Reply to Ben.
Yes, my post was rhetorical and a bit tongue-in-cheek. I meant to include a :)
I think Apple will give me about $25 for the iPad 4. My iPad 2 has been relegated to being a nightstand clock. My 2011 Macbook Air and 2011 Macbook Pro are stuck on High Sierra. My 2 new machines are stuck on Mojave because I have about 80 32-bit components that are important to me but will never be updated. A new version of Acrobat Pro is either $400 or $20 bucks a month for life. I really like Macs but there is very little that I do with them that can’t be done in Windows and a lot of it can be done in Linux, albeit slightly more awkwardly. Apple’s decision to cut-off 32-bit is, in my opinion completely arbitrary and driven by $$$$ greed. The processor boards are so small these days that they could easily build their devices to accommodate a swap-out of the processor while retaining the screen, keyboard, battery and housing.
Os, as you can tell, I have a brewing love-hate relationship with Apple but at some point a Microsoft surface may win out. It, after all, still s actually a real computer, not an appliance. How would you react to being coerced into buying all new kitchen appliances every three years because the only food you could buy was incompatible with your old ones.
To put this in perspective, I developed a windows app 25 years ago (medical) that, at its peak had about 6000 users. It never crashed, several people are still using it and it runs fine on windows 10. I believe that i have some 16-bit dos apps on 5-1/4” floppies that still run on Win 10. So Apple (and you to a certain extent) forcing older hardware into obsolescence is, in my opinion intentional more that circumstantial.
I might be wrong about that, but people have been using virtual machines and emulators (think IBM mainframes) to keep old but useful software running on new hardware. Someone has even built a PDP-11 emulator for the Raspberry PI, including fabricating a replica of the 11-45 front panel with its toggle switches.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
I hope you don't mind if I reply to your post instead of Ben, but since what you wrote has security implications, I felt it might be a good opportunity to view your statements from a security point of view as well, for the sake of completion.
I have also taken the liberty to move your post to the Lounge section since you seem not to have a specific question about 1Password (or a question in general, for that matter).
Apple’s decision to cut-off 32-bit is, in my opinion completely arbitrary and driven by $$$$ greed. The processor boards are so small these days that they could easily build their devices to accommodate a swap-out of the processor while retaining the screen, keyboard, battery and housing.
Macs have been using 64-bit CPU's for years now. Continuing to support old 32-bit applications was not going to be sustainable (and, quite frankly, it would have made no sense - if that was the case, we would be having this discussion about 16-bit architectures as well). Looking at all the advantages that 64-bit architecture brings compared to 32-bit architecture, it would be hard to argue that this was a choice that Apple made just based on greed (especially because, as I wrote, Apple made the transition to 64-bit hardware more than 10 years ago already).
Honestly, I can't fault technology companies for wanting to look forwards instead of backwards (with all the pros and cons that come with such a decision, of course, but I am not sure that doing things the other way around would be a better choice).
How would you react to being coerced into buying all new kitchen appliances every three years because the only food you could buy was incompatible with your old ones.
I think your example is misaligned to what you are trying to say. Or at least I am not seeing a connection between kitchen and food, and computers and apps, which is what I think you were getting at in your post to Ben. But I think I understand where you are going with this, so for the sake of this discussion I will keep using your example for consistency.
You are not being forced to buy a new kitchen every three years (and by kitchen I mean iPad). If you want the latest shiniest new food (and by food I mean software), you need to update the kitchen, but otherwise you can continue using the old kitchen with the traditional food for as long as you like. You cannot expect to use the latest food on an old kitchen however, but it is also not required of you.
To return to the 1Password world: you certainly are not required to buy a new iPad, if you are happy with it and with the 1Password app that you have been running there. But if you want to use the latest version of the 1Password app, you need to have an operating system that supports it. 1Password is security software, and therefore benefits from all the security improvements available in more recent versions of your operating system. While running on older, unsupported operating systems might be acceptable for other categories of apps, security services are not one of them. I think it's important to avoid conflating non-security software with security software: the requirements and threat models of these two categories are vastly different, which in turn require different development strategies.
In reality, while this might not seem like one, this is a security issue: if you look at your kitchen just in term of features, your position makes sense. But if you look at it from a security perspective, you might be able to see the reason for the kitchen updates. In other words, if I told you that your kitchen might catch fire when you try to cook the latest type of food, you might be more tempted to upgrade it (and you probably should). Truthfully, we as a society are not used to looking at things from the point of view of their security properties (yet?), and we tend to always fall back to a view of the world based on features available, and/or based on a binary classifier of works/doesn't work. But just because this is our default approach doesn't make it the most correct one (or indeed the most appropriate one in certain scenarios).
To put this in perspective, I developed a windows app 25 years ago (medical) that, at its peak had about 6000 users. It never crashed, several people are still using it and it runs fine on windows 10.
No software is free of bugs. From personal experience, if you cannot get a software to crash, it simply means that you are not testing for the right things ;)
I might be wrong about that, but people have been using virtual machines and emulators (think IBM mainframes) to keep old but useful software running on new hardware.
And indeed, you can certainly do that. Just keep a virtual machine around with all your old software, if you absolutely cannot find a modern alternative. But newer software requires new API's, which require newer operating systems. In certain cases (and certainly after a certain period of time), this also means that you require new hardware. I think this is an acceptable compromise in return for the various benefits that come from using modern technology as opposed to legacy technology.
===
Daniel
1Password Security Team0 -
I agree with most of the comments you made on my rant. There are two issues I would like to focus on.
1 - Since you're on the security team, there are millions (perhaps billions) of smartphones out there that are in daily use that cannot be updated. This poses a significant security risk, not just to their owners, but to whole internet. Wealthy people who buy phones as status symbols update their hardware regularly. Everyone else (poor people*) cannot or will not spend the money to upgrade AND their vendors have abandoned them, This has the potential to hurt everyone.
2 - Regarding my iPad 4 with 1PW stuck at version 6.9.1 - Since I switched to your team plan, which got me different login details I have been unable to use 1PW on that iPad. The pre-team login doesn't work anymore of course. When I try the add the new existing account, I cannot. 6.9.1 refuses to activate the camera, so no bar code possible. Every attempt to enter the new URL, secret key and master password fails. So it is not true that I can keep running the 1Password app that I have been running there. Perhaps I am the only one trying to run 1PW on an iPad 4 or perhaps I'm having some problem that others are not having but the end result is that my iPad 4 is now useless for any app or sit that needs a password.
Each of these thing that I have griped about is relatively minor, in and of itself, but there are so many "little" issues that I am suffering death by a thousand cuts. I also realize that nothing I do or say will materially affect the situation. All this raises my background level of dissatisfaction and accounts for my occasional outbursts of sarcasm.
- A poor person is anyone for whom the price of an item is an absolute barrier, or figures significantly in their decision, to buy.
Thanks for taking the time to respond.
0 -
Since you're on the security team, there are millions (perhaps billions) of smartphones out there that are in daily use that cannot be updated. This poses a significant security risk, not just to their owners, but to whole internet.
I agree. Although (and while this might sound sarcastic) one of the best defenses against this is making sure that your device is kept up-to-date.
Wealthy people who buy phones as status symbols update their hardware regularly. Everyone else (poor people*) cannot or will not spend the money to upgrade AND their vendors have abandoned them, This has the potential to hurt everyone.
It certainly can be seen as a monetary issue, but this can be said of everything you purchase and which requires maintenance, from your car to your electronic devices. Everything has a shelf life, but I don't believe security issues are mainly related to economic aspects. I think that when economic issues exist, those tend to trump everything else, and here I agree. But when economic factors don't play a role, you typically never upgrade a device based on security properties alone, even if you have the possibility to do it. It's in this sense that I think that this has more to do with mentality, convenience, status, aesthetics, and several others factors which do not include security (if not from the point of view of usability-security balance, perhaps). Of course edge cases will always exist, and this is not to say that economic factors don't play a role in this (they certainly do, as they do in pretty much everything).
So it is not true that I can keep running the 1Password app that I have been running there.
Technically speaking, 1Password 6 requires iOS 9.3 or later to run, and it still works there. What doesn't work is 1Password Membership accounts (including Teams), which require 1Password 7 to work. 1Password 7 on iOS, in turn, requires iOS 12.2. This is an unfortunate combination of events, so I can certainly understand the frustration. I hope you will however understand how we owe it to all of our user base to make use of the latest security features offering by Apple whenever we can, since 1Password is security software. This means that certain devices running certain operating systems will be left out, and we understand that this will be painful for everyone involved. But I think that we should not be lowering the security baseline of 1Password for this.
All this raises my background level of dissatisfaction and accounts for my occasional outbursts of sarcasm.
As someone who tends to fall back to sarcasm myself, I definitely understand. But I hope I at least managed to show a security perspective for this, and the reason behind the choice to require recent versions of iOS. These are not decisions which we take lightly, but we believe they are the right ones in the long term.
===
Daniel
1Password Security Team0 -
Thanks. I'm probably due for some new hardware anyway because ios 13 has completely broken my older 12.9 iPad Pro. It drops taps when entering the passcode, the fp sensors are flaky, web pages regularly freeze for various periods. The apps that I have have collectively required over 200 updates since 13 was released and almost every one of them says "bug fixes". Just about the time the majority of developers get their apps stabilized Apple throws a wrench in the works with a new version. This is undoubtedly why my Mac 32-bit apps aren't getting updated - It's just too much work for small independent developers to keep up with all the changes.
I've got oranges growing in the back yard but I can't seem to get the money tree to bear any fruit :) If it would, all problems would be solved!
0 -
If you find any tips that work with regard to the money tree please feel free to pass them along. :)
Ben
0