Oil Changes, Safety Recalls, and Software Patches (daemonology.net) 129
An anonymous reader shares a blog post: Every few months I get an email from my local mechanic reminding me that it's time to get my car's oil changed. I generally ignore these emails; it costs time and money to get this done and I drive little enough -- about 2000 km/year -- that I'm not too worried about the consequences of going for a bit longer than nominally advised between oil changes. I do get oil changes done... but typically once every 8-12 months, rather than the recommended 4-6 months. On the other hand, there's another type of notification which elicits more prompt attention: Safety recalls. There are two good reasons for this: First, whether for vehicles, food, or other products, the risk of ignoring a safety recall is not merely that the product will break, but rather that the product will be actively unsafe; and second, when there's a safety recall you don't have to pay for the replacement or fix -- the cost is covered by the manufacturer. I started thinking about this distinction -- and more specifically the difference in user behaviour -- in the aftermath of the "WannaCry" malware. While WannaCry attracted widespread attention for its "ransomware" nature, the more concerning aspect of this incident is how it propagated: By exploiting a vulnerability in SMB for which Microsoft issued patches two months earlier. As someone who works in computer security, I find this horrifying -- and I was particularly concerned when I heard that the NHS was postponing surgeries because they couldn't access patient records. [...] I imagine that most people in my industry would agree that security patches should be treated in the same vein as safety recalls -- unless you're certain that you're not affected, take care of them as a matter of urgency -- but it seems that far more users instead treat security patches more like oil changes: something to be taken care of when convenient... or not at all, if not convenient. It's easy to say that such users are wrong; but as an industry it's time that we think about why they are wrong rather than merely blaming them for their problems.
Article? (Score:5, Informative)
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
No something very critical is revealed: The poster fundamentally doesn't understand the risk profile of a safety recall.
He seems to imply that vehicle safety recalls mean that suddenly from one moment to the next he is incredibly unsafe and therefore should stop his activity immediately and send his car for a recall. This isn't the case. In nearly all recalls the car is no more unsafe after the issuance of a recall as it was before the problem was discovered.
Likewise he postulates that people treat safety r
Re: (Score:2)
I don't even think the analogy is valid. I, and most people I know, have automatic security updates turned on, and many OSes come with that as the default, so even dumb people get them automatically. I don't even know if I get an update, unless it requires a reboot. The main culprits that don't have auto-update turned on are some Windows users, because Microsoft has a bad habit of abusing the update process to push out annoying marketing crap.
Re: (Score:2)
I don't even think the analogy is valid. I, and most people I know, have automatic security updates turned on, and many OSes come with that as the default, so even dumb people get them automatically. I don't even know if I get an update, unless it requires a reboot. The main culprits that don't have auto-update turned on are some Windows users, because Microsoft has a bad habit of abusing the update process to push out annoying marketing crap.
I have notifications turned on but I wait a few days before installing patches. That gives some time to hear from early adopters if the latest batch of updates from MS is likely to trash my system
Re: (Score:1)
I think that one problem (at least in MacOs land) is that security fixes are usually bundled with 'other' fixes in OS updates. I think a lot of people think that they might want to hold off on installing new features and such, and therefore postpone the updates. I think Apple should issue OS updates and Security updates so that a user can keep up to date on security even if they are slower to adopt complete OS updates. This might result in more people keeping their Macs up to date with security patches. Jus
Re: (Score:2)
I want to mod you up, but I hope adding my voice will be more effective at getting others to do so.
Between the two Apple fists of 1) requiring feature releases to receive bug fixes and 2) having my essential jailbroken features forcibly removed if I "upgrade", I still run a version of iOS on my iPhone that is at least three major versions (and dozens of minor releases) out of date.
The idea that I must acquiesce to Apple's UI design changes to get essential security updates borders on the criminal. I'm stil
Safety Rating? (Score:2)
Oil changes (Score:1)
You can change your oil every 10 to 15000 km if you are driving a lot. If you are driving very little and the engine seldom warms up properly, then the problem is that you get water in the oil which doesn't evaporate, so you got to change oil more frequently. So, it is a judgement call, not an exact science. Oil is much cheaper than a new engine though...
Re: (Score:3)
It does not take much driving to heat-up the engine enough to remove water. If the trip is more than say, 10 miles or 10 minutes, whichever comes first, the engine has been heated up enough.
The restored cars we have get their oil changed every couple of years. They get driven very little. Even when we do change it that oil is probably still perfectly usable, we just change it because we don't know the upper limit on the longevity of the oil after it's been used.
The reason for the timetable is that most p
Re: (Score:2)
Factory renegade keep oil is 7500 miles between changes.
But what this article fails to note is how much of a pain in the ass it is for a person who works 5 days a week between the hours of 8-5 to go to a service center that does warranty work. You have to schedule it in advance take a day off of work which in 50% of the population means a days less pay to let them poke around for a couple of hours. Most dealerships keep some Saturday hours but they are full fast. I have to plan my oil change out at least
Re: (Score:2)
I usually do drop-off, pickup service.
If your family has two cars, and can juggle the requirements, drop the car off of the night before, and pick it up later in the evening (frequently service closes at 5, but sales closes at 9, and can process payment for service). Alternatively I've dropped my car off at the dealer on the way to work, had a co-worker pick me up, then have them drop me off on the way home (I've also done the same for coworkers).
This won't work in 100% of circumstances, but working 8-5 doe
Re: (Score:2)
The reason for the timetable is that most people are not very good at looking at their odometers, but they are capable of noting a future date in a calendar and taking action on that date. It's also why a lot of newer cars with computers in them will tell you when they need their oil changed instead of relying on a schedule.
My car's computer is based on 12 months or 10,000 miles, they the dealer always applies a sticker for 6 months, 5,000 miles. I usually end up changing it half way inbetween.
Re: (Score:2)
Not if you're in an area that has harsher climate like we are. It's hot and dusty and qualifies as severe duty.
Re: (Score:2)
On the worn, high-mileage vehicles there's blow-by of the piston rings, so I don't like to push it.
Re: (Score:2)
Exactly this. I've got a 2008 VW Jetta with 230,000 miles on it. The oil been changed at pretty much exactly 5000 miles as specified in the service manual.. I've pretty much have stuck with Mobil 1. Could I get a lot longer out of that oil, sure. One thing I don't think people think about is, how well does the oil filter hold up to high mileage.
Since I'm doing the work myself, I'm usually looking at a $35-40 oil change. Just need to take the occasional trip to the waste transfer station to discard the o
Re: (Score:2)
Some have advocated changing just the filter, but since one has to add oil to make-up for the oil removed with the filter anyway, and since I'm already getting dirty under the car, I just change the oil when I change the filter.
I've knocked-around using a remote oil filter adapter on the Renegade, and throwing on one of those quarter-turn drain plugs to boot, but haven't done so yet.
The one-gallon grocery store milk/water bottles also work well for oil disposal, and my city will take the full jugs instead o
Re: (Score:2)
My mechanic has not need to know any of my fucking email addresses...
I have some throw away accounts I used for registering for things online that might be fun or get me a prize, but aside from that, I rarely give out an email address unless it is a person/friend I genuinely want to converse with on a regular basis.
No wonder this guy in the article seems to get spammed a lot...
Re: Oil changes (Score:2)
Wait, what? LOL you go to a mechanic? Not for everything, I hope?
One of the stupidest things I've done was have a lift installed in one of my bays. Do not do that!
Re:Oil changes (Score:4, Informative)
"You can change your oil every 10 to 15000 km"
More like 25.000Km, even for some cars as old as the century.
Re: (Score:3, Funny)
Something's not right. If I travel 8.53 cm at 20C, then that's 25 kelvin-meters traveled, and according to you I should be changing my oil?
Re: (Score:2)
Try 35,000km and my car is 10 years old, and the manufacturer makes no assumptions about the quality of the oil I put in.
Re: (Score:2)
Re: (Score:2)
You can change your oil every 10 to 15000 km if you are driving a lot.
Depends on the car, depends on the oil, depends on the conditions. Less so on your driving style.
My stock standard non-turbo 3L BMW petrol using fully synthetic oils tends to last 10-15,000 miles in the UK without sludging. My last car was a 2L turbo modified Nissan Silvia back in Australia, I did the oil on that every 5,000 KM.
Synthetics last longer than mineral oils, engines that get stressed (I.E. highly modified ones) are less tolerant of bad oil and dusty environments like most of Australia tend
Re: (Score:2)
Re: (Score:2)
Outsource doesn't automatically mean cheaper or India there are outsource companies in the US and Europe and they can be more expensive. They just call themselves logistics companies to distance them from the word outsource and they run anything from call centers, ware houses, repair facilities, IT, payroll, you name it but yes you get what you pay for.
Re: (Score:2)
Re: (Score:2)
Low wage is relative... I live in the mid-west have a nice house w/garage and a yard etc... and my son that lives in San Francisco who makes more than me is broke and lives in an little apartment that's costs him more than twice my mortgage.
Re: (Score:2)
Re: (Score:2)
I will grant you that you could expect to pay 1.9 to 2.2 times as much to rent a similar house for or about the same as my mortgage or for a cheap 1 bedroom apartment locally but my son's cheap 1 bedroom apartment for the area he lives in costs about 2.4 times as much as my mortgage and a similar house would sell for triple what I payed.
Re: (Score:2)
Which is why outsourcing generally sucks. Its not a question of "outsourcing is cheaper" in general, its a question of "we want cheaper labor" and outsourcing to a cheap firm is a way to do that.
But you still get what you pay for. If you outsource to a firm that has competent employees you'll generally get a reasonable product (or service) from them -- but you'll be paying similar rates to the staff you replaced. Maybe more since the outsourcing firm will want its cut on top of their worker's salaries.
End of Life (Score:1)
The analogy is great, until you go to the end of the life of the given software. Like XP for example, it has reached end of life, so no patches are available for it any more. Many android devices are instantly end of life, without any patches being released for them.
The security issues are not solved until you remove all deployments of software and hardware that have reached end of life. The only way to get this done is enforcement by law. In order to make actual comparison of products possible, manufacture
Re: (Score:2)
So don't fucking run end of life software in safety critical situations...
Or in fact... at all.
Re: (Score:1)
Exactly. Just like people who are driving vehicles over ten years old. They've reached their end of life. The manufacturer is no longer supporting them. Go get a new car, or at least a recent used one.
Money is free so there's no problem continually buying something new.
Re: (Score:2)
If you're putting your own life in danger by driving a 10 year old clunker, that's fine. If you're putting customers into 10 year old clunkers, that's a problem.
Same with any other safety critical software. If you're putting customers (or taxpayers) lives in the hands of these systems, then you need to make sure you keep it up to date and secure.
Re: (Score:2)
A ten year old vehicle that has been maintained reasonably well is no where near the end of its service life. I currently have a 2000 model Dodge Caravan with 210k miles, and a 2000 Toyota 4Runner with almost 250k miles. Both are ok for regular use with a slightly higher expectation on my part that the Dodge's transmission is going to fail sooner or later. I take that into account when I use it. The 4Runner is still a daily driver; the Dodge has been relegated to non-time-critical uses such as occasiona
Industry (Score:5, Insightful)
but as an industry it's time that we think about why they are wrong rather than merely blaming them for their problems.
No. As an industry you have to think about a company like Microsoft who willfully waited over a DECADE to patch a KNOWN vulnerability which it was TOLD about a long time ago, but CHOSE to ignore - cos, security by obscurity at best, or intentional back door at worst. This should not be about "the patch has been out 2 months why haven't people patched" it should be about "Why did Microsoft wait until news of the vulnerability leaked before bothering to issue a patch".
Re: (Score:2)
4-6 months, 8-12 months, WTF? (Score:3)
That interval seems like a total waste of oil. I have an old vehicle for hauling stuff that gets driven about 1000km/year, and I might change the oil every five years. I know that's probably "bad", but the engine hasn't broken yet. In fact, I think that the only work I've ever had done on the engine over almost 20 years is change out the timing belt (at twice the recommended age, but still below the mileage limit). I do keep it in a garage and always run it until it's thoroughly warmed up.
Re: (Score:2)
Oil degrades with time and mileage.
You can thank EPA emission and fleet fuel consumption guidelines, but new engines are a lot more finicky. For example, direct injection - this technology marginally improves emissions while reintroducing issues of sludge and chain failure. Synthetic 0w20 oil is also problematic - it is too thin for manufacturing tolerances and results in engine oil consumption due to blow-by past piston rings. Combine all of these issues - and I wouldn't expect any new truck to last with
Re: (Score:2, Informative)
One of the reasons you change your oil regularly, even if you are not putting a bunch of miles on your car, is because of the increasing levels of contamination in the oil by gasoline. Every time the engine is run small amounts of gasoline contaminate the oil. The gasoline affects the ability of the oil to lubricate and therefore contributes to excessive mechanical wear.
Additionally, the additives in the oil that improve it's viscosity performance, help it fight corrosion and add other beneficial effects do
Re: (Score:1)
If the engine is not running the oil can't get contaminated by fuel
Re: (Score:2)
Re: (Score:2)
I know that's probably "bad"
Why do you know it's "bad" other than what a mechanic has told you? Just how much do you expect refined oil to degrade? Additives in oil have a shelf life, but that shelf life is typically slightly in excess of 5 years.
Your situation is not normal. Most cars would hit the km point to change the oil and remove wear contaminants from the engine oil. But you shouldn't feel guilty about changing your oil every 5 years.
Re: (Score:3)
You should have an oil analysis done, e.g. by Blackstone Labs. Then you will find out if you're damaging your engine or not. Your oil might even go longer but there's no way to know without an analysis.
Blame Microsoft (Score:5, Insightful)
I had no problem letting Windows 7 update itself automatically until Microsoft started incessantly nagging me about changing to Windows 10, and news of their telemetry patches came out. Oh, and the whole installing patches for 5-10 mins while you're trying to shut your computer down (always seemed to be before I needed to go somewhere) was pretty dumb as well.
Microsoft took security updates and started abusing them for their own nefarious purposes. This, combined with their propensity to produce rubbish software, has created a dangerous situation for customers, and just goes to demonstrate that Microsoft has not moved on from producing extremely poor products in more than 30 years.
Hopefully a few more Nokia style implosions and we can see the end of this company.
Re: (Score:2)
Yet you still choose to support them and run their operating system, which you admit is an extremely poor product. Come on...
Re: (Score:2)
Yet you still choose to support them and run their operating system, which you admit is an extremely poor product. Come on...
Right, because solidworks and powerpcb run on OSX do they?
FYI, I run windows in parallels now, so you can calm down.
Re: (Score:2)
Jeez, I wish I had modpoints to mod you up!!! You are sooooo damn correct!!! I used/supported Windows for 20 years as a sysadmin.. When I retired in 2010, I was dual-booting Win7 and Linux, and due to being stuck using Windows at work day-to-day, by inertia I tended to spend most of my computer use at home on Win7 also. After being annoyed endlessly by Windows insisting upon taking a lot of time updating itself when all I wanted to do was shut the $#%@#$!% damn laptop down and get on with my day, plus a LOT
Microsoft is doing the right thing (Score:2)
Forcing idiot Windows to install updates automatically is the right way to go. It shouldn't be possible for people to disable them, including and especially in corporate environments. I use unattended-upgrades to automatically install security updates on all my machines. Android is a bit of a concern still, unfortunately. Not only do they give users a choice they make it a ridiculously complicated process due to their use of signed system images. This needs to go away, to make installing security updat
Re: (Score:2)
Re: (Score:2)
In 1995, it was considered a bug that the latest version of Windows at the time would crash and reboot after 100 days or so
In 1995, it was considered highly unlikely that you'd ever encounter such a bug while running Windows.
Re: (Score:3)
Re: (Score:2)
"Forcing idiot Windows to install updates automatically is the right way to go. It shouldn't be possible for people to disable them, including and especially in corporate environments."
If only Microsoft limited itself to actually updating what it's supposed to, instead of rooting around your system and deleting shit it has no fucking business deleting.
So I've got great reason to disable Windows 10 updates - they find programs you have installed, remove them, replace them with their competing product, and at
Security Patches vs Recall (Score:5, Insightful)
With the huge recall in airbags, I have not heard of one replaced airbag rendering a car inoperable requiring the owner to pay to have someone diagnose and repair the incompatibility. How many times have we heard of a computer security patch causing a BSOD or computer crash because of bad or incomplete testing from the manufacturer?
Some people wait and verify that a security patch doesn't end up as the next story on Slashdot rendering thousands of PCs unusable because "Oh, the patch seems to be incompatible with [fill-in-the-blank]".
Re: (Score:2)
Anyone got a good car analogy for this?
Subby's Dad didn't wear a patch when he took Subby's Mom in the car on lover's lane. Now they both have viruses and WannaCry?
Re: (Score:3)
There isn't one... mostly because most cars don't suddenly stop working the way they did before after getting an oil change. With Microsoft security patches, it seems to happen all the time.
Imagine what would happen if you needed to hire a QA tester to make sure that your car wouldn't crash after putting brand X oil in it before putting it in the rest of your cars.... suddenly, oil changes would cost $500 and people would only do it once a year at best.
Re: (Score:2)
If you fill your engine with transmission fluid it will quickly ceases?
Re: (Score:1)
Anyone got a good car analogy for this?
No, but I've got a great movie quote:
"You know, we just used so many metaphors I forgot what the hell we were talking about."
This is /. for crissakes - we don't need basic computer security explained as a barely coherent rant equating it to automotive maintenance. Most of the readership here understands that you keep your machines updated or they're likely to be pwned.
Re: Car Analogy (Score:2)
Re: (Score:2)
I do all the work on my cars and I run a Linux desktop.
There is a difference. (Score:1)
The difference is that when you get a safety recall, only those things related to the safety recall are fixed (replaced). You get a security update for Windows and without a lot of time and effort to understand what all is rolled up in that patch, heaven only knows what else (telemetry?) you are getting.
Re: (Score:2)
Vaguely related rant:
Honda called me for an airbag recall a year ago. Set up appointment to get airbag replaced.
Arrived early Saturday morning- they didn't have any airbags in stock and had put me down for an oil change that I didn't want from them. Waste of an early morning. They told me they would call me when they had the parts but it could take a few months.
A year later, got another airbag recall- called to confirm it was to replace a different airbag to the one they never replaced before tha
Re: (Score:2)
The fun part about automotive recalls is when they issue the recall, and then don't have the parts on hand to *service* that recall... I just traded in a 2012 Ford Escape which had an outstanding recall, where I'd received the initial notification letter from Ford over a year ago telling me to wait for another letter telling me to go to a dealer and have the fix applied. This recall being, of course, the now-famous Takata airbag issue. This Escape was in immaculate condition, with only 28K miles on it. Havi
Inconsistent analogy (Score:4, Insightful)
Re: (Score:2)
Double inconsistent analogy.
The security update is more like the oil change. The safety recall has nothing to do with it and is done as a convenience by people anyway.
If the OP is changing oil anywhere near as often as he recommends in his post then he sounds like the type of nutter running multiple antivirus programs in parallel, cleaning his registry on a weekly basis, and running a defrag while another defrag is going on in the background. He's a maintenance nutter.
I drive 25,000km/yr I put my car in for
Frequency. (Score:1)
So.. The last twenty years, how often have you brought your car in for a safety related recall. Once? Twice?
And how many times has Microsoft issued a security patch? Note that to bring that number down, they stopped issuing separate patches, and bunch them together for patch tuesday. This way they rate limit it to max once a month.
Every time you install a patch you risk losing access to features that you use. A while back a windows-10 patch broke internet connectivity. THAT is something a /lot/ of people no
the analogy is bad, of course. (Score:1)
If i sometimes sent my car in for a safety recall and when I got it back the heated seats I installed in it didn't work anymore and the mechanics shrugged, gave me attitude, and refused to explain what they had done, then I wouldn't take my car in for safety recalls very often. Oh, and then you find out that it wasn't really about security, it was really about adding DRM to your radio.
Good grief (Score:2)
I lump them in the same basket (Score:2)
I might delay oil changes, but not that long. I do them as soon as I have time after they're due.
With safety recalls, it depends on the recall. If the airbags are in imminent danger of exploding and sending shrapnel into my GF and myself, I'll take off work ASAP to get that fixed. If there's a slim chance of my doorlock breaking, I might wait until my next day off, same as with the oil.
With software patches, I want to fix them quickly, but I also want reasonable assurance that they won't cause my
What in God's holy name are you blathering about? (Score:2)
https://youtu.be/2-WPlvZguZ4 [youtu.be]
turn off the phone and got money (Score:1)
Shocked (Score:2)
Re: (Score:2)
EV's still needs servicing. Breaks pads still need replacing. Shock absorbers still need replacing. Battery packs need replacing. Wiper blades need replacing. Lights need replacing. Lots of things still need replacing because they wear out. Then there are the parts that need lubrication. If you don't lubricate them they wear out faster. They just don't have a ICE that needs servicing.
Oil change is natural, safety recall is man-made (Score:1)
1. Oil change is a natural requirement. Safety recall is 'man made' due to somebody's shortsightedness.
2. Harassment is harassment.
My intention is not to be stringent, but to be open to negotiation. I believe more than an average of one software patch every 2 months (your tolerance may var
Except they're NOT like oil changes. (Score:2)
The problem is that oil changes are relatively benign. Oil changes extend the life of your vehicle by reducing wear on the internal components.
Software updates make fundamental and permanent changes to the software on your computer, which means they're a lot more risky than oil changes.
This is further exacerbated by the fact that companies now-a-days feel that it's ok to throw whatever they feel like into patches, consequences be damned. Microsoft is a posterchild for this, where their "updates" add unwan
Point of View (Score:2)
Recomended oil change ... (Score:2)
You do an oil change after 30,000km - 60,000km or after about 3 (to 5) years, what ever comes more early.
You're very optimistic about other people (Score:2)
Most car owners don't take their car in every so often for oil changes nor do they go in for safety recalls, most people will ignore it until the light comes on or a safety inspection is required, according to NHTSA it's ~20% of people that don't heed safety recalls.
Same goes for people and their vaccines, when was the last time you got your tetanus shot or any of the boosters? So why would you expect them to do the same for their computers, a machine they assume is even less maintenance-worthy than their d
Sliding scale of automatic updates? (Score:2)
I suspect the only way to get widespread patching of security issues is to have Windows have a sliding scale of how long you can delay a security patch for (e.g. 1 week for critical, 4 weeks for medium and, say, 13 weeks for low - and let the user set them lower than that if they want), but ultimately insist that security updates *must* be auto-applied by the end of the delay period (with pre-update warnings if an update is due to be applied in the next day or two). Microsoft would still be criticised for "
Re: (Score:2)
some forcing is necessary because some people will turn off all automatic updates and never update (or update very rarely).
How does the fact that some people will never update mean that forcing them is necessary? It's their machine, if they don't want to update, that's their choice. There is zero excuse for forcing people to do it.
Conflation (Score:2)
Companies who do not release security patches alone, but insist on folding them into updates that effect larger changes (feature additions, UI changes, etc.), are a factor for many people. Those who do not want to apply patches that make large changes to their systems will also not get security updates.