Windows on ARM

[hippy]

What I do know is I could hang my Raspberry Pi and require a power-cycle reset just by plugging a Pico in which puts itself into a reboot loop using two lines of MicroPython. That's not something likely to happen with an ATM but it does make me question the reliability of Linux and its drivers.

Have you submitted a bug report?

Not as such. I first raised it here - May 2021 - viewtopic.php?t=311692

And addressed why I couldn't report it myself here - Oct 2022 - viewtopic.php?p=2043912#p2043912

That then descended into into a discussion on why I couldn't report it with the most pertinent authoritative comment being "Then it won't be on the list to fix".

I didn't report it. If no one else has cared to report it then I presume it's not on the list and won't get fixed, won't get propagated to whoever needs to fix whatever is causing the issue.

[Anonymous]

What I do know is I could hang my Raspberry Pi and require a power-cycle reset just by plugging a Pico in which puts itself into a reboot loop using two lines of MicroPython. That's not something likely to happen with an ATM but it does make me question the reliability of Linux and its drivers.

Have you submitted a bug report?

Not as such. I first raised it here - May 2021 - viewtopic.php?t=311692

And addressed why I couldn't report it myself here - Oct 2022 - viewtopic.php?p=2043912#p2043912

That then descended into into a discussion on why I couldn't report it with the most pertinent authoritative comment being "Then it won't be on the list to fix".

I didn't report it. If no one else has cared to report it then I presume it's not on the list and won't get fixed, won't get propagated to whoever needs to fix whatever is causing the issue.

It sounds like that could generate an "interrupt storm" type of scenario which might be very hard to deal with short of a HW workaround?

[MikeDB]

Someone with a Windows PC can argue developing for a Pico on Windows is a lot easier than having to buy a Pi and everything which goes with that, which requires installing an entire operating system and gigabytes of tooling, can argue that using native Windows tools or installing the required Linux tools in WSL under Windows is much easier and provides a better experience.

Linux tools in WSL is possibly the worst solution of all and I can't see what that would achieve. One usually develops under Windows because all the other tools needed for your embedded development run on it so you have a fully integrated toolset from concept to production. If you are just doing a small standalone Pico project then buying a Pi4 is probably easiest as it works and was developed by people who understand Linux on Pis very well but seem to have little idea about how embedded development under WIndows is usually performed.

As you rightly say, there is rarely a universal solution which will suit everyone.

[hippy]

I was more considering a Windows using maker who is willing to use the tools provided rather than a Windows using professional embedded developer who wants tools which fit with their usual and established workflows. Problems there I consider a separate issue.

For most Windows using makers it should be no more difficult to get started with RP2040 development than downloading and running the Pico SDK 1.5.0 Windows Installer, clicking the appropriate Start Menu item to launch VS Code, and their being good to go.

[hippy]

It sounds like that could generate an "interrupt storm" type of scenario which might be very hard to deal with short of a HW workaround?

Possibly. But we'll never know until someone investigates what the cause of the 'use-after-free' is.

[memjr]

Linux tools in WSL is possibly the worst solution of all and I can't see what that would achieve. One usually develops under Windows because all the other tools needed for your embedded development run on it so you have a fully integrated toolset from concept to production. If you are just doing a small standalone Pico project then buying a Pi4 is probably easiest as it works and was developed by people who understand Linux on Pis very well but seem to have little idea about how embedded development under WIndows is usually performed.

As you rightly say, there is rarely a universal solution which will suit everyone.

The entire world moved to automating everything. It's very easy to do with Linux tools. When it came to doing the same with Wkndows, nope. All those bash scripts you have running in your enterprise that you can just use in any linux server you want? You can use those in Windows.

So MS came up with WSL, to try to calm down everyone that complained they could automate their entire enterprise with tools that came with their OS, but when it came to do the same with Windows, it had to be done with entirely different tools.

For a while it was not too much of an issue. But then everything started to go cloud and containers and all of that stuff in the clouse sits on top of linux, including a gargantuan amount of MS data centers. So eventually they had to give in.

For years people had been asking for SSH to/from windows and you had to find 3rd party tools for it. It was not until WSL come out and adopted as a god sent thing by everyone* and MS decided to them make OpenSSH part of a windows install too.


* Yes, WSL was supposed to be great and it is to a certain extent. The problem is people using it for everything because they can, an not only for the things that they should.

[MikeDB]

The entire world moved to automating everything. It's very easy to do with Linux tools. When it came to doing the same with Wkndows, nope. All those bash scripts you have running in your enterprise that you can just use in any linux server you want? You can use those in Windows.

You are talking about servers and the like. I am talking about embedded software development. Totally different scenarios.

If I was running applications on large scale servers of course I would use Linux - it's the right tool for the job. But for large scale embedded software development Windows is the only solution that covers all the bases.

[MikeDB]

I was more considering a Windows using maker who is willing to use the tools provided rather than a Windows using professional embedded developer who wants tools which fit with their usual and established workflows. Problems there I consider a separate issue.

For most Windows using makers it should be no more difficult to get started with RP2040 development than downloading and running the Pico SDK 1.5.0 Windows Installer, clicking the appropriate Start Menu item to launch VS Code, and their being good to go.

Agree that would be nice, and indeed the way every other MCU OEM in the world does it. But as we've seen RPL's RP2040 Windows development system has not been good, starting of course with using a different IDE to every other OEM.

[memjr]

The entire world moved to automating everything. It's very easy to do with Linux tools. When it came to doing the same with Wkndows, nope. All those bash scripts you have running in your enterprise that you can just use in any linux server you want? You can use those in Windows.

You are talking about servers and the like. I am talking about embedded software development. Totally different scenarios.

If I was running applications on large scale servers of course I would use Linux - it's the right tool for the job. But for large scale embedded software development Windows is the only solution that covers all the bases.

No, not just servers. Desktops too. The idea of automation is not just for servers. Patching large amounts of dekstops can easily be done by scripting too, for example. Compiling stuff. A lot of stuff that runs in the cloud is not just a server running something.

The point is, if you had a solotion that fit both windows and linux, sql allowed you to use one set of scripting tools to handle both, instead of writing things in bash and another in powerhshell or batch files.

It is actually a sad joke how much easier it is to deploy some of the MS stuff with linux and shell scripts when compared to doing the same in Windows and Powershell.

I've been installing SQL Servers since early 90s. MS had 3 decades to get that installer right. The linux install, patching and post install costumizatilon is breeze to get done. The same in Windows is still horrible after 30 years.

[MikeDB]

No, not just servers. Desktops too. The idea of automation is not just for servers. Patching large amounts of dekstops can easily be done by scripting too, for example. Compiling stuff. A lot of stuff that runs in the cloud is not just a server running something.

What you are describing is how an IT department operates and you have obviously never been involved with an R&D environment where IT aren't allowed anywhere near the development computers. The sort of things you describe simply do not happen in developing embedded products. Certainly nothing uses SQL, bash or so on. Any updates to the OS, compilers or support tools are done on a per-project basis, and often only at the end of a project when the hard drives/SSDs are removed and archived.

And most importantly of all, around half of the tools used are only available on Windows, or occasionally Macs.

[ejolson]

No, not just servers. Desktops too. The idea of automation is not just for servers. Patching large amounts of dekstops can easily be done by scripting too, for example. Compiling stuff. A lot of stuff that runs in the cloud is not just a server running something.

You have obviously never been involved with an R&D environment. These sort of things simply do not happen in developing embedded products. Certainly nothing uses SQL. Any updates to the OS, compilers or support tools are done on a per-project basis, and often only at the end of a project when the hard drives/SSDs are removed and archived.

For embedded devices that are network connected the idea of not updating the software tools or libraries on a regular basis does not sound like a reasonable security practice. From this point of view manual ways of developing embedded software need to be augmented with scriptable build systems that allow the device to be kept up to date.

Back on topic, Microsoft has certainly understood the need not only to make a shinier shovel to dig with but to allow automated tools do the digging. Since shovels require less training to use, the historical focus has been on polishing the shovel. This allows many people to make inefficient use of a computer.

The need to allow efficient use of the computer by some people became a priority because of widely available alternatives like Linux. This lead to power shell, scriptable administration tools and WSL.

Microsoft Windows for ARM has the potential to broaden the monoculture of Linux on single-board computers. That may a good thing or it might not. Variety is nice when deciding what to eat, but software incompatibilities are in general less appetising.

[Gavinmc42]

From this point of view manual ways of developing embedded software need to be augmented with scriptable build systems that allow the device to be kept up to date.

What does kept up to date mean?
Fix bugs?
Good embedded firmware just works without needing to be "update" or fixed.
A general purpose software operating system has 10,000+ of files and dependencies.
A specific embedded software system should only require a kernel with maybe a few files.

For embedded IoT I don't see a reason for bloated software for just doing a simple thing like temperature monitoring.
Re-purposing a general operating system to do this is lazy and bad security.

[Anonymous]

It sounds like that could generate an "interrupt storm" type of scenario which might be very hard to deal with short of a HW workaround?

Possibly. But we'll never know until someone investigates what the cause of the 'use-after-free' is.

I had only looked at the second link which pretty much devolved into ad-hominem attacks because you had not fully embraced Stallman's Manifesto. I'm impressed the tone of your posts remained cool.

Yes, "use-after-free" surely sounds either HW error or human (programmer) error. Leaving the issue on the floor is less than ideal.

[ejolson]

From this point of view manual ways of developing embedded software need to be augmented with scriptable build systems that allow the device to be kept up to date.

What does kept up to date mean?
Fix bugs?
Good embedded firmware just works without needing to be "update" or fixed.
A general purpose software operating system has 10,000+ of files and dependencies.
A specific embedded software system should only require a kernel with maybe a few files.

For embedded IoT I don't see a reason for bloated software for just doing a simple thing like temperature monitoring.
Re-purposing a general operating system to do this is lazy and bad security.

For me up to date means do not deploy firmware built with components that have known security problems. This has nothing to do with how complicated the firmware is but more whether the build system includes the automation needed to rebuild and test new firmware in a convenient and timely fashion.

You'd think something like temperature monitoring would be easy, but as soon as one connects a device to the Internet someone will figure out a way to exploit anything that can go wrong. Thus, not providing updates for an IoT device could lead to hacks that do something unexpected in additional to temperature monitoring.

The vulnerability of IoT devices is a well documented problem, for example,

https://www.cm-alliance.com/cybersecuri ... rabilities

How this relates to Windows on ARM is that if Windows is used to host the development of embedded software, modern practice would make building and testing new firmware automated in as convenient way as possible so that updates can be provided in a timely fashion when security problems are discovered.

[Anonymous]

I thought IoT was a concept, not a specific implementation? Any set of devices exchanging physical data over the Internet. Or is IoT TM'd and owned?

Are IoT devices somehow less secure than, say, a laptop?

[ame]

Are IoT devices somehow less secure than, say, a laptop?

The "S" in "IoT" stands for "security".

[MikeDB]

You have obviously never been involved with an R&D environment. These sort of things simply do not happen in developing embedded products. Certainly nothing uses SQL. Any updates to the OS, compilers or support tools are done on a per-project basis, and often only at the end of a project when the hard drives/SSDs are removed and archived.

For embedded devices that are network connected the idea of not updating the software tools or libraries on a regular basis does not sound like a reasonable security practice. From this point of view manual ways of developing embedded software need to be augmented with scriptable build systems that allow the device to be kept up to date.

What network connection ? The embedded systems themselves generally run on their own network during development, and then use a private network when in use. Most embedded systems are not IoT, despite that being what everyone goes on about nowadays. About half of our products include their own webserver to a tablet or phone so there is no external 'push' access. Updates are done only on the user initiating one, with an automatic fallback mechanism for if (when) they get it wrong. The products that do have some form of direct external access we have to rely on WindRiver getting the security right, and generally their update interval is longer than a project, but again we ask the user to initiate the update, not perform it for them automatically. That is actually the one thing I hate about Windows - waking up to find a rebooted PC.

Whenever you update a toolset, something breaks. Always has, always will. It's usually not the tool itself that breaks, but the interconnects to other tools, which are scripted of course, but often aren't/can't be tested by the tool supplier. Indeed when for instance Microsoft update Visual Studio, you don't want to update it until every other tool it interfaces with has their update ready, otherwise you aren't developing your project but helping the third party fix theirs.

Better to update everything to the latest version at the start of the project then hold it there until release, or if it's a very long project, plan to update everything on a set day and plan for up to a week of getting everything back to working. But for most tools there simply isn't any need to do so. Old versions of Visual Studio, ARM Compiler, MATLAB, Spice or PCTools aren't going to produce wrong results. The new version of the PCB design tool won't design a better PCB. The previous versions of the thermal and EMI tools don't suddenly not simulate things correctly. Actually the only tool that does need regular updating is Xamarin, as new sub-versions of Android do appear quite regularly, but often adding support for the latest release is best done at the end of the project once the device itself is proven and debugged and the pilot run is in manufacture.

[hippy]

Are IoT devices somehow less secure than, say, a laptop?

They shouldn't be and need not be but the way an IoT product is implemented can make it so.

The problem seems to me to be an issue of having minimised costs or maximised profit as the priority rather than security. To achieve either one can end up cutting corners, doing things which shouldn't be done, not doing things which should be done, and that can create security weaknesses.

That can manifest itself as services, servers and other software left in a final product which may be exploitable when they wouldn't be if they weren't there. Software may get used which is more buggy than it should be. Testing may not be as comprehensive as it could be. Weaknesses in design, bugs and flaws, may not be acted upon and may be ignored.

Additionally product may ship with hard-wired, default or guessable credentials, may rely upon security by way of obscurity, which can mean that once one device is cracked, many, most, or all have been. Mitigation against discovering credentials may not be as good as it could be.

That may be done to minimise costs, maximise profit, or simply to make things easier for the customer.

It's not a new problem but the increase in the number of IoT products deployed these days makes it a bigger one. In the Good Old Days such flaws in security were a godsend for hobbyists and makers, allowing them to do things a manufacturer never intended. These days they expose users of such device to risk they may not be aware of. Back in those Good Old Days, those looking for and exploiting security weaknesses were usually doing so on their own equipment, just for fun, or without malicious intent. These days they may be determined criminal gangs looking to profit themselves and exploit others.

The bottom line is that IoT doesn't have to be any less secure than any other system exposed to the internet and outside world, but it often can be.

But one can't solely blame the manufacturers. When purchasers demand the lowest price, choose product which is cheapest, that usually disadvantages those who do security properly, encourages not doing it properly. One way to get round that is to legislate for minimum standards to level the field but that will be opposed by consumers who don't want to pay more, manufacturers who don't want to lose their advantage from not being as secure as others, and, increasingly these days, insistence from some that it's an essential freedom to have and use product which isn't as secure as it could or should be, and that anything which stands in the way of that is fundamentally wrong, even evil.

[Anonymous]

One way to get round that is to legislate for minimum standards to level the field but that will be opposed by consumers who don't want to pay more, manufacturers who don't want to lose their advantage from not being as secure as others, and, increasingly these days, insistence from some that it's an essential freedom to have and use product which isn't as secure as it could or should be, and that anything which stands in the way of that is fundamentally wrong, even evil.

Thanks for the explanation. My hope for legislation contributing to forward movement, here in the ole USA, is pretty low, for a myriad of reasons.

[ejolson]

One way to get round that is to legislate for minimum standards to level the field but that will be opposed by consumers who don't want to pay more, manufacturers who don't want to lose their advantage from not being as secure as others, and, increasingly these days, insistence from some that it's an essential freedom to have and use product which isn't as secure as it could or should be, and that anything which stands in the way of that is fundamentally wrong, even evil.

Thanks for the explanation. My hope for legislation contributing to forward movement, here in the ole USA, is pretty low, for a myriad of reasons.

The legislation typically proposed is a sequence of checkboxes that when followed relieve the manufacturer from any liability when things turn out to be insecure. This provides a legal shield against the possibility of holding the manufacturer liable for damages when their product turns out insecure. It's not clear such legislation would increase security, at least to me.

Note also that the idea to secure the perimeter of a private network so the devices inside don't need security--the eggshell approach--is likely to fail.

Interestingly, the RP2040 has enough RAM and CPU to securely encrypt any network connections; however, I'm not sure it runs Windows for ARM.

[hippy]

One way to get round that is to legislate for minimum standards to level the field but that will be opposed by consumers who don't want to pay more, manufacturers who don't want to lose their advantage from not being as secure as others, and, increasingly these days, insistence from some that it's an essential freedom to have and use product which isn't as secure as it could or should be, and that anything which stands in the way of that is fundamentally wrong, even evil.

Thanks for the explanation. My hope for legislation contributing to forward movement, here in the ole USA, is pretty low, for a myriad of reasons.

The legislation typically proposed is a sequence of checkboxes that when followed relieve the manufacturer from any liability when things turn out to be insecure. This provides a legal shield against the possibility of holding the manufacturer liable for damages when their product turns out insecure. It's not clear such legislation would increase security, at least to me.

Legislation intended to shield manufacturers from liability will of course not increase security nor protect consumers.

But I am not sure who is proposing such legislation which you label as typically proposed. Perhaps you could enlighten us ?

I am not well versed in what the UK and EU have proposed on IoT security but it seemed to me that both were treating the issue as a consumer protection issue rather than providing some sort of 'get out of jail' card for manufacturers.

Bringing in laws and establishing a UK regulator which can investigate companies, recall products, impose fines of £10 million or 4% of turnover, would seem to be a serious case of government gaslighting if that were the case.

The UK plans have already been taken seriously enough to have had an impact on manufacturers as we have seen with Raspberry Pi themselves ending the default use of the "pi/raspberry" credentials for Raspberry Pi OS. Other manufacturers of IoT and covered products are said to have followed suit, with importers and distributors taking steps to ensure they and all they handle complies with the proposed legislation.

At least in the UK and EU it appears concrete steps are being taken to improve IoT security.

[Anonymous]

Legislation intended to shield manufacturers from liability will of course not increase security nor protect consumers.

But I am not sure who is proposing such legislation which you label as typically proposed. Perhaps you could enlighten us ?

This sounds like what we see more and more in the US, both in attitude and action. The increase seems to be related to the mainstreaming of Libertarian ideas, but perhaps that’s a circumstantial correlation.

So my suspicion is “typical” refers to “typical in the US” - perhaps a sufficient stopgap until ejolson responds?

[MikeDB]

Legislation intended to shield manufacturers from liability will of course not increase security nor protect consumers.

But I am not sure who is proposing such legislation which you label as typically proposed. Perhaps you could enlighten us ?

I am not well versed in what the UK and EU have proposed on IoT security but it seemed to me that both were treating the issue as a consumer protection issue rather than providing some sort of 'get out of jail' card for manufacturers.

The EU proposal is that all software has to be CE marked to meet reasonably expected standards. A company can self-certify that they meet those standards, in which case they are liable for major fines if they are found to not meet those standards, or if they use a certification house then liability passes to an insurance policy you purchase with the certification. How much that insurance will cost remains to be seen.

What the reasonable standards are is still under debate, but if it's easy to hack into a device then that is obviously a failure. Note that this is for ALL software, not just that in IoT devices. Hopefully this will see the end of half-tested releases from major software companies, but obviously software costs will increase.

Open source software will need to be CE marked, and those providing it will need to certify in some manner and buy some form of insurance policy, presumably by crowd-funding, but obviously they will only be held responsible for their code as released, not any modifications made by third parties. Generally the way these organisations propose and control software updates using Github or similar should indicate reasonable care has been taken.

Quite what US sourced software will do remains to be seen. Some will obviously withdraw from the European market, whilst others will go the full compliance route. But obviously RPL will have no alternative but to acquire a CE mark for RaspOS as the UK usually follows EU rules such as this post-Brexit, and I assume a major part of their sales are to Europe.

More details are available on europa.eu if you have an account.

[bls]

Are IoT devices somehow less secure than, say, a laptop?

The "S" in "IoT" stands for "security".

Subtle

[memjr]

That is actually the one thing I hate about Windows - waking up to find a rebooted PC.

It's been a while since I ran a non pro/enterprise version of windows, or whatever they call it these days. So I do not know if this is possible anymore in a home edition of windows, but in the last win 10 box I ran, I disabled the update service. Updates were done on demand with a script I ran manually once in a while at a time I did not care if the machine rebooted or not.