Software trying to update when it is started is such a common pattern, despite almost always going against user intent. When I start software, that's because I want to use it. It's pretty high on the list of times I don't want it to become temporarily unusable while it updates itself.
Doing the same with vehicle firmware is a sad but predictable state of things.
Somewhere I saw an observation that the SF trope of "humans discover ancient technology, attempt to use it, hilarity ensues" fails suspension of disbelief for contemporary audiences, because we all know that right after the protagonists discover the ancient alien tech and switch it on, it'd be bricked for a good part of the next decade trying to retrieve and apply patches dating to when the Myriapoda first walked on dry land...
Last update applied at z=???
Looking for updates...
Update server found [Alpha Centauri C]
Retrieving updates... 0% of ??? YB
I can think of several devices I own that never do this.
1) My LG webOS TV. Somehow it always does its thing in the dark. OS and application updates have never been visible to me.
2) My car. Even though it can update over wifi, and by other means, it never tries to do it unbidden. You have to invoke its maintenance mode, at the time of your own choosing, if ever.
3) Google/Nest Wifi, OnHub, et cetera. Always up-to-date, never noticed it updating at any time in 8+ years.
However, I can also think of devices where the updates are prominent. macOS, iOS, iPadOS, and Android are all in your face about OS updates, and Android will even throw up a notification that some app updates are available, as if I want to think about that. ChromeOS is a little better in that it silently downloads and installs updates, and they are applied almost instantly, but it does prompt you to apply them.
>> 2) My car. Even though it can update over wifi, and by other means, it never tries to do it unbidden.
Today. That could change tomorrow. We already have forced updates for popular operating systems. Mandatory "safety" updates for car software will come one day.
I'm waiting for the day that different states implement different software rules. Imagine if Nevada implemented speed-governors but Texas didn't. I see a world where everyone has to pull over at the state line to allow their car to reconfigure software in order to accommodate local rules.
My Eero wifi defaults to 4am for updates, which is changeable, and it warns me with a push notification the day before. I appreciate whoever implemented that particular subsystem.
You probably turn your TV and Nest on less than once per year. It's much easier for always on devices to update when they're not in use than an item like a scooter, which when it's off, it's actually off.
That said, I don't know why you would ever connect a transportation device to the internet. All of my vehicles are too old to connect to the internet, but when I finally have to replace them, the first thing I'll do is physically remove the Wi-Fi/cellular antenna
You can just do the equivalent of a blue-green deployment: you have two copies of the firmware, a flag that tells you which is active, and a tiny bootloader that respects that flag on startup. At any point during regular operation the firmware can update the other copy, and once done toggle the flag. Next time the scooter is started it uses the new version. If the device is shut down during update it continues to boot from the old version, and just tries again next time. Bonus points if you have a small watchdog that toggles the flag if the current version fails to boot.
One pretty understandable reason for a transportation device to update itself is for new GPS ephemeris data. I think it would be cool if there was a device protocol that somehow securely promulgated such data from devices that are expected to be well-connected, like your smartphone, to "things" that are not, like watches and cameras and scooters.
I would inclined to believe that maybe the manufacturer sends out an email or sms to notify you of am update and then you choose the time, while also being given a change log of what exactly is being updated.
otherwise what would prevent a bogus server asking for an update you have no idea about and installing something malicious and - whoopsie daisy - your car grows legs and disappears?
Yes, I have a proper car from a real car company. They shipped working software the first time and "updates" are actually recalls for which the owner is notified, at the time of annual service for minor issues, or by mail for major issues.
I used Windows 10 for the first time in years this weekend to play games
While playing, Windows would switch from the game to a stupid "Restart your computer now or in 1 hour?" modal - with no option to get it to permanently go away. And it kept popping up every hour. Infuriating.
I also have to frequently update it before the call on Windows.
Maybe it works as intended if you use it daily, but as someone who only occasionally uses Zoom for external calls I'm in the habit of always opening it a couple minutes early to have time for software updates
I just use the browser version, so I assume it is always the latest version. This is one of the compelling arguments for everything is a web page/app. A single centralized place version millions of separately controlled copies.
And the equally compelling anti-argument against everything-is-a-web-page is every time I go to a website I haven't been to in awhile (and some I use on the daily), I need to swat away a cacophony of "What's New! Let's Take a Tour!" popups, like so many cobwebs. :)
One of very few things I hate about current Samsung phones - there are popups about updates of their preinstalled (and uninstallable) apps from their own store.
I always ignore it, and within few hours there is another notification how they were updated. Seems like most idiotic approach, illusion of choice, effectively frustrating users.
Also they randomly decide to "Optimize" apps on startup, making a startup go from 30 seconds to 5 minutes or something. Better hope you didn't turn on your phone to dial 911.
The fundamental mistake of software engineering here is not when the
"scooter" updates, but that it updates at all.
Not everything that uses electricity requires an embedded computer
connected to the internet.
We could ask the question as: Give me a list of good reasons
why a scooter should be connected to the internet?
We might get answers like:
The built in map or GPS needs updating
The pricing list for hire needs changing
The battery monitoring software has changed
Every one of these reasons, and many more, have nothing to do with the
operation of the device qua scooter. Everything it did yesterday it
could do equally well today.
The problem is modularity, specifically the poor coupling and cohesion
of subsystems within the design. Everything in our list relates to something
other than the function as a scooter; like navigation, payments, telemetry.
In a properly designed system these have to be seen as essentially separate
systems with diverged functional requirements. Each could operate and update
in its own way if necessary. The default behaviour of the 'scooter' system
should be to keep operating as a scooter, regardless.
Also the key problem is not iterated development but remote access
(AKA backdoors) baked into designs as a way to hedge bets.
There's some cases where remote field maintenance is absolutely the
right thing to do.
You would not send a space probe to Mars without the ability to
radically change its software while in service.
When facing unknown future conditions the concept of deferred
functionality is essential.
In situations of consumer electronics, which are designed, purchased
and deployed within a rigid set of operational expectations, deferred
functionality is a MASSIVE security risk and a subversion of
expected trust models.
Convergence means that these days I can literally turn any of your
devices into anything else... your wall clock into a radio, your
fridge into a web-server, your television into spy camera.
It's not Agile as a development philosophy that is somehow "to blame"
but its corruption by the devious into an excuse for reserving the
ability to change functionality while hiding behind the plausible
deniability of "necessary maintenance".
Automatic updates are terrible and the first thing I do when I get a new device or reinstall an OS is try to figure out how to disable them. Sadly, I am losing this battle and more and more stuff insists on updating behind my back, without me commanding them to update. This should be unacceptable. When I buy something I should be in full control of what it’s doing, not the manufacturer. I dont care if the software is vulnerable to CVE-1234567 or if there are lots of great bug fixes or if the manufacturer simply really really really wants me to see the yet-another big UI update it’s done. Updates should be done when I say they are done (or not), on my schedule, and only after I know what the update changes.
I don’t want to hear the manufacturer’s excuses. I know “most people” are clueless and leave security problems unpatched. “Most people” have also gotten accustomed to being abused by their software products that are out of their control. I’m not “most people” and I won’t tolerate being treated like this by device manufacturers. The product gets returned if I have no control over what it does.
> I dont care if the software is vulnerable to CVE-1234567
But your neighbour plugged into a life-support machine at the local
hospital does, because your machine could be used as a staging point
for further attacks.
When we built an "interconnected world" we created interconnected
responsibility.
That said, I agree with you that products that assume permission to
connect to the internet and update when they feel like it are a
menace. They result from disgraceful, lazy, inept software engineering
and allow sloppy manufacturers to unload responsibility on to users.
That is unacceptable and it is going to change in Europe with a slew
of legislation coming soon.
But that law may actually make things worse because it misunderstands
the locus of responsibility and trust models.
Centralising trust in automatic updates with a manufacturer makes
security much worse in many regards. Solarwinds is nothing compared
to what is coming when billions of connected devices can be owned and
turned into a botnet in s single exploit.
Your right to control your device is not to be championed solely
because of your property rights, but perhaps ironically, because that
is the better security model as the lesser of two evils.
Please don't say "I don't care about CVE-1234567", because at the end
of the day, you're the only one whose 'care' actually matters. The
manufacturer doesn't care and cannot really be trusted.
Yea I should clarify. I do care about CVEs and actively seek out and patch security vulnerabilities in the software I run. What I don’t care about is the manufacturer’s panic over the CVE, and their insistence on usurping my power to control my device, using the CVE as an excuse. Is that more understandable?
Yes definitely. I feel it's an important distinction to make because
otherwise the authoritarians and profiteers of "for your own good" will
jump on that and say "See! These stupid users claim not to care about
security. We must mandate manufacturers manage that after purchase".
Nobody wants that, least of all manufacturers, unless they can use
backdoors to spy on and ransom customers like printer and car
makers are starting to.
> But your neighbour plugged into a life-support machine at the local hospital does, because your machine could be used as a staging point for further attacks.
Unless your machine is in a particularly privileged position (for instance, it's plugged into the hospital non-public network), there's nothing special the attacker can do with your machine that they couldn't do with their own machines. So this is just fear-mongering.
> there's nothing special the attacker can do with your machine that
they couldn't do with their own machines.
Any obtainable CPU power, memory, IP address or storage is an asset,
so they could:
Run processes such as password cracking on your machine while still
having their own to use.
Store sensitive or illegal data encrypted on your disks as a dropbox
for themselves or others.
Launch recon scans or attacks from your device, using your IP address
while staying hidden and leading the authorities back to you.
Set up your machine as a proxy for routing other traffic, leveraging
your geographical location.
Set up your machine as a node in a distributed compute farm for
mining, cracking or other tasks.
Sell access to your assets to other bad hackers.
... we could literally go on for hours with ideas about how using
*your computer instead of their own* gives an advantage and thus
presents a motive.
> So this is just fear-mongering.
Two points I'll make:
Maybe you *should* be afraid of all the ways contemporary
cybersecurity is an absolute shitshow. Fear is not the best motive,
but *is* a motive for making changes. There's a reason we have that
part of our brains and the emotion it provides.
I'm sorry you feel worried about what I said. Even though the
threats are real I don't believe in scaring people. I think a better
way is through education and empowerment. That's why I produce work
like the Cybershow [0], where we try to make cybersecurity a little
bit fun and irreverent. Come and listen to some shows if you care
about computer security for yourself and people you love.
Honestly I've never understood any sort of software update or new user guide or changelog appearing when the user starts the software.
You know why I've just launched this game in Steam? Why I've just opened this shared meeting whiteboard software? Why I've opened my bank's banking app? Because this is the moment I want to use it.
If I open Skype it's because I need to be on a video call within the next 15 seconds. It doesn't matter what the popup says or does or how valuable it might be - I'm dismissing it, because I need to be on a video call within the next 15 seconds and it's between me and that.
How could a UX team possibly conclude that the precise moment a user shows unambiguous intent to use your product, is the best time to get in their way?
"How could a UX team possibly conclude that the precise moment a user shows unambiguous intent to use your product, is the best time to get in their way?"
Well, the most natural answer is that it's not a UX team. It's the software engineers observing that since our program isn't running all the time, this is the moment we have to check for things.
And roll around that design issue a few more times and that's why your computer is running upwards of dozens bespoke programs that do nothing but scan for updates periodically and consume surprisingly large amounts of resources to do it since apparently most programmers can't write a program to try a network request every couple of days to consume anything less than a gig of RAM and 25%+ continuous CPU.
I get annoyed enough when it is a normal startup. I turned my computer on at 6:28 today, because I knew I had a 7:30 meeting I needed to be join - I was a minute late and that was normal startup. It is even worse if the computer did an update the day before - even though the computer was off for 15 hours and so there was plenty of time: there is no option "install updates doing whatever reboots needed then shutdown when done". Instead I have to sit there staring at a update screen while it does whatever.
I'm not sure how the machines are set up, as I have an aversion to Windows from my time as an NT 'certified professional', but at least one machine will spend 10 minutes 'updating' during any class.
No doubt you can turn this off or set update time windows or whatever, but I'm not the admin for these machines. At least the updates generally work. For my kids' machines at home, almost anytime they boot windows, it will do an update, and a good percentage of the time, the update will fail, and brick the machine, requiring a complete re-install.
Windows has gotten pretty good at staying out of your way with updates if you have typical usage patterns. That is: either you turn it on at the beginning of the business day, it downloads updates in the background and installs them when you shut the machine down at the end of the day; Or you leave the machine on 24/7, get a couple prompts over multiple days about a scheduled restart with the option to schedule it, and if you don't react it just restarts in the dead of night (or rather, a reasonable prediction of when you won't be using the computer).
The rub is that this doesn't work as well in atypical setups like a lab. The machines are probably only on while students are using it, preventing the "install at night" strategy, and if your normal workflow includes restarts Windows will take that as a cue to finally install the update.
Of course all of this is avoidable by configuration, or by the user (restarting explicitly without updates). But the Home version hasn't always given you as much agency in this as the more expensive Windows versions.
Updates on shutdown make sense in some of my machines but are awful in the laptop I use to teach classes. When I finish a class, what I want is to leave to do something else elsewhere (often another class in a different room).
I know I could probably suspend or something, but I never do that because it used to be a lottery on Windows whether your machine would actually unsuspend or you would need to fight it pressing the power button until it rebooted (did they ever fix that?)
> Updates on shutdown make sense in some of my machines but are awful in the laptop I use to teach classes.
It's also a bad idea when the power has gone out and the UPS battery will last for only a few more minutes. Or when you have no UPS, a storm is coming which you know will cause the power to fail, and you want to orderly power everything off as quickly as possible (not to mention that losing power during a software update is not ideal).
Which is why I love the way recent Gnome does it: when powering off, the confirmation dialog has an unobtrusive checkbox (checked by default) which selects whether you want to run software updates before powering off. If you're not in a hurry, you can keep it checked and wait for the software updates to finish; if you're in a hurry, just uncheck it before confirming and it'll turn off immediately.
A friend of mine moved from Windows to Linux many years ago because of that. He used his computer at home only in the weekends and almost every time he switched it on he had to wait for an update to download and install. Sometimes he just switched off the machine and did something else.
""For my kids' machines at home, anytime they boot windows, it will do an update, and a good percentage of the time, the update will fail, and brick the machine, requiring a complete re-install."
My wife and kids all use and have used 2nd hand company Windows 10 laptops. Since one of my roles by day is being a system administrator, i took quite some time to setup Windows 10 as they and i like it, being very very thorough in its various settings. The things just.. work..
It's quite rare if they ask for help about updates, crashes, etc. Haven't had a bricked OS since Windows ME.
Getting Fifa 23 and FC24 to work flawlessly on the Windows 10 game computer on the other hand.... Maybe i should start working for EA :)
"being very very thorough in its various settings. "
Perhaps that's the key. I don't have time for that, linux just works, though of course some apps aren't available at all on linux, hence the windows boots.
It sounds from sibling comment that Windows is only booted up at irregular, far-apart times. So most likely there are weeks or months of accumulated updates all trying to go at the same time. No mention of what Windows version is running, or how old the hardware is (limited ram, slow disk, etc).
As a counterpoint anecdote, I've been using Windows 10 Pro on a half dozen both newer and older machines ever since it came out, and have never once had to re-install Windows due to a failed update (and in fact failed updates have only happened a few times, each simply requiring trying once again). But these machines are booted up and used on a regular basis.
huh? They mostly use linux, and maybe Windows once or twice a week at most, to maybe every couple of weeks.
So for your stats, last year we re-installed the windows partition of one machine 4 times and another I think 2 or 3. Could be hardware problems, of course. But each time was triggered by a windows update, so maybe the update stressed the hardware to the point of failure, which linux does not.
My car tells me it has an update pending when I start it up; it then allows me to choose to update now or to schedule it for later - defaulting to 2.30am - the dialog includes a warning that the car could be unusable for an hour or two.
Doing the same with vehicle firmware is a sad but predictable state of things.