Comment by abanana
8 hours ago
Just thinking more about how we're told it's "insecure". It's unfortunate that so many tech people are so gullible when it comes to the industry's marketing around this.
Many of us know a huge proportion of news stories come from PR firms that just want to sell us something (it comes up on HN every now and then). In the mid-2000s or so, Microsoft had a particular problem selling Office - there was no reason to upgrade to the current version, because the older one already did everything you wanted. Until that time, established practice was to buy new software only if you wanted its new features; the vendor had to give you a good reason to pay for it. To some of us, the PR that immediately followed the stories of struggles to sell their newer versions - PR that suddenly exploded everywhere - was obvious and transparent. "You must upgrade because old software is insecure!" But it grew into the monster we have today. Some people literally panic if they discover an older piece of software.
Think of young people growing up with that being blasted at them constantly. It must have contributed to the has-to-be-new-and-shiny mindset of Javascript developers, where they're terrified to touch anything that hasn't been updated for a few months.
That long, sustained, and paradigm-shifting PR campaign has been a huge win for many software vendors, and for Microsoft in particular. (Of course, after that, and after a few failed attempts, they managed to get the subscription-based model to work for Office, which in that particular case, bypasses the mess left by their earlier selling strategy anyway.)
But... Old software is often going to be insecure on the network. Are you arguing that an OS from 2013 with a browser from the same time is fine on the Web?
Who's using a browser from 2013? When I said I'm running Windows 7, I'm specifically talking about the OS, including an awful lot of updates it's had since 2013, not all software I run on it. Updates added such things as support for the later versions of TLS, several years ago. Although Google and Mozilla have dropped official W7 support from Chrome and Firefox, there are forks that add it back, which is why I'm running up-to-date browsers.
If we were talking about even older browsers though... 20 years ago, because of the insecure way browsers generally worked, everybody used third-party antivirus or e.g. Norton Internet Security, which seemed to cause as many problems as it solved. But browsers (and OSes) haven't been so open for years - we don't have quite that class of problems anymore, where just visiting a site was enough to get the browser to download and run all sorts of nasties. I don't remember quite when it was that we'd left the most dangerous period behind, when the security of browsers and OSes had been considerably hardened, but it was before 2013. Windows 7 was, and is, much safer on the network than XP, by design.
Fair. As long as people are careful about what they're executing on the OS and it isn't arbitrarily exposed to the network it is less of a problem. My comment about browsers was due to me thinking that a lot of software stops building for old OS targets. I guess W7 is still getting modern support from vendors.
FWIW I'm running CachyOS and for the first time in my life have moved 95% away from Windows (still maintain a partition that I use every few weeks for a game that can't run on Proton). KDE 6.6 is a delight to use and everything "just works" for me, I don't have to worry about ungodly telemetry, and software fixes come in quickly.