
Popcorn time..
At this rate, I'll be buying shares in the stuff (and I don't even like popcorn!)
Microsoft's released a new flavour of Windows 10. Windows 10 IoT Core Pro is a version of the OS destined for original equipment manufacturers cooking up connected things. Redmond says the Pro cut's big differentiator is “the ability to defer updates and control distribution of updates through Windows Server Update Services …
The previous bitching was about not allowing people to choose when to update their own systems, and yes, that meant they could choose to shoot themselves in the foot if they so wished. The difference this time is that this innovation is making it easier for typically slapdash IOT manufacturers to shoot their customers in the foot.
People (journalists, reporters, hobbyists and a few IT pros) have been complaining for months that they can't turn off updates for the consumer PC version of Windows 10.
So MS gives that option to Windows 10 for the internet of things.
Now people (journalists, reporters and hobbyists) are complaining that the updates can be turned off.
MS should have modified its original plan, compulsory updates, but allowed the selection of one to fifteen days delay in downloading and applying the updates.
If Windows 10 for IofT updates can be turned off, then lazy vendors will turn them off. We've already seen this with Android, so there is no doubt this will happen. (Once they've sold the product and have their money, the best thing that can happen to that product is for it to become obsolete.)
And doubtless people (journalists, reporters and hobbyists) will blame MS for the OEMs choosing to do this, despite OEMs being independent companies making their own decisions.
And no doubt people (journalists, reporters, and hobbyists) will smear the problems of Windows 10 for IofT to all of Windows 10.
MS should reconsider its position.
1. Security updates for Windows IofT should be mandatory after a short delay.
2. Since Apple's model of cost savings by compulsory integrating security and functional updates has been widely accepted in the marketplace, updates for PCs and phones should integrated.
3. Since Windows for PCs is so much more widely used and thus is a much bigger target for hackers, those updates for PCs should become mandatory after 1 to 15 days.
Eliminate that straw man and your title is patent bollocks
This.
It would be nice to stop conflating "updates that are primarily good for Microsoft's bottom line (with the concomitant cost foisted onto the customer)" and "updates that are good for Microsoft's customers" into a single concept.
Sure, internet refrigerators have been around a few years and washers and dryers with matching apps are pretty common. Come now, this is too easy did you even look?
For a short period of time, my first generation Intel Galileo SBC. They dropped it from the list of targetted platforms for the current drop of Windows 10 IoT. No loss, really, as I've already got a few jobs for it and none of them involve Windows. Really now, no video equals what version of Windows?
For example my neighbour has an Internet connectable oven. It's a bit like Internet connected TVs, nobody likes them, but at a certain price point those features seem to become mandatory.
In a way most ATMs are IoT devices as they are connected to the Internet. Often ticket vending machines are. Even those ad-displaying devices commonly known as "smartphones" are more or less IoT devices.
BTW, there is an easy heuristic way to spot the Windows IoT device. If you interact with it, and _you_ have to wait for _it_, it's usually a Windows device. That's not because Windows is slower, but because there is a strong correlation between people who have no idea how to design embedded interactive devices, and people who build IoT devices on Windows. (The same will probably eventually be true for Android based devices)
Get the software right before shipping it, then updates will no longer be necessary.
It is only because it is so easy to issue updates that manufacturers do it. Imagine having to keep popping in to John Lewis to pick up screws and other bits for a toaster you bought last month because the manufacturer made a cock-up with the design.
This scenario of manufacturing error does of course occur and is implemented in the form of a costly and potentially reputation-damaging Product Recall. There should be a similar stigma to issuing software with bugs..
This will obviously impact development time and potentially the final cost of the product. Lowest common denominator want the product now, at the lowest price, and that's where the problem lies.
Get the software right before shipping it, then updates will no longer be necessary.
Sorry, beyond a simple Hello World app, this is never going to happen. Even code with plenty of eyes on it and much time lavished upon getting it right still has bugs, so this is totally unrealistic. Likewise stigmatizing companies that report bugs in their software is exactly the opposite of useful. There have been too many that have relied on security by obscurity in the past and none have had great success with that approach. To make a similar analogy to the one given, imagine having to drive around with a potentially fatal flaw in your vehicle because the manufacturer chose to hide their error and cover up any incidents that resulted from it.
Everybody makes mistakes, including developers. It's how they are dealt with that matters. What is being advocated here has been thoroughly and repeatedly debunked in the marketplace. If what was said was failure to follow a reasonable or a best practices approach to security is deserving of ridicule and penalties, I would be right there with the rest of the mob, throwing rotten tomatoes. But what was given there... not so much.
Well, software has a rather larger state space than a toaster, so good luck with that.
And as long as people insist on "C"/"C++" and likewise impossible-to-get-it-right languages with the underlying stack-over-the-hardware flaky in any case and mathematical-proofs-of-conformance-to-specs both still rather rare (except in aerospace and then bugs occur) and often impossible-to-very-hard-to-do (dynamic languages? out goes the proof) and the specs inevitably error-prone, I will stay with the updates, thanks.
Inb4: "I program better in C/C++ than you will ever do in Mercury/Haskell/F# my mouth breathing proves it" ...
Spend the time to adequately test the software under all conditions, and the product will be so out of date by the time it is ready for market that you won't sell it. Blame the customers for refusing to buy a device (no matter how bug-free) unless it has all the latest gimmicks.
Easy come, easy go.
If new products had compelling features on there that were well thought out and reliable, there would be a better chance that that product would have a longer life. As it is, we're seeing potentially good ideas coming out in half-baked form and they just get discarded after the novelty wears off. Quite often there's no upgrade path and things have to be re-entered from scratch.
Yesterday I was helping someone setup email on his newly purchased Surface. The Windows Mail "app" is atrocious - I installed Thunderbird instead and "it just worked". By the time MS fine-tune their Mail app to make it work reliably people will have developed a Pavlovian response to avoid it - how useful is that kind of "reputation" to the authors of MS Mail at any stage of its development?
To my mind there are many products out there which have a reputation for reliability which parallel the functionality of much more "visible" yet paradoxically ephemeral products. They chug along, year after year, with functionality bolted on in the same way that you might add decorative features to a piece of architecture (if you've gone past the temple in Alperton semi-regularly over the last 14 years during the time of its construction you will know what I'm talking about). Because the core design is solid, there's no need to back-track before moving forward again. I'm thinking of products such as Time & Chaos/Intellect, Thumbs Plus, Pegasus email which are underrated because they presumably have less need to seek the limelight.
I've said it before, but the current pace of technology is moving too fast for people to understand/appreciate/use it truly productively.
> And as long as people insist on "C"/"C++" and likewise impossible-to-get-it-right languages
Been doing c++ for two decades and always got it right, after a few iterations. So it may be impossible for you, not for me and countless others. Maybe attend some night courses?
I was already doing assembly on the System/370 back when the PDP-11/780 with C was installed in our satellite computing centers on campus (1978). I didn't pick up C until I met the Amiga (1985), been programming it since but well turned binary still features if it's justified. The same with any language or toolkit. Constraints are a feature in engineering and rigor is what you apply to obtain those constraints. Those determine the engineering, in conjunction with the usual space, time, and budget. And if those last three can get people killed, I ain't doing it. I walk.
Usually I'm the one tossing this red meat out there. Twenty-five year old production code still in use every day, and no bugs and you'd have heard about it on the national news if it had.
If you choose to use Windows as an underlying operating system, there's _lots_ of complexity you cannot turn off. For example you have a full network stack you may or may not need. You have a complex boot system, you have a registry or logging system, you have a shell, you have USB support, etc. All of those features may be use full for your project or they may not. In any case it's pseudo dead code which is of little use, but may turn out to be a security problem.
If you want to have secure systems, you must have simple systems. That's more a question of your mind set rather than a question of your language... however there seems to be a correlation between people using C++-style OOP languages (C++, C#, Java, etc) and people who don't know how to simplify problems. Therefore it appears that most C++/C#/Java programs become horribly complex and unmaintainable.
When you consider the IOT consists of taking things that have functioned well for decades, and then adding magic Internet pixie dust that leaves them available to any sod on the web that wants to access them, surely The IOT stands for "The Insecuring Of Things"?
"There is nothing wrong with your television set, fridge toaster, washing machine, blender etc. Do not attempt to adjust the picture interfere. We are controlling transmission. If we wish to make it louder, we will bring up the volume. If we wish to make it softer, we will tune it to a whisper. We will control the horizontal. We will control the vertical. We can roll the image, make it flutter. We can change the focus to a soft blur or sharpen it to crystal clarity. For the next hour ever, sit quietly and we will control all that you see and hear. We repeat: there is nothing wrong with your television set electronics. You are about to participate in a great adventure nightmare. You are about to experience the awe and mystery terror which reaches from the inner mind to – The Outer Limits.
Well usually that's because it makes sense in some way (think of ticket vending machines, reporting back how many tickets they have sold, or how much paper they still have and when the money needs to be emptied out), but you have no fucking clue how to design such a machine, so you slapped some VB GUI onto it running with Access as a database. You perhaps even have some self-drawn user interface eliminating all the remaining advantages of Windows. Instead of getting a competent programmer to re-implement the whole thing in a couple of days, management decides to throw good money after bad and just put the existing system onto the Internet.
A risk of being called a Luddite, what is the real value of IoT for most people? For most (other than the 3 people in world who need IoT) it seems to be a vanity issue not a necessity. I can only think of a handful of devices that need any access to the Internet for reasonable functionality: computers, smartphones, tablets, and e-readers are about it. Toasters, washers, microwaves, etc. work very well without any access now and will in the future.
Its a gimmick to sell stuff.
"Look at our super whizzy thingy, its got all the functions of last years super whizzy thingy , but with internet access"
And theres people dumb enough to buy it.
You only have to look at the ads appearing for "control your heating from your phone" type apps.
For 99% of us, a simple clock timer is perfectly good, on for an hour in the morning, on for an hour when the kids get home from school, on for 2 hours in the evening while everyone get hypnotised by the square box, then on for 3 hrs at a time over the weekend.
But you can control your heating via your phone...... lets hope security is uptogether otherwise someone else will be controlling your system.
And you'll be home to a cold shower because some luser has turned off your boiler......