In 2008, Telstra Chief Scientist Geoff Huston wrote an informative and important retrospective on the shifts in internet technology since 1998; now, ten years later, he's written another one, tracing the remarkable shifts (and weirdly unbudgeable technological icebergs) in the past decade's worth of internet changes, advances and retreats.
Huston's analysis steps through the seven layers in the OSI stack, beginning with changes in the physical infrastructure (massive improvements in optical signalling, more and better radio, but we're still using packet-sizes optimized for the 1990s); then the IP layer (we're still using IPv4!); routing (BGP is, remarkably, still a thing — on fire, all the time); net ops (when oh when will SNMP die?); mobile (all the money is here); end-to-end transport (everything is about to get much better, thanks to BBR); applications (Snowden ushered in a golden age of crypto, CDNs are routing around stupid phone companies, and cybersecurity is a worse dumpster fire than even BGP) and the IoT (facepalm).
Huston uses the perspective of two of these retrospectives to make some predictions for the coming decade: faster computers, higher throughput, and beyond that, whatever "an enthusiastic consumer market place that is readily distracted by colourful bright shiny new objects, and easily bored by what we quickly regard as commonplace" chooses.
What do we know about the "things" that are already connected to the Internet?
Some of them are not very good. In fact some of them are just plain stupid. And this stupidity is toxic, in that their sometime inadequate models of operation and security affects others in potentially malicious ways. Doubtless if such devices were constantly inspected and managed we might see evidence of aberrant behaviour and correct it. But these are unmanaged devices that are all but invisible. There are the controller for a web camera, the so-called "smart" thin in a smart television, or what controls anything from a washing machine to a goods locomotive. Nobody is looking after these devices.
When we think of an Internet of Things we think of a world of weather stations, web cams, "smart" cars, personal fitness monitors and similar. But what we tend to forget is that all of these devices are built upon layers of other people's software that is assembled into a product at the cheapest possible price point. It may be disconcerting to realise that the web camera you just installed has a security model that can be summarised with the phrase: "no security at all", and its actually offering a view of your house to the entire Internet. It may be slightly more disconcerting to realise that your electronic wallet is on a device that is using a massive compilation of open source software of largely unknown origin, with a security model that is not completely understood, but appears to be susceptible to be coerced into being a "yes, take all you want".
It would be nice to think that we've stopped making mistakes in code, and from now on our software in our things will be perfect. But that's hopelessly idealistic. It's just not going to happen. Software will not be perfect. It will continue to have vulnerabilities. It would be nice to think that this Internet of Things is shaping up as a market where quality matters, and consumers will select a more expensive product even though its functional behaviour is identical to a cheaper product that has not been robustly tested for basic security flaws. But that too is hopelessly naive.
Another 10 Years Later [Geoff Huston/Potaroo]
(via Four Short Links)