[szundi]

Problem is that lots of cases just cannot be replaced, period. But probably those people will keep around some old ubuntu and will be hacked through those, also not removing but keeping around after the deadline until it needs work would also make sense. If work would be needed, then just remove. We might have like 2-10 years before that happens.

Whole stuff is about security and that kind of implies some “probably best before” tags anyway. Sacrificing security is not worth it and your reasoning is sane.

[ajsnigrutin]

Yep, I work with some old industrial hardware, and most of it is stuck in the year it was made and never upgraded... rs232, rs485, telnet, etc., is a thing you see very often. Now with modern networks, you can isolate those machines and the machines controlling/monitoring them pretty efectively, so those segments never touch the internet, but you still need to connect to those devices and use them. Telnet and rs* just work, because noone complained about zero security there and wanted them removed... but now we're removing stuff that's still in use on newer devices that are not even at hal their 20, 30, 40year lifespans.

I understand the security aspect, I know that telnet is insecure, but I know when, how and why it's insecure and use it accordingly... just add some -use-bad-crypto flag, maybe even make it as a module/plugin, and leave it working as it did.

[bigDinosaur]

I don't see why such a flag is necessary when you can always use an old version of the software instead. That's your flag. Otherwise they would never drop support for anything ever, which seems less than ideal. Something simply existing in the code incurs a maintenance cost.

[ajsnigrutin]

So how do I install the old version next to the new version in ubuntu 34.04? Will the old version even compile with gcc 27? Or will I have to find some ancient ubuntu image then, run it in a virtualbox, then run wget/curl on a newer virtual machine (becase old wget/curl won't support tls 2.4, and won't be able to download the script and after the command, http-POST the result), then copy the data to an old machine, run old ssh there, get the output, copy it to a new machine, and then http-post it from there?

Imagine if every software was coded by this logic... nobody uses BMP images anymore? Just remove them from gimp... if users want BPM support, they'll use gimp 1.x. Security? Unencrypted http is insecure, just remove support for http from firefox/chrome... if users need to use http, they'll just uninstall the current version, backup their profile, install an old version, that doesn't support the lastest tls standards, open that website, copy the text they need from there into notepad, uninstall the old version, install the new version, restore their profile, open gmail and paste the text to an email... oh wait, you've missed something and need to copy some more text... whoops, back to uninstalling.

[bigDinosaur]

You virtualise, or find someone willing to maintain some ancient version of the software on modern platforms (or you pay for it). If someone wants to maintain support for legacy protocols until the heat death of the universe, they are free to do so, but again it comes with a cost that not all projects can or should bear. Someone will have to think of how the ancient protocol works on every single software update - even if technically nothing changes that's still a maintenance cost.

Also, ossified infrastructure is not a good thing. That's yet another problem we need to solve as a civilisation. Not everything new is good but some old things are genuinely inferior and should be replaced.

[john-shaffer]

> So how do I install the old version next to the new version in ubuntu 34.04?

You would install Nix and run something similar to "nix run nixpkgs-23.11#openssh <address>"

[ajsnigrutin]

So, what's currently the oldest version of openssh that you can install this way?

[john-shaffer]

  export LC_ALL=C
  nix-shell -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/2322899a1fa85f6547004b2829af81e7b444f506.tar.gz -p openssh
  ssh -V
  OpenSSH_6.1p1, OpenSSL 1.0.0i 19 Apr 2012

Note that the first stable release of nixpkgs was in 2013.

[adastra22]

> Otherwise they would never drop support for anything ever, which seems less than ideal.

In the realm of operating systems and protocols, that sounds absolutely ideal. Microsoft has the right approach here.

[bigDinosaur]

In an ideal world where the maintenance cost and added complexity do not matter, yes, but that is not this world and we cannot have everything we want without compromises.