Should OS makers, like Microsoft, be legally required to provide 15 years of security updates?
Or legislate that unsupported software becomes public domain or is open for development and the public can try and make the updates themselves.
Forcing people to upgrade entirely depends on the nature of the upgrades and the motive of the company. What we need is competition so there are alternatives for people to use if they don’t want to upgrade. But somehow Microsoft is not considered the monopoly of the PC OS market, despite being a monopoly, and uses that position to force changes nobody wants but them, like turning window into an AI data farming scheme that violates user privacy.
Mandatory open source public domain release at EOS.
At Win10 EOS, people would make Windows distros, and ReactOS would no longer have to be a clean room implementation.
Also this would be a success for Stop Killing Games.
Or legislate that unsupported software becomes public domain
Solves a lot of issues.
This is stupid.
15 years is a massive time to just update your OS.
15 years ago instagram didn’t exist, the iPad was new, and people were just updating from Vista to Windows 7. I think Hadoop was just created then.
That is a massive amount of time to support software that would have almost no architectural protection against things like heartbleed.
"Microsoft’s decision to end support for Windows 10 could make 400 million computers obsolete
This is more stupid, and I absolutely agree with the article it shouldn’t be legal to end support of an OS this quickly, mind you this is not update to a new OS, like is common on phones, but mostly security updates for the OS you purchased with the device.
I absolutely think 10 years should be a minimum, but for PC, I can easily see an argument for 15 years, as many systems are purpose built, and should keep working even if an OS is discontinued.A similar argument can be made for phones, but maybe that should just be 10 or maybe even just 5 years, which very few phones have. My vote is on 10 years, because what some companies have been doing for a long time, only supporting security updates for 3 years is not acceptable IMO. If the phone is free to install custom ROM unhindered, I would be more understanding, but phones are generally locked, potentially rendering them worthless if updates are not available.
I think I’d prefer if there was a minimum updates guarantee that OS sellers would have to disclose, but even then I’m more in favour of other companies being able to pick up the work by making sure devices have their bootloader unlockable after they don’t get any more updates for X amount of time, rather than add burden to OS makers, because forcing people to support a project for Y amount of years would really harm indie developers releasing Linux distros and the like
forcing people to support a project for Y amount of years would really harm indie developers releasing Linux distros and the like
Solution: implement as consumer protection that only applies to paid OS’s (and also ones that require a license, even if it’s “free” due to coming with the hardware)
Then Microsoft makes windows free and monetizes the shit out of services in the OS.
Then people move to Linux
rather than add burden to OS makers
It’s not a burden for the OS maker, except when the OS is the product, and in that case it’s only fair.
With Android the phone maker adapt the OS to their phones and flavor of Android, if they can’t handle maintaining it, they can use vanilla. Google is the OS maker, and I think they can handle the burden.
Instagram has existed for 14 years and 11 months. I think you might be pushing it on the not 15 years.
But more importantly though, Windows XP was supported for 18 years…
So it’s not like it can’t be done.
My ThinkPad x230 will soon turn 13 (since it was manufactured, I picked it up second hand from a business that went bankrupt). It’s still alive and kicking, just not with Windows. The hardware is dated, but for what I do it’s good enough. I only replaced the battery and the screen. I don’t care for instagram or any of that crap, this machine chugged along for 13 years, it will chug at least for another 5. Don’t let hardware manufacturers normalize dunking perfectly capable good hardware into a landfill because it hurts their profits. If you need any further proof just look into the old Apple hardware modding and some of the stuff they pulled off.
15 years is a massive time to just update your OS.
The last version of Windows 10 (22H2) is nothing like the RTM release from 2015 (1507). 1507 still has Cortana and their failed “Continuum” concept.
Essentially we are asking Microsoft to support Windows 10 22H2 for another ~5 years, which is reasonable considering 22H2 is a just under 3 years old.
Better laws would be:
- to mandate open source relaease at EOS
- automatically public domain at EOS
- require paid operating systems to supporr hardware from 15 years ago (as a consumer protection law, so that it only applies to paid OS’s (and also ones that require a license, even if it’s “free” due to coming with the hardware), so that foss projects arent hurt)
Please mandate open bootloaders on devices, that’s what we truly need.
What we REALLY need is to curb microsoft’s market dominance. If more alternatives for OS and usable replacements for MS office em would exist, this would not be a problem and would not need to hamper innovation for the sake of back porting (the main counter-argument as a dev).
Dude, I’m so ready. Linux supports processors that old, by enthusiasts for free.
This would almost certainly rule out Linux as an option. What Linux vendor feels comfortable committing to something, anything, for 15 years?
15 years is too long, it doesn’t match the state of the industry or technological progress.
If anything this slows down innovation which leads me to suspect the 15 year idea was though of by someone who dislikes any technical changes.
15 years is actually reasonable.
I have a ten year old laptop with an i7 processor, 16 GB RAM, and 1 TB SSD. It still does most things, I bought it for initially just fine. Granted this was one of the best laptops you could buy at the time.
Apple stopped supporting it with a current version of macOS a couple of years ago sadly. It’s still possible to patch newer versions to install and run on the old machine, but it’s a bit of a hassle.
Are we talking OpenCore Patcher? I was actually planning on trying that for my Early 2013 MBP, but I’m leaning more towards some Linux distro now, for the longevity of it, though I haven’t yet figured out which distro supports my MBP the best. Got any recommendations to share on some of this?
Yes, OpenCore Legacy Patcher.
Regarding Linux distributions, I don’t have a specific recommendation. You might be worse off with a distro that doesn’t include nonfree drivers for wifi, bluetooth, graphics by default. IIRC these MBPs use Broadcom Wifi chips. Ubuntu and derivatives would be my first try. Definitely read up on how to install Linux on MBPs. You probably might have to configure something in OpenFirmware/EFI.
15 years is too long, it doesn’t match the state of the industry or technological progress.
How is this too long? I would consider it a reasonable amount of time to receive security updates on a computer.
I have a notebook that I bought in 2012. It can run Ubuntu LTS 24.04, which is supported until 2034, without issue. There is no indication that the next release will stop supporting this hardware. I don’t see why Microsoft couldn’t provide this.
Before Microsoft demanded TPM 2.0, you could install the latest version of Windows on extremely old hardware. Easily reaching that 15 years. We had this already. And Windows 11 can easily run without TPM 2.0. Microsoft just has business reasons to demand it. So I don’t see how innovation is slowed down by this.
Outside of aero and financial where it’s not uncommon for this to use 20+ year old tech.
If something isn’t hyper critical 15 is way too long
Fair like imagine if Microsoft was forced to support windows 8 for 15 years, a operating system people barely use, also some OSs arnt ran by huge companys
No, OS makers should just not make their OS bloated with useless shit, stealing your data and have arbitrary system requirements. I think 15 years of OS updates is excessive unless we’re talking about servers or very specific workflows. IMO 5-10 years is enough.
That said, for some operating systems it doesn’t even make sense to support for THAT long, because how they are designed (A lot of Linux distros for example). It turns out, if you don’t break users’ workflow, they don’t mind to upgrade.
I agree with most of that, but there are loads of embedded systems still running the equivalent of Windows XP and they’re chugging along just fine. That OS still receives updates and ending that would break a lot of backend stuff. Mostly banking.
Boeing just started making planes which don’t rely on floppy disks for updates. That will continue on the older part of the fleet until it’s no longer feasible to procure the disks or the planes are no longer airworthy. I mean, why not? If you only need to store a few mbs for something critical, it’s not a bad choice of medium.
If a system is secure, reliable and works for decades without complaint, there’s no need to fix that.
5 years for basic and 10 for lts seems fine. 10 years is a fucking long ass time.
Nothing says ‘circular economy’ like Microsoft stranding 400 million PCs
This might be a silly question but would this not be a good idea for a start up company that recycle computer parts?
Don’t manufacturers purposefuly destroy the computers and such just to ensure that doesn’t happen?
This seems backwards. Let’s just assume we’re always going to be willingly beholden to tech giants, and so we’re going to pass a law to make our masters treat us well.
Maybe instead campaign for a law that says all publicly funded computer resources must be reliably usable for 15 years. So you either go FOSS and save money too, or you get guarantees in writing before you hand over your hand over money to the people who won’t even let you see what their code is doing on your hardware.
If the EU is going to pay for the developers, sure. I’d even go higher and say make it 50 years. Otherwise make your own OS or use Linux.
I think Microsoft should be punished with forcing to release the Windows kernel source code.
Please no, just imagine the influx of 0-days
I’ll bring the popcorn
Microsoft’s plan to end Windows 10 support next month — which may make an estimated 400 million PCs obsolete
I don’t get this. Can’t those PCs update to the new version? Yes, I am very aware that win11 is a shit show and win10 was better.
But Ubuntu also has a similar support policy for updates:
Ubuntu LTS versions get five years of updates, while non-LTS only gets nine months.
Would all the Linux versions out there be subjected the same 15 years of updates??
No, Windows 11 added extra, unneeded hardware requirements.
Obsolete in this case actually means obsolete. Windows 11 literally blocks the update because you do not meet requirements, such as not having a TPM.
Technically, there are ways to bypass this, but not for a casual user (and it probably breaks some ToS)
Yep, exactly this. You can bypass the TPM and Processor requirements, but at some point it will come back to bite someone in the butt.
Microsoft with the 24H2 update broke Windows 11 for older systems (like Core2Duo, which are already ancient) due to a lack of required processor instructions. I’ve seen systems running under QEMU, and also on newer systems like the AMD Ryzen Zen1 platform experience “Unsupported Processor” BSODs preventing the system from booting.
Even outside of that, Microsoft doesn’t deploy the yearly feature roll-ups to systems with unsupported hardware, even if Windows 11 is already installed. I’ve seen many unsupported systems end up stuck 1-2 builds behind, and they never see the update. They have to be manually updated using the same mechanisms that got Windows 11 installed in the first place.
Microsoft I believe, expects Windows 11 to be running on a minimum set of hardware, and that’s all they are qualifying it for. So older systems are going to eat it at some point if they are used in production.
The TPM checks are for security but, certainly not required if someone is willing to drop system security for some reason.
TPM is more about securing data from PC owners rather than for them. Since it’s there anyways, it is used to support bitlocker, but the reason they are pushing it so much is because it might (depending on whether it actually is secure) be able to allow content providers to allow users to view their content without needing to give them access to copy or edit it.
And there isn’t any guarantee that the uses that do benefit the user’s security don’t have some backdoor for approved crackers to get in. Like doesn’t the MS account store a copy of the recovery key for bitlocker? Which is nice for when the user needs it, but also comes in handy if MS wants to grant access to anyone else.
Microsoft does on Home Edition without even asking, and it doesn’t provide the users with a choice to store the key locally OR put it on the Cloud account, like Windows Pro does. I’m sure Microsoft has a master key to an account as well. But one can hope they do not, and they are also storing those BitLocker keys in an encrypted fashion in whatever database runs the backend.
Also agree with you on TPMs. They are useful when invoked by the user, like for passkey or secrets storage. DRM on content and software is, and always will be, anti-consumer. As for now secure TPMs are, I know Infineon did have that Random Number Generator bug which basically broke the TPMs. So there’s that.
Apparently there’s a way to install Win11 and bypass all these requirements.
https://www.tomshardware.com/how-to/bypass-windows-11-tpm-requirement
You don’t typically pay to run Linux distros. They’re open-source. I can’t imagine they’d be subject to this.
Upgrades are more seamless as well, it’s definitely a bit more blurry of a process. Plus Ubuntu releases twice a year, so their versions are more like the equivalent of Microsoft’s service packs (or whatever they call them now) but on a rolling basis.
Correct, the “obsolete” PCs can’t update to Windows 11. The Windows 11 update forces certain hardware support that a lot of devices don’t have. The security this hardware provides is mainly in someone physically removing data from your PC. As such it’s very business oriented but affects all versions of Windows 11.
It’s not business oriented, it provides a unique ID attached to the machine, cryptographically proven.
Next step is to use that unique ID to identify you on the internet and digital life. Ending all privacy.
You think this is far fetched? Kernel-level anti-cheat for games already does this and bans the machine from playing that game ever again.
Couldn’t you theoretically swap out the tpm chip? Or spoof/emulate it? If not, how do VMs run Win11, do they just inherit the host tpm chip and that’s that? I feel like this was the same goal of having a mac address on each device, and it became irrelevant in short order.
What would that mean for Linux distros? It seems like it could be a law that cuts off the competition. Like amazon who is very selectively for better working conditions when the know that no competitior can fulfull them.
Would Linux even count since it’s foss?
I think it does in some cases, like if you buy a System 76 computer with PopOS, or you buy a server with Red Hat.
However if you install a Linux OS yourself, that is available free of charge, there isn’t any money to claim back, and it would be illogical if there should be demands on updates.I think logically there needs to be money involved, so if you download PopOS you’re on your own, but if you bought a computer with PopOS installed it is part of a package.
I’m not a lawyer, but from my experience this is how things typically work.
Edit PS:
If it’s FOSS or FLOSS there also technically isn’t any owner, so there is no legal person to make a claim against.If implemented this should only apply to paid OS’s or ones where a licence comes with the hardware
No license is needed for Linux
I think it would need to be a commercial product like Red Hat or preinstalled OS by the company that sell the computer.
With a FOSS distribution that is made freely available without charge, that people download and install themselves, people are probably themselves responsible for their choice of OS.Microsoft is so wealthy they could do that, and would even support such legislation if it could hinder their competitors such as smaller Linux distributions.
European e-waste campaigners are calling on EU leadership to force tech vendors to provide 15 years of software updates, using Microsoft’s plan to end Windows 10 support next month — which may make an estimated 400 million PCs obsolete — as a textbook case of avoidable e-waste.
Windows 10 has already had 10 years of support. ESU extends this one extra year. If you have hardware that cannot meet Windows 11’s requirements, there are other OSes available that will happily run on that hardware. Which is what brings us to the real issue.
Microsoft’s near monopoly on consumer grade PCs and Apple’s vendor lock in. This is the core issue.
Companies can do this because there are no regulations to stop them. We call on European Commissioner Jessika Roswall to introduce EU Ecodesign requirements for laptops, guaranteeing at least 15 years of software updates. No more devices designed to break or become obsolete before their time
Ten years is a very long time for support. If you need support past that length, you need a different OS. Apple does good to keep Macs made in the last five to seven years still able to run their newest OS. They are some of the worse offenders on this. But even with a different OS, there’s still a limit to how far you can take hardware. You could put the best optimized software on really old hardware and that won’t change that the underlying CPU is old.
The older hardware gets the harder it is to keep supporting it. Case in point, there reason you can’t get TLS 1.2 that pretty much every site now requires onto Windows 95 era machine is the underlying hardware cannot keep up with the required computational needs to support that encryption. And if you happened to install Windows 95 onto modern hardware, the number of changes to the OS to get access to the underlying hardware is pretty much an upgrade to Windows 7.
Ten year old machines are doing alright for the time being, but we have to move on. TLS 1.3 is here, has been here since 2018. The stricter requirements for security, require more advanced hardware.
And I just mention TLS as a single example of what we’re talking about here. Modern hardware advances and attackers and users get those at the same time. While software security schemes do ensure security long after the hardware has become dated, there’s a point where it won’t matter anymore what software you toss onto the machine. It’s just so out dated it doesn’t matter, no software is securing it. Now that’s usually a lot longer than ten years, but it’s not much longer.
You can take a very lightweight Linux distro and pop it onto a Pentium 3 machine. It will technically run. But you are lacking SSE2 and even if you recompiled to remove SSE2 optimizations and strictly held to 586 ISA, you’re not going to enjoy the performance on the machine. For even the most simple tasks like unpacking a 7-zip. You will fare very unwell to some attacker who has a modern Threadripper machine.
I love old machines but the rest of the world is moving forward. Yes, software could technically cover for more than ten years, but not much more. But it’s silly to think that a Athlon 64 (2003), the oldest CPU you can technically get working on Windows 10 because of the NX bit requirement, would be able to keep pace on today’s multi megabyte sized website. Hell even the X2 models that were the first to be “dual core” would have issues with how modern web browsers handle things because Athlon 64 X2’s model for multiple processors is vastly different than how modern CPUs do it. It wouldn’t take anything for someone to feed it a website that would bring the system to it’s knees.
The thing is 15 years a very long time in the world of technology that’s ever evolving. Software can only go so far. 15 years is absolutely you need a different OS if that’s your requirement territory. But when you start hitting 20 years, your going to see breakage no matter what software you throw at it. It might be very slight at the 20 year mark. but each year after that it’s going to become more pronounced.
People have had plenty of time to upgrade. 15 years is an incredibly long time to be supporting an OS. Even RHEL doesn’t do that.
