There's a hardware platform I've been keen to implement for some time, and to some extent I keep putting it off when I think about how challenging security and a good UX would be. Apparently the bar is lower than I thought.
Then they're told "oh yeah, this has to be ready by the Christmas selling season, which means you need to lock down firmware by July 1st. And we're demoing it at a trade show in May." And it's already April.
So the engineers comment out printf("Hello World\n"); and start writing a camera. And so on. If they remember to take the other crap out of the Makefile (including the demo pictures of Obama), that's probably because they ran out of space in NOR Flash. Otherwise it stays in. Is there time to run network hidey-hole testing on the WiFi stuff? They're probably happy the thing takes a picture without wiping the SD Card a this point.
It's all bubble-gum and duct tape underneath it all. From your Toyota auto to your Samsung camera to the Smart TV on your wall to the KitchenAid LCD oven in your house.
"On a cyclomatic-complexity scale, a rating of 10 is considered workable code, with 15 being the upper limit for some exceptional cases. Toyota’s code had dozens upon dozens of functions that rated higher than 50. Tellingly, the throttle-angle sensor function scored more than 100, making it completely and utterly untestable."
Michael Barr was the engineer that was able to sit down with the Toyota engine code during the "unintended acceleration" lawsuit and determine what NASA could not: that the code was a wreck:
Like I said. Bubble gum and duct tape.
I don't know about Toyota specifically, but I work for a regulated sector, and the end result is that we generate documented and ISO 9001:2000 - compliant duct tape and bubble gum :P .
The existence of false positives doesn't mean the whole exercise is pointless.
In the particular company I work for (financial sector), there has been an increase in regulation and auditing of security practices. They're still really bad, you've seen endless posts here decrying the awfulness of some banking security practices. The worst thing is, they've probably been audited and made to pass some kind of regulatory standard, and the very fact they had to go through all that makes it harder to change (even if they're awful) since managament isn't willing to authorize it, especially since it doesn't affect the bottom line.
If more people have to resign (like the Target CEO), maybe things will change, but I suspect IT people will become scapegoats instead.
You can lead a horse to water...
It does seem to be not that hard to attain a certification.
There is no strict quality or safety (or aesthetic, for that matter) regulation for the entertainment/climate control system user interfaces.
(In case you've ever wondered: yes, these screens do often show information from the engine computer. For example, the 2nd generation Prius's center console screen shows live information about the hybrid system. But that information is pretty much always obtained from a read-only connection to the CAN bus.)
It would be less notable, though, if not for the contributions that Toyota brought to the craft, which are basically the same that today's developers apply so pridefully in their work.
If they're not going to use it or understand it, why spend time on it?
The model is moving to ISP-controlled network hardware anyway.
All new Comcast modems are remotely manageable by Comcast and they enable features that customers have to call Comcast to disable, as Comcast has better access to the modem firmware than the end user.
iOS does something similar - http://blog.erratasec.com/2010/09/apples-secret-wispr-reques...
Still, lots of fun stuff for a developer user there, though. It runs a full X server, so technically some Linux people might consider it even more capable than Android.
Supporting a shared amongst manufacturers format like DLNA is cool too. Maybe a different brand smartphone could work with it more easily then, for example.
Title: Black Hat USA 2013 - Exploiting Network Surveillance Cameras Like a Hollywood Hacker
What is it with Samsung and software? I mean, they can crank out some decent hardware, but their software is consistently abysmal. I have a Note 3. Ignore the plasticy and cheesy (fake leather stitching? Really?) exterior, and it's a decent piece of kit. But the included software is consistently crap. I bought the Note for the stylus, but both S Note and Action Memo apps that are to be used with the stylus consistently lost data. I think they fixed it in a later update (haven't lost data lately), but it doesn't inspire confidence.
The prime example is Samsung's new Gear Fit. It just plain doesn't work as advertised, and it's due to unbelievably broken software. The only things that work reliably are the notifications and the pedometer. And though the pedometer works (if a bit inaccurately) the data reporting is broken. I mean so broken that if you want a historical listing of your steps each day, you'll have to write it down because the data reporting is grossly inaccurate. Everything else, including most exercise functionality, just doesn't work. I thought it would be fun (and please pardon the shameless plug) to see if I can post a new bug every day: http://gearfitbugs.tumblr.com (been slacking the last few days for lack of time).
Point is, how do they stay in business? Who buys one Samsung product and then turns around later to buy another one (okay, me, I guess)? For me, they don't get three strikes. Two hardware products with amateur-level software (with apologies to all amateur developers out there; your stuff is likely better than Samsung's) are the only chances Samsung will get with me. And if they think I'm letting one of their Internet-connected TVs (with mic and camera) in my house, they're delusional.
The Gear Fit brought to mind another question that I'll likely never get an answer to: how does this happen? Fine, you made some really bad dev hires. But don't you have a test team? Does the test team suck, or are they just ignored? What about project management? When the test team comes back and says, "the cycling function doesn't work. It will never record a whole workout without stopping mid-way.", does PM just say "ship it anyway"? Come ship date, you just take whatever is sitting at HEAD no matter what shape it's in, build it and call it the RTM build? I would seriously pay a week's wages to spend a week with their product team to get a look from the inside on how not to build software.
And to be fair to Samsung, even software companies which should know better have gotten software quality spectacularly wrong on occasion.
One more thing (just so that I don't get accused of hating Samsung): sometimes, they get things right, also, at least from my perspective. I may be in the minority, but I enjoy their TouchWiz and prefer it to generic Android.
It's very likely management attitudes that prevent decent software engineering. Every project has to tied to a near term business feature and strategic long term design and goals is determined by business people who probably never programmed in their life. Engineers probably can never push for large refactoring projects and proper long term design that will allow the company to deliver projects faster in the long term since the short term is what matters. They have to trojan horse them as performance improvement projects or similar.
tldr: Improper internal incentives
You nailed it, as if you saw it with your own eyes. Kudos.
I think having a camera with X server running on it is cool. I have no idea what I'd do with it but cool nonetheless.
>> Come ship date, you just take whatever is sitting at HEAD no matter what shape it's in, build it and call it the RTM build?
"Pixar films don't get finished, they just get released." --- http://www.lettersofnote.com/2010/06/pixar-films-dont-get-fi...
1. http://www.samsung.com/ca/consumer/tv-video/media-players/me... ...why not just get a smartphone? Because whatever, that's why.
haha. As someone with some knowledge of Korea, I can add a few pointers. Of course it should NOT be used to paint a broad black/white picture of S Korea or even the state of IT companies in S Korea, but let me try. Please note this is just a personal view.
First, Samsung and other S Korean companies know their weakness is software. They started providing more funding for software majors and Samsung even started a program where they will sponsor (pay salary, provide office space) high school graduates (but not in college yet) to study coding and put out projects over a period of a years (?) all in order to have more more talent get into software.
So WHY this seemingly lack of talent/interest in software building in S Korea's mega corporations? Surely with companies such as Hyundai Motors and Hyundai Shipyards and Samsung memory chips, it shouldn't be that hard to find good software engineers and coders?
I was told one reason is software piracy. It's gotten much better but in the past software piracy was a big issue in SK. I've used/seen many softwares in the past but the only one that ever required a physical dongle for licensing was a Korean Word processor. I had to support it a bit many many years ago. That was the only one with physical dongle for licensing that I've come across. Why the piracy? Well because people didn't have money (or thought didn't have enough money to spend on some intangible thing that requires a fee based upgrade in just a 1 or so). There's a reason linux/opensource is strong in some countries. Some just don't have the money to spend on software.
So due to piracy, a generation of students came to think that software was not a secure career path. Why get into a career to work to build something that can be easily copied at little cost?
Another reason I see is English. Again, it's gotten better with the obscene amount of money the nation as a whole spends on learning English and now other languages. But learning English for S Koreans used to be pretty intimidating. Sure source code is nonsensical alphabets to even native English speakers. Imagine someone learning English for first time starting in middle school with a dozen other subjets to learn. No wonder it was hard to find decent English speaker/writer in S Korea for decades. If you were decent at English, you had other far more prestigous/lucrative career path for you.
One possible reason that the seemingly big/stable corporations in S Korea don't seem to attract good coders is requirement for degree from top school. Getting into good college in S Korea is hard enough. Well, getting into one of the big corporations like Hyundai/Samsung is even more competitive. And we all know the really outstanding programmer/coder/startupers usually didn't have a degree when they started out in programming/IT. Like Jobs, Gates, etc.
That's my 2 cents.
The rapid industrialization of Korea over the last 50 years put a heavy emphasis on hardware: first it was clothes and shoes, then it was cars and TV, and now the focus is on memory chips and displays. Hardware is visible, tangible, easily quantifiable. "We shipped 10 million phones this month!"
But a culture that is obsessed with hardware will often have difficulty appreciating the value of software. Even nowadays, salaries for software developers are often calculated in the same way they calculate the wages for manual laborers , and the hourly rate is only around 2x of what manual laborers earn ($200/day vs. $90/day on average). Software is seen as something you do by throwing a bunch of man-hours at it. After all, that's how you've been doing hardware all along.
The same thing seems to happen in Japan, though to a somewhat lesser extent. Sony, for example, isn't exactly known for their world-class software, are they?
 Recommended daily wages for various skill levels, as of 2012: http://www.kdb.or.kr/info/info_01_07.php?mode=detail&dbnum=2...
Sony contracts out a lot of their software needs, and some of it out of Japan so that's probably not a good example to pick.
Wow, this is really interesting - in Russia, piracy was as prevalent, but my gut feeling is that Russian software is far superior to their hardware.
I always saw it as an inverse relationship. Once everything is pirated (Windows OS, utilities, games, Photoshop, business software) there is no incentive to adopt open source. Just keep pirating.
While there are haters of the "pure android experience", I like it, because it is quite stable. What I cannot imagine is someone in LG/Samsung saying "We can do better android". Forget design, testing etc. How can the lack of design, tech understanding/expertise in the team go along with ambitious projects like this?
More importantly, If I were building a product that fits the above description, how would I know?