lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 9 Nov 2015 10:06:17 -0500
From:	Austin S Hemmelgarn <ahferroin7@...il.com>
To:	Mikulas Patocka <mpatocka@...hat.com>,
	Sami Tolvanen <samitolvanen@...gle.com>
Cc:	Milan Broz <mbroz@...hat.com>,
	device-mapper development <dm-devel@...hat.com>,
	Mandeep Baines <msb@...omium.org>,
	Will Drewry <wad@...omium.org>,
	Kees Cook <keescook@...omium.org>,
	Mike Snitzer <snitzer@...hat.com>,
	linux-kernel@...r.kernel.org, Alasdair Kergon <agk@...hat.com>,
	Mark Salyzyn <salyzyn@...gle.com>
Subject: Re: [PATCH 0/4] dm verity: add support for error correction

On 2015-11-07 10:18, Mikulas Patocka wrote:
>
>
> On Fri, 6 Nov 2015, Sami Tolvanen wrote:
>
>> On Fri, Nov 06, 2015 at 12:23:29PM -0500, Mikulas Patocka wrote:
>>> Do you have some real case where such error corrections
>>> increase longevity of some device?
>>
>> Yes, there have been several cases where read-only partition errors
>> have rendered a device unusable. The sheer volume of mobile devices
>> means that even if a tiny fraction of them suffer from such a problem,
>> it's going to affect a large number of people.
>
> Why don't you reflash the device from bootloader? (by holding power and
> volume keys simultaneously on startup and using the fastboot utility)
Requiring an end user to re-flash their device is not good business 
practice, even if it is a rare occurrence (it adds a potential 
attack-vector for malware, and is decidedly non-trivial to do for 
someone without programming background).  Phones, tablets, and other 
embedded systems are the type of thing where the device needs to be 
usable when the user wants to access it, period.  Minimizing the chances 
of the device not working (even for less common causes like this patch 
tries to protect against) is crucial to making the user experience as 
good as possible (and reducing customer support costs).


Download attachment "smime.p7s" of type "application/pkcs7-signature" (3019 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ