Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

FWIW, my background is in B2B hardware and that's the perspective I am coming here with. Out of curiosity though, how do you weigh your value of control vs. security vulnerabilities? Modern speaker systems allow some form of wireless connectivity, so there is bound to be something and not all consumers will be savvy enough to keep up with security updates on their own.


My thoughts on security vulnerabilities is that they exist on any out of date firmware and that should be expected. I’ve never rolled back to factory settings and assumed that this device is now exposable on a DMZ.

Specifically I’m talking about consumer devices, which are almost always behind a NAT config + firewall. If your soundbar has a vulnerability it’s pretty much irrelevant if someone has already breached your network.

If we’re talking about enterprise networking equipment, I still stand by my concerns that the the owner should be able to revert back to stock but the burden of responsibility is on the technician configuring this device, not the manufacturer.


It seems to me the mentality has become that since end users tend to be bad at system administration, they shouldn't be allowed to do it, for their own good.

I reject this mentality. I don't think it's necessary or desirable to make it impossible for people to do things that have negative consequences for themselves. Put a "here there be dragons" warning on the firmware rollback, bootloader unlock, or similar dangerous operation and let people take responsibility for the outcome.

In the case of consumer devices, most people won't even try those things; those who do risk further problems for the chance of a better outcome. In the case of enterprise networking equipment, there's an IT department that, in theory has the skills and resources necessary to make good decisions about technology.


There will always be security issues, so "but security" is not a reason to prevent a consumer from doing whatever they want with a thing that they purchased from you (I'm of course just speaking morally/ethically here since there's no legal provisions preventing that in most places).

If I pay you for a product, you have no moral right to tell me what I can and cannot do with that product, up to and including messing with the firmware, installing known-bad firmwares, wiping it and building my own firmware, whatever I want. It's mine, I paid for it, stop violating my private property rights.


I think I agree with you generalle but just from a logics perspective, this is a bad argument:

> There will always be security issues, so "but security" is not a reason to prevent a consumer from doing whatever they want with a thing that they purchased from you

Just because there will always be security issues doesn't mean you shouldn't try to take care of the low hanging fruit.


Not the person you replied to, but I'm literally pulling wire again to avoid dealing with that dichotomy. And hardware developers that think OTW firmware updates are a neat idea >:(




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: