On Tue, Oct 14, 2014 at 3:57 PM, Jim Gettys <jg@xxxxxxxxxxxxxxx> wrote: > > There is a serious issue lurking here: it is *not* safe for devices to be > without software updates. And it isn't safe to presume the upstream > manufacturer is being diligent in providing those updates. And nagging end > users to do something that they don't understand is also not a solution. I think we need to divide divide devices into 'simple enough to not need updates' and 'make use of a standard update process'. My car has 30 computers in it (and a newer model would likely have 60). There is one on every wheel counting the rotations for the ABS system. Do I really want them all to be updatable? In general I only want devices to have an update capability if they 1) have sufficient CPU power to authenticate the replacement code and 2) have enough memory to hold the old and new code in memory while the new code is being verified.