Tag: hardware lifecycle

Article

Europeans want to see the ability for people to have consumer electronics repaired by independent technicians so they can see the equipment have a long service life

EU lawmakers call for a right to repair electronic equipment | PC World

My Comments

An issue that recently has been raised in the US is “right-to-repair”. This is to allow consumers to have their equipment repaired or upgraded by an independent technician rather than a manufacturer-approved technician.

Here it’s about avoiding the need to replace equipment once it breaks down or live through a fault like a cracked screen because it costs too much to repair. It also affects the ability to see a device serve us for the long haul such as not being able to upgrade it with higher-capacity data storage or improved functionality through its service life.

It also includes the availability of repairers who can keep our equipment in good repair such as being able to take our smartphones to the repair kiosks in the shopping malls when the screen breaks or the battery dies out.

Could that church or other community organisation use this espresso machine as part of their coffee-stall fundraiser without its use being questioned by the machine’s manufacturer?

For small businesses and community organisations, there is the issue of being able to use high-quality cost-effective equipment pitched at the domestic market yet be able to seek repairs at a cost-effective price even though the equipment such as a microwave oven or premium “bean-to-cup” espresso machine  is used in what is seen by the manufacturer as “commercial use”.

There is also the issue of seeking insurance coverage for repairs done to equipment that had suffered damage, something that can affect policies that provide accidental-damage coverage or industry-specific liability coverage associated with providing services. In this case, there is more incentive to have the repair covered without any party needing to be slugged extra when it comes to premiums or excesses.

The European Union have tackled this issue under many fronts when it comes to equipment being maintained in Europe.

Here, it encompasses the availability of spare parts, tools and knowledge to independent European-based repairers, including the ability to easily dismantle the product rather than having parts like batteries glued in to it. This includes having the spare parts available for the product’s lifespan and function. In some ways I would also see it as encouraging “parts-common”design approaches where equipment uses parts that are common with prior designs or maintaining a particular design platform for a very long time but providing incremental improvements.

Personally, I would also like to see the availability of “official” optional-function modules and accessories for the product available also for its lifespan. This is important with European-designed electronics, especially television sets, where the manufacturers were providing modules to add functionality to these devices like teletext reception, viewdata terminal functionality or picture-in-picture functionality once a technician installed the required module.

The Europeans also demonstrate an interest in the “right-to-repair” issue because they want to see more European-based employment of technicians in European-based repair workshops along with the sale of second-hand equipment within Europe. Let’s not forget a call-back to European values when it comes to how consumer electronics and similar items offered in that area by European firms are designed and manufactured. It is infact something I have noticed with equipment that has a strong European pedigree like the Freebox Révolution, and the AVM Fritz!box routers or even the Revox B77 open-reel tape deck which I had regarded as the “Technics SL-1200” of open-reel stereo tape decks – a model that existed for a long time with a large parts base and given respect by personal and professional users. This is where there is an emphasis on a long service life and the ability to see a continual product-improvement cycle over a long time even for existing products.

Here, the Europeans are also using another angle to approach the “right-to-repair” issue. They want to provide an incentive for manufacturers to offer repairable products by requiring them to extend the warranty period on the product if it takes more than a month for a warranty repair job to be completed.

They also want to see some form of standard consumer-facing identification of products prior to purchase to highlight their durability and repairability. This also includes the continual availability of updated firmware for these products so there is a committment to data security but also the ability for a device to adapt to newer circumstances.

At least Europe is joining in with the USA to push for “right-to-repair” along with having equipment designed for a long service life rather than ending up as e-waste.

Article

How A Prison Had Its CCTV Hacked | Lifehacker Australia

My Comments

In this article, it was found that a prison’s video-surveillance system was compromised. The security team checked the network but found that it wasn’t the institution’s main back-office network that was compromised but a Windows Server 2003 server that was affected. This box had to be kept at a particular operating environment so it could work properly with particular surveillance cameras.

The reality with “business-durable” hardware and systems

Here, the problem was focusing on an issue with “business-durable” hardware like the video-surveillance cameras, point-of-sale receipt printers and similar hardware that is expected to have a very long lifespan, usually in the order of five to ten years. But computer software works to a different reality where it evolves every year. In most cases, it includes the frequent delivery of software patches to improve performance, remedy security problems or keep the system compliant to new operating requirements.

Newer software environments and unsupported hardware

The main problem that can occur is that if a computer is running a newer operating environment, some peripherals will work on lesser functionality or won’t work at all. It can come about very easily if a manufacturer has declared “end of life” on the device and won’t update the firmware or driver set for it. This also applies if a manufacturer has abandoned their product base in one or more of their markets and leaves their customers high and dry.

Requirement to “freeze” software environments

Then those sites that are dependent on these devices will end up running servers and other computer equipment that are frozen with a particular operating environment in order to assure the compatibility and stability for the system. This can then compromise the security of the system because the equipment cannot run newly-patched software that answers the latest threats. Similarly, the system cannot perform at its best or support the installation of new hardware due to the use of “old code”.

In some cases, this could allow contractors to deploy the chosen updates using removable media which can be a security risk in itself.

Design and lifecycle issues

Use standards as much as possible

One way to tackle this issue is to support standard hardware-software interfaces through the device’s and software’s lifecycle. Examples of these include UPnP Device Control Protocols, USB Device Classes, Bluetooth Profiles and the like. It also includes industry-specific standards like ONVIF for video-surveillance, DLNA for audio-video reproduction

If a standard was just ratified through the device’s lifespan, I would suggest that it be implemented. Similarly, the operating environment and application software would also have to support the core functionality such as through device-class drivers.

Provide a field-updatable software ecosystem

Similarly, a device would have to be designed to support field-updatable software and any software-update program would have to cover the expected lifespan of these devices. If a manufacturer wanted to declare “end of life” on a device, they could make sure that the last major update is one that enshrines all industry-specific standards and device classes, then encompass the device in a “software roll-up” program that covers compliance, safety and security issues only.

As well, a “last driver update” could then be sent to operating-system vendors like Microsoft so that the device can work with newer iterations of the operating systems that they release. This is more so if the operating-system vendor is responsible for curating driver sets and other software for their customers.

The device firmware has to work in such a way to permit newer software to run on servers and workstations without impairing the device’s functionality.

As well, the field-updating infrastructure should be able to work in a similar way to how regular and mobile computer setups are updated in most cases. This is where the software is sourced from the developers or manufacturers via the Internet, whether this involves a staging server or not. This should also include secure verification of the software such as code-signing and server verification where applicable.

Conclusion

What this hacking situation revealed is that manufacturers and software designers need to look seriously at the “business-durable” product classes and pay better attention to having them work to current expectations. This then allows us to keep computer systems associated with them up to date and to current secure expectations.