1. Security updates. No feature updates are required (Which is sensible in my opinion.)
2. The federal election happens later this month. Take this plan with a grain of salt.
3. The original article by heise.de mentions that the federal government will push these plans during negotiation of the EU wide laws. The government thinks that the plans of the commission do not go far enough. However it's unlikely that Germany will implement stricter rules on a national level.
Note that WKRL and DIDRL (two new European directives) will be in effect in Germany starting Jan 1, 2022. They include a consumer's right to updates that allow the device to keep working (including security updates).
But they don't specify an actual period for updates (this will have to be decided by the courts). And, what I find worse, they force the seller to provide the update, not the manufacturer. If the seller is not able to do that (which will be the case most of the time), they can be relieved of their duty.
I don't think security updates are quite enough. Sometimes you need updates to keep functioning. For example support for TLS 1.0/1.1 or older signature algorithms was widely removed, which can prevent old clients from connecting to most servers.
Sure, but Germany has a lot of clout in the EU, and this might be a good point for –just a random pick– a new chancellor to show his/her concern for the people. I'm almost sure the new German chancellor could get that done in EU record time.
"Security updates. No feature updates are required (Which is sensible in my opinion.)"
The lines get blurry.
Is a modern browser a feature upgrade or security?
Well, both. But if the vendors really would just sort of fix their old mobile browser, you would still be stuck with a old browser unable to interact with the modern web.
Is it a feature update, that you want to install newer apps? (like another browser)
For this to make sense, it should enable you to update your whole OS of the devicey that it can at least install and update common apps. Otherwise its benefit is very limited.
Re 1, yes it’s sensible as law, but I imagine Big Tech freaking out at the possibility of having to maintain some security-only update branch for every version a user might have started with.
I like this, but I think a reasonable alternative would be that for smart phones older than a certain age the manufacturer publish enough information for the creation of free drivers and software and unlocks for installing that software. One thing that makes me really sad is that I would probably be perfectly fine still using iPhone 5 era hardware if I had a free OS I could put on there with ongoing support. That's entirely reasonable in the desktop/laptop space so it strikes me as kinda sad that it seems non-existent in phones, when it's all just computers anyway.
The problem are the SoC that often have weird peripheral and drivers that require patched kernels (and often it's to interface with proprietary hardware that's under IP constrains).
I am a proponent of this idea, but I could never figure out how to address proprietary blobs and third-party entanglements. Even Apple with their massive vertical integration likely cannot fully open source an iPhone 5, as there are proprietary bits like certain chip driver's software API they've agreed to not divulge that are still in effect due to the nature of many legal agreements to grasp for indefinite terms in these matters.
In my view, one other feasible good step would be to require companies to publish the source code of their phones, ie provide the option for people to download, compile and install the full sw stack. Like this even if manufacturers stop supporting their devices, people can step in and do it. At the very least it would make it easier to support devices than it currently is in third party ROMs
Literally the only reason I stopped using my last two phones was that the security updates stopped streaming in. Even now they sit in a drawer, perfectly functional, abandoned by Google.
I think these requirements are very reasonable and we have an existence proof that it is doable.
I know that Apple supports its hardware for seven years in California (and not other US states as far as I know) due to state law. I can’t imagine other manufacturers are immune to this same law.
Providing firmware-updates and spare-parts (especially batteries) should be a requirement for all-purpose-computers i.e. laptops and desktops. And also for smartphones with user replaceable operating-system. For devices which are only appliances (smartphones with boot-lock and worse) this also extends to the operating-system itself.
This makes devices more expensive? The prices will be higher but the value you get also. I'm talking about companies which uses adhesive strips and unusual screws with tiny buckles (Apple - iPhones) or the ones which glue the display onto the baseboard (Google - Pixel). Or companies which used to provided user-replaceable batteries with notches, which now uses screws inside the device (okay!), but now also a firmware to ensure that the user won't get a replacement battery some years later (Lenovo - ThinkPad). Otherwise Lenovos ThinkPads are good example, step-by-step manuals, explosion diagrams, well maintained replacement-part numbers...and yes, more expensive.
yea funny story about that. I have a google pixel 3 xl. Was in great condition. No cracks or issues. So I'm in the medellin airport waiting for my flight to Lima when I'm talking to a friend and notice that a crack is forming alongside my phone. To my horror, the battery decided to swell open so far that it cracked open the cell case. Here I am with a phone that as far as I know, is about to shit the bed and I'm in the middle of a foreign country on my way to ANOTHER foreign country with no way of activating a new phone. (google fi requires the phone be in america during activation.)
Luckily in Lima, I was able to track down someone that could doa. replacement. This phone was clearly not designed to be repaired as I saw him slowly melt layers of glues and pull apart different pieces to do the actual battery replacement.
He managed to get it working but now the finger print reader isnt' working. So here I am currently in latin america with a phone that has a cracked case and a broken fingerprint reader. I'm waiting till I can stomach coming back stateside to replace this phone because repairability was never a concern.
I'd go even one step further: EOL software and hardware should be forced to be open-hardware (at least open schematics) or opensource. If you're not willing to support a product anymore then it should not be possible for it to simply turn into a brick because you turned off a server.
This would either create a market where companies will sell the license to support old products to other companies, or old hardware and software would finally be able to be supported by the community. There wouldn't be a need to reverse engineer or develop stuff in a "clean room" for fear of litigation.
Imagine powerful and lightweight laptops only sold in Americas and Asia while in Europe one will only be able to buy bulky (because repairability) and slow (because high-end manufacturers focus on less regulated markets) versions.
Here's a "win-win" scheme which benefits both consumers as well as manufacturers/retailers without running up the costs for either: mandate the release of a device tree for all devices at least a year before the last vendor-supplied update so the users can migrate to any AOSP-derived distribution - LineageOS being the most well-known. The device tree should be complete, i.e. it needs to contain any needed drivers in either source (preferable) or blob form so the device will continue to be fully functional when used with a third-party distribution. Doing this will drastically increase the useable life span of devices by mostly removing software obsolescence as a factor. Hardware will still age, performance will eventually lag too far behind current devices but seeing as how I'm using several devices from around 2010 (Motorola Defy/Defy+) for specific tasks those 7 years can easily be extended without any additional cost to either vendor or consumer.
Project treble should actually be really close to this, come to think of it. And I kind of think that that's theoretically supposed to be part of Google's certification process for Android, though I suspect there are caveats (ex. without unlocking the bootloader it doesn't help).
iPhone 6s (not 6) level of performance and above is really enough for most people to do normal every day tasks (not gaming). People are going to be keeping their devices for longer lengths of time. Security updates for longer periods are essential.
Software updates should be indefinite, like Linux distros, which can still run on 15 year old hardware just fine.
The future ought to be something like PinePhone (but with better hardware) that can be customized to run a variety of OS with consumables such as batteries easily user replaceable.
> like Linux distros, which can still run on 15 year old hardware just fine
First, let's remind that LineageOS does not run on 15 year old smartphones (and they drop support for a device when there is no upstream support from vendors on the same Android version).
One issue is that unlike x86/x86_64, there is no generalized abstraction platform (similar to BIOS/UEFI/ACPI description tables) that enables "one kernel to rule them all" i.e. you need some custom adjustments on your kernel for your SoC and board. Since a few years we have device-tree which improves a lot the situation, but I understand it does not cover everything (i.e. there would still be some missing aspects compared to UEFI/ACPI with regards to hardware description. Maybe some embedded experts can comment ?). Besides it is still not always implemented in chipset vendor's BSP which sometimes still rely on board files (where the data is not easy to extract from a binary kernel, noting that a lot of low-end OEMs do not properly comply with GPL and do not publish their sources)...
Yeah, that is definitely the ideal future. Problem is that it has to be a well organized entity behind this. The open source community is very fragmented and can't spawn a reliable product for the mass consumer in the way current companies can.
While the idea that companies are held responsible for all theyr actions are good, there is one big problem. If the rist of failure of a product is to large, companies build shell companies that can go bancrupt. It is done so in oil shipment companies and i am sure there are other good examples. Nothing has been done against that even after huge oil leaks where the responsible companies have been very obvious.
(I do agree to longer enforced support on devices nevertheless)
This requires hardware manufacturers to work with kernel maintainers. It’s hard enough just getting them to publish the driver source code and not screw the user over for removing “value add” user space software.
The Nokia XR20 is one of these devices, it was released in August 2021. However according to https://www.nokia.com/phones/en_int/security-updates it is not guaranteed to receive security updates after August 2025. Something is wrong.
I love that they are closing all of the loopholes at the start - can’t raise the cost of the replacement parts over time, have to deliver them within a defined timeframe, etc. Combine that with meaningful penalties for non-compliance and I’m sure there are a lot of executives cursing.
I’d love to see the same thing applied to lightbulbs - instead of throwing away the entire bulb because 1/n leds have failed, be able to replace the failed led. I’ve seen a number of YouTube videos where a guy tears down “burnt out” led bulbs and every time he’ll find a single led that is dead or dying and he’ll bypass it and the bulb works fine. However he usually destroys the plastic bulb piece getting it open - would be great if those screwed or snapped on.
They already have a similar law in place for car parts. Manufacturers have to supply them for 10 years. And also 3rd party garages have to be able to buy them. And compatible parts from another manufacturer are mostly legal (can't be protected by copyright).
Extending something like this to software and security updates is a promising idea.
It's hard to see how this could be enforced meaningfully. After all, who gets to decide if the updates represent a reasonable effort at bug fixing and security patching? What's to stop a company throwing out rudimentary updates as a box ticking exercise? In some ways that could be worse by creating a superficial appearance that phones are up to date.
I'd rather let users install their own OS with minimal roadblocks (one click verification, no loss in functionality, standard low-level interface), seems to me like a more feasible and general option than forcing support of whatever ad-ridden rubbish manufacturers cook up these days.
Unfortunately, that's not enough, since old drivers and firmware remain as security risks even if the OS is updated. This is why GrapheneOS refuses to support hardware after the manufacturer drops support.
Some ideas I had for what a regulator can do to protect our consumer rights (including right to repair) on the software tech side:
- All devices should come with unlocked bootloader. No exceptions.
- OS updates should be mandated for a certain period. Especially security updates.
- Standardisation: An open standard API for device drivers should be mandated for the hardware components used so that system developers can easily create support for any OS, and don't need to resort to reverse engineering.
- Copyright restrictions on software code should be valid only for a certain period and become public domain (open source) after that. (It should definitely not be 75+ years of copyright that is currently mandated for films and books).
The Android world is full of finger pointing about why this is hard. SoC makers have crap BSP support and closed-source drivers. OEMs want to sell new phones (profit) instead of supporting old phones (pure cost). Google can't keep watches updateable despite dictating which SoC is used. Lots to complain about but no real excuses. This invites regulation.
.. from the kernel.org maintainers, some distros / vendors offer longer support.
But android vendors can update the kernel version too, eg once along with android major version upgrade and then stay on LTS updates only, adds up to more than 7 years.
The latest iOS supports 6 year old iPhones ... this law seems pretty reasonable give that a iPhone 6 is unsupported but is still a solid device.
Just looking at the iPhone release list, I we should be doing something like full product support for at least 5 years, full software support for 7 years, security updates for 10 years (iPhone 5 and up).
[+] [-] Vespasian|4 years ago|reply
2. The federal election happens later this month. Take this plan with a grain of salt.
3. The original article by heise.de mentions that the federal government will push these plans during negotiation of the EU wide laws. The government thinks that the plans of the commission do not go far enough. However it's unlikely that Germany will implement stricter rules on a national level.
[+] [-] rivo|4 years ago|reply
But they don't specify an actual period for updates (this will have to be decided by the courts). And, what I find worse, they force the seller to provide the update, not the manufacturer. If the seller is not able to do that (which will be the case most of the time), they can be relieved of their duty.
We're only halfway there.
[+] [-] CodesInChaos|4 years ago|reply
[+] [-] tgv|4 years ago|reply
[+] [-] hutzlibu|4 years ago|reply
The lines get blurry. Is a modern browser a feature upgrade or security?
Well, both. But if the vendors really would just sort of fix their old mobile browser, you would still be stuck with a old browser unable to interact with the modern web.
Is it a feature update, that you want to install newer apps? (like another browser)
For this to make sense, it should enable you to update your whole OS of the devicey that it can at least install and update common apps. Otherwise its benefit is very limited.
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] SilasX|4 years ago|reply
[+] [-] detaro|4 years ago|reply
[+] [-] overgard|4 years ago|reply
[+] [-] 908B64B197|4 years ago|reply
[+] [-] yourapostasy|4 years ago|reply
[+] [-] nspattak|4 years ago|reply
In my view, one other feasible good step would be to require companies to publish the source code of their phones, ie provide the option for people to download, compile and install the full sw stack. Like this even if manufacturers stop supporting their devices, people can step in and do it. At the very least it would make it easier to support devices than it currently is in third party ROMs
[+] [-] tlhunter|4 years ago|reply
[+] [-] gumby|4 years ago|reply
I know that Apple supports its hardware for seven years in California (and not other US states as far as I know) due to state law. I can’t imagine other manufacturers are immune to this same law.
I’m not holding Apple up to be some paragon of virtue, but it was easy for me to find what they write on the subject: https://support.apple.com/en-us/HT201624
[+] [-] ho_schi|4 years ago|reply
This makes devices more expensive? The prices will be higher but the value you get also. I'm talking about companies which uses adhesive strips and unusual screws with tiny buckles (Apple - iPhones) or the ones which glue the display onto the baseboard (Google - Pixel). Or companies which used to provided user-replaceable batteries with notches, which now uses screws inside the device (okay!), but now also a firmware to ensure that the user won't get a replacement battery some years later (Lenovo - ThinkPad). Otherwise Lenovos ThinkPads are good example, step-by-step manuals, explosion diagrams, well maintained replacement-part numbers...and yes, more expensive.
[+] [-] cultofmetatron|4 years ago|reply
yea funny story about that. I have a google pixel 3 xl. Was in great condition. No cracks or issues. So I'm in the medellin airport waiting for my flight to Lima when I'm talking to a friend and notice that a crack is forming alongside my phone. To my horror, the battery decided to swell open so far that it cracked open the cell case. Here I am with a phone that as far as I know, is about to shit the bed and I'm in the middle of a foreign country on my way to ANOTHER foreign country with no way of activating a new phone. (google fi requires the phone be in america during activation.)
Luckily in Lima, I was able to track down someone that could doa. replacement. This phone was clearly not designed to be repaired as I saw him slowly melt layers of glues and pull apart different pieces to do the actual battery replacement.
He managed to get it working but now the finger print reader isnt' working. So here I am currently in latin america with a phone that has a cracked case and a broken fingerprint reader. I'm waiting till I can stomach coming back stateside to replace this phone because repairability was never a concern.
[+] [-] Popegaf|4 years ago|reply
This would either create a market where companies will sell the license to support old products to other companies, or old hardware and software would finally be able to be supported by the community. There wouldn't be a need to reverse engineer or develop stuff in a "clean room" for fear of litigation.
[+] [-] chrisseaton|4 years ago|reply
Not everyone values repairability.
[+] [-] goodpoint|4 years ago|reply
No, it makes them cheaper by pushing back planned obsolescence.
[+] [-] oytis|4 years ago|reply
[+] [-] the_third_wave|4 years ago|reply
[+] [-] yjftsjthsd-h|4 years ago|reply
[+] [-] HumblyTossed|4 years ago|reply
[+] [-] xqcgrek2|4 years ago|reply
The future ought to be something like PinePhone (but with better hardware) that can be customized to run a variety of OS with consumables such as batteries easily user replaceable.
[+] [-] karteum|4 years ago|reply
First, let's remind that LineageOS does not run on 15 year old smartphones (and they drop support for a device when there is no upstream support from vendors on the same Android version).
One issue is that unlike x86/x86_64, there is no generalized abstraction platform (similar to BIOS/UEFI/ACPI description tables) that enables "one kernel to rule them all" i.e. you need some custom adjustments on your kernel for your SoC and board. Since a few years we have device-tree which improves a lot the situation, but I understand it does not cover everything (i.e. there would still be some missing aspects compared to UEFI/ACPI with regards to hardware description. Maybe some embedded experts can comment ?). Besides it is still not always implemented in chipset vendor's BSP which sometimes still rely on board files (where the data is not easy to extract from a binary kernel, noting that a lot of low-end OEMs do not properly comply with GPL and do not publish their sources)...
[+] [-] boudin|4 years ago|reply
[+] [-] goohle|4 years ago|reply
[+] [-] sto_hristo|4 years ago|reply
[+] [-] rspoerri|4 years ago|reply
(I do agree to longer enforced support on devices nevertheless)
[+] [-] 908B64B197|4 years ago|reply
We'd need an open spec SoC for that.
[+] [-] bootloop|4 years ago|reply
[+] [-] swiley|4 years ago|reply
[+] [-] pjmlp|4 years ago|reply
[+] [-] Tepix|4 years ago|reply
The "Android Enterprise Recommended" program provides "rugged devices" with five years of "90-day security updates". (see: https://static.googleusercontent.com/media/www.android.com/e... )
The Nokia XR20 is one of these devices, it was released in August 2021. However according to https://www.nokia.com/phones/en_int/security-updates it is not guaranteed to receive security updates after August 2025. Something is wrong.
[+] [-] zxcvbn4038|4 years ago|reply
I’d love to see the same thing applied to lightbulbs - instead of throwing away the entire bulb because 1/n leds have failed, be able to replace the failed led. I’ve seen a number of YouTube videos where a guy tears down “burnt out” led bulbs and every time he’ll find a single led that is dead or dying and he’ll bypass it and the bulb works fine. However he usually destroys the plastic bulb piece getting it open - would be great if those screwed or snapped on.
[+] [-] andix|4 years ago|reply
Extending something like this to software and security updates is a promising idea.
[+] [-] simonh|4 years ago|reply
[+] [-] dvdkon|4 years ago|reply
[+] [-] jitix|4 years ago|reply
Most people who use phones don't even know what an OS is.
[+] [-] foresto|4 years ago|reply
https://grapheneos.org/faq#legacy-devices
[+] [-] webmobdev|4 years ago|reply
- All devices should come with unlocked bootloader. No exceptions.
- OS updates should be mandated for a certain period. Especially security updates.
- Standardisation: An open standard API for device drivers should be mandated for the hardware components used so that system developers can easily create support for any OS, and don't need to resort to reverse engineering.
- Copyright restrictions on software code should be valid only for a certain period and become public domain (open source) after that. (It should definitely not be 75+ years of copyright that is currently mandated for films and books).
[+] [-] annexrichmond|4 years ago|reply
But what if some software update “bricks” or regresses your device in some way?
I’ve had video games even that have become unusable after software updates.
[+] [-] Zigurd|4 years ago|reply
[+] [-] foxfluff|4 years ago|reply
[+] [-] fulafel|4 years ago|reply
But android vendors can update the kernel version too, eg once along with android major version upgrade and then stay on LTS updates only, adds up to more than 7 years.
[+] [-] Ensorceled|4 years ago|reply
Just looking at the iPhone release list, I we should be doing something like full product support for at least 5 years, full software support for 7 years, security updates for 10 years (iPhone 5 and up).
[+] [-] whoknowswhat11|4 years ago|reply
[+] [-] internet2000|4 years ago|reply
[+] [-] marcodiego|4 years ago|reply
Specification and source code for drivers would be even better, but harder to get.
[+] [-] Tepix|4 years ago|reply
If a vendor supplies bad security updates after six years, I can demand proper updates or perhaps my money back in return for my insecure device.
If the software is open source i may not receive any updates regardless.