In some ways, this is even more disturbing than the bricking.
Only corporate greed can create a media player that watches you and needs constant firmware updates.
I have a VCR and DVD player which still work, and things like this are the reason I'm not buying any newer standalone players.
It reminds me of this old meme (I'm not aware of a Blu-ray version): https://files-cdn.sharenator.com/pirate-dvds-s800x825-43988....
https://www.adexchanger.com/ad-exchange-news/the-marketers-g...
I pressed the meta data company manager we were working with about how they could make such accurate predictions about who was viewing based off just zip code and the content and he replied with "you would be amazed at what people will tell you about themselves for 5$ off netflix".
My productivity dropped and I had a hard time coming into work after that. (This was around the Snowden era).
LG got busted shortly after for not actually stopping the screen grabbing once a second and uploading it to a server even if you turned the option off in the UK. Not surprised.
Your digital cable boxes have been doing this for even longer.
The internet connectivity is sold as an additional feature so that you can use your blu-ray player to watch Netflix. I agree that I don't want logging on a device like this, but if I was going to connect one of these to the internet, I would at least want regular security updates.
All it takes is for a visiting family member or friend who wants to watch Netflix while you're in another room/asleep/etc to click okay.
Unfortunately this is only a temporary solution IMO. Within the next decade I think you'll see these smart devices shipping with built in connectivity that's difficult or impossible to disable, especially if Starlink or other satellite based services really take off.
You still get the best experience (and quality) going through BitTorrent.
... which you'll automatically give by approving a tome-sized privacy policy
... that you have to accept if you want to use any kind of internet feature, such as watching Netflix.
I love the world we're living in...
The phones have major international data hoarder apps, their equivalent in India and their Samsung equivalent with its own app downloading services which masquerades as system updates to force the gullible into downloading Samsung apps even if you disable them.
The phones are very much subsidised for data hoarding.
I used to think consumer PCs were bad but holy cow, the way android enables malware out of the box is insane! And in the name of protecting the user from malware they have no tools to deal with it.
Go read up about the Cheka, Mao, and the Stasi.
I use Fastmail, eschew most social media, and run a PinePhone. I'm not a fan of corporate surveillance.
But they're amateurs compared with the murderous surveillance states of years past.
Firmware updates are good. They can patch security issues and they can improve different aspects of the device. The security being the best plus obviously.
Wholeheartedly agree that there is no reason for a company like Samsung to track your every move despite you paying them hundreds for said devive. I'd be very surprised if they don't make a hefty profit from such devices. So why then, do they need to track us in addition to making us fork over our money.
I understand Google tracking us. I don't agree with it, but I understand it. Same with Facebook. But Samsung? Apple? No. They're even going to certain lengths to prevent you from fully enjoying your devices (such locked bootloader, making it hard to repair etc).
The point is that there are no "security issues" in a dumb media player like the DVD player I have. Suppose an "attacker" (and that is stretching the definition a lot...) can create a disc that can overflow a buffer somewhere and crash the player or cause it to do something "interesting", and I have been somehow tricked into attempting to play this disc --- so what? It's not connected to the Internet, the firmware is read-only, there's literally nothing of value to attack. I'll just eject the disc (manually if necessary) and not play it again.
Instead this stupid "update culture" has created horribly buggy software that's barely functional "because we can always change it", and now we somehow need an Internet-connected media player,along with all the downsides --- including security --- that brings, just so they can (try to) silently attempt to fix some bugs that should never have gotten out in the first place? My experience tells me that they will fix one thing and break something else in the process, so there's overall no real improvement.
Emphasis mine - updates also remove features and introduce security issues. It's not cut-and-dry "updates are good"
I am pretty sure my Samsung fridge update removed 3 of the limited ~12 or so apps it had in the first place.
Other than allowing the player to read pirated BluRays, I guess, but that's not the user's problem.
https://www.techdirt.com/articles/20190114/08084341384/vizio...
Now I’d imagine that Samsung are making a hefty profit on the 75” 4K all singing sets (and still spying on you) but the cheaper ones seem to be priced so there isn’t much profit.
Everyone assumes you'll lose your settings during a factory reset, but what isn't as clear cut: Does it revert the firmware to whatever it was shipped with (bugs and all)? Some vendors do, but most vendors do not.
A legitimate factory reset (inc. firmware) mechanism or USB boot/reflash would have likely saved Samsung considerable amounts of money here (relative to mailing all of them two ways, they could have e.g. sent out free USB keys with the firmware).
I think that's the only reasonable thing to do. Have the original firmware either as an actual rom, or only writable with an enable jumper flipped; use a power on key sequence to boot from the original firmware, copy to normal firmware and reboot into normal firmware (which is now the original firmware). Run through that process during manufacturing to confirm it works.
Regularly test that all released firmware images, especially those in the original firmware slot can successfully upgrade (or at least not crash). Preferably include current firmware version in all requests so you can give workaround responses as needed when you figure out you broke something -- in the hostname is ideal, as you can use that to work around version specific certificate issues.
The reason a Blu-Ray player (or a video game console) might not let you go back to original firmware is to prevent reverting to earlier firmwares that allowed copied media, etc. For those, you probably want to have a 'safe' firmware slot (or two, ideally) that drives the factory reset process, and only reflash those slots on some updates (to reduce testing needs)
But that'd also mean you need double the flash capacity, which drives up the BOM cost.
I think if it doesn't revert to the firmware it had when shipped by the factory, it shouldn't be considered a factory reset.
Wouldn't Samsung and the rest have stopped this if people just returned the TV?
Factory resetes that reset the EEPROM basically usually means that the hardcoded values form the ROM/Firmware will be used on the next boot.
However you usually have another tier today which is flash storage which isn’t a mechanism that can be easily reset with a “factory reset” because it involves a file system.
If the bad config files are on the flash you need a factory reset mechanism that basically tells the main firmware or boot loader to recreate the file system on the next boot.
The OS itself then initializes it all from scratch on the first boot.
They way I understood it, the write up in the article says that the XML is downloaded and parsed during boot.
Edit: I guess if you disabled network access you could boot. Derp
Then you just keep it offline until Samsung fixes the file on their server so you don't have to reset it again. They fixed it a few days later so it is safe now, so even old firmware should be safe to go online.
This could be avoided by using your own PKI for updates (and bundle your own root), but I assume most devices out there are using Web PKI for updates.
Hotglue the ethernet port?
Packets in the transport stream include the necessary firmware.
I don't know how useful that was. Most people hook up TVs to cable boxes.
I never hooked up my Sony to an antenna for exactly that reason. There were reports of people being unsatisfied with firmware updates. E.g. the motion interpolation algorithm changed.
The worst part about that was if your signal quality wasn't great. You'd see blocks fail, and it'd take ages for them to come up again.
The boxes now ship with usable firmware preloaded, and will update in the background in the first few days usually.
I searched for "DVB firmware", but didn't find much.
Warranty is not any part of the issue if you come into my house and break a thing I own and is my property.
Read the EULA. It almost certainly specifies that what you think you own, has in fact just been licensed to you.
Nobody has read the Eula. Nobody has knowingly and willingly agreed to those terms (if they exist). No vendor has expected those terms to be read (if they even exist). No vendor has explained those terms to a customer.
There is a contract for exchange of ownership. You can't actually break that contract with unconscinable means such as fine print that nobody reads nor is expected to read nor has had explained.
Read a EULA if you like but it will do absolutely nothing for you nor will it alter the law and the application of the law. Maybe you'll enjoy the read though?
It is an item, purchased in a shop in exchange for money. There's rather a lot of established law about that.
We once almost bricked our devices (electronic magnifier/OCR for low vision people) with an update that added automatic calibration for the cheap crappy OEM touchscreen we used in some devices. It was so crappy all the screens we had in our company had the same serial numbers and returned different coordinates when you clicked in the same spot :)
Fortunately libev has calibration - you can provide a matrix to transform all touchscreen events with. We added calibration step - the software asked user to touch 4 corners on the screen, calculates inverse matrix and saves it to configuration for better touchscreen accuracy. We tested it extensively, and uploaded the version to our update server.
The next day customers started calling :) turns out libev (which reads the configuration during booting) had a "feature" that parsed the numbers in the configuration using the default system locale.
German locale uses . as thousands separator and , as fraction separator.
So, when you did the calibration and restarted the device with German locale your screen transformed the touschscreen events multiplying them by thousands - so you couldn't click on anything, so you couldn't use the device or click "update software".
It was even worse if you used german locale, saved the calibration configuration and then changed locale to English - then it simply crashed during boot because of wrong number format :)
Fortunately we left one usb port accessible so users could attach usb mouse and click "update" if they had the first situation, or download the whole firmware on an usb pendrive and update from it.
BTW the libev bug is fixed, now it always reads the configuration using C locale. Guess what happened when we updated the linux on our systems half a year later and that change was included :)
Unfortunately no language or other framework or system can completely do away with programming logic errors.
(I used to work at a company where people checked in code, asked someone else to test it, and it was clear it had never even been run!)
We have a few Samsung products and each one has a particularly annoying problem.
The worst part is the support, I post a polite request on their website and always get a very concise unhelpful answer.
I no longer buy Samsung products.
