@voltagex @benno @daisy That. I wasn't going to submit anything this year, but then I had one of those moments where I realised a few things I took for granted were things a *lot* of people don't know yet, and they're potentially useful to know in all sorts of contexts, as long as understanding things *yourself* is something you value. And plenty of people do still value that, even if they're often drowned out by the plutocrats actively pushing for permanent technocratic dependency.

@glyph @whitequark Yeah, it's untenable as a universal practice for networked devices, as they need to evolve in parallel with the networks they're connected to. Ring fencing also leaves you horribly exposed if the perimeter ever gets compromised. Testing software updates against every hardware revision ever published is its own special flavour of awful though, so there are no good answers, just differently bad choices to weigh against the specifics of a deployment model.

@glyph @whitequark Many hardware downstreams *don't* upgrade in place, they upgrade on new device builds (which is then covered by factory acceptance testing). Physical installations can then be ring fenced with less critical network devices that receive routine updates to mitigate the security risks (complete air gaps are also nice, but the lack of routine telemetry then becomes a risk in its own right). Major software upgrades get lumped in with hardware revisions (and the associated testing).

@0xabad1dea I confess the thought "Huh, haven't seen any Odin pics in a while, must have been out of sync with my timing of checking Mastodon" did cross my mind the other day.