top | item 47112790

(no title)

Neywiny | 7 days ago

I think it's about being a configuration management nightmare. If every device has a unique password, you need the decoder ring for serial number to password. However, not all processors have unique IDs. So you either need to find a way to reliably serialize each board during manufacturing and hope it stays (like a sticker/laser/printer/etc) or add a serial number chip which is cost and complexity. It's not impossible, it's just extra work that usually goes unrewarded.

discuss

HFguy|7 days ago

I'm a long way from embedded development. But I was under the impression a lot of microcontrollers these days have some ID capability built in, even some relatively low-end ones. This strikes me more as laziness than anything.

peterus|7 days ago

This is true, for example many stm32 series have a 96 bit unique id which is derived from the lot number, wafer id and position [1]. Even the low cost stm32g0b1 series I am using has them, but they are missing from some older series.

[1] https://community.st.com/t5/stm32-mcus/how-to-obtain-and-use...

adrian_b|7 days ago

Moreover, on any device that is connected to Internet you already have a unique MAC address on its Ethernet or WiFi interface.

You can hash this unique MAC address, together with other data that may be shared with the other devices of the same kind, to generate unique keys or other kinds of credentials.

Neywiny|7 days ago

Surprisingly it's not everywhere. I'm very in embedded development and cannot count the amount of time I look for "unique" "id" etc in a reference manual and come up short. It's certainly more common than not, but you often have to design systems for the lowest common denominator.

NegativeK|7 days ago

> It's not impossible, it's just extra work that usually goes unrewarded.

That sounds like profit motivated negligence, and it sounds like a standard justification for why Europe is going to hold companies liable.

jcgrillo|7 days ago

We will all owe the EU a massive debt of gratitude. Hopefully USB C was just the tip of the iceberg.

Neywiny|7 days ago

It is indeed. And that sucks but that's what it is. Product design is about calculated risks and trades. It's a good thing regulators are here to help because companies won't do it on their own and the general public doesn't care enough.

Msurrow|7 days ago

I have not knowledge of this kind of software dev/hw production, so can you please explain why the units cant just be born with a default pass and then have the setup process (which is always there) Force the owner to set a new password?

Knowledge or not, this..

> It's not impossible, it's just extra work that usually goes unrewarded.

.. is just not an acceptable way for business to think and operate i 2026, especially not when it comes to internet connected video enabled devices

Neywiny|7 days ago

I'll answer your question with a question: how often do you see people complaining about needing setup processes vs the old way of just plug and play? There's no perfect answer that placates all sides. Things can certainly be better, but when those people win and you no longer need to have a setup process, then what?

While true that in $current_year it would be nice if things were more secure, the sad truth is that most people don't care.

thenthenthen|7 days ago

I am shocked really, i think this is actual law in China.

thenthenthen|7 days ago

This is just people working 24/7 for 50 dollars a month? Because we want cheap shit