The problem here is not the refrigerator, or the software on it.
I repeat.
The problem here is not the refrigerator!
We're building a shitty internet, not an internet of shitty things. If integrating with an online calendar means having to have a software team at the ready at all times for the whim's of some service's API updates.. we have failed society in a deep way.
The API that Google should be releasing for Google calendar is CalDAV, because it's a standard that people can depend on. Google - by choosing to not use that standard AND to not get a different one standardized with their peers, shows they don't want to be part of an Internet.
While I tend to agree with what I think is your point, it's all well and good to say that there's a standard and one should use it (which I support, and have worked on many throughout my career), but standards aren't a panacea either, especially since many of best standards are ones that standardize a previously proprietary (but working!) design.
(No relationship with the calendar team, but I'm pretty sure they'll read this thread if you have comments for them.)
Please see my comment below about their support of CalDAV (only for specific clients, they keep changing the endpoint location).
CalDAV is a standardization of a previously proprietary but working design (apple's icalendar work) that most all other vendors support except for Google.
Even when they try to support it, they changed the endpoint location (?! I guess even Google is bad at URLs), and their CalDAV implementation only supports the calls of a popular enough client they don't have control over.
"We have not yet provided a full implementation of all of the relevant specifications, however for many clients such as Apple iCal™ the CalDAV protocol should interoperate correctly."[0]
We have an integration with google calendar and they seem to make endless tweaks, like date+time zone requirements. About every six months I have to go in and undo what was done the last time. Debugging is also a nightmare when it comes to validating calendar feeds.
Every time I see "google calendar" in our issue tracker, I die a little inside.
But its also unacceptable to make an Internet connected device with a static proprietary OS on it.
We have a dozen known vulnerabilities in common software packages every year, and these devices are using IP for communicating often confidential information. It can be disastrous for your toaster to be hijacked, especially if it can be remoted no and burn your house down.
This whole IoT disaster should have been predicated on free software, with some protocol support for authorized local network updates and maintenance. You know damn well that if Samsung cannot be bothered to update the OS on a four year old phone anymore, your Samsung Fridge or TV or futon is a lost cause.
I agree completely. But how likely is that to happen? Let's face it, companies that make 'smart' devices will likely want to monetize on customers whose software is outdated (in functionality, not security) and who want to upgrade because of that. I don't think they'd have a motive to do anything other than proprietary, non-maintainable software.
The only solution I could think of from a security standpoint would be to limit functionality on the device itself to such a level that there is not much need for updating, i.e., ideally the fridge becomes a dumb device that essentially offers a vnc-style connection to a central FridgeCo data center, so that the fridge itself would never deal with your passwords etc. other than sending them somewhere in an encrypted connection. This basic layer of functionality (and even that would be a lot to keep secure) would be more reasonable to maintain and keep secure than having separate apps for Google Cal etc.
Of course, this would cause many more problems, be a single point of failure etc., but I think that's the way it's most likely going to go.
Ubuntu are aiming directly at this problem by providing the base OS and making it possible for vendors to then layer on the functionality they need: http://www.ubuntu.com/internet-of-things
How much vendors are willing to use something like this remains to be seen. Personally I resist buying things that I think will have a poor security update record. I'd like to see more pressure on vendors to do the right thing here, especially because there is at least one reasonable solution available.
Disclosure: I work for Canonical, but am not associated with the IoT work in Ubuntu.
I don't think sanity will prevail over profit here. Making shitty unmaintainable flashy software that sells units and hijacks your house through exploits a year later optimally keeps customers buying new fridges, when the only thing wrong with them is awful outdated proprietary code running on it. Its the same reason I feel Ubuntu TV was a flop - as long as consumers make emotional, advertising driven, uninformed, instantaneous purchase decisions, the optimal route to profit is flashy over-the-top showoff crap on the store shelf that then breaks as soon as possible so they have to buy another. As long as people do not care about the software running on their "smart" tv, or fridge, or thermostat, they will continue to be given what they ask for - nothing but crap.
> Its the same reason I feel Ubuntu TV was a flop...
I believe Canonical have a grand plan but have just focused on phones first. Since to my knowledge the Ubuntu TV hasn't happened yet, how can it be a flop?
It was announced in 2012, and it has had no development since 2011, and hasn't shipped anywhere either. It wouldn't have been a flop if there wasn't a lot of hype in the tech ecosystem about it as a result of the announcement, but if you announce something you stopped working on a year before and going on four years later haven't come back to, while proprietary smart TVs have basically taken over store shelves in the intervening years, its a flop.
There is a ongoing internal friction in the software development process. We rely on capitalized business processes to self-correct against dramatic failures like this. This is not a failure of society, it's a failure to appropriately contextualize this software with regards the business that backs it.
Rather than being built in, this "calendar" should be android/iOS tablet that's attached to the refrigerator with magnets. It should be thrown in the trash every couple years and replaced with a new one. According to the interests of Google/Apple (as evidenced by their software updates).
Yup. Just put a USB port and a recessed frame in the fridge door and say "hey, it comes with a free Galaxy Tab 4 8" device! And a box of magnets and crazy glue!
Same thing with "Smart TVs". Just put some extra powered USB ports on the back next to the HDMI port and bundle it with a TV stick.
I wish the car companies would take that attitude too. I keep my cars a long time, and I don't think it will be useful to be running a 10 year old version of Android on it. Just let me treat the car (or other appliance) like a peripheral, which would require minimal ongoing support, and let me upgrade the smarts as needed.
This is exactly why when I went to go buy a new car, I made sure it was "dumb" (no built-in GPS or control system or anything, just a stereo). Technology changes so fast, I don't want my car to be running on some processor and OS that will seem "ancient" in 10 years.
I have GPS and internet radio on my phone that I upgrade every few years, why would I want it in my car that I upgrade maybe every 10 years?
Can't agree more. We had more interoperability a decade ago than we have today. People wanted to open up their APIs and let you DO things with their services. Today it's all about the lock-in, DRM and not-invented-here feature breaks. It's horrible and backwards.
I repeat.
The problem here is not the refrigerator!
We're building a shitty internet, not an internet of shitty things. If integrating with an online calendar means having to have a software team at the ready at all times for the whim's of some service's API updates.. we have failed society in a deep way.
The API that Google should be releasing for Google calendar is CalDAV, because it's a standard that people can depend on. Google - by choosing to not use that standard AND to not get a different one standardized with their peers, shows they don't want to be part of an Internet.