Since this is, of course, tied to the Chrome browser on the computer, this means that there is no way for a six-year-old Chromebook to safely browse the web.
How is this justifiable, in terms of security?
Brought to you by the smartphone ecosystem. Smartphones are the most successful computers ever, but could a computer manufacturer pull off arbitrary update schedule, locked boot-loader and among other nonsense a decade ago? Now this has seeped into personal computers.
>this means that there is no way for a six-year-old Chromebook to safely browse the web. How is this justifiable, in terms of security?
Neither does in iOS, especially in iOS since all browsers are Safari WebViews and So once OS updates stop it becomes dangerous to even browse the web. 7 year old android can receive latest Firefox, but it's highly likely it never received a single OS upgrade in its lifetime.
For sure, the PC were the exception.
If you wanted any updates on 8 and 16 bit home computers, you would buy a new computer.
OEMs have learned that the PC was a mistake (from their point of view) and except for the surviving desktops, we are back into the 80's.
Five years longer than Google has supported it's own first party Pixel phones.
I understand your frustration though. I love ten inch laptops. That's about the perfect size for my use. I've got a 5.5 year old 10 inch Asus Flip Chromebook that still runs perfectly, but hasn't received updates since last Spring / Summer. There's really nothing else on the market, short of a iPad Pro 11 in a laptop-hinged case, that could replace it.
You might like the Lenovo Duet: https://www.lenovo.com/us/en/laptops/lenovo/student-chromebo...
Once the school year is over and she doesn't need it all the time I plan on replacing ChromeOS with Linux of some flavor.
Whoa. I guess some DRM scheme is forcing their hand?
I'm surprised because on Mac you can still use Netflix in Snow Leopard, if you install Silverlight and use the ancient built-in version of Safari. Netflix's support page seems to imply this will even work on Tiger, although I haven't tried it. https://help.netflix.com/en/node/23742
Cloudready is great though. I've tried it on multiple machines and had great results every time. Still hoping for a Cloudready Pi port now that Google owns Cloudready.
Chromebooks are primarily aimed at the .edu market. I assume there must be some data that a Chromebook rarely survives up to it's End of Life data.
But with Windows 10 running on ARM, who knows, we might soon be able to install a real OS on these devices!
Neither is it in terms of environmental impact.
Neither is it in terms of consumer rights.
There ought to be laws to ensure there is a defined and working path out of the garbage google operating system software stack to something that will be supported at the minumum. Still if you bought the device because you need the google garbage you get burned. So probably a giant "expiry date" on the lid announcing when the device will become unsupported so you can see the maximum useful life remaining of the device as originally sold at all times.
It's the sort of insane "but with a computer" that terminates all thought by politicians, public servants and most consumers so it gets a total end-run pass around all of our generally accepted modes of commerce that nobody would accept in any other field.
The inevitable car analogy. "We decline to make replacement brakepads anymore so you must now replace the entire interior and controls of your car to use something third party or drive completely unsafely." Just nuts. Linux and Firefox get security updates done for you for no cost if you're a vendor. Treating customer safety and public with contempt really should have consequences in computing as it does in literally every other field of commerce.
I've also wondered if a large enough school district could design it's own Chromebook to make them repairable. Having the display, chassis, logic board, disk, IO shield, keyboard/trackpad and battery be easy to disassemble. The idea being that when a machine gets damaged it's used to scavenge spare parts and rebuild complete machines.
Logic boards would most probably be updated to a newer revision over-time, and machines would silently get upgraded as they break, so you wouldn't even have to keep Chrome OS working any longer than it does now.
But this would pretty much require a California-sized district to agree to use the same model and buy them together. I don't see it happening.
Is there a right to (free) software updates? Should one be there? How long should the mandated updates/support last?
Updates should last as long as they say on the tin (eg "the lifespan of this laptop expires in jan 2022") when you buy it and it should be noted in bold that the machine should be considered unusable after that date.
Chrome OS already ships out of the box for these devices. At a cost of 0$.
And, and this is just me speculating, I don't think a lot of Chromebooks are still bootable 6 years from their release due to, well, being used by students who don't care much for them.
If it's aimed at the .edu market I think there might be some textbook "Nth edition" artificial obsolescence jealousy feeding it.
Good news, you already can: https://www.debian.org/ports/arm/#status
Or in terms of e-waste ...
Regardless of upgrades, Microsoft has generally made OS support commitments that are pretty clear, although they've often been extended, so you didn't necessarily have correct and complete information when you purchased; but supported until X, but possibly later is a lot better in my mind than supported until X and then abandoned, even if it's the same hardware as something else that continues to be supported.
Not as clear for software (Mac OS) updates.
That implies 5 years of support. Samsung is only offering bug fixes and security updates for up to 4 years from release though, not major releases. The iPhone 5s just got a point release this January, and that phone came out in 2013 so that's over 7 years and counting. The iPhone 5 also got 7 years of fixes (well, 6 years and 10 months).
Each new version of iOS/Android is more resource-hungry than the last, and expects better hardware to run it. Many people with Apple device complain, "This new version makes my old iPhone/iPad so slow it's practically useless." So in most cases, people want to keep using their old devices (presumably at the performance speed they were running previously), but they are compelled to stop using them when they stop receiving updates, because the unpatched bugs/exploits could put their data at risk.
While there are definitely many people who would like the latest-greatest OS on their device, I think a large number of people would be happy with their device's current OS, patched to ensure that it's not vulnerable to an active 0-day exploit.
Best of all worlds.
most people don't care about patch level either. if they care about OS versions at all, they just want the option to decline so their old phone doesn't get "slower". outside of my tech friends, no one I know takes security updates into account when purchasing a new phone and/or retiring an old one.
in any case, OS security updates are only part of the story. eventually important apps you use will require a higher OS version for updates. then you're using a secure OS, but possibly stuck using an old version of an app with its own known vulnerabilities.
On iOS, the bundled apps are locked to the iOS release. One of these is Safari - the only browser allowed on iOS. So to have a current browser it is critical to update the underlying OS too.
On Android, this is not the same. The apps are updated even if the OS is not; so you will have Chrome (or Firefox) in the current version, even if your vendor doesn't update the OS.
I count 43 of these fixes are for issues with the underlying AOSP platform, kernel and drivers. One of them is a Play Store codec update. Admittedly not all of those fixes are relevant to every device because some of them (about a dozen) are specific driver updates, but over 40 fixes in one randomly chosen monthly update isn’t trivial. This is what you lose when your device goes out of support.
Fragmentation on Android makes it worthwhile to only test on the flagship phones with a few different version. Everywhere else is pretty much too small to be worth the effort.
Android One is changing that. Now, some mid-range Nokia phones are at the very top of the list. Why? I just looked up what kind of Nikon cameras I could get, used, for the difference between a Nokia 5.4 and a Pixel 4. That settled it, with the camera being the main difference for me.
Suffice to say that both Nokia devices failed due hardware failures of the charge port. This happened 3 times to 2 devices. One device also just bricked itself out of the blue one day and needed to be returned. All this in about 18 months. Not great.
We have now gone back to Pixel 3a (wife) and 5 (me). Probably won't go back to Nokia anytime soon - the hardware quality is just not there.
Limiting myself to Android One, and around 200 - 250 bucks, what phones are out there? Are the Motorola ones any good?
My phone has worked great ever since.
If you like your phone, I would recommend you take a look before replacing it.
Considering the fast charging, like 20 minutes for 50% when charging through the laptop, I can even live with shorter-than-ideal battery life! Thanks!
if you bought your pixel 2 from google, there's a good chance you have a $100 google store credit sitting in your account. if so, that would bring the pixel 4a down to your price range. wanted to let you know just in case. I'm currently kicking myself because I forgot I had that credit and paid full price for the phone.
The world can not afford to let high tech devices rot away like they do.
I too am excited to see something done. Abstracting over the entire kernel is a helluva Extend-Embrace-Extinguish policy, but at least some updates will come. I remain doubtful that we'll see kernel upgrades though. Even though the whole device driver architecture is now abstracted from the kernel, now offered by Treble, I still expect there'll be a lot of compliance cold-feet & general-low-ambitions to support less-than-current devices.
The whole idea of kicking out a pervasively connected communications device that has a hard wall for how supported it will be, that no one else can help maintain, is just corrupt & vile. It's sad to see such mal-use of Linux.
Post script: I don't blame Google per-se for this all. Trying to applicationize a computing device, turn it from a general purpose system where thing can go wrong into a product that works reliably & can be let onto cellular networks is a difficult challenge, and against the grain of the highly hierarchical systems of power that have flowed in the world. None the less, it is sad to see an un-upgradeable Linux where owners can't get root, their apps will lock them out if they do (Android SafetyNet), where bootloaders are usually locked, and where driver support is only for OEMs. It rather makes me think of the other dominating factor in computing, the de-generalization/specialization of computing as it effervesces into the cloud, an unfortunate juggernaut of a trend I wrote about earlier today.
This is a fundamental misunderstanding for, I'd guess, well over half of the custom ROM/custom phone OS community. ie: Lineage is customizable, and helps certain activity be more private - but it shatters security.
Which is very much why it's exciting to see Pine64 working on getting Linux running on the PinePhone modem. Because this shit is bogus, 100% bogus full of shit crap. The firmware is all for the most part software, rebadged as firmware because none of us get the privilege of working with it or seeing it.
I still would like some evidence that any firmware on the Pixel or Pixel 2 is actually problematic. That the computer itself is at risk. Perhaps there are some DMA engines onboard that can not be locked down, that peripherals unfortunately just had too much unmediated access. I'd like to see some shred of evidence that insecure peripherals are a real threat to the general main computer though, before I agree that we can just start throwing these devices out.
EDIT: Android 11
Maybe you are talking about android 11?
Back in the days of Android 1.5 to ~5 a new update meant a ton of new features and fixes. Now all we get are slight cosmetic tweaks that are not even always for the better.
My partner has a pixel which is on 11 and I don't see the difference when using her phone.
If you are talking about android 11, it is also in the works. Maybe in a few months the first beta will come out. They have confirmed that 6T will receive the update though.
Check google play store reviews of Carrier Hub, and Mobile Installer from SoftBank.
Both were installed by Samsung in a recent mandatory, forced within 72 hours update
Neither can be uninstalled without root, and will show uninstalled and instantly re-install itself,since both have root access...which they say they keep from us for 'security'.
Fuck Samsung I will never touch their garbage again.
Edit for clarity
Then there was Samsung Washing Machine which started giving lot of issue after 2 years.
My life has become lot better and peaceful after getting rid of samsung crap. Samsung doesn't deserve our money.
Next cycle, I got him an iPhone X as a gift. Apart from "how do I do this on iOS", have had very little trouble with it. Still going strong even after several years now. Somehow, he's even picked up some decent iMovie editing skills - learning all by himself.
Durability-wise, the Pro-level iPhones are the new Nokia 3310s.
But there are issues - what exactly constitutes a security update, how frequently and timely are the patches -what if the manufacture goes bankrupt....
It has all the international data hoarder apps and their local equivalents preloaded in the firmware. Apps install notifications from Samsung store masquerade as security updates notification.
Even after disabling the bloat I could, the phone shows about 3000 requests from the blocked list/day on Pi hole. This kind of discriminatory behavior is unacceptable but goes unnoticed as Samsung is pulling this off only in India AFAIK.
Do you mean spyware? Data hoarding is a term usually applied to archiving public media, not personal data.
 'Facebook has suspended ‘tens of thousands’ of apps suspected of hoarding data'- https://techcrunch.com/2019/09/20/facebook-suspends-apps-hoa...
Why won't they?
That seems like a completely legitimate complaint? The whole point of upstreaming code is making it so that the device stays stable, current, and secure. If you just shove all the important bits into a userspace black box that can't be audited or updated, how much did you really gain?
Free beer rulez!
Even better, all the free beer OSes competing for a spot on IoT are BSD/MIT/Apache, expect zero contributions to upstream and OEMs to move away from Linux for such scenarios.
Edit: A bit of searching has revealed that it may be true for mid/low tier devices.
Then there is the whole issue with the code quality from Enlightenment.