undefined | Better HN

0 pointstptacek4y ago0 comments

You could have said that, too, about universal TLS.

0 comments

Is there a solution yet for universal TLS with offline "IoT" (but not on the Internet) devices?

Vault?

“Not on the internet IoT” is basically the domain of either large industrial/commercial entities who already pay engineers to design and operate their gear (and for whom there are a number of viable internal-PKI platforms) or hobbyist tech people who want to do fancy segmentation of their IoT gear (and for whom there are a host of open source PKI helpers).

The general human in 2021 who buys IoT gear puts it on their Wifi and goes back to other things.

nitrogen4y ago

The general human in 2021 who buys IoT gear puts it on their Wifi and goes back to other things.

Fallacy of the "general human" aside...how do you configure it? How do you configure your Wifi in the first place?

The app- and service-centric world that people have been forced into by the laziness of developers, the desire for surveillance data, and the deprecation of browser features, is the worst of all possible worlds.

Devices have full network connectivity, so that security camera you bought becomes part of a botnet, hacks your laptop, and installs ransomware or steals your financial info/bitcoin wallet. Companies control your house and your data, so when they disappear, or when Nest pushes out a bad firmware update, your devices (and your thermostat!) stop working.

Technology is realizing only a small fraction of its promise, and rather than empowering people, is acting as just another set of shackles that binds people to the whims of the powerful. The best instruments for changing that, namely web browsers and truly independent, user-owned devices, are being destroyed one small step at a time.

So, in 2021, the question stands, and you've made no attempt to answer it -- how is any device supposed to break out of this sinkhole and restore the power of technology, if browsers block local devices' UIs, and users can't even configure the device without the blessing of Google or Apple?

akerl_4y ago

I think we took a left turn midway between my comment and your reply. You asked how people should handle universal TLS for internet-disconnected systems.

The answer I gave addressed that directly: there are commercial and open source tools for doing so (MSCA, Vault, EJBCA, smallstep, FreeIPA, to name a few). But the overwhelming majority of actual individual users do not desire to segment their IoT devices off the internet. That’s not a “fallacy”, that’s just a fact.

It’s clear that you have objections to the current state of general purpose computing, and desire that technology existed differently. But that’s a pretty far step away from the topic here.

j / k navigate · click thread line to collapse

0 comments

nitrogen4y ago

Is there a solution yet for universal TLS with offline "IoT" (but not on the Internet) devices?

akerl_4y ago

Vault?

The general human in 2021 who buys IoT gear puts it on their Wifi and goes back to other things.

nitrogen4y ago

The general human in 2021 who buys IoT gear puts it on their Wifi and goes back to other things.

Fallacy of the "general human" aside...how do you configure it? How do you configure your Wifi in the first place?

akerl_4y ago

I think we took a left turn midway between my comment and your reply. You asked how people should handle universal TLS for internet-disconnected systems.

It’s clear that you have objections to the current state of general purpose computing, and desire that technology existed differently. But that’s a pretty far step away from the topic here.

j / k navigate · click thread line to collapse