Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:This isn't a thing. (Score 1) 117

In addition to a reply I gave to AC above, this provides some additional reading: https://cases.legal/en/act-uk2...

Look, I'm not saying that a circuit diagram has no copyright; the actual diagram and component layout are under copyright. However, a circuit derived from said circuit diagram doesn't necessarily. As I mentioned above, if you take a generic chip and use the reference design to build up a circuit that contains two or three other reference designs and so on (which is what the original board in the article really is), you can't really claim copyright.

Comment Re:This isn't a thing. (Score 1) 117

No, you'll find texts arguing the difference between artistic and literary copyright. If you move the parts around on your copy, artistic copyright is no longer applicable. Literary copyright might still be relevant, but only when the design is not obvious (and those would be covered by patents if it really is novel). I found these three cases described in "Contemporary Intellectual Property: Law and Policy":


In practice, this means that if you don't patent something non-obvious, your circuit diagram only gets protected under copyright as to it's identical reproduction (artistic) or literary protection in some cases if identical components, values etc. are used. However, since most integrated circuits come with reference designs and recommended values for surrounding components, even those can invalidate any protection under literary protection. Going back to the original topic, the board in question is essentially a couple of big ICs and some connectors. There is nothing special on that board, and if you were to take the design, shift components around, change some values, etc. it would look just like any other board that were to use those three chips to do what the original board would do - just with a different layout. Because the design is trivial, any expert will say that this is how a circuit based on those components would be structured. This is why, in the legal sense of the word, copyright on the schematics gives you very little if any protection.

Comment Re:ELI5 (Score 1) 119

If that should happen anytime soon, we're all going to be screwed. The problem is that even many cryptographers and engineers don't follow the math behind many of the post quantum secure public key cryptographic systems. There are too few people working on the problem right now, and this means less people verifying the work and finding weaknesses. My bet would be on one of the Lattice-based cryptography systems or supersingular elliptic curve isogeny cryptography for post quantum right now, but we're quite far from having these available in practical applications, let alone on something like a microcontroller for all the embedded applications...

Comment Re:How do IoT manufacturers... (Score 1) 116

And how are consumers supposed to identify which devices are more secure at the pre-sale stage, and which vendors take security seriously?

They can't, and I never said they could. We try to educate them. One thing we do for example is analyze potential devices for customers and figure out if there are any security issues. For example, GPS trackers that you buy cheaply on eBay or Alibaba all have major security issues. We show this to customers and have independent parties verify this before they decide to buy them. Granted, we usually don't deal with individual end users, but with re-sellers or distributors and industry, but each one of them gets the security talk.

Also in what way do you take security seriously?

Take security in mind from the start of the project. Have dedicated security and cryptography people on board (I'm a cryptographer and security researcher myself), have third party code reviews, use formal verification methods, use industry standard cryptographic routines, use strict privilege separation with e.g. an L4 kernel like Fiasco.OC, have data encrypted at every stage (in motion, at rest, ...), unique cryptographic keys per device, signed binaries for remote updates, every remote command is encrypted, signed and verified on the device, every communication from the device is encrypted, signed and verified by the server, etc.

In the end, if people want to change the firmware and use their own server etc., they still can as well. It just won't talk to our servers anymore, but that is usually what the goal is and we support our customers with that. We can also support our clients to use their own servers and give best practices to secure it, and often we just develop a firmware specifically for them that adheres to the same security standards.

Comment Re:How do IoT manufacturers... (Score 5, Informative) 116

Frankly, I have no reason to believe that IoT device makers will ever do anything to make their devices secure. We'll be seeing this shit 10 years from now, only worse.

As someone who owns a company that makes IoT devices and properly secures them, there are companies that do take security serious. The problem is that security is all too often seen as just a cost, not a feature you can charge money for. You need dedicated security people, incorporate security form the start, etc. and lots of companies just don't want or have the money. It makes the cost of the device go up, you get longer time to market, etc. and that's a hard sell to investors.

We actively try to educate on security, but it is going to take several more of these and some big losses before the majority will take security serious.

Comment Re:Tell me... (Score 5, Interesting) 166

Disclaimer: we build GPS trackers.

You don't need a very big battery. You just power down for most of the time. Wake up once in a while (daily or even less). Try to get a connection. No connection? Probably at sea, so power down. Keep trying until you get a connection and update your location. You don't need to know the exact route - just the starting point and the end point (maybe a few extra once you are on land again). It really doesn't need a huge battery at all; the one they show in the picture even seem rather large for this.

To give you an idea, we can send thousands of GPS locations over a cellular network with a tiny 1000mAh battery. We have some heavy duty batteries that can go up to 10 times that capacity to actively track assets for months on end at very frequent intervals. Putting a 10Ah battery like that and using infrequent updates can last for a year easily.

Comment Re:Great firefighters (Score 1) 243

It is not a fact. RMS can be calculated from the peak value of the mains voltage; e.g. in the USA is about 120 × 2, or about 170 volts. But that's besides the point. Take the RMS value and an equivalent DC voltage of also 170 volts. Because the impedance of the body is frequency dependent (The body is not a resistive load. That's why we call it an impedance), the current generated by the AC voltage is higher than the DC voltage and (leaving off ventricular fibrillation) will be more dangerous. This is also why 'safe' values for DC are higher than AC.

Of course it is about reacting. Your muscles can not react faster than 0.07 seconds or so. Considering 50 HZ AC, it would cross through zero crossing twice in one period. One period is of time period 0.02 seconds, hence it passes through zero mark every 0.01 seconds. Why I brought that up? Because you wrote "DC can be much more deadly at lower voltages than AC. The main reason is that AC current goes to zero twice per second, while DC is full current at a constant rate." It's a lot more than twice per second for one.

Comment Re:Great firefighters (Score 1) 243

That's a myth, and one that is perpetuated every time this topic comes up. Let's leave aside that your muscles wouldn't be able to react fast enough to make use of the AC current going through zero at 50 or 60 Hz.

The total impedance of the human body is higher for DC and decreases when the frequency increases (illustrated here: http://www.electroboom.com/?p=...). Since the impedance for DC is higher, the severity of electric shock is less than AC. Ventricular fibrillation (https://en.wikipedia.org/wiki/Ventricular_fibrillation) is considered to be the main cause of death by electric shock. The probability of a human suffering from ventricular fibrillation is much higher in the case of AC than DC.

The let-go current is an experimental measure we have of the effect of electricity on humans. The let-go current is the lowest level of current passing through a human subject through an electrode held in the hand that makes the subject unable to open his hand and drop the electrode. As mentioned in the IEC publication 60479 - Effects of current on human beings and livestock (https://webstore.iec.ch/publication/2219), letting go of parts gripped is less difficult in the case of DC.

Comment Re:How do you generate different keys? (Score 1) 54

We build M2M devices, usually using low power micro controllers (read: no Linux, no SSH). However, each device has a unique 256 bit AES key to encrypt its data (that's every single device, not product). The key is generated when the micro controller is flashed on the production line in a fully automated fashion. If you integrate it into the production line like this it's just like adding a test point along the way.

Slashdot Top Deals

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry