Firmware Upgrade Safety

Updating firmware is still often a somewhat risky task. The firmware is the software built into a chip in the hardware that provides the low-level functionality (drivers are the higher-level software that provides more advanced functionality).

The problem with updating firmware is that if the update does not go perfectly, this can leave the device in an indeterminate state without the ability to even try again since the low-level functionality is needed to upload firmware to the device in the first place.

In the old days, flashing a new BIOS or CD drive firmware was quite risky and resulting in much “bricking” (rendering a device useless). (Technically, there are usually ways to restore a working copy of the firmware like the manufacturer did in the first place, by cracking the device open and connecting to special ports on the motherboard (e.g., JTAG). Not surprisingly, manufacturers have tried coming up with better, safer solutions. Yet, updating firmware, especially with untested or third-party firmware remains risky to this day.

This is silly because there are numerous ways to prevent bricking devices.

One method that some manufacturers have implemented (usually on motherboards) is to use two BIOSes on the board. That way, if the main one fails, then the user can hold a special key combination or short a specific jumper or some such to restore a copy of the non-writable ROM backup to the erasable one.

This method is effective and can even be adapted in another way. Instead of having two copies of the firmware, simply have two flash drives. That way, when you upload a firmware, instead of being written to the main chip, it is saved to the storage chip, then if and only if it was successfully uploaded, it is quickly written (“flashed” if you will) to the main one. This way, the device can easily detect if the upload failed and provides an all-or-nothing flashing experience (an atomic transaction/operation in database parlance).

Limiting Login Attemps

One common way to reduce the likelihood of an account getting hacked is to limit the number of login attempts and lock the account once the number of failed logins reaches some threshold.

This is a reasonable way to prevent brute-force, and even most dictionary attacks. The problem is that most implementations count each and every login attempt. When someone forgets their password or types it in incorrectly, they usually try again a few times.

If you limit the number of attempts, it should detect if the passwords are the same (or possibly even similar) since they are obviously not an attack, but rather the user wondering why their password isn’t working (for example, they may be typing in the password for a different account).

The Airport/SimCity Paradox

The Airport Paradox aka the SimCity Paradox refers to the fickle and inconsistent nature of human beings and how they are never happy regardless of the lengths one goes to in order to please them.

Years ago, I was playing SimCity. I built myself a nice little (obsessive-compulsively symmetrically) town and it was doing well. I pulled up the mayoral summary to see how I was doing with the citizenry. The report indicated that I was mostly pretty popular with the Sims, except that they were demanding (yes demanding) an airport. So I built one.

I let a little time go by so that the Sims could enjoy their shiny new airport. I pulled up the summary again and saw that I was still doing well and the Sims were mostly happy except that they were upset about there being too much pollution and demanding (yes, the Sims are very demanding) that I do something about it. So I opened the pollution graph to see where the problem spots are, and where do you think all the pollution was coming from? Yup, the airport. It was solely responsible for the pollution problem. I demolished the airport and the pollution went down but, perhaps not surprisingly, the Sims complained that they wanted an airport.

I loosed the Godzilla.

(Technically, in the case of SimCity, you can have an airport and low pollution by surrounding it with tons and tons of parks—I guess in Simland, it’s perfectly okay if children, families, and pets choke on jet fumes, so long as the parks absorb the pollution. The point is that humans are never happy and always demand more.)