Comment by qwertycrackers

Comment by qwertycrackers 10 months ago

16 replies

View on Hacker News

I think what is this ignoring is that "security updates" are generally corrections to defects in the original product.

In principle, a complete product would ship with no defects. You could run it for 1000 years unpatched and it would be no less secure than the day it shipped.

Manufacturers ship security updates because the original product was defective. So it makes sense that they remain on the hook for security updates -- we paid them full price up front.

Wowfunhappy 10 months ago

I am extremely sympathetic to this view--but is it practical? Like, should Apple be forced to continue releasing security fixes for the original iPhone?

Reply View 13 replies
  • diggum 10 months ago

    A relatively small ongoing investment in a phone with which they earned billions of dollars in profit. Doesn't necessarily require new feature updates, but security updates should be available for a far more significant length of time than the single-digit years the have self-regulated themselves. As an alternative, perhaps these companies should be held responsible for the e-waste of their prematurely expired hardware...

    Reply View 3 replies
    • Wowfunhappy 10 months ago

      > A relatively small ongoing investment in a phone with which they earned billions of dollars in profit.

      That's fair. But what about a product which doesn't turn a profit? The iPhone could have been a total flop, no one knew in advance!

      I worry that if releasing a hardware product carried an unlimited support burden, companies would release far fewer products. Less risk taking would lead to less innovation, and so on.

      I think I would be more on board with a rule like "once you stop releasing security updates, you must share hardware documentation and unlock the bootloader", so consumers can install their own (presumably patched) operating systems. But this wouldn't actually affect most of society, because 90% of consumers (I'm being generous) are never going to install Linux on their phones.

      Reply View 2 replies
      • Qwertious 10 months ago

        Expecting consumers to DIY install Linux is unrealistic but also irrelevant - that's what commercial refurbushers are for.

        Reply View 1 reply
        • graemep 10 months ago

          They could also sell their devices to those users who will install their own OS, or volunteers could help them do it, or simple device specific plug and play installers could be developed.

          Reply View 0 replies
  • sitkack 10 months ago

    Yes they should, they should also be forced to unlocked the bootloaders and release specs to the hardware so that 3rd part OSes can target the devices. Hardware recycling is a joke. I have first gen ipad that would make a great photoframe, video play and ebook reader but instead it is a fully functional paper weight.

    Reply View 1 reply
    • genewitch 10 months ago

      First gen "Google" Nexus tablet, factory restored before being put in storage and it's got 15 seconds between touching the screen and the UI even attempting to update. It was a decent small tablet when i bought it, too.

      My Nokia N800 runs the exact same as it did when i bought it, used, about 4 years after the release. I can even stream transcoded video to it, still. The camera works. The terminal works fine. That's probably why apple has trillions of market cap or whatever and Nokia is making $50 feature phones with touchscreens (i haven't seen any nor do i care, the n900 (910?) should have been a bigger deal and i'm still mad)

      Reply View 0 replies
  • cwillu 10 months ago

    Software copyright law should acquire a concept of defense: if it's no longer profitable for you to maintain it, that should delimit the end of the copyright term, with a short grace period of (say) one year.

    Reply View 2 replies
    • Qwertious 10 months ago

      Hollywood accounting says no movie is ever profitable. Your proposed law would just create a perpetual copyright for companies with sufficiently creative accountants.

      Reply View 1 reply
      • EraYaN 10 months ago

        The idea being that the security updates would then also have to keep coming as long as copyright is held.

        Reply View 0 replies
  • superjan 10 months ago

    How about applying the idea behind ESCROW: if you market hardware with software dependencies, you are required to provide the source to a trusted third party who will release/opensource it if you stop maintaining said software before the expected lifetime of the hardware.

    Reply View 2 replies
    • genewitch 10 months ago

      Sounds great, how do you enforce this with the deluge of things like IP cameras and the like from Chinese companies?

      100% tariffs? Every outdoor IP camera, for example, is either Chinese manufactured or outlandishly expensive. even a 200% increase in purchase price makes these devices competitive, still.

      Reply View 1 reply
      • vineyardmike 10 months ago

        You don’t force regulatory compliance with a tariff, you force regulatory compliance with import bans. Enforcement is a whole separate issue.

        “If you doesn’t follow rule X, you can’t import the cheap IP camera into America”

        Reply View 0 replies
  • realusername 10 months ago

    I'm okay for them to stop supporting it but in return they have to open the bootloader and release all the hardware documentation to not turn it into a brick.

    Reply View 0 replies
latexr 10 months ago

> In principle, a complete product would ship with no defects. You could run it for 1000 years unpatched and it would be no less secure than the day it shipped.

Not necessarily. Something could be perfectly secure today and for the next 100 years but be trivial to crack in 1000 years because the landscape changed so much. Something that is inconceivable to crack by brute force now won’t be as compute power keeps rising.

It’s impossible to cover every base from the start and forever. Who would’ve thought that soundproof glass could be beat with a camera filming an object?

https://www.newscientist.com/article/dn25999-caught-on-tape-...

> We were able to recover intelligible speech from maybe 15 feet away, from a bag of chips behind soundproof glass

Reply View 0 replies
Joeri 10 months ago

As a web developer I really want all devices to have evergreen browsers, and that in turn implies on-going feature updates at the OS level to support those evergreen browsers.

It also doesn’t really matter whether updates are fixes or features. Somebody has to do the work, and they have to get paid, and only so many years of that work can be baked into the original purchase price, before buyers go to a competitor who offers less support. You paid full price for X years of support, but what happens after that?

Reply View 0 replies