[Arm-dev] Enterprise distros and the two faces of 'reliability'

Fri Oct 26 17:28:35 UTC 2018
Robert Moskowitz <rgm at htt-consult.com>


On 10/26/18 1:08 PM, Gordan Bobic wrote:
>
>
> On Fri, Oct 26, 2018 at 5:58 PM Robert Moskowitz <rgm at htt-consult.com 
> <mailto:rgm at htt-consult.com>> wrote:
>
>
>
>     On 10/26/18 12:19 PM, Fred Gleason wrote:
>     > Howdy Folks:
>     >
>     >
>     > All of this to pose the question: is an ‘enterprise’ distro (in the
>     > specific sense meant here) an appropriate long-term choice for an
>     > ‘embedded’ project? Given the stated intention of the Upstream
>     > Provider to support only ARM systems that integrate APCI and comply
>     > with SBSA  [Server Base System Architecture] standards in future
>     major
>     > releases (see
>     >
>     https://lists.centos.org/pipermail/arm-dev/2017-October/003120.html),
>     > is such a distro an appropriate long-term choice for an ‘embedded’
>     > project?
>
>     There are a number of issues around embedded systems.
>
>     They have to work for 10 - 20 years.
>
>     They have to be 'safe' for as long as they are working. 
>
>
>     At development time, often the most current components are needed
>     (e.g.
>     openSSL 1.1.1, TLS 1.3)
>          This is because, often only patches are done and things still
>     need
>     to work in 10 years.
>
>
> Most embedded devices don't get firmware update after a couple of 
> years if they ever get any in the first place. It's a tragic state of 
> affairs, but that's my experience at least.
> Unless there is a major issue that is likely to get somebody outright 
> killed, your chances of getting a firmware update after a few years, 
> expecially after the appliance is no longer manufactured, is very 
> close to 0.


I work with people that are mandated by law to perform updates for 10 
years.  Some of these systems have been deployed for over 4 years 
already and are getting their updates as needed via different strategies.

Some of these companies are firmly in the BSD camp of one flavor or 
another for licensing reasons.  So they say.  Some have thousand to 
millions of systems deployed or planned.

Many vendors simply love the consumer purchase model as they hope they 
can just wash their hands of any future problems.  Make fixes available, 
but not easy.  Hey, it is cheap, go buy a newer model! Look at the 
attacks against most of the Internet accessible baby monitors.  I met 
the researcher that compromised almost a dozen models (when we last talked).

Most maintain their own distribution services.  They like only needing 
the QA step before releasing an update.

The landscape if varied and full of landmines  :)

The current battle ground is the home controller.  Apple, Google, and 
Amazon are fighting for dominance and the rest are, perhaps, bit players.

>
>
>     I still deal with embedded systems that are 8bit processors with 32KB
>     memory/storage.  Those need not apply to this discussion.
>
>
> I work with guys who write firmware for new devices with such 
> specifications.
>
>
>     I have dealt with vendors that say they now charge extra for only 1GB
>     memory, as their current design is 2GB.  And they call this an IoT
>     board....
>
>     There are many classes of embedded systems.  You look at what is
>     being
>     embedded in home control gateways, they either are cloud service
>     based
>     (great for captive customers and monetizing) or self-sufficient
>     for lots
>     of reasons (privacy for one).
>
>     So I am here, because I believe in enterprise code for these systems.
>
>
> What constitutes "embedded" varies depending on who you ask.
> 15 yers ago I laughed at a MS developer who programmed "embedded" 
> systems based on XP, which back then to him meant "a device with 
> 'only' 128MB of RAM".
> My modified ancient WRT56GS WiFi router has 64MB of RAM and a 32-bit 
> MIPS processor - a spec for which I would have had to sell most of my 
> vital organs 20 years go to get it in a monster workstation on my desk.
>
> Unfortunately, as you increase the size and complexity, the 
> probability of problems increases exponentially.

Why Apple has very limited partners that can add code at the OS level.  
I know.  I was at Verizon when we wanted to do this and were told 
categorically NO.  Android was willing, but without both, the project died.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/arm-dev/attachments/20181026/b96d0be5/attachment-0006.html>