
How Azure Sphere Ensures IoT Security Within a 4MiB Linux Stack - pantalaimon
http://linuxgizmos.com/how-azure-sphere-ensures-iot-security-within-a-4mb-linux-stack/
======
walterbell
(nested 2 links from OP)

[https://m.seeedstudio.com/productDetail/3052](https://m.seeedstudio.com/productDetail/3052)

 _> This Azure Sphere development kit can be only used for prototyping. It
cannot be built into a product for commercial distribution. It cannot be re-
sold or used as part of a production environment ... The software included in
this product contains copyrighted software that is licensed under the GPL,
LGPL or other open source license_

Can GPL software be restricted by use case?

 _> To use the MT3620 Dev Board for Azure Sphere, you’ll need a Windows 10 PC_

What's the timeline for allowing use of Ubuntu or Red Hat Linux to develop for
Microsoft Linux with Azure Sphere?

~~~
jack12
It requires you to click a checkmark box for "I agree to the restrictions" to
add it to your cart. I suppose that's what they consider to be restricting
your usage to their approved use cases, not copyright.

~~~
walterbell
That link is blue (similar to hyperlink) but it doesn't have Terms &
Conditions or other text that defines a legal agreement. Unclear what is being
asked or agreed.

~~~
jack12
Only _after_ you've agreed to it does it popup the text "This development
board can be only used for prototyping, it cannot be built into a product for
commercial distribution. It cannot be re-sold or used as part of a production
environment."

I suspect adding anything about restrictions was a last-minute job for Seeed,
and it's probably not something given too much effort on their part.
Realistically, an $85 devboard isn't going to end up being built into
production items. And they're probably going to be a low enough quantity item
for Seeed that they can manually look into any instances where someone has
ordered more than 3 or 4 and just stop sending any more to them if it really
rises up to being enough of a problem for Microsoft to complain.

------
munin
I think the big win is that now instead of every IoT company trying to figure
out how they can update endpoint devices, the company that has been doing
endpoint device updates for 20 years will give it to you as a service if you
use their platform.

~~~
dvh
I'm gonna repost comment made by niftich year ago because it's spot on:

    
    
        Internet of Things isn't about people hooking up jailbroken Kindles to 
        one-way mirrors to show the weather. It's not about Ardunios and
        Raspberry Pis being used to collect some data, move some servos, 
        and make a blog post about it. It's about big money to be made 
        by introducing new monetization channels in places there were none before.
    

(For some reason I was downvoted -4 last time)

~~~
vezycash
I think this definition is too limiting. I do agree with data collection part
though.

Webcams, thermostats, bulbs, wrist watches, tv...

Basically any electronics we have used since forever without issues would now
need to be connected to the internet. Mostly for zero consumer benefit.

For most of these, Ardunios and Raspberry PIs would be overkill.

------
pjmlp
> Linux can be made to run — just barely — in as little as 4MB of RAM

Yep we have come a long way from Slackware 2.0. How times change.

I have been following Azure Sphere since the early days, but what I still miss
from all available documentation and presentations, is what Microsoft is doing
at C level for a platform whose selling point is security.

I would expect them to take this opportunity to push Checked C, or hardware
pointer tagging (like on SPARC) into mainstream.

~~~
crawshaw
There is indeed some work on memory tagging happening on ARM, including a new
hardware extension. This (excellent) talk covers it:
[https://cppcon2018.sched.com/event/FnJs/memory-tagging-
and-h...](https://cppcon2018.sched.com/event/FnJs/memory-tagging-and-how-it-
improves-c-memory-safety)

So it is not impossible Azure Sphere would explore it.

~~~
pjmlp
Thanks for the heads up.

------
amaccuish
> Initially, the Azure Sphere OS team tried using SSH server with a fixed root
> password for security

Umm, what??

~~~
3pt14159
It's so bad out there Alex.

Tanks are running around with hardcoded admin passwords and most devices use
unencrypted, unauthenticated busses. Often multi-master.

Why? Because it's easier.

That's it.

And for a while it was fine because bridgeware wasn't a thing and we hadn't
started connecting everything to the internet.

~~~
pjmlp
Morris Worm happened in 1988 thanks to C's "security features", yet little has
been done, beyond putting band aids on top of band aids.

Maybe I get to see some kind of "Safe C" actually being adopted in the UNIX
world, before the 50 years' anniversary of the Worm.

~~~
noir_lord
50 years from 1988 is 2038, I think we'll all be busy running around trying to
figure out if we have anything still running on 32bit hardware ;).

~~~
pjmlp
I was being sarcastic as I am sceptic about the industry at large actually
caring about without a couple of massive lawsuits.

Cheap always trumps quality unless there are some legal requirements going on.

------
4ad
So what is Azure Sphere? I read their website and I tried _really hard_ to get
past the corporate bullshit speak, but in the end I had to give up. It's just
meaningless mumbo-jumbo.

So what is it, exactly? Something to do with IoT and cloud... but what??

