Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Hizonner 6 days ago

Fuck, and I cannot emphasize this enough, the OEMs.

I am so sick of security being compromised so stupid, lazy people don't have to do their jobs efficiently. Not like this is even unusual.

danieldk 6 days ago | parent | next [-]

I don't think it is laziness per se. It's a combination of having far too many models (just look at Samsung's line-up, more than ten models per year if we don't count all the F and W variants), using many different SoCs from different vendors (just taking Samsung again as an example, using Qualcomm Snapdragon, Samsung Exynos, Mediatek Helio, Mediatek Dimensity, sometimes even a different chipset for the same phone model per region), each model supported for multiple years now on a monthly or quarterly update schedule (Samsung: recent A5x, Sxx, Sxx FE, Z Flip x, Z Flip 7 FE, Z fold x, Xcover x, etc. are on a monthly schedule). This across a multitude of kernel versions, AOSP versions (for older phones), OneUI versions (for phones that haven't been updated yet to the latest OneUI).

The must have literally over tens of different models to roll out security updates for, with many different SoCs and software versions to target.

And compared to other Android vendors, Samsung is actually pretty fast with updates.

It's true that other manufacturers have smaller line-ups, but they also tend to be smaller companies.

Compare that with Apple: every yearly phone uses the same SoC, only with variations in simpler things like CPU/GPU core counts.

WorldPeas 6 days ago | parent | next [-]

To me this is the ultimate failing of ARM as an ISA, the fact that you even need to consider "targeting" allows a deficient ISA like x86 to still stand head and shoulders above it in terms of OEM support (though perhaps not security)

rollcat 6 days ago | parent [-]

It has nothing to do with the ISA and everything to do with the system architecture. Look up PC-98.

Also: PC being a "standard" is a lie; ACPI is a horror.

Hizonner 6 days ago | parent | prev [-]

> I don't think it is laziness per se

You forgot the "stupid" part.

> It's a combination of having far too many models (just look at Samsung's line-up, more than ten models per year if we don't count all the F and W variants), using many different SoCs from different vendors > [...] > This across a multitude of kernel versions, AOSP versions (for older phones), OneUI versions (for phones that haven't been updated yet to the latest OneUI).

Those are choices. If you want to do that, you need a process that can support it.

I suppose it could be that they just don't care and are deliberately screwing their users, but never attribute to malice that which can be explained by incompetence and all that.

yathaid 6 days ago | parent | next [-]

>> Those are choices. If you want to do that, you need a process that can support it.

__need__ is doing a lot of work here. There is no forcing function to get OEMs to do this ASAP: 1) the market doesn't really care that much 2) there are no regulations around this (and even if they were, can you immediately recall a tech exec going to jail for breaking the law ... )

palata 5 days ago | parent [-]

> the market doesn't really care that much

This. Pixels are not more expensive than flagship Samsungs. If people cared and bought Pixels because they get the security updates, then Samsung (and the others) would follow. But people don't care, so the OEMs don't do it.

danieldk 5 days ago | parent [-]

It's kinda weird to single out Samsung here, because they are pretty good with security updates and they explicitly talk about long security periods in their marketing. They are not as fast as Pixel, but somewhere mid-range and up (A5x) get monthly updates and they are usually 1-4 weeks behind Google.

It's the other vendors that are the issue. Even Fairphone is behind a lot (and they only release one model at a time).

palata 5 days ago | parent [-]

The "(and others)" part was about including the other OEMs :-). I used the Samsung flagship as a specific example because it is very expensive, and people who buy it don't have the excuse of the price.

danieldk 6 days ago | parent | prev [-]

Those are choices. If you want to do that, you need a process that can support it.

I suppose it could be that they just don't care and are deliberately screwing their users, but never attribute to malice that which can be explained by incompetence and all that.

I think for a long time Android users did not really care. Until a few years, Android security support was abysmal with many vendors only doing 1-2 years of updates. Users bought the phones and didn't care, so I guess it was a smart business move to not care.

This changed in recent years due to a mixture of the (then) upcoming EU requirement for supporting devices multiple years with security updates, Apple being able to tout this as an advantage, causing Google and Samsung to enter into a competition to promise the largest number of years of security support, etc.

Zigurd 6 days ago | parent | prev [-]

Welcome to Android. It started out a bit undercooked and Google relied on OEMs to make finished polished products. Then the reality that OEMs suck at software hit them in the face. They spent years acquiring more control of their platform while trying not to piss off Samsung.

tracker1 6 days ago | parent [-]

Pretty much this... and even then, they still suck hard. Apple was right to start off with as much control over their platform as they did. The only reason I never went with iPhone is it started as an AT&T exclusive, and you couldn't pay me enough to be their customer ever again.