We\u2019re back! Here\u2019s the latest monthly roundup of big and not-so-big news in the world of IoT, ranging from carrier doings to a neat little startup. Buckle up.\nCalifornia legislates IoT security\nCalifornia\u2019s state legislature this month sent a bill to Gov. Jerry Brown\u2019s desk that would mandate the use of \u201creasonable\u201d security features in any connected devices, which are defined as any device that \u201cis equipped with a means for authentication outside a local area network.\u201d So, essentially, anything that can be accessed via the Internet would be subject to SB 327.\n\nAs broad as that definition is, the security features that would be mandated if SB 327 is signed into law are quite narrow. The bill bans the use of default passwords for access, requiring manufacturers to either assign each and every device its own unique password as it rolls off the assembly line or to make users generate their own passwords the first time the device is started up.\nAs big an issue as default passwords are for IoT security, there\u2019s a lot that the bill doesn\u2019t do. Sophos\u2019 Naked Security blog bemoans the fact that it leaves out \u201cother security measures that should be table stakes for IoT security, such as device attestation, code signing, and a security audit for firmware in low-level components that IoT device vendors buy in from overseas suppliers.\u201d\nThe tech sector has generally been left to its own devices by regulators \u2013 and hasn\u2019t that worked out swimmingly, from a security standpoint? \u2013 and it\u2019s much too early to say whether SB 327 represents a broader change, but it\u2019s at least a step in the right direction.\nCarriers double up on IoT\nVodafone announced earlier this month that it would double the size of its European NB-IoT network, making it more widely available than ever for use in smart-city solutions, connected agriculture and more. The company boasted that its NB-IoT network will be able to reach into basements and other tricky wireless environments, as well as support up to 50,000 connections from a single cell.\nStateside, it looks like AT&T is working on new SIM technology for IoT networks, which would integrate the SIM card directly into a chipset, making it easier to produce low-power connected devices at scale, and eliminating their need to use traditional SIM cards. (They\u2019ve partnered up with Giesecke+Devrient Mobile Security and Altair Semiconductor to make this possible on Altair\u2019s ALT1250 chipset.)\nWhat\u2019s more, Sprint and Ericsson took to the wires this month to announce two new IoT-specific things at the Americas edition of the Mobile World Congress. First, an IoT operating system aimed at simplifying device management and subscription information. And second, a virtualized network segment designed to reduced latency to IoT devices working on Sprint\u2019s network.\nThe carriers seem to be confident that their role in the future of IoT is a big one, and they\u2019re probably right.\nStartup Locix tracks IoT assets\nStealing out of stealth this month is Locix, which landed a nearly $10 million Series B round to fund its advanced, camera-based location-tracking-and-analysis system. The idea is that Locix\u2019s tech can be used to identify and track objects inside or outside of a facility with a high degree of accuracy and flexibility, all while reporting its data back to a cloud-based back-end that can plug into the analytics or machine learning engine of your choice for processing.\nThe flagship customer appears to be Prologis, a real-estate logistics and supply chain company that\u2019s using Locix\u2019s technology to route trucks around a docking bay in Ichikawa, Japan, as well as asset tracking at that facility.\nMobile edge compute, kinda\nEdge computing is a big deal, particularly in IIoT, where it can help shield vulnerable industrial devices from security threats. The usual image that people have when talking about edge computing the way IoT experts mean it is a box sitting somewhere near a bunch of endpoint devices, but UK-based ORI industries is looking to turn that on its head.\nORI announced early this month that it has released an \u201con-demand mobile edge computing platform\u201d called DNA. DNA is, essentially, a virtualized layer that sits on top of telecom networks and automatically identifies computing devices near endpoints that can be used to help manage them.\nFor the telecom companies, something like DNA is a way to leverage their massive capabilities into an edge compute line of business, while ORI hopes it\u2019s also a way for developers to create new apps based on that capability.