| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by 6c696e7578 2166 days ago

Windows on IoT, no. Windows as a risk, yes. Apologies if this seems rant-ish, but the idea has touched a nerve.

IoT is generally something you should regard as a entrypoint into a network as much as desktops, servers, NAT broadband routers, APs are.

Flash and forget is a dangerous thing, and especially so if all you wanted was an IP connected thermostat.

If what you wanted was a thermostat with some sort of video output, then why not use an Arduino with a i2c serial ESP8622 or ESP32, or maybe an Orion Omega, note that the thermal output and voltage requirements increase. With smaller micro controllers and a serial connection you have mostly what you need, rather than a full-fat interface. The simplest solution is most likely the right one.

Don't include a GUI and all that other warm and fuzzy stuff of MS unless it is needed on what could be an entry point to a network or if the IoT is infrastructure.

There are things that could make IoT a very dependant piece of infrastructure. Suppose you deliver cargo. Suppose that some of the cargo is temperature dependent and you use a new IoT Rasp Pi 4 with Windows to control the refrigerator as your manager thinks money can be saved compared to old, in-person managed thermostats.

Fluorouracil, a chemotherapy treatment, MUST be kept at 5c +/- 3c, otherwise patient health and treatment can be compromised. It also has a short shelf life, if your goal was to know how long it has been in transit (simple BBE stickers are probably better, but your concern as a consumer could be forgery).

Something like IoT can help, and can hinder here, if you were to do end-to-end tracking of the supply chain, you could know it's whereabouts. If you were a malicious actor, you could do things like stuxnet, report that the thermostat is just fine, when really the shipment is at room temperature. Not that hard to imagine if you know where the shipments are from and your goal is to destabilise.

Is a good old-fashioned thermostat better here? Maybe. If you need to remotely control something, I'd prefer slightly harder to update in the field, Arduinos/ESP than the risk of it being an entry point to a network in the wild.

Many network infiltrations originate at the desktop. I'm classing Windows Server as desktop, because, well, it has a desktop out of the box. It is not a server OS. Real servers are not the entry point, despite their proximity to raw internet.