It would not be a full Linux installation. A tiny computer like the Pi or the Edison are truly amazing. Linux comes with a large support requirement when deployed en masse.
And not just administration; security, continual patches, whole Linux subsystems that must run and which may expose various things on the network.
The Photon devices already connect securely to a secure infrastructure, and do not expose services to the network by default. A bare metal Raspberry Pi OS would have similar advantages.
You are correct that full Raspbian has advantages. It also has many serious disadvantages to a large enterprise.
What if the setup wizard for creating SD cards provided an option to disable these services?
I don’t think you understand how my employer’s security people think. [Edited to remove potential insult.]
Not only would they need to be disabled, they would need to not exist on disk. The Linux kernel would need to not exist on disk in any recognizable form. (It’s something that needs constant maintenance, upgrades, and patching) The ability to prevent the installation or use of ANY Linux software that is not approved would need to be present. The ability to audit and account for every use of any service hosted by the device is required.
Windows 10 IoT core could work, but it doesn’t support enterprise Wi-Fi yet, either. At least we have the tools and skills to audit, administer, and manage Windows stuff.
An easier way to say it, perhaps, is that Particle on Linux on Raspberry Pi is more to worry about from a security standpoint than Particle on Raspberry Pi alone would be.
I wouldn’t even care if the Pi were severely under clocked in such a scenario; let me use Ethernet, enterprise Wi-Fi, and Bluetooth and I’d be very happy with such a device.
Like I said earlier, I am not holding my breath for a bare metal implementation. Broadcom and the Raspberry Pi Foundation would likely thwart any such efforts at every turn.
I don’t know why enterprise Wi-Fi is such a problem for the entire ecosystem of non-Linux IoT devices. The only non-Linux device I know of that supports it is the ESP8266 and its support is so new that it isn’t documented sufficiently enough to easily discover how to use it.
Lots of us need enterprise Wi-Fi, and need to avoid Linux whenever possible. I think I work for one of the few large enterprises that moves quickly enough to encounter this functionality gap, because it seems to surprise some folks. Oh well.
Hey! I have started playing lately with Ansible, for network management and orchestration of the linux servers I work with, and it looks pretty promising.
Would such a tool help you in your scenario?
Not a lot. I know how to use Ansible, but I am not the person that would manage a horde of Linux machines on my network, so my ability doesn’t help at all.
The real issue is with security. There is zero, or very close to zero chance that anyone could convince the security teams within my organization that Linux is secure enough to be deployed in any significant numbers.
Windows and Linux both have their security issues, and I am not trying to say that one is safer or more secure than another. I am saying that the skill set held by employees in my organization favors Windows over Linux by a ratio at least 500 to 1. More, if you want to count the ratios of installed non-desktop systems.
We have the Windows skills and procedures to triage any major issues with Windows. We do not have the skills and procedures to handle even 10 Linux machines in a production role.
Linux just isn’t feasible for me in a wide deployment.
A solution that is a Wi-Fi enabled microcontroller, like the Photon, is much, MUCH easier to present to security and administration. The firmware for a Photon can be understood by a single skilled person, in its entirety. Try saying that about Windows OR Linux.
Particle’s cloud code is less transparent, and an enterprise agreement with Particle would make sure that liability is properly handled, however that would go, depending on a bunch of stuff I have little understanding of, so that eliminates that issue.
Thank you for the attempt.
You are welcome. Here’s another thought:
Do you think a bare metal OS will have to start with someone porting the freeRTOS to the Pi?
Seems like someone did some work on this area, not sure to what extent, though.
I don’t know how to write something for a pi with no OS.
I’ll bet it’s easier than people reflexively assume, though, especially if you’re porting something already written for an ARM micro.
I haven’t had a change to sit down and really look at the guy code yet but was wondering, theoretically could this install on a C.H.I.P by Next Thing? I have a project that I am currently using Amazon IOT but would much rather use the particle cloud.
Hey there @Tomforti – you theoretically should be able to since they’re both running Linux. That being said, the pinout for the Particle agent will be incorrect, so you won’t be able to toggle or interact with the GPIO or hardware peripherals as is. Forking the agent and adapting to C.H.I.P. shouldn’t be too hard, though, if you are interested in submitting a pull request.
@will that’s actually what I was thinking as I was looking though the project. I will give it a go. Thank you.
@will Ohhhh. Maybe for a weekend project I could fork the code and see about getting it up and running on an Onion Omega. Would love to have those in the Particle Cloud.
Absolutely! If you all are interested in moving forward with those projects, I can help connect you to the folks internally that can provide additional info for porting the
particle-agent over to other Linux hardware platforms.
I’m definitely interested in taking a look. Omega has done some cool stuff for remote Linux management but doesn’t have the device firmware and inter-device ecosystem that Particle has.
@jvanier might be able to give you some high level pointers, although we’re just about to break for the holidays at the end of next week, so things are a little hectic around here! Please be patient with a response
No worries, I appreciate any direction you can provide. If I don’t hear from anyone before then, Happy Holidays!
@sidwarkd let me know how you do. I am just starting to play around to get the agent onto a CHIP by next things.
Will do @Tomforti. I just got a shipping notice that my Omega2 is on the way. Hopefully it gets here soon as I’m off the next week and am hoping to put some time in on this. Let me know if you come across any useful info as you move forward on CHIP.
@sidwarkd any luck with the Omega2?
Unfortunately not. The shipping notice was almost 6 weeks before I actually got the Omega2 and by then my hack holiday time had passed. I did try to take a passing glance at it later when I realized that it needs Ruby to run. That would require additional setup on the Omega.