OS EOL (was: [Bug 19998] The non-appearance of Polygon graphics in LC)

Richard Gaskin ambassador at fourthworld.com
Thu Jul 12 14:33:43 EDT 2018

Bob Sneidar wrote:

 > Each of these Mac OS exploits require that the end user install
 > something on their computer, or allow it. As far as the doorstop
 > comparison, well that comment is a bit of a red herring now isn't it?
 > Brand new computers with current AV definitions and a completely
 > updated OS involves "some degree of risk".
 > My point is that if you use a computer in such a way that it performs
 > it's job as it always has, an internal SQL server with no exposure to
 > the internet for example, then all other things being equal, it's not
 > obsolete by a certain definition.

How often do computer vendors advertise their network-capable products 
as not being fit for use on networks?

I suppose we could slice and dice to come up with all sorts of 
definitions.  Here's where I'm coming from:

Somehow this conversation became mistaken for one of brand advocacy.  I 
mentioned macOS 10.7.5 only because that's the version Richmond isn't 
allowed to upgrade beyond. Those who've been on this list a while have 
seen me use the phrase "not safe to use" for any brand of OS that has 
reached end-of-life (EOL).

If this has to be about one brand, I think there's an argument to be 
made that Apple does a better job in some (but not all) areas of 
security.  But they're not a magic pony.  There is no magic pony.  Even 
the best software is just imperfect humans making imperfect systems 
riddled with flaws waiting to by found by someone with an IQ north of 
160 who devotes their life to finding such things.  And they do, new 
ones every week.

If the phrases "safe to use" and its corollary "not safe to use" are 
uncomfortable, I got nothing for that.  I come across them frequently in 
discussions of OS EOL.  Given how many exploits are made possible by 
unpatched systems, the more I read on the subject the more I come across 
those phrases.

In this context, "obsolete" refers to a product comprised of hardware 
and software where the software half of it has reached what the vendor 
has determined is "end of life".

True, it's possible to extend the useful life of a computer by limiting 
oneself to a much narrower range of tasks than the product was 
originally designed for.

Another option is to replace the EOL'd software half of the product with 
something that's kept current. Given the cost, ease of updating, and 
well-published EOL dates for most distros, Linux makes a logical choice 
for that, since it supports a much broader range of hardware than any 
other OS.  But even that isn't brand advocacy (if it were I'd be 
suggesting that everyone replace their OS before the vendor EOLs it 
<g>), but merely pragmatism for those cases where the vendor provides no 
upgrade path for the now-EOL'd OS.

But neither of those options, viable as they may be for some users, are 
part of the product offering as sold.  Once the software half of a 
product no longer has an option to remain current with critical patches, 
the product as originally offered is no longer fit to serve the role it 
was designed for.  One word commonly used to describe a product beyond 
end-of-life is "obsolete".

Knowingly running unpatched systems is kind of a problem.  I don't feel 
at all uncomfortable encouraging folks to aim a bit higher than an Oingo 
Boingo security policy:



  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  Ambassador at FourthWorld.com                http://www.FourthWorld.com

More information about the use-livecode mailing list