Lawrence D'Oliveiro wrote:
I remember in an e-mail exchange with Stuart Cheshire a few years ago (he was the mastermind behind the Zeroconf initiative, which Apple implemented as “Rendezvous”—later renamed “Bonjour”—and Linux users know as the “Avahi” packages), he said that there should indeed be just a single type of port on a computer, all speaking the same protocol. And that protocol should be TCP/IP.
After all, why shouldn’t you run full TCP/IP between your keyboard, mouse and PC? The silicon it takes to implement the network stack shouldn’t amount to much of a cost these days.
... security? I suspect that USB firmware is somewhat easier to audit for security flaws than a network stack. Possibly wrongly, but spreading reports of DSL router issues seem relevant here. (counter-argument: I haven't heard of actual exploits of network devices other than routers. or, um, PLCs, to stretch the point. that said, vulnerabilities have emerged in Samsung and HP printers, and I'm sure they won't be the only ones.) And while I'd *hope* that directly-connected devices would be properly subnetted and firewalled in that sort of scenario I wouldn't readily bet on it, and if an attack succeeds against a PC then network-accessible targets would multiply immediately. Plausible attack: $worm_pc roots host, spams devices with $worm_dce, and removes itself from the host once one reports success. Voila, your keyboard or external HD or webcam are live and are streaming to Boca Raton, Uzbekistan, or the NSA. And wouldn't that be like a whole century worth of Christmases for the latter? butting