Should OS makers, like Microsoft, be legally required to provide 15 years of security updates?
Nothing says ‘circular economy’ like Microsoft stranding 400 million PCs
This might be a silly question but would this not be a good idea for a start up company that recycle computer parts?
Don’t manufacturers purposefuly destroy the computers and such just to ensure that doesn’t happen?
There are dozens of us out here patiently awaiting a bunch of reasonably powerful new Linux machines.
would this not be a good idea for a start up company that recycle computer parts?
I really don’t think so. Computer recycling already seems to be a low profit business, as evidenced by there not being any large companies that do it (that I’m aware of). This number of computers flooding the market would probably make it even less profitable. Sure, it may be profitable for some small businesses, but nothing on the scale required to address the problem.
that’s what the greatest technician that’s ever lived does.
This seems backwards. Let’s just assume we’re always going to be willingly beholden to tech giants, and so we’re going to pass a law to make our masters treat us well.
Maybe instead campaign for a law that says all publicly funded computer resources must be reliably usable for 15 years. So you either go FOSS and save money too, or you get guarantees in writing before you hand over your hand over money to the people who won’t even let you see what their code is doing on your hardware.
You can already patch windows as much as you want.
You can? How do you do that?
By replacing it with something better.
Yeah, I’ll just call up the CTO and ask for a new deployment of 300,000 VMs lmfao
Lifetime for security. Other features (new drivers…) you can pay for, but security is lifetime. You need to escrow enough money to provide this service or prove that nobody is using the OS.
All services required for use of the device are also lifetime - though they may charge a subscription price so long as that price is clear to the customer before the first sale and prices go up by inflation only. After 15 years they can drop the service if it is easy for a “normal user” to switch to a different subscription provider; and all source code required for someone “skilled in the art” to create and maintain their own service provider is publicly released under terms that allow modification and redistribution was released at least 5 years before killing their own service.
You are allowed to drop support for any protocol that is not latest recommended state of the art so long as you maintain what was recommended at time of release. If a newer protocol comes out you need not support it. (Which is to say you can be IPv6 only today, and if the internet switches to IPv12 in the future you don’t have to support that)
The above applies to anything network connected. OS, web browser, Security camera, thermostat…
Of course. Make another regulation only big corps can follow. To punish them, of course. This is punishment.
Good.
If we’re going to pretend corporations are people, then we should treat them like slaves.
That was sarcasm. Making a regulation to punish a big corporation that automatically disqualifies everyone smaller is not punishment for it.
European e-waste campaigners are calling on EU leadership to force tech vendors to provide 15 years of software updates, using Microsoft’s plan to end Windows 10 support next month — which may make an estimated 400 million PCs obsolete — as a textbook case of avoidable e-waste.
Windows 10 has already had 10 years of support. ESU extends this one extra year. If you have hardware that cannot meet Windows 11’s requirements, there are other OSes available that will happily run on that hardware. Which is what brings us to the real issue.
Microsoft’s near monopoly on consumer grade PCs and Apple’s vendor lock in. This is the core issue.
Companies can do this because there are no regulations to stop them. We call on European Commissioner Jessika Roswall to introduce EU Ecodesign requirements for laptops, guaranteeing at least 15 years of software updates. No more devices designed to break or become obsolete before their time
Ten years is a very long time for support. If you need support past that length, you need a different OS. Apple does good to keep Macs made in the last five to seven years still able to run their newest OS. They are some of the worse offenders on this. But even with a different OS, there’s still a limit to how far you can take hardware. You could put the best optimized software on really old hardware and that won’t change that the underlying CPU is old.
The older hardware gets the harder it is to keep supporting it. Case in point, there reason you can’t get TLS 1.2 that pretty much every site now requires onto Windows 95 era machine is the underlying hardware cannot keep up with the required computational needs to support that encryption. And if you happened to install Windows 95 onto modern hardware, the number of changes to the OS to get access to the underlying hardware is pretty much an upgrade to Windows 7.
Ten year old machines are doing alright for the time being, but we have to move on. TLS 1.3 is here, has been here since 2018. The stricter requirements for security, require more advanced hardware.
And I just mention TLS as a single example of what we’re talking about here. Modern hardware advances and attackers and users get those at the same time. While software security schemes do ensure security long after the hardware has become dated, there’s a point where it won’t matter anymore what software you toss onto the machine. It’s just so out dated it doesn’t matter, no software is securing it. Now that’s usually a lot longer than ten years, but it’s not much longer.
You can take a very lightweight Linux distro and pop it onto a Pentium 3 machine. It will technically run. But you are lacking SSE2 and even if you recompiled to remove SSE2 optimizations and strictly held to 586 ISA, you’re not going to enjoy the performance on the machine. For even the most simple tasks like unpacking a 7-zip. You will fare very unwell to some attacker who has a modern Threadripper machine.
I love old machines but the rest of the world is moving forward. Yes, software could technically cover for more than ten years, but not much more. But it’s silly to think that a Athlon 64 (2003), the oldest CPU you can technically get working on Windows 10 because of the NX bit requirement, would be able to keep pace on today’s multi megabyte sized website. Hell even the X2 models that were the first to be “dual core” would have issues with how modern web browsers handle things because Athlon 64 X2’s model for multiple processors is vastly different than how modern CPUs do it. It wouldn’t take anything for someone to feed it a website that would bring the system to it’s knees.
The thing is 15 years a very long time in the world of technology that’s ever evolving. Software can only go so far. 15 years is absolutely you need a different OS if that’s your requirement territory. But when you start hitting 20 years, your going to see breakage no matter what software you throw at it. It might be very slight at the 20 year mark. but each year after that it’s going to become more pronounced.
Ten years is a very long time for support. If you need support past that length, you need a different OS.
I strongly disagree. Ten years should be the bare minimum required. Windows used to support hardware way longer than 10 years and probably more than 15, until Windows 11 came out.
The older hardware gets the harder it is to keep supporting it. Case in point, there reason you can’t get TLS 1.2 that pretty much every site now requires onto Windows 95 era machine is the underlying hardware cannot keep up with the required computational needs to support that encryption. And if you happened to install Windows 95 onto modern hardware, the number of changes to the OS to get access to the underlying hardware is pretty much an upgrade to Windows 7.
Windows 95 is a bad example since it’s a 30 year old OS. It’s a completely different era with different OS architecture and different OS environment. Let’s instead use an example of an OS from the time frame being discussed: Windows 7, released a little over 15 years ago. There’s very little reason why a computer that was made since Windows 7 was released shouldn’t be able to run Windows 11. I think that this is a profit maximization decision on Microsoft’s part (less hardware support, less development and testing cost). They basically said screw the customers and screw the environment.
Some websites bring my 9800X3D to its knees
Well, maybe tell Microsoft and others to stop sucking in these technological advances they treat as shiny misunderstood toys that are forced down everyone’s throats and make everyone’s lives a lot harder than they’re supposedly making easier.
I am not arguing against the idea of upgrading at all or avoiding security at all. What I am always tired of, is just seeing the direction Microsoft takes and then telling people to shove off into their shitty new ecosystem for the sake of security. Like no, you’re watering down your OS and dumbing down everything while telling millions of users like “well, uh, like it because we’re Microsoft so fuck you”.
And nothing is improving or giving people the strong urge to immediately upgrade because of said directions and choices.
Which is why we have this delayed lapse in people just stretching out these support cycles who’re not interested in hopping to the next OS, because they aren’t liking what they see and sometimes experience on another’s computer that has that latest OS version.
By the time Windows 10 is truly done, Windows 11 has its announcement for the last of its updates and by the time Microsoft moves to 12 in however they handle it, maybe then.
No, OS makers should just not make their OS bloated with useless shit, stealing your data and have arbitrary system requirements. I think 15 years of OS updates is excessive unless we’re talking about servers or very specific workflows. IMO 5-10 years is enough.
That said, for some operating systems it doesn’t even make sense to support for THAT long, because how they are designed (A lot of Linux distros for example). It turns out, if you don’t break users’ workflow, they don’t mind to upgrade.
5 years for basic and 10 for lts seems fine. 10 years is a fucking long ass time.
I agree with most of that, but there are loads of embedded systems still running the equivalent of Windows XP and they’re chugging along just fine. That OS still receives updates and ending that would break a lot of backend stuff. Mostly banking.
Boeing just started making planes which don’t rely on floppy disks for updates. That will continue on the older part of the fleet until it’s no longer feasible to procure the disks or the planes are no longer airworthy. I mean, why not? If you only need to store a few mbs for something critical, it’s not a bad choice of medium.
If a system is secure, reliable and works for decades without complaint, there’s no need to fix that.
People have had plenty of time to upgrade. 15 years is an incredibly long time to be supporting an OS. Even RHEL doesn’t do that.
I have no sympathy for anyone using microsoft products.
They made their bed, now they get to sleep in it.
I didnt my finance and IT team did.
If you ever want to create a google fan, make them use M365
seems you were already a Google fan, they are a unique breed of horrible.
Oh you… recongising one is better than the other is not support for either.
The company that pays me so I can provide for my family and live a life moved from workspace to office and I think it is worse by a long shot.
Please mandate open bootloaders on devices, that’s what we truly need.
15 years. 15 years. She got one of your kids got you for 15 years
Or legislate that unsupported software becomes public domain or is open for development and the public can try and make the updates themselves.
Forcing people to upgrade entirely depends on the nature of the upgrades and the motive of the company. What we need is competition so there are alternatives for people to use if they don’t want to upgrade. But somehow Microsoft is not considered the monopoly of the PC OS market, despite being a monopoly, and uses that position to force changes nobody wants but them, like turning window into an AI data farming scheme that violates user privacy.
Mandatory open source public domain release at EOS.
At Win10 EOS, people would make Windows distros, and ReactOS would no longer have to be a clean room implementation.
Also this would be a success for Stop Killing Games.
Or legislate that unsupported software becomes public domain
Solves a lot of issues.
This is stupid.
15 years is a massive time to just update your OS.
15 years ago instagram didn’t exist, the iPad was new, and people were just updating from Vista to Windows 7. I think Hadoop was just created then.
That is a massive amount of time to support software that would have almost no architectural protection against things like heartbleed.
Instagram has existed for 14 years and 11 months. I think you might be pushing it on the not 15 years.
But more importantly though, Windows XP was supported for 18 years…
So it’s not like it can’t be done.
My ThinkPad x230 will soon turn 13 (since it was manufactured, I picked it up second hand from a business that went bankrupt). It’s still alive and kicking, just not with Windows. The hardware is dated, but for what I do it’s good enough. I only replaced the battery and the screen. I don’t care for instagram or any of that crap, this machine chugged along for 13 years, it will chug at least for another 5. Don’t let hardware manufacturers normalize dunking perfectly capable good hardware into a landfill because it hurts their profits. If you need any further proof just look into the old Apple hardware modding and some of the stuff they pulled off.
"Microsoft’s decision to end support for Windows 10 could make 400 million computers obsolete
This is more stupid, and I absolutely agree with the article it shouldn’t be legal to end support of an OS this quickly, mind you this is not update to a new OS, like is common on phones, but mostly security updates for the OS you purchased with the device.
I absolutely think 10 years should be a minimum, but for PC, I can easily see an argument for 15 years, as many systems are purpose built, and should keep working even if an OS is discontinued.A similar argument can be made for phones, but maybe that should just be 10 or maybe even just 5 years, which very few phones have. My vote is on 10 years, because what some companies have been doing for a long time, only supporting security updates for 3 years is not acceptable IMO.
I think I’d prefer if there was a minimum updates guarantee that OS sellers would have to disclose, but even then I’m more in favour of other companies being able to pick up the work by making sure devices have their bootloader unlockable after they don’t get any more updates for X amount of time, rather than add burden to OS makers, because forcing people to support a project for Y amount of years would really harm indie developers releasing Linux distros and the like
forcing people to support a project for Y amount of years would really harm indie developers releasing Linux distros and the like
Solution: implement as consumer protection that only applies to paid OS’s (and also ones that require a license, even if it’s “free” due to coming with the hardware)
Then Microsoft makes windows free and monetizes the shit out of services in the OS.
rather than add burden to OS makers
It’s not a burden for the OS maker, except when the OS is the product, and in that case it’s only fair.
With Android the phone maker adapt the OS to their phones and flavor of Android, if they can’t handle maintaining it, they can use vanilla. Google is the OS maker, and I think they can handle the burden.The EU has been so far bad at making sure FOSS isn’t seen as a paid product in the eyes of regulation, even in cases where it’s clearly unpaid, see here. They can’t be trusted to get this differentiation right.
Therefore, unlockable bootloader seems like the better idea. Get people to Linux and open Android variants if the closed-source companies won’t serve them.
I have no idea what I’m supposed to see from you link? I don’t see any particular legal knowledge, or description of any particular legal consequences, and I have no idea what the point is???
Obviously software provided for free “as is”, cannot be required to be maintained. And if it is owned by the public which is the case with FOSS, there is no “owner” who can be made responsible.If however the software is part of a commercial package, the one supplying the package has responsibility for the package supplied, you can’t just supply open source software as part of a commercial product, and waive all responsibility for your product in that regard.
I admit it’s a complex topic, but if you read the post in detail, it should answer your questions. The “owner” is typically the maintainer, if in doubt that’s the person with repository write access. And the EU can apparently potentially require whatever to be maintained, not that I understand the exact details. The point was that the regulation doesn’t seem to avoid FOSS fallout well.
“owner” is typically the maintainer,
Nope, AFAIK that is not legally applicable, that is very clear with licenses like MIT BSD etc, and for GPL in all versions it’s very explicitly stated in the license.
You can also release as simply public domain, which very obviously means nobody owns as it is owned by everybody.
Generally if you give something away for free, you can’t be claimed to be the owner.
I have no idea where that idea should come from, some typical anti EU alarmists maybe? And I bet there is zero legal precedent for that. And I seriously doubt any lawyer would support your claim.If however you choose a license where the creator keeps ownership it may be different, but then it’s not FOSS.
And yet people are bitching because Windows 10 is getting cut off after 10 years of support. Raise it to 15 and people will just bitch at the 15 year mark.
I think major factors in people bitching about the Windows 10 EOL is that a) Windows 10 was explicitly marketed as the final version of Windows and b) Windows 11 is so unappealing that even companies are reluctant to upgrade.
Normally, that wouldn’t be a big problem. We had dud releases before. Windows Vista had few friends due to compatibility issues but was workable. Besides, 7 was launched shortly after Vista’s EOL. Likewise, Windows 8’s absurd UI choices made it deeply unpopular but it was quickly followed by 8.1, which fixed that. And Windows 10 again followed shortly after 8’s EOL (and well before 8.1’s).
Windows 11, however, combines a hard to justify spec hike with a complete absence of appealing new features. The notable new features that are there are raising concerns about data safety. In certain industries (e.g. medical, legal, and finance), Recall/Copilot Vision is seen as dangerous as it might access protected information and is not under the same control that the company has over its document stores. That increases the vector for a data breach that could lead to severe legal and reputational penalties.
Microsoft failed to satisfyingly address these concerns. And there’s not even hope of a new version of Windows releasing a few months after 10’s EOL; Windows 12 hasn’t even been announced yet.
It’s no wonder that companies are now complaining about Windows 10’s support window being too short.
Windows used to support really old hardware, I believe more than 15 years old until they introduced the new requirements for particular CPU models and TPM 2.0 chips. If anything, I feel that 15 years is too short. iPads and Hadoop have nothing to do with PC hardware.
15 years is a massive time to just update your OS.
The last version of Windows 10 (22H2) is nothing like the RTM release from 2015 (1507). 1507 still has Cortana and their failed “Continuum” concept.
Essentially we are asking Microsoft to support Windows 10 22H2 for another ~5 years, which is reasonable considering 22H2 is a just under 3 years old.
This comes after e-waste watchers revealed that 75 million iPhones could be rendered obsolete – tipping the scales at around 1.2 million kilograms of e-waste – following the release of iOS 26.
Not strictly true because the phones they counted here will still get security updates for 2-3 years AFAIK. 7 year old phones, mind you. But yeah, no more feature updates. Which are so meaningless these days anyway.
The security updates for old iOS versions are a sleight of hand. Most companies only support the three latest versions of iOS, so soon that will be iOS 17 as the minimum. I had a device stuck on iOS 15, which was released in 2016, and banks and other major apps dropped support. So while the phone did get security updates, it can’t run the apps I needed.
That’s the app devs being idiots.
My two local banks that I use support 15.1 and 16. My two globally useful neobanks support 13 and 16. None of them have any features that the one on 13 doesn’t have (in fact, that gets the most updates and has the most features of them all).
So iOS 16, which most apps still seem to support, at least ones that I use, supports devices as far back as the 6s, which came out in 2015. It also still gets security updates for now.
I just don’t get why Apple gets the most shit for generating e-waste on their phones when they actually have the longest lasting phones (barring tech enthusiasts flashing custom ROMs to old Androids, which is what, 1% of the population?)
What Apple REALLY should be getting shit for is software support for their Macbooks, particularly considering that with the Apple Silicon ones, the Linux drivers are still iffy for most things. They need to figure out a way to offer at LEAST 10 years, ideally 15 years of security updates for any device sold, since these devices are only meant to be used with their software, and one expects a computer to last longer than a smartphone, or at least how that’s how it was a few years ago still, when smartphones were still somewhat getting better year over year.
I think Apple is responsible by releasing new APIs that are only available on the specific iOS version. Rarely have they back ported functionality to older iOS versions. Apple draggles shinny new APIs in front of developers causing them to update the minimum version.
Yeah Apple rapidly dropping support with Intel Macs is really terrible. I have a 2018 Mac mini that is already obsolete, what a joke. That was the last Mac I buy.
This will kill small firms developing new OSes.
Dude, I’m so ready. Linux supports processors that old, by enthusiasts for free.
This would almost certainly rule out Linux as an option. What Linux vendor feels comfortable committing to something, anything, for 15 years?
Because Linux is free software, we can implement the fixes ourselves.
Doing so with Windows or Crapple would literally be illegal.
Yes, but to fulfill that requirement the company would have to be around to review the code changes and merge and provide QA. For 15 years.
