
California IoT Cybersecurity Bill Signed into Law - howard941
https://www.securityweek.com/california-iot-cybersecurity-bill-signed-law
======
qalmakka
There is no way around it, IoT will never be feasible until companies start to
take updates seriously. Slapping a fully upgradable, WiFi-enabled Linux-based
firmware on appliances whose usable life spans several years if not decades
(haven't changed my fridge in more than 15 years) can lead to disastrous
consequences if the manufacturer stops providing security updates (something
they totally do not care about, as they've shown with their android devices).

I don't see how this could be solved without a fully open platform like the
PC, where a third-party company (like MS on the PC) can ship a whole OS on
every single machine without having to develop a custom firmware image because
thanks to standards.

~~~
ciconia
Why would you need Linux on your fridge? Besides, I think the whole point of
sticking IoT stuff on kitchen appliances _is_ planned obsolescence.

~~~
qalmakka
Everything embedded runs either Linux or Android (still Linux) nowadays.

~~~
colejohnson66
Doesn’t mean it’s necessary

~~~
ArchTypical
Your response isn't necessary, so what? The discussion is about dealing with
the existing reality of devices utilizing an OS layer.

------
LinuxBender
Having glanced over the bill, I see too many phrases and words that make the
bill optional. Also, it uses the word reasonable, as it pertains to security.
That is entirely subjective and not defined in the law.

Are there any lawyers on HN today that can correct my interpretation that this
law has no teeth and no actionable items?

