TIP: Click on subject to list as thread! ANSI
echo: rberrypi
to: RICHARD KETTLEWELL
from: THE NATURAL PHILOSOPHER
date: 2020-09-15 18:32:00
subject: Re: Spectre / Meltdown
On 15/09/2020 18:00, Richard Kettlewell wrote:
> The Natural Philosopher  writes:
>> On 15/09/2020 11:31, The Natural Philosopher wrote:
>>> On 15/09/2020 11:15, Richard Kettlewell wrote:
>>>> The Natural Philosopher  writes:
>>>>> On 14/09/2020 14:01, Richard Kettlewell wrote:
>>>>>> In a safety- and/or security-critical context,
>>>>>> you can’t just ignore them, you need to find them (preferrably before
>>>>>> someone else does), then recertify and redeploy the fixed software.
>>>>>>
>>>>>> Certification is a moving target, at least in my industry, I don’t
know
>>>>>> about automotive. Same issues as above.
>>>>>>
>>>>>> Security is a moving target; attacks keep getting better. Same issues
>>>>>> again.
>>>>>>
>>>>>> And that’s before getting into changing customer needs, competitive
>>>>>> challenges, rebranding, ...
>>>>>
>>>>> In a car window winder?
>>>>
>>>> Bit more electronics in a car than just a window winder. At any rate
>>>> I’ll be trusting druck’s understanding of the costs and lifecycle or
>>>> automotive software over yours.
>>>
>>> How much embedded programming have either of you done? I spent 5
>>> years at it.
>
> Well, I’ve been contributing continuously to our product’s firmware for
> about half of the last decade, and intermittently since 2003 or so.
>
>> Look. My position is, and always has been, that *once the software has
>> been written*, the cost of deploying it is almost zero.
>>
>> Neither you nor Druck have come up with more than in his case, proof
>> by assertion, and in your case, appeal to (his) authority, as to why
>> this is a false statement.
>
> I think I’ve covered it in previous posts. Our product is subject to
> various standards-compliance and security requirements and these evolve
> continuously. Even just to stay still in the marketplace we have to
> respond with new firmware versions from time to time. This isn’t an
> unusual situation for anything with safety or security aspects and I’m
> not sure what’s so hard to believe about it.
>

So you spend more money on developing the code. How does that apply to
the cots of IMPLEMENTING it, once written?

You haven't addressed a single one of my points.



--
"In our post-modern world, climate science is not powerful because it is
true: it is true because it is powerful."

Lucas Bergkamp

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.