Posts

Showing posts from February, 2020

Safety And Security Excuse

Image
Safety and security have become the universal excuse. I tried several credit card transactions, using a different card than I typically use multiple times a day. All were declined. Called the bank and after 15+ minutes on the line, they explained they "monitor for a potential fraud for my safety". And after I confirmed the transactions were legitimate "it would take us up to an hour to update the system" so please try again later. And many times they went on explaining how much fraud they see from that merchant. The situation is different. That bank just does not have a proper authorization scheme in place. And safety is just an excuse. A very easy and sooo often abused excuse. The other bank's card (which I typically use many times a day) does not have this problem. The reason is the other bank has a companion app that whenever there is a doubt about a charge, pops up a prompt with the transaction details, asking to authorize on the mobile device. Sim...

I'm a Keyboard Dinosaur

Image
The Unihertz Titan arrived a couple of weeks ago. Boy, it is even bigger than I thought. Which - apparently - is not a bad thing. The display is roomy and the battery lasts forever. Unfortunately despite delivering all as promised, it has been a disappointment. The Titan is a victim of a low-budget, fast-time-to-market, MVP style approach. The keyboard that had been intended its biggest selling point appears to be the weakest point instead. Long story short - Unihertz did not do enough research and did not go through enough prototypes and early adopter testing. The keyboard is unusable. And I'm not referring to the fact they declined to provide Polish language settings (long press a letter to get an accented variant of it). The keyboard is unusable even in its international US-English form. It seems nobody has ever tried doing some serious typing on it. Who on Earth came with the idea to place modifier keys on the top row? Has anyone even tried entering numbers (holding ...

Security Prone to Misconfiguration

Image
Security - related stories pop up almost every day. Some are benign while other are more serious, touching fundamental design decisions that are difficult to change. This story on LoRaWAN has caught my attention recently. It is interesting, as it underlines the fact the LoRa protocol itself is not insecure. But because the standard lacks proper means of generating unique, high-entropy keys, relying on humans to do so, it is effectively vulnerable. Yes, humans are a weak link when it comes to security. So it is better to design things in a way that does not rely on human actions. IOW something, that is secure, no matter how little people dealing with it care. We took that approach when designing Bluetooth mesh. All keys are generated without any human input. They rely on high entropy random number generators present in today's chips. So forget trying to brute-force the keys with a help of a dictionary table. There is no human element in mesh security. Bluetooth mesh devices...

Crossing the Mesh Chasms

Image
The recent announcement from Zach Supalla, the Founder and CEO of Particle, on discontinuing the Particle Mesh, an OpenThread-based mesh networking solution , and suggesting the customers to use Bluetooth or LoRa, must have hit many by surprise. Particle is discontinuing development of Particle Mesh, our OpenThread-based mesh networking solution, and will no longer be manufacturing the associated Xenon development board.  Particle (known previously as Spark ) is a very well respected brand in the IoT arena. Investors have recently poured into it $40M in Series C . Thread Group even calls them the most widely used IoT platform . And Thread marketing has managed to elevate their brand to the " best way to connect and control products in the home and buildings ". How come? I have to admit I have been living in the marketing shadow of Thread since the alliance was announced in 2014. They indeed have done the best marketing campaign, convincing the whole world should op...