BlueLightning

avon b7 said:

With a little luck legislation will pass that will force companies to support products for longer and make support tems known to customers at purchase time.

If a product needs some kind of vendor software to fulfil its advertised use, then that should be maintained for the life of the product. There is little obligation to add new features but patching security vulnerabilities should be an obligation, along with fixing bricked or otherwise impacted out of warranty devices that suffer due to firmware upgrades etc.

There needs to be a huge change in mentality in this area and there's no doubt in my mind that a yearly upgrade cycle for major software is too fast to manage safely. 

Careful what you wish for:  Adding legislative requirements will likely increase initial purchase price.  It would only apply to the countries/states that enacted the legislation.    Imagine if Microsoft was required to support Internet Explorer for another 7-10 years...  IE won't run on Windows 11, and will no longer be supported on Win10 in about a year.  IE hasn't been supported on a handful of other OS's for a long time.  Sometimes you can buy legacy support for some products (generally at high prices).  I understand one US Government department was still paying for OS/2 operating system support from IBM fairly recently, which must be an extreme example.  Microsoft sometimes offers support for software products to corporations after normal end of life, generally for a fairly high price.  Other software and hardware suppliers have similar policies.  Usually, paid support after end of life is not made available to individuals.  Companies can sometimes have third party support after end of life for hardware/software (also at relatively high prices).

New legislation would likely only apply for purchases made after the date such legislation was enacted.  In the case of software and hardware, the warranty generally explicitly defines support length.  Most software and hardware warranties limit liability, state that if you disagree, your option is to return the item. Many say that disputes must be settled by arbitration (not in court), and that if you do not win the arbitration, you pay the cost of arbitration (including any costs incurred by the other party).  End of life in software and hardware is generally defined on the manufacturer's website, and does not mean the length of time the device/software will actually run.  I still see Win95 occasionally, and suspect there are some pre-WinTel PCs (Z80s and such), and pre-Intel Macs (Motorola 68000) still running, but neither has been supported for a long time.  

Such legislation would potentially lead to similar legislation against car/truck manufacturers, car/truck parts manufacturers, appliance makers, financial products, food items...   

"if Apple had such a good SOC design team they also would have dumped Intel in favor of getting macOS and iPadOS on the same hardware platform years ago."

Actually, Intel was given the opportunity to produce chips for the original iPhone years ago, but passed on the opportunity.  By the time Intel stopped reporting separate results for mobile chips, they had lost $5 billion.  Now Intel struggles to keep up with the world's largest chip manufacturer (by market capitalization), TSMC (ticker TSM).  Intel is years behind TSMC, due to failure to invest in new equipment for chip manufacturing.  AMD, Apple and many others only do chip design, and give manufacturing contracts to the best chip fabrication companies.  Right now, most 7nm chips are made by TSMC.  By the time Intel gets to 7nm, TSMC will be producing 3nm chips, with much better speed, lower battery consumption and less heat output than Intel.  

One of the reasons Windows Phone failed was that MSFT tried to shoe-horn bloated Windows into a mobile phone.  Another was that MSFT did not act fast enough to prevent Apple and Google (Android) from gaining a dominant market share.  No one wanted to develop for Windows Phone, or developed for it only after Android and iOS.  By the time Windows Phone development was killed, it had less than one-half of one percent of world phone sales marketshare.  Most of the current GUI Apple OS variants are derived from BSD Unix (by way of NextOS, then OS X/MacOS), but have user interfaces tailored to the device.  Android is largely based on Linux.  Both BSD Unix and Linux are multi-platform, while full implementations of Windows run mostly on x86.  The ARM Windows emulator seems similar to WINE for Unix/Linux.  (WINE = Wine Is Not an Emulator, meaning it is a compatibility layer, used by developers to port software from Windows to Unix-like systems).  

Most of the chip design and fabrication companies poach employees from each other.  Apple picked-up a large number of Intel employees with the acquisition of the majority of Intel's cellular operations.  All of the most recent iPhone models have Intel cellular chips.  Apple has acquired chip related employees from AMD and IBM.  Apple may also have some folks from GlobalFoundries (which acquired chip manufacturing facilities from AMD, Samsung and IBM about a decade ago).  GlobalFoundries and TSMC do a lot of chip manufacturing for a lot of firms (AMD, Huawei, IBM and many of the major phone manufacturers in the US and China) that design their own chips, then contract out for manufacturing.  Few (if any) of the major cell phone brands do their own SoC/CPU/GPU chip manufacturing.  Samsung was planning to spend billions to re-enter cutting edge chip manufacturing, but has backed away from that major expense.  

Not familiar with the boot ROM chip or the boot process on an iPhone, but if something similar to an erasable programmable read-only memory chip (EPROM) is used, it could be rewritten with new code that would be resistant to the attack.  My impression that cell phones are infrequently reset/rebooted/restarted, but usually put in a sleep state between uses.  

Remember the missing disk drives at a number of nuclear research labs?  Government security is an oxymoron.  Bet this will be in the wild in no time.  

Several countries (including some of our allies) have laws stating disk/memory encryption is illegal (with severe penalties).  US government and others have been collecting huge amounts of data on US citizens since the 1980s.  Where collection is illegal, one of our allies is employed to collect the data.  US and other governments have access to a fair number of encryption keys.  This is just more of the same...  

Sounds like the EU/European Commission should go after Spotify, Kidslox and others for not respecting EU laws on data collection. Wonder if the vendors disclosed what they were doing in the software agreement? These apps. could pose a security exposure risk for phones/tablets that may have corporate development data or military-related data (some non-kids may have installed the apps.). Same concern where similar apps. are available for desktops/laptops. Hopefully, corporations would detect the potential exposure, but smaller firms likely would not.