This is why a number of countries have laws saying spare parts must be made available for a number of years past being sold. Well beyond what the warranty is.
I’d also settle for releasing 3D models of out-of-production parts so they can be 3D-printed by enthusiasts.
Story time: in my second-gen Mazda Miata, I closed the centre console lid on a piece of cardstock by accident and it snapped the plastic piece that latches the lid shut. The part previously sold for ~$10 but they stopped producing it as a standalone part at some point and the only way to acquire it was to buy the $100 centre console lid assembly.
This isn’t spare parts. This is asking for a new part to be designed and manufactured to replace an existing part. That takes time and money. Granted software doesn’t require mass production, but creating the initial version does take expertise and resources that may no longer exist in addition to the time and money.
You think spare parts don’t cost money? Wearhouse space is expensive. Massive part stores have to be made. That’s all expense needed to take on by auto manufacturers. Why would software be different?
Either that or they keep all the tooling, which again is expensive. And people need to know how to use the tooling too.
This isn’t a “it’d be nice” kind of patch. This is exactly how we get massive bot nets for DDOS attacks. Devices become vulnerable, scans go out on the internet looking for devices they can exploit, and when they do, they gather bot nets.
It’s also not creating something new. It’s fixing your shit. They don’t have to create the entire software stack from scratch, just fix the exploit. If they can’t reasonably do that, then these devices need to be taken offline.
I’m not saying they shouldn’t fix the issue necessarily, assuming it’s even possible. I’m saying they shouldn’t be held to higher standards than any other product just because the engineering effort involved in software is undervalued compared to physical objects. If a product made 15 years ago didn’t follow modern safety standards and is no longer being sold by the manufacturer, we don’t make them update their old products.
As for tooling, yes, and with software it often requires “tooling” that no longer exists in order to develop the patch including hardware that may no longer be manufactured. It’s not like the product manufacturer manufactures all of the parts like circuits and microchips. Just like vacuum manufacturers don’t usually make the bearings and gears and such, they just assemble them. So same concept.
We may require them to keep parts with the existing design, but we don’t require them to fix safety issues that were not found to be out of compliance when it was originally approved for production. We might make them fix it if they’re still selling them, but we don’t make them fix these issues if they are not.
We do take cars that fail safety inspections off the road. You are correct, we don’t hold them to higher standards, but that’s not a reason why we also shouldn’t remove genuine hazards off the roads.
If a car is far more likely to kill someone, it shouldn’t be on public roads either. Just like devices that can’t be update don’t belong on public nets. The risk to the broader public is to big IMO.
This is why a number of countries have laws saying spare parts must be made available for a number of years past being sold. Well beyond what the warranty is.
How is this significantly different?
I’d also settle for releasing 3D models of out-of-production parts so they can be 3D-printed by enthusiasts.
Story time: in my second-gen Mazda Miata, I closed the centre console lid on a piece of cardstock by accident and it snapped the plastic piece that latches the lid shut. The part previously sold for ~$10 but they stopped producing it as a standalone part at some point and the only way to acquire it was to buy the $100 centre console lid assembly.
Software 100% needs to be included in support.
Old devices that become vulnerable but still accessible on the internet, eventually become part of bot nets producing DDOS and other network attacks.
This isn’t spare parts. This is asking for a new part to be designed and manufactured to replace an existing part. That takes time and money. Granted software doesn’t require mass production, but creating the initial version does take expertise and resources that may no longer exist in addition to the time and money.
You think spare parts don’t cost money? Wearhouse space is expensive. Massive part stores have to be made. That’s all expense needed to take on by auto manufacturers. Why would software be different?
Either that or they keep all the tooling, which again is expensive. And people need to know how to use the tooling too.
This isn’t a “it’d be nice” kind of patch. This is exactly how we get massive bot nets for DDOS attacks. Devices become vulnerable, scans go out on the internet looking for devices they can exploit, and when they do, they gather bot nets.
It’s also not creating something new. It’s fixing your shit. They don’t have to create the entire software stack from scratch, just fix the exploit. If they can’t reasonably do that, then these devices need to be taken offline.
I’m not saying they shouldn’t fix the issue necessarily, assuming it’s even possible. I’m saying they shouldn’t be held to higher standards than any other product just because the engineering effort involved in software is undervalued compared to physical objects. If a product made 15 years ago didn’t follow modern safety standards and is no longer being sold by the manufacturer, we don’t make them update their old products.
As for tooling, yes, and with software it often requires “tooling” that no longer exists in order to develop the patch including hardware that may no longer be manufactured. It’s not like the product manufacturer manufactures all of the parts like circuits and microchips. Just like vacuum manufacturers don’t usually make the bearings and gears and such, they just assemble them. So same concept.
We may require them to keep parts with the existing design, but we don’t require them to fix safety issues that were not found to be out of compliance when it was originally approved for production. We might make them fix it if they’re still selling them, but we don’t make them fix these issues if they are not.
We do take cars that fail safety inspections off the road. You are correct, we don’t hold them to higher standards, but that’s not a reason why we also shouldn’t remove genuine hazards off the roads.
If a car is far more likely to kill someone, it shouldn’t be on public roads either. Just like devices that can’t be update don’t belong on public nets. The risk to the broader public is to big IMO.