Camio Box Software Updates
The Camio Box software itself is updated automatically.
- Every change to the software code or installation scripts is reviewed and approved by at least one other teammate.
- The approved code changes are built automatically into a Release Candidate (RC), which is posted on camio.com servers.
- The RC is first deployed only on devices manually whitelisted by MAC of the Camio Box to detect bugs that may appear only after long periods of operation.
- The RC is approved as a Release for gradual rollout as a percentage of all devices (e.g. 10%, 20%, 50%, 100%)
- Camio Box checks for the availability of new software every 6 hours, and when the MAC and User-Agent of a particular Box require a software update, the Camio servers send a command to the Box to begin the software update process.
- The upgrade command retrieved from camio.com includes the URL from which to download the new software release.
- The downloaded Release file may also include optional maintenance scripts that apply OS-level patches or updates required prior to the use of the new Release.
- The existing release is copied to a backup directory prior to the application of the new Release, so that a failure in applying the new Release can be reverted to the prior Release.
- The Camio Box process is restarted, which results in a brief (1-second) interruption in video recording as the streams reconnect. (This 1-second outage will be removed with the release of Camio Flex, which runs on Kubernetes)
Information Security
- All of communication between Camio Box and Camio servers to retrieve software updates is TLS 1.3 encrypted using Perfect Forward Secrecy key rotation.
- All https requests include SSL Cert Verification without permitting the specification of a CA_BUNDLE (i.e. SSL inspection is disallowed) to prevent man-in-the-middle vulnerabilities.
- Camio Box doesn't pin Certificates today. The risks of operating in a hostile environment (e.g. malicious DNS) seem lower than the risks of service interruptions in responding to compromised keys or Certificate Authority revocations.
Comments