I think MS wanted this in Win10 (hence the big push on the consumer side by giving it away for free). The problem is that plenty of people, even people who should know better, don't want to upgrade something they think is "working well" for an advantage they can't see.
Allowing XP to exist forever is not a good thing for security either. There are security architectures in place within Windows 10 for example that do significantly improve security.
At some point companies need to cough up the money and upgrade their technology.
Is there some philosophical principle under which you believe that companies must "cough up money" for services that they have already ostensibly paid for? That sounds remarkably like extortion.
If Windows XP is proven to be untenably insecure, anyone who bought it should receive a refund.
My car will break down at some point due to imperfect engineering and the realities of physics. Is Ford required to repair my car indefinitely or allow a refund on a car with 250k miles? No, when I bought the car, it came with a warranty stating if they messed up they would fix it within a certain period of time or miles.
When I buy Windows, I agree to a warranty of sorts. They agree to supply updates to the software for a set period of time. Afterward, it is on me.
Nobody can write perfect software, it will age and break down. Nobody can engineer a perfect car, it will age and break down. Demanding infinite warranties is ridiculous.
> Is Ford required to repair my car indefinitely..?
Never. But it would be wrong for Ford to stop others to fix your car by providing no information about the car, which I believe is what Microsoft is doing with their obsolete Software pieces (including OS).
As that is the case here, They (Microsoft/Ford) are just lending you something, you won't ever own it. Would you agree with that?
The car analogy a very poor one. Software doesn't wear out-- physical stuff does. Defects in software are present when it's created. It doesn't "age" or "break down".
(I am making no comment on the issue being discussed-- simply that this is a very poor analogy.)
Nearly all complex software will have problems and weaknesses not known at creation, much like nearly every car will have some kind of weakness that will wear out. While there are differences between the physical world and the digital one, I think my critique of the concept of demanding infinite warranties is still valid.
And yes, I do think software can "wear out", not in the same sense as belts get worn and spark plugs physically wear away, but in the sense of threat landscapes changing over time and our understanding of how these systems are used in the world. This is why we do maintenance on our software and systems, much like we perform maintenance on things in our physical world. When you fail to perform this maintenance, bad things happen. Computers get hacked, cars have brakes fail.
Software can indeed age. Go run Windows 95 on the public internet or an early version of Android.
I think the car analogy isn't that bad. New classes of security issues get discovered over time. Development processes which are considered "state of the art" at one point can become unacceptable 10 years down the road.
A decade in software engineering is a significant amount of time!
For the car analogy, what will happen when self-driving cars become the norm and the contained software becomes so important?
I'm going to be annoyed if my car becomes useless after 10 years because they dont have to patch it after that period. On the other hand though, can we realistically enforce lifetime guarantees? What is a car company goes out of business?
As opposed to others, I would like to agree with you. One can make design decisions which allow for maintenance over a very long, or indefinite period. This would require using formal methods and a different hardware architecture. Unfortunately, in today's world, we are stuck with mantras like "move fast and break things", which entails running away from, instead of fixing, the complexity we leave behind.
Software does wear out. New languages/frameworks are developed which makes it difficult to patch older stuff. New threats are developed, and it may be impossible to patch older stuff.
I think the discovery of new types of exploits could be considered akin to wear-and-tear of physical things you buy. At the point of sale the software was safe, but over time problems were discovered.
When you buy a house you have a whole battery of inspections performed to make sure that you're buying somewhere safe, but over time the small things that got overlooked (like a small crack in a roof joint) or were considered safe at the point of sale become worn, or are discovered to be unsafe (locks susceptible to bumplocking for instance).
It's a tenuous analogy to be sure, but I don't think it's reasonable to think that Microsoft should refund people who bought XP. Are there any Linux distributions that back port all fixes to version 0.1?
Microsoft's support policy says they will only provide security updates for 10 years. Any company who wants more than that can pay them extra for the privilege. That's not extortion anymore than extended warranties are extortion.
Microsoft was a monopoly when they sold that contract, which makes it subject to much stricter guidelines on what is allowable in the product they sell.
Assuming we class XP as a defective product, at what point do we stop requiring recalls? If there is a safety defect in a 2001 model car, will it be required to have a recall?
Given that MS even made a patch (which is generally equivalent to a recall), I'm not sure that your suggestion will be given that much credence. I mean, if we say that XP is an unsafe product, the government could stop them from selling it and to remove it from the shelves, but MS stopped selling the product in 2008 (nearly 10 years ago) and has repeated urged its customers to stop using it because it is insecure. This is all that the government generally requires in this situation as far as I can tell.
Not all markets or products are the same. You're taking about software as if it were a rotten potato. It's not. It's an incredibly complex market for incredibly complex products. I agree that there needs to be a way to value the liability that software makers should face.
In the short term we need everyone to be better net citizens. That includes the businesses using this software to create the trillions of dollars of wealth on the global economy.
Microsoft still are supporting XP. Just not for the the general public.
Organisations with high value software that relies on XP still receive ongoing support from Microsoft (such as the US Navy and anyone else who wants to pay big bucks for it). The difference is none of these patches usually make it to the public.
For Microsoft to patch this current issue, there would have already been a pre-existing team working on XP patches, the only difference is this one was released publicly due to it's impact.