Motivation: Why does the Internet need this blog?

When your television watches you, your washing machine steals your credit card details and your car can be commandeered to drive into a ditch because it has a network media player in it, then you know something has gone wrong with technology. We have connected Things to the Internet for our convenience. We have neglected to think about our safety and security in the act.

If we ask why we cannot get better safety and security at reasonable prices, the answer we receive from the techies is that the engineering that is needed to achieve this is too complicated and hence too costly. Devices we buy are primed with tiny Linux distributions that run scripting languages and native code, often under default accounts with standard passwords.

The operating systems and programs may not be secure to start with, and because their configuration is not minimised or individualised, they are readily identifiable on the Internet when scanned for and probed. Even if the developers of the devices would be interested in addressing vulnerabilities, the devices usually do not have an update mechanism. If they do have an update mechanism, it is often ad-hoc and hence creates an even greater opportunity to deploy malware.

The summary is that, safe and secure software for IoT has to be engineered from the start. Processes and tooling have to support it. It must be possible for a software engineer to understand what an IoT device will eventually do in the wild, and it must be possible to address issues that have been unknown or overlooked at a later time.
In this blog series I want to introduce you to Java ME 8 and to argue why it is a good candidate for creating such an approach. It is not the only candidate, and its existing tooling does not comprise the type of extended tools necessary, but it has the facilities required.