PDA

View Full Version : Why not automatic firmware upgrades?



Jason Holtzapple
2004-10-30, 07:49
Some of our Squeezeboxen are updated via wireless. I assume the
folks at Slim Devices will tell us if it isn't safe to do so.

--- Jeffrey Gordon <jeff (AT) thetank (DOT) org> wrote:
> I am not saying they should perform auto updates, that is just bad
> practice as already stated, just curious how many other people to
> firmware updates via wireless?

kdf
2004-10-31, 02:15
Quoting Jason Holtzapple <jasonholtzapple (AT) yahoo (DOT) com>:

> Some of our Squeezeboxen are updated via wireless. I assume the
> folks at Slim Devices will tell us if it isn't safe to do so.
>
> --- Jeffrey Gordon <jeff (AT) thetank (DOT) org> wrote:
> > I am not saying they should perform auto updates, that is just bad
> > practice as already stated, just curious how many other people to
> > firmware updates via wireless?
it is never a safe plan to do anything critical over wireless (or while using
batteries). It can work just fine most times, but you never know when someone
might pick up a 2.4GHz phone or start the microwave. the warning is there not
because it wont work over wireless, but because a potentially disastrous result
is so very simply avoided by not updating over wireless. all of this 'ranting'
for automatic updates is nothing compared to the screaming and threats that
woudl come from people who had their squeezeboxen transmogrified into
paperweights by a bad automatic update.

if you want automatic updates, why not file it as an enhancement request on
bugs.slimdevices.com and leave it at that. :)

-kdf

Carsten Bormann
2004-10-31, 16:01
On Oct 31 2004, at 10:15 Uhr, kdf wrote:

> it is never a safe plan to do anything critical over wireless (or
> while using
> batteries). It can work just fine most times, but you never know when
> someone
> might pick up a 2.4GHz phone or start the microwave. the warning is
> there not
> because it wont work over wireless, but because a potentially
> disastrous result
> is so very simply avoided by not updating over wireless. all of this
> 'ranting'
> for automatic updates is nothing compared to the screaming and threats
> that
> woudl come from people who had their squeezeboxen transmogrified into
> paperweights by a bad automatic update.

This argument is so nineties.

At a time when Flash was larger than RAM, a firmware upgrade was
dangerous because it started wiping out Flash before the whole firmware
image could have been present.
Today, it is easy to receive the entire upgrade, check it thoroughly,
and only then commit it to Flash.
Preferably only after checking with a cryptographic checksum, which
covers both accidental and malicious corruption.
This leaves exactly zero argument for not doing it over wireless, which
is probably why Squeezeboxen are happy to do it that way.

I still like having manual control over the firmware upgrades (although
for me that means running around with a remote control for a while).

Gruesse, Carsten

seanadams
2004-11-02, 10:41
> This argument is so nineties.
>
> At a time when Flash was larger than RAM, a firmware upgrade was
> dangerous because it started wiping out Flash before the whole
> firmware image could have been present.
> Today, it is easy to receive the entire upgrade, check it thoroughly,
> and only then commit it to Flash.
> Preferably only after checking with a cryptographic checksum, which
> covers both accidental and malicious corruption.
> This leaves exactly zero argument for not doing it over wireless,
> which is probably why Squeezeboxen are happy to do it that way.
>
> I still like having manual control over the firmware upgrades
> (although for me that means running around with a remote control for a
> while).
>

Carsten,

You are correct. In fact, both SLIMP3 and Squeezebox use firmware
update mechanisms which are designed to work even if the data transfer
fails or the device loses power doing the upgrade.

SLIMP3 did this by having a completely separate loader in its own
region of flash, so that no matter what got loaded into the designated
application area, you could always run the loader. Due to flash space
limits in SLIMP3 though, the loader had to be very simple (which is why
you had to type in the MAC address and so on).

Squeezebox works a different way. Compressed images are loaded to the
end of the flash chip, and then after verification of the downloaded
image, the system sets a flag and then reboots. On rebooting, a tiny
bit of protected loader code decompresses and copies the new code into
the "live" flash area. The flag is not cleared until the update
succeeds, so that even if the device loses power at any point during
this process, it will eventually succeed.

Reliable or not, I still think it's nice to notify the user and let him
acknowledge that software is being updated. Having the update run
automatically would probably lead to confusion, so we just have one
little step, pressing a button, before it runs.

Sean