top | item 41585891

(no title)

I think what is this ignoring is that "security updates" are generally corrections to defects in the original product.

In principle, a complete product would ship with no defects. You could run it for 1000 years unpatched and it would be no less secure than the day it shipped.

Manufacturers ship security updates because the original product was defective. So it makes sense that they remain on the hook for security updates -- we paid them full price up front.

discuss

Wowfunhappy|1 year ago

I am extremely sympathetic to this view--but is it practical? Like, should Apple be forced to continue releasing security fixes for the original iPhone?

diggum|1 year ago

A relatively small ongoing investment in a phone with which they earned billions of dollars in profit. Doesn't necessarily require new feature updates, but security updates should be available for a far more significant length of time than the single-digit years the have self-regulated themselves. As an alternative, perhaps these companies should be held responsible for the e-waste of their prematurely expired hardware...

sitkack|1 year ago

Yes they should, they should also be forced to unlocked the bootloaders and release specs to the hardware so that 3rd part OSes can target the devices. Hardware recycling is a joke. I have first gen ipad that would make a great photoframe, video play and ebook reader but instead it is a fully functional paper weight.

cwillu|1 year ago

Software copyright law should acquire a concept of defense: if it's no longer profitable for you to maintain it, that should delimit the end of the copyright term, with a short grace period of (say) one year.

superjan|1 year ago

How about applying the idea behind ESCROW: if you market hardware with software dependencies, you are required to provide the source to a trusted third party who will release/opensource it if you stop maintaining said software before the expected lifetime of the hardware.

realusername|1 year ago

I'm okay for them to stop supporting it but in return they have to open the bootloader and release all the hardware documentation to not turn it into a brick.

latexr|1 year ago

> In principle, a complete product would ship with no defects. You could run it for 1000 years unpatched and it would be no less secure than the day it shipped.

Not necessarily. Something could be perfectly secure today and for the next 100 years but be trivial to crack in 1000 years because the landscape changed so much. Something that is inconceivable to crack by brute force now won’t be as compute power keeps rising.

It’s impossible to cover every base from the start and forever. Who would’ve thought that soundproof glass could be beat with a camera filming an object?

https://www.newscientist.com/article/dn25999-caught-on-tape-...

> We were able to recover intelligible speech from maybe 15 feet away, from a bag of chips behind soundproof glass

Joeri|1 year ago

As a web developer I really want all devices to have evergreen browsers, and that in turn implies on-going feature updates at the OS level to support those evergreen browsers.

It also doesn’t really matter whether updates are fixes or features. Somebody has to do the work, and they have to get paid, and only so many years of that work can be baked into the original purchase price, before buyers go to a competitor who offers less support. You paid full price for X years of support, but what happens after that?