I've added a link to IPVM to the parent to my comment that might interest you!
Regarding established: I might be wrong! I willingly admit that I knew nothing about verkada some days ago. Seems to be relatively new (5 year-ish) and "classic" Silicon Valley in that they push hard for growth to get their valuation up and try to "disrupt" by running everything in the cloud. More sales people than R&D, which I think is uncommon.
Verkada runs full lock-in, so if you buy a camera from them you have to buy their services. This is again relatively uncommon. Most of the industry supports the ONVIF standard, so you can run the hardware you bought with different software solutions. If you want encryption at rest, no problem. You just make an on-premise solution with full encryption. With verkada you can't do that (incidentally verkada have mocked ONVIF due to alleged security concerns, but obviously it undermines their business model with full lock-in).
Since combining verkada and other hardware would require parallel systems I made an educated guess that most customers would be places without previous hardware and/or less concern for the long run. Most large and high value targets have previous hardware, but certainly there are exceptions. And as stated earlier, I might be wrong:)
And lastly, you should be suspicious! Last time I bought a car I was very suspicious. I like the car I did buy very much, but next time I will be just as suspicious again. That's how things should be when it's about trust and high impact.
“We did not exploit any flaws or vulnerabilities. The cameras have a built-in maintenance backdoor, which allows anyone with super admin privileges to access a root shell on any camera of any customer at the click of a button.”
I'd like to add a bit of context to how security cameras most often are installed.
In the industry in general you have producers of the equipment and you have buyers, but in between there you have integrators. The integrators plays a crucial role when installing big systems. They win the bid for an installation and carries out the work. This means that there is seldomly any direct path between camera producer and the customer. For the producer to get access to footage they must go through the integrator, so the friction is non-trivial.
Direct contact producer <=> buyer might happen in the small case, like a store with a single camera or you placing one at home.
My guess (!) is that verkada tries to pry away the integrators with a simpler model for installation.
Most larger producers now have cloud offerings, which could have some similar vulnerabilities to those mentioned in the article. However, my impression is that security is taken VERY seriously. Not just lipservice, but in practice. This makes sense as it is a key selling point and the larger buyers are competent judges of this. This is in stark contrast to the "typical" hacked target, which seems to be autoshops and hospitals (I am generalising to get through a point, I am not sure what the most common victim is).
This really struck me also. I work in the relevant industry (we make cameras etc.) and there is always a bit of pain to get user footage. This is how it should be! To have everything from source code to customer material accessible to an admin is bottom-tier thinking. Why not just rename your "admin" to "GOD" and then ask yourself if you have any single point of failure?!
I do NOT want to sound smug, but there is a little bit of amateur hour going on here both from buyer and seller. High value and large targets (like airports) and more established sellers usually don't work like this, and that's for a reason.
The line-by-line explanation is very handy, thank you for that. I find that one of the hard balances with using Emacs is whether to fully understand everything you put into your conf-files or just accepting some degree of copy-paste.
I can tell you why I love his essays: because of the way he argues. It is very transparent. I seldomly agree with his conclusion(s), but since he is so honest (he is not trying to deceive) in listing his arguments it is just a matter for me to find where he is wrong... or where I am wrong. I find this style so uncommon and stimulating that I hardly can stand the regular "opinion" held by most people. At least it is hard to be intrigued by arguments that doesn't even try to be precise.
When PG writes something I pay attention to the words, because I know they were chosen with some care. If I can force open a crack in his arguments I get wiser, and if I don't... the same thing happens.
I wish more people wrote like him, but preferably less about startups. They don't interest me as much as attempts at honest discourse.
Yes, but we also didn't close down our economy nearly as much as most other European countries. I'm just saying that there are too many variables to conclude anything at this point, especially given that we won't have a good guess on "final" death toll until widespread immunity (from vaccine or otherwise).
Let me try to rephrase it in a less cynical manner, best as I can.
It seems to me that Sweden's strategy is attracting more attention (in form of primarily criticism) than f.x. Belgium's, despite the latters deathrate being ~2x that of Sweden's. To me that indicates that the issue is the strategy in itself, and not the magnitude of the failure of it. Other countries have failed worse (although thankfully the vast majority of countries are currently doing better than Sweden, hopefully forever). Why would people care about 4000 dead in a small country far away, when many don't give a damn when 4000 people die from starvation or malnurishment?
Because it says something about _your_ country and _your_ strategy.
For me that is the simplest and not at all cynical interpretation of this. I will admit this is speculation, but I don't think I claimed certainty.
PS. I'm _guessing_ our Achilles tendon is certain organisational deficiancies in the care of the elderly. How it's done and at what stages of life one is moved between different kinds of care. Even if I'm right (big if) I fear that the outfall from this might be "me caveman gruk, weak restrictions bad for COVID19, dum-dum-donut", or the equivalent opposit. That would be sad. PS.
PSS. Belgium seems to be the most "liberal" country in terms of including suspected COVID19-related deaths in the official statistics, but those are the numbers at our disposal. DSS.
You are right. I meant to point out that for some significant proportion of people, Sweden are in these circumstances not a country, but a tool to prove their point. And unless one is careful, which some people are, one will reach whatever conclusions one is looking for simply due to lack of resolution. From far away enough you can come up with the details yourself...
I certainly don't like the death rate either. Unfortunately lots of countries are in the same ballpark, 3-4/10000, but with wildly varying stragies. "Only a few months" happens to be the same timeframe for almost everyone else, so not sure why that is relevant. We aren't "doing very little", lots of restrictions on behaviour and travel, but certainly less strict than many other places. "Effort" isn't a good proxy for effective in these circumstances.
I think there is at least two things going on:
- The long-run approach being taken makes it seem like nothing is going on, since there isn't much action. Slow and steady easily registers and stillness.
- Tons of misreporting, in all directions. I get newsclips from friends in the UK that are just out wrongwrongwrong, and they are wrong in different ways and directions!
With this being said, I hope that Sweden's approach is in't the best! Why? Well, that would mean that large parts of the rest of the world is doing something better (if we simplify it into "lockdown" vs "limited restrictions"). That would cost us here in Sweden 1000's of unnecessary death, but perhaps spare millions in the rest of the world.
I can only speak for the parts of Sweden where I live and socialise, but I know of no-one who things our policy is "normal", whatever that means. It is some kind of myth that we are ignoring the risks and pretends like nothing is happening. Lots of restrictions, just not as strict as it could have been.
That part about recklessly endangering Europe (!) is hyperbole, UK, Spain and Italy has more deaths capita but apparently the EU can handle them, so...
* Source for death per capita is https://www.worldometers.info/coronavirus/#countries. I've heard something about them not being fully reliable, but the death statistics should be comparatively easy to aggregate, so I'll use that number unless obviously wrong.
I agree a bit, I'm not certain exactly what their game is either. The one thing that feels consistent is the priority to endurance, to push for actions that are sustainable in the long run.
Of course, in the long run we are all dead anyway, so I'm not certain what's best!
The amount of misinformation (or the very least, confused statements) in this thread is high for being HN. Soo many people know much about Sweden without ever setting their foot here. Interesting that.
The world's apparent obsession with the Swedish strategy isn't about Sweden at all. It is about their own strategies, trying to prematurely pat themselves on the back for doing the right thing, whatever that was. There's myriads of variables that differ between Any two countries.
Thank you. There's sooooo much "I think like this therefore I will find two variables out of 10000 and link them" going around. The easy with which one could argue the exact opposite using some two other variables seems to go unnoticed by the original makes of the claim, whatever it was.
I think you misread me, I meant "general" as in general counter-measure, not COVID19-specific. Clearly I should have been more precise. In a situation where overload of healthcare is a primary concern, recommending counter-measures against general infections (where hand hygiene qualifies) is a no-brainer.
The general evidence for washing hands as an effective counter-measure is very very strong. It is a complete no-brainer, while decisions regarding face masks are complex and have to take into account lots of variables.
Regarding established: I might be wrong! I willingly admit that I knew nothing about verkada some days ago. Seems to be relatively new (5 year-ish) and "classic" Silicon Valley in that they push hard for growth to get their valuation up and try to "disrupt" by running everything in the cloud. More sales people than R&D, which I think is uncommon.
Verkada runs full lock-in, so if you buy a camera from them you have to buy their services. This is again relatively uncommon. Most of the industry supports the ONVIF standard, so you can run the hardware you bought with different software solutions. If you want encryption at rest, no problem. You just make an on-premise solution with full encryption. With verkada you can't do that (incidentally verkada have mocked ONVIF due to alleged security concerns, but obviously it undermines their business model with full lock-in).
Since combining verkada and other hardware would require parallel systems I made an educated guess that most customers would be places without previous hardware and/or less concern for the long run. Most large and high value targets have previous hardware, but certainly there are exceptions. And as stated earlier, I might be wrong:)
And lastly, you should be suspicious! Last time I bought a car I was very suspicious. I like the car I did buy very much, but next time I will be just as suspicious again. That's how things should be when it's about trust and high impact.