The Let's Encrypt Update
On September 30, Let's Encrypt's original root certificate expired. All of our customer-facing HTTPS services have certificates signed by Let's Encrypt. As can be expected, there were a few hiccups along the way. If you are experiencing issues with services on Foundries.io please take a look below and see if this corrects your issue. If this does not resolve your issue do not hesitate to reach out to our support team either on Slack or via our support portal.
Read more
PKI Hacking for Fun and Profit - Part III
This is the final article in my PKI Hacking for Fun and Profit series. This article follows up on part II and shows how you can use AWS's API Gateway to handle mTLS traffic from your factory devices with AWS Lambda. The result is a service that can scale as you need. In the PKI Hacking for Fun and Profit - Part II article, I created a simple example of an event logging agent that allows devices to use a customer owned mTLS server.
Read morePKI Hacking for Fun and Profit - Part II
Following the PKI Hacking for Fun and Profit article, I've created a simple example of an event logging agent that allows devices to use a customer owned mTLS server.
Read morePKI Hacking for Fun and Profit
Products often need to talk to third party services like AWS. Many times, the best bad option available is to copy some type of API key to the device's file system. As an embedded engineer, I work under a simple assumption: > ***Someone will eventually hack my device*** This article explores a way to provision devices without API keys.
Read more
OSTree Static Deltas
Rolling out big OTA updates efficiently is something we are often asked about. This article will talk about a feature in OSTree called static deltas and how they make platform updates more efficient.
Read moreWhat's Aktualizr-lite Thinking?
As the creator of aktualizr-lite, I often underestimate the difficulty in understanding what aktualizr-lite is trying to do. Rather than typing the same few things in Slack over and over, I thought I'd try to write down what aktualizr-lite is "thinking".
Read moreFoundriesFactory TUF Keys Rotation
Built on a vision that the latest software is the most secure, software updates are central to the FoundriesFactory security story. What happens, however, when software delivery is compromised? Is recovery complicated? Enter TUF key rotation!
Read more
Docker App Support in Aktualizr
Aktualizr has gained support for Docker Apps. This is a powerful feature, but hasn't really been described well ... until now!
Read moreIntroducing Aktualizr-lite
Earlier this year, I found myself pushing the idea of an "anonymous mode" for the Aktualizr project which is the OTA agent running in the LMP. This turned into "aktualizr-lite" and has recently become the default OTA agent used by the LMP. This article explains what aktualizr-lite is and why we are using it.
Read more