¸:::::huig.blog_:::::¸

curb your hound, against the Internet of Things #0

it's no coincidence that "IP on everything!" sounds identical to "I pee on everything!"

11 January 2026

This is to be the first of many more articles about the IoT, several times as many about the internet itself, and even more than that about networks.

From about the 1970s to the 1990s raged the so-called "Protocol Wars" between the International Organization for Standardization's Open Systems Interconnection or OSI model and the ultimately victorious Transmission Control Protocol/Internet Protocol suite (sometimes referred to just by the latter pair). The OSI model, much like the stylized rainbow ^[1], or the Indo-European understanding of a musical scale, and the Kinsey Scale ^[2], has seven steps ^[3]. The bottom three layers of the OSI model comprise the media layers, and the top four, the host layers. From the bottom to the top in order, they are: physical, data link, network, transport, session, presentation, and application. To this day, the OSI model is still an excellent reference model, one which is still taught to networking students, and one perhaps more thorough than the way the internet as we know it today is laid out, which is more like the following four layers (again from bottom to top) of link, internet, transport, and application.

The two men who often share the title of "father of the internet" are Robert Elliot "Bob" Kahn and Vinton Gray "Vint" Cerf (the fact that they were born on the 23rd day of their respective months, some five years apart, along with the fact that Cerf knew Steve Crocker and Jon Postel in high school, sounds like something out of the pages of the Illuminatus! trilogy by Messrs Wilson and Shaw). One slogan popularized by Cerf, which he even famously wore a shirt emblazoned with, was "IP on Everything!" ^[4]. Although in the 90s, this was not exactly accurate as an assessment of the state of affairs, yet it presaged the idea of what would later come to be termed the "Internet of Things", acting in effect as more of a prediction cum prescription. The history of the IoT as it is often recounted highlights an amusing story from the early 1970s of a vending machine employed, designed, and used by the Stanford Artificial Intelligence Laboratory, which could be operated via a computer terminal. This device was named the Prancing Pony after the inn visited by the four hobbits Frodo, Samwise, Peregrin, and Meriadoc in J.R.R. Tolkien's The Fellowship of the Ring. A spiritual successor of which exists to this day at Stanford university. This ingenius bit of engineering in turn led about a decade later, on the opposite coast, to some at the compsci department of Carnegie Mellon University to develop the world's first ARPANET-connected appliance, a vending machine for Coca-Cola which included inventory status and temperature data. This later gadget was only accessible on the campus of the school, but it did set in motion some early precedents. But first, who first coined the term "Internet of Things" and how was it defined?

Peter T. Lewis speaking in 1985 said, "The Internet of Things, or IoT, is the integration of people, processes, and technology with connectable devices and sensors to enable remote monitoring, status, manipulation, and evaluation of trends of such devices." Now this on its own gets to the meat of it rather well. With a little critical thinking and reading between the lines, it all but ennumerates the various, positive, neutral, and negatives of the concept, and likewise hints at some of these of the reality of them, too. This particular post is not about the political dimensions of this, something Cory Doctorow has written incredibly well about. For now, though, I want to simply address the problematic nature of the literal aspect of the IoT defined by Cerf's "IP on Everything" as it exists today (stay tuned for future political looks). Networks (electronic or otherwise) are beautiful things, a true testament to human co-operation and certainly the internet as we know it (which is primarily based on TCP/IP) is undoubtedly far more developed than other networks previous and current which make use of other protocols. To begin with, let us ask ourselves, does everything under the sun need an embedded system? I'd say answer myself, no, we do not. However the idea of adding to certain types of everyday appliances not only sensors, quantification/qualification of data, analysis of this data, and the ability to observe and manipulate it, but also to network these, is a genuinely inspired and insightful one. Or at least, it could potentially be so. But here's the thing, one size fits all solutions are very seldom the best option — to wit, "utopia" is a pun on both "ou-topos" which means "no place" ^[5] and "eu-topos" meaning "good place", and neither a true utopia nor a true panacea actually exist.

It is true that the internet as provisioned mainly by TCP/IP is capable of varying levels of security. You likely won't access your local café's wi-fi connection without their password and you aren't especially likely to break into the bank or the federal government's machines. But just as the halflings' watering hole was breached by the Nazgûl, these sorts of things have happened and continue to, wire fraud and cracking remain genuine concerns in the field of cybersecurity. Even if your everyday mischievous computer cracker ^[6] probably has more amusing things to keep themselves busy than to adjust some rando's home thermostat settings and/or password, this is the gist of one of the biggest problems — either they or someone else could. In security, two important concepts are known as the "attack vectors", which are the the "how" of how certain vulnerabilities in a system are affected (named by extension from the use of vectors in immunology, just like virus), and the "attack surface" the summed attack vectors. No matter how good the countermeasures one may employ, the use of the Internet Protocol suite on everything is placing all of your eggs in one basket. In other words, even with all of the best of the best expert advice taken into consideration, implemented, and put in place, you are still increasing the potential attack service 100%. Not 90%, not 95%, not 99%, but entirely. There can be arguments made for the use of IP or even TCP/IP in the IoT—even good ones—but to choose a single (or small number of) protocol(s) poses great risk to the overall integrity even if it's on a level many aren't willing to reckon with. But not only does this increase the potential vulnerability of it all, it's also asking too much of one particular system. When you put all your eggs in one basket, it will put an awful lot of a strain on your basket, no matter how big the basket is, especially when more and more eggs are being added all the time. But, as I will discuss in a future writeup, the internet we currently have is but one posssible internet.

¹ The common depiction of the range of visible light spectrum we learn about as school children is a stylized seven-part rainbow, often paired with the mnemonic device ROYGBIV for red, orange, yellow, green, blue, indigo, violet. One problem with this is that the name indigo has been used for various colours. The Wikipedia article on the color is an incredible jumping-off point into many fascinating topics from the history of the production and trade of different pigments to colour theory to botany (did you know a ripe banana glows indigo under a blacklight?!) and beyond. The modern day use of the name for the hue found between deep blue and purple was actually codified in part by developers working on the X Window System who were using Crayola brand crayons for reference and the subsequent use of some of these names being adopted in the early days of the World Wide Web Consortium.

² There is European solfege system of Guido d'Arezzo consisting of: do, re, mi, fa, sol, la, ti, whose names come from an acrostic of the first syllables of Ut queant laxis, a medieval hymn to St. John the Baptist, where do used to be ut. And there is likewise the sargam of the svaras found in both Northern and Southern Indian raga. The shorter names for the degrees in the former: sa, re, ga, ma, pa, dha, ni. The short names in the latter is much the same though the abbreviated form for the second degree is ri. Unlike the European system, which is used on various scales irrespective of tuning, it seems that in raga, the first and fifth degrees (sa and pa) are "anchors" with the remaining notes having differing options for how they are tuned. The computational/mathematical study of raga that exists as an active discipline is fascinating stuff which for the moment goes far far above my head. Sexologist Alfred Kinsey's landmark studies on sexual orientation ranged from 0 meaning "exclusively heterosexual" to 6 meaning "exclusively homosexual"

³ There is some mathematical reason the pH scale which is from 0 to 14 couldn't be reduced to one from 1 to 7 in both positive and negative directions around 0 instead of treating 7 as its midpoint, but I am not a chemist. Nonetheless, reading about how the pH scale works and was developed is interesting and I do hope this criticism isn't missing the point as much as some of those I've seen made about Fahrenheit and Celsius.

⁴You know who/what pees on everything? Either a poorly trained/untrained dog or a cartoonish caricature/stereotype of a dipsomaniac. Take your pick.

⁵ Compare Samuel Butler's 1872 Erewhon , whose name is derived from the word "nowhere" spelled backwards.

⁶ I refuse to misuse the word "hacker" the way the mainstream of society does and sully the good name of my fellow nerds.

< < back < <