What is the expected lifetime of code we ship?

Achim Gratz Stromeko at nexgo.de
Fri Sep 15 19:55:22 UTC 2017


Hal Murray via devel writes:
> If we have a security fix that requires rebuilding the code every 5 years, 
> the code will keep working over GPS rollovers without any explicit action on 
> our part.

That makes the assumption that the old program running gets actually
replaced by the new build.

If you consider some IoT hidden somewhere not-obvious that may not
happen for any number of reasons.

> My straw man is that we will support our current code in all versions of 
> major OSes that are supported by the vendor.  But I haven't figured out what 
> "support" means.  Does it include old versions?  How old?
>
> What happens to conservative organizations that are still (happily?) running 
> an OS version that is no longer supported because it works and they don't 
> want to rock the boat?  (or don't have the skills to upgrade)

In the above scenario let the company that made the IoT go out of
business and their update server vanish.

The only defense is to aggregate as many notions of "current time" as
possible and then take it from there.  NTP is most vulnerable to picking
the wrong time at startup, so if you'd really want to build in some
defenses against it coming up with the wrong pivot you'd need to have
some sort of ratchet that keeps moving the lower limit on the time.  But
provided you have that you now have the problem that just one rogue or
otherwise botched startup can beam you too far into the future and
create a DOS.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

SD adaptation for Waldorf Blofeld V1.15B11:
http://Synth.Stromeko.net/Downloads.html#WaldorfSDada



More information about the devel mailing list