules--way longer than Microsoft's ~10 year lifecycle for Windows and Office. Ultimately, will my IoT fridge that I buy today continue to work properly 20+ years down the line or will it be pwned long before then? (I suspect the latter...)

The reality is that a company with no such device experience (e.g. Amana, Kenmore, etc.) may contract out the security portion of the firmware to Cisco, but will Cisco continue to support the device's security for decades to come? In reality, people don't replace their home appliances, HVAC systems, and security systems all that often... I doubt Cisco is putting out many security patches for their devices from 1994, or if anyone even has the experience (let alone the desire) to create patches today for Linux 1.1.x security holes...

Except that nuclear reactors are, by regulation, among the most-documented entities on earth. From functionality to maintenance logs to upgrades, nuclear plants & their owners are extreme documenters--to decrease liability and meet government regulation. You don't hear stories of nuclear reactors in places like the US, Canada, UK, Western Europe, etc., with "documentation problems" or knowledge transfer continuity. (Pay people to stay to do an easy job & they will...) Sure, a part schematic may be on paper as opposed to stored electronically, but they'll have multiple copies onsite, a few copies at the power utility offsite, and at the NRC or other national nuclear regulatory agency--and everyone who should know where those copies are, do know... And that documentation would be designed so that anyone with the requisite engineering knowledge & skills should be able to read it...

Nuclear plants are not run like IT shops--and thank God for that...

Well, you might not have a choice depending on your OS version...

XP, 2003 - max is IE8 (not affected)
Vista, 2008 - max is IE9 (affected, presumably most used version)
7, 2008R2 - currently at IE11, but many users still using IE10 (affected) since IE11 came out in November for this OS
8, 2012 - only supports IE10 (affected)
8.1, 2012R2 - only supports IE11

You're right. Having a really expensive recall incentives the manufacturer to "get it right with this redo", without skimping on development, testing, etc. OTA would just trivialize the process...

Ummm, nope... In Ohio (as of a few years ago), the only "safety inspection" for personal vehicles checked to ensure that a vehicle purchased out-of-state matched the VIN # on the title. Illinois has no safety inspection whatsoever for cars & light trucks/B-Trucks. (B-Trucks used to have them until 1984; commercial vehicles excluding light pickup trucks still have annual safety inspections; vehicles in Chicagoland & the IL portion of St. Louis have emissions testing). At the other extreme, states like New York & Texas have a very thorough safety inspection. In some states, "safety inspections" are really nothing more than compliance checks, checking things like window tint.

But you bought an off-the-shelf PC in 1998 with standard components. I'm talking about a (mythical) fridge with unique components, unique software, unique drivers, etc. Sorry, but an IoT device will likely never run more than a "+ 0.1" version higher of an underlying OS & related software ("+ 0.2" for Linux)--given track records of manufacturers working on old products. They won't open source everything for fear competitors would use it competitively against them. To add, even if they did open source the whole IoT fridge, you're assuming that someone would actively pick up the project... Simply open sourcing something & dumping it on the Internet doesn't mean anyone's actively interested & working on that project.

I agree with you, in theory. In practice, however, nobody is fixing bugs/security holes in obsolete platforms. Let's say the IoT existed in 1994 & you bought a new Kenmore IoT fridge running Linux 1.x. Fast forward to 2014--who today is doing anything with the Linux 1.x kernel? Nobody--including Kenmore support engineers. Your fridge was pwned probably 15 years ago...

It's not a question about warranty or even availability of replacement parts, it's a question about opening themselves up to extremely long support schedules, something they have never had to do before. If I call an appliance repairman for a 40 year old fridge, he'll likely be able to find the right replacement part... But that model no longer holds true in IoT. Look at cars (at least in the US)... Auto manufacturers have taken on the responsibility that all of their past models could face a recall, even 15+ years after the fact. (NHTSA still opens cases for cars sold in the '90s). The same would have to be said about Internet-connected devices--specifically household appliances.

The problem is that we're talking about operating systems, web hosting software, network stacks, databases, device drivers, etc., that would need to be supported for, easily, 20+ years. Think back to 1994--what software that existed then is supported now??? NONE. So, imagine you buy in 2014 an IoT refrigerator full of the latest & greatest Android 4.4.x and/or Linux 3.13.x FOSS software--what sort of support would you expect for any of that in 2034??? Would you expect Amana, GE, Kitchenaid, Electrolux, Miele, Kenmore, etc., engineers to be fixing Linux 3.13.x kernel security holes in their 20-year old appliances? FOSS or not, as a consumer, I would expect that appliance to continue to work & not get bricked by malware that was deposited remotely...

I seriously doubt that Belkin will put out firmware updates for all the old $50 Linksys router models they inherited support for--instead opting to push users to buy replacement models they otherwise wouldn't need. The likely answer is NO--even with a class-action lawsuit. (In all actuality, a 2006-era 2.4GHz 802.11G WPA2 router is still more than plenty for the crappy broadband speeds available in North America...)

This is what scares me about the Internet of Things when it comes to long-life appliances that you could own/use for decades... How long will manufacturers (many of whom have 0 experience so far with connecting their products to anything but a power cable) continue to support these devices? Ultimately, government regulation may be required in this space. God knows I wouldn't want my IoT refrigerator to get "bricked" (a really heavy, big brick!) after 20 years because the manufacturer went under & the fridge couldn't phone home... Or worse, because someone found a backdoor that had been in place for all models in use for 9 years before my model was developed...

Not to sound like I'm a crotchety old man telling kids to "stay off my lawn" and eschewing technology, but the Internet of Things really is opening Pandora's box... Currently, manufacturers tend to make a product, find bugs/get user complaints & make a new product. They might produce a few bug/security fixes--but then ignore that product in very short order. But the IoT really changes things, and not for the better...

Here's an example... Walk around your house and figure out the age of all of your appliances. You probably have a few items (e.g. refrigerator) that are pushing 20 years old??? Now, imagine you buy a few shiny new IoT appliances & they're all connected to the Internet--15+ years from now. Seriously, this is a disaster waiting to happen & a hacker's wet dream... Imagine what support will exist 15 years from now for current versions of Android 4.x, Linux 3.x, Apache, PHP, MySQL, etc. Or better yet, what 1999-era software still receives even security patches or bug fixes? (Win9x--nope. Linux 2.2--nope. IIS4--nope. W2K--nope. SQL Server 7--nope... You get my point...)

Ultimately, with the IoT, we're trusting that companies will be willing to support their products, including OS kernel patching on FOSS platforms that were long-abandoned by their progenitors, 25-odd years??? Dream on... I don't intend to replace my fridge or washer in a few years because it got "bricked" because of a security hole the manufacturer chose to ignore...

Belkin's problems are only the beginning...