They almost certainly do, but there's some way that the test jig differs from the units in the field, for example:
- The test jig is probably pristine, so no hundreds of hours of telemetry data clogging up the internal storage.
- The test jig might be on ethernet whereas a lot of users would be using wifi.
- The test jig probably targets specific A -> B upgrades rather than testing progressive upgrade across every version that's ever exists.
- The test jig can't cover every permutation of config options.
- The test jig probably only does a bare minimal smoke test after the install, so if the problem takes a bit to kick in, it might not show up.
Not to say that it's certainly any of these, but all are possible contributors. In the coming days it'll become clearer what particular pattern the affected devices follows, and/or clever people with JTAG dongles will reverse engineer the problem and spill the beans.
If the damage is actually as bad as it sounds, Samsung is probably talking with their lawyers and is being instructed to maintain radio silence so as to better prepare for the class-action lawsuit.
That's logical reasoning, not corporation reasoning.
Nobody involved in the decision making cares about the customers. They only care about the potential hit to the bottom line, and if that's perceived as callous silence, they don't care. Unless, of course, they decide that appearing to care and being responsive results in less of a hit.
Silences like these are strategic and dependably predictable - engaging with customers on average costs more than remaining silent for whatever metric they've applied to the fix. If it takes longer than they thought, they might feel compelled to speak out, or they could just depend on the issue to fade into the 24 hour news cycle. Engaging with a customer runs the risk of them interacting with some threshold of people that will keep the negative story in the headlines for longer than it might otherwise be.
Remember when Crowdstrike crashed half the computers on the planet for a full day? Well, if you do, you're one of the few, because people are still using Crowdstrike, and the stock is still doing well overall.
Law is not logical and rarely makes sense. I'm not suggesting at all that they are doing the morally correct thing, but there are a bunch of ways that you can legally admit liability without meaning to.
For example, little life pro-tip, never directly pay for a loan that you aren't liable for. Proxy it through the debtor, or not at all and get a lawyer if the debtor is deceased.
Depends, radio silence will cost you money compared to just fixing the problem if that's feasible but it will save you money compared to accidentally admitting to liability in a rushed press release.
Yeah, some people say they got replacements through the warranty. The problem is, this thing is really big and heavy, so boxing it up is a real pain, especially if you've had it a while and already threw out the original box.
My Samsung TV got more and more unusable with every update. Over the years, saved apps, like Youtube, started to disappear every time it woke up. Then it would default to their Samsung TV app, rather than your last app. Samsung TV app happened to be on the Baywatch channel every time my young children started the stupid thing. Finally, after it took 2 minutes to load the youtube app, I factory-reset the device, disconnected the internet from it, and put a Beelink mini PC in front of it. Works flawlessly.
Samsung product life cycle support seems like planned obsolescence.
Contrary to lots of other opinions here, I bought a 65" Samsung TV at the beginning of covid and I sincerely don't have any significant complaints. The remote is easy to use, launching apps is straightforward, connecting an ARC soundbar was no problem, nor was connecting a Chromecast and an Xbox, and it "just works". Every once in a blue moon (maybe twice a year-ish) I've had to power cycle it to fix a wifi connectivity issue, which may well just be a result of DHCP lease expiration on my network.
I have a modern Sony Bravia, too, which is running "Google TV" natively. On the plus side, the UI is just about identical to what you get with a Google TV dongle (which I also have, plugged into an old 32" monitor in front of my bike trainer), but it's also a really heavy interface that's also increasingly rich in ads. If your household is like mine, and holds subscriptions to a half dozen or more streaming services, some of which are bundled and some of which are either discounted or comped via entirely different subscriptions (mobile phone) or membership (credit card), it's really not helpful to have Google show me subscriptions I might want to add-on to my Google TV sub, nor do I appreciate seeing ads for content from things I don't subscribe to. Also, the Sony remote has about 50 buttons -- not a fan.
All things considered, I end up having to fiddle with the Sony TV far more frequently than the Samsung one, usually because of network or app issues.
We have an old Roku stick plugged into an old tv in a spare room, too, and it's almost intolerably slow. It's primary use case is to plug into our projector for backyard movies in nice weather, so I keep it around, but man is it dog slow.
I have a similar experience with my high-end Samsung TV from 2013. The TV itself still works perfectly so I'm not replacing it soon (still 1080p, not 4K, but...), but over time, Samsung has steadily removed key features with each update. When I first bought it, it supported Skype video calls (and now the integrated webcam can't be used at all), IPTV streaming, and various third-party apps — all of which are now gone.
Microsoft removed support for Skype on TV, not Samsung.
Most apps get removed because the people writing them don't want to support them anymore. The Samsung framework from 2013 was always trouble and it doesn't support many current W3C features that you'd want as a developer. Most people I know are drawing the line at supporting 2014 or 2016 Samsung devices.
Could Samsung update their devices to ensure they still supported modern frameworks? Possibly, but they don't really get any revenue from providing OS upgrades and those devices suck in terms of RAM and CPU.
I hate this idea that software "rots" all by itself when it's just left on a device and is impossible to keep working. I would at the very, very least expect my device to work exactly as it did on day one, for the next 50 years, assuming I don't change the software. It's bits on a flash drive! It doesn't rot, outside some freak cosmic ray from space flipping a bit.
If you're saying the software stops working because the backend it talks to goes away, well that's a deliberate choice the company is making. All they have to do is have a proper versioning system and do not touch the backend service, and it also should work forever.
So don't burn CA pubkeys into your binaries without means for user override. If the software can persist a user-specific analytics ID it can support user certs. This is a solved problem.
This is exactly why "Smart" TVs don't make any sense. My in-laws have a perfectly fine Sony TV, it's nok 4K, but the HD picture quality is amazing still. Apps have slowly started to disappear as they are no longer being updated and new one aren't being added.
I don't know how this work, but either Sony or the streaming service must be making the apps, and neither seems interested in maintaining apps for a 10+ year old TV. So when the streaming services are updating their backend, older TV don't get updated applications.
Smart TVs make absolutely no sense, the streaming service are moving to fast, so you'll need a cheaper box, or a product that is support for a decade.
My experience with LG wasnt any better. Thorough about a year the tv became increasingly unresponsive. You start it, after 30 seconds the sound andpicture appeared, and for about 2 full minutes it would not react to inputs what so ever (except turning off). So if you happen to turn the tv off with higher volume, you could not launch it in the evening without it blasting for 2+ minutes at night. Abhorent
LGs, while still smart TVs, are relatively competent at being dumb TVs. Your only other options these days (sans rescuing a dumb TV from e-waste) are commercial panels and projectors.
If you just use an HDMI input and attach some streaming box to it, Samsung TVs work just fine. Just never touch the remote and only interact with the source and everything works.
Still appreciating my 2011 high end Samsung TV. I believe it's the last non-smart product year. It could stream videos from a network share but that's about it.
Judging by current trends i will have to replace the attached chromecast before the TV breaks.
what bother's me even more is that they are constantly spying on me (phone home, what am I watching, ...) and pushing advertisements to my TV. My next TV will probably not be connected to the internet.
We bought a samsung tv in 2016 and it slowly became unusable by mid-2020. Fortunately it got dropped by the movers and we were able to justify buying a new TV (LG). The LG UI/UX is awful though, I wish we'd bought a sony. LG TVs don't have a way to simply select "HDMI1/2/3/4" you're stuck using it's "smart" detection system, which can only be reset by physically unplugging the HDMI cables from the back of the TV, which is never easy to get to. Apparently the solution is to buy Sony and just pay the extra price.
I have a "smart" Samsung TV in my home office but it's never been plugged into the network and has a chromecast and various networked devices plugged in to it as a "dumb tv", that has been working out great, the TV still turns on/off easily and is as fast as the day I bought it (makes sense, it's still running the factory firmware).
> LG TVs don't have a way to simply select "HDMI1/2/3/4" you're stuck using it's "smart" detection system, which can only be reset by physically unplugging the HDMI cables from the back of the TV, which is never easy to get to. Apparently the solution is to buy Sony and just pay the extra price.
Another possible solution is to only use one input on the TV. Connect an A/V receiver to that one input and connect all your other devices to the A/V receiver. Then you should only need to deal with switching inputs on the TV if you want to watch over the air TV using the TV's tuner. You can probably even get rid of that need by getting a stand-alone TV tuner and hooking that up to the A/V receiver.
Many A/V receivers have network interfaces that you can use to control them if for some reason you don't want to use their remote. Most Denon receivers for example have an HTTP server that presents a web-based interface if you browse to it from a computer or mobile device.
They also run a simple HTTP based API that is easy to use from scripts. For example here is a shell script that gets the current volume setting of mine:
I find it appalling that no matter how much money you spend on a Samsung TV, you'll get banner ads in the fucking source switcher. Absolute total disregard for their users.
LG still has bits that are ultimately ads, but at least they're less egregious, presented as suggested content in a Home view that already aggregates content from various sources. Not ads for fucking McDonalds and similar. At least that was the case as of a couple of years ago—I disconnected my LG from the internet the day I got an Apple TV and never looked back.
Just let me buy a large class leading display without trying to insert yourself into my life, please. I'm already paying through the nose for it.
I never worked for Samsung, but I built TVs for JVC and LG, among many other brands. I don't work in consumer electronics anymore but a decade ago that was my field.
TVs are a wildly unprofitable business. It's astoundingly bad. You get 4-6 months to make any profit on a new model before it gets discounted so heavily by retailers that you're taking a bath on each one sold. So every dollar in the BOM (bill of materials) has to be carefully considered, and not far back the CPUs in practically every TV was single core or dual core, and still under 1GHz. Bottom of the bin ARM cores you'd think twice to fit to a cheap tablet.
They sit within a custom app framework which was written before HTML5 was a standard. Or, hey want to write in an old version of .NET? Or Adobe Stagecraft, another name for Adobe Flash on TV?
Apps get dropped on TVs because the app developers don't want to support ancient frameworks. It's like asking them to still support IE10. You either hold back the evolution of the app, or you declare some generation of TV now obsolete. Some developers will freeze their app, put it in maintenance mode only and concentrate on the new one, but even then that maintenance requires some effort. And the backend developers want to shutdown the API endpoints that are getting 0.1% of the traffic but costing them time and money to keep. Yes, those older TVs are literally 0.1% or less of use even on a supported app.
After a decade in consumer electronics, working with some of the biggest brands in the world (my work was awarded an Emmy) I can confidently say that I never saw anyone doing what could be described as 'planned obsolescence'. The single biggest driver for a TV or other similar device being shit is cost, because >95% of customers want a cheap deal. Samsung, LG and Sony are competing with cheap white label brands where the customer doesn't care what they're buying. So the good brands have to keep their prices somewhere close to the cheap products in order to give the customers something to pick from. If a device contains cheap components, it was because someone said "If we shave $1 off here, it'll take $3 off the shelf price." I once encountered a situation where a retailer, who was buying cheap set-top boxes from China to stick a now defunct brandname on, argued to halve the size of an EEPROM. It saved them less than 5c on each box made.
For long life support of the OS and frameworks, aside from the fact that the CPU and RAM are poor, Samsung, LG and Sony don't make much money from the apps. It barely pays to run the app store itself, let alone maintain upgrades to the OS for an ever increasing, aging range of products.
And we as consumers have to take responsibility for the fact that we want to buy cheap, disposable electronics. We'll always look for the deal and buy it on sale. Given the choice of high quality and cheap, most people choose cheap. So they're hearing the message and delivering.
Yeah, but is there a way for consumers to compare the compute performance of any given TV?
If OEMs differentiated their TVs based on compute performance, consumers might be able to make an informed choice. (See smartphones: consumers expect a Galaxy Sxx to have faster compute than a Galaxy Axx.)
If not, consumers just see TVs with similar specs at different prices, so of course they’re going to pick the cheaper one.
I pulled my Samsung Smart TV off the network a while ago, precisely because it was getting slower and slower over time. The allegations of spying pushed me over, but the apparent belief that they own my TV would also have done it.
I want a separation between my display device and the thing serving it anyhow, but that's just me in my techie world. The fact that performance got worse with each update, though, that's just over the line for everyone. I mean, if you're going to babble about how you're upgrading my experience, shouldn't you, you know, upgrade my experience instead of constantly downgrading it? My experience gets downgraded, but gee golly, it sure seems like yours is getting upgraded.
Well. It's really not that hard to not plug in the ethernet cable.
My Roku boxes have also had the same trajectory over the years. As time rolls on, they just get slower and slower with each update. Slowly, but surely. How exactly this is accomplished I'm not even sure, it's not like they're overflowing with new features or doing bold new computations for my benefit. They just get a little bit slower every effing time. But at least replacing my Roku boxes is $20-40 now. Hey, sure, OK, a $40 thing probably can't be expected to work 5 years from now. If nothing else, video codecs do march on and specs may exceed what the hardware decoders can handle. OK. My $1000+ TV does not get that grace. It damned well better be able to turn on in less than 30 seconds, even 10 years, 20 years from now. No excuses.
I had a smart TV that gradually got slower and slower until it became basically useless. I figured it was just running out of RAM as apps got larger with updates over the years.
This describes essentially all Samsung products: really cool for the first few months then progressively accelerating slide straight into the trash.
I'm never buying any Samsung products again if I can avoid it. A forced update bricked my damn phone when it forcibly restarted while I was showing something to a client.
Samsung doesn't give a shit. They'll trash the device you paid for and tell you to suck it up and buy a new one.
Two important features I insist on for products I develop:
1. Staged rollout of firmware updates. It’s common practice for apps and software but for some reason it’s less common with firmware. Rolling out to 1% (or less, depending on scale) of devices and waiting a day is cheap insurance. Side note: Build a good relationship with customer service people so you hear about these things immediately.
2. A failsafe firmware reset back to factory state. Some sequence that resets the device completely back to the way it was when it came out of the box, firmware included, as a last resort. In conjunction, your automated tests need to confirm that every factory firmware you’ve ever released can update to the latest firmware.
> A failsafe firmware reset back to factory state.
This doesn't work if your threat model includes denying rollbacks to prevent exploiting bugs in old firmware. I'd love to be able to roll-back firmware on some of my devices to allow me to "jailbreak" them using old firmware.
In some cases your newer firmware may be blowing e-fuses that prevent old firmware from functioning. See the Nintendo Switch, for an example.
To be clear: I think this is anti-consumer and wrong, but manufacturers absolutely do it.
Edit: I also think it should be illegal, by way of consumer regulation. I don't think consumers should have option to waive their right to manufacturers not damaging hardware they own.
This doesn't get enough attention, waaaay too many of these issues are traced back to the vendor trying to "prevent" someone from using their product in a way that they don't like.
Why else would a soundbar need updates anyway? It either performs its well defined functions when you bought it or they sold you a device that doesn’t input/output sound.
Updates for these types of things always fall into three categories. Either they’re gimping some unanticipated usage, they’re trying to insert ads, or they’re trying to gather more usage data.
Sibling mentioned CEC fixes— this one is huge. CEC is lovely in concept but I ended up having to disable it completely across my setup as there was just way too many bits of weird behaviour with devices turning themselves on and then switching the TV or AVR to their input apropos of nothing.
I feel like CEC tried way too hard to be magical instead of exposing enough control for the user to be able to block certain commands from problematic devices, or even just designate that device X will always be the boss in a particular setup.
Yup, game consoles are ground zero for this. I hit the button on the PS5 controller only to have the receiver and TV power on, then the PS4 wakes up for some reason and then switches the AVR to its input.
My Sony UHD player also seems to want to grab the input sometimes too, so maybe it's Sony that's the source of the problems haha.
And again, it's all just so maddening because it feels like it would go away if I could be like "Hey, AVR should never send power-on messages to its input devices." Because then I would just power on the device I actually want to use, it would turn on the AVR and TV, and we'd be golden.
I have a laptop, steamdeck, Nintendo Switch and chromecast all connected to an LG TV and all the ouput switching and remote pass-through works as expected. Maybe just a lucky combination ?
While I agree with your broad statement, I have a TCL (with built-in Roku) TV that has a bug in the sound processing. Either it becomes very quiet, drops out completely, or comes in and out with a lot of stuttering. Happens irregularly, typically though not always weeks apart (though on no schedule I've identified), solved with a reboot of the TV (which of course can't just be done by turning it off and back on - you have to select "restart system" from the menus).
I owned it for at least six months before this occurred the first time.
In theory, I could do a USB update of the firmware and hope that fixes it. In practice, they want my serial number to let me download it. No thanks, I'll pass, even though it's never been connected to WiFi or Ethernet and never will be. I'll just reset it every once in a while.
And the obvious solution is to isolate the device from the world. Most of my stereo is isolated from “the world”, and some parts are close to 30 years old. Why does a soundbar need contact with the internet?
That kinda defeats the point of having a device. Sure it works in some cases but we're talking about a soundbar here and that has to interact with other devices. It's whole purpose is to interact with other devices.
Even if it doesn't need to contact the internet you're still going to want it to connect through cables. There's good reason to connect through bluetooth.
But why should it contact over the internet? Well it sure is nice to be able to stream music from my NAS. There's utility in that. There's also utility in the parent company updating firmware to support new audio codecs. Or to support new algorithms. If my device is gaining more utility, that's a great thing! And of course, if it is connected wirelessly in any way (including bluetooth) I sure as hell would like updates with respect to security.
Without this, the thing becomes e-waste. The environment moves. Time marches on. No thing can exist in isolation, no matter how hard you try. Again, software rots, not because the software changes, but because the world does.
But that's not the problem here. The problem is abuse of that power. It isn't for the benefit of the customer. The problem is managers pushing to release before things are ready. The need for speed with no direction. To not even consider in the calculus of decision making the tremendous costs of when things go wrong. And how this lesson is never learned despite facing the problem time and time again. Issues like this now cost tons of engineering hours, tons of lawyer hours, and ultimately will cost tons in rebates and refunds. How many weeks of work is that equivalent to? Sure, it doesn't always result in catastrophic failure like this, sometimes it results in smaller failures, sometimes small enough they can be brushed off. But those are still costs that no one considers. That's the problem here.
Innocuous product features like streaming music, integration with Alexa/Google, connecting to TV and other speakers via wifi. Oh and collecting analytics data and selling to ad networks...
Modern soundbar are bugged Bluetooth enabled, also with ship with interfacing protocols, while legacy bluetooth/wifi drivers are ok, protocols just break
Also, time-to-market pressures can result in initial shipments having (minor but not showstopping) firmware bugs. Post-sale firmware upgrades can be beneficial for the customer.
A lot of consumer products ship with half-baked software and/or firmware. I wish Polk would fix the bug(s) that cause my soundbar to freeze and need a reboot several times per week. But it's an old product that's not longer sold, so I'm probably SOL.
More hardware is sold at cost or at a loss, compensated with ads. I don't like the model either, but that's how it is.
If price isn't the only factor for some, it is for many who would otherwise not buy these things. Sellers picked up on that long ago.
Other comments wish to see regulations, they can't outwit those marketing tricksters. For profit enterprise can, and will offer more alternatives with bigger stamps about privacy, ad-less certified and whatnot.
It’s the norm because people rather buy one single product that does it all.
The alternative to an all-in-one sound bar is having regular 5.1 speakers, a nice receiver, a nice streaming box, and maybe a dumber TV and you will have absolutely the best setup but it’s a lot of putting pieces together, more space usage, and either money (if you want it right away) or a lot of waiting (if you want to get it used).
> Why else would a soundbar need updates anyway? It either performs its well defined functions when you bought it or they sold you a device that doesn’t input/output sound.
Unfortunately there are soooo f..ing many devices out there that don't follow the specs, no wonder given how long and complex alone the Bluetooth specifications are, and HDMI/HDCP (which a soundbar with ARC support needs...) is even worse, and don't even try to get me started on CEC because that is an even bigger pile of dung, or stuff like GPUs that run HDMI over DVI, MHL or USB-C in DP mode and god knows what else people expect to "magically work" with a 5 dollar adapter they got off of Alibaba. And no, "audit products to follow the specs" isn't a foolproof solution either. That means that everyone has to deal with everyone else's quirks and at least the most popular devices and their manufacturers have to supply firmware updates to react upon reports of quirks.
I thought HDMI and DVI use the same signalling (at least the 'digital part' of DVI, was it DVI-D?), just over a different connector?
In my memory only the connectors competed for adoption, and Home Entertainment industry opted for HDMI and the PC-industry opted for DVI, while the signalling was not contested (besides DVI also being able to carry analog signalling with full spin-out, and HDMI carrying audio instead).
My memory might not serve me well here though.
I never thought HDMI would win :( but it makes sense I guess - Computers/their use changed :(
Not always. There's a time and a place for including end users in your threat model. These would include scholastic and carceral settings, where in both cases the end user may, as an example, desire access to resources that have been deemed inappropriate.
The problem usually aren't vendors. The problem usually are rightsholders - the movie/TV series industry still didn't get the Spotify memo, and the console game industry... well it's hard to say they don't have a point insisting on serious DRM given how rampant piracy becomes once there's an easy-enough root method available.
IoT integrations like Alexa come with numerous security requirements that are often good ideas in theory but lead to hacky workarounds to meet certification requirements
In what way? Console makers wouldn't gain anything by weakening DRM and making devices rootable. It's not like they are making that much money from device sales.
Of course then you have MS which basically just turned XBox into a cheap but totally locked down gaming PC (since there are very few Xbox exclusives these days).
Yup! Depends on what's a higher priority: Preventing catastrophic destruction of the device, OR, "protecting" some IP from ultra-small-scale piracy, even though ultimately anyone bent on piracy will be able to pirate anyway.
Clearly the latter is heavily preferred by most companies.
even with that "requirement" add special minimal recovery that can be booted with special buttons sequence by bootloader and allows some form of flashing signed firmware.
this should be especially trivial when your device have some usb ports.
you can keep all requirements of only newer or the same version of firmware to flash, with all refuse checks.
if you mess up, you can allow consumers to flash fix using regular pendrive
Big part of the UBNT vs Cambium dispute. IIRC UBNT won in court, but just to prevent the Cambium firmware being installed on their hardware the next few firmware versions fixed it so that it cant be easily reverted.
Whats worse is that a lot of the affected hardware was near or EOL anyway, so Cambium was simply helping rescue devices headed for the scrap heap.
Sometimes they do it because it’s contractually required if they want to get access to proprietary standards, for example to allow them to play copy-protected content.
Copyright and patent have morphed into evils that drive anti-consumer and anti-competitive behavior, and have driven a “subscription” model that allows rent seekers to achieve their wildest dreams.
Android systems can do this today. After an orderly shutdown of new software, then it can mark the new stuff as good and not allow older software to boot.
I think the correct way to do this is to allow a rollback to the immediately previous working version. Before updating, write current firmware to failsafe data storage, then do the update. Then a firmware reset sends you back to the last good version. I'm pretty sure this is already done by many hardware and software manufacturers, such as me.
I completely agree with both points and would add a third: design for offline use first (maybe treat every OTA update as - this might be the final version this device ever receives).
Products should work perfectly fine without an internet connection, heck that's how they worked until 5-7 years ago. Core features should never depend on cloud services, and updates should be opt-in, not forced.
Offline first approach respects user autonomy and creates a natural safety net against bad updates. Plus, it means your product keeps working even when servers change or get shut down years later or a nuclear war happens.
Sure, connectivity has benefits, but a speaker's main job is playing sound, not phoning home. Building offline-first also forces better engineering decisions about longevity and graceful degradation.
It's so hard to find any offline-first apps/devices nowawdays, which is sad to see in a world of algorithms and AI.
But you see, the problem with offline use is the manufacturer can't claw back value in the future. How will you keep shareholders happy if you can't arbitrarily push ads, hobble existing functionality, or impose a new subscription service?
Exactly - that's the flaw in trying to extract infinite growth from finite products. We've turned durable goods into rental services without consent, all to please quarterly earnings reports.
The tragedy is that "respecting customer ownership" is now seen as leaving money on the table rather than building lasting brand loyalty through quality.
Most companies don't do this because it's not one of their organizational priorities to have reliable updates. The infrastructure is usually custom built and maintained by a couple of folks who have a dozen other responsibilities they're told are more important. Testing is usually limited by hardware availability and release velocity. "One of every board revision we've ever produced" simply isn't available and waiting two days to run through every firmware version before you release updates is a conversational non-starter with the PMs.
There are commercial offerings (like mender.io, never used) that basically specialize in providing rock solid update infrastructure, but that again takes investment and organizational priority that doesn't exist for non-feature code.
Different industry, but I (a long time ago) worked in a place that built scientific instruments.
> "One of every board revision we've ever produced"
The, ah, "special" people we had running engineering didn't even put in the work to be capable of the software querying the board rev. We had to play games like running certain motors past a position limit and seeing if there were limit switches there (or not) to guesstimate board revs.
> 2. A failsafe firmware reset back to factory state.
Do you mean like a physical button? That could work, though I'm not sure I've ever seen it. Holding down power for 10 seconds (or whatever) usually just erases user data, but doesn't reset firmware. Are you aware of any device that does this? But does it require some meta-firmware to roll back the firmware? What if that meta-firmware has a security flaw and needs to be updated? And that update is faulty?
If you're talking about a code sent from your servers to devices to reset, that seems like asking for the impossible. If a firmware update bricks the device, that may very well brick its ability to receive codes at all.
In both situations, it starts to feel like a problem of infinite regress...
I get the sense that #2 is viewed as a risk for DRM, given all the work that goes into preventing firmware downgrades to potentially insecure firmware. Specifically thinking of the Nintendo Switch[1] that goes so far as to blow fuses on each firmware upgrade!
eFuses were already on the Xbox 360/PS3 generation. Smartphones also use them to lock out proprietary photography algorithms if you unlock the bootloader.
For this $1500 street price soundbar, I'm wondering whether they consciously decided not to invest in BOM cost or software effort that would help avoid bricking.
I'm not sure I understand various industries' conventions...
While interviewing for a principal engineer job, I was meeting individually with a bunch of team leads and managers, and one engineer asked how would I design firmware updating for the company's large&complex product (which was more critical, complex, and expensive than a soundbar).
I assumed they were probably trying to see whether I would throw in some robustness/resilience (not oversimplify it). So I sketched it out, while hitting notes like diffs, downloading and assembling in staging space, imperfect networking, having at least two firmware "slots", backing out upon boot loop or failure soon after boot, gradual deployment to installed base, contrasting with some less-critical consumer product firmware update practices, etc.
(Either that was a bad answer, or they got distracted thinking about something I'd said, because I was getting odd subconscious backchannel cues, and they were unresponsive when I tried elicit more requirements or guidance about what they were looking for. Maybe there was some standard embedded systems programmer canned answer that I was supposed to recite (analogous to the Web brogrammer 'system design' interview), and they couldn't think of how to nudge me towards the shibboleth without saying it?)
Great points! As an addendum to this, if #2 becomes untenable for whatever reason (such as a vulnerability in the factory firmware image), then this #3 would be good to strive for as well:
3. have a set of conditions to mark the running firmware image as "safe" and have it become the new fallback firmware image for this scenario. That way you can have a recently up-to-date firmware version constantly trailing the new ones
IMO this is a terrible idea for many reasons but the most important of which is: As a consumer I should have the right to have my device revert any b.s. update and get my setup to how it was the day I bought it.
So many companies have begun rolling out updates that makes the device I purchased call home before allowing any user functions and if/when that server goes down my device becomes a brick. This behavior essentially invalidates my ownership of the product and renders it to a service, provided at will by the manufacturer.
Your idea ensures my device will one day become a brick as soon as the manufacturer decides to mark their update requiring internet check-ins “safe”.
If you think I’m exaggerating check out Louis Rossmann‘s YouTube channel.
FWIW, my background is in B2B hardware and that's the perspective I am coming here with. Out of curiosity though, how do you weigh your value of control vs. security vulnerabilities? Modern speaker systems allow some form of wireless connectivity, so there is bound to be something and not all consumers will be savvy enough to keep up with security updates on their own.
My thoughts on security vulnerabilities is that they exist on any out of date firmware and that should be expected. I’ve never rolled back to factory settings and assumed that this device is now exposable on a DMZ.
Specifically I’m talking about consumer devices, which are almost always behind a NAT config + firewall. If your soundbar has a vulnerability it’s pretty much irrelevant if someone has already breached your network.
If we’re talking about enterprise networking equipment, I still stand by my concerns that the the owner should be able to revert back to stock but the burden of responsibility is on the technician configuring this device, not the manufacturer.
It seems to me the mentality has become that since end users tend to be bad at system administration, they shouldn't be allowed to do it, for their own good.
I reject this mentality. I don't think it's necessary or desirable to make it impossible for people to do things that have negative consequences for themselves. Put a "here there be dragons" warning on the firmware rollback, bootloader unlock, or similar dangerous operation and let people take responsibility for the outcome.
In the case of consumer devices, most people won't even try those things; those who do risk further problems for the chance of a better outcome. In the case of enterprise networking equipment, there's an IT department that, in theory has the skills and resources necessary to make good decisions about technology.
There will always be security issues, so "but security" is not a reason to prevent a consumer from doing whatever they want with a thing that they purchased from you (I'm of course just speaking morally/ethically here since there's no legal provisions preventing that in most places).
If I pay you for a product, you have no moral right to tell me what I can and cannot do with that product, up to and including messing with the firmware, installing known-bad firmwares, wiping it and building my own firmware, whatever I want. It's mine, I paid for it, stop violating my private property rights.
I think I agree with you generalle but just from a logics perspective, this is a bad argument:
> There will always be security issues, so "but security" is not a reason to prevent a consumer from doing whatever they want with a thing that they purchased from you
Just because there will always be security issues doesn't mean you shouldn't try to take care of the low hanging fruit.
Not the person you replied to, but I'm literally pulling wire again to avoid dealing with that dichotomy. And hardware developers that think OTW firmware updates are a neat idea >:(
Unfortunate you'd need to weave that all the way through the whole product stack in order not to end up in a state that looks like it's working at first glance but actually isn't doing what it is supposed to - like everything running but not showing an image, or everything running except networking is dead (-> also no further updates possible), or (remote) input devices, etc etc
From the manufacturer's point of view, a sufficient "safe" state is "can receive and apply a firmware update" -- worst case scenario you can always push out a new re-signed and renumbered version of the older working version.
Network connectivity would need to be in the set of checks to determine if an update was successful. Also, there should hopefully be QA. If you only have one smoke-test for a firmware image it should be whether or not it can upgrade/downgrade a new image from that one.
You need to have the firmware equivalent of a platform team.
It's common now for medium and large companies to have some variant of a cloud platform team: People responsible for shared practices, infrastructure, and processes in the cloud.
Smart hardware companies have done the same for decades. You have a firmware platform team that handles things like update protocols, recovery protocols, testing checklists, on-device OTA update architecture, and other critical functions.
When you're a company like Samsung that continuously releases and develops products this actually increases your time to market rather than decreasing it. You let each product team focus on the parts of the firmware that make their product valuable and free them from having to roll their own update systems
Samsung has multiple such teams.
In my experience with the broader industry, platform teams are usually less than a dozen people who own millions of lines of mostly-external code. You don't usually get the luxury of careful deliberation and comprehensive testing because you're doing too busy putting out fires and chasing down manufacturer errata.
Samsung might be one of the good ones, but sadly most hardware manufacturers treat firmware and software like just another line item on the BOM. Like a screw or a silicon gasket: Source it from some "supplier," spoon it into the product somewhere on the assembly line, and then never touch it again. I've seen a hardware manufacturer that doesn't even use source control or branching. When they have a new hardware product, they take the software that is closest in functionality, hack it until it works with the new hardware, and then set the software back on the shelf until next time.
It's almost exact same thing as purchasing an insurance.
If the management folks have personal health insurance, surely they must understand the concept and the need. And this is a much better deal because unlike actual insurance this is more like "invest once, enjoy forever" type of thing. And multi-stage boot chain, recovery partition and staged rollouts are not some rocket science that needs some serious expertise.
Yet, here we go. Humans are not really rational actors after all, and collective humans are even less so.
As a user/customer, if I'm part of that 1% with an issue and get the same sort of "canned" response you see on the mentioned thread, I feel like me as a user doesn't matter. I guess the next step is calling customer support and then having the person on the phone making me go through their checklist of things I've already tried and again, feeling like this is of no use.
I think it usually takes a big rollout for these big companies to actually "hear" their users.
The second point is the really important one here. Mistakes happen, having a factory reset that actually works is crucial to avoiding extremely expensive recalls.
I'm reminded of the time a random NPR station accidentally bricked the infotainment systems on thousands of Mazdas and because there was no factory reset feature they had to spend millions replacing head units. That's just bad design.
Another good one is; please always split any security updates from feature changes (and backport the updates per whatever versioning policy you have for those lagging the latest).
After many years of being burned I always delay system level non-security -related updates at least several days after launch to mitigate the risk.
> A failsafe firmware reset back to factory state.
Or perhaps to the very first released firmware version. This way they don't have to support updating from any version to the latest, just from the first one.
Reverting to factory state seems riskier than last known good state. You could run into things like TLS root authorities not being recognised, deprecated cipher suites, etc. Just because that version worked a decade ago, it doesn’t mean it’s compatible with the world today.
> > Just because that version worked a decade ago, it doesn’t mean it’s compatible with the world today.
> That's why I said you have to include this in your test procedures.
You can’t test the world. Even if your servers can correctly respond to requests from old software, it doesn’t mean that the network between you will too.
Networking surely does introduce complications especially when TLS is now basically considered required and cert lifetimes are being limited for 'security' reasons. However most consumer devices have functionality, often their primary/most important function, to which network connectivity isn't even needed. For instance, a speaker producing sounds.
In the factory reset state, things should have a USB flash drive firmware install route which could be used to bring back working root certs, etc.
Of course again this depends on whether the mfg is worried about DRM bypass hacks that are found later on in the factory firmware.
I'd support legislation to issue stiff fines for devices that can't be factory reset at any time, with the only exception being for directly-consumer-benefitting anti-theft (so, iCloud lock is okay).
But can’t you? Sure, factory firmware from many years ago might have issues, but should still work well enough to allow you to fully offline upgrade to a newer working version.
I think all the OP was saying, is: Suppose you’re releasing firmware version N for some widget you make. Now, for all versions V in (0..N-1), verify that applying N to V works correctly.
> "A failsafe firmware reset back to factory state"
A failsafe firmware reset back to a safe and secure state yes. The factory state is not necessarily that, so no.
I think devices should keep a last known good state firmware but keeping a full factory state immutable firmware would be irresponsible for many usecases.
What hardware reset typically does, in my experience, is to reinstall the last firmware you installed. Many don't even have the space to keep some original and/or safe image in addition. I'm working on one device where we delete much of the existing system to make space for even downloading a new firmware image. It's wild.
iirc for computers doesn't gigabyte have some kind of patent on dual bios design (active vs backup bios chips). I'm sure there are other ways to implement it but I think thats true.
The important feature here I would insist on is to let the user decide when to do a firmware update. Not the other way round. That's the way to build a good consumer relationship.
Why on earth a sound bar needs to update its firmware? Why firmware needs to be in a couple of tweeters and a woofer? It should basically output audio from an input source.
This is the de facto playbook for one of the Mega-Evil Corp.'s CPE firmware (Gateways, IPTV receivers, etc...).
New firmware is pushed in phases 1%, 5%, 10%, 25%, 50% then full scale.
Each stage has some delay incorporated for acquisition/application and then for telemetry (including support contacts from affected accounts) to determine impact and allow for regression fixes.
The other reason they would phase launches is because of firmware builds being used across multiple CPE models and hardware revisions, where only a small subset of hardware could wind up being problematic, but not discovered until deployment.
When you have millions of devices deployed, even a fraction of devices having an issue can create a shit storm on the support side of things.
It all seems so obvious once you know to think about it.
Especially if there is an internal testing stage before actually rolling out to production. It's possible that the users seeing the bricked devices are in fact limited to the initial wave, but the damage is already done.
#2 has been a godsend in the custom/HEDT PC market. Many expensive motherboards now come with a "dual BIOS" system that gives you an older known working image to boot from, in case flashing a new version broke something that can't be easily undone.
Another amazing feature is the ability to flash a BIOS from an unbootable system. You insert a flash drive with the firmware file into a USB port, press a hardware button and the BIOS gets updated, even without a CPU socketed.
This is a requirement for any motherboard I purchase now. I have enjoyed the ability to use AMD CPUs that are slightly outside of the generational support or enable features I am not promised.
Without the ability to flash from USB without a CPU doing this requires keeping spare CPUs that will work just to flash.
I wonder if that opens a threat vector from a security point of view? If an attacker knows that the golden firmware has some critical vulnerability which they can exploit easily, they can activate it at will by bricking the device and waiting for it to restart.
They could, and that's been a way for attackers to "jailbreak" devices and load custom firmware in the past. Though for the sake of reducing eWaste and enabling device repurposing and reuse, I do think this is the best path for firmware-updatable devices.
Attackers aren't usually in a position to reset firmware, and if they are they might as well do a whole host of other things like replace the device with a compromised one. I don't think there is much of a point to trying to protect from that.
The golden firmware should reset to the old/first firmware of the device and nothing else. Keep it as simple as possible and restore the customer device back to an operational state.
I prefer to keep the factory firmware reset to a manual process that requires user intervention.
For example, holding down the reset button for 10 seconds after plugging the device in.
In my experience, it's not a good idea to have a device automatically roll back firmware and erase user data after failed boots. These mechanisms get triggered too easily during certain power outages (power comes on then goes off just long enough to cause multiple failed boots) or when users are doing simple things like rearranging their power cables.
Ability to reset to original out of the box firmware is not only about failsafe. It's also a protection from "bug fixes" taking away features you had out of the box.
I'm still pissed off about LG removing record to disk option from our TV after an upgrade. I've only connected it to internet & upgraded assuming some of those bug fixes resolved few dlna issues otherwise it's always on internet block list.
Both are very reasonable features, of course. Here are (some of) the real-world challenges to their implementation:
#1: Requires competence, and/or management that isn't too focused on velocity and features to listen to their engineers' warnings about exactly the sort of problem being discussed here.
#2: Many firmware updates explicitly and specifically want to strip away features that the hardware shipped with (by introducing DRM, paywalls, etc.), so see the comment about management above.
I made the mistake of connecting my bose noise cancelling earbuds to the phone app so I could disable autoplay. They updated without any warning and now they won't charge properly and the noise cancelling sucks. It used to be amazing. Never connect anything and never take updates unless you need a specific fix.
I swear AirPods in general are just less reliable than they used to be too. I feel like I need to be doing incantations for them to work sometimes, whereas I recall them feeling like magic compared to BT headphones I've used in the past, the way they would seamlessly pair, start/stop music when you pull one out, etc.
It reminds me of some discussion I was seeing the other day about how the dynamic island on the newer iPhones is way buggier than it was at launch. Someone suggested that this happens because the S-tier engineers are tasked with building these things to blow everyone out of the water at launch, and then B-tier developers are tasked with maintaining them for the following years, at which point stuff starts regressing.
FYI: The Bose app also phones home with your media metadata by default. There's an option to disable it tucked away on the same screen as the Privacy Policy.
I hate smart TVs. Why put all the functionality in one device when a small part of it is going to become obsolete real soon while the TV part will continue to work for a decade or more. I buy dumb TVs and a separate "smart" component like Roku that can be replaced as easily as a shoelace.
My strategy is to buy cheapest TV on the market (which is usually an ad loaded Crapware like hisense) and then never ever connect it to the internet but use HDMI to plug into a dedicated computer.
Basically all I need in a TV apart from the display is an HDMi. It works amazing, been using like this over 10 years now.
Unfortunately if you're a stickler for image quality this isn't an option. You can still not connect it to the internet of course, but if you're buying a high end TV there's no way to avoid all the other modern TV bullshit.
Namely needing to change the settings on every input for every source type. The first few days of a new TV is a regular trip into five layers of menus as you watch a new source combination for the first time (HDR Blu-Ray, Dolby Vision streaming movie, high framerate game) and have to turn off motion smoothing, turn off sharpening, turn the whites back down from basically blue to 6500K. I mean christ, there are still TVs out there shipping today that turn on overscan by default. Analogue TV broadcasts ended in 2012 here!
I lump modern TV bullshit (crappy "smart" features, motion smoothing, horrible default settings) in with modern car bullshit (huge touchscreens everywhere, the near total death of real physical controls).
Everyone you speak to at best is ambivalent and at worst vehemently hates it. And yet there's no sign of it slowing down. It's baffling.
Yes I’m always very surprised that people deal with the awful software that are on the TVs.
I use an Apple TV which, while a relatively expensive solution, has a clean interface and integrates well with the rest of my hardware. Plus rarely are there ads being shoved in your face in the OS/Home Screen. Apps can still do as they like of course.
I go for smart tv's that can be dumb. As long as it reliably uses my input each time it starts and doesn't try to overlay anything, that's all I need.
Once or twice a year I'll go trough firmware update notes, connect it to the internet if there's things that can improve my "dumb" usage (fixes/improvements to refresh rate, Dolby xyz, etc.), then disconnect it from the internet again.
Do you guys miss owning things and they were just...yours? Like, you paid money for them and then you had them and you had full control over them and someone half a world away wasn't able to reach into your house and break them or make them do evil things?
Not really. My iPhone, and especially my AirPods, have gotten massive feature upgrades since I bought them, and I didn't have to pay a thing.
And I assume my WiFi router updates have helped prevent people doing evil things with my devices.
Samsung's update here is obviously a massive fail, but it's one consumer device out of tens of thousands. I think it's clear the benefits outweigh the harms on the whole. Definitely sucks if you bought this particular soundbar though.
I drive a 30-year-old Nissan pickup truck for this exact reason. Not sure why, but I get a small sense of joy knowing that the corporate overlords aren't "watching" me drive. Of course they're "watching" me on my phone (as I drive the beater truck), but that's a different story.
my headphones just popped up an alert on my phone that turned out to be an ad for a nascar race. that got their app uninstalled. if they ever realize that they can start shoving ads directly into my ears that's when the headphones themselves get taken out back and smashed with a hammer.
A couple days ago, I was thrown by one of my Windows devices pitching an ad for a video game to me in the notifications. I immediately disabled the related setting, which was of course enabled by default. Every device you buy is rigged by default to encourage you to buy more things.
Samsung sucks. Their customer support is a joke. And this is across the world. Right now I am back in Brazil, just got a new samsung product. It was delivered non-functioning. Hours since I submitted a ticket. No answer. Talking to a real human being is impossible.
- If a firmware can be updated, it must keep a minimum ROM feature so it can be recovered.
- No device should be updated without the *owner* explicit intention to do so.
- Full docs must be released if the vendor stops supporting it.
- if the manufacturer retains some form of ownership after "sale", it is obligated to provide free repairs/replacements for the duration of the contract
In EU, Cyber Resilience Act requires automatic updates, so the second point is moot.
Most owners want just plug and play, so it makes sense.
Even third point is pretty moot. We don't do that for hardware, why for software... A component is no longer manufactured? Tough luck, hopefully you stockpiled it.
A law? As an engineer, I really don’t want a bunch of technologically-inept congressmen telling me how I have to build software, firmware, or hardware.
Construction, hardware, radiation, dam and wastewater engineers are highly regulated professions. Do you take responsibility for bugs in your technology? Do you have insurance for your mistakes in professional work? Are you an engineer or a coder? Are you certified to do your job or just passed a boot camp?
As an engineer you should be familiar with laws and regulations. Try creating health care software without regarding HIPAA, for example, should make for lots of fun and lawsuits!
As if engineers actually get to make decisions about software, firmware, or hardware. Ha! That is truly hilarious.
I would rather have a bunch of mildly responsive legislators setting the boundaries of what is acceptable than a bunch of middle-managers trying to justify their salary to their private equity overlords.
As an end user I don’t really care what you want. I want the thing I paid money for to keep working after you’ve disappeared. Otherwise, in my estimation you’ve stolen from me.
> No device should be updated without the *owner* explicit intention to do so.
That point has practical issues, because most consumer electronic customers are technically dumb.
Consequently, you end up with a long-tail of deployed device firmware versions, which makes support a nightmare (fix this external integration that broke... across 20 different versions).
I'd phrase it more in terms of:
- Every device must include an option for owners to disable automatic firmware updates.
Customers will gladly use an outdated browser or OS with known exploits to access their most sensitive information. Automated updates are necessary evil. Even a smart speaker with a vulnerability could end up as part of a botnet.
I can only assume you’ve never worked in desktop support if you think that is something the general populace is remotely interested in. Smartphones are a step in the right direction for the tech illiterate and uninterested. There is zero reason to give lay users enough rope to hang themselves with despite that being the opposite of what I or most users of this site would like for ourselves.
I actually did work with customer support in my very first job :) We had a limited IT crew, so programmers on-site would often go to the users' office to help with software and hardware issues.
My anecdote is the opposed of yours: they were interested in knowing why something wasn't working, but only as long as you're willing to be patient, talk slowly, and explain any unknown concepts to them, if required.
Insulting them, or just telling them it's their fault something wasn't working would be a sure way to get a negative reaction instead.
Fair enough. Many of my end users were indeed eager or at least willing to learn as you say. A non-insignificant portion were not though, and those are the ones I'm speaking of. But that was also a professional environment. Your interested users had some obligation to the company and the support of professionals like yourself to guide them.
Additionally, I don't think these people are stupid, and I'm not demeaning them. They simply do not care to know and that's perfectly fine. I wouldn't demean someone for not understanding how their car works, or even failing to get their oil changed. The computer is a tool to file taxes and shop on amazon for most people, they have a million other priorities in their lives that come before making sure windows is up to date, let alone actually considering its security. It's the job of these companies to ensure their technology can be used safely without consideration by the end user.
I think this is completely rational given a realistic threat model. As a customer, I've had my browser hacked exactly never, but examples of feature downgrades from vendors abound. Vendors are a much more serious attack vector than a random hacker.
I would assume your browser automatically applies security updates in the case of 0day exploits, no?
Like I said, automatic updates are an evil. But the general populace will absolutely defer every security update until the end of time so long as they don't have to spend five minutes waiting to get to their desktop.
Obviously vendors enshitify their products via firmware updates and potentially brick devices or introduce new vulnerabilities but, it's ludicrous to pretend that the general populace are good stewards of their internet connected devices or that they ever will be. They simply do not care, they never will, and its up to the rest of us to design products for the lowest common denominator if we want protect end users and have a safer internet.
I have been boycotting samsung since ~2014; because of my experience with two, brand new, ~$1000 samsung devices, neither a phone. Their customer service blew me off, because both devices had intermittent issues. I tell people to avoid the company and its products.
both devices were malfunctioning within the first month.
1) 4k60 32" monitor, the power button always flaked and it would randomly shut off, thus necessitating unplugging and plugging it back in, 2-3 times a day. customer service: "unplug all monitor cables and plug just power in. what is on the screen? oh, then it's fine. have a nice day!"
2) Refrigerator. Intermittent fan issues were the reason i called. i ended up having to replace, for cause, the heating elements in the refrigerator side as well as the fans due to ice damage to the impellers; then the ice machine started leaking inside the freezer door somewhere, and that leak would freeze on the bottom of the freezer and push the door open, letting water just drip on my floor for hours, nearly damaging the subfloor. I also had to replace the motherboard. So now i have a water-less, ice-less refrigerator.
i could go on about how their SD cards are quite fast but don't last long if you have them in outdoor devices (like dashcams, trail cams, security cameras) - the only raspberry pi i've ever had to throw away had a samsung SD card in it that overheated to the point of contact burns - i went to unplug it to reboot it and received a welt from the SD card for my troubles.
I'm just one person, but read enough anecdotes and you can ignore them all!
Sometimes you have to hack their support script to get a replacement or a refund. After the first support call if you don't get what you want and it happened again, Call back to open a new support ticket. Pretend to walk through their steps but not do anything, and when they asked what was on the screen I would say it's blank and not turning on.
I had to stop getting Samsung Pro Endurance microSD cards after three in a row failed after a few months (write speed dropped below 2 MB/s). This was after the update to the blue and white color scheme (and higher endurance figures, hah); the older black, red, and white ones worked great and I fortunately got over a dozen of them.
This happens more and more often, and there is a fairly easy + popular workaround (which also comes with 99% ad blocking as a bonus). Just either set up pi-hole locally OR use a hosted DNS service that does essentially the same thing.
Main idea: Ads, updates, etc. typically (not always) need to resolve hosts before connecting to servers. Simply resolve these hosts to 0.0.0.0 instead of a real IP.
Arguments for pi-hole or other local solution: Free. Private.
Arguments for hosted solution: No set-up headache, no local raspberry pi or other machine to maintain. Overall a bit simpler.
Guide for blocking updates after the service is set up (I just went through this a month or two ago to block updates to my LG TV):
Step 1: Search around for servers that correspond to updates for your device.
Step 2: Test these lists; realize that they are often incomplete.
Step 3: Shut your device off. Open pi-hole like service, and watch queries live. While doing so, turn on your device (and if you have the option, check for updates).
Step 4: Put all of the queried hosts you see into your block list.
Step 5: Later, you may encounter broken functionality. When this happens, look at your logs, and see which server(s) were blocked at that moment. Remove only those from the blocklist. (And cross your fingers that the manufacturer doesn't use the same hosts for typical functionality and updates.)
> Step 5: Later, you may encounter broken functionality. When this happens, look at your logs, and see which server(s) were blocked at that moment
Eventually you end up with advertisements being served because the application refuses to show the content without the advertisements.
So let me cut back to your main idea:
> Main idea: Ads, updates, etc. typically (not always) need to resolve hosts before connecting to servers. Simply resolve these hosts to 0.0.0.0 instead of a real IP.
Better solution: resolve these hosts to an address you control on your network. You could even resolve it to a "public" address and add a static route to your router.
You can then choose to serve no-content from that address.
why connect the junk to the internet to begin with? it’s a TV. I can buy a better streaming box and plug it in. People really over complicate things sometimes IMO.
I made the mistake of updating my HIKMICRO mini thermal camera. Before it worked as a normal UVC USB webcam with any app or camera/video program on the PC. After it just has weird green coloration with hardly any variation, and only works properly in their Android app. I contacted company but they didn't care, nor provided any way to "downgrade" the firmware to the original version.
> It's a speaker system. It plays sound. Why could it possibly have AI, tracking, or ad delivery?
To recognize what you listen to, build a profile, feed it back to Samsung, which will use it in deciding what crap to display on your Samsung TV (and any other devices) associated to the same profile. For all we know it's even listening to your conversation in the room, I mean, it's Samsung - they literally do this:
How much benefit could that bring versus burning reputation and losing it all? These companies are so big and powerful but time and time again they keep on forgetting that they can't exist without the users and when users start leaving it's hard to reverse that trend.
There is no reputation to burn, they're well known to do this kind of stuff by anyone bothering to look it up, and nearly nobody looks it up anyway.
It's a pity because I liked some of their hardware in the past (an NX camera I still have, hard disks back in the IDE stone age, 3 LCD screens back from when they were a novelty - they only had a VGA connector) but I just stay away from them now. But 0.01% of their customers staying away is completely insignificant when they consider the profit opportunity of violating our privacy.
It's so out in the open if you know, or more likely, worked in media advertising.
Their competitor, Vizio, owns iSpot[1] which is, in my opinion, the best in the space.
Samba TV[2] is it's nearest competitor and they have their hooks into 24 Smart TV brands globally[3]. These brands are listed on their website as Philips, Sony, Toshiba, beko, Magnavox, TCL, Grundig, Sanyo, AOC, Seiki, Element, Sharp, Westinghouse, Vestel, Panasonic, Hitachi, Finlux, Telefunken, Digihome, JVC, Luxor, Techwood, and Regal.
Come on, did you read more than just the headlines?
> Samsung's spokeswoman continued: " Should consumers enable the voice recognition capability, the voice data consists of TV commands, or search sentences, only. Users can easily recognize if the voice recognition feature is activated because a microphone icon appears on the screen."
So it is not like it was listening without your knowledge. Only when you use the voice features is the data being sent over. Like with every other online service. As much as I don't like samsung, this is a bullshit reason to hate them.
And why provide two links basically saying the same about the same story?
Their competitor, Vizio, owns https://www.ispot.tv/ which is used for ad delivery tracking.
It's much more reliable and precise than the familiar Nielsen ratings: since you know the total audience of X% TV households in a zipcode (which you know demographics of race/income/household size based upon), and Vizio TVs account for Y% of all TVs sold for households with incomes between A and B, and C and D you can get a confidence interval of how many people ACTUALLY saw your TV advertisement.
Samsung was/is probably trying to do something similar: All sound in your TV pipes through their home theater system, so they can "Shazam" whatever media you're watching, regardless of the source (OTT, OTA, hell even YouTube or a Downloaded Torrent on your laptop hooked up via HDMI) and phone home.
on android you can install SoniControl Firewall to "see" the ultrasonics in your house. Try it with all tvs and things off, then try it with the TV on, youtube videos, and so on.
Pixel tracking works better if the TV is connected to the internet. I remember samsung as one of the companies, where, if your TV was not ever given a wifi connection, it would attempt to connect to any open network to do what it needed to do. This sounds unlawful, so i don't know the veracity, but anyhow - if the TV is online, it can just send a half dozen pixels at known locations back home and there is a database of "content pixels at timestamps" and they match the half dozen pixel values to the database and know what you're watching to some degree of certitude.
but for things like dumb panels older TVs and the like, ultrasonics still work.
You can just use regular math to do this. We've been doing it for 30 years now. You don't need a trumped up overpriced garbage LLM to do anything for you here.
Didn't know that, thanks. Then speakers are actually a pretty big data source. I bet most people don't assume their speakers can be listening. I wonder if you can get internet connection over bluetooth aux or what'd be the best way to get someone to let you send data home on a speaker.
i did some cursory digging, but i don't really want to read the A2DP or AVRCP specifications to see how much data is allowed in the non-audio payload. Besides, PAN exists, but i imagine you have to do something on your phone to allow it.
Most of these expensive things also have wifi, though, don't they?
> Connect your devices and control everything with our soundbar that integrates your favorite voice assistants and smart services like Built-in Alexa², Chromecast³, Airplay 2⁴ and more.
Few things over the past few years have infuriated me as much as tracking and advertising being introduced at the OS level, especially on TVs. I'm looking at you, LG! I will gladly pay more for a TV that doesn't try to advertise Roku's streaming service to me or track my kids' watch history. Seems like they are few and far between, though.
The best thing we have been able to come up with is leaving the TV itself disconnected from the WiFi and using an Apple TV for smart features/streaming. I'm sure they're still gathering data but it's at least not as blatant. It's a real crapfest for the consumer at the moment.
> I will gladly pay more for a TV that doesn't try to advertise Roku's streaming service to me or track my kids' watch history. Seems like they are few and far between, though.
This just swaps one locked-down company for another. You're still at the mercy of a giant corp, and worse it's unlikely to work well with my linux laptop and Android phone whereas at least Samsung tries (and often fails). A better solution is needed. I buy Sceptre TVs when I can, though for a "big screen" there aren't great options.
Yeah, we do use Apple TV because at the very least if they are collecting our data, they're not using it to advertise directly to us on the same device. My parents have a Roku TV and the number of ads it serves up directly on the device leave me feeling nauseous.
This is sound advice for keeping yourself free from malware as well. Many of these TVs end up running super vulnerable junk that doesn’t get updated and has known exploits.
I’ve had two devices end up with malware like this. A Sony blue ray player that was uploading 2gig a month before I caught it and a Samsung tv.
It’s worth mentioning you have to block or change WiFi credentials. The device with malware may attempt to connect to any known wifi even if you disable it on the device. I get 45000 auth attempts a day from my tv.
I just snapped after 2014. Used to be a Samsung consumer with their TVs, galaxy phones, security cams, etc... Their hardware wasn't that bad. It was the software update either buggy or bricking my devices that threw me off. I swear never to allow another Samsuck (my little girl coined that) device in my home and family lives again.
Not a good year so far for Samsung. Just under two months ago on a large number of their TVs with voice control it started only recognizing commands in Russian. It took them several days to get that straightened out.
It was educational. I learned that I completely suck at trying to speak Russian. I could type "channel 4" into Google Translate on my iPad, press the Mic button on my TV remote, and press the speak icon on Google Translate and the channel would change.
But no matter how many times I listened to Google Translate say that in Russian I could not manage to match it close enough the TV to accept it.
Assuming English is your first language, I can probably guess which specific parts of the "channel 4" Russian pronounciation gave you trouble. I'm sure your effort was valiant, but the language is just so different compared to English
I got a good deal for an S90C + Q990C combo. It was 50% off off their regular price which was already quite a bit cheaper than the comparable LG/Sony counterparts.
After 1 year, I am 100% sure that I will never again buy a Samsung product, no matter how cheap it is.
Side note, it's frustrating that this link tries to open in an app on my Samsung phone.
I installed the GitHub app a long time ago, and that had similar behaviors that kept me from the web-based experience I know & love & which is more URL based. Finding that disappointing, I uninstalled the app. But still, GitHub results in Google don't show the URL, they just say "app installed" where the URL would be. What a colossal regression.
More to the topic, we are on day 4 of Google Chromecast Audio & 2nd generation being broken. Supposedly an expired cert. Amazing neglect, ya'll.
True, that would be preferable, but alas Samsung is bent on making their products as big of a pain in the arse as possible.
At least with my Samsung soundbar, the remote can change the volume, the subwoofer volume and change between modes (standard, surround, game). But if I want to enable night mode, I have to use the SmartThings app. There's no way to enable it using the remote. What's worse, the app often hangs when connecting to the soundbar, requiring me to force stop and restart it. So sometimes toggling a feature that should be a single button on the remote takes me over a minute.
Samsung is right next to HP on my list of brands I will never ever buy in my entire life.
I loved my Sonos soundbar. It sounded amazing. But it required me to use their terrible app. That's why I got rid of it (the app was REALLY bad!) - luckily, before they started bricking customers' devices.
To prevent automatic firmware updates, ads, and any other spying I'm not aware of, I block these in DNS:
*.samsungcloudsolution.com
*.samsungosp.com
*.samsungqbe.com
*.samsungcloud.tv
*.samsungads.com
The first one gets the most hits.
I also don't connect my Samsung displays to Wifi anymore. Unless I notice a problem that I have to search to fix. Then if there's a firmware update that fixes the issues, I'll do it.
NextDNS and ControlD are helpful for blocking this sort if thing, or Pi-Hole if you want to set it up yourself.
My samsung was so noisy that I went to forget the wifi network... but it couldnt. So I ended up blocking its mac at the router. Prior to that it was always the #1 blocked device on my pihole.
I am looking to get a new monitor in the next year or so and have been considering ultra-wides. During my research the proportion of people that had horrible experiences with Samsung monitors, typically right after warranty expired, was enough to deter me from the entire brand in the future.
I think it hasn't even been a year since Samsung bricked bunch of their phones with firmware update. They really must have no proper engineering team behind update process.
I always really enjoy these community forums. They are total garbage.
Hello, I am Rene, a community expert on the Hacker News Experience Forums. I see you are having trouble with an auto-flagged post. I will try to help you with your auto-flagged post. Have you tried turning off your kitchen tap and turning it back on again?
I recently replaced all my kitchen appliances with matching mid-scale Samsung-branded ones. The first thing I did after powering them on for the first time was disable the WiFi. For this reason.
Also, it's entirely unclear to me why I need WiFi or a remote server for my dishwasher or refrigerator in the first place. What possible value-add is there?
Ironically the 2022 Samsung soundbar model I have hasn't gotten a single firmware update since January 2023. I bought it new from Samsung after that day.
I am moderately surprised that they even update their firmware on some models.
2 years ago, when LLMs started to become huge, I was really hoping that by this time AI would do this 1st line tech support, with actually helpful questions, suggestions and deductions.
Sony bricked my WF-1000XM4 by overheating its batteries. Some users reported things melting.
$250,00 of my work straight to the trash bin.
Thank you Sony...not.
If you think about it, keeping them offline is a huge security improvement even without the risk of bricking update, so in ways an automated update regime that convinces you to keep your device offline is giving you peace of mind. In a way.
If it allows anyone to remotely execute arbitrary code on a device without the user's consent, it's called an RCE vulnerability. About as serous as software vulnerabilities go, needs to be patched yesterday.
But if it only allows the manufacturer to remotely execute arbitrary code on a device without the user's consent, it's called an automatic software update mechanism and most people somehow consider that it's totally fine.
Yeah like these "cheap" HP printers, which have to be connected to the internet so that they can force you into a subscription, use their own inks only etc. They do not belong to you either.
The question is if it still works "enough" to update to a working firmware, or if it's so broken that it can only be fixed by flashing the EEPROM directly.
Also the vendors increasingly push you to put them online to use devices. Samsung tries really hard to make you think that your TV setup needs a mobile app on your phone running in the background with high precision location tracking, and 99.9% of buyers are going to leave that setup so they’re not blamed for problems in the future.
Sometimes I wonder if HN folks are purposefully obtuse or so deep in their bubble that they don't understand how 99% of people think and operate. The average user will always favour convenience over some invisible concept like privacy.
This is one of the reasons why my home theater system is built from discrete parts (not an all-in-one soundbar), with a high quality receiver that never talks to the internet, doesn't have an ethernet cable and has no wifi access (it works fine as a bluetooth sink when I want to play something from my phone into it), separately purchased 5.1 speaker system, and roll of 16awg stranded copper speaker cable from monoprice.
I will never understand why people are willing to connect so many of their devices to the internet for minimal features. I went out of my way to build a network that prevents even the things I want to have local wifi access from being accessible to the internet.
This will be really interesting to follow. Especially with respect to Tesla’s love of pushing updates to clients. Could this be a harbinger of “you don’t really own your property” by way of so many companies going down this route that enough collapses result in litigation and a massive readjustment? Time will tell.
Each device had to be shipped to a repair center because they needed to directly re-flash the flash storage. The issue with the Blu-Ray players was that an update caused it to get in to a state where it would boot loop before it even got to a point that anything could be done, manually or otherwise.
What we don't know yet with this issue is whether the devices are booting enough to apply another firmware update. It may be possible to do this, fixing this issue. If that's the case "bricked" would be technically incorrect, but for now, it's not a wholly inaccurate term.
Unfortunately those "solutions" don't work, the person who had a potential solution was able to at least go through the inputs, this is not the case here, you can't even go through the inputs.
I've tried all the potential solutions this morning. It seems permanent unless Samsung somehow finds some magic to fix it, especially since the soundbar won't connect to WiFi/internet and doesn't do anything with the USB plugged in.
Perhaps a stupid question, but why they don’t test the firmware updates internally before releasing them?
They almost certainly do, but there's some way that the test jig differs from the units in the field, for example:
- The test jig is probably pristine, so no hundreds of hours of telemetry data clogging up the internal storage.
- The test jig might be on ethernet whereas a lot of users would be using wifi.
- The test jig probably targets specific A -> B upgrades rather than testing progressive upgrade across every version that's ever exists.
- The test jig can't cover every permutation of config options.
- The test jig probably only does a bare minimal smoke test after the install, so if the problem takes a bit to kick in, it might not show up.
Not to say that it's certainly any of these, but all are possible contributors. In the coming days it'll become clearer what particular pattern the affected devices follows, and/or clever people with JTAG dongles will reverse engineer the problem and spill the beans.
so what are the users for? /s
If the damage is actually as bad as it sounds, Samsung is probably talking with their lawyers and is being instructed to maintain radio silence so as to better prepare for the class-action lawsuit.
Luckily for them no one can listen to their radios now.
Wouldn’t radio silence increase damages to customers and result in increased liability?
That's logical reasoning, not corporation reasoning.
Nobody involved in the decision making cares about the customers. They only care about the potential hit to the bottom line, and if that's perceived as callous silence, they don't care. Unless, of course, they decide that appearing to care and being responsive results in less of a hit.
Silences like these are strategic and dependably predictable - engaging with customers on average costs more than remaining silent for whatever metric they've applied to the fix. If it takes longer than they thought, they might feel compelled to speak out, or they could just depend on the issue to fade into the 24 hour news cycle. Engaging with a customer runs the risk of them interacting with some threshold of people that will keep the negative story in the headlines for longer than it might otherwise be.
Remember when Crowdstrike crashed half the computers on the planet for a full day? Well, if you do, you're one of the few, because people are still using Crowdstrike, and the stock is still doing well overall.
It’s still one of the best antimalwares on the planet.
That's fair. In fact, you might say that for a competently set up fleet of computers, nothing beats it.
Law is not logical and rarely makes sense. I'm not suggesting at all that they are doing the morally correct thing, but there are a bunch of ways that you can legally admit liability without meaning to.
For example, little life pro-tip, never directly pay for a loan that you aren't liable for. Proxy it through the debtor, or not at all and get a lawyer if the debtor is deceased.
Depends, radio silence will cost you money compared to just fixing the problem if that's feasible but it will save you money compared to accidentally admitting to liability in a rushed press release.
Only if you connect the soundbar via Bluetooth /s
That is at least, if their ToS doesn't contain the all-too-common provision that you are simply not allowed to sue.
a TOS is not an ironclad legal agreement. Far from it.
They did this before, about five years ago. I had to send it back to them for a fix and it came back a few weeks later.
https://hackaday.com/2020/07/19/the-real-story-how-samsung-b...
Yeah, some people say they got replacements through the warranty. The problem is, this thing is really big and heavy, so boxing it up is a real pain, especially if you've had it a while and already threw out the original box.
That's why my buddy said it's time to buy shares in bubble wrap
Nah, just be a geezer and wrap it in bin bags and then tape around. It's bricked anyway, innit.
Also talked about here https://news.ycombinator.com/item?id=23578920
Similar to Crowdstrike failed auto update incident.
What was the need for the global instance 0->1 rollout of the firmware over the air ???????????????
could they perhaps test it on a small subset? perhaps on Samsung CEO's home system, not the customers'?
he uses apple may be...
previous used https://appleinsider.com/articles/12/12/13/samsungs-chief-st...
new one uses, but just does not tell it.
apply display is good with apple tv.
and ceo dislikes automatically installed free to play tv apps and ads. as samsung does.
https://www.reddit.com/r/assholedesign/comments/co5aw4/unrem... 2500 usd samsung tv with unremovable ads.
and here unwanted apps installed randomly
https://www.reddit.com/r/privacy/comments/ztuv0l/samsung_sma...
My Samsung TV got more and more unusable with every update. Over the years, saved apps, like Youtube, started to disappear every time it woke up. Then it would default to their Samsung TV app, rather than your last app. Samsung TV app happened to be on the Baywatch channel every time my young children started the stupid thing. Finally, after it took 2 minutes to load the youtube app, I factory-reset the device, disconnected the internet from it, and put a Beelink mini PC in front of it. Works flawlessly.
Samsung product life cycle support seems like planned obsolescence.
Contrary to lots of other opinions here, I bought a 65" Samsung TV at the beginning of covid and I sincerely don't have any significant complaints. The remote is easy to use, launching apps is straightforward, connecting an ARC soundbar was no problem, nor was connecting a Chromecast and an Xbox, and it "just works". Every once in a blue moon (maybe twice a year-ish) I've had to power cycle it to fix a wifi connectivity issue, which may well just be a result of DHCP lease expiration on my network.
I have a modern Sony Bravia, too, which is running "Google TV" natively. On the plus side, the UI is just about identical to what you get with a Google TV dongle (which I also have, plugged into an old 32" monitor in front of my bike trainer), but it's also a really heavy interface that's also increasingly rich in ads. If your household is like mine, and holds subscriptions to a half dozen or more streaming services, some of which are bundled and some of which are either discounted or comped via entirely different subscriptions (mobile phone) or membership (credit card), it's really not helpful to have Google show me subscriptions I might want to add-on to my Google TV sub, nor do I appreciate seeing ads for content from things I don't subscribe to. Also, the Sony remote has about 50 buttons -- not a fan.
All things considered, I end up having to fiddle with the Sony TV far more frequently than the Samsung one, usually because of network or app issues.
We have an old Roku stick plugged into an old tv in a spare room, too, and it's almost intolerably slow. It's primary use case is to plug into our projector for backyard movies in nice weather, so I keep it around, but man is it dog slow.
I have a similar experience with my high-end Samsung TV from 2013. The TV itself still works perfectly so I'm not replacing it soon (still 1080p, not 4K, but...), but over time, Samsung has steadily removed key features with each update. When I first bought it, it supported Skype video calls (and now the integrated webcam can't be used at all), IPTV streaming, and various third-party apps — all of which are now gone.
NEVER BUYING A SAMSUNG TV AGAIN
Microsoft removed support for Skype on TV, not Samsung.
Most apps get removed because the people writing them don't want to support them anymore. The Samsung framework from 2013 was always trouble and it doesn't support many current W3C features that you'd want as a developer. Most people I know are drawing the line at supporting 2014 or 2016 Samsung devices.
Could Samsung update their devices to ensure they still supported modern frameworks? Possibly, but they don't really get any revenue from providing OS upgrades and those devices suck in terms of RAM and CPU.
I hate this idea that software "rots" all by itself when it's just left on a device and is impossible to keep working. I would at the very, very least expect my device to work exactly as it did on day one, for the next 50 years, assuming I don't change the software. It's bits on a flash drive! It doesn't rot, outside some freak cosmic ray from space flipping a bit.
If you're saying the software stops working because the backend it talks to goes away, well that's a deliberate choice the company is making. All they have to do is have a proper versioning system and do not touch the backend service, and it also should work forever.
Certificates expire.
So don't burn CA pubkeys into your binaries without means for user override. If the software can persist a user-specific analytics ID it can support user certs. This is a solved problem.
Google learning this the hard way with the recent chromecast outage[0]
[0]: https://www.googlenestcommunity.com/t5/Streaming/Regarding-a...
This is exactly why "Smart" TVs don't make any sense. My in-laws have a perfectly fine Sony TV, it's nok 4K, but the HD picture quality is amazing still. Apps have slowly started to disappear as they are no longer being updated and new one aren't being added.
I don't know how this work, but either Sony or the streaming service must be making the apps, and neither seems interested in maintaining apps for a 10+ year old TV. So when the streaming services are updating their backend, older TV don't get updated applications.
Smart TVs make absolutely no sense, the streaming service are moving to fast, so you'll need a cheaper box, or a product that is support for a decade.
My experience with LG wasnt any better. Thorough about a year the tv became increasingly unresponsive. You start it, after 30 seconds the sound andpicture appeared, and for about 2 full minutes it would not react to inputs what so ever (except turning off). So if you happen to turn the tv off with higher volume, you could not launch it in the evening without it blasting for 2+ minutes at night. Abhorent
LGs, while still smart TVs, are relatively competent at being dumb TVs. Your only other options these days (sans rescuing a dumb TV from e-waste) are commercial panels and projectors.
If you just use an HDMI input and attach some streaming box to it, Samsung TVs work just fine. Just never touch the remote and only interact with the source and everything works.
We have a 4K TV from Philips (really, TP Vision), which has Android TV, but you can just set it to an HDMI input and then it works as a dumb TV.
Being a Philips (TP Vision), it also has Ambilight, which is nice.
It’s a few years old though, so no guarantees that newer Philips (TP Vision) models work the same way.
Still appreciating my 2011 high end Samsung TV. I believe it's the last non-smart product year. It could stream videos from a network share but that's about it.
Judging by current trends i will have to replace the attached chromecast before the TV breaks.
what bother's me even more is that they are constantly spying on me (phone home, what am I watching, ...) and pushing advertisements to my TV. My next TV will probably not be connected to the internet.
Well I'm not sure what use you'd have out of Skype integration when Skype itself is being axed in a couple of months
The issue is not Samsung per se, it is the smart TV crap we can't get rid of.
With luck there are some old TVs still on remaining stock and that is about it.
We bought a samsung tv in 2016 and it slowly became unusable by mid-2020. Fortunately it got dropped by the movers and we were able to justify buying a new TV (LG). The LG UI/UX is awful though, I wish we'd bought a sony. LG TVs don't have a way to simply select "HDMI1/2/3/4" you're stuck using it's "smart" detection system, which can only be reset by physically unplugging the HDMI cables from the back of the TV, which is never easy to get to. Apparently the solution is to buy Sony and just pay the extra price.
I have a "smart" Samsung TV in my home office but it's never been plugged into the network and has a chromecast and various networked devices plugged in to it as a "dumb tv", that has been working out great, the TV still turns on/off easily and is as fast as the day I bought it (makes sense, it's still running the factory firmware).
> LG TVs don't have a way to simply select "HDMI1/2/3/4" you're stuck using it's "smart" detection system, which can only be reset by physically unplugging the HDMI cables from the back of the TV, which is never easy to get to. Apparently the solution is to buy Sony and just pay the extra price.
Another possible solution is to only use one input on the TV. Connect an A/V receiver to that one input and connect all your other devices to the A/V receiver. Then you should only need to deal with switching inputs on the TV if you want to watch over the air TV using the TV's tuner. You can probably even get rid of that need by getting a stand-alone TV tuner and hooking that up to the A/V receiver.
Many A/V receivers have network interfaces that you can use to control them if for some reason you don't want to use their remote. Most Denon receivers for example have an HTTP server that presents a web-based interface if you browse to it from a computer or mobile device.
They also run a simple HTTP based API that is easy to use from scripts. For example here is a shell script that gets the current volume setting of mine:
which when run gives me this at the moment:I also had the Baywatch bug. Neo QLED right?
Every time you’d start the tv it’d switch to the Samsung Baywatch 24/7 stream.
So inappropriate for the children.
>So inappropriate for the children.
The bug, or Baywatch itself?
I find it appalling that no matter how much money you spend on a Samsung TV, you'll get banner ads in the fucking source switcher. Absolute total disregard for their users.
LG still has bits that are ultimately ads, but at least they're less egregious, presented as suggested content in a Home view that already aggregates content from various sources. Not ads for fucking McDonalds and similar. At least that was the case as of a couple of years ago—I disconnected my LG from the internet the day I got an Apple TV and never looked back.
Just let me buy a large class leading display without trying to insert yourself into my life, please. I'm already paying through the nose for it.
I never worked for Samsung, but I built TVs for JVC and LG, among many other brands. I don't work in consumer electronics anymore but a decade ago that was my field.
TVs are a wildly unprofitable business. It's astoundingly bad. You get 4-6 months to make any profit on a new model before it gets discounted so heavily by retailers that you're taking a bath on each one sold. So every dollar in the BOM (bill of materials) has to be carefully considered, and not far back the CPUs in practically every TV was single core or dual core, and still under 1GHz. Bottom of the bin ARM cores you'd think twice to fit to a cheap tablet.
They sit within a custom app framework which was written before HTML5 was a standard. Or, hey want to write in an old version of .NET? Or Adobe Stagecraft, another name for Adobe Flash on TV?
Apps get dropped on TVs because the app developers don't want to support ancient frameworks. It's like asking them to still support IE10. You either hold back the evolution of the app, or you declare some generation of TV now obsolete. Some developers will freeze their app, put it in maintenance mode only and concentrate on the new one, but even then that maintenance requires some effort. And the backend developers want to shutdown the API endpoints that are getting 0.1% of the traffic but costing them time and money to keep. Yes, those older TVs are literally 0.1% or less of use even on a supported app.
After a decade in consumer electronics, working with some of the biggest brands in the world (my work was awarded an Emmy) I can confidently say that I never saw anyone doing what could be described as 'planned obsolescence'. The single biggest driver for a TV or other similar device being shit is cost, because >95% of customers want a cheap deal. Samsung, LG and Sony are competing with cheap white label brands where the customer doesn't care what they're buying. So the good brands have to keep their prices somewhere close to the cheap products in order to give the customers something to pick from. If a device contains cheap components, it was because someone said "If we shave $1 off here, it'll take $3 off the shelf price." I once encountered a situation where a retailer, who was buying cheap set-top boxes from China to stick a now defunct brandname on, argued to halve the size of an EEPROM. It saved them less than 5c on each box made.
For long life support of the OS and frameworks, aside from the fact that the CPU and RAM are poor, Samsung, LG and Sony don't make much money from the apps. It barely pays to run the app store itself, let alone maintain upgrades to the OS for an ever increasing, aging range of products.
And we as consumers have to take responsibility for the fact that we want to buy cheap, disposable electronics. We'll always look for the deal and buy it on sale. Given the choice of high quality and cheap, most people choose cheap. So they're hearing the message and delivering.
[delayed]
Yeah, but is there a way for consumers to compare the compute performance of any given TV?
If OEMs differentiated their TVs based on compute performance, consumers might be able to make an informed choice. (See smartphones: consumers expect a Galaxy Sxx to have faster compute than a Galaxy Axx.)
If not, consumers just see TVs with similar specs at different prices, so of course they’re going to pick the cheaper one.
Sounds like every Android vendor, woth Google leading the pack.
(disclaimer: maybe 5-10 years ago)
I pulled my Samsung Smart TV off the network a while ago, precisely because it was getting slower and slower over time. The allegations of spying pushed me over, but the apparent belief that they own my TV would also have done it.
I want a separation between my display device and the thing serving it anyhow, but that's just me in my techie world. The fact that performance got worse with each update, though, that's just over the line for everyone. I mean, if you're going to babble about how you're upgrading my experience, shouldn't you, you know, upgrade my experience instead of constantly downgrading it? My experience gets downgraded, but gee golly, it sure seems like yours is getting upgraded.
Well. It's really not that hard to not plug in the ethernet cable.
My Roku boxes have also had the same trajectory over the years. As time rolls on, they just get slower and slower with each update. Slowly, but surely. How exactly this is accomplished I'm not even sure, it's not like they're overflowing with new features or doing bold new computations for my benefit. They just get a little bit slower every effing time. But at least replacing my Roku boxes is $20-40 now. Hey, sure, OK, a $40 thing probably can't be expected to work 5 years from now. If nothing else, video codecs do march on and specs may exceed what the hardware decoders can handle. OK. My $1000+ TV does not get that grace. It damned well better be able to turn on in less than 30 seconds, even 10 years, 20 years from now. No excuses.
I had a smart TV that gradually got slower and slower until it became basically useless. I figured it was just running out of RAM as apps got larger with updates over the years.
This describes essentially all Samsung products: really cool for the first few months then progressively accelerating slide straight into the trash.
I'm never buying any Samsung products again if I can avoid it. A forced update bricked my damn phone when it forcibly restarted while I was showing something to a client.
Samsung doesn't give a shit. They'll trash the device you paid for and tell you to suck it up and buy a new one.
Two important features I insist on for products I develop:
1. Staged rollout of firmware updates. It’s common practice for apps and software but for some reason it’s less common with firmware. Rolling out to 1% (or less, depending on scale) of devices and waiting a day is cheap insurance. Side note: Build a good relationship with customer service people so you hear about these things immediately.
2. A failsafe firmware reset back to factory state. Some sequence that resets the device completely back to the way it was when it came out of the box, firmware included, as a last resort. In conjunction, your automated tests need to confirm that every factory firmware you’ve ever released can update to the latest firmware.
> A failsafe firmware reset back to factory state.
This doesn't work if your threat model includes denying rollbacks to prevent exploiting bugs in old firmware. I'd love to be able to roll-back firmware on some of my devices to allow me to "jailbreak" them using old firmware.
In some cases your newer firmware may be blowing e-fuses that prevent old firmware from functioning. See the Nintendo Switch, for an example.
To be clear: I think this is anti-consumer and wrong, but manufacturers absolutely do it.
Edit: I also think it should be illegal, by way of consumer regulation. I don't think consumers should have option to waive their right to manufacturers not damaging hardware they own.
This doesn't get enough attention, waaaay too many of these issues are traced back to the vendor trying to "prevent" someone from using their product in a way that they don't like.
Why else would a soundbar need updates anyway? It either performs its well defined functions when you bought it or they sold you a device that doesn’t input/output sound.
Updates for these types of things always fall into three categories. Either they’re gimping some unanticipated usage, they’re trying to insert ads, or they’re trying to gather more usage data.
Sibling mentioned CEC fixes— this one is huge. CEC is lovely in concept but I ended up having to disable it completely across my setup as there was just way too many bits of weird behaviour with devices turning themselves on and then switching the TV or AVR to their input apropos of nothing.
I feel like CEC tried way too hard to be magical instead of exposing enough control for the user to be able to block certain commands from problematic devices, or even just designate that device X will always be the boss in a particular setup.
Absolutely this.
The frustration when I turn on the Steam Deck and the Apple TV goes
"Look at me. Look at me! I'm the output now"
Yup, game consoles are ground zero for this. I hit the button on the PS5 controller only to have the receiver and TV power on, then the PS4 wakes up for some reason and then switches the AVR to its input.
My Sony UHD player also seems to want to grab the input sometimes too, so maybe it's Sony that's the source of the problems haha.
And again, it's all just so maddening because it feels like it would go away if I could be like "Hey, AVR should never send power-on messages to its input devices." Because then I would just power on the device I actually want to use, it would turn on the AVR and TV, and we'd be golden.
Even better: I have some sort of Useless Machine[1] bug where turning on the TV will power up the PS5, which then puts itself to back to sleep.
[1]: https://en.wikipedia.org/wiki/Useless_machine
I turn off CEC all the time and my tv refuses to acknowledge it if I ever unhook the device or HDMI. Always defaults back. Drives me crazy.
Highly recommend https://www.amazon.com/Lindy-HDMI-Adapter-Female-41232/dp/B0... -- I have a couple and it's solved this problem for me completely. I hate how unpredictable CEC is when things go wrong, on top of the ridiculous 3 device limit.
I have a laptop, steamdeck, Nintendo Switch and chromecast all connected to an LG TV and all the ouput switching and remote pass-through works as expected. Maybe just a lucky combination ?
While I agree with your broad statement, I have a TCL (with built-in Roku) TV that has a bug in the sound processing. Either it becomes very quiet, drops out completely, or comes in and out with a lot of stuttering. Happens irregularly, typically though not always weeks apart (though on no schedule I've identified), solved with a reboot of the TV (which of course can't just be done by turning it off and back on - you have to select "restart system" from the menus).
I owned it for at least six months before this occurred the first time.
In theory, I could do a USB update of the firmware and hope that fixes it. In practice, they want my serial number to let me download it. No thanks, I'll pass, even though it's never been connected to WiFi or Ethernet and never will be. I'll just reset it every once in a while.
Not because the device changes, not because the software changes, but because the world does
And the obvious solution is to isolate the device from the world. Most of my stereo is isolated from “the world”, and some parts are close to 30 years old. Why does a soundbar need contact with the internet?
That kinda defeats the point of having a device. Sure it works in some cases but we're talking about a soundbar here and that has to interact with other devices. It's whole purpose is to interact with other devices.
Even if it doesn't need to contact the internet you're still going to want it to connect through cables. There's good reason to connect through bluetooth.
But why should it contact over the internet? Well it sure is nice to be able to stream music from my NAS. There's utility in that. There's also utility in the parent company updating firmware to support new audio codecs. Or to support new algorithms. If my device is gaining more utility, that's a great thing! And of course, if it is connected wirelessly in any way (including bluetooth) I sure as hell would like updates with respect to security.
Without this, the thing becomes e-waste. The environment moves. Time marches on. No thing can exist in isolation, no matter how hard you try. Again, software rots, not because the software changes, but because the world does.
But that's not the problem here. The problem is abuse of that power. It isn't for the benefit of the customer. The problem is managers pushing to release before things are ready. The need for speed with no direction. To not even consider in the calculus of decision making the tremendous costs of when things go wrong. And how this lesson is never learned despite facing the problem time and time again. Issues like this now cost tons of engineering hours, tons of lawyer hours, and ultimately will cost tons in rebates and refunds. How many weeks of work is that equivalent to? Sure, it doesn't always result in catastrophic failure like this, sometimes it results in smaller failures, sometimes small enough they can be brushed off. But those are still costs that no one considers. That's the problem here.
Innocuous product features like streaming music, integration with Alexa/Google, connecting to TV and other speakers via wifi. Oh and collecting analytics data and selling to ad networks...
Why does a soundbar need software? An active speaker with a jack plug would work just fine
Just because you want to keep using old tech doesn't mean everyone else wants to.
Modern soundbar are bugged Bluetooth enabled, also with ship with interfacing protocols, while legacy bluetooth/wifi drivers are ok, protocols just break
Also, time-to-market pressures can result in initial shipments having (minor but not showstopping) firmware bugs. Post-sale firmware upgrades can be beneficial for the customer.
A lot of consumer products ship with half-baked software and/or firmware. I wish Polk would fix the bug(s) that cause my soundbar to freeze and need a reboot several times per week. But it's an old product that's not longer sold, so I'm probably SOL.
Maybe a new codec? New streaming app support? New wireless protocol? CEC bugfix?
Yes, all of those are in the realm of possibilities, but has it ever been the norm?
In my experience, products like this are only get updates when the company finds a way to extract more money:
- add more ads
- add more ads that pretend not to be ads
- to remove functionality, so it won't cannibalize sales of more expensive product
More hardware is sold at cost or at a loss, compensated with ads. I don't like the model either, but that's how it is.
If price isn't the only factor for some, it is for many who would otherwise not buy these things. Sellers picked up on that long ago.
Other comments wish to see regulations, they can't outwit those marketing tricksters. For profit enterprise can, and will offer more alternatives with bigger stamps about privacy, ad-less certified and whatnot.
It’s the norm because people rather buy one single product that does it all.
The alternative to an all-in-one sound bar is having regular 5.1 speakers, a nice receiver, a nice streaming box, and maybe a dumber TV and you will have absolutely the best setup but it’s a lot of putting pieces together, more space usage, and either money (if you want it right away) or a lot of waiting (if you want to get it used).
To install an AI update you didn't ask for, do not need and cannot turn off?
> Why else would a soundbar need updates anyway? It either performs its well defined functions when you bought it or they sold you a device that doesn’t input/output sound.
Unfortunately there are soooo f..ing many devices out there that don't follow the specs, no wonder given how long and complex alone the Bluetooth specifications are, and HDMI/HDCP (which a soundbar with ARC support needs...) is even worse, and don't even try to get me started on CEC because that is an even bigger pile of dung, or stuff like GPUs that run HDMI over DVI, MHL or USB-C in DP mode and god knows what else people expect to "magically work" with a 5 dollar adapter they got off of Alibaba. And no, "audit products to follow the specs" isn't a foolproof solution either. That means that everyone has to deal with everyone else's quirks and at least the most popular devices and their manufacturers have to supply firmware updates to react upon reports of quirks.
While I agree with what you wrote
> [...] GPUs that run HDMI over DVI [...]
I thought HDMI and DVI use the same signalling (at least the 'digital part' of DVI, was it DVI-D?), just over a different connector?
In my memory only the connectors competed for adoption, and Home Entertainment industry opted for HDMI and the PC-industry opted for DVI, while the signalling was not contested (besides DVI also being able to carry analog signalling with full spin-out, and HDMI carrying audio instead). My memory might not serve me well here though.
I never thought HDMI would win :( but it makes sense I guess - Computers/their use changed :(
> Why else would a soundbar need updates anyway?
Because for free you only get the first 15 levels of volume. If you want to get to 25, you need to pay a subscription.
I thought it was obvious... how does the seat heating work in your car? /s
Upvoted, but I'd pay a subscription to restrict a neighbor to the first 15 levels of volume out of 25 sometimes :)
We've solved long ago mass manufacturing challenges. Today's problem is to sell.
Exactly. If your company's threat model considers its own customers as attackers, you're the baddies.
Not always. There's a time and a place for including end users in your threat model. These would include scholastic and carceral settings, where in both cases the end user may, as an example, desire access to resources that have been deemed inappropriate.
> scholastic and carceral
Same thing.
> deemed inappropriate
Ooh! Deeming! Can I deem too? Huh? Can I? I have a number of candidates.
The problem usually aren't vendors. The problem usually are rightsholders - the movie/TV series industry still didn't get the Spotify memo, and the console game industry... well it's hard to say they don't have a point insisting on serious DRM given how rampant piracy becomes once there's an easy-enough root method available.
This is an undersold part of the story
It's not only media companies with DRM
IoT integrations like Alexa come with numerous security requirements that are often good ideas in theory but lead to hacky workarounds to meet certification requirements
Is this the Spotify that is a broadly unprofitable business, which is why it's so desperate to enter into new ones, or the Spotify that has DRM?
The massive success of Steam points otherwise.
In what way? Console makers wouldn't gain anything by weakening DRM and making devices rootable. It's not like they are making that much money from device sales.
Of course then you have MS which basically just turned XBox into a cheap but totally locked down gaming PC (since there are very few Xbox exclusives these days).
Yup! Depends on what's a higher priority: Preventing catastrophic destruction of the device, OR, "protecting" some IP from ultra-small-scale piracy, even though ultimately anyone bent on piracy will be able to pirate anyway.
Clearly the latter is heavily preferred by most companies.
even with that "requirement" add special minimal recovery that can be booted with special buttons sequence by bootloader and allows some form of flashing signed firmware.
this should be especially trivial when your device have some usb ports.
you can keep all requirements of only newer or the same version of firmware to flash, with all refuse checks.
if you mess up, you can allow consumers to flash fix using regular pendrive
Big part of the UBNT vs Cambium dispute. IIRC UBNT won in court, but just to prevent the Cambium firmware being installed on their hardware the next few firmware versions fixed it so that it cant be easily reverted.
Whats worse is that a lot of the affected hardware was near or EOL anyway, so Cambium was simply helping rescue devices headed for the scrap heap.
But then at least have backup firmware of the one you want to update, so you can go one step back in case of errors.
Sometimes they do it because it’s contractually required if they want to get access to proprietary standards, for example to allow them to play copy-protected content.
Copyright and patent have morphed into evils that drive anti-consumer and anti-competitive behavior, and have driven a “subscription” model that allows rent seekers to achieve their wildest dreams.
Yes it does work… with an A/B update system.
Android systems can do this today. After an orderly shutdown of new software, then it can mark the new stuff as good and not allow older software to boot.
This is a good reason for manufacturers not to deny rollbacks, and a good reason not to have e-fuses.
Yes, they do it, but usually in devices where it's basically part of DRM. I don't think engineers put that much though in security of soundbars.
Blow the fuse after its confirmed working. Or always allow a one version rollback.
Im not a fan of firmware lockdowns but I understand other people may value security over moddability.
At very least, it should be two partitions: previous firmware and current firmware.
I think the correct way to do this is to allow a rollback to the immediately previous working version. Before updating, write current firmware to failsafe data storage, then do the update. Then a firmware reset sends you back to the last good version. I'm pretty sure this is already done by many hardware and software manufacturers, such as me.
Blowing efuses is a destructive action and it should not be legal for a company to destroy parts of your electronic device that you paid for
I completely agree with both points and would add a third: design for offline use first (maybe treat every OTA update as - this might be the final version this device ever receives). Products should work perfectly fine without an internet connection, heck that's how they worked until 5-7 years ago. Core features should never depend on cloud services, and updates should be opt-in, not forced.
Offline first approach respects user autonomy and creates a natural safety net against bad updates. Plus, it means your product keeps working even when servers change or get shut down years later or a nuclear war happens. Sure, connectivity has benefits, but a speaker's main job is playing sound, not phoning home. Building offline-first also forces better engineering decisions about longevity and graceful degradation.
It's so hard to find any offline-first apps/devices nowawdays, which is sad to see in a world of algorithms and AI.
This whole situation reminds me of this: https://programmerhumor.io/linux-memes/thats-the-attitude-sa...
But you see, the problem with offline use is the manufacturer can't claw back value in the future. How will you keep shareholders happy if you can't arbitrarily push ads, hobble existing functionality, or impose a new subscription service?
Exactly - that's the flaw in trying to extract infinite growth from finite products. We've turned durable goods into rental services without consent, all to please quarterly earnings reports.
The tragedy is that "respecting customer ownership" is now seen as leaving money on the table rather than building lasting brand loyalty through quality.
Most companies don't do this because it's not one of their organizational priorities to have reliable updates. The infrastructure is usually custom built and maintained by a couple of folks who have a dozen other responsibilities they're told are more important. Testing is usually limited by hardware availability and release velocity. "One of every board revision we've ever produced" simply isn't available and waiting two days to run through every firmware version before you release updates is a conversational non-starter with the PMs.
There are commercial offerings (like mender.io, never used) that basically specialize in providing rock solid update infrastructure, but that again takes investment and organizational priority that doesn't exist for non-feature code.
Different industry, but I (a long time ago) worked in a place that built scientific instruments.
> "One of every board revision we've ever produced"
The, ah, "special" people we had running engineering didn't even put in the work to be capable of the software querying the board rev. We had to play games like running certain motors past a position limit and seeing if there were limit switches there (or not) to guesstimate board revs.
I'm guessing stories like this are common.
> 2. A failsafe firmware reset back to factory state.
Do you mean like a physical button? That could work, though I'm not sure I've ever seen it. Holding down power for 10 seconds (or whatever) usually just erases user data, but doesn't reset firmware. Are you aware of any device that does this? But does it require some meta-firmware to roll back the firmware? What if that meta-firmware has a security flaw and needs to be updated? And that update is faulty?
If you're talking about a code sent from your servers to devices to reset, that seems like asking for the impossible. If a firmware update bricks the device, that may very well brick its ability to receive codes at all.
In both situations, it starts to feel like a problem of infinite regress...
I get the sense that #2 is viewed as a risk for DRM, given all the work that goes into preventing firmware downgrades to potentially insecure firmware. Specifically thinking of the Nintendo Switch[1] that goes so far as to blow fuses on each firmware upgrade!
https://news.ycombinator.com/item?id=23534793
eFuses were already on the Xbox 360/PS3 generation. Smartphones also use them to lock out proprietary photography algorithms if you unlock the bootloader.
https://en.wikipedia.org/wiki/EFuse
For this $1500 street price soundbar, I'm wondering whether they consciously decided not to invest in BOM cost or software effort that would help avoid bricking.
I'm not sure I understand various industries' conventions...
While interviewing for a principal engineer job, I was meeting individually with a bunch of team leads and managers, and one engineer asked how would I design firmware updating for the company's large&complex product (which was more critical, complex, and expensive than a soundbar).
I assumed they were probably trying to see whether I would throw in some robustness/resilience (not oversimplify it). So I sketched it out, while hitting notes like diffs, downloading and assembling in staging space, imperfect networking, having at least two firmware "slots", backing out upon boot loop or failure soon after boot, gradual deployment to installed base, contrasting with some less-critical consumer product firmware update practices, etc.
(Either that was a bad answer, or they got distracted thinking about something I'd said, because I was getting odd subconscious backchannel cues, and they were unresponsive when I tried elicit more requirements or guidance about what they were looking for. Maybe there was some standard embedded systems programmer canned answer that I was supposed to recite (analogous to the Web brogrammer 'system design' interview), and they couldn't think of how to nudge me towards the shibboleth without saying it?)
Sonos completely missed the boat on these two simple concepts as well.
See their new app debacle which coupled a non-reversible firmware update that made the hardware incompatible with the old app.
Great points! As an addendum to this, if #2 becomes untenable for whatever reason (such as a vulnerability in the factory firmware image), then this #3 would be good to strive for as well:
3. have a set of conditions to mark the running firmware image as "safe" and have it become the new fallback firmware image for this scenario. That way you can have a recently up-to-date firmware version constantly trailing the new ones
IMO this is a terrible idea for many reasons but the most important of which is: As a consumer I should have the right to have my device revert any b.s. update and get my setup to how it was the day I bought it.
So many companies have begun rolling out updates that makes the device I purchased call home before allowing any user functions and if/when that server goes down my device becomes a brick. This behavior essentially invalidates my ownership of the product and renders it to a service, provided at will by the manufacturer.
Your idea ensures my device will one day become a brick as soon as the manufacturer decides to mark their update requiring internet check-ins “safe”.
If you think I’m exaggerating check out Louis Rossmann‘s YouTube channel.
FWIW, my background is in B2B hardware and that's the perspective I am coming here with. Out of curiosity though, how do you weigh your value of control vs. security vulnerabilities? Modern speaker systems allow some form of wireless connectivity, so there is bound to be something and not all consumers will be savvy enough to keep up with security updates on their own.
My thoughts on security vulnerabilities is that they exist on any out of date firmware and that should be expected. I’ve never rolled back to factory settings and assumed that this device is now exposable on a DMZ.
Specifically I’m talking about consumer devices, which are almost always behind a NAT config + firewall. If your soundbar has a vulnerability it’s pretty much irrelevant if someone has already breached your network.
If we’re talking about enterprise networking equipment, I still stand by my concerns that the the owner should be able to revert back to stock but the burden of responsibility is on the technician configuring this device, not the manufacturer.
It seems to me the mentality has become that since end users tend to be bad at system administration, they shouldn't be allowed to do it, for their own good.
I reject this mentality. I don't think it's necessary or desirable to make it impossible for people to do things that have negative consequences for themselves. Put a "here there be dragons" warning on the firmware rollback, bootloader unlock, or similar dangerous operation and let people take responsibility for the outcome.
In the case of consumer devices, most people won't even try those things; those who do risk further problems for the chance of a better outcome. In the case of enterprise networking equipment, there's an IT department that, in theory has the skills and resources necessary to make good decisions about technology.
There will always be security issues, so "but security" is not a reason to prevent a consumer from doing whatever they want with a thing that they purchased from you (I'm of course just speaking morally/ethically here since there's no legal provisions preventing that in most places).
If I pay you for a product, you have no moral right to tell me what I can and cannot do with that product, up to and including messing with the firmware, installing known-bad firmwares, wiping it and building my own firmware, whatever I want. It's mine, I paid for it, stop violating my private property rights.
I think I agree with you generalle but just from a logics perspective, this is a bad argument:
> There will always be security issues, so "but security" is not a reason to prevent a consumer from doing whatever they want with a thing that they purchased from you
Just because there will always be security issues doesn't mean you shouldn't try to take care of the low hanging fruit.
Not the person you replied to, but I'm literally pulling wire again to avoid dealing with that dichotomy. And hardware developers that think OTW firmware updates are a neat idea >:(
Unfortunate you'd need to weave that all the way through the whole product stack in order not to end up in a state that looks like it's working at first glance but actually isn't doing what it is supposed to - like everything running but not showing an image, or everything running except networking is dead (-> also no further updates possible), or (remote) input devices, etc etc
From the manufacturer's point of view, a sufficient "safe" state is "can receive and apply a firmware update" -- worst case scenario you can always push out a new re-signed and renumbered version of the older working version.
Network connectivity would need to be in the set of checks to determine if an update was successful. Also, there should hopefully be QA. If you only have one smoke-test for a firmware image it should be whether or not it can upgrade/downgrade a new image from that one.
This is what everybody wants, but almost nobody does. Time to market, etc.
You need to have the firmware equivalent of a platform team.
It's common now for medium and large companies to have some variant of a cloud platform team: People responsible for shared practices, infrastructure, and processes in the cloud.
Smart hardware companies have done the same for decades. You have a firmware platform team that handles things like update protocols, recovery protocols, testing checklists, on-device OTA update architecture, and other critical functions.
When you're a company like Samsung that continuously releases and develops products this actually increases your time to market rather than decreasing it. You let each product team focus on the parts of the firmware that make their product valuable and free them from having to roll their own update systems
Samsung has multiple such teams. In my experience with the broader industry, platform teams are usually less than a dozen people who own millions of lines of mostly-external code. You don't usually get the luxury of careful deliberation and comprehensive testing because you're doing too busy putting out fires and chasing down manufacturer errata.
Samsung might be one of the good ones, but sadly most hardware manufacturers treat firmware and software like just another line item on the BOM. Like a screw or a silicon gasket: Source it from some "supplier," spoon it into the product somewhere on the assembly line, and then never touch it again. I've seen a hardware manufacturer that doesn't even use source control or branching. When they have a new hardware product, they take the software that is closest in functionality, hack it until it works with the new hardware, and then set the software back on the shelf until next time.
It's almost exact same thing as purchasing an insurance.
If the management folks have personal health insurance, surely they must understand the concept and the need. And this is a much better deal because unlike actual insurance this is more like "invest once, enjoy forever" type of thing. And multi-stage boot chain, recovery partition and staged rollouts are not some rocket science that needs some serious expertise.
Yet, here we go. Humans are not really rational actors after all, and collective humans are even less so.
As a user/customer, if I'm part of that 1% with an issue and get the same sort of "canned" response you see on the mentioned thread, I feel like me as a user doesn't matter. I guess the next step is calling customer support and then having the person on the phone making me go through their checklist of things I've already tried and again, feeling like this is of no use.
I think it usually takes a big rollout for these big companies to actually "hear" their users.
The second point is the really important one here. Mistakes happen, having a factory reset that actually works is crucial to avoiding extremely expensive recalls.
I'm reminded of the time a random NPR station accidentally bricked the infotainment systems on thousands of Mazdas and because there was no factory reset feature they had to spend millions replacing head units. That's just bad design.
Another good one is; please always split any security updates from feature changes (and backport the updates per whatever versioning policy you have for those lagging the latest).
After many years of being burned I always delay system level non-security -related updates at least several days after launch to mitigate the risk.
> A failsafe firmware reset back to factory state.
Or perhaps to the very first released firmware version. This way they don't have to support updating from any version to the latest, just from the first one.
Reverting to factory state seems riskier than last known good state. You could run into things like TLS root authorities not being recognised, deprecated cipher suites, etc. Just because that version worked a decade ago, it doesn’t mean it’s compatible with the world today.
> Reverting to factory state seems riskier than last known good state.
Reverting to factory state is the last resort. You don't have users do it unless there is no other good state to return to on the device.
> Just because that version worked a decade ago, it doesn’t mean it’s compatible with the world today.
That's why I said you have to include this in your test procedures.
When you're planning for the long term you can accommodate for these things on your servers.
> > Just because that version worked a decade ago, it doesn’t mean it’s compatible with the world today.
> That's why I said you have to include this in your test procedures.
You can’t test the world. Even if your servers can correctly respond to requests from old software, it doesn’t mean that the network between you will too.
Networking surely does introduce complications especially when TLS is now basically considered required and cert lifetimes are being limited for 'security' reasons. However most consumer devices have functionality, often their primary/most important function, to which network connectivity isn't even needed. For instance, a speaker producing sounds.
In the factory reset state, things should have a USB flash drive firmware install route which could be used to bring back working root certs, etc.
Of course again this depends on whether the mfg is worried about DRM bypass hacks that are found later on in the factory firmware.
I'd support legislation to issue stiff fines for devices that can't be factory reset at any time, with the only exception being for directly-consumer-benefitting anti-theft (so, iCloud lock is okay).
But can’t you? Sure, factory firmware from many years ago might have issues, but should still work well enough to allow you to fully offline upgrade to a newer working version.
I think all the OP was saying, is: Suppose you’re releasing firmware version N for some widget you make. Now, for all versions V in (0..N-1), verify that applying N to V works correctly.
> "A failsafe firmware reset back to factory state"
A failsafe firmware reset back to a safe and secure state yes. The factory state is not necessarily that, so no.
I think devices should keep a last known good state firmware but keeping a full factory state immutable firmware would be irresponsible for many usecases.
What hardware reset typically does, in my experience, is to reinstall the last firmware you installed. Many don't even have the space to keep some original and/or safe image in addition. I'm working on one device where we delete much of the existing system to make space for even downloading a new firmware image. It's wild.
iirc for computers doesn't gigabyte have some kind of patent on dual bios design (active vs backup bios chips). I'm sure there are other ways to implement it but I think thats true.
But .. but then they can escape the extortion to a working state..
The important feature here I would insist on is to let the user decide when to do a firmware update. Not the other way round. That's the way to build a good consumer relationship.
Why on earth a sound bar needs to update its firmware? Why firmware needs to be in a couple of tweeters and a woofer? It should basically output audio from an input source.
This is the de facto playbook for one of the Mega-Evil Corp.'s CPE firmware (Gateways, IPTV receivers, etc...).
New firmware is pushed in phases 1%, 5%, 10%, 25%, 50% then full scale.
Each stage has some delay incorporated for acquisition/application and then for telemetry (including support contacts from affected accounts) to determine impact and allow for regression fixes.
The other reason they would phase launches is because of firmware builds being used across multiple CPE models and hardware revisions, where only a small subset of hardware could wind up being problematic, but not discovered until deployment.
When you have millions of devices deployed, even a fraction of devices having an issue can create a shit storm on the support side of things.
It all seems so obvious once you know to think about it.
> 1. Staged rollout of firmware update
Especially if there is an internal testing stage before actually rolling out to production. It's possible that the users seeing the bricked devices are in fact limited to the initial wave, but the damage is already done.
Also a dev or dogfood population of devices used by employees
#2 has been a godsend in the custom/HEDT PC market. Many expensive motherboards now come with a "dual BIOS" system that gives you an older known working image to boot from, in case flashing a new version broke something that can't be easily undone.
Another amazing feature is the ability to flash a BIOS from an unbootable system. You insert a flash drive with the firmware file into a USB port, press a hardware button and the BIOS gets updated, even without a CPU socketed.
This is a requirement for any motherboard I purchase now. I have enjoyed the ability to use AMD CPUs that are slightly outside of the generational support or enable features I am not promised.
Without the ability to flash from USB without a CPU doing this requires keeping spare CPUs that will work just to flash.
HEDT = High-End DeskTop, which (until 2022) referred to CPUs with more cores and separate sockets compared to ‘normal’ consumer CPUs, apparently.
https://tweakers.net/reviews/10334/het-einde-van-de-high-end... (Dutch)
Indeed a golden factory firmware version that will be booted automatically if all else fails and that provides minimum connectivity is crucial.
I wonder if that opens a threat vector from a security point of view? If an attacker knows that the golden firmware has some critical vulnerability which they can exploit easily, they can activate it at will by bricking the device and waiting for it to restart.
They could, and that's been a way for attackers to "jailbreak" devices and load custom firmware in the past. Though for the sake of reducing eWaste and enabling device repurposing and reuse, I do think this is the best path for firmware-updatable devices.
Attackers aren't usually in a position to reset firmware, and if they are they might as well do a whole host of other things like replace the device with a compromised one. I don't think there is much of a point to trying to protect from that.
The golden firmware should reset to the old/first firmware of the device and nothing else. Keep it as simple as possible and restore the customer device back to an operational state.
The problem comes in if that old firmware has security holes, particularly if the device is network-connected.
> will be booted automatically if all else fails
I prefer to keep the factory firmware reset to a manual process that requires user intervention.
For example, holding down the reset button for 10 seconds after plugging the device in.
In my experience, it's not a good idea to have a device automatically roll back firmware and erase user data after failed boots. These mechanisms get triggered too easily during certain power outages (power comes on then goes off just long enough to cause multiple failed boots) or when users are doing simple things like rearranging their power cables.
Ability to reset to original out of the box firmware is not only about failsafe. It's also a protection from "bug fixes" taking away features you had out of the box.
I'm still pissed off about LG removing record to disk option from our TV after an upgrade. I've only connected it to internet & upgraded assuming some of those bug fixes resolved few dlna issues otherwise it's always on internet block list.
Both are very reasonable features, of course. Here are (some of) the real-world challenges to their implementation:
#1: Requires competence, and/or management that isn't too focused on velocity and features to listen to their engineers' warnings about exactly the sort of problem being discussed here.
#2: Many firmware updates explicitly and specifically want to strip away features that the hardware shipped with (by introducing DRM, paywalls, etc.), so see the comment about management above.
I made the mistake of connecting my bose noise cancelling earbuds to the phone app so I could disable autoplay. They updated without any warning and now they won't charge properly and the noise cancelling sucks. It used to be amazing. Never connect anything and never take updates unless you need a specific fix.
I swear AirPods in general are just less reliable than they used to be too. I feel like I need to be doing incantations for them to work sometimes, whereas I recall them feeling like magic compared to BT headphones I've used in the past, the way they would seamlessly pair, start/stop music when you pull one out, etc.
It reminds me of some discussion I was seeing the other day about how the dynamic island on the newer iPhones is way buggier than it was at launch. Someone suggested that this happens because the S-tier engineers are tasked with building these things to blow everyone out of the water at launch, and then B-tier developers are tasked with maintaining them for the following years, at which point stuff starts regressing.
FYI: The Bose app also phones home with your media metadata by default. There's an option to disable it tucked away on the same screen as the Privacy Policy.
I hate smart TVs. Why put all the functionality in one device when a small part of it is going to become obsolete real soon while the TV part will continue to work for a decade or more. I buy dumb TVs and a separate "smart" component like Roku that can be replaced as easily as a shoelace.
My strategy is to buy cheapest TV on the market (which is usually an ad loaded Crapware like hisense) and then never ever connect it to the internet but use HDMI to plug into a dedicated computer.
Basically all I need in a TV apart from the display is an HDMi. It works amazing, been using like this over 10 years now.
> My strategy is to buy cheapest TV on the market
Unfortunately if you're a stickler for image quality this isn't an option. You can still not connect it to the internet of course, but if you're buying a high end TV there's no way to avoid all the other modern TV bullshit.
Namely needing to change the settings on every input for every source type. The first few days of a new TV is a regular trip into five layers of menus as you watch a new source combination for the first time (HDR Blu-Ray, Dolby Vision streaming movie, high framerate game) and have to turn off motion smoothing, turn off sharpening, turn the whites back down from basically blue to 6500K. I mean christ, there are still TVs out there shipping today that turn on overscan by default. Analogue TV broadcasts ended in 2012 here!
This post is about a soundbar, not a smart TV.
I lump modern TV bullshit (crappy "smart" features, motion smoothing, horrible default settings) in with modern car bullshit (huge touchscreens everywhere, the near total death of real physical controls).
Everyone you speak to at best is ambivalent and at worst vehemently hates it. And yet there's no sign of it slowing down. It's baffling.
Yes I’m always very surprised that people deal with the awful software that are on the TVs.
I use an Apple TV which, while a relatively expensive solution, has a clean interface and integrates well with the rest of my hardware. Plus rarely are there ads being shoved in your face in the OS/Home Screen. Apps can still do as they like of course.
Do you find dumb TV software (dynamic backlight controls for example) and hardware on par with smart tvs?
I go for smart tv's that can be dumb. As long as it reliably uses my input each time it starts and doesn't try to overlay anything, that's all I need.
Once or twice a year I'll go trough firmware update notes, connect it to the internet if there's things that can improve my "dumb" usage (fixes/improvements to refresh rate, Dolby xyz, etc.), then disconnect it from the internet again.
Same.
I bought a couple of Chromecasts for that reason but they're supposedly discontinued now.
They're discontinued and a week or so ago a certificate expired and millions of Chromecast V2 aren't working.
Do you guys miss owning things and they were just...yours? Like, you paid money for them and then you had them and you had full control over them and someone half a world away wasn't able to reach into your house and break them or make them do evil things?
Not really. My iPhone, and especially my AirPods, have gotten massive feature upgrades since I bought them, and I didn't have to pay a thing.
And I assume my WiFi router updates have helped prevent people doing evil things with my devices.
Samsung's update here is obviously a massive fail, but it's one consumer device out of tens of thousands. I think it's clear the benefits outweigh the harms on the whole. Definitely sucks if you bought this particular soundbar though.
I drive a 30-year-old Nissan pickup truck for this exact reason. Not sure why, but I get a small sense of joy knowing that the corporate overlords aren't "watching" me drive. Of course they're "watching" me on my phone (as I drive the beater truck), but that's a different story.
my headphones just popped up an alert on my phone that turned out to be an ad for a nascar race. that got their app uninstalled. if they ever realize that they can start shoving ads directly into my ears that's when the headphones themselves get taken out back and smashed with a hammer.
Before I bought my most recent vehicle, I did my research and figured out how to physically disconnect the modem / telemetry unit.
A couple days ago, I was thrown by one of my Windows devices pitching an ad for a video game to me in the notifications. I immediately disabled the related setting, which was of course enabled by default. Every device you buy is rigged by default to encourage you to buy more things.
You will own nothing, you will have no privacy, and you will be happy.
(Or not, of course...)
"We understand how frustrating an unresponsive soundbar can be."
Isn't this about the most condescending thing they can start with?
"... and that's why we did it!"
Samsung sucks. Their customer support is a joke. And this is across the world. Right now I am back in Brazil, just got a new samsung product. It was delivered non-functioning. Hours since I submitted a ticket. No answer. Talking to a real human being is impossible.
reclameaqui.com.br is usually helpful.
Their hardware is technically great. It is the software that sucks.
hard disagree, i gave my anecdote as a top-level comment, but they have an across-vertical problem in their company, but why fix it if they make money
Their phones are alright but everything else they make sucks
Should be codified by law:
> - No device should be updated without the owner explicit intention to do so.
Ahh! But you are just leasing the software!! Samsung is technically the owner!!
If it's a lease maybe it should cost money, nobody would buy these stupid pieces of shit if they all had $1 / year peppercorns attached
In EU, Cyber Resilience Act requires automatic updates, so the second point is moot.
Most owners want just plug and play, so it makes sense.
Even third point is pretty moot. We don't do that for hardware, why for software... A component is no longer manufactured? Tough luck, hopefully you stockpiled it.
Um, that's not what "moot" means.
> No device should be updated without the owner explicit intention to do so.
I want to be able to opt-in to updates of my devices with official updates without the fear of them being turned into useless e-waste...
A law? As an engineer, I really don’t want a bunch of technologically-inept congressmen telling me how I have to build software, firmware, or hardware.
>As an engineer
Construction, hardware, radiation, dam and wastewater engineers are highly regulated professions. Do you take responsibility for bugs in your technology? Do you have insurance for your mistakes in professional work? Are you an engineer or a coder? Are you certified to do your job or just passed a boot camp?
As an engineer you should be familiar with laws and regulations. Try creating health care software without regarding HIPAA, for example, should make for lots of fun and lawsuits!
As if engineers actually get to make decisions about software, firmware, or hardware. Ha! That is truly hilarious.
I would rather have a bunch of mildly responsive legislators setting the boundaries of what is acceptable than a bunch of middle-managers trying to justify their salary to their private equity overlords.
An aside: I'm seeing an uptick of class-awareness in HN and that's worth celebrating. It seems "all it took" was the mass-layoff apocalypse.
As an end user I don’t really care what you want. I want the thing I paid money for to keep working after you’ve disappeared. Otherwise, in my estimation you’ve stolen from me.
Prison time is an appropriate remedy for theft.
Found the guy who wants to talk about traffic lights without a license.
https://ij.org/press-release/oregon-engineer-wins-traffic-li...
Your second condition practically guarantees proliferation of exploitable IoT devices.
> No device should be updated without the *owner* explicit intention to do so.
That point has practical issues, because most consumer electronic customers are technically dumb.
Consequently, you end up with a long-tail of deployed device firmware versions, which makes support a nightmare (fix this external integration that broke... across 20 different versions).
I'd phrase it more in terms of:
>That point has practical issues, because most consumer electronic customers are technically dumb.
It's a speaker that worked fine until Samsung unilaterally broke it. I don't think the customers are the dumb ones here.
The original comment and the reply are talking generally, not specifically about this one case.
Customers will gladly use an outdated browser or OS with known exploits to access their most sensitive information. Automated updates are necessary evil. Even a smart speaker with a vulnerability could end up as part of a botnet.
Then we should strive to improve computer literacy. I think technological solutions should still ultimately empower their users.
I can only assume you’ve never worked in desktop support if you think that is something the general populace is remotely interested in. Smartphones are a step in the right direction for the tech illiterate and uninterested. There is zero reason to give lay users enough rope to hang themselves with despite that being the opposite of what I or most users of this site would like for ourselves.
I actually did work with customer support in my very first job :) We had a limited IT crew, so programmers on-site would often go to the users' office to help with software and hardware issues.
My anecdote is the opposed of yours: they were interested in knowing why something wasn't working, but only as long as you're willing to be patient, talk slowly, and explain any unknown concepts to them, if required.
Insulting them, or just telling them it's their fault something wasn't working would be a sure way to get a negative reaction instead.
Fair enough. Many of my end users were indeed eager or at least willing to learn as you say. A non-insignificant portion were not though, and those are the ones I'm speaking of. But that was also a professional environment. Your interested users had some obligation to the company and the support of professionals like yourself to guide them.
Additionally, I don't think these people are stupid, and I'm not demeaning them. They simply do not care to know and that's perfectly fine. I wouldn't demean someone for not understanding how their car works, or even failing to get their oil changed. The computer is a tool to file taxes and shop on amazon for most people, they have a million other priorities in their lives that come before making sure windows is up to date, let alone actually considering its security. It's the job of these companies to ensure their technology can be used safely without consideration by the end user.
I think this is completely rational given a realistic threat model. As a customer, I've had my browser hacked exactly never, but examples of feature downgrades from vendors abound. Vendors are a much more serious attack vector than a random hacker.
I would assume your browser automatically applies security updates in the case of 0day exploits, no?
Like I said, automatic updates are an evil. But the general populace will absolutely defer every security update until the end of time so long as they don't have to spend five minutes waiting to get to their desktop.
Obviously vendors enshitify their products via firmware updates and potentially brick devices or introduce new vulnerabilities but, it's ludicrous to pretend that the general populace are good stewards of their internet connected devices or that they ever will be. They simply do not care, they never will, and its up to the rest of us to design products for the lowest common denominator if we want protect end users and have a safer internet.
I have been boycotting samsung since ~2014; because of my experience with two, brand new, ~$1000 samsung devices, neither a phone. Their customer service blew me off, because both devices had intermittent issues. I tell people to avoid the company and its products.
both devices were malfunctioning within the first month.
1) 4k60 32" monitor, the power button always flaked and it would randomly shut off, thus necessitating unplugging and plugging it back in, 2-3 times a day. customer service: "unplug all monitor cables and plug just power in. what is on the screen? oh, then it's fine. have a nice day!"
2) Refrigerator. Intermittent fan issues were the reason i called. i ended up having to replace, for cause, the heating elements in the refrigerator side as well as the fans due to ice damage to the impellers; then the ice machine started leaking inside the freezer door somewhere, and that leak would freeze on the bottom of the freezer and push the door open, letting water just drip on my floor for hours, nearly damaging the subfloor. I also had to replace the motherboard. So now i have a water-less, ice-less refrigerator.
i could go on about how their SD cards are quite fast but don't last long if you have them in outdoor devices (like dashcams, trail cams, security cameras) - the only raspberry pi i've ever had to throw away had a samsung SD card in it that overheated to the point of contact burns - i went to unplug it to reboot it and received a welt from the SD card for my troubles.
I'm just one person, but read enough anecdotes and you can ignore them all!
Sometimes you have to hack their support script to get a replacement or a refund. After the first support call if you don't get what you want and it happened again, Call back to open a new support ticket. Pretend to walk through their steps but not do anything, and when they asked what was on the screen I would say it's blank and not turning on.
I had to stop getting Samsung Pro Endurance microSD cards after three in a row failed after a few months (write speed dropped below 2 MB/s). This was after the update to the blue and white color scheme (and higher endurance figures, hah); the older black, red, and white ones worked great and I fortunately got over a dozen of them.
Good motivation for a PSA:
This happens more and more often, and there is a fairly easy + popular workaround (which also comes with 99% ad blocking as a bonus). Just either set up pi-hole locally OR use a hosted DNS service that does essentially the same thing.
Main idea: Ads, updates, etc. typically (not always) need to resolve hosts before connecting to servers. Simply resolve these hosts to 0.0.0.0 instead of a real IP.
Arguments for pi-hole or other local solution: Free. Private.
Arguments for hosted solution: No set-up headache, no local raspberry pi or other machine to maintain. Overall a bit simpler.
Guide for blocking updates after the service is set up (I just went through this a month or two ago to block updates to my LG TV):
Step 1: Search around for servers that correspond to updates for your device.
Step 2: Test these lists; realize that they are often incomplete.
Step 3: Shut your device off. Open pi-hole like service, and watch queries live. While doing so, turn on your device (and if you have the option, check for updates).
Step 4: Put all of the queried hosts you see into your block list.
Step 5: Later, you may encounter broken functionality. When this happens, look at your logs, and see which server(s) were blocked at that moment. Remove only those from the blocklist. (And cross your fingers that the manufacturer doesn't use the same hosts for typical functionality and updates.)
> Step 5: Later, you may encounter broken functionality. When this happens, look at your logs, and see which server(s) were blocked at that moment
Eventually you end up with advertisements being served because the application refuses to show the content without the advertisements.
So let me cut back to your main idea:
> Main idea: Ads, updates, etc. typically (not always) need to resolve hosts before connecting to servers. Simply resolve these hosts to 0.0.0.0 instead of a real IP.
Better solution: resolve these hosts to an address you control on your network. You could even resolve it to a "public" address and add a static route to your router.
You can then choose to serve no-content from that address.
Maybe that worked 10 years ago but nowadays they figured out ssl certificate pinning
why connect the junk to the internet to begin with? it’s a TV. I can buy a better streaming box and plug it in. People really over complicate things sometimes IMO.
I made the mistake of updating my HIKMICRO mini thermal camera. Before it worked as a normal UVC USB webcam with any app or camera/video program on the PC. After it just has weird green coloration with hardly any variation, and only works properly in their Android app. I contacted company but they didn't care, nor provided any way to "downgrade" the firmware to the original version.
List price $2,000. What was the update supposed to improve/fix?
Probably some new AI/tracking/ad delivery features
It's a speaker system. It plays sound. Why could it possibly have AI, tracking, or ad delivery?
> It's a speaker system. It plays sound. Why could it possibly have AI, tracking, or ad delivery?
To recognize what you listen to, build a profile, feed it back to Samsung, which will use it in deciding what crap to display on your Samsung TV (and any other devices) associated to the same profile. For all we know it's even listening to your conversation in the room, I mean, it's Samsung - they literally do this:
https://entertainment.ie/trending/yes-your-samsung-smart-tv-...
https://www.cnet.com/news/privacy/samsungs-warning-our-smart...
How much benefit could that bring versus burning reputation and losing it all? These companies are so big and powerful but time and time again they keep on forgetting that they can't exist without the users and when users start leaving it's hard to reverse that trend.
There is no reputation to burn, they're well known to do this kind of stuff by anyone bothering to look it up, and nearly nobody looks it up anyway.
It's a pity because I liked some of their hardware in the past (an NX camera I still have, hard disks back in the IDE stone age, 3 LCD screens back from when they were a novelty - they only had a VGA connector) but I just stay away from them now. But 0.01% of their customers staying away is completely insignificant when they consider the profit opportunity of violating our privacy.
Burning Reputation?
It's so out in the open if you know, or more likely, worked in media advertising.
Their competitor, Vizio, owns iSpot[1] which is, in my opinion, the best in the space.
Samba TV[2] is it's nearest competitor and they have their hooks into 24 Smart TV brands globally[3]. These brands are listed on their website as Philips, Sony, Toshiba, beko, Magnavox, TCL, Grundig, Sanyo, AOC, Seiki, Element, Sharp, Westinghouse, Vestel, Panasonic, Hitachi, Finlux, Telefunken, Digihome, JVC, Luxor, Techwood, and Regal.
[1] https://ispot.tv/
[2] https://www.samba.tv/
[3] https://en.wikipedia.org/wiki/Samba_TV#Customers
The idea of people getting upset at their tech spying on them is almost laughable at this point.
Come on, did you read more than just the headlines?
> Samsung's spokeswoman continued: " Should consumers enable the voice recognition capability, the voice data consists of TV commands, or search sentences, only. Users can easily recognize if the voice recognition feature is activated because a microphone icon appears on the screen."
So it is not like it was listening without your knowledge. Only when you use the voice features is the data being sent over. Like with every other online service. As much as I don't like samsung, this is a bullshit reason to hate them.
And why provide two links basically saying the same about the same story?
Their competitor, Vizio, owns https://www.ispot.tv/ which is used for ad delivery tracking.
It's much more reliable and precise than the familiar Nielsen ratings: since you know the total audience of X% TV households in a zipcode (which you know demographics of race/income/household size based upon), and Vizio TVs account for Y% of all TVs sold for households with incomes between A and B, and C and D you can get a confidence interval of how many people ACTUALLY saw your TV advertisement.
Samsung was/is probably trying to do something similar: All sound in your TV pipes through their home theater system, so they can "Shazam" whatever media you're watching, regardless of the source (OTT, OTA, hell even YouTube or a Downloaded Torrent on your laptop hooked up via HDMI) and phone home.
Broadcast high frequency tunes in the background for other devices to pick up to identify you.
Dogs hate this one simple trick
on android you can install SoniControl Firewall to "see" the ultrasonics in your house. Try it with all tvs and things off, then try it with the TV on, youtube videos, and so on.
Pixel tracking works better if the TV is connected to the internet. I remember samsung as one of the companies, where, if your TV was not ever given a wifi connection, it would attempt to connect to any open network to do what it needed to do. This sounds unlawful, so i don't know the veracity, but anyhow - if the TV is online, it can just send a half dozen pixels at known locations back home and there is a database of "content pixels at timestamps" and they match the half dozen pixel values to the database and know what you're watching to some degree of certitude.
but for things like dumb panels older TVs and the like, ultrasonics still work.
Insert ads into the music the customer is playing, using AI to find pauses, and track what songs they're playing for data gathering?
Yeah but why would anyone actually buy that then?
You are asking the right question, but to the wrong person.
> using AI to find pauses,
You can just use regular math to do this. We've been doing it for 30 years now. You don't need a trumped up overpriced garbage LLM to do anything for you here.
Use the speakers as a microphone! WE HAVE THE TECHNOLOGY!
They usually already have mics to do automatic EQ calibration
Didn't know that, thanks. Then speakers are actually a pretty big data source. I bet most people don't assume their speakers can be listening. I wonder if you can get internet connection over bluetooth aux or what'd be the best way to get someone to let you send data home on a speaker.
i did some cursory digging, but i don't really want to read the A2DP or AVRCP specifications to see how much data is allowed in the non-audio payload. Besides, PAN exists, but i imagine you have to do something on your phone to allow it.
Most of these expensive things also have wifi, though, don't they?
> Connect your devices and control everything with our soundbar that integrates your favorite voice assistants and smart services like Built-in Alexa², Chromecast³, Airplay 2⁴ and more.
> 802.11ac
https://www.samsung.com/us/televisions-home-theater/home-the...
yeah, they have wifi, so they don't even need bluetooth hacks.
You're not thinking like a true capitalist.
Sure, you got your $2,000 out of the customer. But what about the money you could be making between now and the next time the customer buys something?
You're giving up on tens of dollars a year by not tormenting the people who gave you money already and might do so again.
Because customers love AI! /s
Few things over the past few years have infuriated me as much as tracking and advertising being introduced at the OS level, especially on TVs. I'm looking at you, LG! I will gladly pay more for a TV that doesn't try to advertise Roku's streaming service to me or track my kids' watch history. Seems like they are few and far between, though.
The best thing we have been able to come up with is leaving the TV itself disconnected from the WiFi and using an Apple TV for smart features/streaming. I'm sure they're still gathering data but it's at least not as blatant. It's a real crapfest for the consumer at the moment.
> I will gladly pay more for a TV that doesn't try to advertise Roku's streaming service to me or track my kids' watch history. Seems like they are few and far between, though.
Plug in an Apple TV?
This just swaps one locked-down company for another. You're still at the mercy of a giant corp, and worse it's unlikely to work well with my linux laptop and Android phone whereas at least Samsung tries (and often fails). A better solution is needed. I buy Sceptre TVs when I can, though for a "big screen" there aren't great options.
That's... not a TV, it just has TV in its name.
Apple TV is just as bad (and in the context of the OP's statement, would be the same as a Roku box or an Amazon Firetv).
Yeah, we do use Apple TV because at the very least if they are collecting our data, they're not using it to advertise directly to us on the same device. My parents have a Roku TV and the number of ads it serves up directly on the device leave me feeling nauseous.
This is sound advice for keeping yourself free from malware as well. Many of these TVs end up running super vulnerable junk that doesn’t get updated and has known exploits.
I’ve had two devices end up with malware like this. A Sony blue ray player that was uploading 2gig a month before I caught it and a Samsung tv.
It’s worth mentioning you have to block or change WiFi credentials. The device with malware may attempt to connect to any known wifi even if you disable it on the device. I get 45000 auth attempts a day from my tv.
Anyone who uses smart tv features and connects one directly to the internet is insane.
Id extend that to all smart TVs and all 'smart' devices as such.
Isn't the answer always "bugfixes and increased stability"? :)
Bricking a device does make it really stable and bugfree. Sadly also featureless.
The laziness that's become now-standard for release notes is insane.
It's not laziness, it's a tactic.
You don't want to provide more info than absolutely necessary, that could be bad from security and legal perspective.
Also, if you don't include more info, people tend to ask you less questions to clarify.
Isn't that a bit insane for a soundbar? How can those things produce any decent bass without volume?
Someone's promotion packet?
All the bugs they had no time to fix to bring it to market faster ;)
Software crisis. The more you build the less you understand, the more you can affect, the less control you give to people etc.
This will bite us again and again in general.
I just snapped after 2014. Used to be a Samsung consumer with their TVs, galaxy phones, security cams, etc... Their hardware wasn't that bad. It was the software update either buggy or bricking my devices that threw me off. I swear never to allow another Samsuck (my little girl coined that) device in my home and family lives again.
Not a good year so far for Samsung. Just under two months ago on a large number of their TVs with voice control it started only recognizing commands in Russian. It took them several days to get that straightened out.
It was educational. I learned that I completely suck at trying to speak Russian. I could type "channel 4" into Google Translate on my iPad, press the Mic button on my TV remote, and press the speak icon on Google Translate and the channel would change.
But no matter how many times I listened to Google Translate say that in Russian I could not manage to match it close enough the TV to accept it.
Assuming English is your first language, I can probably guess which specific parts of the "channel 4" Russian pronounciation gave you trouble. I'm sure your effort was valiant, but the language is just so different compared to English
I got a good deal for an S90C + Q990C combo. It was 50% off off their regular price which was already quite a bit cheaper than the comparable LG/Sony counterparts.
After 1 year, I am 100% sure that I will never again buy a Samsung product, no matter how cheap it is.
Just look at the first sticky here: https://www.avsforum.com/threads/2023-samsung-4k-s95c-s90c-s...
My Q990C requires factory reset about once a week. It's maddening.
It's the WPA3 encryption. It needs to be set to WPA2 only for it to not shit itself.
See you on Louis Rossman later today!
One of the first things I thought of when reading the title.
Side note, it's frustrating that this link tries to open in an app on my Samsung phone.
I installed the GitHub app a long time ago, and that had similar behaviors that kept me from the web-based experience I know & love & which is more URL based. Finding that disappointing, I uninstalled the app. But still, GitHub results in Google don't show the URL, they just say "app installed" where the URL would be. What a colossal regression.
More to the topic, we are on day 4 of Google Chromecast Audio & 2nd generation being broken. Supposedly an expired cert. Amazing neglect, ya'll.
Looking at /r/Chromecast, it seems the problem got fixed very recently.
This is one of those cases where I am glad I don't have my soundbar connected to the internet...
True, that would be preferable, but alas Samsung is bent on making their products as big of a pain in the arse as possible.
At least with my Samsung soundbar, the remote can change the volume, the subwoofer volume and change between modes (standard, surround, game). But if I want to enable night mode, I have to use the SmartThings app. There's no way to enable it using the remote. What's worse, the app often hangs when connecting to the soundbar, requiring me to force stop and restart it. So sometimes toggling a feature that should be a single button on the remote takes me over a minute.
Samsung is right next to HP on my list of brands I will never ever buy in my entire life.
Samsung should merge with Sonos, they are all doing a really great job :)
I loved my Sonos soundbar. It sounded amazing. But it required me to use their terrible app. That's why I got rid of it (the app was REALLY bad!) - luckily, before they started bricking customers' devices.
I have my sonos integrated nicely inside Home Assistant and can control all core and most extra features nicely without using the app.
Samsonos? Sonosung?
Thoughts and prayers for the poor soul that owns the bug.
I've done my share of embarrassing mistakes and each time I've felt awful. Nothing on this scale though.
When will someone build a good theater system with an open source OS? That would be great!
Be the change you want to see in the world.
Just get a receiver and some standalone speakers. It doesn’t need an OS, and there’s no reason for it to talk to the internet.
I’m currently away from home but can deny list domains on the dns level. Anyone knows the domain this update is using? Blocked samsung.com
To prevent automatic firmware updates, ads, and any other spying I'm not aware of, I block these in DNS:
*.samsungcloudsolution.com
*.samsungosp.com
*.samsungqbe.com
*.samsungcloud.tv
*.samsungads.com
The first one gets the most hits.
I also don't connect my Samsung displays to Wifi anymore. Unless I notice a problem that I have to search to fix. Then if there's a firmware update that fixes the issues, I'll do it.
NextDNS and ControlD are helpful for blocking this sort if thing, or Pi-Hole if you want to set it up yourself.
My samsung was so noisy that I went to forget the wifi network... but it couldnt. So I ended up blocking its mac at the router. Prior to that it was always the #1 blocked device on my pihole.
Thanks, blocked! Fingers crossed it didn’t fetch it yet
I am looking to get a new monitor in the next year or so and have been considering ultra-wides. During my research the proportion of people that had horrible experiences with Samsung monitors, typically right after warranty expired, was enough to deter me from the entire brand in the future.
I think it hasn't even been a year since Samsung bricked bunch of their phones with firmware update. They really must have no proper engineering team behind update process.
I always really enjoy these community forums. They are total garbage.
Hello, I am Rene, a community expert on the Hacker News Experience Forums. I see you are having trouble with an auto-flagged post. I will try to help you with your auto-flagged post. Have you tried turning off your kitchen tap and turning it back on again?
I recently replaced all my kitchen appliances with matching mid-scale Samsung-branded ones. The first thing I did after powering them on for the first time was disable the WiFi. For this reason.
Also, it's entirely unclear to me why I need WiFi or a remote server for my dishwasher or refrigerator in the first place. What possible value-add is there?
Probably so the appliance can let a server know to have your phone notify you that your appliance is done doing what it was doing.
Nothing that needs wifi or an app is allowed in my kitchen.
its crazy that the fridge and coffeemaker needs to talk to the internet
Ironically the 2022 Samsung soundbar model I have hasn't gotten a single firmware update since January 2023. I bought it new from Samsung after that day.
I am moderately surprised that they even update their firmware on some models.
Sony bricked my WF-1000XM4 by overheating its batteries. Some users reported things melting. $250,00 of my work straight to the trash bin. Thank you Sony...not.
Reminder to myself to not auto update anything or manually update to the latest version.
It bothers me that many devices are so easily remotely bricked and that keeping them offline is the only way to avoid such issues.
Automated updates were supposed to give us peace of mind instead of having us worried about what bug or enshittification will follow.
I’d wager that, for most Internet-connected appliances, keeping them offline or disabling autoupdates have way more pros than cons.
If you think about it, keeping them offline is a huge security improvement even without the risk of bricking update, so in ways an automated update regime that convinces you to keep your device offline is giving you peace of mind. In a way.
If it allows anyone to remotely execute arbitrary code on a device without the user's consent, it's called an RCE vulnerability. About as serous as software vulnerabilities go, needs to be patched yesterday.
But if it only allows the manufacturer to remotely execute arbitrary code on a device without the user's consent, it's called an automatic software update mechanism and most people somehow consider that it's totally fine.
Automated updates are a way for companies to push updates on you without having to first convince you that the updates are good.
Also allows them to ship unfinished/buggy and poorly tested software and "fix it later OTA."
Damaging or removing features should reopen the return window. Then they will be more careful about what they change.
I agree but it's a headache even if you are able to return.
If you want your devices not to belong to you, connect them to the internet.
Many devices these days are required to be connected to the internet, which is bizarre, but here we are.
Yeah like these "cheap" HP printers, which have to be connected to the internet so that they can force you into a subscription, use their own inks only etc. They do not belong to you either.
Doesn’t sound good. If at all.
Reading this makes me glad that I didn't give my TV the WiFi credentials.
A lot of folks in this thread say rollback to a known firmware version is required. Where are they getting all this microcontroller ROM?
On forced updating: "The Lord giveth, and the Lord taketh away. Blessed be the name of the Lord."
Really glad I never connected mine to wifi
Why are these things connected to the internet at all?
Sigh, another day, another consumer product without fault tolerant update systems. SpaceX has a white paper on doing this with their satellites for Starlink. https://digitalcommons.usu.edu/cgi/viewcontent.cgi?article=5...
It is bad engineering on Samsung's part to even be able to brick their product with an update.
My bluray player has an ethernet port on the back, but I never ever connect it to the internet.
Unplug the soundbar and listen to the sound from the TV while you wait until Samsung fixes their shit. What's the problem?
The question is if it still works "enough" to update to a working firmware, or if it's so broken that it can only be fixed by flashing the EEPROM directly.
I own one Samsung product, a very expensive fridge freezer, and it's been garbage since the day I bought it. I'll never buy a Samsung product again.
Samsumg did not bring THEIR home theater systems, they bricked CUSTOMER theater systems that did not belong to them.
Just an ex-CoreOS person stopping by to smile and say "someone should really figure out how to do that safely."
I have one of these systems. Not sure why anyone would ever leave it connected to the internet though.
>Not sure why anyone would ever leave it connected to the internet though.
Most people aren't techies. They buy the thing, and use it as instructed.
Also the vendors increasingly push you to put them online to use devices. Samsung tries really hard to make you think that your TV setup needs a mobile app on your phone running in the background with high precision location tracking, and 99.9% of buyers are going to leave that setup so they’re not blamed for problems in the future.
Sometimes I wonder if HN folks are purposefully obtuse or so deep in their bubble that they don't understand how 99% of people think and operate. The average user will always favour convenience over some invisible concept like privacy.
If you don’t know how to operate some piece of technology you shouldn’t be using it. Same as you wouldn’t operate a car without knowing how to drive.
This is an absolutely ridiculous take, on multiple levels.
I'm not familiar with this product but it would make a lot of sense if it supports direct streaming for Chromecast/Google Cast.
Airplay (and presumably Cast) support require a WiFi connection. I explicitly blocked external connections to mine.
There's a feature to make every connected speaker in your house play the same Spotify song at once which is kind of fun.
thank God mine is before they decided to add smart features to a speaker
why would a soundbar need a firmware update?...seems like a solution looking for a problem... what's next my toaster needs a firmware update?!?!
This is one of the reasons why my home theater system is built from discrete parts (not an all-in-one soundbar), with a high quality receiver that never talks to the internet, doesn't have an ethernet cable and has no wifi access (it works fine as a bluetooth sink when I want to play something from my phone into it), separately purchased 5.1 speaker system, and roll of 16awg stranded copper speaker cable from monoprice.
Just more evidence that buying something smart is dumb.
vibe coding
...nervously looks over at my Bambu X1-Carbon...
I will never understand why people are willing to connect so many of their devices to the internet for minimal features. I went out of my way to build a network that prevents even the things I want to have local wifi access from being accessible to the internet.
So glad everything's connected to the internet \s.
This will be really interesting to follow. Especially with respect to Tesla’s love of pushing updates to clients. Could this be a harbinger of “you don’t really own your property” by way of so many companies going down this route that enough collapses result in litigation and a massive readjustment? Time will tell.
HN title is editorialized. I assume "bricked" is a lot worse, i.e., permanent.
Comments show that there might be resolutions and potential for firmware patch. [0] Bad updates happen.
[0] https://us.community.samsung.com/t5/Home-Theater/Samsung-Q99...
"bricked" usually means bricked for most people - those of us with EPROM programmers wouldn't count.
They did this with their Blu-Ray players about five years ago:
https://www.theregister.com/2020/07/18/samsung_bluray_mass_d...
Each device had to be shipped to a repair center because they needed to directly re-flash the flash storage. The issue with the Blu-Ray players was that an update caused it to get in to a state where it would boot loop before it even got to a point that anything could be done, manually or otherwise.
What we don't know yet with this issue is whether the devices are booting enough to apply another firmware update. It may be possible to do this, fixing this issue. If that's the case "bricked" would be technically incorrect, but for now, it's not a wholly inaccurate term.
Unfortunately those "solutions" don't work, the person who had a potential solution was able to at least go through the inputs, this is not the case here, you can't even go through the inputs.
I've tried all the potential solutions this morning. It seems permanent unless Samsung somehow finds some magic to fix it, especially since the soundbar won't connect to WiFi/internet and doesn't do anything with the USB plugged in.
Bad updates happen, but companies with good development practices don't ship catastrophically bad updates. Source: I worked at Samsung
A soft brick is still a brick.