So, let's say society changes and a future court rules that "life" sentences are "cruel & unusual punishment" (as described by the US Constitution). You'd have chaos as all the lifers who only got life suddenly are released. A defined time, including "effectively life" (e.g. a 150 year sentence for a 71-y/o Bernie Madoff) now would need to be considered on a case-by-case basis--or at least the Supremes would have to come up with some sort of mathematical formula for "effectively life", which they generally don't like to do...

Those are the downgrade rights offered by Win 7/8 Pro to XP Pro (and even 2000 Pro). My post was about new PCs of the time, where the only OS available was XP as it was the only reasonable choice on that hardware. Remember that since Vista was such a dog on Atom hardware (only consumers of Atom at the time were netbooks) & given Microsoft's uncertain future for Windows 7 at the time (Microsoft was hoping it would pay off), XP Home was the only sane choice on 2009-2010 era netbooks. In fact, Windows 7 Starter was a stripped-down Windows 7 requiring lower hardware...

XP was legally sold on netbooks made as late as October 22, 2010 ( http://windows.microsoft.com/e... ). Those computers were still in the sales pipeline into early 2011.

Really? So a $100,000 medical device, robot in a factory, or SCADA platform running a $100 copy of XP (well, $200 if Pro, less if XP Embedded) can't "cost the lives of the user"??? I wouldn't want to be in front of a dental x-ray machine with a copy of XP that is now sending spam or worse, being used to cause harm to users... Ever hear of the Therac-25 accidents of the mid-80s? http://en.wikipedia.org/wiki/T...

Unfortunately, easier said than done. All of these have unbelievably steep learning curves to do anything reasonable. Ironically, my interest in programming started with my TI-99/4A in 1983-1985. I used to get magazines that would provide programs (that I'd spend an hour-plus typing in) to see how it works. I didn't really know the limits of that machine, so it was cool to see what I could do with it--and how I could change the programs to do certain things...

Unfortunately, with Dreamspark tools above, there's no "just start coding & see what happens". There's no really basic / for kids "how to make fun little programs with Visual Studio" that come with Dreamspark. I don't see a child using a $60 book from SAMS or Microsoft Press ("Learn Visual Studio in 24 Hours!") as 1) the books aren't aimed for them, 2) the cost to buy one is at a price point questioned by most parents.

iPads are even worse... You can't program for them on them (not that you'd want to attempt such a thing with the on-screen keyboard) and you need an expensive Mac to do so, tethered to your iPad. (So there's no immediate gratification...)

Kids nowadays see what their computers are capable of--by playing video games that test the limits of their PCs. Why write a little program that draws some lines when the child could play a video game that's much more visually stimulating & engaging???

Let's see... I'm going to trust that an appliance vendor, some of whom have yet to add an OS (Linux, Android, etc.) to their devices, will properly create the security for said IoT device? Cisco is clearly looking to become such a vendor, and I don't think they're prepared to deal with the consequences & unbelievably protracted support schedules--way longer than Microsoft's ~10 year lifecycle for Windows and Office. Ultimately, will my IoT fridge that I buy today continue to work properly 20+ years down the line or will it be pwned long before then? (I suspect the latter...)

The reality is that a company with no such device experience (e.g. Amana, Kenmore, etc.) may contract out the security portion of the firmware to Cisco, but will Cisco continue to support the device's security for decades to come? In reality, people don't replace their home appliances, HVAC systems, and security systems all that often... I doubt Cisco is putting out many security patches for their devices from 1994, or if anyone even has the experience (let alone the desire) to create patches today for Linux 1.1.x security holes...

Except that nuclear reactors are, by regulation, among the most-documented entities on earth. From functionality to maintenance logs to upgrades, nuclear plants & their owners are extreme documenters--to decrease liability and meet government regulation. You don't hear stories of nuclear reactors in places like the US, Canada, UK, Western Europe, etc., with "documentation problems" or knowledge transfer continuity. (Pay people to stay to do an easy job & they will...) Sure, a part schematic may be on paper as opposed to stored electronically, but they'll have multiple copies onsite, a few copies at the power utility offsite, and at the NRC or other national nuclear regulatory agency--and everyone who should know where those copies are, do know... And that documentation would be designed so that anyone with the requisite engineering knowledge & skills should be able to read it...

Nuclear plants are not run like IT shops--and thank God for that...

Well, you might not have a choice depending on your OS version...

XP, 2003 - max is IE8 (not affected)
Vista, 2008 - max is IE9 (affected, presumably most used version)
7, 2008R2 - currently at IE11, but many users still using IE10 (affected) since IE11 came out in November for this OS
8, 2012 - only supports IE10 (affected)
8.1, 2012R2 - only supports IE11

You're right. Having a really expensive recall incentives the manufacturer to "get it right with this redo", without skimping on development, testing, etc. OTA would just trivialize the process...

Ummm, nope... In Ohio (as of a few years ago), the only "safety inspection" for personal vehicles checked to ensure that a vehicle purchased out-of-state matched the VIN # on the title. Illinois has no safety inspection whatsoever for cars & light trucks/B-Trucks. (B-Trucks used to have them until 1984; commercial vehicles excluding light pickup trucks still have annual safety inspections; vehicles in Chicagoland & the IL portion of St. Louis have emissions testing). At the other extreme, states like New York & Texas have a very thorough safety inspection. In some states, "safety inspections" are really nothing more than compliance checks, checking things like window tint.

But you bought an off-the-shelf PC in 1998 with standard components. I'm talking about a (mythical) fridge with unique components, unique software, unique drivers, etc. Sorry, but an IoT device will likely never run more than a "+ 0.1" version higher of an underlying OS & related software ("+ 0.2" for Linux)--given track records of manufacturers working on old products. They won't open source everything for fear competitors would use it competitively against them. To add, even if they did open source the whole IoT fridge, you're assuming that someone would actively pick up the project... Simply open sourcing something & dumping it on the Internet doesn't mean anyone's actively interested & working on that project.

I agree with you, in theory. In practice, however, nobody is fixing bugs/security holes in obsolete platforms. Let's say the IoT existed in 1994 & you bought a new Kenmore IoT fridge running Linux 1.x. Fast forward to 2014--who today is doing anything with the Linux 1.x kernel? Nobody--including Kenmore support engineers. Your fridge was pwned probably 15 years ago...

It's not a question about warranty or even availability of replacement parts, it's a question about opening themselves up to extremely long support schedules, something they have never had to do before. If I call an appliance repairman for a 40 year old fridge, he'll likely be able to find the right replacement part... But that model no longer holds true in IoT. Look at cars (at least in the US)... Auto manufacturers have taken on the responsibility that all of their past models could face a recall, even 15+ years after the fact. (NHTSA still opens cases for cars sold in the '90s). The same would have to be said about Internet-connected devices--specifically household appliances.

The problem is that we're talking about operating systems, web hosting software, network stacks, databases, device drivers, etc., that would need to be supported for, easily, 20+ years. Think back to 1994--what software that existed then is supported now??? NONE. So, imagine you buy in 2014 an IoT refrigerator full of the latest & greatest Android 4.4.x and/or Linux 3.13.x FOSS software--what sort of support would you expect for any of that in 2034??? Would you expect Amana, GE, Kitchenaid, Electrolux, Miele, Kenmore, etc., engineers to be fixing Linux 3.13.x kernel security holes in their 20-year old appliances? FOSS or not, as a consumer, I would expect that appliance to continue to work & not get bricked by malware that was deposited remotely...