Email or username:

Password:

Forgot your password?
Top-level
Meh as a Service

@JessTheUnstill @dalias @drazraeltod true, which is why requiring the unlock on EOL is a more "reasonable" demand (as in, will receive a less extreme lobbyist pushback).

The problem is when EOL of a device corresponds to EOL of the manufacturer. Can't really force a bankrupt entity that has long fired its engineers to unlock anything.

Perhaps the requirement should be to provide secret unlock instructions as a part of a device certification process. But then of course the repository of these secrets becomes a massive attack target.

Still, the amount of e-waste that could easily serve a new purpose if there was any documentation at all is infuriating.

🤔

2 comments
Jess👾

Most of the time, the update to unlock the firmware wouldn't be especially technically complicated. It just requires access to the source code, build pipeline, and signing keys. So even if it's not kept in a central repo, if codified in law that it is a priority liability against the company assets if they declare bankruptcy to provide access to that information and fund a consultant to compile the firmware update, it wouldn't take all that long per device to compete.

Think when a company that holds toxic waste goes under - there's still liability to remediate it that carries on to whomever buys up the assets, and beyond some point it becomes a Superfund site to remediate.

@virtulis
@dalias @drazraeltod

Most of the time, the update to unlock the firmware wouldn't be especially technically complicated. It just requires access to the source code, build pipeline, and signing keys. So even if it's not kept in a central repo, if codified in law that it is a priority liability against the company assets if they declare bankruptcy to provide access to that information and fund a consultant to compile the firmware update, it wouldn't take all that long per device to compete.

Jerry Orr

@virtulis @JessTheUnstill @dalias @drazraeltod reminds me of how nuclear power plants are required to set aside funding for decommissioning the plant before they are allowed to build it. Obviously there are differences with the risk of software key leaks, but it’s a similar concept

Go Up