OS EOL (was: [Bug 19998] The non-appearance of Polygon graphics in LC)
Richard Gaskin
ambassador at fourthworld.com
Thu Jul 12 14:33:43 EDT 2018
Bob Sneidar wrote:
> Each of these Mac OS exploits require that the end user install
> something on their computer, or allow it. As far as the doorstop
> comparison, well that comment is a bit of a red herring now isn't it?
> Brand new computers with current AV definitions and a completely
> updated OS involves "some degree of risk".
>
> My point is that if you use a computer in such a way that it performs
> it's job as it always has, an internal SQL server with no exposure to
> the internet for example, then all other things being equal, it's not
> obsolete by a certain definition.
How often do computer vendors advertise their network-capable products
as not being fit for use on networks?
I suppose we could slice and dice to come up with all sorts of
definitions. Here's where I'm coming from:
Somehow this conversation became mistaken for one of brand advocacy. I
mentioned macOS 10.7.5 only because that's the version Richmond isn't
allowed to upgrade beyond. Those who've been on this list a while have
seen me use the phrase "not safe to use" for any brand of OS that has
reached end-of-life (EOL).
If this has to be about one brand, I think there's an argument to be
made that Apple does a better job in some (but not all) areas of
security. But they're not a magic pony. There is no magic pony. Even
the best software is just imperfect humans making imperfect systems
riddled with flaws waiting to by found by someone with an IQ north of
160 who devotes their life to finding such things. And they do, new
ones every week.
If the phrases "safe to use" and its corollary "not safe to use" are
uncomfortable, I got nothing for that. I come across them frequently in
discussions of OS EOL. Given how many exploits are made possible by
unpatched systems, the more I read on the subject the more I come across
those phrases.
In this context, "obsolete" refers to a product comprised of hardware
and software where the software half of it has reached what the vendor
has determined is "end of life".
True, it's possible to extend the useful life of a computer by limiting
oneself to a much narrower range of tasks than the product was
originally designed for.
Another option is to replace the EOL'd software half of the product with
something that's kept current. Given the cost, ease of updating, and
well-published EOL dates for most distros, Linux makes a logical choice
for that, since it supports a much broader range of hardware than any
other OS. But even that isn't brand advocacy (if it were I'd be
suggesting that everyone replace their OS before the vendor EOLs it
<g>), but merely pragmatism for those cases where the vendor provides no
upgrade path for the now-EOL'd OS.
But neither of those options, viable as they may be for some users, are
part of the product offering as sold. Once the software half of a
product no longer has an option to remain current with critical patches,
the product as originally offered is no longer fit to serve the role it
was designed for. One word commonly used to describe a product beyond
end-of-life is "obsolete".
Knowingly running unpatched systems is kind of a problem. I don't feel
at all uncomfortable encouraging folks to aim a bit higher than an Oingo
Boingo security policy:
https://www.youtube.com/watch?v=qpjHW4mr6qo
;)
--
Richard Gaskin
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web
____________________________________________________________________
Ambassador at FourthWorld.com http://www.FourthWorld.com
More information about the use-livecode
mailing list