For the first time, TuxCare is offering support for Microsoft software that’s no longer supported. .NET 6.0 reached end of life last November.
TuxCare today announced that it’s added Microsoft’s .NET 6.0 to the roster of open-source platforms its supporting through its Endless Lifecycle Support program.
This means that organizations that wish to continue using the platform, which reached end of life on Nov 12, 2024 and no longer receives updates, can continue to safely do so. TuxCare’s service will supply security patches for any vulnerabilities that arise in the software, just as it continues to patch long dead Linux distros.
In times past, continuing to keep expired software in production was considered to be bad policy. These days, however, it’s becoming more common for sysadmins and DevOps teams to rely on services like TuxCare rather than go through the often frustrating and always time consuming and costly ordeal of upgrading, a process that often breaks essential secondary components which then have to be upgraded or fixed.
But… But… But, It’s Microsoft!
When FOSS Force spoke with Joao Correia, a technical evangelist for both TuxCare and its parent company CloudLinux, he was quick to point out that supporting a product from Microsoft is something new, not only for TuxCare but for any of the companies that offer aftermarket support for expired open-source projects.
“That’s somewhat of a departure in that we are now touching on proprietary Microsoft space which we hadn’t touched before,” he said. “At the same time, it’s an open-source project, and we have lots of experience with those types of projects and maintaining them.”
In other words, it’s still pretty much business as usual, and mainly just underlines how much the open-source landscape has changed since the aughts when Microsoft was “public enemy number one” in FOSS circles. Despite this, whenever Redmond is positively mentioned in an open-source context, the need to defend treating it without rancor surfaces.
“Today you have to admit it, Microsoft is a very large contributor to open source space,” he added. “They have a presence on multiple projects; they have a very distinguished presence on the Linux kernel directly. So yeah, they’re essentially a considerable player in the open source space.”
Why Keep .NET 6.0?
All explanations aside, many open source developers were pretty much jubilant when Micorsoft open-sourced it and have been relying on .NET for years now. This makes the reasoning behind supporting it post-EOL the same as it would be for offering extended support for any open source platform, especially since software written for .NET 6.0 will also need to be ported, which means even more time and effort to fix something that isn’t broke.
“Every single time there are breaking changes,” said Correia, who spent years as a sysadmin before he started wearing his evangelist hat. “It’s very tricky to go and rewrite your software. It’s already working fine. You don’t want to spend the money and you don’t want to waste time just making sure that the software runs as it did previously. So, any way that you can find to extend the lifetime of that software is going to be a good choice, because if you don’t do anything you just stop getting security fixes.”
Riding bareback, however, without the comfort and safety of security fixes is a bad idea, since new .NET 6.0 vulnerabilities are certain to continue to surface — and the rate at which they surface is likely to rise now that the black hats know that Microsoft isn’t patching it anymore.
“It’s essentially a very large target you paint on your back when you’re using unsupported software,” he added.
That target, if exploited, can be expensive. The reported average cost of a data breach in 2023 was $4.45 million, and that doesn’t count the cost of losing customers who get caught up in the breach.
“If it’s a very large company that has hundreds of thousands or millions of customers and something goes wrong, you’ll know about it,” Correia said. “You’ll hear it on the news and you’ll see the fallout from it. It’s going to be costly for the company and it’s going to be a really bad day for the customers. Any way that we can contribute to that not happening is in our ballpark.”
The Future of Aftermarket Support
TuxCare isn’t the only company around offering extended lifecycle support that keeps no longer supported open-source operating systems and other essential platforms safe after its developers move on, with examples including the likes of Wind River, the company behind the enterprise focused eLxr Linux distribution; and CIQ, the high-performance computing specialists that founded Rocky Linux.
Correia thinks that the practice of using a service such as TuxCare and others to continue to run expired software instead of going through the often considerable effort of moving to somebody’s latest and greatest makes sense in most cases.
“The complexity of having to refactor all of the code and having to rewrite everything all over again is getting too massive and too burdensome,” he said. “With all the cost and delays — and the implications that it has for other systems that might interact with it — not having to do that and still remain compliant and secure is definitely a more appealing proposition, which every single day gets more and more appealing.”
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
Be First to Comment