[Company] Weekly Operations Update 3 and 4/2010

Polossatik polossatik at gmail.com
Wed Jan 27 05:09:46 EST 2010

On Wed, Jan 27, 2010 at 7:58 AM, Ron K. Jeffries <rjeffries at gmail.com> wrote:
> I have remained quite on this issue, but
> will add a comment from real world experience
> in customer support at a mid-size telecom
> equipment company.
> 1. Serial numbers and hardware revision
> information is vital when providing support.
> Identifying product flaws sometimes traces
> back to when a piece of hardware was made.
> There are cases where a routine change
> from one batch of a component to another
> batch results in subtle problems.
> TRACEABILITY of hardware is not an option,
> it is required in order to provide a good
> customer experience.

That is true is a real central managed (enterprise) env, like desktops
who are locked down and are remotely administered or for devices like
ADSL modems you put "in the field" and need to be tracked down on your
network. There to be able to "read" remotely the HW config or some
form of unique ID/serial is then indeed almost essential.

> 2. I am puzzled about the concern (some might
> use the word ("paranoia") about having serial
> numbers.
> Serial numbers normally encode
> -- identity of the outfit that manufactured the unit
> -- year and month of production
> -- unique number for the unit

For non remote managed systems this can however be easily "catched" by
using a decent version string (batch incrementals), which is then not
uniquely limited to ONE device but still allows to distinct revisions.
This can be (certainly for the nanonote) a simple external serial nr
(<type><main rev><small rev><batchnr> ) on the case.

> Yes that can be on a label, but it should not be
> easy to remove unless one is determined to do so.

The point is that some serials like the PSN of intel P3 chips [1] is
something you (almost) cannot switch off, leaving that it's always
possible to identify a client. A bit far fetched example: let's say
you are using a device as someone criticizing the Chinese censorship,
even if you clear out always the browser cookies it's rather trivial
to track the devices based on the PSN (I'm leaving other things like
the MAC address out of the picture for the moment).
There is nothing wrong with a Unique ID as such, the only problem is
to shield it from use without the consent of the user.

> As a former support guy, yes, I'd rather have a SEEP
> (they are dirt cheap) so there is an electronically
> readable board version and serial number.

Even if only batch level info is remotely accessible it would however
also possible to use this to "narrow" a particle device down,
certainly in rather small batch operations.
By making the "opt in" you might indeed provoke some more work for a
"big remote" rollout seen they have to make sure each device get's a
remote readable unique ID, but on the other hand this is something
that is hardly a big hurdle for centralized env.

> What slightly amuses me is the software for Nanonote
> will be totally open. What are we afraid of? That the
> RIAA loads virus code on the Nanonote that tells
> them the serial number?

No, that is very unlikely :) But it's a matter of setting a good
example, if this is really the first of a long bloodline of open
source devices IMHO it's better to do it right.
I just really really like "opt in" approaches, as they have a tendency
to be better for the individual.
I would love to be able to "opt in" for windows when I buy a notebook,
not to try to get a 20 or 30 usd back if I don't want use that OS :)

> Thanks for listening. This is something that
> reasonable people can reasonably disagree over.
> ---
> Ron K. Jeffries

Indeed :) Feel free to comment :)

[1] http://cdt.info/privacy/issues/pentium3/

More information about the discussion mailing list