Merge pull request #4888 from firstadream/master

翻译完成
This commit is contained in:
Xingyu.Wang 2017-01-08 21:37:27 +08:00 committed by GitHub
commit 6ecc72bb8f
2 changed files with 167 additions and 174 deletions

View File

@ -1,174 +0,0 @@
Translating by firstadream
### [Can Linux containers save IoT from a security meltdown?][28]
![](http://hackerboards.com/files/internet_of_things_wikimedia1-thm.jpg)
In this final IoT series post, Canonical and Resin.io champion Linux container technology as a solution to IoT security and interoperability challenges.
|
![](http://hackerboards.com/files/samsung_artik710-thm.jpg)
**Artik 7** |
Despite growing security threats, the Internet of Things hype shows no sign of abating. Feeling the FoMo, companies are busily rearranging their roadmaps for IoT. The transition to IoT runs even deeper and broader than the mobile revolution. Everything gets swallowed in the IoT maw, including smartphones, which are often our windows on the IoT world, and sometimes our hubs or sensor endpoints.
New IoT focused processors and embedded boards continue to reshape the tech landscape. Since our [Linux and Open Source Hardware for IoT][5] story in September, weve seen [Intel Atom E3900][6] “Apollo Lake” SoCs aimed at IoT gateways, as well as [new Samsung Artik modules][7], including a Linux-driven, 64-bit Artik 7 COM for gateways and an RTOS-ready, Cortex-M4 Artik 0\. ARM announced [Cortex-M23 and Cortex-M33][8] cores for IoT endpoints featuring ARMv8-M and TrustZone security.
Security is a selling point for these products, and for good reason. The Mirai botnet that recently attacked the Dyn service and blacked out much of the U.S. Internet for a day brought Linux-based IoT into the forefront — and not in a good way. Just as IoT devices can be turned to the dark side via DDoS, the devices and their owners can also be the victimized directly by malicious attacks.
|
![](http://hackerboards.com/files/arm_cortexm33m23-thm.jpg)
**Cortex-M33 and -M23** |
The Dyn attack reinforced the view that IoT will more confidently move forward in more controlled and protected industrial environments rather than the home. Its not that consumer [IoT security technology][9] is unavailable, but unless products are designed for security from scratch, as are many of the solutions in our [smart home hub story][10], security adds cost and complexity.
In this final, future-looking segment of our IoT series, we look at two Linux-based, Docker-oriented container technologies that are being proposed as solutions to IoT security. Containers might also help solve the ongoing issues of development complexity and barriers to interoperability that we explored in our story on [IoT frameworks][11].
We spoke with Canonicals Oliver Ries, VP Engineering Ubuntu Client Platform about his companys Ubuntu Core and its Docker-friendly, container-like Snaps package management technology. We also interviewed Resin.io CEO and co-founder Alexandros Marinos about his companys new Docker-based ResinOS for IoT.
**Ubuntu Core Snaps to**
Canonicals IoT-oriented [Snappy Ubuntu Core][12] version of Ubuntu is built around a container-like snap package management mechanism, and offers app store support. The snaps technology was recently [released on its own][13] for other Linux distributions. On November 3, Canonical released [Ubuntu Core 16][14], which improves white label app store and update control services.
<center>
[
![](http://hackerboards.com/files/canonical_ubuntucore16_diagram-sm.jpg)
][15]
**Classic Ubuntu (left) architecture vs. Ubuntu Core 16**
(click image to enlarge)
</center>
The snap mechanism offers automatic updates, and helps block unauthorized updates. Using transactional systems management, snaps ensure that updates either deploy as intended or not at all. In Ubuntu Core, security is further strengthened with AppArmor, and the fact that all application files are kept in separate silos, and are read-only.
|
![](http://hackerboards.com/files/limesdr-thm.jpg)
**LimeSDR** |
Ubuntu Core, which was part of our recent [survey of open source IoT OSes][16], now runs on Gumstix boards, Erle Robotics drones, Dell Edge Gateways, the [Nextcloud Box][17], LimeSDR, the Mycroft home hub, Intels Joule, and SBCs compliant with Linaros 96Boards spec. Canonical is also collaborating with the Linaro IoT and Embedded (LITE) Segment Group on its [96Boards IoT Edition][18]Initially, 96Boards IE is focused on Zephyr-driven Cortex-M4 boards like Seeeds [BLE Carbon][19], but it will expand to gateway boards that can run Ubuntu Core.
“Ubuntu Core and snaps have relevance from edge to gateway to the cloud,” says Canonicals Ries. “The ability to run snap packages on any major distribution, including Ubuntu Server and Ubuntu for Cloud, allows us to provide a coherent experience. Snaps can be upgraded in a failsafe manner using transactional updates, which is important in an IoT world moving to continuous updates for security, bug fixes, or new features.”
|
![](http://hackerboards.com/files/nextcloud_box3-thm.jpg)
**Nextcloud Box** |
Security and reliability are key points of emphasis, says Ries. “Snaps can run completely isolated from one another and from the OS, making it possible for two applications to securely run on a single gateway,” he says. “Snaps are read-only and authenticated, guaranteeing the integrity of the code.”
Ries also touts the technology for reducing development time. “Snap packages allow a developer to deliver the same binary package to any platform that supports it, thereby cutting down on development and testing costs, deployment time, and update speed,” says Ries. “With snap packages, the developer is in full control of the lifecycle, and can update immediately. Snap packages provide all required dependencies, so developers can choose which components they use.”
**ResinOS: Docker for IoT**
Resin.io, which makes the commercial IoT framework of the same name, recently spun off the frameworks Yocto Linux based [ResinOS 2.0][20]” target=”new”>ResinOS 2.0 as an open source project. Whereas Ubuntu Core runs Docker container engines within snap packages, ResinOS runs Docker on the host. The minimalist ResinOS abstracts the complexity of working with Yocto code, enabling developers to quickly deploy Docker containers.
<center>
[
![](http://hackerboards.com/files/resinio_resinos_arch-sm.jpg)
][21]
**ResinOS 2.0 architecture**
(click image to enlarge)
</center>
Like the Linux-based CoreOS, ResinOS integrates systemd control services and a networking stack, enabling secure rollouts of updated applications over a heterogeneous network. However, its designed to run on resource constrained devices such as ARM hacker boards, whereas CoreOS and other Docker-oriented OSes like the Red Hat based Project Atomic are currently x86 only and prefer a resource-rich server platform. ResinOS can run on 20 Linux devices and counting, including the Raspberry Pi, BeagleBone, and Odroid-C1.
“We believe that Linux containers are even more important for embedded than for the cloud,” says Resin.ios Marinos. “In the cloud, containers represent an optimization over previous processes, but in embedded they represent the long-delayed arrival of generic virtualization.”
|
![](http://hackerboards.com/files/beaglebone-hand-thm.jpg)
**BeagleBone
Black** |
When applied to IoT, full enterprise virtual machines have performance issues and restrictions on direct hardware access, says Marinos. Mobile VMs like OSGi and Androids Dalvik can been used for IoT, but they require Java among other limitations.
Using Docker may seem natural for enterprise developers, but how do you convince embedded hackers to move to an entirely new paradigm? “Rather than transferring practices from the cloud wholesale, ResinOS is optimized for embedded,” answers Marinos. In addition, he says, containers are better than typical IoT technologies at containing failure. “If theres a software defect, the host OS can remain functional and even connected. To recover, you can either restart the container or push an update. The ability to update a device without rebooting it further removes failure opportunities.”
According to Marinos, other benefits accrue from better alignment with the cloud, such as access to a broader set of developers. Containers provide “a uniform paradigm across data center and edge, and a way to easily transfer technology, workflows, infrastructure, and even applications to the edge,” he adds.
The inherent security benefits in containers are being augmented with other technologies, says Marinos. “As the Docker community pushes to implement signed images and attestation, these naturally transfer to ResinOS,” he says. “Similar benefits accrue when the Linux kernel is hardened to improve container security, or gains the ability to better manage resources consumed by a container.”
Containers also fit in well with open source IoT frameworks, says Marinos. “Linux containers are easy to use in combination with an almost endless variety of protocols, applications, languages and libraries,” says Marinos. “Resin.io has participated in the AllSeen Alliance, and we have worked with partners who use IoTivity and Thread.”
**Future IoT: Smarter Gateways and Endpoints**
Marinos and Canonicals Ries agree on several future trends in IoT. First, the original conception of IoT, in which MCU-based endpoints communicate directly with the cloud for processing, is quickly being replaced with a fog computing architecture. That calls for more intelligent gateways that do a lot more than aggregate data and translate between ZigBee and WiFi.
Second, gateways and smart edge devices are increasingly running multiple apps. Third, many of these devices will provide onboard analytics, which were seeing in the latest [smart home hubs][22]. Finally, rich media will soon become part of the IoT mix.
<center>
[
![](http://hackerboards.com/files/eurotech_reliagate2026-sm.jpg)
][23] [
![](http://hackerboards.com/files/advantech_ubc221-sm.jpg)
][24]
**Some recent IoT gateways: Eurotechs [ReliaGate 20-26][1] and Advantechs [UBC-221][2]**
(click images to enlarge)
</center>
“Intelligent gateways are taking over a lot of the processing and control functions that were originally envisioned for the cloud,” says Marinos. “Accordingly, were seeing an increased push for containerization, so feature- and security-related improvements can be deployed with a cloud-like workflow. The decentralization is driven by factors such as the mobile data crunch, an evolving legal framework, and various physical limitations.”
Platforms like Ubuntu Core are enabling an “explosion of software becoming available for gateways,” says Canonicals Ries. “The ability to run multiple applications on a single device is appealing both for users annoyed with the multitude of single-function devices, and for device owners, who can now generate ongoing software revenues.”
<center>
[
![](http://hackerboards.com/files/myomega_mynxg-sm.jpg)
][25] [
![](http://hackerboards.com/files/technexion_ls1021aiot_front-sm.jpg)
][26]
**Two more IoT gateways: [MyOmega MYNXG IC2 Controller (left) and TechNexions ][3][LS1021A-IoT Gateway][4]**
(click images to enlarge)
</center>
Its not only gateways — endpoints are getting smarter, too. “Reading a lot of IoT coverage, you get the impression that all endpoints run on microcontrollers,” says Marinos. “But we were surprised by the large amount of Linux endpoints out there like digital signage, drones, and industrial machinery, that perform tasks rather than operate as an intermediary. We call this the shadow IoT.”
Canonicals Ries agrees that a single-minded focus on minimalist technology misses out on the emerging IoT landscape. “The notion of lightweight is very short lived in an industry thats developing as fast as IoT,” says Ries. “Todays premium consumer hardware will be powering endpoints in a matter of months.”
While much of the IoT world will remain lightweight and “headless,” with sensors like accelerometers and temperature sensors communicating in whisper thin data streams, many of the newer IoT applications use rich media. “Media input/output is simply another type of peripheral,” says Marinos. “Theres always the issue of multiple containers competing for a limited resource, but its not much different than with sensor or Bluetooth antenna access.”
Ries sees a trend of “increasing smartness at the edge” in both industrial and home gateways. “We are seeing a large uptick in AI, machine learning, computer vision, and context awareness,” says Ries. “Why run face detection software in the cloud and incur delays and bandwidth and computing costs, when the same software could run at the edge?”
As we explored in our [opening story][27] of this IoT series, there are IoT issues related to security such as loss of privacy and the tradeoffs from living in a surveillance culture. There are also questions about the wisdom of relinquishing ones decisions to AI agents that may be controlled by someone else. These wont be fully solved by containers, snaps, or any other technology.
Perhaps wed be happier if Alexa handled the details of our lives while we sweat the big stuff, and maybe theres a way to balance privacy and utility. For now, were still exploring, and thats all for the good.
--------------------------------------------------------------------------------
via: http://hackerboards.com/can-linux-containers-save-iot-from-a-security-meltdown/
作者:[Eric Brown][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 组织编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://hackerboards.com/can-linux-containers-save-iot-from-a-security-meltdown/
[1]:http://hackerboards.com/atom-based-gateway-taps-new-open-source-iot-cloud-platform/
[2]:http://hackerboards.com/compact-iot-gateway-runs-yocto-linux-on-quark/
[3]:http://hackerboards.com/wireless-crazed-customizable-iot-gateway-uses-arm-or-x86-coms/
[4]:http://hackerboards.com/iot-gateway-runs-linux-on-qoriq-accepts-arduino-shields/
[5]:http://hackerboards.com/linux-and-open-source-hardware-for-building-iot-devices/
[6]:http://hackerboards.com/intel-launches-14nm-atom-e3900-and-spins-an-automotive-version/
[7]:http://hackerboards.com/samsung-adds-first-64-bit-and-cortex-m4-based-artik-modules/
[8]:http://hackerboards.com/new-cortex-m-chips-add-armv8-and-trustzone/
[9]:http://hackerboards.com/exploring-security-challenges-in-linux-based-iot-devices/
[10]:http://hackerboards.com/linux-based-smart-home-hubs-advance-into-ai/
[11]:http://hackerboards.com/open-source-projects-for-the-internet-of-things-from-a-to-z/
[12]:http://hackerboards.com/lightweight-snappy-ubuntu-core-os-targets-iot/
[13]:http://hackerboards.com/canonical-pushes-snap-as-a-universal-linux-package-format/
[14]:http://hackerboards.com/ubuntu-core-16-gets-smaller-goes-all-snaps/
[15]:http://hackerboards.com/files/canonical_ubuntucore16_diagram.jpg
[16]:http://hackerboards.com/open-source-oses-for-the-internet-of-things/
[17]:http://hackerboards.com/private-cloud-server-and-iot-gateway-runs-ubuntu-snappy-on-rpi/
[18]:http://hackerboards.com/linaro-beams-lite-at-internet-of-things-devices/
[19]:http://hackerboards.com/96boards-goes-cortex-m4-with-iot-edition-and-carbon-sbc/
[20]:http://hackerboards.com/can-linux-containers-save-iot-from-a-security-meltdown/%3Ca%20href=
[21]:http://hackerboards.com/files/resinio_resinos_arch.jpg
[22]:http://hackerboards.com/linux-based-smart-home-hubs-advance-into-ai/
[23]:http://hackerboards.com/files/eurotech_reliagate2026.jpg
[24]:http://hackerboards.com/files/advantech_ubc221.jpg
[25]:http://hackerboards.com/files/myomega_mynxg.jpg
[26]:http://hackerboards.com/files/technexion_ls1021aiot_front.jpg
[27]:http://hackerboards.com/an-open-source-perspective-on-the-internet-of-things-part-1/
[28]:http://hackerboards.com/can-linux-containers-save-iot-from-a-security-meltdown/

View File

@ -0,0 +1,167 @@
###[Linux容器能否弥补IoT的安全短板][28]
![](http://hackerboards.com/files/internet_of_things_wikimedia1-thm.jpg)
在这个最后的物联网系列文章中Canonical和Resin.io向以Linux容器技术作为物联网安全性和互操作性的解决方案发起挑战。
![](http://hackerboards.com/files/samsung_artik710-thm.jpg)
**Artik 7** |
尽管受到日益增长的安全威胁物联网炒作没有显示减弱的迹象。为了刷存在感公司正忙于重新安排物联网的路线图。物联网大潮迅猛异常比移动互联网革命渗透地更加深入和广泛。IoT像黑洞一样吞噬一切包括智能手机它通常是我们在物联网世界中的窗口有时作为我们的集线器或传感器端点。
新的物联网处理器和嵌入式主板继续重塑技术版图。自从9月份推出[Linux和开源硬件IoT] [5]系列文章之后我们看到了面向物联网网关的“Apollo Lake]”SoC [Intel Atom E3900] [6]以及[新三星Artik模块][7]包括用于网关并由Linux驱动的64位Artik 7 COM及自带RTOS的Cortex-M4 Artik。 ARM为具有ARMv8-M和TrustZone安全性的IoT终端发布了[Cortex-M23和Cortex-M33] [8]内核。
安全是这些产品的卖点。最近攻击Dyn服务并在一天内摧毁了美国大部分互联网的未来僵尸网络将基于Linux的物联网推到台前 - 当然这种方式似乎不太体面。通过DDoS攻击可以黑掉物联网设备其设备所有者同样可能直接遭受恶意攻击。
![](http://hackerboards.com/files/arm_cortexm33m23-thm.jpg)
**Cortex-M33 和 -M23**
Dyn攻击让我们更加笃定物联网将更加自信地在受控制和受保护的工业环境而不是家用环境中向前发展。这不是因为消费者[物联网安全技术] [9]不可用,但除非产品设计之初就以安全为目标,否则如我们的[智能家居集线器系列] [10]中的许多解决方案,后期再考虑安全就会增加成本和复杂性。
在物联网系列的最后一个未来展望的部分我们将探讨两种基于Linux的面向Docker的容器技术这些技术被提出作为物联网安全解决方案。容器还可以帮助解决在[物联网框架] [11]中探讨的开发复杂性和互操作性障碍的问题。
我们与Canonical的Ubuntu客户平台工程副总裁Oliver Ries讨论了Ubuntu Core和Docker友好的容器式Snaps包管理技术。我们还就新的基于Docker的物联网方案ResinO采访了Resin.io首席执行官和联合创始人Alexandros Marinos。
**Ubuntu Core 与快照管理**
Canonical面向物联网的[Snappy Ubuntu Core] [12]版本的Ubuntu是围绕一个类似容器的快照包管理机制构建并提供应用商店支持。 snap技术最近[自行发布] [13]用于其他Linux发行版。 11月3日Canonical发布了[Ubuntu Core 16] [14],该版本改进了白标应用商店和更新控制服务。
<center>
[
![](http://hackerboards.com/files/canonical_ubuntucore16_diagram-sm.jpg)
][15]
**传统Ubuntu架构 与 Ubuntu Core 16**
(点击图片放大)
</center>
快照机制提供自动更新,并有助于阻止未经授权的更新。 使用事务系统管理,快照可确保更新按预期部署或根本不部署。 在Ubuntu Core中使用AppArmor进一步加强了安全性并且所有应用程序文件都只读且保存在隔离的孤岛中。
![](http://hackerboards.com/files/limesdr-thm.jpg)
**LimeSDR** |
Ubuntu Core是我们最近展开的[开源物联网操作系统调查] [16]的一部分现在运行在Gumstix主板Erle机器人无人机Dell Edge网关[Nextcloud Box] [17]LimeSDRMycroft家庭集线器 英特尔的Joule和符合Linaro的96Boards规范的SBC上。 Canonical公司还与Linaro物联网和嵌入式LITE部门集团[96Boards物联网版] [18]合作。最初96Boards IE专注于Zephyr驱动的Cortex-M4板卡如Seeed的[BLE Carbon] [19] 它将扩展到可以运行Ubuntu Core的网关板卡。
“Ubuntu Core和快照具有从边缘到网关到云的相关性”Canonical的Ries说。 “能够在任何主要发行版包括Ubuntu Server和Ubuntu for Cloud上运行快照包使我们能够提供一致的体验。 Snaps可以使用事务更新以故障安全方式升级可用于安全性错误修复或新功能的持续更新这在物联网环境中非常重要。
![](http://hackerboards.com/files/nextcloud_box3-thm.jpg)
**Nextcloud盒子** |
安全性和可靠性是关注的重点Ries说。 “Snaps可以完全独立于彼此和操作系统运行使得两个应用程序可以安全地在单个网关上运行”他说。 “Snaps是只读的和经过认证的可以保证代码的完整性。
Ries还采用了减少开发时间的技术。 “Snap软件包允许开发人员向支持它的任何平台提供相同的二进制包从而降低开发和测试成本减少部署时间和提高更新速度。 “使用snap包开发人员完全控制开发生命周期并可以立即更新。 Snap包提供所有必需的依赖项因此开发人员可以选择定制他们使用的组件。
**ResinOS: 为IoT而生的Docker**
Resin.io公司与其商用IoT框架同名最近剥离了该框架的Yocto Linux [ResinOS 2.0] [20]ResinOS 2.0将作为一个独立的开源项目运营。 Ubuntu Core在snap包中运行Docker容器引擎ResinOS在主机上运行Docker。 极致简约的ResinOS抽离了使用Yocto代码的复杂性使开发人员能够快速部署Docker容器。
<center>
[
![](http://hackerboards.com/files/resinio_resinos_arch-sm.jpg)
][21]
**ResinOS 2.0 架构**
(点击图片放大)
</center>
与基于Linux的CoreOS一样ResinOS集成了系统控制服务和网络协议栈可通过异构网络安全地部署更新的应用程序。 但是它为在资源受限的设备如ARM黑客板上运行而设计与之相反CoreOS和其他基于Docker的操作系统例如基于Red Hat的Project Atomic目前仅能运行在x86上并且更喜欢资源丰富的服务器平台。 ResinOS可以在20个Linux设备上运行包括Raspberry PiBeagleBone和Odroid-C1等。
“我们认为Linux容器对嵌入式系统比对于云更重要”Resin.io的Marinos说。 “在云中,容器代表了对之前进程的优化,但在嵌入式中,它们代表了姗姗来迟的通用虚拟化“
![](http://hackerboards.com/files/beaglebone-hand-thm.jpg)
**BeagleBone Black** |
当应用于物联网时完整的企业虚拟机有直接硬件访问的性能问题和限制Marinos说。像OSGi和Android的Dalvik这样的移动虚拟机可以用于IoT但是它们依赖Java并有其他限制。
对于企业开发人员来说使用Docker似乎很自然但是你如何说服嵌入式黑客转向全新的范式呢 “Marinos解释说”ResinOS不是把云技术的实践经验照单全收而是针对嵌入式进行了优化。”此外他说容器比典型的物联网技术更好地包容故障。 “如果有软件缺陷,主机操作系统可以继续正常工作,甚至保持连接。要恢复,您可以重新启动容器或推送更新。更新设备而不重新启动它的能力进一步消除了故障引发问题的机率。”
根据Marinos其他好处源自与云技术的一致性例如拥有更广泛的开发人员。容器提供了“跨数据中心和边缘的统一范式以及一种方便地将技术工作流基础设施甚至应用程序转移到边缘终端的方式。
Marinos说容器中的固有安全性优势正在被其他技术增强。 “随着Docker社区推动实现签名的图像和证据这些自然转移并应用到ResinOS”他说。 “当Linux内核被强化以提高容器安全性时或者获得更好地管理容器所消耗的资源的能力时会产生类似的好处。
容器也适合开源IoT框架Marinos说。 “Linux容器很容易与几乎各种协议应用程序语言和库结合使用”Marinos说。 “Resin.io参加了AllSeen联盟我们与使用IoTivity和Thread的伙伴合作。
**IoT的未来智能网关与智能终端**
Marinos和Canonical的Ries对未来物联网的几个发展趋势具有一致的看法。 首先物联网的最初概念其中基于MCU的端点直接与云进行通信以进行处理正在迅速被雾化计算架构取代。 这需要更智能的网关也需要比仅仅在ZigBee和WiFi之间聚合和转换数据更多的功能。
第二,网关和智能边缘设备越来越多地运行多个应用程序。 第三,许多这些设备将提供板载分析,这些在最新的[智能家居集线器] [22]上都有体现。 最后,富媒体将很快成为物联网组合的一部分。
<center>
[
![](http://hackerboards.com/files/eurotech_reliagate2026-sm.jpg)
][23] [
![](http://hackerboards.com/files/advantech_ubc221-sm.jpg)
][24]
**最新设备网关: Eurotechs [ReliaGate 20-26][1] 和 Advantechs [UBC-221][2]**
(点击图片放大)
</center>
“智能网关正在接管最初为云服务设计的许多处理和控制功能”Marinos说。 “因此我们看到对容器化的推动力在增加可以在IoT设备中使用类似云工作流程来部署与功能和安全相关的优化。 去中心化是由移动数据紧缩,不断发展的法律框架和各种物理限制等因素驱动的。
Ubuntu Core等平台正在使“可用于网关的软件爆炸式增长”Canonical的Ries说。 “在单个设备上运行多个应用程序的能力吸引了众多单一功能设备的用户,以及现在可以产生持续的软件收入的设备所有者。
<center>
[
![](http://hackerboards.com/files/myomega_mynxg-sm.jpg)
][25] [
![](http://hackerboards.com/files/technexion_ls1021aiot_front-sm.jpg)
][26]
**两种IoT网关: [MyOmega MYNXG IC2 Controller (左) 和TechNexions ][3][LS1021A-IoT Gateway][4]**
(点击图片放大)
</center>
不仅是网关 - 终端也变得更聪明。 “阅读大量的物联网新闻报道你得到的印象是所有终端都运行在微控制器上”Marinos说。 “但是我们对大量的Linux终端如数字标牌无人机和工业机械等直接执行任务而不是作为操作中介数据转发感到惊讶。我们称之为影子IoT。
Canonical的Ries同意对简约技术的专注使他们忽视了新兴物联网领域。 “轻量化的概念在一个发展速度与物联网一样快的行业中初现端倪”Ries说。 “今天的高级消费硬件可以持续为终端供电数月。“
虽然大多数物联网设备将保持轻量和“无头”(一种配置方式,比如物联网设备缺少显示器,键盘等),它们装备有传感器如加速度计和温度传感器并通过低速率的数据流通信,但是许多较新的物联网应用已经使用富媒体。 “媒体输入/输出只是另一种类型的外设”Marinos说。 “总是存在多个容器竞争有限资源的问题,但它与传感器或蓝牙竞争天线资源没有太大区别。”
Ries看到了工业和家庭网关中“提高边缘智能”的趋势。 “我们看到人工智能机器学习计算机视觉和上下文意识的大幅上升”Ries说。 “为什么要在云中运行面部检测软件,如果相同的软件可以在边缘设备运行而又没有网络延迟和带宽及计算成本?“
当我们在这个物联网系列的[开篇故事] [27]中探索时我们发现存在与安全相关的物联网问题例如隐私丧失和生活在监视文化中的权衡。还有一些问题如把个人决策交给可能由他人操控的AI裁定。这些不会被容器快照或任何其他技术完全解决。
Perhaps wed be happier if Alexa handled the details of our lives while we sweat the big stuff, and maybe theres a way to balance privacy and utility. For now, were still exploring, and thats all for the good.
如果Alexa可以处理生活琐碎而我们专注在要事上也许我们会更快乐。或许有一个方法来平衡隐私和效用现在我们仍在探索如此甚好。
--------------------------------------------------------------------------------
via: http://hackerboards.com/can-linux-containers-save-iot-from-a-security-meltdown/
作者:[Eric Brown][a]
译者:[firstadream](https://github.com/firstadream)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://hackerboards.com/can-linux-containers-save-iot-from-a-security-meltdown/
[1]:http://hackerboards.com/atom-based-gateway-taps-new-open-source-iot-cloud-platform/
[2]:http://hackerboards.com/compact-iot-gateway-runs-yocto-linux-on-quark/
[3]:http://hackerboards.com/wireless-crazed-customizable-iot-gateway-uses-arm-or-x86-coms/
[4]:http://hackerboards.com/iot-gateway-runs-linux-on-qoriq-accepts-arduino-shields/
[5]:http://hackerboards.com/linux-and-open-source-hardware-for-building-iot-devices/
[6]:http://hackerboards.com/intel-launches-14nm-atom-e3900-and-spins-an-automotive-version/
[7]:http://hackerboards.com/samsung-adds-first-64-bit-and-cortex-m4-based-artik-modules/
[8]:http://hackerboards.com/new-cortex-m-chips-add-armv8-and-trustzone/
[9]:http://hackerboards.com/exploring-security-challenges-in-linux-based-iot-devices/
[10]:http://hackerboards.com/linux-based-smart-home-hubs-advance-into-ai/
[11]:http://hackerboards.com/open-source-projects-for-the-internet-of-things-from-a-to-z/
[12]:http://hackerboards.com/lightweight-snappy-ubuntu-core-os-targets-iot/
[13]:http://hackerboards.com/canonical-pushes-snap-as-a-universal-linux-package-format/
[14]:http://hackerboards.com/ubuntu-core-16-gets-smaller-goes-all-snaps/
[15]:http://hackerboards.com/files/canonical_ubuntucore16_diagram.jpg
[16]:http://hackerboards.com/open-source-oses-for-the-internet-of-things/
[17]:http://hackerboards.com/private-cloud-server-and-iot-gateway-runs-ubuntu-snappy-on-rpi/
[18]:http://hackerboards.com/linaro-beams-lite-at-internet-of-things-devices/
[19]:http://hackerboards.com/96boards-goes-cortex-m4-with-iot-edition-and-carbon-sbc/
[20]:http://hackerboards.com/can-linux-containers-save-iot-from-a-security-meltdown/%3Ca%20href=
[21]:http://hackerboards.com/files/resinio_resinos_arch.jpg
[22]:http://hackerboards.com/linux-based-smart-home-hubs-advance-into-ai/
[23]:http://hackerboards.com/files/eurotech_reliagate2026.jpg
[24]:http://hackerboards.com/files/advantech_ubc221.jpg
[25]:http://hackerboards.com/files/myomega_mynxg.jpg
[26]:http://hackerboards.com/files/technexion_ls1021aiot_front.jpg
[27]:http://hackerboards.com/an-open-source-perspective-on-the-internet-of-things-part-1/
[28]:http://hackerboards.com/can-linux-containers-save-iot-from-a-security-meltdown/