It's silly, nearby all Rust projects are rewrites of existing projects and now as you don't need to learn Rust to do rewrites, people just let the AI rewrite projects in Rust.
C/C++ with static code analysis is not worse than Rust. But most Rust developers are beginners during there are many C/C++ developers with 20+ years knowledge. So whats exactly is the point in using Rust?
Before the post I didn't know what zig and bun is. I needed a llm to explain it to me. Now I think about trying Zig. So, no, I don't think it's childish. It reads like a engineer that knows which kind of people you don't need in your environment. I can feel every word he wrote because I know this situations.
Just a story from Germany in early 2000. I had a website and just installed a php script to have a forum on my website and just forgot about it. Today, I could do the same, but I had a 24/7 job to monitor everything someone writes there because it could bring me personally into jail. The same with the comment section of my blog. Thats the reason why this big platforms exist and are used. Because no one other than they want to take the risk. At least in Germany are not much people that want to do that.
Normally we used beer for that, but during covid we've learned a whole generation that going out is danger and staying at the couch is good. And they decided that it's much easier than going out and have stressful situations with other people.
Oh, don't understand me wrong. I've never seen a better organized embedded development process than in automotive. Review rules, reproducable builds, sometimes good unit tests(not just senseless stupid shit that wastes developer time), a test department in another room that develops test software to automate hardware in the loop tests, huge hardware in the loop test rigs that are running the newest build 24/7.
IT in cars is all other than below average. It's not the move fast and break things shit of silicon valley. And it's not the 'we ship it with the next update' shit of the game industry.
BUT, there is no documentation because there is no time to do it. There are SOP-1(Start of Production). This date is carved in stone. When a feature is not done for SOP-1, than it is not delivered in SOP-2. SOP-2 happens normally 6 month later. After that, updates are only done when something bad happens. The complete team moves on to the next head unit.
So, I would expect your bugs will not get fixed in any way, at least when they are not important enough to mobilize a new small team or some people that worked on it to fix them. Normally shortly before SOP-2, all tickets are closed, known bugs too. That feels a little frustrating as customer, but more as developer.
Oh, and don't think that you can run away from that by buing another brand. Normally not your car manufacturer develops the head unit. It's other companies and they work all the same and they work for all car companies.
From definition, a 0-day is not patched in any system because it's not known. But back to your real question.
The biggest attack vectors are the browser, the mail client and direct network access.
I would never use outlook, edge or connect my computer directly without NAT or firewall to the open internet. And would never open a website without a add blocker.
You can count all other known big attacks(on unpatched Windows 7!!!) on one hand.
1) Remote execution via Wifi Stack
2) Remote execution via True Type Fonts
3) 0-Click code execution via USB Stick Icon processing
Windows update instead gives AT LEAST Microsoft a steady remote code execution on your and millions of other computers. It's a really interesting attack target when you go big. Why I should trust M$ to get the security there right?
Exactly my turn. Win 10 is clearly the last Windows for me. For private I still use Win 7, for work I used Win 10, but the driver support for my old dell laptop(2014) is so shitty, that it's overheating and throttleling as soon it has to do some normal things.
When the last bastion of Windows, the driver support is falling, I can switch to Linux. Since 2 month I use openSuse on this device and be happy. No running fan, no problems. Windows is dying.
How could the owner authenticate? With the car key?
How could you do a clean system reset after someone had access to all installed software/data including the cryptographic keys? The information is gone, maybe the recovery partition is changed. How could you securely recover?
Okay, what is fully open? Do you really think the head unit developer would hand you over a huge developer documentation about every bit in the software?
I'm freelancer and helped to develop some head units. I have a surprize for you: This documentation mostly doesn't exsists. Most of the time there are some chip datasheets and requirement documents, depending on the customer(car manufacturer) they are good or bad and then are some partly outdated wiki pages written down for some important special things. You learn all other stuff out of the code or from your colleagues.
Wait two years and the most knowledge is gone, except of the things that are used for the next head unit.