upvote

points

by Neywiny7 hours ago |
comments
upvoteby HFguy6 hours ago|
next
[-]
I'm a long way from embedded development. But I was under the impression a lot of microcontrollers these days have some ID capability built in, even some relatively low-end ones. This strikes me more as laziness than anything.
reply
upvoteby peterus6 hours ago|
parent|
next
[-]
This is true, for example many stm32 series have a 96 bit unique id which is derived from the lot number, wafer id and position [1]. Even the low cost stm32g0b1 series I am using has them, but they are missing from some older series.

[1] https://community.st.com/t5/stm32-mcus/how-to-obtain-and-use...

reply
upvoteby adrian_b5 hours ago|
parent|
prev|
next
[-]
Moreover, on any device that is connected to Internet you already have a unique MAC address on its Ethernet or WiFi interface.

You can hash this unique MAC address, together with other data that may be shared with the other devices of the same kind, to generate unique keys or other kinds of credentials.

reply
upvoteby Neywiny5 hours ago|
parent|
prev|
[-]
Surprisingly it's not everywhere. I'm very in embedded development and cannot count the amount of time I look for "unique" "id" etc in a reference manual and come up short. It's certainly more common than not, but you often have to design systems for the lowest common denominator.
reply
upvoteby NegativeK5 hours ago|
prev|
next
[-]
> It's not impossible, it's just extra work that usually goes unrewarded.

That sounds like profit motivated negligence, and it sounds like a standard justification for why Europe is going to hold companies liable.

reply
upvoteby Neywiny4 hours ago|
parent|
next
[-]
It is indeed. And that sucks but that's what it is. Product design is about calculated risks and trades. It's a good thing regulators are here to help because companies won't do it on their own and the general public doesn't care enough.
reply
upvoteby jcgrillo2 hours ago|
parent|
prev|
[-]
We will all owe the EU a massive debt of gratitude. Hopefully USB C was just the tip of the iceberg.
reply
upvoteby Msurrow6 hours ago|
prev|
[-]
I have not knowledge of this kind of software dev/hw production, so can you please explain why the units cant just be born with a default pass and then have the setup process (which is always there) Force the owner to set a new password?

Knowledge or not, this..

> It's not impossible, it's just extra work that usually goes unrewarded.

.. is just not an acceptable way for business to think and operate i 2026, especially not when it comes to internet connected video enabled devices

reply
upvoteby Neywiny5 hours ago|
parent|
next
[-]
I'll answer your question with a question: how often do you see people complaining about needing setup processes vs the old way of just plug and play? There's no perfect answer that placates all sides. Things can certainly be better, but when those people win and you no longer need to have a setup process, then what?

While true that in $current_year it would be nice if things were more secure, the sad truth is that most people don't care.

reply
upvoteby Msurrow4 hours ago|
parent|
[-]
I agree that yes most just want PnP and basically don’t care about security. But it seemed on the posts above that there was an engineering complexity, and a robot vaccum needs local WiFi, so there will be a setup flow. Whats preventing a password selection just be part of that?
reply
upvoteby thenthenthen6 hours ago|
parent|
prev|
next
[-]
I am shocked really, i think this is actual law in China.
reply
upvoteby thenthenthen6 hours ago|
parent|
prev|
[-]
This is just people working 24/7 for 50 dollars a month? Because we want cheap shit
reply