← Back to context

Comment by Nextgrid

18 hours ago

> with redundant power, cooling, etc

The doors the system controls don't have any of this. Hell, the whole building doesn't have any of this. And it definitely doesn't have redundant internet connections to the cloud-based control plane.

This is fear-mongering when a passive PC running a container image on boot will suffice plenty. For updates a script that runs on boot and at regular intervals that pulls down the latest image with a 30s timeout if it can't reach the server.

12 comments

Nextgrid

Reply
onli  18 hours ago

What updates? That would be on a local network and have no internet connection, if done right.

  • csomar  17 hours ago

    I am guessing the main attraction of such a system is that owners can set the cards remotely and get data about it (ie: who accessed and when)

  • sofixa  17 hours ago

    And? That doesn't mean, especially for a system with security impact (like door access), that it should never be updated.

Telemakhos  18 hours ago

You know what else would suffice plenty? Physical keys and mechanical locks. They worked (and still work) without electricity. The tech is mature and well-understood.

  • Nextgrid  17 hours ago

    The reason for moving away from physical keys is that key management becomes a nightmare; you can't "revoke" a key without changing all the locks which is an expensive operation and requires distributing new keys to everyone else. Electronic access control solves that.

lazide  18 hours ago

Those devices can be trivially power cycled, and won’t have as many issues with dodgy power. Some PC somewhere with storage is a bigger problem.

  • Nextgrid  17 hours ago

    > Some PC somewhere with storage is a bigger problem

    Both an embedded microcontroller and a PC have storage. The reason you can power-cycle a microcontroller at will is because that storage is read-only and only a specific portion dedicated to state is writable (and the device can be reset if that ever gets corrupted).

    Use a buildroot/yocto image on the PC with read-only partitions and a separate state partition that the system can rebuild on boot if it gets corrupted and you'll have something that can be power-cycled with no issues. Network hardware is internally often Linux-based and manages to do fine for exactly this reason.

    • lazide  16 hours ago

      PCs are orders of magnitude more complex, with a lot more to break. Sounds like a whole lot of work for… what?

      Assuming the internet connection and AWS work of course. Which they won’t always, then oops.

      3 replies →