- cross-posted to:
- technology@slrpnk.net
- cross-posted to:
- technology@slrpnk.net
MacBook Air owner?
2018/2019 models are losing #Apple support.
#OptGreen with #GNU/#Linux to keep your device in use! These machines will run beautifully for many years to come.
Not only wallet friendly, #upcycling keeps CO2 emissions out of the atmosphere. Ca. 75% of Apple’s emissions comes from production alone (details in alt text).
Sustainable, independent #FreeSoftware: Better for users, best for the #environment.
On the other hand, I can put an open OS on my Android and get security updates long after the manufacturer has abandoned it. Can’t do that with an iPhone. (But honestly, few Android devices make it easy, and none that I know of allow every little part of the system to be supported this way.)
It’s about time we started legally requiring manufacturers to unlock our hardware when support ends, and release the driver specs ahead of time, so the open software community can take over support. The unending accumulation of e-waste due to nothing more than abandoned software is unforgivable.
This goes hand-in-hand with the right to repair.
100% agree. You’re not selling the hardware anymore, leave it in an unlocked state. Same with games.
You can format the Mac and put Linux on it and get updates forever as well.
Edit: or you could when it was x86… not sure where Mx stand on that.
Asahi Linux is in a daily driver state.
Debian does regular ARM builds and that would likely work
Edit: I run it with VMWare Fusion on a VM
Asahi Linux are working on it, should be pretty polished by the time the M1s stop getting updates.
@mox @manualoverride while I absolutely agree with your position, also keep in mind that this has security implications.
Beside the fact that most vendors dont even use all the patches available from AOSP, no custom ROM project can backport all patches. Sooner or later this means there are devices that cant be securely used anymore, unless someone does the effort.
a vendor concept with a subscription could solve this I guess or enough support for an open project e.g. @GrapheneOS
@brahms @mox @manualoverride
OEM support for the device is needed because an alternate OS cannot provide firmware updates otherwise. In practice, driver updates also come from the OEM. Providing the Android Open Source Project backports is nowhere close to full security patches. It’s unfortunate that most alternate operating systems mislead users about this by setting an inaccurate Android security patch level field, not being honest about what’s missing and downplaying the importance of it.
@brahms @mox @manualoverride
Firmware and driver patches are not any less important than generic OS patches. A high portion of critical severity patches are for drivers.
Android Open Source Project has a new release every month. These are monthly, quarterly and yearly releases. Yearly releases move forward around 3 months on the development branch. Since Android 14 QPR2, quarterly releases also do the same and just leave most new feature flags disabled. These are required for full patches.
@brahms @mox @manualoverride
Android Open Source Project provides backports of most but not all High/Critical severity patches to the initial yearly releases of Android 12, 13 and 14 for devices which have not updated to the latest release (currently Android 14 QPR3). The combination of these backports with baseline firmware/driver patches form the Android Security Bulletins referred to by the security patch level. This is not the full set of security patches, just absolute bare minimum.
Firmware and drivers can be made open, just as other software can be made open. It’s really just a matter of incentives. In my experience, law tends to be a pretty effective incentive.
If the bill of materials included the legal requirements discussed here, then a component supplier would either start producing open firmware/specs, or they would lose that market to another supplier.
Obviously, Android would not be the only project/product affected by such a legal change.
@mox
Firmware being open or closed doesn’t make any difference to the OEM needing to provide updates since it has to be signed as part of the basic security model. Having the source code doesn’t mean you can update it.
Having the source code and the ability to update it also doesn’t mean anyone is going to do it. See the kernel drivers which are entirely open source.
The firmware that’s part of the Android project is open source such as Trusty OS. The firmware doesn’t come from Android.
@mox
Open source does not solve this even if all the code could be updated. There are not people who take over maintaining all of it.
There are alternate operating systems which mislead users about what they provide including setting an inaccurate Android security patch level. They don’t take over maintenance/development of a whole bunch of device specific components but rather hack around their lack of maintenance/development to get new OS versions running on top of abandoned code.
@mox
Landing kernel drivers in upstream projects doesn’t magically give them any real maintenance. Upstream Linux kernel source tree is full of broken drivers which have bitrotted due to the immense churn. Most of the drivers aren’t tested as part of the development process. This is why essentially all production usage of the Linux kernel outside VMs is stuck using an LTS branch very long term with the need to do a lot of stabilization and bug fixing to move to a newer LTS branch.
@mox
Offloading work to an imagined community of people who are going to take over maintaining firmware and drivers isn’t a solution. There are generally not people who are going to take it over. They’re only going to do the bare minimum to keep devices mostly working while telling people everything is fine and they don’t actually need those pesky security patches despite how important they are.
That would be nice for iPhone, I’ve got a perfectly fine iPX that I’m only going to upgrade because my banking apps are going to drop support for iOS 16 soon