Just a word of caution when using tools like DevAlert to send diagnostic data to "the cloud".  Make sure that's an opt-in feature!  Yeah, it's just debugging data to us developers, and usually we don't care what the content is except as it pertains to the errors.  But, depending on the device, it might actually reveal sensitive data that the user doesn't want to disclose. To make a simple concrete example, think of a networked garage door opener. Diagnostic data might include its location, or its keypad PIN, wifi password, etc. Leaked data might give someone access to the building.

Even if you anonymize all the data and wrap it in the most secure encryption ever, just the fact that a diag pack is being transmitted could be enough to compromise the user.  It lets an attacker know what manufacturer's equipment is being used, which might allow them to use an attack unrelated to the data itself.  Diag data is being sent back to XYZ Corp; XYZ Corp's keypad has a hardware flaw that opens the door if you short the power supply while holding the 6 and 3 keys. All an attacker has to do is scan neighborhood wifi connections to see which houses are contacting XYZ Corp periodically and they're in.  I admit it's far-fetched, but most security scenarios are. Right up until they suddenly aren't.

I don't mean to pick on DevAlert. I know nothing of that product and what I'm saying isn't specific to it.  It applies to any way you transmit diag data. Log the data onboard, sure, but give the user control over when it gets sent.  Once you've sold the device it's no longer yours, and neither is the data.

I read the comments on subscription-based tools and software in the Embedded Muse #453 and #454 and  #455.  It is pretty horrific when subscriptions are just used for price-gouging on things that would seem to be stable, I must argue that there are cases where it makes sense.  I wrote a blog about it five years ago, see
https://jakob.engbloms.se/archives/2552

In short: having worked with selling and developing software for professional usage, I am actually much happier with a subscription model where all customers get all updates all the time (if they want them).

The alternative is forcing "new features" into the product whether needed or not to entice users to upgrade, and it can mean delaying new features to make a new version more attractive, when it would be better for all users to have the new feature now.

Having a model where we can simply continuously add and update functionality (and sometimes remove stuff that is getting old) without having to artificially tie it to "major versions" of the product is really good. It makes it more fun to develop the product itself, and fits better with what people have come to expect from the open-source world and web-world of constant change.

I'm wondering how others in the embedded world are dealing with source controlling commercial development tools.  When  development tools came on disk, it was easy to put the disk in a safe place and it was readily available to be installed on a new machine.  Later, as repositories came into play, we could store copies of the install media in the repository for future use.  Updates (rarely applied) were typically files that needed to be run on the installed tool.  Then, as internet access became more available, you were able to download the programs, run the installer, and put the installer in the repository.  Today, however, vendors are supplying their own IDEs that are downloaded via a link from their website.  This link may not even the installer but just a link to the downloader running on their website, so there’s nothing to place under source control; the tool just installs itself.  There’s no promise of how long a version of the tool will be available. When needed later on, the link to the website could be bad.  At my job, in addition to our newer stuff,  we support a code base that can be 30 - 35 years old.  For this older codebase, we can go to the safe or the repository, get the tools used to create it, spin up a VM of the correct OS flavor, rebuild the source, compare the compiled file to the project repository and be 100% certain we are starting with the correct code and start the maintenance from there.  How do you do this with today’s tools, 15 years later with a subscription based IDE that was downloaded from a vendor website that no longer exists?.  YIKES!

Even though new tool versions become available, in our embedded world, newer isn't always better.  We aren't always in a position to sacrifice years of code maturity just because a new, shiny UI is available or support for newer devices have been included in the IDE.  Unlike the PC/online world, we aren't re-writing stuff from the ground up every year in the language of the day.  We can’t just tell a customer to "update to the latest version" to get a bug fix.  We use C in our products.  With today’s IDEs with in-program auto updates, libraries all over the place and compilers/linkers for multiple device support and no formal installer, it’s impossible to capture these tools for the future.  And subscription based software make this even worse.   I'm sure we are all facing this configuration problem to some degree and I'm wondering how others in the embedded world are dealing with it.