Some instances of software truly need the Internet to run, E.G. Facebook or GTA Online. Many software tools don't need that connection to run, but are heavily embedded with connection dependencies like a calculator app (stable technology). Many of these apps and devices become totally useless if an active connection is not available. This is a bad move companies make all the time to encourage our dependence. The same goes for Hardware -- Do you really need to send a Tweet from your refrigerator?
Identifying the frivolous items that do not need to be Internet reliant and avoiding them altogether might be the key to sanity, unless you want GE logging each time you open your refrigerator door and spying on what you buy and store in it.
This discussion ties into so many issues faced in modern day society. Technology should serve in making life easier, less expensive, and more efficient for all of us, not in manipulating our emotions, costing more over time, and in tracking our decisions and movements.
I’ve been harassing my dad for ages over his purchase of a WiFi-enabled LG fridge.
Neither of us know why it’s connected - but it is, and it proudly displays a WiFi icon with a backlit LED right above the water dispenser.
The only thing you can possibly gain from a WiFi-enabled fridge (it has no voice commands, no screen, etc) is just being monitored and/or hacked. There is literally no benefit to the consumer from having WiFi on that device.
> The only thing you can possibly gain from a WiFi-enabled fridge (it has no voice commands, no screen, etc) is just being monitored and/or hacked. There is literally no benefit to the consumer from having WiFi on that device.
Does it at least have cameras inside the main cavity so you can see what you're short-of on your phone when you're at the supermarket?
I agree that I can’t imagine what genuine benefit an internet-enabled fridge could have, but out of curiosity, what benefits do they list in the manual?
Recently, Charter Communication folded up its home security business, leaving everyone with useless e-waste.
Then you have Youtubers hawking cloud IoT things like SimpliSafe, Ring, Nest, Alexa/Google Home/etc.-enabled devices that will disappear whenever they decide to end support.
It gets worse. I remember some Motorola Mobility smartphones phones from around 2008-2010 that absolutely required Motorola to continue to run its own servers for some of their social media functions to work (like Facebook) because they were skimming analytics from their customers and reselling them without their knowledge or permission. I know this because I did some consulting on-site for them. Many of the people came from Danger where a similar thing occurred, which was a muddy tarpit Microsoft later realized they shouldn't have purchased.
TBH, I think there's a market for end-to-end self-hosted products that go through a privacy-focused firewall WiFi gateway and has some computing power that can run server apps locally rather than being cloud enabled. And for work-anywhere mobile apps, there ought to be some sort of universal rendezvous protocol that supports end-to-end-encryption that the devices can talk to. And of course, the mobile apps, local servers apps and Zigbee/WiFi bridge server should all be open source.
Sony literally bricked my PS1&2 compatible PS3 with an update and offered me something like a $20 gift certificate for Sony products for my troubles. I haven't bought anything Sony since.
The real issue is that courts hesitate to turn the screws on the companies that get caught doing this. If Sony was forced to pay 5x original cost in penalties, the cost-benefit analysis wouldn't have been in their favor.
I am today about to replace my Android because I can no longer update because the install gets bigger every year and I have run out of space. I am seriously considering going to a flip phone and using a small laptop or something else linux powered for my previous smart phone usage.
> Sony literally bricked my PS1&2 compatible PS3 with an update and offered me something like a $20 gift certificate for Sony products for my troubles. I haven't bought anything Sony since
Perishable software is a huge problem - things keep operating only in dynamic equilibrium, such that they would fall apart as soon as we stop putting energy into fixing flaws.
I have been thinking for years that as a society, we need 100-year products. It would be a global good to counteract the local incentives for producing perishable software.
However, over time I have realized that there are legitimately unforeseen circumstances that come up - for example, the general realization of the need for stricter security around logins (e.g. two-factor authentication). Maybe a 10 year time window is realistic for now.
In the meantime, requiring expiration days would go a long way towards calling out how perishable our devices and software are.
> such that they would fall apart as soon as we stop putting energy into fixing flaws
This is not true. The only reason software needs constant updates is because new features are constantly being added to stay competitive. If you stop adding features, in theory you will eventually run out of bugs to fix as well.
The problem is feature creep. Software doesn't "decay," and thus does not need infinite maintenance.
Perhaps I should amend my statement: "such that they would fall apart as soon as we stop putting energy into maintaining hardware and software dependencies"
Software assumes that there exists specific hardware, operating systems, and services underlying it to keep operating. If you try to turn on a 5-year old android phone, you will find that your apps probably don't work (because of service changes for example), but also can't be upgraded because the latest versions don't work with your old version of android, and your android can't be upgraded because the latest versions don't have device drivers for your phone hardware. You're SOL.
So, to have a 100-year software, you need commodity components from the top down, that continue to be maintained for the same length of time. And it all probably needs to be 100% open source. Otherwise, you have perishable software.
That depends on the abstractions you build on and who's maintaining them. If you have a stable abstraction to build on, it's due to having common standards at the OS and instruction set level, along with device drivers hiding the churn. At the hardware level, suppliers discontinue components all the time. I wonder if most cell phone manufacturers could even build one of their designs from four years ago due to parts that have been discontinued since then?
That is assuming that software is ever written 'correctly', which outside of (semi-) academic exercise is never the case (so far).
You can have a program with 1 purpose and no added features experience a variety of critical flaws over a period of 30 years. While there might not be a 'decay' as such, there definitely is new understanding and as such new attack vectors.
The same goes for the stuff the software runs on top of. Your program might be programmed just fine, but if the CPU it was programmed on no longer exists and the replacement CPU has new features that allow that program to be exploited in new ways, that is still a flaw of the software. It couldn't have been foreseen, but it still happens.
The concept dat the things we build are frozen in time never holds up. The difference with software vs 'other things' is that it doesn't degrade or get 'used up' (as you wrote yourself). But the things around it do and as you cannot write programs against all possible future contexts, it will need maintenance for as long as it is in use (from a software perspective - a business thinks differently about that, especially risk analysts).
Not really. There is literally precedent in this regard. TeX is stable. Very stable.
Has it been extended? Yes. And some extensions can be seen as borderline required. But I'm not unconvinced that one of the biggest factors in this is that he tried to make it stable. And showed great restraint in what requirements to go after.
Which TeX? Over the last 10 years, over 20 serious and critical vulnerabilities have been found in various TeX implementations. They were all fixed via... maintenance.
How many of those were extensions? Pdftex, as an example, is not TeX. There have been roughly, what, eight releases in TeX since version 3? Hence we are now at 3.14159265.
This is not to say things couldn't have been done better. But I love that all of my documents still compile just fine. Modern practices? Nope.
Coming back to this after a few days. I also can't help but take a double take at 20 vulnerabilities in 10 years being a serious criticism. Is the implicit claim that this is a bad record compared to other software legit? (Honest question.)
I have, since January, a "frozen" Windows 7 environment with WiFi/LAN switched off. I use it rarely, now on Ubuntu, but there is something about it that feels good where it didn't before. I think it is just it's feeling of permanence.
A 28kbaud modem, analogue phone, consumer film camera or virtually any electronic good that uses valves: if they were designed to last 100 years surely you agree that would that be a waste of resources?
Think of 50 technological objects in the home from say 75 years ago. Now look at the models or brands that were then designed to be still useful now. Was the extra cost worthwhile or did the object become obsolete for a good reason? What would the maintenance costs for those objects be? Go to a estate sale of someone that bought quality technology items and kept them: review how many of them would be obsolete (because they are just not useful, not maintainable, inefficient, time wasting, irrelevant, dangerous, or otherwise useless for fair reasons).
Even worse, expensive well designed goods (e.g. jackets) that while still useful are thrown away because no one wants them... Human capriciousness needs to be part of the compromises we make when designing goods.
No, it is asking people to design and test systems for the long-term. It would require establishing strong interfaces between components that will hold up when subcomponents are swapped out.
I think of it like a car where parts can be replaced if those parts have an issue, but the designs of the connectors stays the same, and replacements are available. A 100-year car isn't one that requires no maintenance for 100 years; it is one that can be maintained, and replacement parts can be acquired, and it will still continue working.
If a car depends on a remote server, such that the car stops operating when the remote server is shut down, then that car is perishable.
There are a lot of cars that were maintainable, and built to be maintained, that can’t be maintained anymore simply because the manufacturer went defunct and there are no more parts (e.g. Saab, Datsun) or because the cost of manufacturing more parts for a car with a dwindling owner-base began to outweigh the profit, and thus, there are no more parts (e.g. older Ford models).
Unless the car is built primarily with 3rd-party parts (from manufacturers like Bosch, Brembo, etc) - which is something that consumers usually hold against a car, like how many people are upset that the new Toyota Supra is actually a BMW - then the problem is almost completely analogous to the shutting down of remote servers; if the manufacturer goes defunct or can no longer make a profit by continuing service, the car’s life has perished.
And in fact, the only way to avoid this is super conglomerates and monopolies - Lamborghini parts should always be available, because they come from the Audi parts bin, which comes from the Volkswagen parts bin.
In the past aftermarket parts makers came in to support popular cars after OEMs retired replacement part making for older model cars. Now if you so much as breathe on an aftermarket mod for your brand new software driven EV ( I won't name names here of course but you know who), the manufacturer may brick your car, or worse yet declare your warranty and/or any future support null & void.
My 2017 Volvo XC 90 somehow begins to casually malfunction whenever I drive it beyond a few service warnings. The car is HEAVILY software dependent. It can technically drive itself and park itself too. This behavior somehow disappears once the dealer performs software updates. It's pretty strange, and I worry it's a ticking time bomb for when I reach the end of my warranty on the car.
I am definitely against the newest measures taken by car companies, e.g. Porsche completely covering the engine (and voiding warranty should you access it) save the oil reservoir, on the newest 911s.
There is also something missing from my metaphor which is that even when the parts no longer exist, the car can still continue to run until it breaks down, rather than being remotely killed due to an external signal separated from the car itself (e.g. servers shutting down and triggering some switch in the code).
Nobody works for free. I get your beef but the problem is we buy things and want to pay once, if you were willing to pay for your router every month, well heck you could actually just buy a new one every year about already. fancy that.
I want to pay once for something that works as advertised. If I buy a car and the airbags are bad they will fix it. If I buy a device and the software fails I expect it is fixed too. I'm not asking for features, I'm asking for bug fixes, which if you had a perfect text plan would already be fixed.
At the bare minimum, products should be engineered so they can function at a reasonable level "manually" independent of software systems. These devices should also allow owners to take themselves off the network any time they want in order to ensure REAL OWNERSHIP. That maybe is the happy medium that can get you home if the network goes down?
No, they need expiration dates more than milk, because at least the dairy farmer isn't coming into my house to curdle my milk in the middle of the night.
Good point. Planned obsolescence has always been a valid threat against our financial futures. Pushed software updates can secretly render IOT devices useless or slow them down. i predict there will be a ton of class action suits in years to come over this, the real tragedy is that bilked consumers will likely never be the ones who recover the loss. It's unfortunately the way of capitalism.
Maybe a better analogy isn't milk, but car seats? I was surprised to learn about car seat expiration when I became a parent, but it makes sense -- the materials themselves break down over time, and safety standards and research evolve. I don't think it's too big of a leap to see software in a similar way. Even if the code itself still runs just fine in ten years, likely the context it runs in has long changed.
And in a future where software-dependent devices have expiry dates, we can debate if worries about using them past their published expiration are warranted or are examples of social panic. I think a future where those debates happen, as opposed to one where the majority of people are not even aware of it as an issue worth considering, is a better one.
And yet, there are plenty of products which never expire. Petzl says their plastic and textile products have a lifespan of 10 years, while their metal products (which I regularly trust my life to) never expire.
There are newer (government or industry) safety standards, as you note, which might reasonably cause one to retire functioning equipment. (For example, retiring dual-action carabiners in favor of triple-action carabiners.) But that's not because there's anything wrong with the equipment. Just because 2020 gear is a bit safer doesn't mean 2010 gear was dangerous. 2010 wasn't that long ago. Those safety standards were already quite good.
Besides, that's not what's causing software like this to need an expiration date. IOT devices where the server gets shut down are not going dark because of some new security research. We as an industry knew full well that using "password" as the password was a terrible practice, even way back in 2010.
> Maybe a better analogy isn't milk, but car seats? I
That's a good analogy: software, like car seats, generally doesn't go bad with time, but the people that sold it would definitely like to sell you new software.
Afaik you're supposed to replace those every 10 years or so. Most people of course don't.
Another good one most people forget: Hard drives last about 5 years. CD-Rs are rated for 10 years. A flash drive can go for 10 years. SSD holds data for about 2 years.
The electronics themselves in many modern consumer devices are basically kaput after 4 to 5 years.
Point is you are likely overestimating the lifespan of your devices even without taking software into account.
Hard drives 5 years; yeah it happens but then usually fast after active use: if they do not fail fast then they usually keep going. I have 100s of HD's here from 25 to a few years ago and most of them work fine. Especially the 90s/00s then-expensive scsi discs do not seem to fail. But cheap internal and external HD's from that time are also still all working. If they get beyond 5 years (and by far most do), they get to 20. Anecdotal ofcourse.
The software doesn't "expire" or "perish". The software isn't gone. The software may go into a state of not getting updates.
A lot of the problems outlined in the post have to do with device and solution design decisions rather than in software expiring.
This also touches on open source software lifecycle choices. PHP may be updating quicker than it used to but the backwards compatibility is amazing.
Angular 9 moving at this pace of change is an example of a lot of churn. Churn is fun for us devs while we work on things but not great for the solutions our stuff is embedded in.
The "Buy it for life" movement would absolutely need to flag software-dependency as an anti-feature. My recent smart TV purchase is regrettably tied to a fixed China-hosted domain name to fetch the main pages, and despite many calls to the manufacturer they refuse to tell me how to change that hard-wired address to another one. I hope the consumers can rally together and create a crowdsourced BIFL database of which brands to avoid, and perhaps how to circumvent these software dependency.
The problem with planning obsolescence in this manner is that different people use their devices differently and have different expectations, both of which make their devices go obsolete at different times.
An ancient phone that hasn't had an OS update in years still has a good shot at being able to handle texts and phone-calls. If that's all a user wants from it, it's not obsolete until it becomes so old it can't talk to their carrier's network. This is the sort of user who might not be afraid of replacing batteries.
Another user might want to do a fair bit with his phone and be just barely satisfied with the quickness of the interface when he first gets his device. A couple of updates, with their associated bloat, might reduce the speed of the interface enough that the phone becomes, as far as this user is concerned, ready for the junkpile.
If you're making the phones these two users are buying, how do you choose an expiration date? If you put it somewhere in between the above two extremes, one user will angrily bin their phone long before the expiration date and place no further trust in such dates, or your brand, while the other user, knowing how long his phones typically last, might not even buy a phone with such a short official lifetime.
Expiration dates are for milk and eggs. What users want is for the makers of the products they're using to commit to meeting their needs for a reasonable time period. People understand that hardware goes obsolete, but are less understanding when companies provide software updates that have so much bloat that devices become progressively less capable and effectively lose features. People get mad, and rightfully so, when companies refuse to sell repair parts and actively sue anyone making third-party parts.
Then perhaps companies should price these devices accordingly to correspond with flawless performance during a pre-specified time period. Right now, if we spend $1,000 on a new XXXYZ Phone, there is no commitment to flawless and essential updates from the company. As they release new devices each year pretty much, it would be in a company's (shareholder-driven) best interests to encourage their user base to upgrade each time a new device is released. This tends to drive the need to intentionally degrade older devices via updates for industry leading companies, by driving annual revenue upwards on a more predictable schedule.
If a company raises their prices and commits to spending more on software updates, users are going to buy a similarly spec'd phone that's cheaper. Their perceived value of software updates is "free".
It's arguable that many manufacturers already have wide enough profit margins on their devices that they could easily spend more on software, but choose not to specifically for the reasons you mention. Artificially accelerated obsolescence is a key part of many manufacturers' business models.
What needs to happen is for consumers to start looking at devices in terms of cost/lifetime rather than just the up-front cost. This would necessarily involve placing value on repairability and software updates that don't degrade performance. Phone designs are practically runway fashion now though, and seem deliberately designed to frustrate such a shift in consumer sensibilities.
The problem with expiration dates for software/hardware is that it's difficult to predict when they expire. A new malware attack can make an entire class of device obsolete overnight. IoT devices might be fine if you keep them on a private network but expire quickly if exposed to the internet. A device might be abandoned by a company (no more firmware updates) but later adopted by the open source movement and then updated for a decade. Everyone might be using a device thinking it's safe when actually an APT has had a compromise for it for years. Maybe a better solution is the ability to force obsolescence, but then companies might misuse that and it could be an attack route itself to turn off the devices. An expiration date or forced obsolescence can destroy many things that are actually still useful. A companies commitment to provide updates may be some indication of expected life, but is also a guess and how can you trust that small companies (innovators) will be around in the future?
Maybe the solution is the old fashioned approach to hardening devices; keep improving them until we know they are stable and reliable and then keep making the same thing, like old Unix servers. But people like new things and there are always desirable features that could be added. All changes are the potential creation of new vulnerabilities.
The Soviet Union used common parts to make many different devices, which made them last forever because they were easy to fix. But that also kept them from switching to new devices because it would obsolete so much infrastructure and the social functions built around it.
The only long term solution may be to change society so no one has an interest in doing bad things, it becomes boring and unattractive. That doesn't eliminate all risks though, because the world itself changes and can cause new unforeseen problems.
A layered approach could protect devices better, giving them a longer useful life. And if they were designed well (by iterating) to start with, that would help too. A plan for what to do, just in case, might help as well. Risk and cost assessment can help make wise decisions. Sometimes the only solution will be to just pull all the devices and replace them, at high cost.
We're already facing multiple problems along these lines (compromised home routers, bugs in CPU's, zero days, people not updating software) so there is something to be learned from current problems and solutions.
One really difficult problem is we don't really know how to make things that last a long time at a reasonable cost. Have a look at the projects of the Long Now Foundation:
Companies should really get a grip on how long things last under normal conditions... They issue warranties on a lot of their goods. Software rarely comes with useful or valid warranties because it is often updated, but for business users they have fixed periods of support, where the company pays a subscription fee for membership. Developing something like that (reasonably) into the price of software could bridge the gap. Someone has to do something firm in terms of policy now that so many software makers are actively playing with the loopholes.
They're not 'pretty much wireless speakers', else any Bluetooth or AirPlay speaker would be an equivalent substitute.
They're self-meshing wireless routers combined with a media streamer and packaged into a speaker. They also self-cluster / coordinate to support surround sound, grouping, and AirPlay.
Complicated stuff. Sucks that they don't provide the option to offload some of that work to a computer or appliance, letting the speakers be less smart and have increased longevity, but that's the trade-off in a smart speaker system where customers can start with just one speaker and not need to buy anything else.
I get it... Smart TVs with embedded apps are being retired in the same way, but at least when that happens you can use an aux connection to make the device still viable in some sort of way. I use an HDMI wireless connection from my laptop for example, never needed apps to run from my TV since day 1.
I avoid buying most devices that do things that my Laptop and desktop PCs can do these days with function-specific (dumb speakers), because even if worst comes to worst I can always install Linux and keep grinding for the most part.
> Hardware now (storage, memory, and processing power) are finite in devices like most mobile phones, eventually due to storage, and processing power, they slow down and eventually need to be retired.
Pet peeve. Hardware if ever slows down. It's the software that gets worse.
Today there is no way I'm buying a device that a company can turn into a paperweight by flipping a switch.
Tomorrow I won't probably buy anything where I'm not controlling the software.