undefined | Better HN

0 pointslioeters2y ago0 comments

3 is a big one, I think. Using an interpreted language speeds up the development cycle to prototype, change, release, and iterate. And for some purposes it's fast and small enough, that the trade-off is worth it.

0 comments

nicce2y ago

This makes a lot of sense. However, it makes me wonder how big is the new attack surface for remote upgrades/updates.

You need to implement a safe updater (with remote protocols) on VM level. And I guess you can never upgrade the VM itself, or if you can, it adds some extra complexity, or physical access.

There also need to be some kind of signature validation for every release, which means that device needs to perform some cryptographic operations and store at least tamper-proof public keys.

bri3d2y ago

I can't really see how this is different from a native-code based device, especially one which is actually following good practice by not trusting what's in flash. Every stage of the boot chain still has to validate the next - there's just one more layer on top where the application is the runtime VM and it has to validate sub-applications / managed code.

j / k navigate · click thread line to collapse

0 comments

nicce2y ago

This makes a lot of sense. However, it makes me wonder how big is the new attack surface for remote upgrades/updates.

You need to implement a safe updater (with remote protocols) on VM level. And I guess you can never upgrade the VM itself, or if you can, it adds some extra complexity, or physical access.

There also need to be some kind of signature validation for every release, which means that device needs to perform some cryptographic operations and store at least tamper-proof public keys.

bri3d2y ago

j / k navigate · click thread line to collapse