One thing you have to understand is that these internet-connected Blu-ray players in question are programmed to log their activities and send copies of this information to Samsung.
In some ways, this is even more disturbing than the bricking.
Only corporate greed can create a media player that watches you and needs constant firmware updates.
I have a VCR and DVD player which still work, and things like this are the reason I'm not buying any newer standalone players.
It's worse than you think - it's not just your DVD player that's spying on you, but your TV is too -- many TV's use Automated Content Recognition to detect what you're watching regardless of source (DVD, over the air, streaming app, etc). They even detect commercials, and which language you're listening to.
"The telescreen received and transmitted simultaneously. Any sound that Winston made, above the level of a very low whisper, would be picked up by it, moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live -- did live, from habit that became instinct -- in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized."
I worked for a company that used ACR to put interactive ads on your TV when the ad that it went with came on.
I pressed the meta data company manager we were working with about how they could make such accurate predictions about who was viewing based off just zip code and the content and he replied with "you would be amazed at what people will tell you about themselves for 5$ off netflix".
My productivity dropped and I had a hard time coming into work after that. (This was around the Snowden era).
LG got busted shortly after for not actually stopping the screen grabbing once a second and uploading it to a server even if you turned the option off in the UK. Not surprised.
Unfortunately piracy is often a good answer to this type of
issue. If your smart TV is not connected to the internet, or you're not browsing on a licensed platform riddled with DRM and tracking agents, there's no chance of that data leaving your house.
It's essentially impossible to buy a consumer TV that's not "smart" these days. There are commercial TV's/monitors, but those are both expensive and also typically not focused on image quality.
Best solution is to "air gap" your TV by not connecting it your wifi or ethernet.
> Best solution is to "air gap" your TV by not connecting it your wifi or ethernet.
How long will it be before TVs embed a cellular modem with manufacturer-paid service to keep the smart features connected? “No setup, works straight out of the box” has to have at least some marketing value, after all.
For the walls and ceiling, prime with 2-3 coats of paint that contains carbon black and graphite. It's black, so several finish coats will be necessary. For the windows, use aluminum screening. That also works well on floors, under engineered wood flooring. Nylon plated with nickel and silver makes nice drapes.
This might work in the US, units sold in the EU would be litigated out of production. Who knows, maybe we'll see a homebrew market for EU-built apps for US TV's.
And those manufacturers will double-down by scanning for an open wireless network and send the data stream without you knowing, or embed a cellular modem to bypass all that.
Can you point me at an EU marketplace where I can pick a non-smart TV with modern good display? I've been desperate to find something like that for months.
How do you think manufactures can afford to sell these large screens at such cheap prices. They continue to make money off of you long after the initial sale. I'm surprised they just don't give them away (except it would probably raise too many questions).
Your digital cable boxes have been doing this for even longer.
>How do you think manufactures can afford to sell these large screens at such cheap prices.
TV prices have been falling for decades[1], long before manufacturers could truly benefit from the data provided by smart TVs. So other factors are probably much more important - such as cheaper materials, automated production, economies of scale etc.
Also, ad revenue wouldn't explain why "stupid" computer monitor prices have also fallen greatly during the same time period.
Somewhat tangential, but Facebook’s average revenue per user was less than $9 in 2019. I can’t imagine TV manufacturers can eek out nearly that much revenue from the data they collect. Especially considering that almost everyone is streaming or using cable and all of that data is going to Hulu/Netflix/Cable providers and then passed on to advertisers anyway.
In the case of Samsung and smart TVs, and to fully support the argument you are supporting, it is not sufficient that Samsung makes a lot of money. They need to make a lot more per user selling data than they would adding $20 to the price of that TV.
But that $20 price difference would probably mean that less people buy Samsung, so the maths isn't going to be that straightforward.
> How do you think manufactures can afford to sell these large screens at such cheap prices.
Screens are actually that cheap. Take a look at the monitor size/resolution price curve (for non-gaming monitors) and you'll see TVs fit perfectly on it.
Here's a random 55 inch LG panel available on Alibaba. $145 each for a minimum order of 15. That was just the first I found - I'm sure you can get cheaper (especially in bulk!)
Things like high refresh rate, GSync etc add to the cost of the monitor.
I'm with you, and I prefer "dumb" devices, but you can still buy these blu-ray players and not connect them to the internet.
The internet connectivity is sold as an additional feature so that you can use your blu-ray player to watch Netflix. I agree that I don't want logging on a device like this, but if I was going to connect one of these to the internet, I would at least want regular security updates.
That’s what my in-laws did. “For some reason you hadn’t connected your smart TV to the internet; instead of using your Apple TV, we gave TCL your WiFi password. Aren’t you proud we figured it out on our own?”
I really doubt it. My 2015 Sony bravia has a similar 4K VA panel that I'm largely happy with. I absolutely hate that TV for reasons besides it's panel. And I regret blowing £850 on it.
You're not going to find IPS or OLED panels on those large form factor monitors for a sensible price, so do consider that.
Also keep an eye open for NEC digital signage displays on eBay, they're quite common coming from liquidated businesses. I bought a few of them for the office on the cheap and they're solid as long as you avoid the really old plasma models.
Traditionally, a computer monitor would be superior in quality since they are used at a closer distance where things like dead pixels are much more noticeable, in contrast to a TV that's mainly used for video at a longer distance.
With LCD monitors being available in sizes as large as TVs and with the same resolutions, I suspect there won't be much difference but perhaps panels intended for TVs may still have more allowable defects.
If you're going to that sort of length, maybe just filter DNS requests from the TV to whitelist Netflix and Amazon Prime Video, etc. but block everything else. A custom router might go one step further and only whitelist outbound traffic to IP addresses that were previously resolved through DNS.
> you can still buy these blu-ray players and not connect them to the internet.
Unfortunately this is only a temporary solution IMO. Within the next decade I think you'll see these smart devices shipping with built in connectivity that's difficult or impossible to disable, especially if Starlink or other satellite based services really take off.
I don't think these kind ofdevices will use Starlink or an equivalent service any time soon. Starlink needs a "pizza box sized" satellite dish that constantly adjusts its position to stay in contact with the satellites. I assume they won't work inside, like other satellite based antennae.
If smart devices will have build in connectivity in the next decade, I think 5g will be a more likely candidate. But I don't see that happening either. Why would a company pay for the data of its users when most people will just connect it to their wifi?
I have been wondering for the past two decades: when will media companies will realize that better quality == sales? This sort of happened with iTunes Store when they got rid of DRM on the audio tracks, and with streaming video services (though the quality is severely lacking compared to Blu-Ray/HQ ripped Blu-Ray).
You still get the best experience (and quality) going through BitTorrent.
You'll be surprised on how much crap Samsung packs into low-end & mid-end smartphones in India, especially since now the phones are made in India, available only in India(M-series).
The phones have major international data hoarder apps, their equivalent in India and their Samsung equivalent with its own app downloading services which masquerades as system updates to force the gullible into downloading Samsung apps even if you disable them.
The phones are very much subsidised for data hoarding.
I wouldn’t be surprised. I recently bought a low end android to use as a balloon tracker (which I didn’t realize was illegal until later) and had to wait around 10-20 minutes after connecting it to WiFi While it downloaded ~15 apps (some of which kept launching background services and crashing the phone because it would run out of memory.)
I used to think consumer PCs were bad but holy cow, the way android enables malware out of the box is insane! And in the name of protecting the user from malware they have no tools to deal with it.
>And in the name of protecting the user from malware they have no tools to deal with it
There are tools as the ecosystem is open and the community is extraordinarily talented, but it largely depends upon the device, whether the kernel source, driver blobs are available and boot loader can be unlocked; these were generally true for most devices from high profile manufacturers, but now things are changing as those manufacturers have ventured into $1000 smartphones and don't care for their enthusiast population.
Then again, new breed of pure Linux smartphones are available now. IMO, this should be the long term focus for any enthusiast wanting a free, open, secure mobile computing experience.
It depends on the device manufacturer which is the one installing malware in the first place. There is no hope for android unless something fundamentally changes.
True, but unfortunately PinePhone shipments have been stopped to India & Russia[1]. I assume that would be the case for many other brands shipping their handsets from China/HongKong to India.
So, these local manufacturers are going to have free run shipping crap embedded phones for a long time.
There are still "dumb" Blu-ray players. Bought one for my parents a few years back. It does have an ethernet port, but they've never needed to connect it to the Internet, works fine. I guess if you're watching a movie that has Internet-enabled extra features, then you would need an internet-connected one, but are there really that many anyway?
Firmware updates are good. They can patch security issues and they can improve different aspects of the device. The security being the best plus obviously.
Wholeheartedly agree that there is no reason for a company like Samsung to track your every move despite you paying them hundreds for said devive. I'd be very surprised if they don't make a hefty profit from such devices. So why then, do they need to track us in addition to making us fork over our money.
I understand Google tracking us. I don't agree with it, but I understand it. Same with Facebook. But Samsung? Apple? No. They're even going to certain lengths to prevent you from fully enjoying your devices (such locked bootloader, making it hard to repair etc).
Firmware updates are good. They can patch security issues and they can improve different aspects of the device. The security being the best plus obviously.
The point is that there are no "security issues" in a dumb media player like the DVD player I have. Suppose an "attacker" (and that is stretching the definition a lot...) can create a disc that can overflow a buffer somewhere and crash the player or cause it to do something "interesting", and I have been somehow tricked into attempting to play this disc --- so what? It's not connected to the Internet, the firmware is read-only, there's literally nothing of value to attack. I'll just eject the disc (manually if necessary) and not play it again.
Instead this stupid "update culture" has created horribly buggy software that's barely functional "because we can always change it", and now we somehow need an Internet-connected media player,along with all the downsides --- including security --- that brings, just so they can (try to) silently attempt to fix some bugs that should never have gotten out in the first place? My experience tells me that they will fix one thing and break something else in the process, so there's overall no real improvement.
If im not waiting for a big fix i avoid upgrades when possible for the reasons you mentioned above, thers nothing more annoying than an upgrade that downgrades features that were working just fine.
Im also doing some research before upgrading. Never the first to upgrade, i hate autoupdating software
What security updates would you foresee being necessary for a traditional BluRay player? Perhaps I'm not being creative enough, but I can't think of what a hacker would accomplish.
Other than allowing the player to read pirated BluRays, I guess, but that's not the user's problem.
Maybe making the player part of a DDOS botnet? That's all I can think of.
The only consumer electronic in my house I allow to talk to the internet is the AppleTV. Nothing else is allowed on the router. Not the TV. Not the disc player. Not the refrigerator. Not even the "smart" thermostat.
I don't know about security per se (as others have mentioned a dumb player doesn't need internet), but I could very easily see a decoder bugfix or something to do with i/o error conditions or mishandling some particular kind of disc...
Firmware updates can be good, but only the user with physical access should be able to install a firmware update. An example of how this might be done may be: There is a ROM firmware (always read-only) and EEPROM firmware (read-only except during firmware upgrade operations); the ROM firmware only checks a switch (which is a physical hardware switch can be set only by the user) and if set, will load the data on the DVD (or CD or CompactFlash or whatever other media it uses, but specifically not internet) as a firmware upgrade into the EEPROM; if the switch is not set, then the EEPROM is read-only and nothing can upgrade it, not even a custom firmware. (The user could also physically open it up and replace the EEPROM chip themself, if wanted, but this would normally be unnecessary.)
I can’t vouch for Samsung but Vizio have said in the past that they make very little profit off their TVs and this is offset by data that is collected from usage.
Now I’d imagine that Samsung are making a hefty profit on the 75” 4K all singing sets (and still spying on you) but the cheaper ones seem to be priced so there isn’t much profit.
That's why: "What does a factory reset entail?" is a fascinating question.
Everyone assumes you'll lose your settings during a factory reset, but what isn't as clear cut: Does it revert the firmware to whatever it was shipped with (bugs and all)? Some vendors do, but most vendors do not.
A legitimate factory reset (inc. firmware) mechanism or USB boot/reflash would have likely saved Samsung considerable amounts of money here (relative to mailing all of them two ways, they could have e.g. sent out free USB keys with the firmware).
> Does it revert the firmware to whatever it was shipped with (bugs and all)? Some vendors do, but most vendors do not.
I think that's the only reasonable thing to do. Have the original firmware either as an actual rom, or only writable with an enable jumper flipped; use a power on key sequence to boot from the original firmware, copy to normal firmware and reboot into normal firmware (which is now the original firmware). Run through that process during manufacturing to confirm it works.
Regularly test that all released firmware images, especially those in the original firmware slot can successfully upgrade (or at least not crash). Preferably include current firmware version in all requests so you can give workaround responses as needed when you figure out you broke something -- in the hostname is ideal, as you can use that to work around version specific certificate issues.
The reason a Blu-Ray player (or a video game console) might not let you go back to original firmware is to prevent reverting to earlier firmwares that allowed copied media, etc. For those, you probably want to have a 'safe' firmware slot (or two, ideally) that drives the factory reset process, and only reflash those slots on some updates (to reduce testing needs)
Not necessarily. I worked on the team the managed the OS for an embedded hardware project (radio equipment) and our disk was partitioned four ways:
1. current operating system
2. previous operating system (and next, on upgrade)
3. data partition, shared across both current and previous OS
4. factory reset partition
That means if we needed to do a factory reset we could just load the firmware archive from the fourth partition onto the second partition and execute a normal upgrade, albeit to an older version. Since upgrade packages were small, maybe 500MB?, we could easily cut a little space from the rest of the partitions to make it fit without having to increase the flash capacity.
That might be feasible for high margin products, but definitely not for consumer products. Case in point: enthusiast motherboards (as in, not the ones used for prebuilts) cheaping out and using 16MB ROM rather than 32MB, forcing them to remove features to accomdiate extra code needed to support new CPUs
Companies seem to care more about preventing users from rolling back firmware than they do about releasing firmware that works. I've had more than one device wrecked because it happened to be out of warranty when I installed a firmware update that ruined something important.
As the owner of the device, I couldn’t care less if reverting to earlier firmware has been exploited. Are device manufacturers making more money from customers or studios?
Isn’t all this crazy when pirates can just download the damn movie with no problem. They are just punishing the paying customer. I have a plex server and have zero issues.
In this case it wasn't even a firmware update that bricked the device. Just some meta data that told the device how to behave. So a factory reset should still have deleted that stupid XML file from the flash storage, which would totally have fixed the issue. Even with all the paranoia they could have had about reverting to an old firmware version and breaking copy protection through exploits. Just wipe the freaking flash storage and keep the current firmware.
The one issue I can see with this if the original firmware has an outdated TLS trust store, reverting to the original firmware might make it impossible to update it via normal means. Whether or not this is good or bad is an exercise left up to the reader.
Samsung runs their own CA with a long expiration, so at least they aren't affected by trust store issues. Amazon had an issue with this on Kindles though, if you didn't online update your Kindle in time, you have to do an offline update -- i think that one might have been sha-2 signatueres rather than a CA expiration though --- not sure.
Just a guess, but I would assume the term factory reset referred to clearing user settings before devices commonly had firmware update capabilities. So the legacy name should not be used to imply how the function should work in relation to firmware downgrade.
I tried a factory reset with my Samsung TV after a firmware update injected advertising into the UI. Unfortunately it remained on the current firmware version and just cleared the settings.
Did you buy it with a credit card? Check to see if your credit card has additional return/warranty periods.
Or, if you have the time and opportunity, sue the manufacturer in small claims court.
Better yet, tell your friends and family about how the ads start after the return period closed, and encourage everyone not buy that garbage in the first place.
Factory resetes that reset the EEPROM basically usually means that the hardcoded values form the ROM/Firmware will be used on the next boot.
However you usually have another tier today which is flash storage which isn’t a mechanism that can be easily reset with a “factory reset” because it involves a file system.
If the bad config files are on the flash you need a factory reset mechanism that basically tells the main firmware or boot loader to recreate the file system on the next boot.
That's how factory reset works on Android — it simply erases the entire /data partition, which is the only one normally mounted read-write. Recovery might subsequently initialize an empty file system there, but bootloader certainly does not. (you're usually able to do a wipe from both)
The OS itself then initializes it all from scratch on the first boot.
If they included a factory reset, a good one besides being accessible early in the boot process, would erase and restore the filesystem on the flash chip to how it originally shipped. So that policy file will either be erased or a safe default.
Then you just keep it offline until Samsung fixes the file on their server so you don't have to reset it again. They fixed it a few days later so it is safe now, so even old firmware should be safe to go online.
That article explains why that solution it isn't possible: 'there seems to be no way to recover the devices from the boot loop using normal means – such as a USB stick, CD or network – because the crash happens too early in the boot sequence.'
I like the way you can erase and recover a Mac to a fresh install of MacOS, without needing a USB key or another working Mac. As long as you have an unmetered internet connection, you can recover to the same version of MacOS that shipped with the device.
That's a pretty horrid way. It used to be a time where you could just run a recovery partition to reinstall your operating system outside of re partitioning your hard drive.
Every maOS install includes a recovery partition which works as you describe. However, if your hard drive is screwed up thoroughly enough, the recovery partition may not be accessible. In that case, you can still access Internet Recovery, which is located on some sort of ROM and allows you to redownload a working recovery image from Apple's servers.
I've seen non-Mac laptops ship with a recovery partition but:
1. The recovery partition takes up some space, and
2. You (or malware) can mess up the recovery partition, and
3. The recovery partition doesn't exist if just upgraded the storage (e.g. replace the HDD with an SSD).
Macbooks have other failings (e.g. increasingly hard to upgrade/replace hardware yourself) but the operating system recovery works better than anything I've seen for Windows or Linux. Chromebooks have a factory reset key sequence, but that requires a working ChromeOS on the drive.
Better write a firmware to avoid this problem i have written in the past firmware for devices that don't affect the user experience including CA's, server domain or ip and other parts that don't require a full firmware update, better to "waste" development time thinking of all future problems that are out or your hand than bother the final users IMO. As a developer you should think every problem you could face or you aren't using the best practices of software development.
I think the best approach is to never, ever connect a device like a TV, Blu-ray player, etc to the internet. That's the only way they'll survive. So far no HDMI-based attacks.
Don't know if they still do it in the USA, but about a decade ago Sony XBR TVs were able to OTA update from local PBS stations.
I don't know how useful that was. Most people hook up TVs to cable boxes.
I never hooked up my Sony to an antenna for exactly that reason. There were reports of people being unsatisfied with firmware updates. E.g. the motion interpolation algorithm changed.
This is still used for set-top boxes, at least in Belgium. It happens in the background now, but up until a few years ago when you first got one you'd only see the firmware downloader for an hour or two, with this block diagram where you could follow along: https://i.imgur.com/hh7eWZr.jpg
The worst part about that was if your signal quality wasn't great. You'd see blocks fail, and it'd take ages for them to come up again.
The boxes now ship with usable firmware preloaded, and will update in the background in the first few days usually.
There are several Methods for this - search for OTA...
One of our STB models are still using OTA via DVB-C (I’m in Denmark). Only without the the last few months are we replacing the QAM based SWUPDATE mechanism to an TCP/IP based mechanism (IP is required for using the STB in the first place even though it’s a DVB-C BOX)
I don’t know of any off the top of my head, but I have seen them.
Besides that though, firmware updates require an internet connection, and those updates contain keys for newer AACS versions. So if you want to play a just-released movie, you may need a player capable of AACS 72 (or whatever it’s at now), but yours may only support AACS 52 (out of the box).
MakeMKV does require an update for each new AACS version.
I have a TCL tv that has the Roku firmware on it. I have never connected it to the internet, but I made sure I could update it without the internet. When I shopped for a tv, I was adamant I needed a tv I could update via USB, and Roku’s firmware allows it.
Nobody has read the Eula. Nobody has knowingly and willingly agreed to those terms (if they exist). No vendor has expected those terms to be read (if they even exist). No vendor has explained those terms to a customer.
There is a contract for exchange of ownership. You can't actually break that contract with unconscinable means such as fine print that nobody reads nor is expected to read nor has had explained.
Read a EULA if you like but it will do absolutely nothing for you nor will it alter the law and the application of the law. Maybe you'll enjoy the read though?
It is an item, purchased in a shop in exchange for money. There's rather a lot of established law about that.
We once almost bricked our devices (electronic magnifier/OCR for low vision people) with an update that added automatic calibration for the cheap crappy OEM touchscreen we used in some devices. It was so crappy all the screens we had in our company had the same serial numbers and returned different coordinates when you clicked in the same spot :)
Fortunately libev has calibration - you can provide a matrix to transform all touchscreen events with. We added calibration step - the software asked user to touch 4 corners on the screen, calculates inverse matrix and saves it to configuration for better touchscreen accuracy. We tested it extensively, and uploaded the version to our update server.
The next day customers started calling :) turns out libev (which reads the configuration during booting) had a "feature" that parsed the numbers in the configuration using the default system locale.
German locale uses . as thousands separator and , as fraction separator.
So, when you did the calibration and restarted the device with German locale your screen transformed the touschscreen events multiplying them by thousands - so you couldn't click on anything, so you couldn't use the device or click "update software".
It was even worse if you used german locale, saved the calibration configuration and then changed locale to English - then it simply crashed during boot because of wrong number format :)
Fortunately we left one usb port accessible so users could attach usb mouse and click "update" if they had the first situation, or download the whole firmware on an usb pendrive and update from it.
BTW the libev bug is fixed, now it always reads the configuration using C locale. Guess what happened when we updated the linux on our systems half a year later and that change was included :)
Programming errors happen, but thats why I don't get, that companies still use programming languages, where such errors result in a crash vs. an error which can be handled and recovered from. A faulty XML file shouldn't render the whole machine unusable.
Yes, you can create a mess in any language. However, a lot of languages protect you against a lot of potential mistakes and also give you means of safely recovering from errors. The XML parser might not be better when written in another language, but if it is called from within an error handler, the calling program could recover from the error.
Presumably languages which default to optional instead of null with the default ergonomics being to “or_else” instead of “unwrap” will encourage safer error handling.
It works for me, but I don’t know if it is yet well known what the effect of developer UX on error rate is.
Nope, you are still not making sense. Just look at the "Facebook remotely disables all apps" issue. Both times it was issues deserializing - the deserialization wasn't unsafe or outright crashing, it was simply the SDK wasn't prepared to deal with the data it got.
I find that I can write code that is less likely to crash or fail more easily in some languages than in others. If this is not the case for you, I understand that it isn't compelling but that's okay. Not particularly looking for you to adopt anything.
UX things in some languages guide me to idiomatic code that is safer. And as engineers, we know there is no guarantee, only shades of improvement. But again, if language choice does not affect your program quality, so be it.
Impossible is a big word :). But while a C or C++ program tends to crash in the presence of an error, like with a segfault, a lot of languages just throw an error which you can catch. So you could proceed with the default values, if the file cannot be read correctly.
"can catch" doesn't give you anything, unless you actually do the catching.
C and C++ programs tend to crash in the presence of an error, but so do rust programs (panic), C# and java and js and python programs (unhandled exception). Some languages make it harder to footgun yourself for certain types of errors, but never all types of errors.
I have seen js programs (and similar stuff in other languages) crash because of something like
JSON.parse(response).list[0].string.length
where the response was valid json, just the .list property was an empty array (or even undefined because omitted in the json).
Does rust protect from such mistakes (because I know some people on here like to claim rust is the answer to everything)? Verbatim from their docs:
let v = vec![0, 2, 4, 6];
println!("{}", v[6]); // it will panic!
I'd guess it's exactly such type of bounds error at play with the Saumsung thing, from the mention of that empty <list/> element in the article.
I have written such code myself because I was lazy or distracted or "need performance" or "this can never be empty per spec" or "oops, my range calculation was off by one", tho luckily I didn't outright brick anything, yet.
There is one difference in Rust: they are so confident of their memory model, panic!() only kills the current thread. The exception is if it happens in the main thread it kills everything.
In Samsung's case, if they put the parsing of the telemetry config xml file in a separate thread the default Rust behaviour is not to kill the entire thing. Sending the telemetry back to servers sounds like something you would do in a separate thread, so perhaps it would have saved them.
Other languages with similarity strong memory models like Java / Python / Haskell could do the same thing of course. And in those languages programmer could just emulate it in any case. C / C++ with their weak memory models could not sanely do it. A programmer could emulate it in those languages by using separate processes if the OS supported it, but they would have to forgo shared memory.
Not a huge difference perhaps - but Rust's strong memory model does buy you something.
Oh please. C and C++ programs can be coded to fail gracefully and "a lot of languages" fail in unpredictable and unfortunate ways and shitty programmers still don't catch those magic errors. This is a matter of crappy engineering, not per se crappy language.
You can have programs crash in any language. However, it is the question, how well a program can recover from an error. Having a concept of error handlers in the language, which can catch conditions occuring inside the code they are calling, leads to more robust programmers.
Think of it as airbags and seat belts. Drivers, who don't make a mistake, wouldn't need them, but in reality shit happens, and they give us more survival chances.
You can argue about which syntax is best. But irrespective, having a perfectly good boolean already, but then comparing it to true or false to unnecessarily create another boolean is always just wrong.
Whether it's an Exception or a segfault, the application still crashes because its input is in a bad state. This class of problem is not restricted to memory-unsafe languages.
But that is the point I was trying to make. No language can save you from logic errors, but a lot of languages let you recover from errors in functions. The simplest way is exception handling in Java like try { parse(xmlFile) } catch ( ... ) {.... }
There is no reason the device should get in an undefined state if parsing that file fails or even completely crash.
> There is no reason the device should get in an undefined state
That is impossible to guarantee. It isn't even possible to completely generally[†] test for - what you have there is a variant of the halting problem (https://en.wikipedia.org/wiki/Halting_problem).
[†] added "generically" there as it is possible, using formal methods from the start, to prove that a program is correct so will not error (in an unexpected manner) on any input, but such methods are time-consuming so outside of certain specific fields you'll not find them used
I'd argue that languages which force handling via the type system (e.g. `Result<T, Error>` in Rust) makes it less likely that bugs like this will go unhandled, since the position if the programmer does not explicitly opt out of error handling (with `unwrap` etc) is a compilation error rather than missing error handling.
In the case of an appliance device where the XML file was externally supplied? Continue as though the file never existed (and possibly also delete the XML file).
Yet another reason for the warning don't connect your 'smart' TV, DVD player, or any other entertainment device to your wifi router. If you need Netflix, use a standalone device such as a Roku and connect it to the TV with HDMI.
Probably. Samsung hired thousands of c++ developers in a particular low-cost country to build Tizen. You can't really hire that many quality developers that quickly, and it showed.
It kinda is shitty, though. Do remember that it was built as a replacement for Android on smartphones, then when that, in a 100% expected way completely failed, was was relegated to the TV and smartwatch platforms where general requirements are perhaps 5x less.
Those two platforms probably only use the best 20-30% core functionality of what was built. And they're still second tier...
This is one of the many reasons hardware companies stop supporting older tech. It’s just not in their interests to push updates down to them, and can seriously back fire
In some ways, this is even more disturbing than the bricking.
Only corporate greed can create a media player that watches you and needs constant firmware updates.
I have a VCR and DVD player which still work, and things like this are the reason I'm not buying any newer standalone players.
It reminds me of this old meme (I'm not aware of a Blu-ray version): https://files-cdn.sharenator.com/pirate-dvds-s800x825-43988....