I don't think they're referring to dudebros' js, they're referring to systems software and the ability to deliver relatively secure updates over insecure channels. I've even delivered a signed firmware update to a microprocessor in a goddamn washing machine over UART. Why can't we do this for a jet?
Well, because the software load of an aircraft is certified as part of the approved type design, for one. If you update the software it requires an engineering approval, because the risks inherent to operating an aircraft and the engineering that goes into mitigating those risks and making them acceptably safe are quite a bit more significant than a washing machine.
What's more we're talking about stores clearance (i.e. releasing shit from the aircraft in flight).
The attitude behind "Just write that function and flash the firmware" gets people killed.
I'm not saying just write the function and flash the firmware, but it's not like the super rigid certification process doesn't have its nefarious side effects either. My experience is that the more expensive fixes are, the more humans are willing to turn a blind eye to problems or wish them away.
>but it's not like the super rigid certification process doesn't have its nefarious side effects either.
The system isn't rigid so much as thorough. You can omit portions of the review for Minor Changes (term of art), for example. Unfortunately "writing the code to correctly release deadly explosives from the aircraft in flight" is far from a Minor Change, so gee willikers I guess it required some due diligence.
Maybe sometimes doing things correctly takes time and money for a reason, even if the reason isn't obvious. Maybe there's a good reason not to have OTA firmware update capability on a warplane.
I hear you. I respect the process and practice. I would invite you to ponder what would happen if all the iPhones and iPads in one country were to be bricked overnight by an OTA update - billions of dollars worth of instant economic damage just from the device cost, many billions more in consequences including lives lost. Well this capability probably exists somewhere at Apple. I hope it's well guarded by process and perhaps this process is costly not unlike recertification. Does the ability to deliver critical fixes quickly make it a safer system on balance, versus the Nokia and BlackBerry era where your firmware essentially never changed ever because the cost of delivery was so high? My guess it that it does on balance represent an improvement. But maybe I misunderstood and the millions of dollars in cost of delivering the fix were actually spent on due diligence, as opposed to just mechanically applying the patch.
Many people will hear the usual story of the fixes (for the plane example) being enormously expensive without really diving into what all goes into that figure.
The source code change itself may be trivial, so it's easy to compare that to the multi-million dollar figures thrown around and have criticisms.
We can do OTA updates, there's no technical reason it can't be done other than not allowing it (which I mostly agree with in secure applications). Hell our spacecraft do this now.
We must keep in mind these fixes do not go from dev environment straight to the field (prod), which would be a terrible idea. These are extremely complex integrated systems and must be tested in multiple phases because let's face it, if this supposedly trivial issue made it all the way through, what else may not have been discovered yet?
Not only does the 'easy' fix need to be tested (time and money), but related interactions need to be investigated as well (more time and money). The time cost of people doing the work, investigations, testing adds up from all this. Then there's potentially hardware in the mix which is never cheap, also simply being able to get access to hardware for testing can be a huge hassle.
Keep in mind this comment is only geared towards situations where the end item is a physical system. I would expect a fixing a pure software product to have significantly lower costs.
We don’t really know the context of this anecdote, but if you have to completely re-run your test plan on a real plane with real munitions for newly deployed software, which is a pretty good idea, then I could see it costing millions, even if the fix deployed in a minute.
