Small bit about that Wi-Fi remark. Yes in your case it’s close to the server but Wi-Fi lets you mount the touchscreen anywhere. Wi-Fi completely makes sense here.
The equivalent energy monitoring device in my flat uses an RF link (no idea what kind, I haven't investigated further) to talk to its base station. Wireless seems fine, but WiFi itself seems like overkill.
Absolutely. Try retrofitting this into a multi unit home and "just run a digital data cable up there". With some bad luck, this can easily cost as much as the whole unit.
I don't like getting everything on WiFi, too. OTOH I have ~30 devices on an VLAN isolated IoT WiFi network. This easily saved us a 4 digit expense and a lot of time(!) as opposed to installing new additional wire (redoing all the old ones was bad enough). Plus, I can do dumb stuff like control my office's window blinds individually, which is nice when only one of them has the sun blinding me while using the PC (temporary desk location due to ongoing renovations).
Yes! I started taking some notes when I was halfway through, that helped a lot with the thought reconstruction. There is no chance I would find these TCF links organically again
Ah, it's not just me that does this. I also start taking notes from the beginning now, otherwise when I go back to write it up for others I sometimes can't even replicate the starting conditions.
My guess was that it probably had a time correction feature from those British radio tower integration, but this device is from 2015 (says in the article), so probably not.
Could prolly take it out of access point and attach it to your network (or one you segregated from your actual network). Set up nat, dyndns, wireshark and see what happens.
> Turns out, they found out an even more innovative time sync mechanism. When you open the UI in the browser, they quickly redirect you to "/set-time/" + Date.now(). This sets a global variable in the Node.js app responsible for "now".
If the live and neutral cables of your electricity supply are seperate and accessible, you can buy a meter that measures power use with a clamp (loop) that fits around the live cable. Perfectly safe, they were often given away by electric companies in Britain in the 2010s to encourage thriftiness.
For a time, Java was set to be the 'everything everywhere' language, IIRC in some quarters the hype behind Java on everything was even bigger than Cloud, then Crypto, then AI.
SIM cards and secure elements still use this, but it's arguably less Java than Javascript. Except that the trademark and tech (JavaCard) was owned by Sun, now Oracle. It's the basis of the claim, that gazillion devices run Java.
JavaCard is a massively trimmed down version which is more a dumbed down C (with no standardization, little documentation and no third-party tool support) which is essentially Java reduced to basic arithmetic operator, an arguably saner, much trimmed down standard library focusing on cryptography and most importantly no GC.
Very nostalgic, I have developed several apps before with Lollipop and was surprised with their choice of using WebView. I believe they set the NetThings app as a “launcher” app?
The launcher with its Holo tabs and the icon style look more like Android 4.something (I to K) to me, by the way. Android 5 (L) was the first Material Design release (the one[1] that had actual coherent principles behind it).
Yeah given the holoyolo look it's almost certainly ICS or jelly bean. I think kitkat's launcher looked a bit different, it didn't have the tabs: by then they had moved from tron blue to white.
Awesome! I had some instances of "digging so deep into a fascinating problem that I forgot the initial reason I started digging" :)
It actually looks like a reasonable system overall. Maybe a bit bloated on the node.js side (what isn't?), but I wonder if they just had that toolchain already in place/experience with it, even though it's overkill for the system as-is. Or maybe they just googled how to do networking and copy/pasted the top Stack Overflow answer that included Socket.IO.
I really hope we'll look back at this fad of android powered wifi domestic IoT devices one day and laugh about how silly it all was.
Not an IoT hater. I've worked for IoT companies, and there's a lot of very smart embedded engineers doing very cool things in the space. But an old android tablet installed in the wall with a WiFI point? oh dear.
To be fair, that particular Android device is still installed and at least marginally useful. How many other Android devices from that era can say that?
Hey Nikita, that was an excellent read. It felt like a pivotal scene in a movie that would change the course of the succeeding narrative. I envy the ability to write so nicely and clearly, making it enjoyable for most generally technical people and keeping us engaged. I will watch out for more articles.
Weird to see some micromuse thing listed as the service listed for 1534. I worked for them back in like 2006 and we got eaten by IBM/Tivoli and I don't believe they kept the name for anything? I always knew nobody really updated those but man, really nobody updates those.
Ha! I did support there for Proviso— the product of a startup that Micromuse had acquired not too long before the IBM acquisition. I started in between the acquisitions.
Yeah they did a few acquisitions before being swallowed by Big Blue - I joined the London folks on OMNIbus at the tail end of '05, then in 2010 moved to Australia to work with what was still effectively a Micromuse team within IBM who had originally been bought in to Micromuse as Riversoft here in Perth.
Didn't have a huge amount of interaction with the US side of things though!
TNZ was one of my regular interactions. I regularly connected with some really competent, lovely folks over there. Especially compared to some (only some!) of the more "claws out" US customers, they were an absolute pleasure to work with.
1534 was the port used by the license manager (elmd - Elan license manager). The bane of many a Netcool installation until we joyfully ripped it out post IBM acquisition.
I think I was in Lowell for a few weeks helping out on some App Packs when I heard about the acquisition. Working with JFK? and another guy with a short nickname that escapes me right now. Wedge?
I know who JFK is— rad dude— but Wedge doesn’t ring a bell. I was in support though so my exposure to most of the dev crew was infrequent enough to make a lot of those memory recall threads pretty thin. I went to Dallas in 2006 to get the official Micromuse company training because we were basically still operating as Quallaby when I got hired. It was for… a week I think? Maybe two? Nice folks down there. Plus great barbecue for lunch and great tequila after work. Hard to argue with that.
I felt pretty bad about it, but my curiosity took over :) It was only the power for their Energy Manager though, not the power to the entire apartment!
In any case, I doubt they were actually using this Energy Manager thing anyway. The number one feature listed on websites selling these things is "Earn two code credits under the code for sustainable homes". I assume you do not need to teach people how to use the thing to earn these credits...
I was surprised someone would order this from Amazon, rather than get one from the nearest convenience shop or supermarket. Those places only sell the normal thing for local use.
I was further surprised that someone would be worried about installing the fuse. Is he also worried about plugging things in generally?
I see the recommendation every so often to buy a fuse locally, but I don’t live in Akihabara.
I HAVE to buy online electronic components, and usually it ends up being Amazon, because other national suppliers insist on charging $15 for courier shipping on a $2 part.
The person lives in an apartment in Britain. Apartments are only built in towns and cities, and are generally within walking distance of convenience shops and supermarkets.
Every plug in Britain has a fuse, so they are about as easy to buy as replacement light bulbs. Probably on the same shelf.
British household electrical systems are normally built as one large ring circuit, originally in order to save copper after WW2.
This means you don't have breakers for each branch circuit (there are no branch circuits), just the single mains breaker for the house. This single breaker is too large to trip from a short from occuring in the smaller wires inside an appliance.
So each plug (or hardwired device) needs it's own dedicated smaller fuse instead.
To add: Many pre-90s buildings don’t even have circuit breakers, they have fuse boxes with fuse wire (different fuse to the one being talked about). Literally just a piece of wire that burns out at a certain current and breaks the connection. You “reset” it by putting a new piece of wire in.
The second fuse at the plug allows using a narrower gauge of wire in the device’s cord. Let’s say you have a lamp with a 3A fuse, the cord only needs to be able to handle 3A, so then it can be lighter and cheaper. If it had to handle the same amperage as the circuit it’s plugged into then it would be seriously impractical and expensive.
Of course there are modern ways of solving this but fuses are dirt cheap and already implemented.
My last place had a 1970s Wylex board, which at least had plug-in MCB modules that replaced the fuse wire holders and can be reset. However given you can still buy fuse wire in DIY stores there still must be installations out there that need it. Shudder.
I recently replaced the old fusewire plugs with MCB modules. Really didn't fancy trying to wind a bit of wire around the terminals in the cellar in the dark :)
Houses built post-1960s (with more than one floor) will have more than one socket ring each protected by a circuit breaker at the distribution board, usually one per floor for general sockets, with a separate one for the kitchen, and usually individual 32A breakers for things like electric ovens and hobs.
Lighting rings are also separate, usually on 6A breakers. We cheap out on cable by not running neutrals to the switches, which causes nerds headaches when they want to install generic smart light switches.
My house is reasonably large (worked hard, all my own money) and has a 20-way distribution board with separate socket and light rings for groups of rooms. It’s handy for isolation purposes.
More recent builds’ rings will be protected by a combination of MCBs and RCDs, or individual RCBOs (now the cost has come down) which combine the two functions and is ultimately the safest option for most situations.
Individually fusing plugs (and in the case of high-draw appliances like washing machines and dryers, protecting with a fused socket) is still a very good idea. And don’t get me started on earthing practices in other countries…
Let’s say you desperately need a cup of tea. So you buy a cheap 4-way extension cable and 4 electric kettles. You fill all the kettles and turn them on at the same time for maximum tea-making throughput.
The combined load of all the kettles exceeds the rating of the extension cable.
With a fuse: the fuse in the extension cable plug blows, you buy another fuse, and learn some patience.
Without a fuse: the extension cable overheats and causes a fire, your house burns down, and worst of all you still don’t have any tea.
In the UK, there's typically one ring circuit and one lighting circuit per storey, a separate ring circuit for the kitchen, and dedicated circuits for large current draws such as an electric oven or hob, shower, or immersion heater.
Each circuit would have a dedicated MCB (Miniature Circuit Breaker) which will trip if too much current is drawn. The standard MCB rating for a ring circuit in the UK is 32A.
Thanks for clarifying. I took the fuse in the article to mean something like an appliance fuse, which for some reason, was conveniently located in an accessible place.
For US readers:
The big orange or blue store are probably better for you for anything electric that would go in your walls. I went down a rabbit hole of amazon clones of popular brand things like switches/dimmers/outlets and what I found is dubious UL certificates shared by multiple "brands".
That's what immediately stood out to me, why the hell would you order it from Amazon instead of literally driving 5 minutes down the road to pick one up from any electronics or hardware store? what a horribly inefficient way to do things
Slightly surprisingly there's one still for sale. £385+VAT. "worth two code credits under the Code for Sustainable Homes." Further googling finds "The Government scrapped the Code for Sustainable Homes and the national net zero carbon homes standard in 2015".
I don't really get his point. Wifi is super cheap. You can get a full stm32 with builtin wifi for like $6 for a single one. Installing a cable would be far more expensive in labor.
He's a software engineer not a electrical engineer/electrician. Before I worked in building services I would never have imagined the astronomical price some contractors charge for labour.
Have you never assumed anything in your whole life?
A fun read!
I feel compelled to say that all British (type G plugs) _have_ to be fused as the ring main has a maximum current of (typically) 30A yet the plug and socket maximum is 13A. So every appliance plug is fused, and the consumer unit has an RCD on most accessible circuits in addition to a circuit breaker.
Some plugs don't make the fuse obvious, but the traditional values are 1A, 3A, 5A, 7A, 10A and 13A (iirc -- for some reason!)
There are actually many features of the British and European wiring system that I think are really quite good. The device is closely related to a "smart meter", which are being slowly rolled out -- the UI is similar to those rolled out nationally, but it's a bit different.
Fuses in plugs in Britain are either 3A or 13A, by regulation. 5A used to be another value, but is no longer used (though replacement 5A fuses are easily available.)
I've never seen 7A or 10A fuses, and I was the kind of boy to rummage through my grandparent's workshops. ..
They are available in the sizes I mentioned, plus 2A – https://www.farnell.com/datasheets/1683350.pdf – and your comment made me actually look up the regulation out of curiosity as I know I have seen some of those other sizes in the lab! The wiring regs are enforced in statute by The Plugs and Sockets (Etc) Statutory Instrument 1994 [1] which mandates the compliance of two British standards, BS 1362 and BS 1363 for fuses and plugs respectively. The exact wording of BS 1363 (at least the version of it I can access) is
> [...] all rewirable plugs shall be marked on the engagement surface with the rated current. All non-rewirable plugs shall be marked with the rated current of the fuse link fitted, which shall not exceed the value given in Table 2 for the appropriate size of flexible cord
Table 2 itself prescribes a maximum fuse rating of 3 A or "(5 A)" [see below] for a conductor cross-sectional area of 0.5 mm^2, and 13 A for all larger conductor areas (0.75, 1, 1.25, and 1.5 mm^2). It is entitled "Rated current and maximum fuse rating in normal use, and load for flexing and cord grip tests related to size of flexible cord"
> [...] The figure in brackets indicates the fuse rating when a non rewirable plug is used with certain types of equipment where the use
of a 5 A fuse link is necessary because of the high instantaneous inrush current
So there we go, I think – we're all sort of right. Thanks for sending me down this rabbit hole!
Why don’t you use a 13A circuit breaker in UK? That’s what we do in the rest of the EU, I think.
There’s a main input to the house which usually is around 15A-30A , then we’ve got multiple sublines with individual circuit breakers, typically 10A or 16A.
I just read up about radial vs ring circuits; I had seen ring circuits only in industrial contexts here in Italy, so the fused approach makes sense I suppose.
Probably depends on the country. In Italy we usually employ natural gas stoves and we use natural gas furnaces for heating, so normally you get a 3kw to 6kw max inbound power. I think you can easily get to 10kw, but above that it's quite difficult.
That's interesting. I wonder if that's part of the reason why electric car uptake has been so low in Italy? Most houses here in the UK have enough capacity to run a 7kW charger alongside other household stuff. My house electricity supply must be 50 years old and 80A (about 18 kW) - so it's not even a recent thing. Do people in Italy never have electric showers? How much power do they run to a new house?
From a decarbonisation point of view it's a real challenge - the only current path to low carbon living is through electrification of heating, cooking and transport.
I may add that there is an additional (lesser known) issue.
The "typical" contract is 3 kW, due to air conditioners becoming more common, many people upgraded to 4.5 kW (it was also possible, cannot say if it still possible now, to make a 3 kW contract with an upgrade only during three or four months in the summer).
Very few people (and very large houses) have a 6 kW contract.
The "fixed" part ("potenza impegnata" translatable to "committed power capacity") is a non thrifling part of the monthly (or every two month) electricity bill, so eveyone historically used the smallest possible contract (usually there is a 10% or 20% more allowed for peaks).
The electrical plant needs to be made (and certified) by a licensed electrician BUT (and here is the catch) only up to 6kW the electrician can make (and certify it) without the need of a project by an authorized technician, which adds some costs.
Additionally (of course it depends on the specific area) up to 6 kW it is considered "normal" and it is rare that the distributors asks for compensation (besides the increase in the bill, and an initial "fixed amount" ) whilst when you go up, it is not uncommon that you are asked a sum as a contribution for the works needed to upgrade the distribution lines.
For increasing from 3 kW to 6 kW it would be around 70 € x 3= 210 € + around 50 € + VAT and then around 22 € x 3= 66 €/year (again + VAT).
Stepping up from 6 to 10 (besides needing the project and re-certification) is not unlikely to cost several hundreds or a few thousands Euro.
Anyway, before the issues with the power needed for re-charging, few people have the "luxury" of a parking space or garage, I would presume that this is a bigger obstacle for electric car adoption.
Ring circuits may have made sense in the past, but they really don't any more. It's basically impossible to test a ring circuit in place - you have to break the connection somewhere to ensure the ring is complete. That's a huge downside. They were conceived at a time when circuit breakers were expensive and wire was in short supply - neither is true now, yet people are still installing them.
The weirdest bit for me was when he ordered a 3am fuse from Amazon, rather than just wandering down to the corner shop for a little blister pack that has 13amp, 5amp and 3amp fuses. Usually just next to the sewing kits
> There were two strings printed with labels “SSID” and “Pwd”. I froze in horror. They wouldn’t dare. It is literally 3 meter distance. These are embedded devices, they do not need this complexity…
Not surprising at all. I would expect that a lot of these are bought as retrofits, and not as a part of new construction. Running wires through existing walls can be annoying, and they don't want to put that barrier to sale in front of them. And you can get a good-enough WiFi chipset for a few bucks these days.
> I need a 3A fuse [...] After installation, I checked the temperature of the fuse multiple times during the day to get at least some indication that things are not going to get worse. It worked fine for a more than a week now, but I still do not recommend experiments like this to anyone.
Probably don't need to be so worried here. If it's a 3A fuse, the entirety of your apartment's mains power is not running through it. A 3A fuse would burn out in a fraction of a second if you tried to do that.
Also, oh, man, Jazelle. I'd forgotten about that. Hardware support for Java bytecode... that did not pan out well.
> Probably don't need to be so worried here. If it's a 3A fuse, the entirety of your apartment's mains power is not running through it.
If it's a "3A fuse" that doesn't blow at 6A or worse, then it will get very hot (fire hazard) if/when there's a short regardless of the distance to the mains power.
If it truly is a 3A fuse, then great. If it's bought from Amazon then I doubt it's truly a 3A fuse.
Louis Rossman over at YouTube has been going over this fuses thing from Amazon. All the fuses he tried from top-results didn't blow until he put 4x or 5x the current rating through them.
Probably not. But precision is expensive. A 3A +- 0.1A fuse will be more expensive to make them a 3A +- 6A fuse. And of course a customer will be upset with a 3A - 2A = 1A fuse so they really make a 9A +- 6A fuse and sell it as 3A.
So if you are "lucky" you can pass 12A though it no problem.
1) a dead short in the circuit. Fuse will blow pretty much instantly.
2) an overload on the circuit. Fuse will blow sooner or later depending on how great the load excess is. If the fuse is rated at 3A, it's not going to be fine at 2.9A and then instantly blow at 3.1A. You'd need actual current monitoring to do that.
And some fuses are "delayed" to allow an overload for a few moments, such as when starting a motor.
None of this disputes that Amazon is well known to sell garbage, and not just limited to fuses. That's why I don't buy anything there.
Also, too: Wifi has inherent galvanic isolation with a wide gap.
It isn't strictly necessary, as anyone here obviously knows, but it can be a cost-effective way to isolate the [electrical] pokey-bits from the [meat-based] pokey-bits, and to avoid loops when things go wrong.
> A 3A fuse would burn out in a fraction of a second if you tried to do that.
he bought it on Amazon. He has every reason to be worried that it won't burn out. Louis Rossman did a video[0] where he put 8 amps through a 2 amp fuse and left the room for quite a long time, I think it was several minutes with 8a going through a 2a fuse.
I'm not going to watch the whole video but it doesn't seem like it supports the point you're trying to make.
> How long does it take for your 400mA multimeter fuse to blow at 600mA?
> The amazing unpredictability of fusing current ratings at low overloads.
It makes a point of saying that fuses are imprecise, i.e. that a fuse likely won't blow when 600mA of current passes through a 400mA fuse for a few seconds.
What Rossmann discovered was that fuses from Amazon took 4x the rated current for minutes. That's many orders of magnitude out of spec.
The relationship between the amount of overload and how fast the fuse is supposed to blow is quadratic, not linear. As an example with somewhat made-up numbers, at 1x it might take hours to blow, at 2x it might take a minute or two, at 3x it shouldn't take more than a second and at 4x it should be nearly instant.
If it's supposed to blow in 0.1 seconds when overloaded by 4x, then taking 10 minutes is many orders of magnitude in my book. While that fuse is taking its sweet time, wiring or other components are being heated out of spec (16x more heat at 4x the current), potentially posing a fire hazard or damaging the device it's supposed to be protecting.
Sorry, I misread you, didn't catch you meant the time. Also good point about the possible power damage being quadratic on the current.
Thanks for the polite clarification.
Seriously, I think they would refund the fuse since you are not satisfied.
I think the only way for Amazon to stop organizing countraband would be if dozens of people die in each country and it makes a big media mess and public prosecutors finally rule that Amazon is responsible for mingling and smuggling the products in-country.
Which will impact all
marketplaces, requiring Craigslist/Leboncoin/Gumtree to asses the liability of the sellers on the marketplace.
In general, people have the wrong idea about how fuses work. They're not supposed to blow at their rated current, they're supposed to withstand it indefinitely, and only blow at much higher currents. Look up any datasheet from a well established manufacturer and see for yourself (like this one from littelfuse: https://littelfuse.com/products/fuses/cartridge-fuses/5x20mm... )
People also have a wrong idea about how buying electronic components on Amazon/Aliexpress/eBay/etc. works. You buy a few of the same, test them, then use them if they work. Otherwise ask for refund.
Otherwise you're up for a big surprise that all your TL081's are LM356 instead, or that mosfet you bought has 3x the Rds(on) than expected, or that your fuse doesn't work.
Indeed. There is a slight temperature dependent de-rating, but in general that is correct. To add, Littelfuse is in fact the inventor of the standard automotive blade fuses - they know their fuses if anyone does. I archived a datasheet of some of their blade fuses here [0] - you can see that a 1-amp fuse will run at 1A indefinitely, 2A for 300ms, 3A ~100ms, 4A ~60ms, 5A ~40ms etc. The same datasheet will tell you the temperature derating for their blade fuses is less than 25% at any temperatures you want your electronics to live at.
Another fun fact that is obvious from applying Ohm's Law - you can calculate the current flowing through a fuse by measuring the voltage drop. You can do the math yourself, or there are handy "fuse voltage drop charts" so you don't even have to use a calculator. Yes, this means that with a simple oscilloscope you now have a portable energy meter that requires zero rewiring. Ha, I accidentally brought us full circle :)
Just be careful with that, measuring mains is a bad idea with most oscilloscopes. The ground pin is usually connected to mains earth, so if you're not careful, you might create a short and blow up your scope. If you have one of these battery powered ones, it'll be fine, but the mains powedered ones are usually a no-no.
Ah, I was referring to automotive blade fuses (which have lovely little contacts on top for measuring.) They are only rated to 32VDC so if you are running mains through that you have other issues. Indeed I'd just use my battery-powered oscilloscope to measure mains but if I wanted to use a benchtop scope I'd use an isolation transformer.
Amazon had one of their buildings in California shut down a few months ago by the fire department when a generator started smoking. It was probably due to a bad fuse they bought off Amazon. https://signalscv.com/2023/07/fire-breaks-out-at-amazon/ That's how blinded by their avarice Amazon has become; they can't even protect their own house. Notice how the Nilight fuses (https://amzn.to/3S06G2n) are still listed, even after a YouTube video with 300,000 views demonstrated that their 2 ampere fuse takes 10 amps to blow. I even had an electrical fire in my house recently, due to components that I purchased off Amazon. I know Amazon monitors Hacker News PR closely, since they took down those ChatGPT generated listings within minutes of us posting them here. Yet they do nothing about product listings that put our lives, and their own lives, in critical danger.
> I know Amazon monitors Hacker News PR closely, since they took down those ChatGPT generated listings within minutes of us posting them here.
Like other engineers at Big Tech, Amazon Engineers also read HN and the post in question happened to be on the HN front page around the lunch break of a work day, IIRC.
It’s easy to imagine one or more Amazon engineers internally pinging the team responsible for Amazon listings hence the appearance that Amazon was able to take down/hide those ChatGPT generated listings in less than an hour of it landing here.
Well yeah, there's that. My assumption about the worry the author expressed was that it was just an "I'm a little uncomfortable with mains power" type worry, not "did I buy a crappy part that's going to explode" type worry. If it was the latter, that's, well... entirely avoidable.
> Running wires through existing walls can be annoying, and they don't want to put that barrier to sale in front of them.
It also makes it more convenient to compromise the device from across the street (or across town with a directional antenna). Though of course that's not a problem if your security is up to par and the device continues to receive regular security updates, and we can only surmise that the author has discovered a rare outlier in this space where that is not the case.
device continues to receive regular security updates
Have to reply to this, and my response was covered a bit by your statement of "security up to par".
Nothing should be considered secure. All those bug bounties are to entice black hats, into giving up juicy pre-0day vulnerabilities.
So just because a device is up to date with security updates, we all must understand, there are countless bugs unknown, needing to be patched, and often, being discovered by those that will never tell, never disclose, never report, and only use them for nefarious purposes.
This is why security is nothing without monitoring.
And why nothing is ever "safe", only likely "more safe" due to a security update.
Consider everything that is network connected as compromised. Everything.
> Consider everything that is network connected as compromised. Everything.
This doesn't seem like useful advice.
If you know something is compromised, you're going to want to stop using it and build a clean system etc. You can't just do that continuously the instant you've built the new system.
Likewise, how does monitoring even work? Every device and app wants to phone home to some random server. The connection will be encrypted and even if it wasn't it could be some arbitrary custom protocol you'd have to spend several hours to reverse engineer. You could just block them all but that will cause massive breakage and possibly impair security when the thing you're blocking is whatever thing's security update mechanism.
I think this discussion mostly comes down to how we interpret the word “secure”. Do we mean “zero risk”, “nothing can go bad”, “no potential attack, ever”?
Or do we mean “low enough risk for this thing , here, now”? I prefer the latter, even if that implies that statements like “this thing is secure” are somewhat useless due to the subjectivity.
Same thing as the security of the lock on our doors. We know that if somebody really want to get into our homes they will. In the case of IoT and computers add to it the automation of the attack.
What do we do with our homes? Tradeoffs.
We put some valuables in banks, we keep some at home. We insure precious items, if we do have them. We curse when burglars steal from us.
We also install curtains so people outside cannot look at us and at what we are doing at home. There are several level of protections to do the same thing for networks and devices. Of course vulnerabilities mean that they are not perfect. Curtains are not perfect too. Add to that imaging through walls with WiFi or mobile network signals, but that's still fringe at best even if you should read https://news.ycombinator.com/item?id=37469920
I agree with your first part, but not with your second. It really depends what you use, you can easily build up a while home automation system that doesn't phone home or require internet at all
> we can only surmise that the author has discovered a rare outlier in this space where that is not the case.
Exactly what I was thinking! What luck that the author found the single IoT device out there that's a cobbled together piece of bodged electronics designed by a graduate from a webdev bootcamp with a Corel Draw focus. A device that, while only ~15 years old is not only hopelessly useless, but also obsolete and insecure.
It's a good thing all other consumer IoT device manufacturers think about and prioritize security, longevity! Also, that customers nowadays are more focused on installing something fit-for-purpose and sustainable once than buying the cheapest shit possible with the blinkiest LEDs.
I shudder to think about how long they tried to get the string-and-cups based telephone to work in my building until the 1930's when they installed the copper still used today for DSL. Or how terrible the paper-straw based water system must have been up to the 1890's when they realized investing in metal pipes has advantages. So glad the days of short-term thinking are behind us.
I’m passionate about the problem of software maintenance:
- Can we solve this with some companies dedicated to maintaining simple code (1 probe, 2 charts for each IoT, or more if the IoT subscribed for more) multiplied by 10k different IoT objects over 30 years?
- How would upgrading all of them look like? Can we batch the upgrade of NPM’s package.json? Can we define a minimum toolset, say NPM+Next+React, for long-term support?
- How can we keep software engineers passionate for that software over dozens of years? Can the challenge of upgrading and migrating to newer frameworks and applying security upgrade be ever a trove of genius and a competiton of the best hacks?
For the moment, when it’s done, it’s all GitHub Actions. Released in 2018. Well, not a good start. Plus everyone has a different pile of … in their actions, it’s all custom code, nothing is standardized, and each new IoT requires a new guy writing new ones.
- Is this already done in some part of OSS (openWrt?) and how do they deal with the boredom of engineers?
Sure, but manufacturers -- as we should well know by now -- don't particularly care about that.
And for a device like this -- a rare one where it seems they sold it without any kind of online subscription service -- their goal is to sell units, and telling people they'll have to cut holes in their walls and run wires (for most people this probably means hiring someone) is certainly going to sell fewer units.
> Also, oh, man, Jazelle. I'd forgotten about that. Hardware support for Java bytecode... that did not pan out well.
I'd love someday to learn more about why Jazelle failed.
The first SoC I worked on almost 20 years ago was built around an ARM926EJ-S, just like in the story. It was built for Nokia, who used Symbian OS [1], and supported user-installable apps written against Java Micro Edition [2].
The utter mess of Symbian's app discovery and installation, I suspect, was a prime reason Apple created their App Store for the iPhone.
Nevertheless, the fundamental concept of HW-accelerated Java apps doesn't sound crazy. What happened? Were they just stuck with a sinking ship, Symbian?
> Also, oh, man, Jazelle. I'd forgotten about that. Hardware support for Java bytecode... that did not pan out well.
As someone who was too young to be paying any attention during this time, what were some of the reasons this didn’t pan out? Java seems so dominant looking back that I’m surprised something like this wouldn’t have been a success.
I have also wondered this for years, and always was told "because JITs work better", but that felt a bit handwavy. Luckily for both of us David Chisnall just published an article on ACM about designing ISAs that properly explains the reasoning behind Jazelle and why it did not work in the long run:
> Small code is also important [for a simple single-issue in-order core]. A small microcontroller core may be as small as 10KB of SRAM (static random access memory). A small decrease in encoding efficiency can dwarf everything when considering the total area cost: If you need 20 percent more SRAM for your code, then that can be equivalent to doubling the core area. Unfortunately, this constraint almost directly contradicts the previous one [about decoder complexity]. This is why Thumb-2 and RISC-V focused on a variable length encoding that is simple to decode: They save code size without significantly increasing decoder complexity.
> This is a complex tradeoff that is made even more complicated when considering multiple languages. For example, Arm briefly supported Jazelle DBX (direct bytecode execution) on some of its mobile cores. This involved decoding Java bytecode directly, with Java VM (virtual machine) state mapped into specific registers. A Java add instruction, implemented in a software interpreter, requires at least one load to read the instruction, a conditional branch to find the right handler, and then another to perform the add. With Jazelle, the load happens via instruction fetch, and the add would add the two registers that represented the top of the Java stack. This was far more efficient than an interpreter but did not perform as well as a JIT (just-in-time) compiler, which could do a bit more analysis between Java bytecodes.
> Jazelle DBX is an interesting case study because it made sense only in the context of a specific set of source languages and microarchitectures. It provided no benefits for languages that didn't run in a Java VM. By the time devices had more than about 4MB of RAM, Jazelle was outperformed by a JIT. Within that envelope, however, it was a good design choice.
> Jazelle DBX should serve as a reminder that optimizations for one size of core can be incredibly bad choices for other cores
So: a decent JIT works better if you can afford the overhead of the JIT. Jazelle was only a good idea in a very brief period of time when this wasn't true, and even then only if you insist on running a Java VM.
The Lisp machine failed because Lisp compiler technology got better and better at targeting generic 32-bit CPU hardware, which was becoming increasingly cheap and plentiful. So the benefits of having all this custom hardware to specially execute Lisp code were nullified -- leaving only the costs.
The same thing happened to Java in hardware. It seemed like a good idea at the time because it allowed developers to target a language they were already familiar with, and present an alternative to Wintel -- especially when you realize that Java was all the rage as a sort of universal programming environment, and in particular J2ME was a big deal for proto-"smart" phones before the iPhone came along. But embedded Java didn't really pan out, memory and CPU time got cheaper, and compiler and JIT tech improved to the point where there was just no benefit to adding the hardware it took to decode Java instructions. So Jazelle was deprecated and replaced with something called ThumbEE, which was a more generic framework based on ARM's Thumb instruction set for running code for an abstract machine, providing features like automatic null-pointer checking and that. Like you could set up a ThumbEE environment for running Python or .NET code in addition to Java. Nowadays even ThumbEE is deprecated. Neither feature appears in ARMv8 processors, for instance.
>> To be honest, the whole thing was a bit scary, since I was very close to the mains
I laughed at this. Changing a fuse is… a bit scary? They literally teach this in elementary school in the U.K. - or they did. As you say, no need to fretfully check the fuse - either it blows or it doesn’t, and you’ll know when it does. At least he didn’t find the receptacle holding a dead fuse, carefully wrapped in the ceremonial aluminium shroud of eternal life and certain death, which is a crime I may have committed in my younger, more fire-prone years.
I find it interesting how uncomfortable some people are outside of their comfort zones - but then I am a person who spends his life sticking his nose in stuff he has no business with.
I don't know how old the author is, but I'm not surprised when people even 10-15 years younger than I am (I'm in my 40s) shy away from digging into the guts of how things work.
I feel like I was at the tail end of when it was ok to experiment with technology as a kid and teen. The early '00s brought much more in the way of disposable, locked-down devices. Kids growing up today (despite the educational push of orgs like the Raspberry Pi Foundation) are presented with hermetically-sealed devices that present a sanitized interface. Manufacturers explicitly don't want their customers taking things apart, discovering how they work, or tinkering with them in any way... and often even try to put legal barriers in place to keep people from doing stuff like this.
This is a far cry from when I was very young (and before I was born) when computers and kits would come with full schematics and datasheets!
> tcf-agent is [...] probably the second biggest security vulnerability after passwordless root SSH.
I thought that passwordless SSH is actually a good idea in general for servers? Assuming, that is, that the public/private key login mechanism is used as the alternative to passwords.
> TCF seems to be closedly tied to Eclipse ecosystem. The Getting Started guide suggests several plugins for Eclipse as the main way to interact with tcf-agent. I tried installing these plugins on a new version of Eclipse and it is absolutely impossible. There are dependency issues everywhere and when you actually try to install the missing dependencies, Eclipse does not let you because they conflict with some other dependencies.
I laughed out loud at this part. Some things never changed I guess.
This is also what happens whenever I try to install anything that uses the package managers for python or perl. For some reason, these two always fail with messages about conflicting, non-existent, or failed-to-compile dependencies. I work in bioinformatics - everything is in python or perl. My life is pain.
575 comments
[ 6.9 ms ] story [ 432 ms ] threadI don't like getting everything on WiFi, too. OTOH I have ~30 devices on an VLAN isolated IoT WiFi network. This easily saved us a 4 digit expense and a lot of time(!) as opposed to installing new additional wire (redoing all the old ones was bad enough). Plus, I can do dumb stuff like control my office's window blinds individually, which is nice when only one of them has the sun blinding me while using the PC (temporary desk location due to ongoing renovations).
Reads like a quote from a Philip K. Dick book.
> Turns out, they found out an even more innovative time sync mechanism. When you open the UI in the browser, they quickly redirect you to "/set-time/" + Date.now(). This sets a global variable in the Node.js app responsible for "now".
(https://mastodon.social/@laplab/111789584104871367)
(Clearly that didn't pan out so well)
Here's a zigbee one: https://smarthomescene.com/reviews/tuya-zigbee-single-clamp-...
Here's one with an app: https://aeotec.com/products/aeotec-home-energy-meter/
You'll find many more if you search "clamp energy meter".
https://en.wikipedia.org/wiki/Jazelle
To this day, I refuse to use Java or anything on the Java ecosystem, like Clojure, or Groovy, etc.
JavaCard is a massively trimmed down version which is more a dumbed down C (with no standardization, little documentation and no third-party tool support) which is essentially Java reduced to basic arithmetic operator, an arguably saner, much trimmed down standard library focusing on cryptography and most importantly no GC.
https://www.ebay.com/itm/300495374337
Also, WebView is only part of the app, they used something else (which did not look like Android native UI) for the WiFi network picker.
[1] https://m1.material.io/
It actually looks like a reasonable system overall. Maybe a bit bloated on the node.js side (what isn't?), but I wonder if they just had that toolchain already in place/experience with it, even though it's overkill for the system as-is. Or maybe they just googled how to do networking and copy/pasted the top Stack Overflow answer that included Socket.IO.
Not an IoT hater. I've worked for IoT companies, and there's a lot of very smart embedded engineers doing very cool things in the space. But an old android tablet installed in the wall with a WiFI point? oh dear.
Didn't have a huge amount of interaction with the US side of things though!
-Alex (Micromuse 1997 to 2021).
In any case, I doubt they were actually using this Energy Manager thing anyway. The number one feature listed on websites selling these things is "Earn two code credits under the code for sustainable homes". I assume you do not need to teach people how to use the thing to earn these credits...
https://uk-metering.net/products/netthings-energy-manager
Most likely this is just a current clamp style meter. Most of these kinds of meters are.
https://uk-metering.net/products/netthings-energy-manager
OP might want to watch Louis Rossmann's video about buying things from Amazon.
https://www.youtube.com/watch?v=B90_SNNbcoU
I was further surprised that someone would be worried about installing the fuse. Is he also worried about plugging things in generally?
I HAVE to buy online electronic components, and usually it ends up being Amazon, because other national suppliers insist on charging $15 for courier shipping on a $2 part.
Every plug in Britain has a fuse, so they are about as easy to buy as replacement light bulbs. Probably on the same shelf.
Why is that? Is it a safety measure?
This means you don't have breakers for each branch circuit (there are no branch circuits), just the single mains breaker for the house. This single breaker is too large to trip from a short from occuring in the smaller wires inside an appliance.
So each plug (or hardwired device) needs it's own dedicated smaller fuse instead.
The second fuse at the plug allows using a narrower gauge of wire in the device’s cord. Let’s say you have a lamp with a 3A fuse, the cord only needs to be able to handle 3A, so then it can be lighter and cheaper. If it had to handle the same amperage as the circuit it’s plugged into then it would be seriously impractical and expensive.
Of course there are modern ways of solving this but fuses are dirt cheap and already implemented.
A fuse blowing is so rare I don't think they're worried by the inconvenience. It might happen every 5 years or more.
Lighting rings are also separate, usually on 6A breakers. We cheap out on cable by not running neutrals to the switches, which causes nerds headaches when they want to install generic smart light switches.
My house is reasonably large (worked hard, all my own money) and has a 20-way distribution board with separate socket and light rings for groups of rooms. It’s handy for isolation purposes.
More recent builds’ rings will be protected by a combination of MCBs and RCDs, or individual RCBOs (now the cost has come down) which combine the two functions and is ultimately the safest option for most situations.
Individually fusing plugs (and in the case of high-draw appliances like washing machines and dryers, protecting with a fused socket) is still a very good idea. And don’t get me started on earthing practices in other countries…
The combined load of all the kettles exceeds the rating of the extension cable.
With a fuse: the fuse in the extension cable plug blows, you buy another fuse, and learn some patience.
Without a fuse: the extension cable overheats and causes a fire, your house burns down, and worst of all you still don’t have any tea.
You would have to be a maniac to wire up a house without fuses or breakers.
> British household electrical systems are normally built as one large ring circuit, originally in order to save copper after WW2.
> This means you don't have breakers for each branch circuit (there are no branch circuits), just the single mains breaker for the house.
Each circuit would have a dedicated MCB (Miniature Circuit Breaker) which will trip if too much current is drawn. The standard MCB rating for a ring circuit in the UK is 32A.
Have you reported it to UL?
https://www.ul.com/resources/market-surveillance-departments
Thanks, that got a laugh out of me.
https://uk-metering.net/products/netthings-energy-manager
Some plugs don't make the fuse obvious, but the traditional values are 1A, 3A, 5A, 7A, 10A and 13A (iirc -- for some reason!)
There are actually many features of the British and European wiring system that I think are really quite good. The device is closely related to a "smart meter", which are being slowly rolled out -- the UI is similar to those rolled out nationally, but it's a bit different.
Keep exploring (and don't play with the mains!)
I've never seen 7A or 10A fuses, and I was the kind of boy to rummage through my grandparent's workshops. ..
> [...] all rewirable plugs shall be marked on the engagement surface with the rated current. All non-rewirable plugs shall be marked with the rated current of the fuse link fitted, which shall not exceed the value given in Table 2 for the appropriate size of flexible cord
Table 2 itself prescribes a maximum fuse rating of 3 A or "(5 A)" [see below] for a conductor cross-sectional area of 0.5 mm^2, and 13 A for all larger conductor areas (0.75, 1, 1.25, and 1.5 mm^2). It is entitled "Rated current and maximum fuse rating in normal use, and load for flexing and cord grip tests related to size of flexible cord"
> [...] The figure in brackets indicates the fuse rating when a non rewirable plug is used with certain types of equipment where the use of a 5 A fuse link is necessary because of the high instantaneous inrush current
So there we go, I think – we're all sort of right. Thanks for sending me down this rabbit hole!
[1] https://www.legislation.gov.uk/uksi/1994/1768/made
There’s a main input to the house which usually is around 15A-30A , then we’ve got multiple sublines with individual circuit breakers, typically 10A or 16A.
From a decarbonisation point of view it's a real challenge - the only current path to low carbon living is through electrification of heating, cooking and transport.
The "typical" contract is 3 kW, due to air conditioners becoming more common, many people upgraded to 4.5 kW (it was also possible, cannot say if it still possible now, to make a 3 kW contract with an upgrade only during three or four months in the summer).
Very few people (and very large houses) have a 6 kW contract.
The "fixed" part ("potenza impegnata" translatable to "committed power capacity") is a non thrifling part of the monthly (or every two month) electricity bill, so eveyone historically used the smallest possible contract (usually there is a 10% or 20% more allowed for peaks).
The electrical plant needs to be made (and certified) by a licensed electrician BUT (and here is the catch) only up to 6kW the electrician can make (and certify it) without the need of a project by an authorized technician, which adds some costs.
Additionally (of course it depends on the specific area) up to 6 kW it is considered "normal" and it is rare that the distributors asks for compensation (besides the increase in the bill, and an initial "fixed amount" ) whilst when you go up, it is not uncommon that you are asked a sum as a contribution for the works needed to upgrade the distribution lines.
For increasing from 3 kW to 6 kW it would be around 70 € x 3= 210 € + around 50 € + VAT and then around 22 € x 3= 66 €/year (again + VAT).
Stepping up from 6 to 10 (besides needing the project and re-certification) is not unlikely to cost several hundreds or a few thousands Euro.
Anyway, before the issues with the power needed for re-charging, few people have the "luxury" of a parking space or garage, I would presume that this is a bigger obstacle for electric car adoption.
Not surprising at all. I would expect that a lot of these are bought as retrofits, and not as a part of new construction. Running wires through existing walls can be annoying, and they don't want to put that barrier to sale in front of them. And you can get a good-enough WiFi chipset for a few bucks these days.
> I need a 3A fuse [...] After installation, I checked the temperature of the fuse multiple times during the day to get at least some indication that things are not going to get worse. It worked fine for a more than a week now, but I still do not recommend experiments like this to anyone.
Probably don't need to be so worried here. If it's a 3A fuse, the entirety of your apartment's mains power is not running through it. A 3A fuse would burn out in a fraction of a second if you tried to do that.
Also, oh, man, Jazelle. I'd forgotten about that. Hardware support for Java bytecode... that did not pan out well.
If it's a "3A fuse" that doesn't blow at 6A or worse, then it will get very hot (fire hazard) if/when there's a short regardless of the distance to the mains power.
If it truly is a 3A fuse, then great. If it's bought from Amazon then I doubt it's truly a 3A fuse.
So if you are "lucky" you can pass 12A though it no problem.
(Numbers make up for illustration.)
1) a dead short in the circuit. Fuse will blow pretty much instantly.
2) an overload on the circuit. Fuse will blow sooner or later depending on how great the load excess is. If the fuse is rated at 3A, it's not going to be fine at 2.9A and then instantly blow at 3.1A. You'd need actual current monitoring to do that.
And some fuses are "delayed" to allow an overload for a few moments, such as when starting a motor.
None of this disputes that Amazon is well known to sell garbage, and not just limited to fuses. That's why I don't buy anything there.
It isn't strictly necessary, as anyone here obviously knows, but it can be a cost-effective way to isolate the [electrical] pokey-bits from the [meat-based] pokey-bits, and to avoid loops when things go wrong.
Wireless has uses beyond just eliminating wires.
This never occurred to me, thanks.
he bought it on Amazon. He has every reason to be worried that it won't burn out. Louis Rossman did a video[0] where he put 8 amps through a 2 amp fuse and left the room for quite a long time, I think it was several minutes with 8a going through a 2a fuse.
[0]: https://www.youtube.com/watch?v=B90_SNNbcoU
> How long does it take for your 400mA multimeter fuse to blow at 600mA?
> The amazing unpredictability of fusing current ratings at low overloads.
It makes a point of saying that fuses are imprecise, i.e. that a fuse likely won't blow when 600mA of current passes through a 400mA fuse for a few seconds.
What Rossmann discovered was that fuses from Amazon took 4x the rated current for minutes. That's many orders of magnitude out of spec.
> That's many orders of magnitude
An order of magnitude is 10 times, in my timeline.
If it's supposed to blow in 0.1 seconds when overloaded by 4x, then taking 10 minutes is many orders of magnitude in my book. While that fuse is taking its sweet time, wiring or other components are being heated out of spec (16x more heat at 4x the current), potentially posing a fire hazard or damaging the device it's supposed to be protecting.
I think the only way for Amazon to stop organizing countraband would be if dozens of people die in each country and it makes a big media mess and public prosecutors finally rule that Amazon is responsible for mingling and smuggling the products in-country.
Which will impact all marketplaces, requiring Craigslist/Leboncoin/Gumtree to asses the liability of the sellers on the marketplace.
Which could be a good thing.
Hundreds maybe?
Otherwise you're up for a big surprise that all your TL081's are LM356 instead, or that mosfet you bought has 3x the Rds(on) than expected, or that your fuse doesn't work.
Another fun fact that is obvious from applying Ohm's Law - you can calculate the current flowing through a fuse by measuring the voltage drop. You can do the math yourself, or there are handy "fuse voltage drop charts" so you don't even have to use a calculator. Yes, this means that with a simple oscilloscope you now have a portable energy meter that requires zero rewiring. Ha, I accidentally brought us full circle :)
[0] https://web.archive.org/web/20240121052239/https://m.littelf...
Like other engineers at Big Tech, Amazon Engineers also read HN and the post in question happened to be on the HN front page around the lunch break of a work day, IIRC.
It’s easy to imagine one or more Amazon engineers internally pinging the team responsible for Amazon listings hence the appearance that Amazon was able to take down/hide those ChatGPT generated listings in less than an hour of it landing here.
It also makes it more convenient to compromise the device from across the street (or across town with a directional antenna). Though of course that's not a problem if your security is up to par and the device continues to receive regular security updates, and we can only surmise that the author has discovered a rare outlier in this space where that is not the case.
Just remember that the S in IoT stands for security :)
Have to reply to this, and my response was covered a bit by your statement of "security up to par".
Nothing should be considered secure. All those bug bounties are to entice black hats, into giving up juicy pre-0day vulnerabilities.
So just because a device is up to date with security updates, we all must understand, there are countless bugs unknown, needing to be patched, and often, being discovered by those that will never tell, never disclose, never report, and only use them for nefarious purposes.
This is why security is nothing without monitoring.
And why nothing is ever "safe", only likely "more safe" due to a security update.
Consider everything that is network connected as compromised. Everything.
This doesn't seem like useful advice.
If you know something is compromised, you're going to want to stop using it and build a clean system etc. You can't just do that continuously the instant you've built the new system.
Likewise, how does monitoring even work? Every device and app wants to phone home to some random server. The connection will be encrypted and even if it wasn't it could be some arbitrary custom protocol you'd have to spend several hours to reverse engineer. You could just block them all but that will cause massive breakage and possibly impair security when the thing you're blocking is whatever thing's security update mechanism.
What's a solution someone can actually use?
Understanding reality is always useful advice. Wishing reality isn't as it is, won't help.
The mindset I have described, is how one must view all electronics. Unsecure.
You may also understand that your devices are not secure, take steps to reduce risk, and so on.
Why do you think yubikeys are a useful thing? Or hardware crypto wallets?
Devices that reduce risk, that are designed with the thought that connected computers aren't secure, can never be secure.
Know where risk sits.
Or do we mean “low enough risk for this thing , here, now”? I prefer the latter, even if that implies that statements like “this thing is secure” are somewhat useless due to the subjectivity.
What do we do with our homes? Tradeoffs.
We put some valuables in banks, we keep some at home. We insure precious items, if we do have them. We curse when burglars steal from us.
We also install curtains so people outside cannot look at us and at what we are doing at home. There are several level of protections to do the same thing for networks and devices. Of course vulnerabilities mean that they are not perfect. Curtains are not perfect too. Add to that imaging through walls with WiFi or mobile network signals, but that's still fringe at best even if you should read https://news.ycombinator.com/item?id=37469920
So, tradeoffs and be conscious of them.
Exactly what I was thinking! What luck that the author found the single IoT device out there that's a cobbled together piece of bodged electronics designed by a graduate from a webdev bootcamp with a Corel Draw focus. A device that, while only ~15 years old is not only hopelessly useless, but also obsolete and insecure.
It's a good thing all other consumer IoT device manufacturers think about and prioritize security, longevity! Also, that customers nowadays are more focused on installing something fit-for-purpose and sustainable once than buying the cheapest shit possible with the blinkiest LEDs.
I shudder to think about how long they tried to get the string-and-cups based telephone to work in my building until the 1930's when they installed the copper still used today for DSL. Or how terrible the paper-straw based water system must have been up to the 1890's when they realized investing in metal pipes has advantages. So glad the days of short-term thinking are behind us.
- Can we solve this with some companies dedicated to maintaining simple code (1 probe, 2 charts for each IoT, or more if the IoT subscribed for more) multiplied by 10k different IoT objects over 30 years?
- How would upgrading all of them look like? Can we batch the upgrade of NPM’s package.json? Can we define a minimum toolset, say NPM+Next+React, for long-term support?
- How can we keep software engineers passionate for that software over dozens of years? Can the challenge of upgrading and migrating to newer frameworks and applying security upgrade be ever a trove of genius and a competiton of the best hacks?
For the moment, when it’s done, it’s all GitHub Actions. Released in 2018. Well, not a good start. Plus everyone has a different pile of … in their actions, it’s all custom code, nothing is standardized, and each new IoT requires a new guy writing new ones.
- Is this already done in some part of OSS (openWrt?) and how do they deal with the boredom of engineers?
And for a device like this -- a rare one where it seems they sold it without any kind of online subscription service -- their goal is to sell units, and telling people they'll have to cut holes in their walls and run wires (for most people this probably means hiring someone) is certainly going to sell fewer units.
I'd love someday to learn more about why Jazelle failed.
The first SoC I worked on almost 20 years ago was built around an ARM926EJ-S, just like in the story. It was built for Nokia, who used Symbian OS [1], and supported user-installable apps written against Java Micro Edition [2].
The utter mess of Symbian's app discovery and installation, I suspect, was a prime reason Apple created their App Store for the iPhone.
Nevertheless, the fundamental concept of HW-accelerated Java apps doesn't sound crazy. What happened? Were they just stuck with a sinking ship, Symbian?
[1] https://en.wikipedia.org/wiki/Symbian
[2] https://en.wikipedia.org/wiki/Java_Platform,_Micro_Edition
As someone who was too young to be paying any attention during this time, what were some of the reasons this didn’t pan out? Java seems so dominant looking back that I’m surprised something like this wouldn’t have been a success.
> Small code is also important [for a simple single-issue in-order core]. A small microcontroller core may be as small as 10KB of SRAM (static random access memory). A small decrease in encoding efficiency can dwarf everything when considering the total area cost: If you need 20 percent more SRAM for your code, then that can be equivalent to doubling the core area. Unfortunately, this constraint almost directly contradicts the previous one [about decoder complexity]. This is why Thumb-2 and RISC-V focused on a variable length encoding that is simple to decode: They save code size without significantly increasing decoder complexity.
> This is a complex tradeoff that is made even more complicated when considering multiple languages. For example, Arm briefly supported Jazelle DBX (direct bytecode execution) on some of its mobile cores. This involved decoding Java bytecode directly, with Java VM (virtual machine) state mapped into specific registers. A Java add instruction, implemented in a software interpreter, requires at least one load to read the instruction, a conditional branch to find the right handler, and then another to perform the add. With Jazelle, the load happens via instruction fetch, and the add would add the two registers that represented the top of the Java stack. This was far more efficient than an interpreter but did not perform as well as a JIT (just-in-time) compiler, which could do a bit more analysis between Java bytecodes.
> Jazelle DBX is an interesting case study because it made sense only in the context of a specific set of source languages and microarchitectures. It provided no benefits for languages that didn't run in a Java VM. By the time devices had more than about 4MB of RAM, Jazelle was outperformed by a JIT. Within that envelope, however, it was a good design choice.
> Jazelle DBX should serve as a reminder that optimizations for one size of core can be incredibly bad choices for other cores
So: a decent JIT works better if you can afford the overhead of the JIT. Jazelle was only a good idea in a very brief period of time when this wasn't true, and even then only if you insist on running a Java VM.
[0] https://queue.acm.org/detail.cfm?id=3639445
The same thing happened to Java in hardware. It seemed like a good idea at the time because it allowed developers to target a language they were already familiar with, and present an alternative to Wintel -- especially when you realize that Java was all the rage as a sort of universal programming environment, and in particular J2ME was a big deal for proto-"smart" phones before the iPhone came along. But embedded Java didn't really pan out, memory and CPU time got cheaper, and compiler and JIT tech improved to the point where there was just no benefit to adding the hardware it took to decode Java instructions. So Jazelle was deprecated and replaced with something called ThumbEE, which was a more generic framework based on ARM's Thumb instruction set for running code for an abstract machine, providing features like automatic null-pointer checking and that. Like you could set up a ThumbEE environment for running Python or .NET code in addition to Java. Nowadays even ThumbEE is deprecated. Neither feature appears in ARMv8 processors, for instance.
I laughed at this. Changing a fuse is… a bit scary? They literally teach this in elementary school in the U.K. - or they did. As you say, no need to fretfully check the fuse - either it blows or it doesn’t, and you’ll know when it does. At least he didn’t find the receptacle holding a dead fuse, carefully wrapped in the ceremonial aluminium shroud of eternal life and certain death, which is a crime I may have committed in my younger, more fire-prone years.
I find it interesting how uncomfortable some people are outside of their comfort zones - but then I am a person who spends his life sticking his nose in stuff he has no business with.
I feel like I was at the tail end of when it was ok to experiment with technology as a kid and teen. The early '00s brought much more in the way of disposable, locked-down devices. Kids growing up today (despite the educational push of orgs like the Raspberry Pi Foundation) are presented with hermetically-sealed devices that present a sanitized interface. Manufacturers explicitly don't want their customers taking things apart, discovering how they work, or tinkering with them in any way... and often even try to put legal barriers in place to keep people from doing stuff like this.
This is a far cry from when I was very young (and before I was born) when computers and kits would come with full schematics and datasheets!
https://www.bbc.co.uk/bitesize/guides/z6r37nb/revision/6
> C in IoT stands for “cost-effective” I guess
but it's actually C for cableless.
I thought that passwordless SSH is actually a good idea in general for servers? Assuming, that is, that the public/private key login mechanism is used as the alternative to passwords.
I laughed out loud at this part. Some things never changed I guess.