Should OS makers, like Microsoft, be legally required to provide 15 years of security updates?
That sounds like an insane duration, even LTS distros are not usually anything like 15 years
yeah but you don’t pay 150euros for it + all the ads and stuffs
but yeah, I don’t see the point of this, it’s clearly aimed at Microsoft, and at this point alternative solutions exist
I almost feel like the compromise we will eventually land on is that if an OS maker like Microsoft wants to continue advertising on your OS they have to take some liability for its security.
15 is an arbitrarily long time. I think forcing it to be open sourced upon the companies end of life is the better option
If the EU is going to pay for the developers, sure. I’d even go higher and say make it 50 years. Otherwise make your own OS or use Linux.
Dude, I’m so ready. Linux supports processors that old, by enthusiasts for free.
Or legislate that unsupported software becomes public domain or is open for development and the public can try and make the updates themselves.
Forcing people to upgrade entirely depends on the nature of the upgrades and the motive of the company. What we need is competition so there are alternatives for people to use if they don’t want to upgrade. But somehow Microsoft is not considered the monopoly of the PC OS market, despite being a monopoly, and uses that position to force changes nobody wants but them, like turning window into an AI data farming scheme that violates user privacy.
Just require any new operating systems to support 15 year old hardware. We should require manufacturers to provide 15 years of UEFI and firmware updates too.
I would prefer if they force the companies to unlock root and boot-loader, when they not ship security updates anymore for a device.
Abandonware must be open sourced, publishing a new version doesn’t count as a exception.
Fuck it. Force them from release date. There’s no reason for them to dictate what you can and cannot run on the hardware you purchase. If they can’t compete by providing a better OS or software, and must rely on anti-competitive models to profit, then they don’t deserve to waste the planets resources.
Fair enough, just thought proposal above would have higher chances to get approved 😇
You start high and negotiate down. If you start low, you’ll get even less
deleted by creator
Nothing says ‘circular economy’ like Microsoft stranding 400 million PCs
This might be a silly question but would this not be a good idea for a start up company that recycle computer parts?
would this not be a good idea for a start up company that recycle computer parts?
I really don’t think so. Computer recycling already seems to be a low profit business, as evidenced by there not being any large companies that do it (that I’m aware of). This number of computers flooding the market would probably make it even less profitable. Sure, it may be profitable for some small businesses, but nothing on the scale required to address the problem.
Don’t manufacturers purposefuly destroy the computers and such just to ensure that doesn’t happen?
No. Manufacturers have no say in what happens to computer hardware after is sold.
Some companies may destroy the hard drives to make sure no data gets out. Some companies will remove the memory as well.
There are dozens of us out here patiently awaiting a bunch of reasonably powerful new Linux machines.
that’s what the greatest technician that’s ever lived does.
What we REALLY need is to curb microsoft’s market dominance. If more alternatives for OS and usable replacements for MS office em would exist, this would not be a problem and would not need to hamper innovation for the sake of back porting (the main counter-argument as a dev).
Linux and all its flavors?
What’s wrong with libreoffice or anyoffice? For a large percentage of users, Linux is fine, especially as many applications have an online option. For the stuff I do, in Linux, online Office is more than sufficient.
An org I work with provides me with a 365 license, but I I’m more comfortable in Libreoffice.
Office is used bythe majority, but majority doesn’t mean they are right, they are simply more.
The jank oh my god the jank
Windows is far more jank than a lot of Linux distros/desktop environments.
Like…
- Multiple different right click menus?
- No consistent and cohesive design language even throughout system or first party apps?
- Having to search online for an exe download page, download, open downloads folder, double click, click next through an installer?
- Updates that happen when you don’t want them to, take forever, and break things?
- Fucking ads everywhere?
- Web results in your start menu before actual stuff on your system
- Multiple settings apps?
- Sleep that doesn’t work?
- Convoluted process for setting things as the default app?
- Dark mode that’s only functional for some apps?
It’s actually incredible how much money Microsoft has, and how much more they spend than probably all Linux DEs combined, but they’ve still yet to fix so much low hanging fruit.
I have had more issues with formatting between ms 365 desktop and ms 365 online than I’ve had with libreoffice
Hmmm, I don’t agree. The trend is in the opposite direction. Microsoft Windows used to have a larger market share and supported hardware indefinitely. Now that their market share has shrunk, they are also limiting support for older hardware. This only shows correlation, not causation, but it does show that more competition has not improved the issue and that we need laws to do that instead. MacOS, the primary competitor to Microsoft Windows which also has Microsoft Office available, only supports their hardware for 6-8 years as well.
Edit: just to add, if anything, this actually shows that more competition and reduced market share probably increases the pressure to cut support for older hardware because it probably becomes less profitable to do so.
This is stupid.
15 years is a massive time to just update your OS.
15 years ago instagram didn’t exist, the iPad was new, and people were just updating from Vista to Windows 7. I think Hadoop was just created then.
That is a massive amount of time to support software that would have almost no architectural protection against things like heartbleed.
Windows used to support really old hardware, I believe more than 15 years old until they introduced the new requirements for particular CPU models and TPM 2.0 chips. If anything, I feel that 15 years is too short. iPads and Hadoop have nothing to do with PC hardware.
Instagram has existed for 14 years and 11 months. I think you might be pushing it on the not 15 years.
But more importantly though, Windows XP was supported for 18 years…
So it’s not like it can’t be done.
My ThinkPad x230 will soon turn 13 (since it was manufactured, I picked it up second hand from a business that went bankrupt). It’s still alive and kicking, just not with Windows. The hardware is dated, but for what I do it’s good enough. I only replaced the battery and the screen. I don’t care for instagram or any of that crap, this machine chugged along for 13 years, it will chug at least for another 5. Don’t let hardware manufacturers normalize dunking perfectly capable good hardware into a landfill because it hurts their profits. If you need any further proof just look into the old Apple hardware modding and some of the stuff they pulled off.
"Microsoft’s decision to end support for Windows 10 could make 400 million computers obsolete
This is more stupid, and I absolutely agree with the article it shouldn’t be legal to end support of an OS this quickly, mind you this is not update to a new OS, like is common on phones, but mostly security updates for the OS you purchased with the device.
I absolutely think 10 years should be a minimum, but for PC, I can easily see an argument for 15 years, as many systems are purpose built, and should keep working even if an OS is discontinued.A similar argument can be made for phones, but maybe that should just be 10 or maybe even just 5 years, which very few phones have. My vote is on 10 years, because what some companies have been doing for a long time, only supporting security updates for 3 years is not acceptable IMO. If the phone is free to install custom ROM unhindered, I would be more understanding, but phones are generally locked, potentially rendering them worthless if updates are not available.
I think I’d prefer if there was a minimum updates guarantee that OS sellers would have to disclose, but even then I’m more in favour of other companies being able to pick up the work by making sure devices have their bootloader unlockable after they don’t get any more updates for X amount of time, rather than add burden to OS makers, because forcing people to support a project for Y amount of years would really harm indie developers releasing Linux distros and the like
rather than add burden to OS makers
It’s not a burden for the OS maker, except when the OS is the product, and in that case it’s only fair.
With Android the phone maker adapt the OS to their phones and flavor of Android, if they can’t handle maintaining it, they can use vanilla. Google is the OS maker, and I think they can handle the burden.The EU has been so far bad at making sure FOSS isn’t seen as a paid product in the eyes of regulation, even in cases where it’s clearly unpaid, see here. They can’t be trusted to get this differentiation right.
Therefore, unlockable bootloader seems like the better idea. Get people to Linux and open Android variants if the closed-source companies won’t serve them.
I have no idea what I’m supposed to see from you link? I don’t see any particular legal knowledge, or description of any particular legal consequences, and I have no idea what the point is???
Obviously software provided for free “as is”, cannot be required to be maintained. And if it is owned by the public which is the case with FOSS, there is no “owner” who can be made responsible.If however the software is part of a commercial package, the one supplying the package has responsibility for the package supplied, you can’t just supply open source software as part of a commercial product, and waive all responsibility for your product in that regard.
I admit it’s a complex topic, but if you read the post in detail, it should answer your questions. The “owner” is typically the maintainer, if in doubt that’s the person with repository write access. And the EU can apparently potentially require whatever to be maintained, not that I understand the exact details. The point was that the regulation doesn’t seem to avoid FOSS fallout well.
“owner” is typically the maintainer,
Nope, AFAIK that is not legally applicable, that is very clear with licenses like MIT BSD etc, and for GPL in all versions it’s very explicitly stated in the license.
You can also release as simply public domain, which very obviously means nobody owns as it is owned by everybody.
Generally if you give something away for free, you can’t be claimed to be the owner.
I have no idea where that idea should come from, some typical anti EU alarmists maybe? And I bet there is zero legal precedent for that. And I seriously doubt any lawyer would support your claim.If however you choose a license where the creator keeps ownership it may be different, but then it’s not FOSS.
15 years is a massive time to just update your OS.
The last version of Windows 10 (22H2) is nothing like the RTM release from 2015 (1507). 1507 still has Cortana and their failed “Continuum” concept.
Essentially we are asking Microsoft to support Windows 10 22H2 for another ~5 years, which is reasonable considering 22H2 is a just under 3 years old.
And yet people are bitching because Windows 10 is getting cut off after 10 years of support. Raise it to 15 and people will just bitch at the 15 year mark.
I think major factors in people bitching about the Windows 10 EOL is that a) Windows 10 was explicitly marketed as the final version of Windows and b) Windows 11 is so unappealing that even companies are reluctant to upgrade.
Normally, that wouldn’t be a big problem. We had dud releases before. Windows Vista had few friends due to compatibility issues but was workable. Besides, 7 was launched shortly after Vista’s EOL. Likewise, Windows 8’s absurd UI choices made it deeply unpopular but it was quickly followed by 8.1, which fixed that. And Windows 10 again followed shortly after 8’s EOL (and well before 8.1’s).
Windows 11, however, combines a hard to justify spec hike with a complete absence of appealing new features. The notable new features that are there are raising concerns about data safety. In certain industries (e.g. medical, legal, and finance), Recall/Copilot Vision is seen as dangerous as it might access protected information and is not under the same control that the company has over its document stores. That increases the vector for a data breach that could lead to severe legal and reputational penalties.
Microsoft failed to satisfyingly address these concerns. And there’s not even hope of a new version of Windows releasing a few months after 10’s EOL; Windows 12 hasn’t even been announced yet.
It’s no wonder that companies are now complaining about Windows 10’s support window being too short.
Of course. Make another regulation only big corps can follow. To punish them, of course. This is punishment.
What would that mean for Linux distros? It seems like it could be a law that cuts off the competition. Like amazon who is very selectively for better working conditions when the know that no competitior can fulfull them.
Would Linux even count since it’s foss?
I think it does in some cases, like if you buy a System 76 computer with PopOS, or you buy a server with Red Hat.
However if you install a Linux OS yourself, that is available free of charge, there isn’t any money to claim back, and it would be illogical if there should be demands on updates.I think logically there needs to be money involved, so if you download PopOS you’re on your own, but if you bought a computer with PopOS installed it is part of a package.
I’m not a lawyer, but from my experience this is how things typically work.
Edit PS:
If it’s FOSS or FLOSS there also technically isn’t any owner, so there is no legal person to make a claim against.
I think it would need to be a commercial product like Red Hat or preinstalled OS by the company that sell the computer.
With a FOSS distribution that is made freely available without charge, that people download and install themselves, people are probably themselves responsible for their choice of OS.Microsoft is so wealthy they could do that, and would even support such legislation if it could hinder their competitors such as smaller Linux distributions.
European e-waste campaigners are calling on EU leadership to force tech vendors to provide 15 years of software updates, using Microsoft’s plan to end Windows 10 support next month — which may make an estimated 400 million PCs obsolete — as a textbook case of avoidable e-waste.
Windows 10 has already had 10 years of support. ESU extends this one extra year. If you have hardware that cannot meet Windows 11’s requirements, there are other OSes available that will happily run on that hardware. Which is what brings us to the real issue.
Microsoft’s near monopoly on consumer grade PCs and Apple’s vendor lock in. This is the core issue.
Companies can do this because there are no regulations to stop them. We call on European Commissioner Jessika Roswall to introduce EU Ecodesign requirements for laptops, guaranteeing at least 15 years of software updates. No more devices designed to break or become obsolete before their time
Ten years is a very long time for support. If you need support past that length, you need a different OS. Apple does good to keep Macs made in the last five to seven years still able to run their newest OS. They are some of the worse offenders on this. But even with a different OS, there’s still a limit to how far you can take hardware. You could put the best optimized software on really old hardware and that won’t change that the underlying CPU is old.
The older hardware gets the harder it is to keep supporting it. Case in point, there reason you can’t get TLS 1.2 that pretty much every site now requires onto Windows 95 era machine is the underlying hardware cannot keep up with the required computational needs to support that encryption. And if you happened to install Windows 95 onto modern hardware, the number of changes to the OS to get access to the underlying hardware is pretty much an upgrade to Windows 7.
Ten year old machines are doing alright for the time being, but we have to move on. TLS 1.3 is here, has been here since 2018. The stricter requirements for security, require more advanced hardware.
And I just mention TLS as a single example of what we’re talking about here. Modern hardware advances and attackers and users get those at the same time. While software security schemes do ensure security long after the hardware has become dated, there’s a point where it won’t matter anymore what software you toss onto the machine. It’s just so out dated it doesn’t matter, no software is securing it. Now that’s usually a lot longer than ten years, but it’s not much longer.
You can take a very lightweight Linux distro and pop it onto a Pentium 3 machine. It will technically run. But you are lacking SSE2 and even if you recompiled to remove SSE2 optimizations and strictly held to 586 ISA, you’re not going to enjoy the performance on the machine. For even the most simple tasks like unpacking a 7-zip. You will fare very unwell to some attacker who has a modern Threadripper machine.
I love old machines but the rest of the world is moving forward. Yes, software could technically cover for more than ten years, but not much more. But it’s silly to think that a Athlon 64 (2003), the oldest CPU you can technically get working on Windows 10 because of the NX bit requirement, would be able to keep pace on today’s multi megabyte sized website. Hell even the X2 models that were the first to be “dual core” would have issues with how modern web browsers handle things because Athlon 64 X2’s model for multiple processors is vastly different than how modern CPUs do it. It wouldn’t take anything for someone to feed it a website that would bring the system to it’s knees.
The thing is 15 years a very long time in the world of technology that’s ever evolving. Software can only go so far. 15 years is absolutely you need a different OS if that’s your requirement territory. But when you start hitting 20 years, your going to see breakage no matter what software you throw at it. It might be very slight at the 20 year mark. but each year after that it’s going to become more pronounced.
Ten years is a very long time for support. If you need support past that length, you need a different OS.
I strongly disagree. Ten years should be the bare minimum required. Windows used to support hardware way longer than 10 years and probably more than 15, until Windows 11 came out.
The older hardware gets the harder it is to keep supporting it. Case in point, there reason you can’t get TLS 1.2 that pretty much every site now requires onto Windows 95 era machine is the underlying hardware cannot keep up with the required computational needs to support that encryption. And if you happened to install Windows 95 onto modern hardware, the number of changes to the OS to get access to the underlying hardware is pretty much an upgrade to Windows 7.
Windows 95 is a bad example since it’s a 30 year old OS. It’s a completely different era with different OS architecture and different OS environment. Let’s instead use an example of an OS from the time frame being discussed: Windows 7, released a little over 15 years ago. There’s very little reason why a computer that was made since Windows 7 was released shouldn’t be able to run Windows 11. I think that this is a profit maximization decision on Microsoft’s part (less hardware support, less development and testing cost). They basically said screw the customers and screw the environment.
Well, maybe tell Microsoft and others to stop sucking in these technological advances they treat as shiny misunderstood toys that are forced down everyone’s throats and make everyone’s lives a lot harder than they’re supposedly making easier.
I am not arguing against the idea of upgrading at all or avoiding security at all. What I am always tired of, is just seeing the direction Microsoft takes and then telling people to shove off into their shitty new ecosystem for the sake of security. Like no, you’re watering down your OS and dumbing down everything while telling millions of users like “well, uh, like it because we’re Microsoft so fuck you”.
And nothing is improving or giving people the strong urge to immediately upgrade because of said directions and choices.
Which is why we have this delayed lapse in people just stretching out these support cycles who’re not interested in hopping to the next OS, because they aren’t liking what they see and sometimes experience on another’s computer that has that latest OS version.
By the time Windows 10 is truly done, Windows 11 has its announcement for the last of its updates and by the time Microsoft moves to 12 in however they handle it, maybe then.
Some websites bring my 9800X3D to its knees
Lifetime for security. Other features (new drivers…) you can pay for, but security is lifetime. You need to escrow enough money to provide this service or prove that nobody is using the OS.
All services required for use of the device are also lifetime - though they may charge a subscription price so long as that price is clear to the customer before the first sale and prices go up by inflation only. After 15 years they can drop the service if it is easy for a “normal user” to switch to a different subscription provider; and all source code required for someone “skilled in the art” to create and maintain their own service provider is publicly released under terms that allow modification and redistribution was released at least 5 years before killing their own service.
You are allowed to drop support for any protocol that is not latest recommended state of the art so long as you maintain what was recommended at time of release. If a newer protocol comes out you need not support it. (Which is to say you can be IPv6 only today, and if the internet switches to IPv12 in the future you don’t have to support that)
The above applies to anything network connected. OS, web browser, Security camera, thermostat…
