Can't there be a law that says something like "you can't release new hardware while you have unpatched older hardware still in use"? Recall or update your stuff first, release new things second.
simpler. Just open up the firmware when EOL. So a 3rd party can patch it.
Stop e-waste and planned obsolcence.
If you fear loosing sales on new HW, make it significantly better.
Yes, that would be better. I have a drawer full of old iPhone and Mac devices that are practically blobs of ewaste because their OS doesn't update.
It would be nice.
Though, as a life-long Android user, I've been jealously looking at how long apple have actually been supporting their iPhones (at least since the iPhone 6) and I'm seriously considering switching.
The 6S, 7, 8 all got feature updates for 7 years, and are still getting security updates after 9 years. The iPhone XS is still getting feature updates after 6 years. On Android, you are lucky to get 3 years of feature updates and 5 years of security updates.
Google do seem to be improving here, with 7 years of support for Pixel 8 and 9, and 5 years for Pixel 6 and 7. Earlier models got 3 years which was barely acceptable.
> Just open up the firmware ...
Two major issues:
- "a 3rd party can patch it" != "a competent and non-malicious 3rd party will bother to patch it in a timely manner". Let alone "Joe User will search for, find, correctly identify, and install that saintly-3rd-party patch". At best, this would modestly reduce e-waste & obsolescence.
- Outside of maybe Apple, nobody selling little network products is designing their own silicon, or even has authority over all the IP in them. The latter is often locked down by a web of (international) supplier contracts. Trying to force retroactive changes to such contracts, at scale, could become a 1,000-lawyer disaster.
It's not without challenges but we need to want it. Apple or whatever will never make it easy just from the goodness of their hearts.
Consider Asahi linux with their years long efforts to make it possible to use something else as an OS on the Mac. Or something like broadcom drivers that's now practically a meme.
If I "buy" something it shouldn't come a blackbox inside.
Well, the only way is the usb-c way. Via regulation.
Yes there will be resistance. There will be foul play. But tectonic shifts will happen over time. And the ecosystem will evolve and thrive.
Not every product will be supported by 3rd parties. But it would open a market, often smaller and local actors.
If it raise only a handful of hobbyist learning opportunities, i already call it a win.
The European Union has the Cyber Resilience Act, which will most likely become effective / mandatory by the end of 2027.
https://en.m.wikipedia.org/wiki/Cyber_Resilience_Act
Skimming the regulation text, it seems it requires the manufacturer of a connected device to report on and quickly fix vulnerabilities within the device's "support period". The support period for device classes still has to be determined, but it seems it is a vital requirement for a device to get a CE certification (without which it otherwise is not allowed to be put on the EU market).
These devices were produced back on 2011 I believe. Even with the CRA, I don't think much would change. A decade is definitely the high end of reasonable required software support for cheap budget NASes in my opinion. Of course stores would be forced to stop selling any remaining stock of them, but I doubt that's much of a problem, really.
How would that be defined? What about low CVEs? Does that mean a company cant release a keyboard while theres unpatched network switches? What about devices that are hybrid like no releasing DSL modems but what if it has an integrated switch? Does that mean no switches too? Whos going to enforce this? I cant see a way this would't be turned into a "game the system" and wouldn't solve the unpatched product problem at all.