UK.gov wants mobile makers to declare death dates for their new devices from launch

Re: Force open source instead

@Brian Miller,

I came here to say the same.

If the vendors won't support it, make it free so that we can support it ourselves, or refund the price we paid for it, or give us a free upgrade to the next product that you will support.

We have to get out of the 2 years then land fill approach with technology.

Re: Force open source instead

Better yet, just allow folks to flash whatever the hell they like to their phones and have the warranty cover only the hardware regardless of software.

While they're at it, if they can make the flash chips socketed, that'd be great. I don't care if the socket makes the phone thicker...fill the extra space with more battery.

Re: Force open source instead

Once a product stops being supported, last update should unlock any protection that stops 3rd party OS's being installed, many a good phone or tablet has plenty of life left in them.

Re: Force open source instead

Somebody still needs to maintain the open source software for all those devices - and on mobile, each chipset is different, so you can't just use a single image, like you can with x86/x64 software. It has to be tailored to the hardware.

That means, once end-of-life from the manufacturer is reached, somebody, somewhere needs to actively continue support. OSS makes that theoretically possible, but you still need the developer resources to backport it to hundreds of different types of device and test it.

Being open source would help, but saying "it has to be open source", without ensuring the developers are there in the background won't help. An abandoned OSS project isn't any more secure than an abandoned close source system.

Android is, essentially, open source, just the Googly bits on top (that actually make it usable for most people) aren't. But you still need someone to backport the newest fixes to older versions / hardware - going to a newer version might not be possible, because it requires more enhanced hardware than that found on older devices E.g. a move from 32-bit to 64-bit would stop newer versions being used on older, 32-bit only, hardware.

Re: Force open source instead

"Instead of publishing a death date, force the manufacturer to publish the OS as open source, so we don't have to toss a good device into the landfill"

There are two things I don't understand. The first is, how would you justify the government stealing a manufacturer's OS code? The second is, how would having an open source OS stop a good device from being tossed into the landfill?

Wouldn't recycling and making long living devices be much better?

Re: I know, that isn't so popular with the manufacturers, either.

I don't want another device to manage, thanks. That's work.

A consumer device should be a consumer device. If an "EOL" date becomes a common thing then manufacturers will have to compete on providing the longest lived devices.

Re: Force open source instead

this is noble (no sarcasm intended!) but totally unrealistic, because the mobiles have become, to quite some extent, portable vaults with id-related and bank-related apps. There is a reason why banking apps refuse to run on rooted handsets. If bootloader is 'locked', there's a chance it would be hacked with malicious admin account run in the background, but that chance is (relatively) very low, when the bootloader is locked and code locked away with this or that handset manufacturer. Sure, they do get compromised, but no such major leaks have been reported, which looks to me like this resource is - for now at least - relatively secure. Likewise, the govs that want to put various digital ids and vaccination apps on people's mobiles, will follow banks' example and will not allow their apps to be run on 'compromised' systems. So, in essence, open source is a great idea (and I wish I could un-fuck my mobile and take relatively full control) - but it will not work, it will not even be considered. Not with human kind, not the way it thinks, reacts, behaves.

Re: Force open source instead

Just because a manufacture EOL’s a particular device, it doesn’t mean that the code is not reused for later devices, so it’s a non-starter to expect them to open source it.

In addition, some of the code may not be theirs to open source - a manufacturer probably buys-in an OS (and possibly add-ons to that OS)

Re: Force open source instead

At least force them to provide either

* the full specs and open source any firmware/software and underlying services

* a working non-smart use-mode

E.g. the refrigeration of a "smart" fridge typically outlasts the bolted-on infotainment and/or stock management. Thus, if the fridge's OS is end-of-life, I want to shut the "smart" stuff off, and run the fridge as a mere fridge. We don't need any more e-waste, especially when it comes to devices containing refridgerants that are by orders of magnitude more potent greenhouse gases.

Signed images

As pointed out already, a lot of UE's use open source already. Even iPhones!

However they don't allow the end user to load an image on, unless it has been digitally signed.

Therein lies the problem.

Re: Just security, or functionality as well?

It would be nice if end of support or at least minimum support periods were published for all paid for apps, programs and services.

Nowadays the process for bringing out new improved anything has little to do with progress and everything to do with marketing and driving new sales.

Consumers are no longer customers, they are merely a resource to be tapped when a product is superceded by a new one.

Re: Just security, or functionality as well?

At the end of the day, functionality updates are nice to have, but security updates are critical to the use of the device.

I can still use the device with an old UI that is missing some features that newer devices have, but if it is vulnerable to known security flaws, I'd be a fool to carry on using it.

It would be nice to have them, and they should be provided for the first few years, but I can see it like extended support on Windows (pre 10), for example, where you get feature updates for the first few years, then it goes into extended support, where only security fixes are sent out.

They have to fund those new features somehow, the only way, currently, is through the sale of new hardware. If you paid for the OS on a subscription basis, that would be another matter entirely, or you would have to pay significantly more for the devices to cover feature updates over a longer period of time.

I suspect very few would be willing to pay for that.

Weirdly I actually wouldn't buy a gadget if it only offered 5 years. I also think if people saw a defined "death date" it would reduce the likelyhood of an impulse buy.

Might just be me and the fact that I expect better for my money. I write shite to last more than 5 years, why should I not expect the same?

Even better still?

Maybe the best situation would be to deliver devices that aren't riddled with bugs in the first place. It would be lovely if all this kit didn't need "support" to stop it falling over. If it was your house or a road bridge, you'd never put up with constant "updates".

Re: Best before dates.

Thats a good idea... but runs into a very technical problem.

You dont sell your kit here means that that leaves the market open for someone else to.

And if theres one thing that the mega corps really hate its losing money that could be stuffed in their tax haven instead of ending up in their competitor's tax haven.

Re: Best before dates.

France has something similar, Germany is planning this as well and France has also forced an "repairability" index on device manufacturers, spare parts for a minimum of 5 years etc.

Correction?

Is someone trying to have a dig at Which? or just slack work?

From their own site - they claim to be completely independent - https://www.which.co.uk/about-which/who-we-are

Maybe referring to their status as a 'Body Designated to make Super-complaints' which presumably the current Secretary of State for Business backs or else he could remove their status: https://www.legislation.gov.uk/uksi/2009/2079/made

re. 'Gov-backed consumer org Which?'

gov-backed = tax-backed= your-money-backed.

Re: Default Passwords

Two ways:

1. On first startup or factory reset, don't allow anything to run until someone logs in and sets a password.

2. Set a default but random password that's used on first startup or factory reset, only put this password on a sticker set on the device itself.

Both techniques can be combined.

Re: Default Passwords

The law shouldn't ban publishing the default passwords. It should ban having a default password. Out of the box, it has no password. When someone wants to use it, they have to set the password. If they forget the password, they use the physical reset and it loads the factory firmware, allowing the user to set the password and reconfigure.

Now for things given to less technical people, this can be annoying. I know for a fact that my family does not know the passwords to their internet equipment because I set it up. However, they need to balance the risk of annoyance for people who have to set a device up from scratch versus the security nightmare of having lots of things with default passwords. If the default password is "password", "admin", or the product name, not publishing that is not going to stop people figuring it out.

Re: Default Passwords

Recently had someone ask me about a locked iPad. Girlfriend lock it, they split up and she said he could keep it. She's headed back home to the US and doesn't want anything to do with my mate. Apple refused to unlock the device with the owner's express consent. Second person I've told that if Apple won't unlock it then it's screwed.

So a £500 device is about consigned to the local council's e-waste dump skip, meanwhile kids in schools can't get enough IT kit and the planet is choking.

I'm not Apple bashing, I love some of their kit but I would never own one of their mobile devices due to this practice of not wiping and allowing recycling of locked devices simply 'cos they don't want to get sued.

Re: A bit of sympathy for the Devil here.

Oh dear, how sad, never mind. What's for tea?

This is for security updates. Not for OS updates.

If it means that it means there's fewer cheap devices as manufacturers now have to get assertions from the chip producers to support for several years, and less landfill, then fair enough.

The security and environmental cost has to be met some time.

Re: A bit of sympathy for the Devil here.

Most LTS releases for Linux distributions limit to 5 years--from the original release.

But that is not a problem since it is not very hard for the user/owner to upgrade your laptop/... to the next LTS release. The problem is things that cannot be upgraded at all once the vendor has lost interest.

Re: Finally!

I wish my smartphone had a barely touched Android. My last two phones were emergency replacements for the previous ones wearing out after 5+ years of use. Both had copious amounts of touch to Android by not only the manufacturer, but also the carrier. I have used extensive measures to get back to generic Android as closely as I can without breaking thinks. I have tried the custom ROM route also. It's my phone not your spy tool or ongoing revenue generator. I use a smartphone for a handful of particular apps I use for my revenue generation.

Re: Finally!

BinkyTheMagicPaperclip: "It wouldn't be accepted if your three year old computer had to be thrown away."

Indeed, my father got his current PC some time ago, it runs Windows XP, I believe, is connect to the mains power supply and the printer and still works. Of course he has to store stuff on 'floppy disks'. But not only is it air gapped from the Internet but no thief could possibly want to steal computer with such a low resolution CRT display. (He is 93, and when he got it did not see the point in any long term investments in equipment as he wasn't expecting to be around for very much longer. He still walks to the shops every day.)

Re: Death Date

Probably worth watching The Brand New Testament, or reading the Machine of Death collection to see the downside of that.

Re: yet a great number still run older software with holes in their security systems

not in the broadband fashion of 'up to 5 years'

Don't even get me started on that particular egregious abuse of the English language for the purposes of marketing. Suffice it to point out that "up to" means any number less than, including zero.

So, "removes up to 100% of flakes" means "may do nothing", "up to 1GBPS" means "may have a transmission rate of zero", "up to 80% of correspondents loved it" means "everyone might have hated it", and so on.

Re: the problem the manufacturers have is that if a product flops or fails to sell well

The problem the manufacturers have is that if a product flops or fails to sell well enough, they would be legally obliged to support it for some considerable length of time at their cost.

I don't see this as a problem.

If, rather than just throwing a bunch of shit at the wall and hoping some of it sticks, this forces manufacturers to actually think about their products, how they will support them long term, and take the time to make them worthwhile purchases, IMO that can only be a good thing.

Re: Guarantees?

"Customers would know when a new product was going to be announced because a successful product would be nearing its mandated end of life, so would hold off buying the latest version of fondleslablet* knowing that a new release would basically have to be around by a certain date."

I don't think that's a problem. If the guaranteed support lifespan was five years, that's already much longer than the typical cycle. IPhones are good examples of this--they already have about 5-7 years of support, yet they make a new one every year. People tend to buy new ones for the features or because their previous one broke. Most people either buy one when they decide it's good enough or keep their old one until it doesn't work anymore. They do tend to wait until October to see whether the new one is interesting, but they won't wait the full five if they're considering a purchase already.