• MystikIncarnate
    link
    fedilink
    English
    arrow-up
    6
    ·
    5 months ago

    IMO, for a safety system, anything sitting between the device’s sensors (to say it’s time to deploy the safety system, regardless of what it is), and the actual deployment of that safety system, is too many things sitting between those systems. There’s should always be a direct and uninterrupted connection from the safety deployment sensors and the safety deployment system. Nothing in between so the delay in deployment is as close to zero as possible, with no complications that could, in any way, shape, or form, delay or otherwise interrupt the connection between those two systems.

    I really wonder what the mechanism for this license model is, I’m sure their engineers are intelligent and there’s no obvious issues, but say, for example, the sensors that trigger the airbag and the airbags deployment trigger, has something like a relay in between. The relay is controlled by a management computing device that has verified the license and so it closes the relay (so everything works). Say, for example, during a crash, one of the first things that happens is that you’re struck with debris, and in that debris is a very small, very powerful magnet. It happens to land, right where that relay sits, and because of where it impacts, it causes the relay to open… Disabling the airbag. You get wrecked because you were hit with a magnet.

    I’m sure that is not realistic and they’re not using a magnetic based relay for something like this, but I think it demonstrates the point. Anything sitting between (detect) and (deploy) is a risk to life and limb. That includes, but is not limited to, lines of code, relays, disconnects, computers, electronic lockouts, switches, and buttons. Even significant lengths of wire, more than a few inches could be a problem due to induced current or the risk of them being pulled and/or broken. Ideally, the system for detecting that it should deploy and the deployment mechanisms trigger should be in the same, protected box or chassis on the vest, with nothing in-between to inhibit the signal. IMO, the only good way to do this kind of lockout is to control the arming/disarming of the system, where when the system arms (and therefore ready to be used and secure the life and limb of the user), it checks for the presence of a license, first locally (with a license that has been cached that informs when the subscription is set up expire, if that expiry is after now, then arm), and failing that (expiry is before now), check for a license via a link through the app to the web and/or service provider. Providing useful feedback to the user about the system and whether it has armed correctly and therefore ready to deploy.

    Have they done it this way? I don’t know. I don’t trust that they have. I’d rather pay more for a safety system and not have it require a subscription than pay monthly to use the system and potentially have it fail a fucking license check when I need it the most. Bluntly, I don’t trust them to get this right. So fuck this, fuck them, and fuck anyone who supports this with their money. Any company putting a financial condition on the safety of your life isn’t a company that should continue to operate.

    All of this is to say nothing of: what happens if the license servers fail? Can’t check in for a new license at renewal time because the servers are fucked… Well, good luck in that crash you’re about to have. 🖕

    Fucking idiotic to trust a subscription model with your life.