Please distribute firmware updates with some form of validation.

Please register or login

Welcome to ScubaBoard, the world's largest scuba diving community. Registration is not required to read the forums, but we encourage you to join. Joining has its benefits and enables you to participate in the discussions.

Benefits of registering include

  • Ability to post and comment on topics and discussions.
  • A Free photo gallery to share your dive photos with the world.
  • You can make this box go away

Joining is quick and easy. Log in or Register now!

WetAndHappy

WetAndHappy

Registered
Messages
20
Reaction score
3
I'm thrilled that firmware for the Icon is being developed and released. Almost as pleased as I am to talk with others about how the Icon serves my needs. I love this thing.

And I have to look out for the things I love.

There's one issue plaguing every firmware release. The .enc file is not sent with any error or content checking at all. Not encased in a .zip file, not a text field with an MD5 checksum, not even a file size.
The repercussions of pushing damaged or incomplete firmware to a device are costly.
Please, as I have implored with every firmware release in the past, do something to ensure the firmware file is getting to us in good condition. Doing so lies between free and cheap.

For others:
File: IconHD-Net-FW-4.1.enc
CRC-32: 2cacedc2
MD5: df12efb634d362d1a0dd903b5a425449
SHA-1: fa2a7c2b24f8316827ca1f03d134364388dc9999
 
File validation is usually used for files which are (re)distributed around the Internet among users. The ENC file is intended to be downloaded only from the Mares web site. It is not supposed to be (re)distributed around, so what would be the purpose of the validation? I would never update my dive computer with a file somebody else sends me. A firmware update for a device which your life dpends on should not be copied around. That's just common sense...

If common sense is not enough, there's a legaly binding agreement (the Mares Software Licensing Agreement) where you agreed that:
“You may not:
Revise or work around the software;
reverse engineer, decompile, disassemble or otherwise attempt to derive the source code of the software;
copy, distribute or publish the software for others to copy;
rent, lease or lend the software;
or use this software for any unlawful purpose, or in any manner inconsistent with this agreement.”

If you're concerned with the integrity of the file you downloaded from the Mares web site, I'm sure the Dive Manager (which is used to update the firmware to the icon) checks the ENC file before the update starts.

Z
 
Clarification

My request has nothing to do with the source of the file, but the validity of its contents. I too would not push firmware to my unit from anywhere other than the Mares web site.

Boring story time:
When I obtained the v3.07 firmware update from the Mares website, it initially gave me a 307kb file. I had a suspicion the file wasn't the right size, and had to clear my browser cache and re-download to obtain the full file. My friend had the same experience, initially obtaining a 507kb file from the Mares web site. He had no indication that the file was incomplete and pushed it to his unit, bricking it. (This does not support the statement that "Dive Manager <<snip>> checks the ENC file before the update starts." - note that this happened with whatever version of Dive Organizer came before Mares Dive Organizer 2.15.19.5741, so maybe .enc content validation has been added since then?)

I had no problems getting v4.0 or v4.1. My friend however, tempered by experience, phoned me before pushing out the 747kb file he got when downloading the v4.1 firmware. I told him the file I obtained was larger, and on his second attempt to download the file got a file size which matched mine.

Interestingly, when a third associate grabbed "Dive Organizer 2.17 Full.exe" from Mares to update to v4.1, the installer showed her this window:
snip.PNG
When she downloaded it a second time, the problem went away. The Dive Planner installation package checks itself for damage before inflicting the wrong stuff on the computer. Is content validation good enough for the desktop program, but not good enough for dive equipment firmware?

My only interest in zipping the .enc file is to make sure it gets to the end user in good shape.

I'm going to see if I can safely test if the latest Dive Planner 2.17.3.4/2.17.3.6442 checks if an .enc file is damaged. I know that several revisions ago it did not, or did not do so successfully.
 
Follow up with Dive Planner 2.17.3.4/2

I forgot to post this update; here it is 5 months late.
Looks like the new Dive Planner inspects .ENC files before pushing them. If you attempt to push a non-ENC file (incorrect header) as firmware you get this response:
NotAnENC.PNG
If the .ENC file is either truncated or damaged you get this message:
OK.PNG
Looks like validation has been implemented, at least at the last link in the chain.

There's still the issue of reporting minor revisions with a leading zero, i.e. 4.1 reported as 4.01
4.01.PNG
4.01confirmation.PNG
 
You must log in or register to reply here.
https://www.shearwater.com/products/swift/

Back
Top Bottom