| |||||||||||||
why not remote enable?why not remote enable?Posted Jan 12, 2012 15:45 UTC (Thu) by NRArnot (subscriber, #3033)Parent article: The ColorHug adds a remote disable "feature"
Ship the device with a non-free bootloader. When the order is placed supply the person doing the ordering with a token. The token must be used by the purchaser to confirm delivery, and the device won't work until delivery has been confirmed (and payment received, if not paid in advance).
If all goes well the purchaser confirms delivery and the delivered device's serial number is OK'ed for re-loading. It goes online, sends its serial number, and is then able to download the code to re-flash itself to contain a freeware boot loader that can in turn load the free software it runs. This is a one-shot. There is no remote disable once it has been remotely enabled.
If the device is not delivered it is never authorised to re-flash itself so it forever remains a brick.
My credit card is delivered in a similar manner. It turns up in the post as a "brick". I have to phone the bank and authorize myself to confirm delivery, they then enable the card. If it's intercepted in the post, it's useless.
(Log in to post comments)
This is interesting separate project... Posted Jan 12, 2012 16:58 UTC (Thu) by khim (subscriber, #9252) [Link] Actually it can be interesting alternative to secure boot. The loader itself can even be free, too - just the key will be secret. Device will be shipped in locked state and when you receive it you must activate it using web-form (which will sent pre-signed firmware for your particular unit), but you can also add your own key while doing this. You can even remove factory key and then only firmwares signed by you will be accepted. Nice security feature and delivery protection at the same time. P.S. Mode where factory key is removed should not default because people tend to forget about such things - this is only for paranoid ones who know what they are doing.
why not remote enable? Posted Jan 12, 2012 17:03 UTC (Thu) by rillian (subscriber, #11344) [Link]
How is remote-enable better than remote-disable?
Remote-enable can be one-tine thing. Posted Jan 12, 2012 17:34 UTC (Thu) by khim (subscriber, #9252) [Link] It's easy to design system which makes it impossible to enable something without key but allows you to do anything with the device once it's enabled. Basically with remove disable switch you never can claim ownership over the device because "someone out there" can disable it. With remote enable you can not claim that your device is owned by you till you active it (and signal that yes, you've successfully received it), but afterwards it's 100% free and 100% under you control.
why not remote enable? Posted Jan 12, 2012 18:15 UTC (Thu) by cmccabe (guest, #60281) [Link]
Remote-enable only requires you to register with the company's servers once. In order to actually be effective, remote-disable requires you to contact the server every time you want to use the device.
It probably could be made fairly easy, even for non-technical users. The biggest problem is that remote-enable commits you to running a server 24/7. If there's any outages, you may get some very unhappy customers.
I still feel like this whole concern is absurd. If you're committing mail fraud, wouldn't you choose to steal something that's expensive and easy to resell? A $50 (or whatever) colorimeter isn't exactly the kind of thing you want to be wasting your time on. A $3000 laptop is. Somebody failed to exercise common sense here.
Still, it looks like a great project. I hope it can overcome this little bit of silliness.
|
|||||||||||||