Should OS makers, like Microsoft, be legally required to provide 15 years of security updates?
I have no sympathy for anyone using microsoft products.
They made their bed, now they get to sleep in it.
Microsoft’s plan to end Windows 10 support next month — which may make an estimated 400 million PCs obsolete
I don’t get this. Can’t those PCs update to the new version? Yes, I am very aware that win11 is a shit show and win10 was better.
But Ubuntu also has a similar support policy for updates:
Ubuntu LTS versions get five years of updates, while non-LTS only gets nine months.
Would all the Linux versions out there be subjected the same 15 years of updates??
You don’t typically pay to run Linux distros. They’re open-source. I can’t imagine they’d be subject to this.
if anyone pays though they would need to keep a long-long-term-support.
Upgrades are more seamless as well, it’s definitely a bit more blurry of a process. Plus Ubuntu releases twice a year, so their versions are more like the equivalent of Microsoft’s service packs (or whatever they call them now) but on a rolling basis.
No, Windows 11 added extra, unneeded hardware requirements.
Obsolete in this case actually means obsolete. Windows 11 literally blocks the update because you do not meet requirements, such as not having a TPM.
Technically, there are ways to bypass this, but not for a casual user (and it probably breaks some ToS)
Yep, exactly this. You can bypass the TPM and Processor requirements, but at some point it will come back to bite someone in the butt.
Microsoft with the 24H2 update broke Windows 11 for older systems (like Core2Duo, which are already ancient) due to a lack of required processor instructions. I’ve seen systems running under QEMU, and also on newer systems like the AMD Ryzen Zen1 platform experience “Unsupported Processor” BSODs preventing the system from booting.
Even outside of that, Microsoft doesn’t deploy the yearly feature roll-ups to systems with unsupported hardware, even if Windows 11 is already installed. I’ve seen many unsupported systems end up stuck 1-2 builds behind, and they never see the update. They have to be manually updated using the same mechanisms that got Windows 11 installed in the first place.
Microsoft I believe, expects Windows 11 to be running on a minimum set of hardware, and that’s all they are qualifying it for. So older systems are going to eat it at some point if they are used in production.
The TPM checks are for security but, certainly not required if someone is willing to drop system security for some reason.
Apparently there’s a way to install Win11 and bypass all these requirements.
https://www.tomshardware.com/how-to/bypass-windows-11-tpm-requirement
Correct, the “obsolete” PCs can’t update to Windows 11. The Windows 11 update forces certain hardware support that a lot of devices don’t have. The security this hardware provides is mainly in someone physically removing data from your PC. As such it’s very business oriented but affects all versions of Windows 11.
It’s not business oriented, it provides a unique ID attached to the machine, cryptographically proven.
Next step is to use that unique ID to identify you on the internet and digital life. Ending all privacy.
You think this is far fetched? Kernel-level anti-cheat for games already does this and bans the machine from playing that game ever again.
Couldn’t you theoretically swap out the tpm chip? Or spoof/emulate it? If not, how do VMs run Win11, do they just inherit the host tpm chip and that’s that? I feel like this was the same goal of having a mac address on each device, and it became irrelevant in short order.
I think Microsoft should be punished with forcing to release the Windows kernel source code.
Please no, just imagine the influx of 0-days
I’ll bring the popcorn
No, OS makers should just not make their OS bloated with useless shit, stealing your data and have arbitrary system requirements. I think 15 years of OS updates is excessive unless we’re talking about servers or very specific workflows. IMO 5-10 years is enough.
That said, for some operating systems it doesn’t even make sense to support for THAT long, because how they are designed (A lot of Linux distros for example). It turns out, if you don’t break users’ workflow, they don’t mind to upgrade.
I agree with most of that, but there are loads of embedded systems still running the equivalent of Windows XP and they’re chugging along just fine. That OS still receives updates and ending that would break a lot of backend stuff. Mostly banking.
Boeing just started making planes which don’t rely on floppy disks for updates. That will continue on the older part of the fleet until it’s no longer feasible to procure the disks or the planes are no longer airworthy. I mean, why not? If you only need to store a few mbs for something critical, it’s not a bad choice of medium.
If a system is secure, reliable and works for decades without complaint, there’s no need to fix that.
This comes after e-waste watchers revealed that 75 million iPhones could be rendered obsolete – tipping the scales at around 1.2 million kilograms of e-waste – following the release of iOS 26.
Not strictly true because the phones they counted here will still get security updates for 2-3 years AFAIK. 7 year old phones, mind you. But yeah, no more feature updates. Which are so meaningless these days anyway.
15 years is too long, it doesn’t match the state of the industry or technological progress.
If anything this slows down innovation which leads me to suspect the 15 year idea was though of by someone who dislikes any technical changes.
15 years is actually reasonable.
I have a ten year old laptop with an i7 processor, 16 GB RAM, and 1 TB SSD. It still does most things, I bought it for initially just fine. Granted this was one of the best laptops you could buy at the time.
Apple stopped supporting it with a current version of macOS a couple of years ago sadly. It’s still possible to patch newer versions to install and run on the old machine, but it’s a bit of a hassle.
But unlike server aided services an OS still keeps working. You can use that PC for 10 more years, if you like.
I think there’s a discrepancy in the understanding of ‘support’ and what it entails in different technology fields. Demanding to receive NEW features for decades is not feasible in the current economic environment.
The biggest issue is security updates and a current internet browser.
Of course I can use a 30 year old computer that still works with the software it can run.
Pretty sure Rocky Linux provides updates for 10 years.
It’s not asking too much for multi-billion dollar corporations to provide 15 years of updates.
They have more than enough resources.
Or an established player in the market that wants to keep competitors out (but I guess in a way that is someone who dislikes change). While legislation like this can sometimes be great (e.g. the recent changes forcing longer support for mobile phones) there comes a point where it cuts the other way and it becomes an entry barrier.
Imo the better solution would be to legislate what happens after support ends. Like forcing the disclosure of at least some documentation that allows others to continue servicing the product or at least transfer out data and install other software on the device.
Before Microsoft demanded TPM 2.0, you could install the latest version of Windows on extremely old hardware. Easily reaching that 15 years. We had this already. And Windows 11 can easily run without TPM 2.0. Microsoft just has business reasons to demand it. So I don’t see how innovation is slowed down by this.
Fair like imagine if Microsoft was forced to support windows 8 for 15 years, a operating system people barely use, also some OSs arnt ran by huge companys
This is a prime example of legislators not understanding technology.
No. Maintain your own OS. Any country or group of countries should be doing so.
Yes exactly :D https://en.m.wikipedia.org/wiki/Red_Star_OS
That sounds like an insane duration, even LTS distros are not usually anything like 15 years
There are companies still running XP.
These multi-billion dollar corporations have more than enough resources to provide updates for 15 years.
There’s nothing insane about it, unless you’ve been conditioned to live vicariously through business owners.
Pretty sure postmarketOS isn’t made by a multi-billion dollar corporation. Such a requirement would mean ONLY multi-billion dollar corporations can release an operating system. You do not want to give them that power.
If it’s free software, then anyone can implement the fixes themselves.
Doing so with proprietary software would be illegal.
this isn’t about the age of the OS, it’s the age of the device. I can install linux on a device from 20 years ago if not more.
Ahh, so the win11 arbitrary hardware requirements bullshit
I don’t know. just the other day somebody on lemmy was asking about installing a 32bit linux distro on an old netbook and the majority of comments were discussing whether there was any practical reason for distros to continue 32-bit support.
That’s unfortunate, but still leaves you 20 years worth of devices if they drop 32-bit.
They didn’t say you could not do version upgrade…
yeah but you don’t pay 150euros for it + all the ads and stuffs
but yeah, I don’t see the point of this, it’s clearly aimed at Microsoft, and at this point alternative solutions exist
I almost feel like the compromise we will eventually land on is that if an OS maker like Microsoft wants to continue advertising on your OS they have to take some liability for its security.
15 is an arbitrarily long time. I think forcing it to be open sourced upon the companies end of life is the better option
Then you can have a company that acquires the original failed company and provides “support” in the form of one bugfix per year.
All of these solutions are gamable except for requiring that the solution be open source from the get-go.
Or legislate that unsupported software becomes public domain or is open for development and the public can try and make the updates themselves.
Forcing people to upgrade entirely depends on the nature of the upgrades and the motive of the company. What we need is competition so there are alternatives for people to use if they don’t want to upgrade. But somehow Microsoft is not considered the monopoly of the PC OS market, despite being a monopoly, and uses that position to force changes nobody wants but them, like turning window into an AI data farming scheme that violates user privacy.
Mandatory open source public domain release at EOS.
At Win10 EOS, people would make Windows distros, and ReactOS would no longer have to be a clean room implementation.
Also this would be a success for Stop Killing Games.
Or legislate that unsupported software becomes public domain
Solves a lot of issues.
I would prefer if they force the companies to unlock root and boot-loader, when they not ship security updates anymore for a device.
I’d add the hardware drivers must be open sourced at the end of support as well, and no drm, patent, reverse engineering legal protections for a out of support Device/chipset
Fuck it. Force them from release date. There’s no reason for them to dictate what you can and cannot run on the hardware you purchase. If they can’t compete by providing a better OS or software, and must rely on anti-competitive models to profit, then they don’t deserve to waste the planets resources.
Fair enough, just thought proposal above would have higher chances to get approved 😇
You start high and negotiate down. If you start low, you’ll get even less
Abandonware must be open sourced, publishing a new version doesn’t count as a exception.
deleted by creator
Dude, I’m so ready. Linux supports processors that old, by enthusiasts for free.
This would almost certainly rule out Linux as an option. What Linux vendor feels comfortable committing to something, anything, for 15 years?
Because Linux is free software, we can implement the fixes ourselves.
Doing so with Windows or Crapple would literally be illegal.
Yes, but to fulfill that requirement the company would have to be around to review the code changes and merge and provide QA. For 15 years.
Just require any new operating systems to support 15 year old hardware. We should require manufacturers to provide 15 years of UEFI and firmware updates too.
That is way more sensible, than the other way around.
If the EU is going to pay for the developers, sure. I’d even go higher and say make it 50 years. Otherwise make your own OS or use Linux.
