Shearwater Teric why no password system?

[Esprise Me]

Think about buying and selling Shearwaters legitimately. I don't want this extra headache. I also don't see the deterrant. The thief (or the buyer of stolen goods for a really good deal) just hide the screen as it starts up and no one will know. They don't ever have to connect it to a computer.

Not to mention, if changing the name is a known headache, the other people on the boat won't think twice when the thief claims he bought his computer used and just never bothered to change the info. (Assuming those other people even noticed the name pop up on the screen in the first place!) If you met a Joe Schmo on a dive boat with a set of initials other than JS painted on his fins, would you call the cops, or accept his explanation that he bought them used and the paint wouldn't come off?

 

[Robbyg]

Are you a politician?

Only a politician would take something completely working and then F it up.

That's why I've got 3 Shearwaters currently (I dive with 2). I've relied on them to get me out of a cave, relied on them to get me up safely from 200', relied on them to control my PPO2 on a rebreather, and now that I'm older, rely on them to count a 5 minute safety stop after a 45 minute dive to 45' in Bonaire.

I see, your one of those people who do not embrace change very well even if the change is not apparent to you. If Shearwater put in a Password system for the Owner Info you would not even know about it unless you went on the forums or read the release notes. You could leave it at the 1234 default and be oblivious.

Its great that you can afford to have three expensive dive computers and losing one or two does not matter. For some of us it's a big investment and losing it with Zero chance of a recovery would be extremely bad as it is not something that all of us can just casually replace.

I get the fact that your trying to send a message to Shearwater by insulting me, I guess you figure that having an aggressive stance will make an impression on them. I highly doubt that! You honestly think that the people who wrote the code cannot insert two dozen lines of extra code into the system without screwing it up?

I am not some young kid like you might think, I have been working in the Electronics field as a hardware designer for 35 years, I also had to write my own code to test my designs.
You have mission critical modules in the code that you don't want to touch unless your willing to Beta test the system extensively again and then you have non essential modules that are not linked to anything important. You can change those as needed without any problems. This is a non critical system just like changing the font color menu options.

 

[Wibble]

One wonders...

When a Shearwater computer uploads to the Shearwater Cloud, does it share it's "MAC address" (as in some permanent ID number for that computer, similar to a phone's ID or network adapter on a 'puter).

If that were the case, I wonder if you could register that your Shearwater computer's "missing" and they could then put up a message on that computer / cloud account that the person's using an, errm, "missing" computer and could they please reunite it with it's owner?

Probably worth a finder's fee.

 

[Robbyg]

Think about buying and selling Shearwaters legitimately. I don't want this extra headache. I also don't see the deterrant. The thief (or the buyer of stolen goods for a really good deal) just hide the screen as it starts up and no one will know. They don't ever have to connect it to a computer.

Really, you don't see the deterrent?
Somebody puts a Teric up for sale on this forum who's going to buy it with a Name and Telephone number embedded in it that cannot be removed?

Sell it on eBay and it becomes a Police matter if the Buyer reports that he just got sold some stolen merchandise.
You do understand that if someone finds your Teric and clears the Name and Tel number for all intents and purposes it's considered his good fortune and your loss, but if it has the owners information is in it then it becomes a matter for the police.

Even if I kept a stolen Teric for myself it would be useless to me if I was always nervous about switching it into dive mode on the boat while also having to look over my shoulder every time I did it. Also your not taking into account that once this kind of anti theft feature becomes widely known about other divers will get suspicious when they see a diver acting nervously when asked about their Teric or worst if asked if they can see what the Dive screen looks like and get a flat out No in response.

I'd rather appeal to people's honesty. That may be foolish, but I've seen a fair bit of expensive gear returned to rightful owners. Not everyone as I knew a guy who bragged about expensive gear that he found that he kept. I guess it comes down to how one views the average diver.

Yes it would be nice if the world worked that way but it has become very clear over the last three decades that this kind of behavior is very rare when the value of the item found is high.

 

[Robbyg]

One wonders...

When a Shearwater computer uploads to the Shearwater Cloud, does it share it's "MAC address" (as in some permanent ID number for that computer, similar to a phone's ID or network adapter on a 'puter).

If that were the case, I wonder if you could register that your Shearwater computer's "missing" and they could then put up a message on that computer / cloud account that the person's using an, errm, "missing" computer and could they please reunite it with it's owner?

Probably worth a finder's fee.

They probably can but I suspect they are not going to get involved. Apple was faced with this issue in the past and decided that they were not going to get involved. I suspect that they just don't want to deal with any possible legal issues.

What they did do, due to the murders that occurred during some of the violent thefts and the public outrage about people being killed over a phone was to eventually make the system robust enough that it is now almost impossible to use a stolen iPhone.

Years ago I remember anybody that lost an iPhone could pretty much kiss it good bye. Today people lose iPhone's and very often get a call from somebody saying they found it.

 

[LiteWeight]

I see, your one of those people who do not embrace change very well even if the change is not apparent to you.
Yes sir, does that make me a bad person? My ex-wife would agree!

I get the fact that your trying to send a message to Shearwater by insulting me, I guess you figure that having an aggressive stance will make an impression on them. I highly doubt that! You honestly think that the people
who wrote the code cannot insert two dozen lines of extra code into the system without screwing it up?

Sir no insult intended, and no need to send a message to Shearwater. They've answered the phone both times I've called them. In 14 years. Both times.

Again, sir, no insult intended.

 

[Blackcrusader]

One wonders... When a Shearwater computer uploads to the Shearwater Cloud, does it share it's "MAC address" (as in some permanent ID number for that computer, similar to a phone's ID or network adapter on a 'puter). If that were the case, I wonder if you could register that your Shearwater computer's "missing" and they could then put up a message on that computer / cloud account that the person's using an, errm, "missing" computer and could they please reunite it with it's owner? Probably worth a finder's fee.

When you upload to cloud you can see the serial number of the Shearwater. I am sure the company has access to the same data. I uploaded a file for when my shearwater starts so it has a unique screen start. Same as my avatar

 

[wetb4igetinthewater]

Really, you don't see the deterrent?
Somebody puts a Teric up for sale on this forum who's going to buy it with a Name and Telephone number embedded in it that cannot be removed?

Sell it on eBay and it becomes a Police matter if the Buyer reports that he just got sold some stolen merchandise.
You do understand that if someone finds your Teric and clears the Name and Tel number for all intents and purposes it's considered his good fortune and your loss, but if it has the owners information is in it then it becomes a matter for the police.

Even if I kept a stolen Teric for myself it would be useless to me if I was always nervous about switching it into dive mode on the boat while also having to look over my shoulder every time I did it. Also your not taking into account that once this kind of anti theft feature becomes widely known about other divers will get suspicious when they see a diver acting nervously when asked about their Teric or worst if asked if they can see what the Dive screen looks like and get a flat out No in response.

Yes it would be nice if the world worked that way but it has become very clear over the last three decades that this kind of behavior is very rare when the value of the item found is high.

I still don't think its that much of a deterrant. Sure some avenues for selling are gone, but still easy to sell stolen goods.

Honestly, when I'm on a boat, I'm only focused on my own kit and my buddies. If you ask to see my screen, I will reply in a not very polite fashion as you are distracting me from my preparation. Ask me when I'm finished to see my screen, I still won't be polite. I don't see a thief getting all that nervous really. In this corner of the country, Shearwaters are EXTREMELY popular, but when I travel, not many people have two on their arm, I give you that.

I don't think human nature has changed much in the past 3 decades, but I'm only 50. I do realize that the velocity of information exchange is far greater than in the past, and that does effect people's perception

So since you are a hardware designer, question for you. Where will you store the password? Or I should say, the hash of it? How robust is the hashing algorithm? It has been a while since I worked on Bitlocker (oh God, 14 years?!??!), so I haven't kept up to date on software security, but that was when SHA1 was abandoned due to weaknesses, and they switched to SHA256. What level of effort do you expect from Shearwater to ensure that what they implement isn't easily hacked? All of this isn't free, and is not likely in demand from enough of their customer base to warrant this investment. Just to be clear I am NOT a software security expert.

So now that I think about the possible security implications, I'm thinking there is even less reason. I could ping a couple of security architects, like Paul England or David Wooten and ask them on FB. Maybe I'm wrong at it is easy with few resources and can easily be secure. I'll wait as I should be augmenting the firmware for another dive computer on the market, so I know more of what I'm talking about. I've worked on a few STM32 projects, bare metal and RTOS. Not sure what hardware Shearwaters have inside.

 

[GF99/99]

Since the topic came up in another thread about the AI and Compass mode being left on while in watch mode I though I would bring up the only other software complaint I have with this fantastic Dive computer just in case they decide to do an update.

On the Teric you get a screen flashing up in Dive Mode with your Name and two telephone numbers.
I love this feature but I am wondering what is the point? It assumes that if I lost my Teric someone would be honest enough to call me and give it back. My personal experience has been that this is less than a 50/50 possible outcome. It may not be the case in Canada but in most places I have been it is.

I am in no way comparing this to an iPhone or some other device like that, I know this is a piece of professional gear that must put safety above anything else and you certainly do not want a password prompt coming up when your down deep and need info.

While it would be nice to lock the Teric and somehow prevent a thief from using it, I wonder why even the least risky strategy has not been implemented in the code. Why not just lock the Information screen so that in order to change the owners Name and Tel Number you need their password.

As it is now if someone finds your Teric they can just change the info and buy a new AI unit and pair it up again and they are good to go. Also I am not sure how the cloud system handles duplicate serial numbers on different accounts, one would hope that they would have some form of protection that requires you to deauthorize it from your account before it can be added to another account.

Even if this did happen how would you even enter your password/unlock it?? not like Shearwater is going to put FaceID, thumbprint reader, or a keyboard on a dive computer.

Lets be realistic and think about what a diver computer is meant for.

 

[divinh]

I found a Garmin fitness watch. I contacted Garmin to have them contact the owner or act as a proxy to deliver the watch to its owner. Garmin first thought I wanted the owner's info, so refused on that, which makes total sense. (I didn't want the info, just for them to get in touch with the owner to proceed with returning it.) They didn't want me to send it to them for them to send to the owner. New, the watch was about $300. Current eBay price ranged from $50-$100. I suppose it's not worth their resources to return an old watch. They told me to keep it and enjoy. Since fitness data is tied to the serial number of the watch, I would have figured that registering it would have triggered something about the watch being lost/stolen. Nothing.

Before Android and iOS started having security, BlackBerry required passwords. Ten wrong guesses and the phone would wipe all the data on the phone, as ultimately, it's the data that's valuable. There was even remote locator and remote wipe. At least these ideas live on.