
Software-dependent devices: do they now need expiration dates? - winternett
http://circuitbored.com/communicate/viewtopic.php?f=3&t=187
======
nicolaslem
As time passes the more I think that Stallman was right:

Today there is no way I'm buying a device that a company can turn into a
paperweight by flipping a switch.

Tomorrow I won't probably buy anything where I'm not controlling the software.

~~~
winternett
Some instances of software truly need the Internet to run, E.G. Facebook or
GTA Online. Many software tools don't need that connection to run, but are
heavily embedded with connection dependencies like a calculator app (stable
technology). Many of these apps and devices become totally useless if an
active connection is not available. This is a bad move companies make all the
time to encourage our dependence. The same goes for Hardware -- Do you really
need to send a Tweet from your refrigerator?

Identifying the frivolous items that do not need to be Internet reliant and
avoiding them altogether might be the key to sanity, unless you want GE
logging each time you open your refrigerator door and spying on what you buy
and store in it.

This discussion ties into so many issues faced in modern day society.
Technology should serve in making life easier, less expensive, and more
efficient for all of us, not in manipulating our emotions, costing more over
time, and in tracking our decisions and movements.

~~~
LeftHandPath
I’ve been harassing my dad for ages over his purchase of a WiFi-enabled LG
fridge.

Neither of us know why it’s connected - but it is, and it proudly displays a
WiFi icon with a backlit LED right above the water dispenser.

The only thing you can possibly gain from a WiFi-enabled fridge (it has no
voice commands, no screen, etc) is just being monitored and/or hacked. There
is literally no benefit to the consumer from having WiFi on that device.

~~~
DaiPlusPlus
> The only thing you can possibly gain from a WiFi-enabled fridge (it has no
> voice commands, no screen, etc) is just being monitored and/or hacked. There
> is literally no benefit to the consumer from having WiFi on that device.

Does it at least have cameras inside the main cavity so you can see what
you're short-of on your phone when you're at the supermarket?

~~~
bordercases
Take a photo before you go mate

------
alkaline9
Perishable software is a huge problem - things keep operating only in dynamic
equilibrium, such that they would fall apart as soon as we stop putting energy
into fixing flaws.

I have been thinking for years that as a society, we need 100-year products.
It would be a global good to counteract the local incentives for producing
perishable software.

However, over time I have realized that there are legitimately unforeseen
circumstances that come up - for example, the general realization of the need
for stricter security around logins (e.g. two-factor authentication). Maybe a
10 year time window is realistic for now.

In the meantime, requiring expiration days would go a long way towards calling
out how perishable our devices and software are.

~~~
viklove
> such that they would fall apart as soon as we stop putting energy into
> fixing flaws

This is not true. The only reason software needs constant updates is because
new features are constantly being added to stay competitive. If you stop
adding features, in theory you will eventually run out of bugs to fix as well.

The problem is feature creep. Software doesn't "decay," and thus does not need
infinite maintenance.

~~~
oneplane
That is assuming that software is ever written 'correctly', which outside of
(semi-) academic exercise is never the case (so far).

You can have a program with 1 purpose and no added features experience a
variety of critical flaws over a period of 30 years. While there might not be
a 'decay' as such, there definitely is new understanding and as such new
attack vectors.

The same goes for the stuff the software runs on top of. Your program might be
programmed just fine, but if the CPU it was programmed on no longer exists and
the replacement CPU has new features that allow that program to be exploited
in new ways, that is still a flaw of the software. It couldn't have been
foreseen, but it still happens.

The concept dat the things we build are frozen in time never holds up. The
difference with software vs 'other things' is that it doesn't degrade or get
'used up' (as you wrote yourself). But the things around it do and as you
cannot write programs against all possible future contexts, it will need
maintenance for as long as it is in use (from a software perspective - a
business thinks differently about that, especially risk analysts).

~~~
taeric
Not really. There is literally precedent in this regard. TeX is stable. Very
stable.

Has it been extended? Yes. And some extensions can be seen as borderline
required. But I'm not unconvinced that one of the biggest factors in this is
that he tried to make it stable. And showed great restraint in what
requirements to go after.

~~~
oneplane
Which TeX? Over the last 10 years, over 20 serious and critical
vulnerabilities have been found in various TeX implementations. They were all
fixed via... maintenance.

~~~
taeric
How many of those were extensions? Pdftex, as an example, is not TeX. There
have been roughly, what, eight releases in TeX since version 3? Hence we are
now at 3.14159265.

This is not to say things couldn't have been done better. But I love that all
of my documents still compile just fine. Modern practices? Nope.

~~~
taeric
Coming back to this after a few days. I also can't help but take a double take
at 20 vulnerabilities in 10 years being a serious criticism. Is the implicit
claim that this is a bad record compared to other software legit? (Honest
question.)

------
JadeNB
No, they need expiration dates _more than_ milk, because at least the dairy
farmer isn't coming into my house to curdle my milk in the middle of the
night.

~~~
winternett
Good point. Planned obsolescence has always been a valid threat against our
financial futures. Pushed software updates can secretly render IOT devices
useless or slow them down. i predict there will be a ton of class action suits
in years to come over this, the real tragedy is that bilked consumers will
likely never be the ones who recover the loss. It's unfortunately the way of
capitalism.

------
anyonecancode
Maybe a better analogy isn't milk, but car seats? I was surprised to learn
about car seat expiration when I became a parent, but it makes sense -- the
materials themselves break down over time, and safety standards and research
evolve. I don't think it's too big of a leap to see software in a similar way.
Even if the code itself still runs just fine in ten years, likely the context
it runs in has long changed.

~~~
leoedin
The car seat thing is actually mostly unfounded. There's a lot of social panic
about child safety.

[https://www.google.com/amp/s/www.marketplace.org/2019/11/14/...](https://www.google.com/amp/s/www.marketplace.org/2019/11/14/is-
there-any-data-that-says-secondhand-car-seats-arent-safe/amp)

~~~
anyonecancode
And in a future where software-dependent devices have expiry dates, we can
debate if worries about using them past their published expiration are
warranted or are examples of social panic. I think a future where those
debates happen, as opposed to one where the majority of people are not even
aware of it as an issue worth considering, is a better one.

------
m-p-3
A good example would be Chromeboxes and Chromebooks. They really should put an
expiration date / EOL on the packaging and system itself.

~~~
inetknght
Chromeboxes and Chromebooks should _not_ have expiration dates. The company
that built them should be fined for dropping them.

~~~
m-p-3
Indeed they shouldn't, and it should be easy to flash a custom OS to give them
a second life.

------
mfer
The software doesn't "expire" or "perish". The software isn't gone. The
software may go into a state of not getting updates.

A lot of the problems outlined in the post have to do with device and solution
design decisions rather than in software expiring.

This also touches on open source software lifecycle choices. PHP may be
updating quicker than it used to but the backwards compatibility is amazing.

Angular 9 moving at this pace of change is an example of a lot of churn. Churn
is fun for us devs while we work on things but not great for the solutions our
stuff is embedded in.

~~~
rasz
It sure does expire its usefulness. Try running old phpBB forum, Android 4
phone, or browser from 2011. Software degrades into a point of uselessness.

~~~
anon73044
And yet, Windows XP and IE 5 still have a nonzero market share for some
reason.

~~~
user5994461
Windows XP and Vista have a market share of less than 0.1% if we are to
believe steam stats.
[https://store.steampowered.com/hwsurvey/](https://store.steampowered.com/hwsurvey/)

Either that, or steam doesn't work on these and the missing 0.1% are Windows
Server OS. Turns out, software does stop working for real.

~~~
ryl00
Steam dropped support for XP and Vista last year

[https://support.steampowered.com/kb_article.php?ref=1558-AFC...](https://support.steampowered.com/kb_article.php?ref=1558-AFCM-4577)

------
mamborambo
The "Buy it for life" movement would absolutely need to flag software-
dependency as an anti-feature. My recent smart TV purchase is regrettably tied
to a fixed China-hosted domain name to fetch the main pages, and despite many
calls to the manufacturer they refuse to tell me how to change that hard-wired
address to another one. I hope the consumers can rally together and create a
crowdsourced BIFL database of which brands to avoid, and perhaps how to
circumvent these software dependency.

~~~
phendrenad2
You could do it at the router level.

------
beloch
The problem with planning obsolescence in this manner is that different people
use their devices differently and have different expectations, both of which
make their devices go obsolete at different times.

An ancient phone that hasn't had an OS update in years still has a good shot
at being able to handle texts and phone-calls. If that's all a user wants from
it, it's not obsolete until it becomes so old it can't talk to their carrier's
network. This is the sort of user who might not be afraid of replacing
batteries.

Another user might want to do a fair bit with his phone and be just barely
satisfied with the quickness of the interface when he first gets his device. A
couple of updates, with their associated bloat, might reduce the speed of the
interface enough that the phone becomes, as far as this user is concerned,
ready for the junkpile.

If you're making the phones these two users are buying, how do you choose an
expiration date? If you put it somewhere in between the above two extremes,
one user will angrily bin their phone long before the expiration date and
place no further trust in such dates, or your brand, while the other user,
knowing how long his phones typically last, might not even buy a phone with
such a short official lifetime.

Expiration dates are for milk and eggs. What users want is for the makers of
the products they're using to commit to meeting their needs for a reasonable
time period. People understand that hardware goes obsolete, but are less
understanding when companies provide software updates that have so much bloat
that devices become progressively _less_ capable and effectively lose
features. People get _mad_ , and rightfully so, when companies refuse to sell
repair parts and actively sue anyone making third-party parts.

~~~
winternett
Then perhaps companies should price these devices accordingly to correspond
with flawless performance during a pre-specified time period. Right now, if we
spend $1,000 on a new XXXYZ Phone, there is no commitment to flawless and
essential updates from the company. As they release new devices each year
pretty much, it would be in a company's (shareholder-driven) best interests to
encourage their user base to upgrade each time a new device is released. This
tends to drive the need to intentionally degrade older devices via updates for
industry leading companies, by driving annual revenue upwards on a more
predictable schedule.

~~~
beloch
If a company raises their prices and commits to spending more on software
updates, users are going to buy a similarly spec'd phone that's cheaper. Their
perceived value of software updates is "free".

It's arguable that many manufacturers already have wide enough profit margins
on their devices that they could easily spend more on software, but choose not
to specifically for the reasons you mention. Artificially accelerated
obsolescence is a key part of many manufacturers' business models.

What needs to happen is for consumers to start looking at devices in terms of
cost/lifetime rather than just the up-front cost. This would necessarily
involve placing value on repairability and software updates that don't degrade
performance. Phone designs are practically runway fashion now though, and seem
deliberately designed to frustrate such a shift in consumer sensibilities.

------
JohnFen
I don't know about expiration dates, but I think a hard-to-miss warning in the
product description and packaging would be highly desirable.

------
rapjr9
The problem with expiration dates for software/hardware is that it's difficult
to predict when they expire. A new malware attack can make an entire class of
device obsolete overnight. IoT devices might be fine if you keep them on a
private network but expire quickly if exposed to the internet. A device might
be abandoned by a company (no more firmware updates) but later adopted by the
open source movement and then updated for a decade. Everyone might be using a
device thinking it's safe when actually an APT has had a compromise for it for
years. Maybe a better solution is the ability to force obsolescence, but then
companies might misuse that and it could be an attack route itself to turn off
the devices. An expiration date or forced obsolescence can destroy many things
that are actually still useful. A companies commitment to provide updates may
be some indication of expected life, but is also a guess and how can you trust
that small companies (innovators) will be around in the future?

Maybe the solution is the old fashioned approach to hardening devices; keep
improving them until we know they are stable and reliable and then keep making
the same thing, like old Unix servers. But people like new things and there
are always desirable features that could be added. All changes are the
potential creation of new vulnerabilities.

The Soviet Union used common parts to make many different devices, which made
them last forever because they were easy to fix. But that also kept them from
switching to new devices because it would obsolete so much infrastructure and
the social functions built around it.

The only long term solution may be to change society so no one has an interest
in doing bad things, it becomes boring and unattractive. That doesn't
eliminate all risks though, because the world itself changes and can cause new
unforeseen problems.

A layered approach could protect devices better, giving them a longer useful
life. And if they were designed well (by iterating) to start with, that would
help too. A plan for what to do, just in case, might help as well. Risk and
cost assessment can help make wise decisions. Sometimes the only solution will
be to just pull all the devices and replace them, at high cost.

We're already facing multiple problems along these lines (compromised home
routers, bugs in CPU's, zero days, people not updating software) so there is
something to be learned from current problems and solutions.

One really difficult problem is we don't really know how to make things that
last a long time at a reasonable cost. Have a look at the projects of the Long
Now Foundation:

[http://longnow.org/](http://longnow.org/)

~~~
winternett
Companies should really get a grip on how long things last under normal
conditions... They issue warranties on a lot of their goods. Software rarely
comes with useful or valid warranties because it is often updated, but for
business users they have fixed periods of support, where the company pays a
subscription fee for membership. Developing something like that (reasonably)
into the price of software could bridge the gap. Someone has to do something
firm in terms of policy now that so many software makers are actively playing
with the loopholes.

------
jkmcf
A perfect example: the Sonos debacle from a few weeks ago.

~~~
winternett
And they're pretty much wireless speakers... Something that really shouldn't
need updates ever. But somehow they require remote updates. :[

~~~
tbyehl
They're not 'pretty much wireless speakers', else any Bluetooth or AirPlay
speaker would be an equivalent substitute.

They're self-meshing wireless routers combined with a media streamer and
packaged into a speaker. They also self-cluster / coordinate to support
surround sound, grouping, and AirPlay.

Complicated stuff. Sucks that they don't provide the option to offload some of
that work to a computer or appliance, letting the speakers be less smart and
have increased longevity, but that's the trade-off in a smart speaker system
where customers can start with just one speaker and not need to buy anything
else.

~~~
winternett
I get it... Smart TVs with embedded apps are being retired in the same way,
but at least when that happens you can use an aux connection to make the
device still viable in some sort of way. I use an HDMI wireless connection
from my laptop for example, never needed apps to run from my TV since day 1.

I avoid buying most devices that do things that my Laptop and desktop PCs can
do these days with function-specific (dumb speakers), because even if worst
comes to worst I can always install Linux and keep grinding for the most part.

------
commandersaki
> Hardware now (storage, memory, and processing power) are finite in devices
> like most mobile phones, eventually due to storage, and processing power,
> they slow down and eventually need to be retired.

Pet peeve. Hardware if ever slows down. It's the software that gets worse.

~~~
safety-third
Always on accident of course. There is no way a hardware manufacturer would
intentionally sabotage their products to boost sales.

------
tinus_hn
That would be nice but people still complain even if the support lifecycle is
known in advanced as with Windows XP and 7.

------
hughw
We need software escrow for consumers.

