A reasonable manufacturer looks at its bottom line and doesn't waste his engineering hours and BOM costs (double the flash memory!) on silly features like that. Either that or there are many unreasonable manufacturers out there.
- How much do you think the NOR flash costs inside this cable?
- How big do you think the firmware actually is?
- 16MB Winbond NOR flash is like $0.70 with no price breaks (for me, I am not Apple making 1 million units) - there's no way they need 1MB for two slots, much less 16MB.
- These cables retail for $49.
Two firmware boot slots is standard practice because it is essentially free to provide in any higher-end consumer electronic device: especially one that is explicitly designed to be unplugged easily.
How many support claims are saved on this $49 cable because mid-update bricking does not occur?
Cost (reputational as well as CSR hours and the actual replacement units) of a bunch of warranty claims for bricked units is a factor too.
In practice pretty much every embedded device I've worked on that has supported in-field firmware updates has had either double buffering and/or a recovery mode to limit the possibility of bricking.
For the products where every last penny really needs to get squeezed out of the BOM (toys, low-end appliances, ...) the ability to do in-field firmware upgrades itself is IME often one of the first things to go.
A reasonable manufacturer who is releasing something that updates automatically with no warning to the user nor any indication an update is happening to alert the user that they should not disturb it to avoid bricking looks at the potential cost of a class action suit from people whose devices get accidentally bricked, the potential cost of regulators order the devices recalled as defective, and the potential damage to the reputation. This will almost certainly be more than what they'd save by not providing some way to automatically recover from an interrupted update.
BTW, they don't have to double the flash memory. They just have to provide enough extra memory for a fallback updater that the boot code can load if the main firmware is corrupt. All the fallback updater has to handle is telling the computer it needs firmware and then installing the firmware the computer provides.
