[HN Gopher] Germany wants smartphone makers to offer 7 years of ...
___________________________________________________________________
Germany wants smartphone makers to offer 7 years of software
updates
Author : underscore_ku
Score : 565 points
Date : 2021-09-06 13:16 UTC (9 hours ago)
(HTM) web link (www.xda-developers.com)
(TXT) w3m dump (www.xda-developers.com)
| finchisko wrote:
| For me, the good compromise for start would be 3 devices per year
| per maker to have this prolonged support.
|
| Probably I'm native, but also wonder, why there is no single
| manufacturer that offers payed updates after product EOL. Like
| subscription service, canonical is offering after LTS release is
| EOL.
| ncphil wrote:
| Because it is the phone manufacturers' suppliers, specifically
| the SoC manufacturers, who have created this mess for all the
| reasons previously stated upthread. Bright line regulations
| like those proposed (with some of the suggestions made here)
| would change that for the better.
| dwighttk wrote:
| Seems like 7 years could be pretty brittle. Could there be a
| floor of user requests for update per month or something?
| southerntofu wrote:
| Why? 7 years is a very limited duration, i would personally
| advocate for (at the very least) twice that, and not just for
| security updates but also for hardware warranty.
|
| It would push hardware manufacturers to produce good reliable
| hardware instead of 10 crappy new phones every year, and to
| partner with reliable systems developers/vendors instead of
| pushing their own broken-in-1000-ways Androids.
| dwighttk wrote:
| You must still dedicate developer time to devices that aren't
| used seems like a bad law.
| ryan93 wrote:
| None of the governments business in the first place. 14 years
| would mean the original iphone is being updated. There would
| be like 4 people still using it.
| HPsquared wrote:
| At a certain point it's probably cheaper to give these
| people new phones then it is to update their software.
| (Ignoring the incentives this would create, of course)
| southerntofu wrote:
| Certainly not from an environmental perspective, and i
| assume also not (though i don't have a study on the
| topic) from an economic perspective.
| darkwater wrote:
| Indeed, but smartphone HW is much more mature nowadays and
| even the cheaper smartphone can do what most people need
| from a device like that. So, expecting a device released in
| 2021 to last 10 or even 15 years and still be useful it's
| not that weird (beside storage losing speed, maybe). 10
| years for a device from 2012 OTOH would be completely
| impossible.
| nbernard wrote:
| > 10 years for a device from 2012 OTOH would be
| completely impossible.
|
| Why? My Nokia N9 is still my daily driver. Only the lack
| of software updates is making it less and less useful.
| saagarjha wrote:
| Maybe more people would be using it if it was still
| supported?
| grumbel wrote:
| The Playstation2 was produced for 13 years, Xbox360 for 11
| years. The CPU I am having in my PC is 10 years old already
| as well. Long lifespan is not exactly impossible in tech.
|
| Also bringing up the original iPhone is a strawman, as
| that's not going to be supported by this law any more than
| it is today, newly released phones however are. And since
| technological progression has slowed down a lot in the last
| few years that really shouldn't be that hard.
| postingawayonhn wrote:
| People don't carry game consoles around in their pockets
| all day. The refresh cycle for phones is also much faster
| for a verity of reasons.
| karteum wrote:
| > People don't carry game consoles around in their
| pockets all day
|
| No, but most people also don't need SoCs which
| performance doubles every 2 years. If the software was
| properly written and optimised (which would be more
| common if the firmware developers expected the hardware
| to have a long lifespan), there would be no reason any
| phone manufactured in the last 7 years to be sluggish.
| Anyway most people just want their basic apps to work
| (e.g. phone, emails, whatsapp, agenda, hotel booking,
| photos, maps, chat, music player, etc.), none of which
| should require a very powerful CPU or tons of RAM...
| postingawayonhn wrote:
| I was referring to the physical wear and tear that a
| phone had to withstand compared to a game console.
| ryandrake wrote:
| I'd also argue that lack of software support has got to
| be one of the primary reasons phones get refreshed at the
| rate they do. I keep my phones until the vendor stops
| shipping software updates. If today's iOS remained
| compatible with past devices, I'd probably still be using
| my iPhone 3. There's no reason it doesn't have to,
| either. Apple and other phone vendors deliberately choose
| to drop software support for hardware they consider "too
| old".
| marczellm wrote:
| I want seven years of warranty for computers and mobile devices
| and would be willing to pay a lot for it, but alas.
| nspattak wrote:
| It would be very nice if this happened.
|
| In my view, one other feasible good step would be to require
| companies to publish the source code of their phones, ie provide
| the option for people to download, compile and install the full
| sw stack. Like this even if manufacturers stop supporting their
| devices, people can step in and do it. At the very least it would
| make it easier to support devices than it currently is in third
| party ROMs
| gruez wrote:
| >In my view, one other feasible good step would be to require
| companies to publish the source code of their phones
|
| That is definitely not feasible. Vendors are very protective of
| their code. eg.
| https://github.com/github/dmca/blob/master/2019/08/2019-08-0...
| thepangolino wrote:
| Vendors can be as protective as they want, they can't go
| against the law of the land.
| gruez wrote:
| The point is that there will be a lot of pushback from
| vendors. Meanwhile I doubt even 5% of the electorate
| actually cares about this. For that reason I don't think
| it's really "feasible".
| pbhjpbhj wrote:
| >Meanwhile I doubt even 5% of the electorate actually
| cares about this. //
|
| Representational democracy is supposed to work around the
| problem of an uninformed electorate. The question should
| be "if a member of the electorate understood this
| situation well enough would they care", representatives
| are supposed to use subject experts to help them answer
| that question and then use their political expertise to
| implement laws that move us towards a solution.
|
| It's a big ask, and it doesn't work that well --
| politicians often work at what will win them plaudits in
| the press (or what can be presented as a win, if they
| control the press), rather than actually doing their job.
|
| Fundamentally though "the electorate doesn't care" is the
| wrong measure, there are a million things the electorate
| don't care about but would care about if they had the
| situation presented to them fully ... we pay
| representatives and advisors so we don't have to care
| directly ... that's supposed to be how it works.
| google234123 wrote:
| If the EU will also be happy to pay 100s of billions in
| IP reparations to the US and Asian countries affected
| then I'm sure the law will big fine :)
| Sargos wrote:
| The law only works if it makes sense. Aggressive and
| borderline punitive laws where IP is forced open will not
| be followed.
| tjoff wrote:
| They are. But perhaps there is little reason for them to be.
|
| Especially if everyone else wanting to play needs to open up
| as well.
| teknopaul wrote:
| requing operators to allow phone owners to update all
| OpenSource code, which is probably the majority of the
| Internet/network facing code in ios and android, could be
| doable.
| deepbluev7 wrote:
| You could just give vendors the option:
|
| - Release all code necessary for independent developers to
| provide updates.
|
| - Release updates for 7 years yourself.
|
| Then they can decide what is cheaper for them.
| planb wrote:
| What about a law the forces vendors to either provide security
| updates or publish the source code? That seems like a
| reasonable trade off between consumer rights and ip protection.
| WhyNotHugo wrote:
| Frequently SoC manufacturer make quick and dirty changes to a
| fork of the Linux kernel. By the time the hardware actually
| ships, those changes don't work any more with the current
| Linux kernel.
|
| Trying to make those work 2 years later is a huge effort --
| probably worth less than just replacing the phones.
|
| Mind you, I agree with you in principle, but I can see how in
| practice in might all go to shit.
| nicoburns wrote:
| If the code were open source, I'd be willing to bet quite a
| lot that this kind of code would get cleaned up and
| mainlined. Certainly for popular handsets from major
| manufacturers which probably account for the majority of
| handsets sold.
| danhor wrote:
| Thanks to the GPL this is already often the case (at
| least for the kernel). But vendor code is so abhorrent in
| quality, upstream efforts are few and far between.
| titzer wrote:
| I guess they gotta stop doing that then, huh? I don't see
| how consumers and society benefit from rushed, vulnerable
| crap software. Oh, right. Time to market. Race to the
| bottom. That's what we need more of.
| dmitrygr wrote:
| > I don't see how consumers and society benefit
|
| Actually, you _do_ see. The price of your phone would be
| higher if Qualcomm had to hire competent engineers to
| make properly designed kernel changes for their hardware.
| goodpoint wrote:
| The price of your phone would be much lower if the
| software stack was truly Open Source, allowing
| distribution to remove clutter and spyware, and make
| older phones perfectly usable again.
|
| Planned obsolescence is designed to increase TCO
| TeMPOraL wrote:
| How much higher though? If you were to take the total
| extra expenditure on increased salaries for those
| engineers, and divide by the number of phones produced,
| the result is what? A dollar?
| mathstuf wrote:
| Sure, but when applying Marketing Math(tm), remember that
| all prices need to end in "49" or "99" to "sound cheaper"
| than the next incremental bump. So you'll end up with a
| device that is either $50 or (more likely) $100 more than
| otherwise.
|
| Or they'll eat that $1 from their profit margins...eh,
| who am I kidding?
| TeMPOraL wrote:
| Magic of compartmentalization of concerns.
|
| It turns out that getting a bunch of programmers to do
| careful modifications to some C code base over a couple
| of months is _more work_ than getting great many
| thousands of people across multiple companies to
| manufacture, distribute and sell new hardware to millions
| of customers.
| londons_explore wrote:
| > Frequently SoC manufacturer make quick and dirty changes
| to a fork of the Linux kernel.
|
| SoC makers _deliberately_ do this as a way to force phone
| manufacturers to buy new chips.
|
| For example, if they release a chipset in 2020, it will
| ship with Kernel 4.14 (released in 2017). Why ship such an
| old kernel on brand new hardware you say?
|
| Well Android 11 (also shipped in 2020) supports Kernel
| 4.14, but you can be pretty sure that Android 12 _won 't_
| support 4.14. So that means that OEM's can't make android
| 12 work with that chip without a massive engineering effort
| (and by the way, a bunch of chipset blobs will be compiled
| against those kernel headers, so changing kernel versions
| is pretty much impossible).
|
| So, the main reason to use a deliberately outdated kernel
| is to prevent last years chips running next years android
| release, without the chipset manufacturers permission and a
| share of the profits.
| zozbot234 wrote:
| > and by the way, a bunch of chipset blobs will be
| compiled against those kernel headers, so changing kernel
| versions is pretty much impossible
|
| Binary drivers can be reverse engineered and
| reimplemented for the new kernel. This takes a lot of
| effort since it requires following a "proper" clean-room
| methodology when doing so for interoperability purposes,
| but is otherwise doable. A complementary approach is to
| forward port the minimum set of features that's required
| for Android 12 to the older kernel, in a way that
| carefully preserves the portions of in-kernel ABI that
| the binary drivers depend on.
| google234123 wrote:
| Reversing engineering is hard. It would be nice if the
| kernel didn't trash it's ABI all the time for ideological
| reasons. Hopefully a new OS (fuscia) will fix this.
| JoshTriplett wrote:
| I think this is much more reasonable as well, for many kinds
| of devices. Either give people the ability to update the
| device themselves, _or_ you have to supply updates. (I think
| 7 years is a bit much, but the duration is a quibble over a
| minor detail rather than a fundamental principle.)
| enriquto wrote:
| Why not both? There is no compromise needed here. Both things
| benefit the public interest which, after all, should be the
| author of the law (in a democratic country at least).
| JoshTriplett wrote:
| > Why not both? There is no compromise needed here.
|
| You're assuming that it's actually feasible to keep old
| devices up to date for that long. It may well not be. It
| gets substantially harder to maintain old branches the
| further mainline has diverged from them. The original
| engineering team has typically long since moved on. The
| magnitude of the issue, here, can be on the scale of "we
| now need several times as many engineering teams".
|
| This isn't a matter of "security updates would be better
| than no security updates". This may potentially be a matter
| of "security updates for four years is economically
| feasible, security updates for seven years isn't". (I'm not
| saying it _is_ infeasible, just that it may well be.)
| enriquto wrote:
| Thus a neat effect of such a law would be that SOC
| manufacturers would not purposefully break compatibility
| as much as they do now. Sounds like a win-win to me!
| JoshTriplett wrote:
| Or, much more likely, they'll continue building new
| hardware as they do now, and let the length of software
| support for old hardware in one particular market be a
| software problem for the vendors selling into that
| market.
|
| Don't assume that attempting to solve a problem with a
| law can only have one possible outcome, and can't
| possibly have a different outcome instead.
| nelgaard wrote:
| I would prefer if instead smartphone makers were at least
| forced to add a tool so users could wipe the memory and install
| a free bootloader.
|
| And would be great if they had to also provide a free OS, like
| postmarketos, lineage, Debian or something like that. It could
| be very rudimentary without a GUI, just drivers for GPS and
| Wifi. And they would not have to provide even security updates
| for that. So I would think that many companies would also
| prefer that.
| 0-_-0 wrote:
| I think that would be the ideal scenario.
| overgard wrote:
| I like this, but I think a reasonable alternative would be that
| for smart phones older than a certain age the manufacturer
| publish enough information for the creation of free drivers and
| software and unlocks for installing that software. One thing that
| makes me really sad is that I would probably be perfectly fine
| still using iPhone 5 era _hardware_ if I had a free OS I could
| put on there with ongoing support. That 's entirely reasonable in
| the desktop/laptop space so it strikes me as kinda sad that it
| seems non-existent in phones, when it's all just computers
| anyway.
| yourapostasy wrote:
| I am a proponent of this idea, but I could never figure out how
| to address proprietary blobs and third-party entanglements.
| Even Apple with their massive vertical integration likely
| cannot fully open source an iPhone 5, as there are proprietary
| bits like certain chip driver's software API they've agreed to
| not divulge that are still in effect due to the nature of many
| legal agreements to grasp for indefinite terms in these
| matters.
| anigbrowl wrote:
| If you're gonna have a law about open sourcing things, you
| just add a clause that says IP agreements after the lock-up
| term ends are null and void and unenforceable at law. You can
| have privacy (of your IP) or property rights, but state
| institutions will only help you enforce one, not both.
|
| Some people will argue that this will stifle innovation,
| because the manufacturers of the latest and greatest won't be
| incentivized to license their stuff. OK. Essentially I'm
| describing a bet on openness winning out over proprietary
| over time.
| 908B64B197 wrote:
| The problem are the SoC that often have weird peripheral and
| drivers that require patched kernels (and often it's to
| interface with proprietary hardware that's under IP
| constrains).
| R0b0t1 wrote:
| Two options: the claimed IP on the interface is removed or
| said to never have existed in the first place, and/or prevent
| bootloader locking.
|
| First one is a very good idea, as older IP law actually holds
| that interfaces aren't copyrightable. US IP law is
| schizophrenic on this last point considering the Oracle
| ruling. E.g. you're free to implement an interface for
| compatibility.
| the_third_wave wrote:
| Here's a "win-win" scheme which benefits both consumers as well
| as manufacturers/retailers without running up the costs for
| either: mandate the release of a _device tree_ for all devices at
| least a year before the last vendor-supplied update so the users
| can migrate to any AOSP-derived distribution - LineageOS being
| the most well-known. The device tree should be complete, i.e. it
| needs to contain any needed drivers in either source (preferable)
| or blob form so the device will continue to be fully functional
| when used with a third-party distribution. Doing this will
| drastically increase the useable life span of devices by mostly
| removing software obsolescence as a factor. Hardware will still
| age, performance will eventually lag too far behind current
| devices but seeing as how I 'm using several devices from around
| 2010 (Motorola Defy/Defy+) for specific tasks those 7 years can
| easily be extended without any additional cost to either vendor
| or consumer.
| forinti wrote:
| You need to be able to replace your battery for a phone to last
| that long.
|
| It would be nice if manufacturers had to make them easily
| replaceable too.
| Slartie wrote:
| There's a huge service infrastructure around phone repair and
| battery replacement nowadays. Not only can you go to the
| manufacturer and let them do it, but you also have a choice
| between lots of small phone repair shops, of which there are
| literally hundreds to be found in any bigger city on this
| planet. They are as ubiquitous as gas stations.
|
| This development has made non-user-replaceable batteries much
| more bearable.
| andix wrote:
| They already have a similar law in place for car parts.
| Manufacturers have to supply them for 10 years. And also 3rd
| party garages have to be able to buy them. And compatible parts
| from another manufacturer are mostly legal (can't be protected by
| copyright).
|
| Extending something like this to software and security updates is
| a promising idea.
| Zigurd wrote:
| The Android world is full of finger pointing about why this is
| hard. SoC makers have crap BSP support and closed-source drivers.
| OEMs want to sell new phones (profit) instead of supporting old
| phones (pure cost). Google can't keep watches updateable despite
| dictating which SoC is used. Lots to complain about but no real
| excuses. This invites regulation.
| xqcgrek2 wrote:
| Software updates should be indefinite, like Linux distros, which
| can still run on 15 year old hardware just fine.
|
| The future ought to be something like PinePhone (but with better
| hardware) that can be customized to run a variety of OS with
| consumables such as batteries easily user replaceable.
| sto_hristo wrote:
| Yeah, that is definitely the ideal future. Problem is that it
| has to be a well organized entity behind this. The open source
| community is very fragmented and can't spawn a reliable product
| for the mass consumer in the way current companies can.
| goohle wrote:
| Yes, but who will pay for that? More burden on maintainers ->
| less maintainers -> more burden on maintainers.
| southerntofu wrote:
| If phone manufacturers stopped producing 10 models every year
| and focused on making a single robust one, they would have
| plenty of resources left for actual maintenance.
| 908B64B197 wrote:
| Basically... be more like Apple?
| hahamrfunnyguy wrote:
| Sure, but they're in the business of selling as many phones
| as possible which means getting you to upgrade every so
| often. Unless they settle on a business model that allows
| them to make money from your old phone, I see this
| continuing.
| ben-schaaf wrote:
| > Sure, but they're in the business of selling as many
| phones as possible which means getting you to upgrade
| every so often.
|
| Indeed they are, but planned obselescence should quite
| simply be illegal. For sure it'll hurt some businesses,
| but it's better for everyone else.
| gruez wrote:
| > Unless they settle on a business model that allows them
| to make money from your old phone, I see this continuing.
|
| ...like apple and its recent focus on services?
| kQq9oHeAz6wLLS wrote:
| Plus one flagship phone neglects the largest portion of
| the market who want cheaper phones
| kasabali wrote:
| Then they should do like Apple did(?) and continue to
| sell older generations as the low end segment offering.
|
| Which should incidentally make sense since they'd be
| still supporting because of the said law anyway.
|
| Another side effect is this may also discourage them from
| churning pointless new models year after year with minor
| spec bumps.
| kQq9oHeAz6wLLS wrote:
| > from churning pointless new models year after year with
| minor spec bumps.
|
| They'd never abandon a working business model like that
| AdrianB1 wrote:
| "Selling as many phones as possible" allows yearly
| upgrades, but instead of 10 different models per year
| they can sell 3 models per year with 3.3x sales of each
| model. I am looking at Samsung models on the market, they
| are close to 10, Apple has maybe 2 or 3.
| cycomanic wrote:
| Honestly why should I care what their business model is,
| if it is detrimental to users and the environment. That's
| the whole point of laws, to discourage behaviour that we
| as society deem undesirable.
| southerntofu wrote:
| And that's why you can't let the market govern lives, and
| we have regulations.
| boudin wrote:
| I so wish that at least when a manufacturer stops supporting
| hardware, he has to drop source code of drivers and the
| firmware in the public domain.
| tgv wrote:
| Wouldn't that cause them to skip features and pick cheap
| drivers? How many people would benefit (not theoretically,
| but in practice)? Average life span of a mobile seems to be 2
| years and a bit. After seven years, very few users will be
| left. And it's not as if everyone ditches their phone because
| of lack of updates.
| boudin wrote:
| I don't see why. Theorically it could benefit a lot of
| people and help community driven projects or companies
| wanting to provide long term support. For example, if you
| create a phone that relies on Qualcom socs, qualcom only
| provides a few years of support, once they don't provide
| any new driver you're screwed. Forcing the release of
| source code would at least help open source driver
| initiatives.
| nicoburns wrote:
| > And it's not as if everyone ditches their phone because
| of lack of updates.
|
| Often it's because of lack of app support, which is in turn
| because of lack of updates. Of course some people will
| always want the latest phone, but there are plenty of
| people that don't, and the second hand market is thriving.
| This is especially true in countries with lower income
| levels. I went on a trip to South America a few years ago,
| and most of the young people seemed to be using iPhone and
| android phones from top-tier manufacturers, but several
| generations old.
| karteum wrote:
| > like Linux distros, which can still run on 15 year old
| hardware just fine
|
| First, let's remind that LineageOS does not run on 15 year old
| smartphones (and they drop support for a device when there is
| no upstream support from vendors on the same Android version).
|
| One issue is that unlike x86/x86_64, there is no generalized
| abstraction platform (similar to BIOS/UEFI/ACPI description
| tables) that enables "one kernel to rule them all" i.e. you
| need some custom adjustments on your kernel for your SoC and
| board. Since a few years we have device-tree which improves a
| lot the situation, but I understand it does not cover
| everything (i.e. there would still be some missing aspects
| compared to UEFI/ACPI with regards to hardware description.
| Maybe some embedded experts can comment ?). Besides it is still
| not always implemented in chipset vendor's BSP which sometimes
| still rely on board files (where the data is not easy to
| extract from a binary kernel, noting that a lot of low-end OEMs
| do not properly comply with GPL and do not publish their
| sources)...
| my123 wrote:
| > One issue is that unlike x86/x86_64, there is no
| generalized abstraction platform (similar to BIOS/UEFI/ACPI
| description tables) that enables "one kernel to rule them
| all"
|
| Windows on Arm devices use UEFI + ACPI, including Windows
| Phone starting from Windows Phone 8 (2012!). That allowed
| even the latest releases of Windows 10 Mobile to work on
| totally unsupported devices (1st gen WP8 devices) when that
| existed.
|
| It's not an Arm problem, it's that the Android world didn't
| bother really tackling the problem for a long time.
| surajrmal wrote:
| This is a bit disingenuous. The problem is that every soc
| manufacturer wants custom data to pass to their driver.
| With ACPI, you need to standardize this data and get it
| published in the yearly spec update. With device tree you
| just check in your new device tree bindings alongside your
| driver in the kernel repo. Device Tree blobs are only
| stable with respect to the kernel version they were built
| for. It also doesn't have to worry about being OS
| independent. SoC manufacturers are happy with this
| arrangement because it lets them iterate quickly. It is a
| much lower bar with much lower costs compared to ACPI. In
| recent years, ACPI has started adding support for encoding
| data which is non standard by allowing key value data, but
| using that sort of defeats the point. Those fields aren't
| usually documented and only the driver written for it
| understands how to interpret that data. Again, that forces
| ACPI blobs to be versioned alongside drivers. There is
| completely unlike how x86 works where everything really is
| standardized and you don't need specific drivers operate
| every peripheral on the board. Of course even on x86 you
| can have more specific drivers which are more optimized or
| expose additional functionality, but generic drivers can an
| do exist which get you decent support. Beyond device
| tree/ACPI this means adhering to standardized register
| layouts and things like that which is completely off the
| table with arm soc manufacturers.
| 908B64B197 wrote:
| > SoC manufacturers are happy with this arrangement
| because it lets them iterate quickly. It is a much lower
| bar with much lower costs compared to ACPI.
|
| You can also get away with ugly hacks and sub par devs.
| Doesn't matter anyways, you got all the money from
| selling the SoC, software is an afterthought.
| my123 wrote:
| Windows doesn't have that issue on Arm, you can just boot
| the newest Windows on Arm release on a random SoC from
| the past that (if it's the same arch of course, 32 bit or
| 64 bit have different drivers) as long as the work was
| initially done first.
|
| For ACPI, the vendors themselves tend to avoid changing
| bindings between generations for Windows there.
| Compounded with a stable driver ABI, things continued to
| work stably within all of Windows Phone (NT based, 8.0 to
| 10)'s lifetime, which had security update support until
| December 2019.
|
| Windows RT 8.1 still gets security updates today, and
| will continue to do so until January 2023.
|
| Linux not managing to standardize on a proper driver ABI
| _or_ stable bindings with the drivers in the kernel tree
| is just a Linux problem, and doesn't even affect other
| kernels on the platform, which mandate ACPI or something
| else.
|
| > There is completely unlike how x86 works where
| everything really is standardized and you don't need
| specific drivers operate every peripheral on the board
|
| Nope, on x86, the meaty bits like the GPU and such do not
| have a stable register interface or anything remotely
| near that between generations. :)
|
| On Arm systems, the interrupt controller (GICv2/3/4),
| timer (arch timer, since Cortex-A7/A15), IOMMUs (SMMU)
| and other standard devices were standardised since ages
| now (Apple is their own bubble and doesn't apply to this
| discussion). One of the remaining issues so far is PCIe
| hardware quirks/erratums, but that's getting solved.
|
| But Qualcomm isn't interested in making their Linux
| drivers work with their ACPI definitions, they _are_
| stable between generations on Windows though, and not
| changed needlessly over there. (which allowed us to work
| to bring AArch64 Windows on the Lumia 950 /950 XL using
| drivers from other SoCs too)
| google234123 wrote:
| Linux hasnt managed to standardize a proper driver ABI
| for political reasons - not technical.
| ryandrake wrote:
| I think user karteum brings up good points, but they are
| more like industry excuses than reasons. It's clearly
| possible to clean up this mess, but the OEMs and OS vendors
| simply won't bother since there is no regulatory reason to
| do it. This move from Germany is a great first step, but
| it's a step down a long road that the industry will fight
| at every exit.
| zozbot234 wrote:
| > and they drop support for a device when there is no
| upstream support from vendors on the same Android version
|
| Nope, they drop support when the community runs into issues
| with a particular model that it's impractical to fix.
| Upstream vendor support helps but is not required in any way.
|
| Device tree "doesn't cover everything" because some device
| components are yet to be supported in the mainline kernel.
| Once mainline support is added, that enables a 'universal'
| kernel to provide that support via the device tree.
| eric__cartman wrote:
| This is true. I have used Lineage OS with android 7.1 on a
| first gen Motorola G phone (that was declared EOL after the
| Android 5.1 update) and now on a OnePlus 5 with Android 11
| (manufacturer dropped support after 10)
| BenjiWiebe wrote:
| And I can get Android 11 (LineageOs 18.1) for my Galaxy
| S5. I believe Samsung stopped updating it at 6.
| pjmlp wrote:
| Linux distros also drop hardware support as my AMD card knows
| quite well.
| dvdkon wrote:
| Which card are you talking about? I recently ran a ~15 year
| old card for basic video output and all worked fine.
| pjmlp wrote:
| AMD Brazos E-450.
|
| Basic video is the keyword, on its heyday of GNU/Linux
| drivers it was capable of OpenGL 4.1 with hardware video
| decoding, then it got replaced with a driver that does
| OpenGL 3.3 and that is about it, thankfully the Windows
| drivers have been kept up to date.
| rspoerri wrote:
| While the idea that companies are held responsible for all
| theyr actions are good, there is one big problem. If the rist
| of failure of a product is to large, companies build shell
| companies that can go bancrupt. It is done so in oil shipment
| companies and i am sure there are other good examples. Nothing
| has been done against that even after huge oil leaks where the
| responsible companies have been very obvious.
|
| (I do agree to longer enforced support on devices nevertheless)
| bootloop wrote:
| I would assume the reason why open Linux distros support 15
| year old hw is because the OEM dropped support for it in the
| first place.
| 908B64B197 wrote:
| > Software updates should be indefinite, like Linux distros,
| which can still run on 15 year old hardware just fine.
|
| We'd need an open spec SoC for that.
| a9h74j wrote:
| This might be very naive, but I hope people developing Fuscia at
| Google bring in some ecological sense, and might find a way to
| _naturally_ support phones and chromebooks well beyond a five-
| year point.
| google234123 wrote:
| I'm pretty sure they will support a stable driver API which
| will fix many of these issues.
| CivBase wrote:
| At what point does it become cheaper for manufacturers to
| officially support alternative, third-party OSes (like LineageOS)
| than to commit to long-term support for Android?
| whoomp12342 wrote:
| Be careful what you wish for.... updates have bricked a few of my
| past phones
| annexrichmond wrote:
| I feel as though consumer protection hasn't really caught up with
| technology and this is definitely a step in the right direction.
|
| But what if some software update "bricks" or regresses your
| device in some way?
|
| I've had video games even that have become unusable after
| software updates.
| Master_Odin wrote:
| But this can happen anyway during the "regular" support window.
| I had this happen to me ol years back and it made booting the
| phone go from a few seconds to minutes as it had to do
| something with each installed app. This eventually got me to
| put a custom ROM just so I could stop having this bug, all
| because the manufacturer (Samsung) stopped caring about it.
| Ueland wrote:
| > But what if some software update "bricks" or regresses your
| device in some way?
|
| At least in Norway that causes you to get your device either
| fixed for free, or you get a new one. Any item you can expect
| to last at least five years, are covered. So for example, if
| you have a harddrive die after 4 years, you get a new one.
| colejohnson66 wrote:
| Does that law take into account abuse of the device? For
| example, if my SSD dies after 4 years because the NAND wore
| out from me writing _terabytes_ a day, would I still be
| allowed a new one under the law?
| bborud wrote:
| I would like a complete ban on sales of mobile phones and
| computers from companies that attempt to make it hard for
| independent repair shops to repair them.
|
| Spare parts, schematics and whatever tooling is required or GTFO.
| dvdkon wrote:
| I'd rather let users install their own OS with minimal roadblocks
| (one click verification, no loss in functionality, standard low-
| level interface), seems to me like a more feasible and general
| option than forcing support of whatever ad-ridden rubbish
| manufacturers cook up these days.
| foresto wrote:
| Unfortunately, that's not enough, since old drivers and
| firmware remain as security risks even if the OS is updated.
| This is why GrapheneOS refuses to support hardware after the
| manufacturer drops support.
|
| https://grapheneos.org/faq#legacy-devices
| danuker wrote:
| This is already the case for some manufacturers: see phones
| supported by LineageOS.[1]
|
| But the manufacturers are changing device drivers like the I
| change my socks. The community can't keep up.
|
| [1] - https://wiki.lineageos.org/devices/
| dvdkon wrote:
| Right now, there's just not enough people to keep up with all
| the phones, but with a standard bootloader interface (let's
| call it EUFI :P), a lot of that work could be made easier and
| we could have universal images like on the PC.
|
| Also, we can't expect the community to thrive when installing
| a custom OS on phones is relegated to die-hard enthusiasts by
| manufacturers who constantly make the experience worse.
|
| EDIT: Many of those phones also lose capabilities users might
| care about by unlocking: playing DRM'd media, using banking
| apps... That all inhibits OS customisation.
| jitix wrote:
| I think the goal here is to keep the phone usable for longer
| than to offer flexibility for tech enthusiasts.
|
| Most people who use phones don't even know what an OS is.
| dvdkon wrote:
| Sure, but that's not the case for PCs. Almost every family I
| know has at least one guy who can update/reinstall Windows,
| and those who don't will know to take an old/broken PC to a
| repair shop.
|
| That mentality isn't there with phones, because historically
| it hasn't been easy to do more than a factory reset. If
| right-to-repair initiatives make repairing phones a normal
| thing, that could very well extend to phones in the right
| environment.
| tgsovlerkhgsel wrote:
| That guy has limited capacity, and will only support
| bespoke odd configurations of custom operating systems for
| so long until he gets a job, realizes this is way too much
| of a timesink, and announces that from now on, everyone
| gets a Chromebook.
| dvdkon wrote:
| My point is: Why should phones be any different to
| desktops with regards to OS availability/ease of
| installation? If we accept that a significant number of
| users do use that ability on desktops, why wouldn't they
| use it on phones?
| AdrianB1 wrote:
| Because desktops have a higher degree of standardization
| of some parts needed for this, ex. UEFI, ACPI etc. while
| the ARM SoC world is full of customizations.
| marcodiego wrote:
| Better option: after the vendor stops support it, they should
| release the keys to unlock the bootloader.
|
| Specification and source code for drivers would be even better,
| but harder to get.
| Tepix wrote:
| I don't see why this is a better option:
|
| If a vendor supplies bad security updates after six years, I
| can demand proper updates or perhaps my money back in return
| for my insecure device.
|
| If the software is open source i may not receive any updates
| regardless.
| marcodiego wrote:
| > If the software is open source i may not receive any
| updates regardless
|
| If the software is open source, anybody can update it. I use
| a cellphone from 2012 whose manufacturer abandonned a few
| years after release. This year alone I got 2 updates for it
| because I'm running the e.foundation /e/ OS. This wouldn't be
| possible had AOSP not being open source or its bootloader was
| locked.
| gumby wrote:
| I think these requirements are very reasonable and we have an
| existence proof that it is doable.
|
| I know that Apple supports its hardware for seven years in
| California (and not other US states as far as I know) due to
| state law. I can't imagine other manufacturers are immune to this
| same law.
|
| I'm not holding Apple up to be some paragon of virtue, but it was
| easy for me to find what they write on the subject:
| https://support.apple.com/en-us/HT201624
| aduitsis wrote:
| Oh! "Apple I" is considered obsolete :)
| tlhunter wrote:
| Literally the only reason I stopped using my last two phones was
| that the security updates stopped streaming in. Even now they sit
| in a drawer, perfectly functional, abandoned by Google.
| e40 wrote:
| It's one of the reasons I moved from Google to Apple. iPhones
| 5-6 yrs old still supported. I always thought iPhones were too
| expensive, but I didn't take into account the upgrade cost
| every 2 yrs on Android.
| elboru wrote:
| Same here, I bought my first iPhone almost 4 years ago. It
| still works like the first day. I used to like constant
| change (installing different roms, customizing my phone,
| waiting for the next cool Android UI refresh, switching
| phones every 2 years etc). But as I get older I started to
| like consistency and the feeling of using my phone for years
| without thinking too much about updates and whether I would
| get them or not.
| opan wrote:
| This seems backwards to me. You can still run modern Android
| versions on old phones like the OnePlus One thanks to
| LineageOS. There is no custom ROM scene for iOS devices.
| fuzzy2 wrote:
| Except you cannot. The graphics driver of my Nexus 5 no
| longer receives updates. It is not compatible with newer
| Android versions.
|
| And... that's it. Just like that, no more updates. Less
| than two years after I bought it.
| baq wrote:
| same here. turns out an iphone 8 is a damn good phone today
| and I expect the new iphone se to be _the_ TCO-wise budget
| choice.
| techrat wrote:
| Show me one exploit in the wild that you would download from
| Google Play or be affected by using an updated Google Chrome
| from the Play Store.
|
| Just because security updates stop doesn't mean your device is
| immediately insecure and cannot be safely used.
|
| The majority of the phone's actual updates come through Google
| Play Services.
|
| Meanwhile, I can show you an exploit in the wild that affects
| virtually all iOS devices even though they're regularly patched
| up: Jailbreak methods.
| webmobdev wrote:
| Some ideas I had for what a regulator can do to protect our
| consumer rights (including right to repair) on the software tech
| side:
|
| - All devices should come with unlocked bootloader. No
| exceptions.
|
| - OS updates should be mandated for a certain period. Especially
| security updates.
|
| - Standardisation: An open standard API for device drivers should
| be mandated for the hardware components used so that system
| developers can easily create support for any OS, and don't need
| to resort to reverse engineering.
|
| - Copyright restrictions on software code should be valid only
| for a certain period and become public domain (open source) after
| that. (It should definitely not be 75+ years of copyright that is
| currently mandated for films and books).
| ncphil wrote:
| Agreed on all your points, especially the last -- only I'd
| include a shorter patent term as well. If the phone is going to
| have an artificially limited life of 3 years, the 3 year term
| for both copyright and patent on its constituent parts
| (software and hardware) is more than reasonable: especially
| given that the whole purpose of copyright and patent is to
| build up the public domain commons for society's benefit.
| karteum wrote:
| > All devices should come with unlocked bootloader. No
| exceptions.
|
| Agree, but I would say it differently : users ought to be able
| to push their own keys while keeping the "secure boot" feature.
| e.g. "fastboot key push <key>"...
|
| > An open standard API for device drivers should be mandated
|
| You would also need to convince kernel devs to reconsider the
| "stable api nonsense" ideology...
| (https://www.kernel.org/doc/html/latest/process/stable-api-
| no...)
| sharmin123 wrote:
| Website Hacking Techniques And What Are The Prevention Steps:
| https://www.hackerslist.co/website-hacking-techniques-and-wh...
| HumblyTossed wrote:
| iPhone 6s (not 6) level of performance and above is really enough
| for most people to do normal every day tasks (not gaming). People
| are going to be keeping their devices for longer lengths of time.
| Security updates for longer periods are essential.
| gumby wrote:
| I only replaced my 6S a few months ago, and found it perfectly
| good to continue to use, not just around the house but in some
| outdoor uses where my phone might be at risk. Yes the 12 has
| some features that are nice, but upon a few months' reflection
| really its biggest advantage (to me) is that it is smaller.
| klodolph wrote:
| However, not all phones are iPhone 6s. A Nexus 5X is almost
| seven years old at this point, but I found mine to be rather
| slow a few years back.
| nicoburns wrote:
| Android phones just hit the "good enough" point a few years
| later than the iPhone ecosystem. My Samsung S7 (2016) is
| roughly as fast as my 6S (I have both for developing, and
| they're both plenty fast enough for everyday usage).
| postingawayonhn wrote:
| I don't think consumers are that interested in processor
| speeds anymore. Cameras are probably the biggest selling
| point for new phones these days, followed by battery life
| and display quality.
| shadilay wrote:
| Except all the flagship phones regressed from 1440p to
| 1080p displays.
| Dennip wrote:
| They have gained things like high refresh rate and OLED
| etc, though
| HumblyTossed wrote:
| Even cameras are starting to get "good enough" in most
| phones; even less expensive ones (ie: last years' Pixel
| 4a).
| teknopaul wrote:
| Gaming worked fine on a game boy. I support the end of arms
| race in gaming and a move towards power capped gaming rigs with
| games to match. Other sports have done this and it has many
| benefits above and beyond CO2 reductions.
| djoldman wrote:
| Anyone have details on how any of these required security updates
| will be forced to be anything more than an update to the version
| number?
|
| What's a "sufficient" update?
|
| I can imagine companies just updating whatever models they want
| to but the older model updates just being cosmetic to save costs.
| Vespasian wrote:
| 1. Security updates. No feature updates are required (Which is
| sensible in my opinion.)
|
| 2. The federal election happens later this month. Take this plan
| with a grain of salt.
|
| 3. The original article by heise.de mentions that the federal
| government will push these plans during negotiation of the EU
| wide laws. The government thinks that the plans of the commission
| do not go far enough. However it's unlikely that Germany will
| implement stricter rules on a national level.
| rivo wrote:
| Note that WKRL and DIDRL (two new European directives) will be
| in effect in Germany starting Jan 1, 2022. They include a
| consumer's right to updates that allow the device to keep
| working (including security updates).
|
| But they don't specify an actual period for updates (this will
| have to be decided by the courts). And, what I find worse, they
| force the seller to provide the update, not the manufacturer.
| If the seller is not able to do that (which will be the case
| most of the time), they can be relieved of their duty.
|
| We're only halfway there.
| jorams wrote:
| I don't know anything about these directives, but
|
| > they force the seller to provide the update, not the
| manufacturer.
|
| This (like warranties) is normally because there's no actual
| relationship between the consumer and the manufacturer. You
| do enter a contract with the seller, so they can be held
| liable when the law is broken.
|
| For smartphones this can be different, since they tend to
| come with EULAs, but not necessarily.
| J-Kuhn wrote:
| And the sellers can in turn ask their seller for updates.
| drugones wrote:
| So for smartphones devices, if you buy from Apple and
| Google directly the law should apply. By support
| extension (through paywall?!) I'd think it will be a
| small step away from applying to all.
| [deleted]
| tgv wrote:
| Sure, but Germany has a lot of clout in the EU, and this might
| be a good point for -just a random pick- a new chancellor to
| show his/her concern for the people. I'm almost sure the new
| German chancellor could get that done in EU record time.
| photon-torpedo wrote:
| > to show his/her concern for the people
|
| While I'd be happy for this plan to go through, I don't think
| most of the people will be happy with the side effects.
| Especially because of the spare parts requirements, I guess
| manufacturers will
|
| 1) Withdraw from EU market. 2) Reduce number of models on
| offer. 3) Raise prices.
| odiroot wrote:
| > 2) Reduce number of models on offer.
|
| I see this as a big plus. Not a fan of Apple but they did
| get this one right (at least in the past).
| onli wrote:
| 1. No enterprise will withdraw from the EU market because
| of this. There are too many customers with too much money
| in the EU. It's a bigger market than the US.
|
| 2. That would actually be good, the amount of models aims
| at confusing customers. But also: Why would that happen?
| Many models can (and do) share the same spare parts.
|
| 3. Prices are already as high as they can be. They do not
| get lowered because production gets less expensive, they
| get lowered because of competition. This might have an
| effect on prices if the competition was very high and
| profit span very thin - which might be the case for the
| cheapest budget phones. For something like an iPhone? To my
| knowledge they are already utterly overpriced, as is
| tradition
| (https://www.forbes.com/sites/ewanspence/2017/11/08/apple-
| iph...), then it will have no effect there.
| worldofmatthew wrote:
| So, the price rises hit the poorest. Fantastic.....
| Hackbraten wrote:
| Buying a phone that lasts you seven years may still be
| cheaper than buying two.
| worldofmatthew wrote:
| Your average person breaks devices before than and you
| expect people to have access to a load of money at once?
| Hackbraten wrote:
| The former is why right to repair is so important.
|
| The latter may be a problem but you could still buy an
| older (mid-cycle) model instead of the latest one and
| still get updates for years.
| worldofmatthew wrote:
| Right to repair is nearly meaningless on the budget-end
| as a repair guy will charge PS50 to PS100 for the labour
| plus parts with their own mark-up.
|
| Does everyone on hackernews get paid PS100k a year and
| spend over PS1,000 on a phone?
| Hackbraten wrote:
| If a person can't afford expected repair expenses during
| the useful lifetime of a product, then they can't afford
| that product.
|
| You wouldn't buy a car either without planning for repair
| costs.
| AdrianB1 wrote:
| A repair in Romania (EU, unlike UK) has a labor cost of
| 10-20EUR depending on the complexity; in most cases the
| "repair" is just replacing a component that has
| connectors, so it takes minutes, or swapping a new
| battery. A PS100 fee sounds like science-fiction or lack
| of common sense.
| danhor wrote:
| A _very_ capable smartphone currently costs ~200EUR, so
| if prices rise by 50% (an unbelievable amount), that
| would be 300EUR. Certainly not nothing, but car repairs
| or a new dishwasher are much more expensive.
|
| I expect the poorest to benefit the most from extended
| longevity, since more affluent people "need" the better
| camera or a more fashionable design the most.
|
| I know quite a few people with >3 year old smartphones,
| but mostly with custom roms, since stock firmware isn't
| usable anymore.
| worldofmatthew wrote:
| 1. 100 euros is a lot of money to the poorest people in
| society. Many of them can't afford a car or dishwasher.
|
| 2. "longevity" means nothing when most people keep
| dropping their phone. Even used phones that appear
| perfect can start bootlooping months after buying because
| of damage caused by the first owner and the eBay seller
| won't accept returns by than, even if you could prove it
| was not caused by you.
| commoner wrote:
| Most people I know get a phone case to limit damage to
| their phone. A case is an inexpensive investment that
| usually pays for itself many times over.
|
| Someone who is really clumsy or in a situation where they
| are much more likely than average to drop their phone
| should purchase phone insurance.
|
| And for uninsured people who happen to break their phone,
| it would still be cheaper to repair it than to get a new
| one. Repaired phones still benefit from longer support
| lifecycles, and the proposed legislation would ensure
| that spare parts are affordable and available.
| worldofmatthew wrote:
| A case is fantastic at protecting the outer areas of the
| phone by being a layer that comes in contact with the
| ground. They do fuck all to protect the internals as the
| forces still exist and can break a phone months down the
| road from the drop.
| commoner wrote:
| That contrasts sharply with my experiences, having
| dropped phones that were adequately protected by cheap
| cases on many occasions. These phones were still working
| fine years later, with no internal or external damage.
| Users who are more concerned about phone damage can buy
| tougher multi-layer cases, which are still great
| investments.
| jsuqo wrote:
| You've described most EU policies.
| II2II wrote:
| The question is, would it lower the total cost of
| ownership? A phone that lasts twice as long will cost
| roughly half as much (perhaps a bit more if repairs are
| needed).
|
| There is also no good reason for the cost of security
| fixes to vastly increase the cost for manufacturers if
| they slow down the release cycle for hardware and
| software. This isn't 2010 after all. The pace of
| meaningful improvements is considerably slower.
| anpago wrote:
| Most iPhones hit the second user market whether gifted or
| sold on.
|
| They have a far higher trade in or resale value than any
| other brand.
|
| It actually causes a bigger second hand market of phones
| if they have a longer life. Plenty of users still want
| the latest or there abouts. While others will happily go
| for the nearly new.
| jsuqo wrote:
| People don't change phones, especially cheap phones,
| because they stop getting security updates.
|
| The result of this law would be that cheap phones will
| get more expensive for no benefit at all and expensive
| phones will cost the same.
| II2II wrote:
| The benefit is receiving security updates. People may not
| choose to update their phones with security in mind,
| which is all the more reason to do it. Security updates
| is a place where consumers can be shortchanged simply
| because they are invisible, the consumer may not be aware
| that the security of their phone has been breached, and
| it is the sort of thing that consumers rarely think of
| until something bad has happened.
|
| As for cost, I don't see why it would have to go up all
| that much. Apps are already upgradable on phones and much
| of the OS is hardware independent. So the only real
| pressure point is with the kernel and other hardware
| dependent code.
| commoner wrote:
| Users of low-end phones would still benefit from the
| extended support lifecycle because their device and data
| would remain secure for a longer period of time.
| jsuqo wrote:
| Have you asked them if they are in agreement of that in
| exchange for a more expensive phone?
| commoner wrote:
| They're free to purchase second-hand phones, if they want
| to buy an even cheaper device. When most phones are
| supported for 7 years instead of 2-3, the market of
| second-hand phones that are still supported will expand
| greatly.
| worldofmatthew wrote:
| Second-hand phones will massively go up in price if this
| happens. Not a solution.
|
| Not even going into the problems with second-hand phones
| and that poor people de-factor have zero legal rights as
| they don't have the money to take sellers to court.
| skinkestek wrote:
| > Not even going into the problems with second-hand
| phones and that poor people de-factor have zero legal
| rights as they don't have the money to take sellers to
| court.
|
| This thread is about EU law.
|
| In EU you don't have to take sellers to court, you just
| have to nag customer protection authorities until they
| do.
|
| It might take some time: Google still hasn't gotten a
| massive fine for abusing its position in search and ads
| to kill competing browsers despite my reports but I will
| not be surprised when it happpens.
|
| PS: come on guys and gals and do write to your local
| competition authorities. The sooner we can get this
| sorted the better.
| commoner wrote:
| Instead of buying a 1-2 year old phone with 1 remaining
| year of support, the legislation would allow users to
| choose to buy a 6 year old phone with 1 remaining year of
| support. Since new phone releases apply downward price
| pressure on older phone models each year, the 6 year old
| model would most likely be much cheaper under the new
| legislation than the 1-2 year old model is currently.
| Budget-conscious users would appreciate having the 6 year
| old model available as a more affordable and equally
| viable choice.
|
| Many used phone sellers/marketplaces offer extended
| warranties on second-hand phones, which risk-averse
| buyers should purchase.
| treis wrote:
| I'm not sure that any significant number of people have
| switched phones due to lack of updates. It usually comes
| down to:
|
| (1) Battery stops holding a charge
|
| (2) The device gets damaged
|
| (3) Cameras get a lot better
| technofiend wrote:
| Beyond just battery flash slowly wears out over time,
| degrading performance. Based on my Nexus 6 I would love
| it if the EU dictated batteries must be replaceable, but
| you need an overabundance of flash so a few years in
| there are still cells left to balance wear across.
|
| The Nexus 6 automatically throttled performance based on
| battery left, but at some point the battery wore out to
| the point that less than 1/2 an hour of use got you below
| that threshold. After that the phone was very laggy and
| frustrating to use. No way anyone would want 5 years of
| that experience, updates or not.
| blululu wrote:
| Expensive phones don't necessarily have much more long
| term software support than cheap ones and the cost is
| typically shared across the full product line. Yes Apple
| provides longer support than Android phones, but a high
| end iPhone and a low end iPhone get the same term of
| updates, just as a high end Samsung and a low end Samsung
| get the same term of updates. A highend Samsung
| absolutely could have longer support which would improve
| its value. At the point where this is being built for
| high end phones, the marginal cost of including support
| for low end models is very low.
| spoonjim wrote:
| Who can afford to just withdraw from 25% of world GDP?
| That's the leverage of unionization.
| robertlagrant wrote:
| I'm not sure how unionisation is relevant, but lots of
| models of products target different regulatory regimes.
| iso1631 wrote:
| By forming an economic union, the EU punches at a higher
| weight than it's constituent parts.
| ksec wrote:
| In the modern day Smartphone market you are practically
| dealing with three groups. Apple, Samsung and Chinese
| Brands. These three represent over 80% of market and
| closing it to 90%.
|
| 1) Withdraw from EU market - I guess most people dont
| realise EU as a market itself is 2nd just behind US.
|
| 2) Reduce number of models on offer - Parts aren't that
| different across models.
|
| 3) Most likely answer - Although it doesn't cost that much
| at all. You can still get a 7 years old iPhone 6 repaired,
| it is just costly, as it did 7 years ago. The incentive
| pushes you to buy a new Phone.
| Hackbraten wrote:
| 4) Use components for which open-source drivers are
| available. Phone vendors would then be able to build the
| drivers from source, possibly reducing the cost of shipping
| updates.
| _ZeD_ wrote:
| it's still better than the actual state of million of
| phones filled with "abandonware"
| photon-torpedo wrote:
| I agree it's better, just I doubt it'll be popular.
| worldofmatthew wrote:
| It would also mean poor people being unable to afford
| these devices.
| turbinerneiter wrote:
| Do poor people not have a right to secure devices?
|
| Should it be legal to make cars for poor people without
| airbags and seatbelts?
|
| And are we really gonna argue that this idea would be for
| the benefit of the poor people?
| detaro wrote:
| I don't think this even registers on the list of topics
| relevant for the federal elections.
| hutzlibu wrote:
| "Security updates. No feature updates are required (Which is
| sensible in my opinion.)"
|
| The lines get blurry. Is a modern browser a feature upgrade or
| security?
|
| Well, both. But if the vendors really would just sort of fix
| their old mobile browser, you would still be stuck with a old
| browser unable to interact with the modern web.
|
| Is it a feature update, that you want to install newer apps?
| (like another browser)
|
| For this to make sense, it should enable you to update your
| whole OS of the devicey that it can at least install and update
| common apps. Otherwise its benefit is very limited.
| gpm wrote:
| > The lines get blurry. Is a modern browser a feature upgrade
| or security?
|
| A modern browser should be a feature upgrade. A browser as
| modern as the one that came with the device, except without
| known security issues, should be a required security update.
|
| Coincidentally no one develops the latter without the former,
| so you get the former, but I don't see that you are entitled
| to it.
|
| If anything I think the law should be designed such that
| there's an argument that you are entitled to the version of
| the browser that came with your device with security updates
| _and without any feature regressions_ , which is never
| available today since browsers do choose to remove features
| on a regular basis.
| Slartie wrote:
| > But if the vendors really would just sort of fix their old
| mobile browser, you would still be stuck with a old browser
| unable to interact with the modern web.
|
| This is a non-problem nowadays. We have long left the times
| in which browsers received essential features every few
| weeks. Using a browser with a feature set from five years ago
| you can still use all the most-visited websites perfectly
| fine. At the worst you're unable to use small, non-essential
| features of some sites. Maybe some ads look less fancy ;-)
|
| Your problem today as a browser user is security against
| zero-interaction exploits, not missing out on some obscure
| brand-new CSS features. Security updates are thus what you
| need first and foremost.
| hutzlibu wrote:
| Wasm is becoming a thing.
|
| With updates needed.
| CodesInChaos wrote:
| I don't think security updates are quite enough. Sometimes you
| need updates to keep functioning. For example support for TLS
| 1.0/1.1 or older signature algorithms was widely removed, which
| can prevent old clients from connecting to most servers.
| everdrive wrote:
| Would deprecated TLS not fall into the "security" category?
| It's hardly a feature.
| 0xcde4c3db wrote:
| As a practical matter, it's a far cry from something like
| backporting a vulnerability patch. How likely is it that
| you can actually get TLS 1.(N+1) without a breaking change
| to an API?
| CodesInChaos wrote:
| I view this as a breaking change in the behaviour of many
| internet servers, which happened to be motivated by
| security. Which is different from fixing the security of
| the software on the device.
|
| Some other examples of non security issues that might
| require modifications:
|
| * Widespread adoption hosting multiple services on the same
| IP, relying on SNI for TLS to function. While this is in
| TLS as well, it's not a security issue. In practice it was
| adopted slowly enough that it didn't cause many problems
|
| * A quick switch from IPv4 to IPv6 (lol)
|
| * Y2K (happened before smartphones)
|
| * timezone database changes (e.g. if the EU abolishes DST)
|
| * Regulatory changes (e.g. which frequencies the phone may
| send on)
|
| * A third party service the phone relies on for essential
| functionality gets shut down
| tgsovlerkhgsel wrote:
| Android 5.0 is considered as the first version fully
| supporting TLS 1.2 according to
| https://support.globalsign.com/ssl/general-ssl/tls-
| protocol-.... It was released end of 2014, so nearing 7
| years.
|
| Wikipedia indeed no longer supports TLS 1.1, i.e. if the
| phone didn't receive any updates beyond security updates,
| it'd be broken.
|
| This seems to have happened around 2019:
| https://phabricator.wikimedia.org/T238038
|
| I'm honestly surprised, I expected the overlap between
| "everything new supports this" and "actually turned off" to
| be bigger.
|
| So realistically, after 5 years without updates, the phone
| would be a brick. That's still 3 more useful years for people
| who care about security, and perhaps more importantly, 3
| years where people who don't know about the importance of
| security updates or can't afford to care remain secure. This
| also assumes no non-security updates at all.
| strenholme wrote:
| _the phone would be a brick_
|
| Well, to be fair here, the phone would still be able to
| make phone calls and send/receive texts, so it would hardly
| be a brick.
|
| As a practical matter, stuff like supporting a newer
| version of TLS is at the application, _not_ the OS level,
| so the user would just have to get an update with their
| browser to be able to use newer TLS. [1] Supporting newer
| TLS, for a browser, is little more than recompiling the
| browser; even stuff like Lynx and newer builds of Dillo
| have current TLS support.
|
| [1] Windows XP stopped being updated by Microsoft in 2014
| [2] but Firefox up until 52.9.0 (2018) runs in Windows XP.
|
| [2] The post-2014 point of sale updates were quite limited
| in scope, and can not be seen as general OS updates
| rex_lupi wrote:
| yes, security updates are really not enough. just consider
| the case of app permission hardenings on latest android
| versions (12/11/10)
| laurent92 wrote:
| I doubt vendors will implement 2-stream updates. Mandating
| 7 years probably means we'll all have to use the most
| recent version.
| iso1631 wrote:
| Weren't phones in 2014 using TLS 1.2? It was specified in
| 2008.
| pvorb wrote:
| Sure, but if you deprecated TLS 1.2 today, you'd have to
| make sure that all devices that are less than 7 years old
| will get the update.
| iso1631 wrote:
| Is anyone talking about deprecating TLS 1.2 before 2025?
| (TLS 1.3 being specified in 2018 )
| oaiey wrote:
| TLS standards are deprecated by vulnerabilities not new
| Features.
| [deleted]
| iso1631 wrote:
| If phones normally receive say 2 years of updates, any
| phone built since 2016 - thus eol in 2023, should support
| it (chrome/firefox were supporting tls 1.3 in 2017) - i.e
| in the next 18 months.
|
| A vulnerability in TLS1.2 would need to be fixed (by
| implementing TLS1.3) in 7 years under "security
| patching".
| CodesInChaos wrote:
| TLS adoption has been surprisingly slow historically. I
| don't know if any phones were affected. But .net on Windows
| 7 ran into issues with TLS deprecation (TLS 1.2 was
| disabled by default). And I think Windows update on Windows
| 7 and/or 8 broke due to upgraded certificate hashes.
| SilasX wrote:
| Re 1, yes it's sensible as law, but I imagine Big Tech freaking
| out at the possibility of having to maintain some security-only
| update branch for every version a user might have started with.
| cultofmetatron wrote:
| maybe instead make it easy for the user to load their own
| operating system. (and force hardware vendors to release specs
| and data that would enable open source drivers to be created
| without having to do reverse engineering). That way, good
| hardware can have a dedicated community.
| simonh wrote:
| It's hard to see how this could be enforced meaningfully. After
| all, who gets to decide if the updates represent a reasonable
| effort at bug fixing and security patching? What's to stop a
| company throwing out rudimentary updates as a box ticking
| exercise? In some ways that could be worse by creating a
| superficial appearance that phones are up to date.
| Manfred wrote:
| You write down a set of pretty good guidelines and then let it
| go to court when a manufacturer is found lacking. Court
| decides. Update guidelines, repeat.
| kwertzzz wrote:
| One could check if the phone is vulnerable to any published
| issues in the CVE database. (I applaud this effort in reducing
| e-waste).
| ryukafalz wrote:
| I think there are some pretty clear-cut cases where it's easy
| to argue that a phone isn't up to date. For example: a critical
| severity vuln in the Linux kernel that's already been patched
| upstream >6m ago, but that phones don't have yet.
|
| If this legislation starts to get the SOC manufacturers and
| device manufacturers to play ball, I think it could be a huge
| win.
| eptcyka wrote:
| Force listing specific CVEs that have been fixed. A big enough
| issue currently is that different devices with the same
| chipsets won't always get the same firmware fixes, thus this
| ckuld easily be hepled via market competition - if a device A
| has a fix and device B doesn't, the manufacturer of B can
| either explain it or pay the fine.
| foepys wrote:
| How about "you didn't fix a known security flaw within 3
| months, pay 10% of MSRP to all your customers"?
| simonh wrote:
| Sounds wonderful, but the entire Android platform relies on
| patches from upstreams (Linux kernel devs, Google, device
| driver vendors. Numerous other open source projects that
| contribute critical components). Timelines like that simply
| aren't possible. It would kill Android stone dead.
| tgsovlerkhgsel wrote:
| Then the commercial upstreams will have to provide patches
| in time in order to still be able to sell their products
| downstream-wards.
|
| For the open source upstreams... I've heard they accept
| patches. If not, the source is open, the downstream vendors
| can fix that. They can even put together a pool, pay into
| it together, and use the pooled money to develop (and
| hopefully upstream) a patch...
| southerntofu wrote:
| I upvoted because it's an actual concern, but don't agree
| with your point. Of course non-profit vendors should be
| excluded from such regulations, providing a best-effort
| solution.
|
| For other vendors, that would actually be a feature. It
| would incentivize hardware manufacturers to stop bundling
| bad/broken Androids with their hardware, open the
| bootloader and partner with serious free-software
| organizations who won't break your system or backdoor it.
| If you really want to roll out broken software for your
| customers and not give them a choice, pay up.
| ryan93 wrote:
| How do you people never consider the difficulty of
| implementing these policies. I dont get why some people love
| new rules and schemes so much.
| VortexDream wrote:
| These are massive companies with revenue in the billions of
| dollars. If this was regulated, they would figure it out.
| Frankly, in a lot of cases, it's their own fault that
| phones aren't updated anymore, not because of any inherent
| difficulties. If a handful of volunteers can push the
| latest Lineageos to 7 year odl devices, then Samsung can
| too. It's just that they have no financial incentive to do
| so and there are no regulations forcing them to implement
| what's necessary for long-term support.
| worldofmatthew wrote:
| This will put many smaller brands out of business,
| driving up prices on the poor. Most lower end brands
| barely make a profit as if (often selling at a loss when
| doing sales).
| goodpoint wrote:
| Not at all.
| VortexDream wrote:
| They don't even have to do their own security updates. If
| they stick to vanilla Android, they have much less work
| than if they customize the ROM for every one of their
| devices. There might even be an industry-wide push for
| Google to make it easier to update phones independent of
| firmware blobs (beyond project treble), because suddenly
| there will be financial incentive to push as much
| work/effort onto the most obvious candidate.
| google234123 wrote:
| This industry wide push to make it easier to update
| phones will also piss of HN :)
| worldofmatthew wrote:
| Random updates can break capability with the firmware if
| anything that firmware relies on in the kernel changes.
| Would still require them to fully test every function
| before each update.
| baggy_trough wrote:
| They have no financial incentive to do so because people
| don't care. So why should the government try to
| substitute its own remote, bureaucratic judgement?
| VortexDream wrote:
| People generally don't see long-term or on a societal
| level. Do you think most people wanted seatbelts or the
| founding of the EPA? A lot of times these are issues that
| are outside the purview of individuals, outside of their
| visibility. Most people only care about a small number of
| things like where their next paycheck is coming from and
| what to wear going out tonight.
|
| This is what government is for.
| postingawayonhn wrote:
| Many phone manufacturers really struggle to make a
| profit. See HTC, LG, Nokia, etc.
| Vespasian wrote:
| It could be enforced on EU level through CE compliance. No
| updates -> No sale of future models
|
| Reasonable (security) updates could, for example, include a
| timely reaction to published vulnerability, A (responsible)
| disclosure process etc.
| wizzwizz4 wrote:
| I was going to argue, but this _could_ be considered an
| environmental concern - and hence, it would be in the remit
| of CE.
| Vespasian wrote:
| Couldn't the CE requirements just be expanded to include
| "software security"?
|
| Environmentalism and sustainability are the political
| motivation but are not legally required afaik.
| rodarmor wrote:
| If this law comes into effect, consumers will pay the increased
| cost of delivery of 7 years of software updates when they
| purchase new phones.
|
| Smartphone makers don't sell new phones with a higher price tag
| and the guarantee of 7 years of software updates, likely because
| consumers would prefer a lower price and no guarantee.
|
| Thus, the law would effectively force people to buy something
| that they don't want.
| Tepix wrote:
| The article mentions three and four year update cycles for some
| android devices.
|
| The "Android Enterprise Recommended" program provides "rugged
| devices" with five years of "90-day security updates". (see:
| https://static.googleusercontent.com/media/www.android.com/e... )
|
| The Nokia XR20 is one of these devices, it was released in August
| 2021. However according to
| https://www.nokia.com/phones/en_int/security-updates it is not
| guaranteed to receive security updates after August 2025.
| Something is wrong.
| oytis wrote:
| I think both the market and now the legislators are pushing
| connected devices to a subscription model. It's just economically
| unrealistic to pay once for a 7 years long service.
| jokoon wrote:
| I wonder how large would be the container with all the
| unused/expired smartphones.
| vzaliva wrote:
| While I am all for long-term support, as stated this law could be
| a little harh on manufacturers, forcing them to support multiple
| obsoletter models (we are talking iPhone 6 released 7 years ago).
| I think it would be reasonable to give them an opt-out by EITHER
| providing X years of support, or offering a shorter support
| period but with a discount on device upgrade calculated as
| percent from the original list price.
| ccouzens wrote:
| > 7 years of software updates
|
| I read this as requiring some software on the device to be
| updated every now and again for 7 years. I believe most Androids
| receive updates on the bundled Google apps for approximately that
| time period.
|
| The article isn't the proposed law, which probably has a more
| precise requirement.
|
| If it were me, I'd require software updates for devices with
| known vulnerabilities putting a typical user at risk. And
| software updates to allow for newer standards compatibility (eg
| TLS, WiFi protocols, API versions for apps) where typical users
| are likely to be impacted by not having the new version.
|
| I would start the 7 year countdown from the date that the device
| disappears from most shops (so exclude specialist eBay stores
| that allow enthusiasts to buy old devices).
| foxfluff wrote:
| For comparison, Linux LTS releases have up to around 6 years of
| support.
| viktorcode wrote:
| That would kill cheap smartphones.
| commoner wrote:
| There are many more models of low-end phones than high-end
| phones. Manufacturers could adapt by producing fewer models of
| low-end phones, which would make them less expensive to
| support.
| pbhjpbhj wrote:
| Presumably you mean sales of cheap phones couldn't be supported
| as there would be less demand.
|
| So it seems like new sales would be hit but in favour of second
| hand phones? That seems like the right thing - more use of
| products that can be repaired and maintained for longer is
| good, right?
| worldofmatthew wrote:
| Second hand phones are a shit-show, full of hidden costs
| (often at least new batteries and paying to check if it has
| been stolen) and people treat their phones like crap, meaning
| once the often one-month warrently you often get will not
| matter much once the phone starts bootlooping after three
| months from damage caused by the last owner.
| morsch wrote:
| Used goods sold by a business carry a 1 year (minimum)
| warranty in the EU.
| worldofmatthew wrote:
| Good luck proving that the last owner dropping the phone
| over and over caused the bootlooping and you would have
| to spend more than the cost of the device to take someone
| to court.
|
| Poor people de-facto don't have those legal rights, only
| what the seller is willing to allow.
| morsch wrote:
| If it happens in the first 6 months, you don't have to
| prove it, the seller has to prove you did something to
| cause the bootloop[1] (and it's usually not worth it to
| them). I've had good luck with warranty claims beyond the
| 6 month period, when sticking to reputable sellers.
|
| [1] https://europa.eu/youreurope/citizens/consumers/shopp
| ing/gua...
| Hackbraten wrote:
| All those same problems have applied to used cars for more
| than one century. There's still a billion people who drive
| used cars.
| worldofmatthew wrote:
| Phones are always going to be harder to repair, because
| of their size.
| Ensorceled wrote:
| The latest iOS supports 6 year old iPhones ... this law seems
| pretty reasonable give that a iPhone 6 is unsupported but is
| still a solid device.
|
| Just looking at the iPhone release list, I we should be doing
| something like full product support for at least 5 years, full
| software support for 7 years, security updates for 10 years
| (iPhone 5 and up).
| whoknowswhat11 wrote:
| I love it how android phones ship with 1-2 year old software
| and NEVER update, and folks are complaining about iphones :)
| internet2000 wrote:
| Why are you moving the goalposts just because iPhones meet the
| potential requirements as they are?
| Ensorceled wrote:
| Where am I "moving goal posts"? I'm saying the law is
| reasonable because clearly Apple could follow it and, hence,
| so could other manufacturers.
|
| Then said I'd go further.
| ComputerGuru wrote:
| You misread. GP specially says they think the law makes sense
| because currently an iPhone 6 isn't supported but they feel
| it should be.
| Ensorceled wrote:
| And clearly could be! Apple just drew an arbitrary line at
| 6 years, 7 would be doable.
| _trampeltier wrote:
| I agree with just not complete with it. It is just important to
| keep the software actual / safe. Not new features, like Apple
| does it with full OS upgrade. Not to raise the price for 7 years
| for spare parts is BS and far from reality.
| ho_schi wrote:
| Providing firmware-updates and spare-parts (especially batteries)
| should be a requirement for all-purpose-computers i.e. laptops
| and desktops. And also for smartphones with user replaceable
| operating-system. For devices which are only appliances
| (smartphones with boot-lock and worse) this also extends to the
| operating-system itself.
|
| This makes devices more expensive? The prices will be higher but
| the value you get also. I'm talking about companies which uses
| adhesive strips and unusual screws with tiny buckles (Apple -
| iPhones) or the ones which glue the display onto the baseboard
| (Google - Pixel). Or companies which used to provided user-
| replaceable batteries with notches, which now uses screws inside
| the device (okay!), but now also a firmware to ensure that the
| user won't get a replacement battery some years later (Lenovo -
| ThinkPad). Otherwise Lenovos ThinkPads are good example, step-by-
| step manuals, explosion diagrams, well maintained replacement-
| part numbers...and yes, more expensive.
| Popegaf wrote:
| I'd go even one step further: EOL software and hardware should
| be forced to be open-hardware (at least open schematics) or
| opensource. If you're not willing to support a product anymore
| then it should not be possible for it to simply turn into a
| brick because you turned off a server.
|
| This would either create a market where companies will sell the
| license to support old products to other companies, or old
| hardware and software would finally be able to be supported by
| the community. There wouldn't be a need to reverse engineer or
| develop stuff in a "clean room" for fear of litigation.
| shadilay wrote:
| I really like this idea. I know in the business world a lot
| of EOL products get spun off into companies that maintain
| support.
| vhgyu75e6u wrote:
| Sounds great until companies sell the license to
| maintenance as the last buck to squish from a product to a
| third party that will jack up the price just to keep the
| service running. Better to either force an open
| source/schematics approach and let the community keep it,
| or force to sell a certain number of licenses for
| maintenance.
| oytis wrote:
| Imagine powerful and lightweight laptops only sold in Americas
| and Asia while in Europe one will only be able to buy bulky
| (because repairability) and slow (because high-end
| manufacturers focus on less regulated markets) versions.
| BeFlatXIII wrote:
| That's what grey-market imports are for!
| goodpoint wrote:
| > This makes devices more expensive?
|
| No, it makes them cheaper by pushing back planned obsolescence.
| chrisseaton wrote:
| > The prices will be higher but the value you get also.
|
| Not everyone values repairability.
| pjerem wrote:
| Your statement is valid for individuals. But as a society, we
| could value reparability. And laws are there to enforce what
| the society values, not the selfish individuals you and me
| are part of.
| matz1 wrote:
| Society is a collection of individuals.
|
| >But as a society, we could value reparability
|
| Only if there is large enough individuals who value
| reparability.
|
| >And laws are there to enforce what the society values
|
| That laws exist when there is enough individuals to support
| it.
| chrisseaton wrote:
| But we know society doesn't value repairability as they
| don't prefer repairable devices in practice.
| [deleted]
| shadilay wrote:
| I as an individual hardly have a choice. If they offered
| a version of the next samsung phone with a removable
| battery I'd probably buy it.
| chrisseaton wrote:
| If that's what you want then you be the one to build it
| or pay someone else to build it.
|
| Why should the rest of us pay for your preferences?
| cybernautique wrote:
| This is an odd question. There are "losers" and "winners"
| with the state of any market. Currently, those of us that
| prefer repairability are the "losers" in the smartphone
| market. I therefore put your question back to you.
|
| Why should _we_ pay for _your_ preferences?
| google234123 wrote:
| Because you lose the vote (we voted with our wallet the
| other way). Anyway, there's plenty of room for niche
| companies to serve your market.
| chrisseaton wrote:
| The current situation is people providing the products
| they want to.
|
| Yours is the position of applying state force to make
| them do something they don't want to - the burden to
| justify is entirely yours.
| morsch wrote:
| Why do you think the market is providing people the
| products they want? This may be self-evident for you; it
| isn't for me. Markets are useful, but they don't work
| well. People want to be forced to spend an extra buck for
| guaranteed free returns and another extra buck for
| minimum warranties, and maybe another buck for 7 year of
| updates. They also want the resulting costs to be
| distributed amongst everyone, which makes them trivial.
| This isn't a particularly unusual idea in a continent
| that has tended to embrace socialized healthcare.
|
| A big enough majority of people wants it, anyway, to vote
| for representatives that write these laws. I'm sure there
| is a small minority of oppressed Randians who suffer
| terribly from all of this.
| LadyCailin wrote:
| If there was no e-waste, you'd have a point. The problems
| come when negative externalities are not priced in. Then
| we're forcing people to pay those costs, though they may
| be distant in time or space.
| selectodude wrote:
| https://www.samsung.com/us/business/mobile/phones/galaxy-
| xco...
|
| There you go.
| azinman2 wrote:
| Just know it'll be at least 2x as thick if not more.
| bombela wrote:
| Google Pixel 3a XL: 7.6mm Samsung X Cover: 10mm
| (replaceable battery)
|
| It's definitely thicker. But not double.
| morsch wrote:
| https://www.gsmarena.com/compare.php3?idPhone1=10001&idPh
| one...
|
| 10 mm vs 7-8 mm for class leading phones. Maybe the
| Xcover Pro is rugged enough to use it without a
| case/sleeve ("Drop-to-concrete resistance from up to 1.5
| m"), so it might end up being _thinner_ in practice.
| Railsify wrote:
| Shouldn't be a problem if they quit releasing new models at the
| same rate they are now.
| ajmurmann wrote:
| How about enforce that vendors publish how long they will support
| the device and hold them to the promise. Consumers can then
| decide if they go with the vendor or device with the longer
| support timeline. If it's a real differentiator vendors will
| compete on support. I expect though that that won't happen
| because most consumers won't pay attention or simply don't care
| or need 7(!) years of support.
| steviedotboston wrote:
| Apple already does this
| zxcvbn4038 wrote:
| I love that they are closing all of the loopholes at the start -
| can't raise the cost of the replacement parts over time, have to
| deliver them within a defined timeframe, etc. Combine that with
| meaningful penalties for non-compliance and I'm sure there are a
| lot of executives cursing.
|
| I'd love to see the same thing applied to lightbulbs - instead of
| throwing away the entire bulb because 1/n leds have failed, be
| able to replace the failed led. I've seen a number of YouTube
| videos where a guy tears down "burnt out" led bulbs and every
| time he'll find a single led that is dead or dying and he'll
| bypass it and the bulb works fine. However he usually destroys
| the plastic bulb piece getting it open - would be great if those
| screwed or snapped on.
___________________________________________________________________
(page generated 2021-09-06 23:01 UTC)