a few random thoughts on currently made SW… with conclusions. but first lets start with different types of problems.
recently i had an issue - my CD drive hung! it stuck on track-seek phase and was unable to respond to anything, including both “open” and “force open” buttons! even servos for moving CD shelf were down. i had to power turn off and on my whole PC to make it work. i had such a scenario twice, in a single day.
some time ago i read about headphones that hung.
a friend of mine had a dish-washing machine, that required restart roughly once a day, otherwise it started to beep randomly and display weird characters on LCD.
last but not least, recently i had my regular phone in service, so i bought cheapest dual-SIM phone there was. software there was a disaster. even though it did not hang, it used to stuck and/or suck on regular scenarios. eg. typing in screen-lock password while SMS arrived caused some dunno-what state, that prevented any key from working. even though screen-lock was enabled and needed to check content of the phone, it was enough to call the mobile and suddenly no password was required to unlock it. one cloud say “but it was a cheapest model”, but i say “yeah - but i still payed for it”!
this is all VERY bad, but still – unintended. but even that's not always the case…
some time ago i bought 2-year e-subscription for a magazine i used to read in paper version. i decided to make use of my e-book reader for that purpose too. unfortunately e-version is delivered in PDF only. ok then – i just bought mid-size tablet to read it (and made a special mount for it ;)). tablet was inexpensive, simple and looked like up to the task. i uploaded all the issues i had to network drive and shared it over wifi to the tablet. it would be perfect if not for automatic updates, that always started w/o question and just after screen-lock was disabled (i.e. the moment i actually wanted to read something!) and usually blocked device for 1-3 minutes, for all the stuff to update and/or install. yes – some SW was auto-installing constantly, even though i always removed it afterward. after some time of annoying surprises and failed rooting attempts i finally decided to cut-off internet access for the device on firewall. now it is usable for reading, though unusable as a web-browser.
another table comes into play. during one of the conferences, as a thank-you for giving a talk, i received tablet. it runs smoothly, HW is nice… but OS is terrible to use. while i, as a geek, may be biased, my non-technical friends confirmed low usability. more over – screen-lock contains moving commercials, that i definitely did not order and do not want. guess what – you cannot disable it. what the hell is that?!
home routers are notoriously poor in security:
just to name a few… in fact, if you are bored on friday afternoon, and have some home network device near by, you will most likely be able to figure out some trivial hole like path traversal, buffer overflow or magic link to bypass authorization mechanism. if you are lazy and just use your favorite search engine, you'll find plenty of ready-to-use security holes.
phones are usually delivered with predefined factory SW, that has applications you may not want, but still cannot uninstall them. on of the previous phones i had per-installed facebook, which i never use, yet it updated like twice a week, eating up more resources each time (device was low on both RAM and ROM, thus it was noticeable). on current one i have a lot of apps from google, while i do not use majority of their services… not to mention some “run-meter” application, made by god knows how.
what's common for all of these scenarios? no root means you're not the owner of the device – you just happen to use it. having closed-source solutions does not allow easy inspections and auditing. this is very bad starting point, which takes us towards next section, which is…
if you happen to have a smart-TV, you better:
you think this is harmless? no harm done? who would have bothered? ask Mr. Edward about his experiences while working for his last employer.
a friend of mine once told me about teleconferencing HW his company bought from on of the Chinese manufacturers. after each video-conference it sent about 20-30MB of data to remove servers, located in china. it was found out by accident, while analyzing outgoing traffic locations. they ended up filtering the traffic out on company firewall.
it may not be so straight forward nowadays to buy a usable device. price might be a factor, but it is definitely not the oracle here. it is even harder to buy a device that is secure.
so what can we do?
effectively if you want to have a useful device, you need to put more than your money into it. you now need to invest both time and knowledge. why not go towards a different approach? why not separate HW from SW? HW manufacturers can then focus on making good, well-documented HW, so that SW teams can publish their offer, along side with open-source community. HW is sold, SW is tailored to on-need-basis for each user – looks like everyone should be happy.
if you think about it – this model is used by android OS… with one exception – HW vendors usually make it very difficult to change per-installed SW! most of the time rooting is required.
android recently hit car-market as well. in the down of self-driving cars era, perhaps we'd also go towards a solution, where car is produced by HW manufacturer, but self-driving SW can be obtained from different sources? we'll see…
changing to custom SW typically (always?) voids warranty. voiding warranty with custom SW always made me wonder – how broken HW design must be, so that SW failure can damage it?! i used to make such simple HW designs when i was a student. now i don't. if i, as an amateur, can make some protection mechanisms i'd expect professions designers to do better than basic designs. we live in times where simple µC can cost $0.20 in retail store. when you buy phone for $300, would you really bother to pay $300.05, for an extra protection circuit, build into a HW?
it was supposed to be a short entry. sorry you had to read it all – i did not have time to make it short. ;)