nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read

From: Royce Williams <royce () techsolvency com>
Date: Tue, 31 Dec 2019 07:32:33 -0900
On Tue, Dec 31, 2019 at 7:17 AM Matt Harris <matt () netfire net> wrote:


On Tue, Dec 31, 2019 at 9:11 AM Seth Mattinen <sethm () rollernet us> wrote:


On 12/31/19 12:50 AM, Ryan Hamel wrote:

Just let the old platforms ride off into the sunset as originally
planned like the SSL implementations in older JRE installs, XP, etc.

You

shouldn't be holding onto the past.



Because poor people anywhere on earth that might not have access to the
newer technology don't deserve access to Wikipedia, right? Gotta make
sure information is only accessible to those with means to keep "lesser"
people out.



The better solution here isn't to continue to support known-flawed
protocols, which perhaps puts those same populations you're referring to
here at greatest risk, but rather to enable access to open technologies for
those populations which ensures that they can continue to receive security
updates from a vendor that doesn't have a big financial motive to deprecate
devices and force users to purchase upgraded hardware instead of just
receiving security updates to their existing devices.



Unfortunately, this is the high-tech privilege equivalent of saying "let
them eat cake" - because of upgrade friction on mobile in under-resources
areas (including, I might add, specific sub-populations of US consumers!)

If there were reliable, official, clean replacement Androrid ROMs for older
hardware, the cottage industry of end-user phone repair in many countries
could take a perfectly good phone and get basic modern services working on
it.

But there aren't - and there's little financial motivation for the phone
OEMs to provide one. And there isn't really much you can do to replace the
OS on an old iPhone, either.

One of the best things that Google could do for the security of the Android
ecosystem is to provide clean, OEM-bloat-free, reference ROMs for older
phones with minimal backported security updates. I would expect that such
ROMs must actually exist internally, as needed for OEM patch integration
testing.

The answer to why such ROMs will likely not be made publicly available is
left as an exercise for the reader.

Royce
Previous By Date Next
Previous By Thread Next

Current thread: