Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Of course, if you're on vacation and relying on that router to be available for security cameras, an automatic firmware update that results in a bricked router can be more than a little disruptive.


It's a tradeoff. You have to balance that negative against the negative of having botnets of millions of never-patched routers.

Automatic updates should be the default, but you should be able to shut them off if you want to make a different tradeoff.


Automatic security updates should be the default, all other updates should absolutely not. In case of patching routers there isn't much crapware to be upsold, but in general, if we're ever going to develop some code of ethics in this industry, I wish a part of it would be a rule of hard separation between security patches and feature updates, and another rule that the latter should never be done automatically without explicit opt-in.

Yes, it's extra work for developers, but the result of not doing that is the present situation - a lot of users, including a surprisingly large population of non-tech-savvy people, will go out of their way to shut down automatic updates, to avoid having to deal with broken workflows, upselling, ads sneaking in, and forced reboots in the middle of a business presentation or a game (or a surgery).


Automatic updates has some of the same issues as telemetry. Windows Update for example has to send information on things like drivers to scan for updates.


An update shouldn't brick a well built router; that's what watchdogs and secondary flash is for.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: