Custom and open operating systems are the only way forward against this sort of bullshit. It's not just crappy engineering, it's also TVs doing analytics on what you watch, always-on cameras, etc..
As long as we have the power to root these devices and install our own software on it, we will be fine. But for how long is that going to keep up?
> TVs doing analytics on what you watch, always-on cameras
Who's doing the watching now? That sounds ridiculously Orwellian...
> As long as we have the power to root these devices and install our own software on it, we will be fine. But for how long is that going to keep up?
The most interesting part of this is that "rooting" often relies on finding and exploiting a vulnerability, something that would be considered detrimental to security and normally thought of as a bug. In other words, this power is coming from having not-so-secure devices. Imagine if this TV was more secure; it used DNSSEC and HTTPS to authenticate/encrypt communications, and was designed to be resistant to tampering via hardware (secure processor, encrypted memory, etc.) -- ostensibly for things like DRM. Do suggestions like "all Internet traffic should be encrypted" start to look less appealing now? To say it plainly, in this case "insecurity is freedom."
The question isn't necessarily about rooting, seeing as the vast majority of people don't know what that even means. They shouldn't be tracking what we watch in the first place.
Reminds me of this story from a year or two ago, where LG continued collecting data even after the feature had been disabled on their TVs.
I agree, but we need proper technical and social solutions. Tracking will be done. Yes, it's disgusting that some of this is legal in the first place, but even if it were illegal there would be companies doing it and we would need solutions against these.
It's not so much a single point of failure as it is colossal stupidity on the part of an engineering team. They just didn't think out the consequences. It's a bad design, but they couldn't tell. They're crappy software engineers.
The problem is that you can't tell this until it fails. You can see a scratched screen or fuzzy display, but you can't detect garbage software until it goes sideways.
But now we have another good data point to support the generalization that the firmware on TVs that doesn't do actual core TV funtionality, like video-related stuff, is pretty bad, and consumers should avoid these features.
The engineers were probably well aware that it was a bad design, but it was an expedient design. "It works, ship it." It's just a matter of priorities and limited resources -- do you work on making the software better or do you harden it against a highly unlikely point of failure?
I agree that the engineers (a) probably understood it was a bad design, but (b) were told to do it that way and to ship it.
But it's still cravenly bad design. I'll bet twenty dollars that people are going to be doing regular DDOS attacks against that Samsung server now, and that Samsung will have a ton of trouble keeping their TVs functional. You're correct that data centers don't catch on fire very often (cable cuts are lots more frequent), but that's not the interesting failure mode now. Bored script kiddies and blackmail are going to be next.
A week of schedule slip (if that) is going to translate into a bunch of bad publicity and upset customers because of expedience. This may not be pretty.
[I'm wondering what the firmware update story for these TVs is. Is it secure? Is it reliable? Is it a crappy user experience? Can you update the firmware at all?]
You know, as an end user, I'm getting kind of tired of the "The engineers were told to do it wrong by those mean, nasty managers! It's not their fault!" excuse. The people writing this software are presumably grown-ups--professionals who need to start taking some responsibility for the crap they shovel out into the world.
If a construction engineer built an apartment building that he knew was going to fall over, his PE license could be suspended or revoked. It doesn't matter who told him to do it.
Managers control reviews, and money. So that'd be a way to vote with your feet (by quitting).
In most companies, engineers don't control what gets shipped. There is no way to say "No, you can't ship this," and the product is going out with crappy quality because of a ship date. It comes down to how companies determine software quality, and how much they care.
In really bad cases, nobody can tell that the software is terrible.
In truly horrible cases, everyone knows the software is crap, but they ship it anyway because they don't care.
In any case, "getting professional" in some companies would mean losing your job.
