Should OS makers, like Microsoft, be legally required to provide 15 years of security updates?
- I would prefer if they force the companies to unlock root and boot-loader, when they not ship security updates anymore for a device. - Fuck it. Force them from release date. There’s no reason for them to dictate what you can and cannot run on the hardware you purchase. If they can’t compete by providing a better OS or software, and must rely on anti-competitive models to profit, then they don’t deserve to waste the planets resources. - Fair enough, just thought proposal above would have higher chances to get approved 😇 - You start high and negotiate down. If you start low, you’ll get even less - 😄I guess, I am bad in capitalism 🤣🙃 - Nah, you’re a good person. But there’s lots of bad faith people out there. You have to defend yourself against them 
 
 
 
 
- Abandonware must be open sourced, publishing a new version doesn’t count as a exception. 
- I’d add the hardware drivers must be open sourced at the end of support as well, and no drm, patent, reverse engineering legal protections for a out of support Device/chipset - 😍yess! 
 
- deleted by creator 
 
- 15 is an arbitrarily long time. I think forcing it to be open sourced upon the companies end of life is the better option - Then you can have a company that acquires the original failed company and provides “support” in the form of one bugfix per year. - All of these solutions are gamable except for requiring that the solution be open source from the get-go. 
 
- Or legislate that unsupported software becomes public domain or is open for development and the public can try and make the updates themselves. - Forcing people to upgrade entirely depends on the nature of the upgrades and the motive of the company. What we need is competition so there are alternatives for people to use if they don’t want to upgrade. But somehow Microsoft is not considered the monopoly of the PC OS market, despite being a monopoly, and uses that position to force changes nobody wants but them, like turning window into an AI data farming scheme that violates user privacy. - Mandatory open source public domain release at EOS. - At Win10 EOS, people would make Windows distros, and ReactOS would no longer have to be a clean room implementation. - Also this would be a success for Stop Killing Games. 
- Or legislate that unsupported software becomes public domain - Solves a lot of issues. 
 
- That sounds like an insane duration, even LTS distros are not usually anything like 15 years - this isn’t about the age of the OS, it’s the age of the device. I can install linux on a device from 20 years ago if not more. - Ahh, so the win11 arbitrary hardware requirements bullshit 
- I don’t know. just the other day somebody on lemmy was asking about installing a 32bit linux distro on an old netbook and the majority of comments were discussing whether there was any practical reason for distros to continue 32-bit support. - That’s unfortunate, but still leaves you 20 years worth of devices if they drop 32-bit. 
 
 
- yeah but you don’t pay 150euros for it + all the ads and stuffs - but yeah, I don’t see the point of this, it’s clearly aimed at Microsoft, and at this point alternative solutions exist - I almost feel like the compromise we will eventually land on is that if an OS maker like Microsoft wants to continue advertising on your OS they have to take some liability for its security. 
 
- These multi-billion dollar corporations have more than enough resources to provide updates for 15 years. - There’s nothing insane about it, unless you’ve been conditioned to live vicariously through business owners. - Pretty sure postmarketOS isn’t made by a multi-billion dollar corporation. Such a requirement would mean ONLY multi-billion dollar corporations can release an operating system. You do not want to give them that power. - If it’s free software, then anyone can implement the fixes themselves. - Doing so with proprietary software would be illegal. 
 
 
- There are companies still running XP. 
- They didn’t say you could not do version upgrade… 
 
- What we REALLY need is to curb microsoft’s market dominance. If more alternatives for OS and usable replacements for MS office em would exist, this would not be a problem and would not need to hamper innovation for the sake of back porting (the main counter-argument as a dev). - Linux and all its flavors? - What’s wrong with libreoffice or anyoffice? For a large percentage of users, Linux is fine, especially as many applications have an online option. For the stuff I do, in Linux, online Office is more than sufficient. - An org I work with provides me with a 365 license, but I I’m more comfortable in Libreoffice. - Office is used bythe majority, but majority doesn’t mean they are right, they are simply more. - LibreOffice is okay for some stuff, but shows its limitations pretty quickly once you use it for more serious tasks. - Writer is the best of the suite and has deleted comments for me several times without ability to recover.
- The spreadsheet is a toy compared to Excel spreadsheets used in pretty much any business.
- The presentation software produces ugly results by default.
 - The only things LibreOffice has going for it, is the price and that the UI doesn’t change. LibreOffice has no good mobile apps. - Better alternatives to Microsoft Office are Google Docs etc. and Apple’s iWork suite. Both have good compatibility with Microsoft’s files and run great on mobile. - Google has ease of use, easy sharing and collaboration. Apple’s iWork has great usability and features and produces beautiful results by default. The suite comes free with every Apple device. Google Docs is free to use as well. - That’s of course ignoring the workhorse called Outlook. You can kind of approach its features with a handful of other applications, but won’t reach the same functionality. - LibreOffice has one unique application in its suite: Base local database. Microsoft Access and FileMaker used to very popular, but faded into the background over the last decade. 
- The jank oh my god the jank - Windows is far more jank than a lot of Linux distros/desktop environments. - Like… - Multiple different right click menus?
- No consistent and cohesive design language even throughout system or first party apps?
- Having to search online for an exe download page, download, open downloads folder, double click, click next through an installer? Then each app having to have its own update process, often that always runs in the background to check (or none at all)?
- Updates that happen when you don’t want them to, take forever, and break things?
- Fucking ads everywhere?
- Web results in your start menu before actual stuff on your system
- Multiple settings apps?
- Sleep that doesn’t work?
- Convoluted process for setting things as the default app?
- Dark mode that’s only functional for some apps?
 - It’s actually incredible how much money Microsoft has, and how much more they spend than probably all Linux DEs combined, but they’ve still yet to fix so much low hanging fruit. 
- I have had more issues with formatting between ms 365 desktop and ms 365 online than I’ve had with libreoffice 
 
 
- Hmmm, I don’t agree. The trend is in the opposite direction. Microsoft Windows used to have a larger market share and supported hardware indefinitely. Now that their market share has shrunk, they are also limiting support for older hardware. This only shows correlation, not causation, but it does show that more competition has not improved the issue and that we need laws to do that instead. MacOS, the primary competitor to Microsoft Windows which also has Microsoft Office available, only supports their hardware for 6-8 years as well. - Edit: just to add, if anything, this actually shows that more competition and reduced market share probably increases the pressure to cut support for older hardware because it probably becomes less profitable to do so. - I didn’t go into the specifics but I was thinking more in line with prosumer friendly linux distributions that can be dropped in to replace win 10. I know stuff like linux mint exists for that case. - Got it, thanks for the clarification. 
 
 
 
- This is stupid. - 15 years is a massive time to just update your OS. - 15 years ago instagram didn’t exist, the iPad was new, and people were just updating from Vista to Windows 7. I think Hadoop was just created then. - That is a massive amount of time to support software that would have almost no architectural protection against things like heartbleed. - "Microsoft’s decision to end support for Windows 10 could make 400 million computers obsolete - This is more stupid, and I absolutely agree with the article it shouldn’t be legal to end support of an OS this quickly, mind you this is not update to a new OS, like is common on phones, but mostly security updates for the OS you purchased with the device. 
 I absolutely think 10 years should be a minimum, but for PC, I can easily see an argument for 15 years, as many systems are purpose built, and should keep working even if an OS is discontinued.- A similar argument can be made for phones, but maybe that should just be 10 or maybe even just 5 years, which very few phones have. My vote is on 10 years, because what some companies have been doing for a long time, only supporting security updates for 3 years is not acceptable IMO. If the phone is free to install custom ROM unhindered, I would be more understanding, but phones are generally locked, potentially rendering them worthless if updates are not available. - I think I’d prefer if there was a minimum updates guarantee that OS sellers would have to disclose, but even then I’m more in favour of other companies being able to pick up the work by making sure devices have their bootloader unlockable after they don’t get any more updates for X amount of time, rather than add burden to OS makers, because forcing people to support a project for Y amount of years would really harm indie developers releasing Linux distros and the like - rather than add burden to OS makers - It’s not a burden for the OS maker, except when the OS is the product, and in that case it’s only fair. 
 With Android the phone maker adapt the OS to their phones and flavor of Android, if they can’t handle maintaining it, they can use vanilla. Google is the OS maker, and I think they can handle the burden.- The EU has been so far bad at making sure FOSS isn’t seen as a paid product in the eyes of regulation, even in cases where it’s clearly unpaid, see here. They can’t be trusted to get this differentiation right. - Therefore, unlockable bootloader seems like the better idea. Get people to Linux and open Android variants if the closed-source companies won’t serve them. - I have no idea what I’m supposed to see from you link? I don’t see any particular legal knowledge, or description of any particular legal consequences, and I have no idea what the point is??? 
 Obviously software provided for free “as is”, cannot be required to be maintained. And if it is owned by the public which is the case with FOSS, there is no “owner” who can be made responsible.- If however the software is part of a commercial package, the one supplying the package has responsibility for the package supplied, you can’t just supply open source software as part of a commercial product, and waive all responsibility for your product in that regard. - I admit it’s a complex topic, but if you read the post in detail, it should answer your questions. The “owner” is typically the maintainer, if in doubt that’s the person with repository write access. And the EU can apparently potentially require whatever to be maintained, not that I understand the exact details. The point was that the regulation doesn’t seem to avoid FOSS fallout well. - “owner” is typically the maintainer, - Nope, AFAIK that is not legally applicable, that is very clear with licenses like MIT BSD etc, and for GPL in all versions it’s very explicitly stated in the license. 
 You can also release as simply public domain, which very obviously means nobody owns as it is owned by everybody.
 Generally if you give something away for free, you can’t be claimed to be the owner.
 I have no idea where that idea should come from, some typical anti EU alarmists maybe? And I bet there is zero legal precedent for that. And I seriously doubt any lawyer would support your claim.- If however you choose a license where the creator keeps ownership it may be different, but then it’s not FOSS. 
 
 
 
 
- forcing people to support a project for Y amount of years would really harm indie developers releasing Linux distros and the like - Solution: implement as consumer protection that only applies to paid OS’s (and also ones that require a license, even if it’s “free” due to coming with the hardware) - Then Microsoft makes windows free and monetizes the shit out of services in the OS. - Then people move to Linux 
 
 
 
 
- Instagram has existed for 14 years and 11 months. I think you might be pushing it on the not 15 years. - But more importantly though, Windows XP was supported for 18 years… - So it’s not like it can’t be done. 
- My ThinkPad x230 will soon turn 13 (since it was manufactured, I picked it up second hand from a business that went bankrupt). It’s still alive and kicking, just not with Windows. The hardware is dated, but for what I do it’s good enough. I only replaced the battery and the screen. I don’t care for instagram or any of that crap, this machine chugged along for 13 years, it will chug at least for another 5. Don’t let hardware manufacturers normalize dunking perfectly capable good hardware into a landfill because it hurts their profits. If you need any further proof just look into the old Apple hardware modding and some of the stuff they pulled off. 
- 15 years is a massive time to just update your OS. - The last version of Windows 10 (22H2) is nothing like the RTM release from 2015 (1507). 1507 still has Cortana and their failed “Continuum” concept. - Essentially we are asking Microsoft to support Windows 10 22H2 for another ~5 years, which is reasonable considering 22H2 is a just under 3 years old. 
- Windows used to support really old hardware, I believe more than 15 years old until they introduced the new requirements for particular CPU models and TPM 2.0 chips. If anything, I feel that 15 years is too short. iPads and Hadoop have nothing to do with PC hardware. 
- And yet people are bitching because Windows 10 is getting cut off after 10 years of support. Raise it to 15 and people will just bitch at the 15 year mark. - I think major factors in people bitching about the Windows 10 EOL is that a) Windows 10 was explicitly marketed as the final version of Windows and b) Windows 11 is so unappealing that even companies are reluctant to upgrade. - Normally, that wouldn’t be a big problem. We had dud releases before. Windows Vista had few friends due to compatibility issues but was workable. Besides, 7 was launched shortly after Vista’s EOL. Likewise, Windows 8’s absurd UI choices made it deeply unpopular but it was quickly followed by 8.1, which fixed that. And Windows 10 again followed shortly after 8’s EOL (and well before 8.1’s). - Windows 11, however, combines a hard to justify spec hike with a complete absence of appealing new features. The notable new features that are there are raising concerns about data safety. In certain industries (e.g. medical, legal, and finance), Recall/Copilot Vision is seen as dangerous as it might access protected information and is not under the same control that the company has over its document stores. That increases the vector for a data breach that could lead to severe legal and reputational penalties. - Microsoft failed to satisfyingly address these concerns. And there’s not even hope of a new version of Windows releasing a few months after 10’s EOL; Windows 12 hasn’t even been announced yet. - It’s no wonder that companies are now complaining about Windows 10’s support window being too short. 
 
- Better laws would be: - to mandate open source relaease at EOS
- automatically public domain at EOS
- require paid operating systems to supporr hardware from 15 years ago (as a consumer protection law, so that it only applies to paid OS’s (and also ones that require a license, even if it’s “free” due to coming with the hardware), so that foss projects arent hurt)
 
 
- Please mandate open bootloaders on devices, that’s what we truly need. 
- Dude, I’m so ready. Linux supports processors that old, by enthusiasts for free. - This would almost certainly rule out Linux as an option. What Linux vendor feels comfortable committing to something, anything, for 15 years? - Because Linux is free software, we can implement the fixes ourselves. - Doing so with Windows or Crapple would literally be illegal. - Yes, but to fulfill that requirement the company would have to be around to review the code changes and merge and provide QA. For 15 years. 
 
 
 
- Just require any new operating systems to support 15 year old hardware. We should require manufacturers to provide 15 years of UEFI and firmware updates too. - That is way more sensible, than the other way around. 
 
- 15 years is too long, it doesn’t match the state of the industry or technological progress. - If anything this slows down innovation which leads me to suspect the 15 year idea was though of by someone who dislikes any technical changes. - 15 years is actually reasonable. - I have a ten year old laptop with an i7 processor, 16 GB RAM, and 1 TB SSD. It still does most things, I bought it for initially just fine. Granted this was one of the best laptops you could buy at the time. - Apple stopped supporting it with a current version of macOS a couple of years ago sadly. It’s still possible to patch newer versions to install and run on the old machine, but it’s a bit of a hassle. - Are we talking OpenCore Patcher? I was actually planning on trying that for my Early 2013 MBP, but I’m leaning more towards some Linux distro now, for the longevity of it, though I haven’t yet figured out which distro supports my MBP the best. Got any recommendations to share on some of this? - Yes, OpenCore Legacy Patcher. - Regarding Linux distributions, I don’t have a specific recommendation. You might be worse off with a distro that doesn’t include nonfree drivers for wifi, bluetooth, graphics by default. IIRC these MBPs use Broadcom Wifi chips. Ubuntu and derivatives would be my first try. Definitely read up on how to install Linux on MBPs. You probably might have to configure something in OpenFirmware/EFI. 
 
- But unlike server aided services an OS still keeps working. You can use that PC for 10 more years, if you like. - I think there’s a discrepancy in the understanding of ‘support’ and what it entails in different technology fields. Demanding to receive NEW features for decades is not feasible in the current economic environment. - The biggest issue is security updates and a current internet browser. - Of course I can use a 30 year old computer that still works with the software it can run. 
 
 
- Before Microsoft demanded TPM 2.0, you could install the latest version of Windows on extremely old hardware. Easily reaching that 15 years. We had this already. And Windows 11 can easily run without TPM 2.0. Microsoft just has business reasons to demand it. So I don’t see how innovation is slowed down by this. 
- Or an established player in the market that wants to keep competitors out (but I guess in a way that is someone who dislikes change). While legislation like this can sometimes be great (e.g. the recent changes forcing longer support for mobile phones) there comes a point where it cuts the other way and it becomes an entry barrier. - Imo the better solution would be to legislate what happens after support ends. Like forcing the disclosure of at least some documentation that allows others to continue servicing the product or at least transfer out data and install other software on the device. 
- 15 years is too long, it doesn’t match the state of the industry or technological progress. - How is this too long? I would consider it a reasonable amount of time to receive security updates on a computer. - I have a notebook that I bought in 2012. It can run Ubuntu LTS 24.04, which is supported until 2034, without issue. There is no indication that the next release will stop supporting this hardware. I don’t see why Microsoft couldn’t provide this. 
- Pretty sure Rocky Linux provides updates for 10 years. - It’s not asking too much for multi-billion dollar corporations to provide 15 years of updates. - They have more than enough resources. - IBM providing 10 years for RHEL is doing most of the heavy lifting in the case of rocky linux 
 
- Outside of aero and financial where it’s not uncommon for this to use 20+ year old tech. - If something isn’t hyper critical 15 is way too long 
- Fair like imagine if Microsoft was forced to support windows 8 for 15 years, a operating system people barely use, also some OSs arnt ran by huge companys 
 
- Nothing says ‘circular economy’ like Microsoft stranding 400 million PCs - This might be a silly question but would this not be a good idea for a start up company that recycle computer parts? - that’s what the greatest technician that’s ever lived does. 
- There are dozens of us out here patiently awaiting a bunch of reasonably powerful new Linux machines. 
- Don’t manufacturers purposefuly destroy the computers and such just to ensure that doesn’t happen? - No. Manufacturers have no say in what happens to computer hardware after is sold. - Some companies may destroy the hard drives to make sure no data gets out. Some companies will remove the memory as well. 
 
- would this not be a good idea for a start up company that recycle computer parts? - I really don’t think so. Computer recycling already seems to be a low profit business, as evidenced by there not being any large companies that do it (that I’m aware of). This number of computers flooding the market would probably make it even less profitable. Sure, it may be profitable for some small businesses, but nothing on the scale required to address the problem. 
 
- This seems backwards. Let’s just assume we’re always going to be willingly beholden to tech giants, and so we’re going to pass a law to make our masters treat us well. - Maybe instead campaign for a law that says all publicly funded computer resources must be reliably usable for 15 years. So you either go FOSS and save money too, or you get guarantees in writing before you hand over your hand over money to the people who won’t even let you see what their code is doing on your hardware. - You can already patch windows as much as you want. - You can? How do you do that? - By replacing it with something better. - Yeah, I’ll just call up the CTO and ask for a new deployment of 300,000 VMs lmfao 
 
 
 
 
- No, OS makers should just not make their OS bloated with useless shit, stealing your data and have arbitrary system requirements. I think 15 years of OS updates is excessive unless we’re talking about servers or very specific workflows. IMO 5-10 years is enough. - That said, for some operating systems it doesn’t even make sense to support for THAT long, because how they are designed (A lot of Linux distros for example). It turns out, if you don’t break users’ workflow, they don’t mind to upgrade. - I agree with most of that, but there are loads of embedded systems still running the equivalent of Windows XP and they’re chugging along just fine. That OS still receives updates and ending that would break a lot of backend stuff. Mostly banking. - Boeing just started making planes which don’t rely on floppy disks for updates. That will continue on the older part of the fleet until it’s no longer feasible to procure the disks or the planes are no longer airworthy. I mean, why not? If you only need to store a few mbs for something critical, it’s not a bad choice of medium. - If a system is secure, reliable and works for decades without complaint, there’s no need to fix that. 
- 5 years for basic and 10 for lts seems fine. 10 years is a fucking long ass time. 
 
- Of course. Make another regulation only big corps can follow. To punish them, of course. This is punishment. - Good. - If we’re going to pretend corporations are people, then we should treat them like slaves. - That was sarcasm. Making a regulation to punish a big corporation that automatically disqualifies everyone smaller is not punishment for it. 
 
 
- Microsoft’s plan to end Windows 10 support next month — which may make an estimated 400 million PCs obsolete - I don’t get this. Can’t those PCs update to the new version? Yes, I am very aware that win11 is a shit show and win10 was better. - But Ubuntu also has a similar support policy for updates: - Ubuntu LTS versions get five years of updates, while non-LTS only gets nine months. - Would all the Linux versions out there be subjected the same 15 years of updates?? - No, Windows 11 added extra, unneeded hardware requirements. - Obsolete in this case actually means obsolete. Windows 11 literally blocks the update because you do not meet requirements, such as not having a TPM. - Technically, there are ways to bypass this, but not for a casual user (and it probably breaks some ToS) - Yep, exactly this. You can bypass the TPM and Processor requirements, but at some point it will come back to bite someone in the butt. - Microsoft with the 24H2 update broke Windows 11 for older systems (like Core2Duo, which are already ancient) due to a lack of required processor instructions. I’ve seen systems running under QEMU, and also on newer systems like the AMD Ryzen Zen1 platform experience “Unsupported Processor” BSODs preventing the system from booting. - Even outside of that, Microsoft doesn’t deploy the yearly feature roll-ups to systems with unsupported hardware, even if Windows 11 is already installed. I’ve seen many unsupported systems end up stuck 1-2 builds behind, and they never see the update. They have to be manually updated using the same mechanisms that got Windows 11 installed in the first place. - Microsoft I believe, expects Windows 11 to be running on a minimum set of hardware, and that’s all they are qualifying it for. So older systems are going to eat it at some point if they are used in production. - The TPM checks are for security but, certainly not required if someone is willing to drop system security for some reason. - TPM is more about securing data from PC owners rather than for them. Since it’s there anyways, it is used to support bitlocker, but the reason they are pushing it so much is because it might (depending on whether it actually is secure) be able to allow content providers to allow users to view their content without needing to give them access to copy or edit it. - And there isn’t any guarantee that the uses that do benefit the user’s security don’t have some backdoor for approved crackers to get in. Like doesn’t the MS account store a copy of the recovery key for bitlocker? Which is nice for when the user needs it, but also comes in handy if MS wants to grant access to anyone else. - Microsoft does on Home Edition without even asking, and it doesn’t provide the users with a choice to store the key locally OR put it on the Cloud account, like Windows Pro does. I’m sure Microsoft has a master key to an account as well. But one can hope they do not, and they are also storing those BitLocker keys in an encrypted fashion in whatever database runs the backend. - Also agree with you on TPMs. They are useful when invoked by the user, like for passkey or secrets storage. DRM on content and software is, and always will be, anti-consumer. As for now secure TPMs are, I know Infineon did have that Random Number Generator bug which basically broke the TPMs. So there’s that. 
 
 
- Apparently there’s a way to install Win11 and bypass all these requirements. - https://www.tomshardware.com/how-to/bypass-windows-11-tpm-requirement 
 
- You don’t typically pay to run Linux distros. They’re open-source. I can’t imagine they’d be subject to this. - Upgrades are more seamless as well, it’s definitely a bit more blurry of a process. Plus Ubuntu releases twice a year, so their versions are more like the equivalent of Microsoft’s service packs (or whatever they call them now) but on a rolling basis. 
- if anyone pays though they would need to keep a long-long-term-support. 
 
- Correct, the “obsolete” PCs can’t update to Windows 11. The Windows 11 update forces certain hardware support that a lot of devices don’t have. The security this hardware provides is mainly in someone physically removing data from your PC. As such it’s very business oriented but affects all versions of Windows 11. - It’s not business oriented, it provides a unique ID attached to the machine, cryptographically proven. - Next step is to use that unique ID to identify you on the internet and digital life. Ending all privacy. - You think this is far fetched? Kernel-level anti-cheat for games already does this and bans the machine from playing that game ever again. - Couldn’t you theoretically swap out the tpm chip? Or spoof/emulate it? If not, how do VMs run Win11, do they just inherit the host tpm chip and that’s that? I feel like this was the same goal of having a mac address on each device, and it became irrelevant in short order. 
 
 
- Would all the Linux versions out there be subjected the same 15 years of updates?? - They shouldn’t be, since the model for updates is quite distinct from Windows or iOS in a way that I would argue should effectively meet the requirements anyways. If a distro releases a new version twice a year, outside of enterprise situations where a company is paying for support, there’s nothing to really stop anyone who wants from upgrading. They don’t charge for it, and while new versions might add out-of-the-box support for new hardware, it’s pretty rare for Linux to suddenly change minimum hardware requirements in a way that requires you to buy a whole new machine in order to run the latest release. The only case that immediately comes to mind is that of distros increasingly removing support for i386 machines, but in fairness, Intel discontinued manufacturing of i386 chips 18 years ago. - Of course, this all assumes that the people in charge of making these decisions actually understand the technology in at least a general sense, and it’s not being left up to a bunch of idiots who have refused to keep up with any innovations more recent than the fax machine, so odds are kind of crap. 
 












