It's important to understand that we could genuinely lose general purpose computing. I don't think it's in serious danger at the moment, but we've been in the midst of a slide in that direction for the last 10-15 years. Part of it is mobile phones, part of it is TPM, part of it is market forces. The latest turn is strictly political. We've really foolishly built the technology necessary for authoritarianism just a few years head of a general global trend towards authoritarianism. At the moment, anyone can use Linux; it's better and easier than ever. Will the laws of your country make it harder or more difficult to avoid? Will major vendors lock you out of basic functions? Will age verification require an agent run on your Windows or macOS computer? (or worse, require the use of a smart phone just to use the internet?)
We're not anywhere there yet, but we're closer than we've ever been, and things keep moving in the wrong direction.
I think it is unfortunate how many resources are put into making things secure with TPM's and how little resource is put into basically having secure and simple sandboxing...
All I really want is a computer that allows me to fully control the permissions and filesystem access of all the programs that I manually install on my system. Almost every program (in my case) needs 0 filesystem access outside of what it installed itself and shouldn't be looking or snooping at anything that isn't in its own process space.
I want a clear and simple way to limit the blast radius of how badly a program could actually screw up my system or have access to my files.
I recently experienced the opposite of this on Android, where I tried to install a very well reviewed ebook reader called MoonReader. But MoonReader seems to require complete access to every file on my Android device to work correctly. That is insane. I looked it up a bit more and it seems that Google has simplified (or something) permissions, but now there isn't much choice other than asking for full file access (I just want to give it access to one directory).
Anywho, just a minor vent, that we are insisting that the only way to make things secure is this sort of attestation path, but we don't spend any energy just making it possible to limit the blast radius of software on most OS'.
I love Linux, but if 90% of the US were on Linux the same commercial / political pressures would apply and Linux would just look like Android or ChromeOS. Can you run an alternate OS on your smartphone? Yes, but you can't run your banking app. Linux alone cannot save us.
If nobody participates in government, the banks and entertainment industry will get whatever they want, which is to lock down your computer into a portable kiosk
EU CRA (enforced Dec 2027) prohibits shipment of non-certified binaries for "critical" software, including firmware and hypervisors. Operating systems like Linux are categorized as "important" software, https://www.whitecase.com/insight-alert/cyber-resilience-act...
I might be wrong but I don't think that open source software are subject to the CRA. If you look at article (18) here [0] it seems to explicitly exclude free software that you download from the internet.
That depends on the definition of "commercial activity". Some groups have influenced the legislation to exclude specific activity. Some supply chain roles, including developers who contribute patches, are excluded. Others can seek guidance on interpreting the legal text.
- software that are not monetised by their manufacturers should not be considered to be a commercial activity.
- supply of products with digital elements qualifying as free and open-source software components intended for integration by other manufacturers into their own products with digital elements should be considered to be making available on the market only if the component is monetised by its original manufacturer.
- development of products with digital elements qualifying as free and open-source software by not-for-profit organisations should not be considered to be a commercial activity provided that the organisation is set up in such a way that ensures that all earnings after costs are used to achieve not-for-profit objectives.
- does not apply to natural or legal persons who contribute with source code to products with digital elements qualifying as free and open-source software that are not under their responsibility.
This doesn't in general inhibit hobbyists, and for the most part for companies it just adds some fairly sensible requirements around handling security vulnerabilities and making updates available. It is in theory a framework that could be used to add more onerous requirements in future, of course.
Passkeys are another brick in this wall. The authors of the spec built in client software identification and attestation, which means authenticating parties can require you to only use certain, closed-source passkey clients. It's not hard to imagine a future where only blessed Passkey clients, such as Microsoft's, Apple's, and Google's implementations, are allowed by most services.
I think passkeys will be used against users. They’ll be used to attest to a user’s trustworthiness by tying authentication back to a real identity. Like another comment mentioned, you’ll end up needing something like a phone that’s locked down. Part of that will be authenticating with a verified ID IMO.
It’ll be incredibly easy to lock dissenters out of modern society. It’s too bad the vast majority of users will happily concede autonomy for a tiny bit of short term convenience.
I expect there will be backlash from non-technical users due to issues like the comment below where the passkey pushers fail to communicate where the keys are stored and thus users unexpectedly lose access to them.
Heh, I'm working on a blog post about this very topic. Passkeys are ... weird. There's a lot of potential for gatekeeping, where websites can indeed require you to use device-bound passkeys through device attestation, and where becoming a vendor requires interacting with the fido alliance....
I would say "I'm sure the mean well", but given that parties like Yubico benefit from not getting more competitors, the cynic in me is a bit worried.
Yeah, I wouldn't say that. It's clear from their public comments[1,2,3] that the spec authors don't believe the private key actually belongs to the user to do what they want with. They see services restricting what users may do with their own logins as a feature of Passkeys. It's really a shame it went in this direction. Replacing passwords with an easy-to-use keypair auth system would be a massive security improvement. But the Passkey ecosystem is poisoned at this point. Unless they remove the client ID & attestation anti-features, it should be considered a proprietary big tech protocol.
[1] Threatening an open-source passkey client with server-side bans because they don't implement passkey storage on the client device in the way the spec authors prefer. https://github.com/keepassxreboot/keepassxc/issues/10406
[3] While writing an article about this on my website, I actually emailed the two involved spec authors on the above issue, politely asking how their interpretation of the Passkey spec could possibly be compatible with open source software. Neither replied.
It is particularly odd in the case of open-source clients (or indeed any client that runs outside of some very locked down hardware) because a) there's nothing that prevents the user exfiltrating keys anyway, and b) attestation also means relatively little for such an implementation.
Yes, the problems are obvious and the spec authors definitely know & understand the issues. Their refusal to have a public discussion about it indicates they just don't care, and their maintenance of a "naughty client list" shows Passkeys are intentionally hostile to user freedom.
Yeah I hate this, installed a new CPU and none of my passkeys work. The browser asks my phone and they don't trust each other and not a damn clue how to fix it.
Yep, big problem with them: most users have no idea where the thing that pops up and offers to store the passkeys actually stores them (sounds like in your case, in your computer's TPM was either on the CPU you replaced or complained and reset itself when the CPU changed). It's a ticking timebomb that all the 'users love passkeys! (after we nag them about it every time they login until they give up)' blogs fail to catch.
You could have used an open source client to manage your passkeys as you like, including backing them up in your own storage format. I wrote about it here: <https://www.smokingonabike.com/2025/01/04/passkey-marketing-...> I was quite excited about it... until I found out that the Passkey spec authors have warned that client that it may face server-side bans because it lets you manage your own private key how you want, and the spec authors think this is appropriate for servers to do. So I deleted all my Passkeys. Sigh.
You'll probably enjoy this article from one of the original creators of the Passkey ecosystem:
> Since then Passkeys are now seen as a way to capture users and audiences into a platform. What better way to encourage long term entrapment of users then by locking all their credentials into your platform, and even better, credentials that can't be extracted or exported in any capacity.
I sincerely doubt it'll do much, but my next computer will not be Apple. Sadly, I just upgraded a year and a half or so ago, and sadly, good lord those damn arm chips are nice.
So hopefully in 8 years or so when I need a new machine, there's some decent options available to me.
But nice aint worth the cost when it comes at the expense of supporting something which is undermining everything else you believe in.
What I love about that report is that the author created it with the intention of making Stallman look bad. And if you look at the author's summaries, he looks bad. However, the author also made us the favour of collecting all the statements in one single place. And if you look at the things that Stallman actually said (as opposed to the author's summaries) he doesn't look bad, he looks strictly correct.
Yeah yeah but the reason why I link to that, is that if someone is interested they can with minimal effort find by themselves all the information to understand it was just a smear job.
Like, someone says "C assaulted B". And Stallman says "If A forces B to offer herself to C, C didn't assault B". Which is obivously correct. It could only be incorrect if you were redefining words to serve your purposes.
I had a look at what Stallman said and what Minsky allegedly did.
Apparently, Minsky had sex with one of Epstein's girls, who later said she was forced into it. Now, his wife denies the allegation, as she was apparently with him at all times on Epstein's island.
Now, I can believe that he went once, and maybe had sex with someone he didn't know was not doing so willingly. But, what about his wife? Was he cheating on her? Was she a part of it?
And why did he return a second time? And after Epstein's conviction in 2011???
And here comes Stallman, and he's not even denying that he's slept with someone, potentially cheating on his wife? His issue is with the wording?
He is a weird, socially awkward, maybe autistic guy. And such people tend to be quite pedantic and focused on strange details that "normal" people just jump over.
His issue is that saying "assault" to mean "sex with someone" is dishonest, even if that person is 17. Which is obviously is.
Any sane person hears "assault" and thinks that means "assault" instead it means something else.
What is happening is that the meaning of words are being changed for the purpose of using pre-existing laws. Example, you think that Bla is very bad and isn't punished enough by the law. There's law that severaly punishes Fleem. So, whenever you see Bla you call it Fleem and argue that the anti-Fleem law applies. That way you can effectively re-purpose a law. Specific example: "catcalling" is now "sexual assault" in the UK. It's easier to do it this way, than to argue that people should be punished for catcalling.
Ok, but surely there are more important thing going on there than the wording.
It feels like Stallman wants to defend his friend, but doesn't really have any way to do that. So, instead, he pivots to pedantry.
Like ok, assuming that Marvin really did not know, it's wrong to label him as a sexual assaulter(?). Though legally a sexual assault still occured.
But, it still doesn't explain, justify or deny that he allegedly slept with someone , possibly behind his wife's back. And it also doesn't explain that they went *BACK* to Epstein's island after knowing he was a sex trafficker. And that presumably the girl he slept with might have also been trafficked.
Many big institutions lean heavily on mobile apps and other gated computing.
I live in BC Canada and by far the easiest way to authenticate a login to provincial sources involves using the BC ID App as a second factor, even when logging in via desktop. Many banks now also use their app as a second factor, rather than a generic OTP option that can run on any hardware.
There were also issues like running Netflix DRM in browser on Linux for a while.
General purpose computers won’t go away, but they will continue to be gated from more and more services until you are more or less required to have a phone or locked down ecosystem device.
> Many banks now also use their app as a second factor, rather than a generic OTP option that can run on any hardware.
This is one I’m willing to tolerate, as long as it’s optional. Something I don’t understand though is banking app setup. When I got a new phone this year, the RBC app made me submit some kind of live selfie.
The thing is, I know they can scan your debit card with NFC and authenticate the PIN. I’ve used it for a password reset in the past. Why is a selfie better than that when they presumably have nothing to compare it to?
Certainly there was more authoritarianism in past times, but we haven't previously had authoritarian movements at the same time that we've the internet and ubiquitous computing. Authoritarianism isn't meant to be a scare word; in the US, you have the total fecklessness of Congress, the expansion of the executive under every single president in the 21st century. (it's still authoritarianism even if some people like what is being done unilaterally by the executive. eg: both Trump and Biden sought and acted with expanded executive powers. Even if you like the outcomes, it's still actually quite bad. Neither party seems capable of imagining that someone they disagree with could be elected and use those same powers. It's baffling.) You have a lot of governmental changes in parts of Europe, etc.
I think it's pretty uncontroversial that there is a global trend towards authoritarianism, but I'm happy to hear other opinions.
Don’t think of it as one side against the other. It’s a dialectical process, two extremes, like communists and fascists, seemingly locked in mortal opposition, yet through their struggle, pushing the same totalitarian machinery forward. That old pattern feels disturbingly familiar today.
Which means that in the future will be less engineers and software developers because they never had a chance to learn. And if somebody will know how all of this works really, they won't be working for peanuts. So in an essence all of those companies are eating their own tails. Which is expected since all of it is driven by the stock exchange executives that are interested only by short term profit.
Yes it will be terrible but on the other hand all empires are terrible at some point ridden by the stagnation and multitude of radicoulus laws.
Will it be the same with technocracy? Probably yes if they lock it all down, new generations will never learn, they will be less and less people with knowledge to maintain the infrastructure and without maintenance it will collapsee eventually.
> However, there is an increasing userbase whose first experience of computing was in these locked-down tablet and smartphone environments. They aren’t so demanding about little things like proper filesystem access or the ability to run unsigned code. They might not blink if that goes away.
I would also suggest that there is another user base who has been using computers for a long time, before GUIs existed, is fed up with fighting malware, welcomes the protection of a sandboxed, protected system, but doesn't understand the importance of having the option of escaping the sandbox. These users might not see the loss of not being able to install a kext on Mac OS without booting into Recovery Mode. But they will notice the loss when, at some point, we can't run anything that isn't signed on any platform.
Google and Microsoft are slowly moving towards the Apple model because it works as far as decreasing support costs go.
When the day comes that there isn't any hardware we can purchase that we can't install OpenBSD/Linux/whatever we want, it will be too late. We have to push back before then somehow.
> Vote with your wallet
Doesn't work when the only options are bad. Every Android OEM embraces the closing of android because it'll allow them to ship all the spyware they already do without the user being able to remove them (or disable them soon enough). Having 2 or 100 options has no difference if they're all bad.
Alternate take: it's exactly as bad as you expected, but your timeline was off.
And even so, perhaps it's later than you realize. Device attestation in the browser is the final nail in the coffin, and it's a question of "when" not "if" major sites start requiring it in the name of "safety" from bots.
> and it's a question of "when" not "if" major sites start requiring it in the name of "safety" from bots.
I recently found a plugin that can alert to JS doing shady "fingerprint-like" activity. I did not expect it to go off quite as often as it does now.
It would seem that some sites are already asking _very_ probing questions about the browser so it's only a matter of time before they go one step further and demand proof and gate on furnishment of that proof.
I don't agree, it is absolutely dreadful, and we saw this coming and did nothing about it.
Think about it: you need permission to run software on your own hardware. Every time you launch a Mac App, it checks in with its masters to be sure its okay to do so - every time you install an app on your mobile device, it does the same thing.
People accept this terrible state of affairs because the "user experience is better" - but this is a fallacy. Under the cover of 'security issues' that their are incapable of fixing, due to very poor architecture decisions, OS vendors have instead bolted on an insanity and sold it to the user as progress.
Every computing device should have everything it needs, onboard, to write software for that computing device. That they don't is because the OS vendors are cowardly running from the bloat of yesteryear and adding more bloat tomorrow to cover it all up.
There will be a backlash against this. We see it already in the retro-computing and alternative-platform hacking communities, which are growing and growing, exponentially, by the year.
Its only a matter of time that someone wraps up this freedom-to-use concept in hardware that is sexy enough to compete with the totalitarian-authoritarian platform providers. Any .. day .. now ..
So far, yes. It's getting hardware with every release. First you had to click approve in a dialog to launch unsigned software. Later you had to right click -> "open" -> then approve. Now you have to open system settings to find the button to show the approval prompt.
Meanwhile to install a kernel extension you now have to reboot into safe mode and disable part of system integrity protection (with big warnings that it's at your own risk).
For the average user, kernel extension are already gone, and unsigned software not far behind.
The early MacOS era as well as pretty much the entire classic Mac OS era was infamous for being a more-or-less do it yourself environment for adding bits the OS didn't have or did sub-optimally for given use cases.
The wisdom of such a freewheeling ecosystem in today's era is maybe debatable, but given how user-hostile the mainline OS and software vendors can be, I say there's still plenty of room for that ecosystem and it should be preserved.
PC was an anomaly thanks to IBM not being able to go with their plans.
On UNIX, Sun was the vendor that introduced the concept of SDK SKU, thus for having developer tools, an additional SKU had to be bought, and the until then largely ignored GCC sundenly got a new focus of attention.
Mainframes and micros always needed having a group of folks from the vendor professional services for specific kinds of configurations.
I still remeber working on traditional timesharing UNIX systems, one single server for all teams, what you get to do is decided by IT for your role.
There are plenty of examples from the past on how this has been happening already.
An anomaly from some corporate pov, maybe, but at home the PC was definitely not more open to general purpose computing than the alternatives. Most early home computers booted straight into a BASIC prompt, and the line between being a programmer and a user was far more blurred than it is now.
PCs from IBM could do this as well. There was a ROM'd BASIC in IBM computers that they would default to if they couldn't find a bootable disk. The BASIC that came with PC-DOS, BASICA.COM, was actually a wrapper for this ROM BASIC.
The clones relied on GW-BASIC and later QBasic, which came on disk and was bundled with DOS, to supply this functionality, and didn't have BASIC in ROM. In fact, some early BIOS implementations, if they did not find a bootable disk, displayed a message "NO BASIC FOUND" or similar.
But the "walled garden" on mobile (iOS mostly, but now also Android) isn't really about trusted computing at all. Trusted computing (locked bootloaders) is but a small part of it.
Trusted computing and even remote attestation have legitimate use cases. It's good, great even, that they exist. But just like everything, they can be used against you.
In fact most digital goods that are sold in large numbers via download, are, as far as I'm aware, sold with some form of DRM. Like films and video games. Otherwise piracy would be just too easy. MP3s don't have DRMs, and are still sold (e.g. by Amazon), but those now seem to be largely replaced by music subscription services.
And this might be a reaction to the fact that music piracy is quite easy; if it wasn't, perhaps there would be no Spotify where you get basically All The Music in existence for peanuts. (Note that no equivalent subscription service exists with regards to movies or games: Netflix and Xbox Game Pass have only a limited selection of content included in their subscription.)
A more generous explanation is that it might be both — vendor lock-in also happens to be a security measure.
Having important info on your device and having that device accessible to the wild, wild, internet is a very real problem. If the "walled garden" is a flawed solution we should work on a better one.
No, the issue is too much of the Secure Boot chain is currently being controlled by Microsoft.
Kernel being GPL has no point currently. Require hardware attestation with Microsoft private keys + systemd-boot + systemd + uutils can create a nice walled garden, allowing "vendors" to build locked-down hardware-OS pairs.
More importantly, uutils is MIT, which can attest at every level, without sharing a line of source code.
This will affect everything from small appliances to big iron and it can be very ugly.
it's in the name, but it's open source and it's replacing a hodgepodge of other stuff (the point isn't why it's replacing it, or how well it's going; the point is there are replacements).
if the computer won't allow to install or use other software until you install a vendor-signed version of systemd on a vendor-signed kernel we'll be there. it's about hardware attestation, not signed software, though.
The future is likely bifurcated trust: Official, encrypted, attested systems; and unofficial, unencrypted, unattested systems.
The GNU freedoms never specified the right to run free software side by side with proprietary software on the same hardware; so the FSF should actually be fine with such an outcome.
The problem with bifurcated trust is the ongoing efforts to force people into carrying a “trusted” pocket spy. Cashless payments, mobile train tickets, and digital ID are making it extremely difficult to live without a pocket spy in some places.
If my bank requires me to use a phone for transfers (mine doesn’t), it might be acceptable to leave one in a desk drawer powered off as you would do with a hardware authentication token. It’s a special device for occasionally accessing a service. Fine. But when governments and industry collude to force citizens to carry these devices in order to live life normally, that’s not OK.
My intent is to be as stubborn and obnoxious as possible in resisting this until they either give up and provide an alternate path or lock me away for noncompliance. Fortunately there is still an alternate path available for most things, primarily thanks to elders who have trouble with new tech. (Thank you elders!)
Or… acknowledge this is a fear of a future 30, 40, 50 years away that may never happen, which is never an argument.
It’s like saying the government, because they have power, and the SCOTUS, because they have power, could decide to kill all children. Yes, they could. No, it’s absurd to let that power keep you up at night, or say the solution is to abolish their power.
Ha! Let me know how to achieve that and I will. I’ve advocated, donated, and volunteered for years on behalf of a number of causes, some with excellent organizations promoting them, and yet things continue to get worse. The only minor victories have been temporary delays of bad policy.
No, the best response for the average citizen is stubborn noncompliance and constant passive resistance. Drag your feet until the whole thing comes crashing down. And encourage your friends to do it too! (But don’t stop trying through conventional politics, maybe one day it will work. Just don’t get your hopes up.)
You can’t pass a law; because you have almost no bad examples to point to. Emulators, something that happened on the other side of the world, and piracy aren’t arguments.
The banning of Parler did more for activism and awareness regarding platform control than all FOSDEM. Of course, HN happily piled on in favor of this decision, missing the moment to build common ground on platform control, for the sake of political expediency.
If the government, or tech, starts regulating out things people actually care about, then you’ll have your sway. The rush to technical solutions seems to imply we already internally agree tech and government aren’t going to do anything the average person cares about - as it assumes the “bad future” can happen without a national policy discussion anywhere.
It may be across an ocean, but Europe isn’t exactly the other side of the world geographically or culturally. Many of the ideas being trialed there are working their way into parts of the US. The frog is being boiled slowly, but the heat is rising more quickly in big cities.
> HN happily piled on in favor of this decision
HN is not a monolith with a single opinion. The loudest users at the time (not just here, all over the internet) were pro-censorship political activists, so maybe that caused you to interpret things that way.
> If the government, or tech, starts regulating out things people actually care about, then you’ll have your sway.
The public will not respond until the groundwork has been laid to make effective protest impossible. Only then will important things be regulated out. Until then it will just be “nerd stuff”.
This is a lazy argument, as I can safely say that 80% or more of HN has the same political bent, and every community ever has said “but not everyone.”
Read the comments on the Parler deplatforming. See what was upvoted. See what the consensus was. Nobody cares about the principles, even here, when rubber hits the road.
Imagine if the undesirables, on either side, started actively using all the decentralized censorship-resist tech for their cause. Would the builders and commentators here be saying “working as designed,” or would there be a sense of fury, a sense of “not like that?” A sense of “that was supposed to enable my cause, not yours?”
Suppose Proud Boys coordinated their Jan 6 activities on Signal and Tor. Suppose Truth Social was built on ActivityPub and MAGA developers were the loudest voices at FOSDEM advocating for censorship-resistant protocols. How do you feel? Are we still citing the same principles? If not, we never believed them.
> The public will not respond until the groundwork has been laid to make effective protest impossible. Only then will important things be regulated out. Until then it will just be “nerd stuff”.
I’m looking at history and noticing that 99.9% of revolutions did not have the internet required to be successful.
> This is a lazy argument, as I can safely say that 80% or more of HN has the same political bent, and every community ever has said “but not everyone.”
I disagree, but even if you were correct: like, what’s your point? Are you grouping me in with them because I happen to be posting here? I reject that characterization.
Edit: I feel like this is an attempt at some kind of “gotcha” based on the example you provided. No, I don’t believe access to tech should be gated based on politics. IMHO everyone should have access to private and secure systems, as part of their human rights regarding speech, thought, and personal privacy. I attempted to raise this point in several venues during the “deplatforming” fad and explained how the political pendulum made it a bad idea. The mob remained unconvinced.
> I’m looking at history and noticing that 99.9% of revolutions did not have the internet required to be successful.
You tell me how people are going to protest effectively in the face of:
- Ubiquitous visual surveillance and facial recognition
- Ubiquitous audio surveillance via pocket spies and things like Flock/ShotSpotter/other competing systems
- Ubiquitous ALPR systems and GPS-enabled “digital plates” being trialed in some areas
- Data mining coupled with AI behavioral analysis (sloppy but likely good enough)
- An increasing percentage of cars with remote shutdown capabilities
- The replacement of cash with digital currency that can be remotely disabled
The future looks a lot like China, but without their “economic miracle” that has kept the population satisfied.
That seems to be either an oversimplified take on the FSF's position, or argument in bad faith. The FSF wants people to be able to run free software for all purposes, as they fight for user freedoms. If said free software cannot be used, because of all kinds of vendors limiting their services to proprietary software or platforms, then this should be a major concern to the FSF, because their advocated kind of software is being sabotaged.
In fact FSF specifically exempts special purpose hardware like microwaves from its purview. The philosophy is targeted at software the user has a choice to install. If the hardware provider does not intend the user to choose to install an alternative version of the system software, software freedom doesn't come into play.
I worry that this global push for 'Know Your Developer' and the attempt to make them legally liable for what they produce, is going to destroy open source, An 'open' linux included.
After that, certified locked down BigTech 'Personal Computing' will be the only menu choice.
Exactly. It’s a tactic so big tech doesn’t have to engage in activity that would justify anti-trust action if they want to ban a developer or even a whole class of apps. It’s also usable in general to benefit the wealthy.
They force anyone distributing software into the legal system so a “3rd party” can sue and destroy the life of anyone that goes against the system they want. Anything they don’t like will be accused of violating patents, etc. and the option to distribute anonymously for the good of users / society will no longer exist.
I believe that in the depths of the cold war, when personal computers were just showing up, it was decided, deep within the National Security Agency,that it was more advantageous to let them continue to proliferate without fostering secure Operating Systems, though they were available.
We all now live with the blowback from that decision. Most people don't even realize that actually secure computing is a possibility now, even here on HN.
This general insecurity means that anything exposed to raw internet will be compromised and therefore significant resources must be expended to manage it, and recover after any incidents.
It's no wonder that most people don't want to actually run their own servers. Thus we give up control and this .... Situation .... Is the result.
I affirmatively argue that actually secure computing is not a possibility. It's fun to build toy models where every process has exactly the permissions it needs and no more, sure. In the real world, your users are going to grant superuser/admin permissions to random installers, and they're not going to perform the complex verification rituals you told them to do beforehand.
It's like trying to set up a warehousing system so perfect that the shrinkage rate is 0.
People are perfectly happy with a walled garden. The question one should always be asking is what is the difference between that and a panopticon? What happens to me if I start seeing faded flowers and no-entry signs? Can I escape? With my stuff or friends or family?
The rot is so much deeper than just running what you want on your own machine. And how we got here is easy to explain. There was once money it letting you run what you want on your machine. Now there's money in not letting you run what you want on your machine. And so, that's what we get.
There exists no path where a publicly traded company doesn't eventually view its customers as subjects. Every business school on the planet is teaching their students strategies and tactics that squeeze their customers in pursuit of maximizing revenue. And those strategies and tactics are often at the expense of creativity, ethics, and community. Just last week people's bed didn't work because the company that makes them architected things such that they have absolute control.
Only a reasonably altruistic private company might buck the trend. But the publicly traded companies are allowed, by the government(s), to use their largesse in a predatory fashion to prevent competition. They bundle and bleed and leverage every step of the way. They not only contribute to the politicians that do their bidding, they are frequently asked to write the laws and regulations they're expected to follow. Magically, it has the effect of increasing the costs of their competition to enter the markets they dominate. And so, the odds of an altruistic private company emerging from that muck is low.
Worse still, many of the elected officials (and bureaucrats) actively own stock in the very companies they are responsible for regulating. Widespread corruption and perversion of the market is the inevitable result.
I'm trying to do a better job and redirect my money to the places that better reflect my values. It's not even a drop in the bucket, but it's a lever where I feel like I have a measure of control.
I place a large part of blame of why the public is accepting of this trend of restrictive computing to Microsoft’s decision to loosen security despite of David Cutler’s excellent Windows NT. Cutler came from DEC VMS and built Windows NT to be an enterprise OS with separation between kernel and user space and enterprise level security. Microsoft to go after the consumer space ran a lot of apps and drivers in the kernel space. This meant for over two decades consumers learnt hackers could easily hack, bypass, and take control over their PCs. If you could disguise your code as a driver, it got God permissions to your PC.
Won't matter. Remote hardware attestation means they will know you're trying to bypass their control. You'll be denied service at every turn. Can't even log into your bank account.
IMO, I don't see how remote hardware attestation avoids being spoofed. Yes, TPM is involved, but the end of the day, it's an API request/response. There are so many ways the request could be spoofed, and the attestation likely requires coordination with hardware vendors that have proven to be Highly Secure TM with the history of secure boot leaks.
> I don't see how remote hardware attestation avoids being spoofed
Hardware cryptoprocessor. Keys are held in a tamper resistant secure element. You're not gonna get at those keys without pouring some serious resources into the task.
The keys are owned by the corporation and used to establish a root of trust from boot. If you change anything at all to suit your interests, verification fails, your machine is identified as "tampered with" and designated as untrusted.
History tells us there will always be a “low cost” vendor with exploitable hardware, or if production becomes more tightly controlled, inevitable cost cutting and declining standards will provide a way in. Not that we shouldn’t oppose locked down hardware, but locking things down creates pressure and motivation for the people who like things to be unlocked.
Your untampered device will be enrolled with a verified ID provider and they’ll be part of the attestation. The tamper resistance hardware benefits from decades of hacking. Plus you’re not talking about things like compromising a single long lived key or similar like you could with physical media or players.
We’ll probably get to the point where you need a verified id to buy a phone that does attestation. Tamper with it and go to jail. Who’s going to hack that?
Even if things get that locked down, I suspect that leaked attestation keys and fake/stolen ID verification will always be a problem. There’s a lot of money to be made in this, and someone will inevitably decide not to leave that money on the table, legality be damned. This risk only goes up with manufacturing that crosses borders, and despite the push to renationalize production, it’s going to be a long time before that is feasible at a mass scale.
A small, hardly exclusive list of things we have been unable to protect through technology:
- DVD/Blu Ray/HDMI copy protection
- Windows product registration
- Device jailbreaking (manufacturers are constantly running to keep ahead of this but old versions are frequently unlocked even with iOS)
- Classified diplomatic documents
- Classified details of warfighting equipment
- Identities of federal employees (and even covert agents)
- Nuclear secrets
Technical measures aren’t always the weak point—bribery works just as well. As the US tech stack continues to decouple from China, they will also have the motivation to break our systems.
Everything seems directed into making that "low cost vendor" illegal and consolidating the market into a handful of players.
And yeah, it's a politics problem, not an economic one. If corporations could simply push Trusted Computing without a corrupt police (and military) backing them, we would be there since the 90s already.
If you have the right to run what you want on your machine, then they do too.
So then the problem gets moved up to why are you (or group of you) not powerful enough to negotiate being able to run what you want and either not need “them” or be important enough that “they” need you.
And the answer will come down to the fact that 90% of people don’t care about running whatever they want on their machine, and they want the cheapest, quickest, easiest solution.
> So then the problem gets moved up to why are you (or group of you) not powerful enough to negotiate being able to run what you want and either not need “them” or be important enough that “they” need you.
How tiresome.
You're right, we gotta become more powerful. Via radicalization. They seek to marginalize us. To turn us into second class citizens. To destroy free computing as we know it, destroy everything the word hacker ever stood for. If you're on this site and this doesn't radicalize you, then I don't know what to say to you.
Gotta start lobbying governments to make it a literal crime for them to discriminate against us in this manner. Just like racism.
It got this way because 99% of people are happy running what's in the app store, and the security protections are more valuable than being able to run arbitrary code.
Linux as an answer doesn't address the needs of 99% of people, so 98% will never adopt it. It's better to meet people where they're at and push for sideloading and alternative app stores.
Only as long as Google doesn't force Web Environment Integrity through. Running a custom OS won't help if important websites refuse to load unless they're running in an approved browser with a set of approved extensions, on an approved OS, on top of approved hardware.
I've been beating the drum that we need mobile drivers licenses and pairwise pseudonyms. It is a path to beating spam and bots in a way that doesn't hand control over to private entities.
Some folks don't like digital identity controlled by government, but it seems like the alternative is digital identity controlled by oligopoly.
There are plenty of smartphone companies locking down their bootloaders, but there are others that will let you unlock your bootloader by just running the basic command.
A much bigger problem for running Linux on phones is that standard Linux runs like crap on phones. It doesn't have the mainline driver support amd64 computers have, and the battery life optimizations that make Android usable need to be reimplemented on top of Linux to get a day's worth of use out of your phone. Unfortunately, most Linux applications are written for desktops where they expect the CPU to be running all the time, the WiFi to be accessible whenever they want, and for sleep/suspend to be extremely incidental rather than every two minutes.
It doesn't increase shareholder revenue. That is the second highest calling. The only thing more important is marketing and advertising, and this also helps that, so hey, two birds one stone.
No, but when remote attestation reveals that you're running an OS that's not blessed by Google, the megacorps will make their apps all refuse to run on your phone. A few already do so today, e.g., the McDonald's app. In practice, I expect a situation where we have two phones: one to run Big Tech's apps, and one to run indie apps.
Roms face a different problem: bootloader locking. But the more Android changes drastically, the harder it is to integrate the AOSP changes into the different open projects
That’s possible on very few phones these days. Only a handful of OEMs still ship phones that can be bootloader unlocked at all (at least in the US), and even several of THOSE require phoning home to the OEM to get an IMEI-dependent unlock key to pass to fastboot.
Source: 7 years of running deGoogled Android phones and 11 years of running ROM’d Android phones before recently moving to iOS and giving up.
Two of my deGoogled Android phones were Pixels (4a and 7a) and one was a Nexus (6p). I know them well, though I never ran Graphene on them.
Pretty sure I read Google was no longer going to publish device tree sources for Pixel phones, which will make ROM development for them significantly harder, whether or not the bootloader is open.
It is actually getting worse over time imo. In the days of Froyo, you could run Cyanogen easy without needing keys from anyone. Now you got to go to your manufacturer's website to get the key needed to unlock it. Even after you bought the device, you are reliant on the goodwill of the manufacturer to get the unlocking key.
In my opinion, the biggest problem that comes with this, is the fact that google play independent apps will become A LOT less popular. To a point where alternative roms are even less interesting to people which in return makes developing apps for them even less interesting.
Some people even sideload on iOS, which doesn't allow sideloading. They do this by getting an apple developer account, installing Xcode, compiling the apps themselves and refreshing them on their phones every week. And this seems about as popular as Android sideloading where you just download an app and install it...
This idea that protecting users is worth the cost of giving up your ownership rights is fallacious.
Protecting 1 million grannies is an entirely different risk class than the security implications of stopping everyone from using their devices as they see fit.
Protecting 1 million grannies means everyone loses ability to install apps that:
-allow encrypted chat
-allow use of privacy respecting software
-download art/games/entertainment that is deemed inappropriate to unelected parties
-use software to organize protests and track agents of hostile governments
-download software that opposes monopolistic holds of controlling parties
Using Linux is also not a real choice. To access my bank and health services in my country, I require a mobile device that is remote attested by either Apple or Google which are American countries. Hell, it's becoming closer to reality that playing online video games requires remote attestation either to "prevent" cheating or for age verification.
Thus the risk widens to the sovereign control a nation has over its own services. A US president could attempt to force Google and Apple to shutoff citizen access of banks and health services of an entire nation. Merely the threat could give them leverage in any sort of negotiations they might be in. For some nations in the future, the controlling nation may be China I imagine.
I think the real regulatory solution here is to break up monopoly practices. While the EU's DMA is all well and good in some ways, the EU is also pushing Chat Control... In a more fragmented market it becomes impossible for a bank or health service to mandate specific devices for access (they lose potential customers) so you could theoretically move to a device that doesn't do draconian style remote attestation that breaks if you go off the ranch. We need more surgically precise regulatory tools than sweeping legislation that would keep using alternatives like Linux or FreeBSD or whatever actually viable. It also makes it much harder for that same legislative body to enforce insane ideas like Chat Control.
The answer is not protect users from themselves. The answer is more freedom, with a legal framework that helps all users have more choices while helping victims acquire restitution.
> A US president could attempt to force Google and Apple to shutoff citizen access of banks and health services of an entire nation. Merely the threat could give them leverage in any sort of negotiations they might be in
This. We can’t anymore say to ourselves “but surely a US president would never do that”?
Reference: recent tirades at Canada, Spain, Colombia, Ukraine, ...
Without limitations on authority and control, I worry more that the world will devolve into a multilateral legal hellscape, even moreso than exists today. Given how much is dependent on software, you are going to have the governments of pretty much any country with multinational exposure trying this in the next 10 years if recent UK and EU developments are any indicator.
> To access [...] health services in my country, I require a mobile device that is remote attested by either Apple or Google
I knew of banks, but how is it that health services need remote attested mobile devices? Do clinics not support setting appointments through calls anymore, or what?
In my country, the same verification service is used to access banks, health services (private and public), taxes, and even verify online retail purchases. This verification app on Android requires Play Integrity on first time activation so fresh installs of something like GrapheneOS will not let you use the app. It's still currently possible to use a hardware token alternative to the app. It is only getting less convenient and possible to opt out of the digital verification systems even if there's technically still workarounds. In the past, even when such verification systems existed, they were less user constricting (no requirements on remote attestation for example).
I believe if we look at the past compared to now, and then extrapolate towards the future, without proper action, we will keep slipping down the slope.
I see all of these "in my country, we need a phone to do X" posts, and while I believe them, I feel like they always leave out key information. I'd also like to know: What actually happens when the customer does not have a phone? Do you just never get healthcare? Do you just never bank? Surely there are (perhaps inconvenient) alternatives that people without phones can use. The national government doesn't just let its citizens slide into some healthcare-less, unbanked purgatory simply for not having a phone. What is the real, full picture?
As someone in the USA, I could toss my phone in the dumpster forever and still live my life pretty much as I live it today. I might have to make a few minor sacrifices, but I'm grateful we still have that choice here.
Recently, I was referred by my family physician to a healthcare provider. That provider required a mobile phone number for registration. I emailed them to complain about this and their reply was that if I did not have a mobile I should contact the referring medical practice to find an alternative means of treatment. I did, and their response was that I should take it up with the provider.
But this is, of course, just one anecdote. I would also be interested in seeing more information.
it's usually to see the results of your lab work, message doctors about refills, etc. You'd probably be able to get some of that mailed instead at the cost of time certainly.
> "When the microcomputer first landed in homes some forty years ago, it came with a simple freedom—you could run whatever software you could get your hands on. Floppy disk from a friend? Pop it in. Shareware demo downloaded from a BBS? Go ahead! Dodgy code you wrote yourself at 2 AM? Absolutely. The computer you bought was yours. It would run whatever you told it to run, and ask no questions."
None of what was written in the rest of the article after this statement has any bearing on what they said in this statement. Sure, they said the "Microsoft Store", but aside from that, you still have the freedom of running whatever software you want on your own desktop computer, laptop computer, or server (Linux, Windows, or Macintosh) ... nothing has changed about this. I, for one, like the increased security on mobile devices. As far as gaming, I am not a gamer, so I just do not care.
I'm not sure how many Macs you've used lately, but this isn't entirely true: out-of-the-box, Macs only run software that has been signed and notarised by Apple.
You can still disable this, but the methods of disabling are getting more obscure, and it's not a given they will remain available
What happened was people ended up putting a lot of money and sensitive data on their computers and desired a system which wouldn’t expose that just because they ran the wrong software.
Also, "want the milk without buying the cow", but I like "don't get me wet" because it highlights not wanting the result without the unpleasant step of the process. Then again, we have "dry cleaning" and ozempic....
https://english.stackexchange.com/questions/429316/wash-me-b...
This is the real answer that is rather banal and boring compared to conspiracies of nefarious money harvesting.
95% of people don't know what "Run your own software" means, because to them, the app store lets them chose what apps to install. And they don't get viruses and malware like their 2008 laptop did.
That being said, there absolutely needs to be a mechanism for "lowering the gates" if the user wants full control of the device they own.
And by "people" we mean Hollywood. A great deal of this was created to enable DRM, then exploited for other purposes. For instance, it's illegal (by contract) to let a device without Secure Boot play a 4K stream from any mainstream studio. This is why Windows requires Secure Boot.
The better answer is to build better OSes with better security models.
I should be able to run a crypto wallet I downloaded from a Kim Jong Un fan site while high and it shouldn’t be able to do anything I don’t give it permission to do.
It’s totally possible. Tabs in a web browser are basically this.
I can do it with VMs but that’s lots of extra steps.
Ah yes, the good old freedom for security tradeoff. Of course, in this case it's the security of trillion dollar corporations at the cost of our freedoms...
Let me try to strawman a little: I personally accept this on my phone because I honestly don't consider my phone to be a computer, and I don't really care about "computing" on it. My phone is not really that important to me. It is a toy/appliance that I goof around with. What it's running and how "free" and "open" it is, is about as important to me as how free the firmware in my car is, or the software on my gaming console.
I care about the free-ness and open-ness of my computer, because that's where I do all my work, my E-mail, my finances, and all my "serious computing." I feel that a different standard applies on a Real Computer because they are totally different devices, used for totally different purposes. So what I accept on phones, cars, and gaming consoles, I don't accept on my computer.
While this is fine for you, I worry about a sociocultural divide.
I believe the likelihood of a smartphone being the only form of computing (and access to the internet in particular) grows with diminishing income / cultural means.
This is based on anecdotal observation, does anybody here know of relevant survey data?
I suppose the reason for this is that this is how it has always been with mobile computing. People don't even bother to think about their smartphone as a computer anymore.
> The moment gaming became genuinely profitable, console manufacturers realized they could control their entire ecosystem. Proprietary formats, region systems, and lockout chips were all valid ways to ensure companies could levy hefty licensing fees from developers.
This is historically inaccurate. All console games were originally produced in-house by the console manufacturers, but then 4 Atari programmers got wind that the games they wrote made tens of $millions for Atari while the programmers were paid only a relatively small salary. When Atari management refused to give the programmers a cut, they left and formed Activision. Thus Activision became the original third-party console game development company. Atari sued Activision for theft of trade secrets, because the Activision founders were all former Atari programmers. The case was settled, with Atari getting a cut of Activision’s revenue but otherwise allowing Activision to continue developing console games. I suspect this was because the 4 programmers were considered irreplaceable to Atari (albeit too late, after they already quit).
The licensing fee business model was a product of this unique set of circumstances. The article author's narrative makes it sound like consoles switched from open to closed, but that's not true. The consoles (like the iPhone) switched from totally closed to having a third-party platform, after the value of third-party developers was shown.
> Consumers loved having access to a library of clean and functional apps, built right into the device.
How can you say they're "built right into the device" when you have to download them? Moreover, you were originally able to buy iPhone apps in iTunes for Mac, and manage your iPhone via USB.
> Meanwhile, they didn’t really care that they couldn’t run whatever kooky app some random on the Internet had dreamed up.
I'm not sure how you can say consumers didn't really care. Some people have always cared. It's a tradeoff, though: you would have to care enough to not buy an iPhone altogether. That's not the same as not caring at all. Also, remember that for the first year, iPhone didn't even have third-party apps.
> At the time, this approach largely stayed within the console gaming world. It didn’t spread to actual computers because computers were tools. You didn’t buy a PC to consume content someone else curated for you.
I would say this was largely due to Steve Wozniack, who insisted that the Apple II be an open platform. If Steve Jobs—who always expressed contempt for third-party developers—originally had his way, the whole computing industry might have been very different. Jobs always considered them "freeloaders", which is ridiculous of course (for example, VisiCalc is responsible for much of the success off the Apple II), but that was his ridiculous view.
Real world parallels to this abound. You cannot build whatever house you want on your own property, for example; it must meet strict building codes and be verifiably structurally sound. What ever happened to building what you wanted on your own land?
That is not universally true; even today in some states there are areas (and perhaps even entire states) where building codes do not apply, sometimes even to the main structure. Often you only need to comply over a certain size, for human habitation, or to connect to utilities.
The best argument “for” building codes is the same as “for” secure platforms; that people should be able to expect a certain level of competence when buying a structure or phone.
But if you want to do it yourself, there should be a path.
The codes exist but I think what they are saying is that in some places codes are not enforced or even checked. I live in somewhat of a "middle ground" where codes do exist and electrical is checked on a brand new build. They will also nag about septic inspections but will never actually get off their butts and do the inspection. Many such places do exist but they are usually places I would never want to reside. I know of places that I can literally build anything and never once be nagged by inspectors or state/county governments. They are happy enough and lazy enough to receive the property tax revenue.
I have mixed feelings about unenforced regulations. Having unenforced regulations opens up the possibility of targeted abuse of any individuals that are not a cultural fit in the eyes of the government offices and being very relaxed regarding anyone that fits in. This also drives the need for very detailed and expensive inspections prior to purchasing a home and that is a loaded topic all by itself.
Because there are liabilities issues for others. What if your structure falls down on visitors? You cant repair some heath damage or death. Since this kind of problems is easily prevented by professional review, legal constraints make lots of sense.
> Sadly, over the years, Android has been steadily walking back that openness. The justifications are always reasonable on their face. Security updates need to be mandatory because users are terrible at remembering to update. Sideloading apps need to come with warnings because users will absolutely install malware if you let them just click a button. Root access is too dangerous because it puts the security of the whole system and other apps at risk. But inch by inch, it gets harder to run what you want on the device you paid for.
As much as I want to agree with this author (and do, to an extent) they are also providing the exact and honestly-pretty-good reasons for why this is happening: computers have breached containment, and they did it a long time ago. Computers are not just for us weird nerds anymore and they haven't been for some time; they're tools for a larger, more complicated, more diverse userbase, many of whom are simply not interested in learning how to computer. They just want shit to work, reliably. Random software on the Internet is not a path to reliability if you also don't know how your thing actually works.
I mourn this too but let's not pretend it's simply what happened because corporations are evil (though they are for sure that).
It's particularly hard to swallow these justifications when advanced by Google considering how much malware there is on the Play Store. I have never once had an issue with malware installed via F-Droid but have had multiple issues with apps from the Play Store. But apparently it's F-Droid I need to be protected from. (Granted, the Play Store malware I experienced was in the nature of "pop up ads on your phone randomly", not stealing your bank credentials, but it shows how little actual vetting goes on.)
I do understand the broader point. I know a few elderly people in particular who are walking targets for cybercrime. But I wish we had more differentiation. Locked down, easy to use phones for those who want or need that, and more open phones that act similar to laptops for those who know what they're doing (or, in any case, are willing and able to bear the risk).
I mean, we did. We had iOS and Android. The issue is Apple makes more money via these practices per user than Google did, and Google is therefore imitating them and their products.
The security argument is the best one to shove all this monopoly practices, but I doubt there are real proof of that somewhere. These days, I think I have most trust in a small app developed by a folk in a garage than something produces by Meta or Google
Exactly: smartphones and tablets are designated safe spaces for 'normies'. If you want to do serious computing, serious machines (laptops, desktops, servers) are still available.
there are plenty of "honestly-pretty-good reasons" we plebs shouldn't have access to general purpose computers, and we're only a few decades away from them reclassified into the equivalent of fully automatic rifles.
This is a recurring pattern: people make bad choices, mostly out of ignorance, but no one blames the public because we always assume that in a democracy the costumer and the voter are always right.
Behind every corrupt politician or every greedy corporation there are thousands or millions of negligent and ignorant voters and costumers.
And like, with the ubiquity of this tech, I have to kind of concede at least some of the point. A smartphone is just shy of essential for modern living these days. Banking, purchase of goods and services, managing your relationship with your city and state, filing taxes, getting directions, ALL communications, all occur via your phone. Your phone is not MERELY a computer, a CPU with memory attached that you can make do things, for most people, I'd say it's an essential piece of IT hardware. Most people would prefer, I think, to lose their computers, TV's, consoles, etc. far before their phone. A phone is CRITICAL now, for better and worse.
So it sucks ass that a greater and greater share of what we consider computing has to occur in platforms that are utterly locked down to the core, but again, at the same time, putting my "regular user" hat on here: I don't want my phone to run anything from an untrustworthy source. My computer? Shit yeah, I'll try just about anything with a healthy skepticism as required, but not my phone. Losing a computer is irritating. Losing a phone is a fucking MESS.
Doing evil things under the guise of good intentions (with reasons that appear valid on the surface) has always been the playbook. All you're doing is excusing it - let's not.
If this was genuinely about security and UX then they would continue to provide viable "escape hatches", but it isn't and so they don't. That's what's being criticized.
I disagree, I don’t think I’m excusing it at all and your argument hinges on the restriction of software running on hardware to be evil. I wouldn’t describe it that way. I think it’s frustrating certainly but I don’t think you have an inalienable right to run code of your choice.
I would characterize it more as Google is responding to the needs of the vast majority of its users, most of whom do not care to run unsigned software, certainly don’t write it, and have no need of escape hatches. Escape hatches are great, but each also represents a security weakness waiting to be exploited.
And not to leave it merely implied: they are also responding to large development organizations who want locked down platforms in which they can distribute, and more importantly crack down on those who would pirate their, software.
> Escape hatches are great, but each also represents a security weakness waiting to be exploited.
Having money and using them without supervision is a safety risk. You can unknowingly buy food that isn't good for your health. And good food is what you actually need. So transfer your money to me and I will benevolently manage your diet for you. No other motives but your safety and wellbeing, I swear.
By the way, can you really trust the supermatkets? They sell alcohol and alcohol is bad for you.
> I don’t think you have an inalienable right to run code of your choice
> more importantly crack down on those who would pirate their, software.
If you represent the interests of corporations then try leading with that next time.
> Escape hatches are great, but each also represents a security weakness waiting to be exploited.
Besides being a broad statement that lacks citations and no doubt relies on contrived examples where this was implemented poorly, it's also clearly a violation of the EU Digital Markets Act.
> If you represent the interests of corporations then try leading with that next time.
I don't. I'm just saying Google and whichever boogeyman you'd care to slot into position 2 share the same interests. Far more than you or me and Google anyway.
> Besides being a broad statement that lacks citations and no doubt relies on contrived examples where this was implemented poorly
To a laymen user, any software that is running without code signing has a much much much higher chance of being something that has gone wrong rather than Joe Public found a cool image editing app that doesn't want to be distributed via the Play store. Are there exceptions? Sure, I'm certainly a big one. Does that mean I don't understand Google's position here? No.
> it's also clearly a violation of the EU Digital Markets Act.
If true, they'll end up in court, same as Apple did.
> To a laymen user, any software that is running without code signing has a much much much higher chance of being something that has gone wrong rather than Joe Public found a cool image editing app that doesn't want to be distributed via the Play store.
Don't give me these "political" answers. That's just another broadly-agreeable statement that's completely unrelated to the one I asked you to substantiate:
> Escape hatches are great, but each also represents a security weakness waiting to be exploited.
There are 3 problems here:
0. If Google genuinely cared about Android security to this degree, they wouldn't be giving threat actors 4 months to run wild with 0-days before publishing them:
Mobile security relies on sandboxing, not on Google's approvals. Even the most malicious app approved by Google shouldn't be able to steal information, access information from other apps without authorization, or execute actions on user's behalf.
Whenever this core principle is broken due to inevitable security vulnerabilities, it should be treated as such and promptly patched. Instead these shortcomings are used as convenient excuses to advance these political goals.
2. An escape hatch can be anything:
- "allow installation from unknown sources" like we've always had
- secret settings menu + PIN/password + require a switch to be flipped in the recovery menu during boot + require an ADB command to executed + warnings at every step.
- ADB commands + switch in recovery menu + time delay + require a full device reset with all data being lost
First one is somewhat vulnerable to social engineering though I've personally never encountered a device where someone was tricked into doing this, so it must be more resistant than downloading malware on Windows.
Second is close to impervious to social engineering. Grandma isn't going to be accessing the recovery menu or running ADB commands any time soon.
Third one, while far too restrictive in my opinion would still be better than nothing, it would be impenetrable to social engineering, and safeguard any existing data on the device even in case of a serious concurrent vulnerability in the Android sandbox.
Are all of these completely unacceptable?
On the balance of probabilities, "Joe Public" isn't being tricked into doing anything, he is trying to install ReVanced to get ad-free Youtube.
Good. I want walled gardens. I want to be sure all code is audited and vetted.
I don’t like that governments are forcing companies to open their environments up to random code, I wish they instead put legislation in place about transparent vetting processes, and allowing different kinds of apps.
In general I think software engineers get away with things no real engineering job gets away with, and it baffles me.
I hate to be the old guy yelling at the clouds, but was an LLM used to write parts of this?
> Apple sold the walled garden as a feature. It wasn’t ashamed or hiding the fact—it was proud of it... The iPhone’s locked-down nature wasn’t a restriction; it was a selling point.
Please, write as a human, I promise you it's good enough. I'd much rather read something that's a bit clunky but human written than something that's very polished but leaves me wondering what the author actually was trying to say.
Respect your reader, but most importantly, respect yourself as a writter too.
LLMs only know how to use emdashes, semicolons, and ellipses because human writers used them first. The way I see it, a large part of "respecting yourself as a writer" in current year is not letting the mere existence of LLMs change how you write, just because a bunch of people have latched onto cheap signals like the presence of certain punctuation as a hallmark of LLM output.
I don't really think an LLM wrote this, because the use of punctuation is actually a bit clumsy. However, I have no problem parsing the author's intended meaning.
The TPM and secure boot conversation for gaming has shifted my perspective a lot. This technology is having a positive impact on player experience. It has become quite clear to me that there are wheels that will squeak regardless of the amount of lubricant used. I've begun to consider the position of being able to run anything my way at any time on any machine as being a bit extremist. Especially, in a game theoretic setting with other participants expecting some degree of fair play.
I am allowed to own multiple computers. Many do. I've got a Linux hand held, a windows desktop, an iPhone and a MacBook. All with varying degrees of freedom and function. I don't feel like I'm constrained right now.
HDCP is an example of the other thing in my mind. It adds zero value to anyone's experience. Any potential value add is hypothetical. You can't survey a person after they watch an unprotected film and receive a meaningful signal. It's pure downside for the customer. There's no such thing as competitive Netflix lobbies.
If I want to run arbitrary code, I'll do it on my windows box or fire up a Linux VM in the cloud somewhere. I don't need weird problems on my phone. If you are trying to touch all platforms at once, try using the goddamn web. I've been able to avoid Apple enterprise distribution hell with a little bit of SPA magic and InTune configuration for business customers. For B2C I just don't see it anymore. You need to follow the rules if you want to be in the curated environments.
Even if I try to steelman your argument that locking down general purpose computers has some benefits particularly to gaming, its very short term imo.
How far away are we from hooking up a vision model to the display output of let’s say, Battlefield 6 and hooking in mouse+kb input from said vision model + an aimbot that perfectly replicates a top performing players mouse movements?
I’d say not very far away.
Much like how in online chess, no technical solution can attest that a move is really from a human brain and not a chess program running on his phone.
That same box that lets me play Battlefield 6 is also the only box powerful enough to run the game that doesn't have enough accessibility options that requires me to use CheatEngine to fix.
It's important to understand that we could genuinely lose general purpose computing. I don't think it's in serious danger at the moment, but we've been in the midst of a slide in that direction for the last 10-15 years. Part of it is mobile phones, part of it is TPM, part of it is market forces. The latest turn is strictly political. We've really foolishly built the technology necessary for authoritarianism just a few years head of a general global trend towards authoritarianism. At the moment, anyone can use Linux; it's better and easier than ever. Will the laws of your country make it harder or more difficult to avoid? Will major vendors lock you out of basic functions? Will age verification require an agent run on your Windows or macOS computer? (or worse, require the use of a smart phone just to use the internet?)
We're not anywhere there yet, but we're closer than we've ever been, and things keep moving in the wrong direction.
I think it is unfortunate how many resources are put into making things secure with TPM's and how little resource is put into basically having secure and simple sandboxing...
All I really want is a computer that allows me to fully control the permissions and filesystem access of all the programs that I manually install on my system. Almost every program (in my case) needs 0 filesystem access outside of what it installed itself and shouldn't be looking or snooping at anything that isn't in its own process space.
I want a clear and simple way to limit the blast radius of how badly a program could actually screw up my system or have access to my files.
I recently experienced the opposite of this on Android, where I tried to install a very well reviewed ebook reader called MoonReader. But MoonReader seems to require complete access to every file on my Android device to work correctly. That is insane. I looked it up a bit more and it seems that Google has simplified (or something) permissions, but now there isn't much choice other than asking for full file access (I just want to give it access to one directory).
Anywho, just a minor vent, that we are insisting that the only way to make things secure is this sort of attestation path, but we don't spend any energy just making it possible to limit the blast radius of software on most OS'.
> we could genuinely lose general purpose computing.
> At the moment, anyone can use Linux; it's better and easier than ever.
Maybe Linux will save us.
This was a fascinating thing to watch for me (pewdiepie telling people to install Linux): https://www.youtube.com/watch?v=pVI_smLgTY0
My bet is that the momentum is strong enough that:
- A critical mass of PC makers will continue to offer a Linux preinstalled option, or at least some path to installing Linux.
- If Windows and macOS take more rights away, it'll just help Linux's market share.
So Linux's share will probably grow not only because Linux is getting better but because the corpo OSes trying to take away general purpose computing
I love Linux, but if 90% of the US were on Linux the same commercial / political pressures would apply and Linux would just look like Android or ChromeOS. Can you run an alternate OS on your smartphone? Yes, but you can't run your banking app. Linux alone cannot save us.
But I don't want to run a banking "app" on my computer.
I am happy to use a browser on my computer to log into my bank's website.
If nobody participates in government, the banks and entertainment industry will get whatever they want, which is to lock down your computer into a portable kiosk
but is Android locking down something because government?
EU CRA (enforced Dec 2027) prohibits shipment of non-certified binaries for "critical" software, including firmware and hypervisors. Operating systems like Linux are categorized as "important" software, https://www.whitecase.com/insight-alert/cyber-resilience-act...
I might be wrong but I don't think that open source software are subject to the CRA. If you look at article (18) here [0] it seems to explicitly exclude free software that you download from the internet.
[0] https://eur-lex.europa.eu/eli/reg/2024/2847/oj/eng
That depends on the definition of "commercial activity". Some groups have influenced the legislation to exclude specific activity. Some supply chain roles, including developers who contribute patches, are excluded. Others can seek guidance on interpreting the legal text.
This doesn't in general inhibit hobbyists, and for the most part for companies it just adds some fairly sensible requirements around handling security vulnerabilities and making updates available. It is in theory a framework that could be used to add more onerous requirements in future, of course.
> We've really foolishly built the technology necessary for authoritarianism just a few years head of a general global trend towards authoritarianism.
Hum... It was foolish, but it was decades after the trend started.
Looks to me that the real trend was started mostly by the wide distribution of TV and the subsequent media consolidation (that happened everywhere).
Also, who is "we" here? Because it was exactly the authoritarian-wannabes that created most of it.
Death by a thousand cuts. TPM, secure attestation, age verification, DRM, and probably more things I'm forgetting right now.
Passkeys are another brick in this wall. The authors of the spec built in client software identification and attestation, which means authenticating parties can require you to only use certain, closed-source passkey clients. It's not hard to imagine a future where only blessed Passkey clients, such as Microsoft's, Apple's, and Google's implementations, are allowed by most services.
I think passkeys will be used against users. They’ll be used to attest to a user’s trustworthiness by tying authentication back to a real identity. Like another comment mentioned, you’ll end up needing something like a phone that’s locked down. Part of that will be authenticating with a verified ID IMO.
It’ll be incredibly easy to lock dissenters out of modern society. It’s too bad the vast majority of users will happily concede autonomy for a tiny bit of short term convenience.
I expect there will be backlash from non-technical users due to issues like the comment below where the passkey pushers fail to communicate where the keys are stored and thus users unexpectedly lose access to them.
Heh, I'm working on a blog post about this very topic. Passkeys are ... weird. There's a lot of potential for gatekeeping, where websites can indeed require you to use device-bound passkeys through device attestation, and where becoming a vendor requires interacting with the fido alliance....
I would say "I'm sure the mean well", but given that parties like Yubico benefit from not getting more competitors, the cynic in me is a bit worried.
> I would say "I'm sure they mean well",
Yeah, I wouldn't say that. It's clear from their public comments[1,2,3] that the spec authors don't believe the private key actually belongs to the user to do what they want with. They see services restricting what users may do with their own logins as a feature of Passkeys. It's really a shame it went in this direction. Replacing passwords with an easy-to-use keypair auth system would be a massive security improvement. But the Passkey ecosystem is poisoned at this point. Unless they remove the client ID & attestation anti-features, it should be considered a proprietary big tech protocol.
[1] Threatening an open-source passkey client with server-side bans because they don't implement passkey storage on the client device in the way the spec authors prefer. https://github.com/keepassxreboot/keepassxc/issues/10406
[2] Maintaining a list of "non-compliant" clients, including the above open-source one, presumably for use in server-side bans. https://passkeys.dev/docs/reference/known-issues/
[3] While writing an article about this on my website, I actually emailed the two involved spec authors on the above issue, politely asking how their interpretation of the Passkey spec could possibly be compatible with open source software. Neither replied.
It is particularly odd in the case of open-source clients (or indeed any client that runs outside of some very locked down hardware) because a) there's nothing that prevents the user exfiltrating keys anyway, and b) attestation also means relatively little for such an implementation.
Yes, the problems are obvious and the spec authors definitely know & understand the issues. Their refusal to have a public discussion about it indicates they just don't care, and their maintenance of a "naughty client list" shows Passkeys are intentionally hostile to user freedom.
Password managers are regulated as "important" software under EU CRA (Dec 2027).
Yeah I hate this, installed a new CPU and none of my passkeys work. The browser asks my phone and they don't trust each other and not a damn clue how to fix it.
Yep, big problem with them: most users have no idea where the thing that pops up and offers to store the passkeys actually stores them (sounds like in your case, in your computer's TPM was either on the CPU you replaced or complained and reset itself when the CPU changed). It's a ticking timebomb that all the 'users love passkeys! (after we nag them about it every time they login until they give up)' blogs fail to catch.
You could have used an open source client to manage your passkeys as you like, including backing them up in your own storage format. I wrote about it here: <https://www.smokingonabike.com/2025/01/04/passkey-marketing-...> I was quite excited about it... until I found out that the Passkey spec authors have warned that client that it may face server-side bans because it lets you manage your own private key how you want, and the spec authors think this is appropriate for servers to do. So I deleted all my Passkeys. Sigh.
Reading these comments, I'm happy to see that I'm not the only passkey skeptic.
You'll probably enjoy this article from one of the original creators of the Passkey ecosystem:
> Since then Passkeys are now seen as a way to capture users and audiences into a platform. What better way to encourage long term entrapment of users then by locking all their credentials into your platform, and even better, credentials that can't be extracted or exported in any capacity.
https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shatt...
Fingers crossed the Passkey user experience remains so bad no one accepts them & they just die on the vine.
I sincerely doubt it'll do much, but my next computer will not be Apple. Sadly, I just upgraded a year and a half or so ago, and sadly, good lord those damn arm chips are nice.
So hopefully in 8 years or so when I need a new machine, there's some decent options available to me.
But nice aint worth the cost when it comes at the expense of supporting something which is undermining everything else you believe in.
Oh wow... The idea of losing general purpose computing is a terrifying thought I've never considered before.
"The Coming War on General Computation", Cory Doctorow (2011).
Speech: https://www.youtube.com/watch?v=HUEvRyemKSg
Transcript: https://en.wikisource.org/wiki/The_Coming_War_on_General_Com...
(Of course, Stallman warned of this type of thing much earlier as well.)
Stallman is always right eventually. It's actually quite incredible.
[flagged]
He didn't assault anyone.
He said a bunch of things. They've all been collected here: https://stallman-report.org/
What I love about that report is that the author created it with the intention of making Stallman look bad. And if you look at the author's summaries, he looks bad. However, the author also made us the favour of collecting all the statements in one single place. And if you look at the things that Stallman actually said (as opposed to the author's summaries) he doesn't look bad, he looks strictly correct.
And there's a reply to that: https://geoff.greer.fm/2019/09/30/in-defense-of-richard-stal... via https://news.ycombinator.com/item?id=21113414
Yeah yeah but the reason why I link to that, is that if someone is interested they can with minimal effort find by themselves all the information to understand it was just a smear job.
Like, someone says "C assaulted B". And Stallman says "If A forces B to offer herself to C, C didn't assault B". Which is obivously correct. It could only be incorrect if you were redefining words to serve your purposes.
Ok, I'm confused here.
I had a look at what Stallman said and what Minsky allegedly did.
Apparently, Minsky had sex with one of Epstein's girls, who later said she was forced into it. Now, his wife denies the allegation, as she was apparently with him at all times on Epstein's island.
Now, I can believe that he went once, and maybe had sex with someone he didn't know was not doing so willingly. But, what about his wife? Was he cheating on her? Was she a part of it?
And why did he return a second time? And after Epstein's conviction in 2011???
And here comes Stallman, and he's not even denying that he's slept with someone, potentially cheating on his wife? His issue is with the wording?
Nobody in this situation looks good.
> His issue is with the wording?
Pretty obviously.
He is a weird, socially awkward, maybe autistic guy. And such people tend to be quite pedantic and focused on strange details that "normal" people just jump over.
See my sibling comment.
https://news.ycombinator.com/item?id=45722901
I disagree it's "pedantic". I think it's taking advantage of the system.
His issue is that saying "assault" to mean "sex with someone" is dishonest, even if that person is 17. Which is obviously is.
Any sane person hears "assault" and thinks that means "assault" instead it means something else.
What is happening is that the meaning of words are being changed for the purpose of using pre-existing laws. Example, you think that Bla is very bad and isn't punished enough by the law. There's law that severaly punishes Fleem. So, whenever you see Bla you call it Fleem and argue that the anti-Fleem law applies. That way you can effectively re-purpose a law. Specific example: "catcalling" is now "sexual assault" in the UK. It's easier to do it this way, than to argue that people should be punished for catcalling.
Ok, but surely there are more important thing going on there than the wording.
It feels like Stallman wants to defend his friend, but doesn't really have any way to do that. So, instead, he pivots to pedantry.
Like ok, assuming that Marvin really did not know, it's wrong to label him as a sexual assaulter(?). Though legally a sexual assault still occured.
But, it still doesn't explain, justify or deny that he allegedly slept with someone , possibly behind his wife's back. And it also doesn't explain that they went *BACK* to Epstein's island after knowing he was a sex trafficker. And that presumably the girl he slept with might have also been trafficked.
> Ok, but surely there are more important thing going on there than the wording.
Correct, it's the abuse of the legal system.
> Though legally a sexual assault still occured.
Just because something is true legally doesn't mean it's ok, good, correct, moral or ethical.
If the victim really was coerced/forced, then there is no wordplay going on here. No legal tricks. No abuse of the legal system.
We're talking about sex trafficking, which we know did occur and Epstein was convicted of. Twice.
And possibly rape/sexual assault, even though the "perpetrator" did not know about it.
You're getting awfully close to defending Epstein there.
I also can't help but notice that you ignored everything else in my comment?
I got what you're trying to say, and I agree. I just added my link for completeness.
It’s already happening.
Many big institutions lean heavily on mobile apps and other gated computing.
I live in BC Canada and by far the easiest way to authenticate a login to provincial sources involves using the BC ID App as a second factor, even when logging in via desktop. Many banks now also use their app as a second factor, rather than a generic OTP option that can run on any hardware.
There were also issues like running Netflix DRM in browser on Linux for a while.
General purpose computers won’t go away, but they will continue to be gated from more and more services until you are more or less required to have a phone or locked down ecosystem device.
> Many banks now also use their app as a second factor, rather than a generic OTP option that can run on any hardware.
This is one I’m willing to tolerate, as long as it’s optional. Something I don’t understand though is banking app setup. When I got a new phone this year, the RBC app made me submit some kind of live selfie.
The thing is, I know they can scan your debit card with NFC and authenticate the PIN. I’ve used it for a password reset in the past. Why is a selfie better than that when they presumably have nothing to compare it to?
So it's just about incentives right? Who has the power to make these decisions, and what are they likely to decide, given their incentives?
* Government makes services available via auth app of their choosing.
* Auth app deploys to one or two app stores. No financial incentive to do otherwise.
* App stores remain within walled gardens. Tracking, DRM, proprietary drivers come with.
[flagged]
Certainly there was more authoritarianism in past times, but we haven't previously had authoritarian movements at the same time that we've the internet and ubiquitous computing. Authoritarianism isn't meant to be a scare word; in the US, you have the total fecklessness of Congress, the expansion of the executive under every single president in the 21st century. (it's still authoritarianism even if some people like what is being done unilaterally by the executive. eg: both Trump and Biden sought and acted with expanded executive powers. Even if you like the outcomes, it's still actually quite bad. Neither party seems capable of imagining that someone they disagree with could be elected and use those same powers. It's baffling.) You have a lot of governmental changes in parts of Europe, etc.
I think it's pretty uncontroversial that there is a global trend towards authoritarianism, but I'm happy to hear other opinions.
Don’t think of it as one side against the other. It’s a dialectical process, two extremes, like communists and fascists, seemingly locked in mortal opposition, yet through their struggle, pushing the same totalitarian machinery forward. That old pattern feels disturbingly familiar today.
That’s a cute soapbox, but I fail to see what it has to do with software freedom.
Which means that in the future will be less engineers and software developers because they never had a chance to learn. And if somebody will know how all of this works really, they won't be working for peanuts. So in an essence all of those companies are eating their own tails. Which is expected since all of it is driven by the stock exchange executives that are interested only by short term profit. Yes it will be terrible but on the other hand all empires are terrible at some point ridden by the stagnation and multitude of radicoulus laws. Will it be the same with technocracy? Probably yes if they lock it all down, new generations will never learn, they will be less and less people with knowledge to maintain the infrastructure and without maintenance it will collapsee eventually.
> However, there is an increasing userbase whose first experience of computing was in these locked-down tablet and smartphone environments. They aren’t so demanding about little things like proper filesystem access or the ability to run unsigned code. They might not blink if that goes away.
I would also suggest that there is another user base who has been using computers for a long time, before GUIs existed, is fed up with fighting malware, welcomes the protection of a sandboxed, protected system, but doesn't understand the importance of having the option of escaping the sandbox. These users might not see the loss of not being able to install a kext on Mac OS without booting into Recovery Mode. But they will notice the loss when, at some point, we can't run anything that isn't signed on any platform.
Google and Microsoft are slowly moving towards the Apple model because it works as far as decreasing support costs go.
When the day comes that there isn't any hardware we can purchase that we can't install OpenBSD/Linux/whatever we want, it will be too late. We have to push back before then somehow.
> Vote with your wallet Doesn't work when the only options are bad. Every Android OEM embraces the closing of android because it'll allow them to ship all the spyware they already do without the user being able to remove them (or disable them soon enough). Having 2 or 100 options has no difference if they're all bad.
How will Google know about my choice? I want to let them know that now there is no reason anymore to prefer to Android over another ecosystem.
Also, my hardware, my choice. It seems there is no way to actually let them know.
I was there, 3000 years ago, when we started ringing the bell about “trusted computing”. Honestly it’s not as bad as I expected
Alternate take: it's exactly as bad as you expected, but your timeline was off.
And even so, perhaps it's later than you realize. Device attestation in the browser is the final nail in the coffin, and it's a question of "when" not "if" major sites start requiring it in the name of "safety" from bots.
> and it's a question of "when" not "if" major sites start requiring it in the name of "safety" from bots.
I recently found a plugin that can alert to JS doing shady "fingerprint-like" activity. I did not expect it to go off quite as often as it does now.
It would seem that some sites are already asking _very_ probing questions about the browser so it's only a matter of time before they go one step further and demand proof and gate on furnishment of that proof.
Would you mind sharing a link to that plugin?
> it’s not as bad as I expected
yet :D
I don't agree, it is absolutely dreadful, and we saw this coming and did nothing about it.
Think about it: you need permission to run software on your own hardware. Every time you launch a Mac App, it checks in with its masters to be sure its okay to do so - every time you install an app on your mobile device, it does the same thing.
People accept this terrible state of affairs because the "user experience is better" - but this is a fallacy. Under the cover of 'security issues' that their are incapable of fixing, due to very poor architecture decisions, OS vendors have instead bolted on an insanity and sold it to the user as progress.
Every computing device should have everything it needs, onboard, to write software for that computing device. That they don't is because the OS vendors are cowardly running from the bloat of yesteryear and adding more bloat tomorrow to cover it all up.
There will be a backlash against this. We see it already in the retro-computing and alternative-platform hacking communities, which are growing and growing, exponentially, by the year.
Its only a matter of time that someone wraps up this freedom-to-use concept in hardware that is sexy enough to compete with the totalitarian-authoritarian platform providers. Any .. day .. now ..
It can be turned off on your Mac if that is what you want.
So far, yes. It's getting hardware with every release. First you had to click approve in a dialog to launch unsigned software. Later you had to right click -> "open" -> then approve. Now you have to open system settings to find the button to show the approval prompt.
Meanwhile to install a kernel extension you now have to reboot into safe mode and disable part of system integrity protection (with big warnings that it's at your own risk).
For the average user, kernel extension are already gone, and unsigned software not far behind.
Devil's advocating here... when have kernel extensions _ever been_ a part of the average user's experience?
The early MacOS era as well as pretty much the entire classic Mac OS era was infamous for being a more-or-less do it yourself environment for adding bits the OS didn't have or did sub-optimally for given use cases.
The wisdom of such a freewheeling ecosystem in today's era is maybe debatable, but given how user-hostile the mainline OS and software vendors can be, I say there's still plenty of room for that ecosystem and it should be preserved.
Mobile is where it’s bad. It never took hold fully on desktop since desktop is used for development and too many other things.
PC was an anomaly thanks to IBM not being able to go with their plans.
On UNIX, Sun was the vendor that introduced the concept of SDK SKU, thus for having developer tools, an additional SKU had to be bought, and the until then largely ignored GCC sundenly got a new focus of attention.
Mainframes and micros always needed having a group of folks from the vendor professional services for specific kinds of configurations.
I still remeber working on traditional timesharing UNIX systems, one single server for all teams, what you get to do is decided by IT for your role.
There are plenty of examples from the past on how this has been happening already.
An anomaly from some corporate pov, maybe, but at home the PC was definitely not more open to general purpose computing than the alternatives. Most early home computers booted straight into a BASIC prompt, and the line between being a programmer and a user was far more blurred than it is now.
It definitely was, all other platforms had vertical integration.
PCs from IBM could do this as well. There was a ROM'd BASIC in IBM computers that they would default to if they couldn't find a bootable disk. The BASIC that came with PC-DOS, BASICA.COM, was actually a wrapper for this ROM BASIC.
The clones relied on GW-BASIC and later QBasic, which came on disk and was bundled with DOS, to supply this functionality, and didn't have BASIC in ROM. In fact, some early BIOS implementations, if they did not find a bootable disk, displayed a message "NO BASIC FOUND" or similar.
But the "walled garden" on mobile (iOS mostly, but now also Android) isn't really about trusted computing at all. Trusted computing (locked bootloaders) is but a small part of it.
Trusted computing and even remote attestation have legitimate use cases. It's good, great even, that they exist. But just like everything, they can be used against you.
In fact most digital goods that are sold in large numbers via download, are, as far as I'm aware, sold with some form of DRM. Like films and video games. Otherwise piracy would be just too easy. MP3s don't have DRMs, and are still sold (e.g. by Amazon), but those now seem to be largely replaced by music subscription services.
And this might be a reaction to the fact that music piracy is quite easy; if it wasn't, perhaps there would be no Spotify where you get basically All The Music in existence for peanuts. (Note that no equivalent subscription service exists with regards to movies or games: Netflix and Xbox Game Pass have only a limited selection of content included in their subscription.)
Mobile is where it is all going. PCs will be like android in the near future.
what? windows 11 was just for new features right? ... right?
Right,
https://learn.microsoft.com/en-us/windows/win32/secauthz/app...
https://learn.microsoft.com/en-us/windows/security/hardware-...
Trusted computing is just another name for vendor lock-in. It was never about security.
A more generous explanation is that it might be both — vendor lock-in also happens to be a security measure.
Having important info on your device and having that device accessible to the wild, wild, internet is a very real problem. If the "walled garden" is a flawed solution we should work on a better one.
Having a separate dedicated general purpose computing device not connected to the open internet perhaps.
I have an ugly hunch that systemd gonna be Google Play Services of Linux at some point.
I beg history to prove me wrong.
For anyone interested, please look at Hardware attestation and TiVoization, thanks.
Well systemd is open source so it could just be forked at any point. I don't forsee this happening.
This is a bizarre comment for an open source init system
The history of TiVoization[0] tells us otherwise.
[0]: https://en.wikipedia.org/wiki/Tivoization
Is the issue that they support secure boot type features?
No, the issue is too much of the Secure Boot chain is currently being controlled by Microsoft.
Kernel being GPL has no point currently. Require hardware attestation with Microsoft private keys + systemd-boot + systemd + uutils can create a nice walled garden, allowing "vendors" to build locked-down hardware-OS pairs.
More importantly, uutils is MIT, which can attest at every level, without sharing a line of source code.
This will affect everything from small appliances to big iron and it can be very ugly.
Uutils is literally one guy's self-tutorial to learn Rust. The fact that it's breaking Ubuntu has more to do with that than some shadowy conspiracy.
People are trying to lock down Linux yes, but the specific software used for enforcement, systemd or otherwise, is mostly irrelevant.
it's in the name, but it's open source and it's replacing a hodgepodge of other stuff (the point isn't why it's replacing it, or how well it's going; the point is there are replacements).
if the computer won't allow to install or use other software until you install a vendor-signed version of systemd on a vendor-signed kernel we'll be there. it's about hardware attestation, not signed software, though.
What it bothers me is the possibility of TiVoization via Kernel and systemd, actually.
Combined with uutils, which is MIT, you can build a nice (!) walled garden.
Let me say I have seen enough shenanigans over the years.
The future is likely bifurcated trust: Official, encrypted, attested systems; and unofficial, unencrypted, unattested systems.
The GNU freedoms never specified the right to run free software side by side with proprietary software on the same hardware; so the FSF should actually be fine with such an outcome.
The problem with bifurcated trust is the ongoing efforts to force people into carrying a “trusted” pocket spy. Cashless payments, mobile train tickets, and digital ID are making it extremely difficult to live without a pocket spy in some places.
If my bank requires me to use a phone for transfers (mine doesn’t), it might be acceptable to leave one in a desk drawer powered off as you would do with a hardware authentication token. It’s a special device for occasionally accessing a service. Fine. But when governments and industry collude to force citizens to carry these devices in order to live life normally, that’s not OK.
My intent is to be as stubborn and obnoxious as possible in resisting this until they either give up and provide an alternate path or lock me away for noncompliance. Fortunately there is still an alternate path available for most things, primarily thanks to elders who have trouble with new tech. (Thank you elders!)
Then get a law passed. Today.
Or… acknowledge this is a fear of a future 30, 40, 50 years away that may never happen, which is never an argument.
It’s like saying the government, because they have power, and the SCOTUS, because they have power, could decide to kill all children. Yes, they could. No, it’s absurd to let that power keep you up at night, or say the solution is to abolish their power.
> Then get a law passed. Today.
Ha! Let me know how to achieve that and I will. I’ve advocated, donated, and volunteered for years on behalf of a number of causes, some with excellent organizations promoting them, and yet things continue to get worse. The only minor victories have been temporary delays of bad policy.
No, the best response for the average citizen is stubborn noncompliance and constant passive resistance. Drag your feet until the whole thing comes crashing down. And encourage your friends to do it too! (But don’t stop trying through conventional politics, maybe one day it will work. Just don’t get your hopes up.)
You can’t pass a law; because you have almost no bad examples to point to. Emulators, something that happened on the other side of the world, and piracy aren’t arguments.
The banning of Parler did more for activism and awareness regarding platform control than all FOSDEM. Of course, HN happily piled on in favor of this decision, missing the moment to build common ground on platform control, for the sake of political expediency.
If the government, or tech, starts regulating out things people actually care about, then you’ll have your sway. The rush to technical solutions seems to imply we already internally agree tech and government aren’t going to do anything the average person cares about - as it assumes the “bad future” can happen without a national policy discussion anywhere.
It may be across an ocean, but Europe isn’t exactly the other side of the world geographically or culturally. Many of the ideas being trialed there are working their way into parts of the US. The frog is being boiled slowly, but the heat is rising more quickly in big cities.
> HN happily piled on in favor of this decision
HN is not a monolith with a single opinion. The loudest users at the time (not just here, all over the internet) were pro-censorship political activists, so maybe that caused you to interpret things that way.
> If the government, or tech, starts regulating out things people actually care about, then you’ll have your sway.
The public will not respond until the groundwork has been laid to make effective protest impossible. Only then will important things be regulated out. Until then it will just be “nerd stuff”.
> HN is not a monolith
This is a lazy argument, as I can safely say that 80% or more of HN has the same political bent, and every community ever has said “but not everyone.”
Read the comments on the Parler deplatforming. See what was upvoted. See what the consensus was. Nobody cares about the principles, even here, when rubber hits the road.
Imagine if the undesirables, on either side, started actively using all the decentralized censorship-resist tech for their cause. Would the builders and commentators here be saying “working as designed,” or would there be a sense of fury, a sense of “not like that?” A sense of “that was supposed to enable my cause, not yours?”
Suppose Proud Boys coordinated their Jan 6 activities on Signal and Tor. Suppose Truth Social was built on ActivityPub and MAGA developers were the loudest voices at FOSDEM advocating for censorship-resistant protocols. How do you feel? Are we still citing the same principles? If not, we never believed them.
> The public will not respond until the groundwork has been laid to make effective protest impossible. Only then will important things be regulated out. Until then it will just be “nerd stuff”.
I’m looking at history and noticing that 99.9% of revolutions did not have the internet required to be successful.
> This is a lazy argument, as I can safely say that 80% or more of HN has the same political bent, and every community ever has said “but not everyone.”
I disagree, but even if you were correct: like, what’s your point? Are you grouping me in with them because I happen to be posting here? I reject that characterization.
Edit: I feel like this is an attempt at some kind of “gotcha” based on the example you provided. No, I don’t believe access to tech should be gated based on politics. IMHO everyone should have access to private and secure systems, as part of their human rights regarding speech, thought, and personal privacy. I attempted to raise this point in several venues during the “deplatforming” fad and explained how the political pendulum made it a bad idea. The mob remained unconvinced.
> I’m looking at history and noticing that 99.9% of revolutions did not have the internet required to be successful.
You tell me how people are going to protest effectively in the face of:
- Ubiquitous visual surveillance and facial recognition
- Ubiquitous audio surveillance via pocket spies and things like Flock/ShotSpotter/other competing systems
- Ubiquitous ALPR systems and GPS-enabled “digital plates” being trialed in some areas
- Data mining coupled with AI behavioral analysis (sloppy but likely good enough)
- An increasing percentage of cars with remote shutdown capabilities
- The replacement of cash with digital currency that can be remotely disabled
The future looks a lot like China, but without their “economic miracle” that has kept the population satisfied.
That seems to be either an oversimplified take on the FSF's position, or argument in bad faith. The FSF wants people to be able to run free software for all purposes, as they fight for user freedoms. If said free software cannot be used, because of all kinds of vendors limiting their services to proprietary software or platforms, then this should be a major concern to the FSF, because their advocated kind of software is being sabotaged.
In fact FSF specifically exempts special purpose hardware like microwaves from its purview. The philosophy is targeted at software the user has a choice to install. If the hardware provider does not intend the user to choose to install an alternative version of the system software, software freedom doesn't come into play.
https://www.fsf.org/campaigns/free-bios.html
Please complain here: https://developer.android.com/developer-verification/guides/... (there's a link at the end).
Probably won't help, but it is something.
I worry that this global push for 'Know Your Developer' and the attempt to make them legally liable for what they produce, is going to destroy open source, An 'open' linux included.
After that, certified locked down BigTech 'Personal Computing' will be the only menu choice.
Exactly. It’s a tactic so big tech doesn’t have to engage in activity that would justify anti-trust action if they want to ban a developer or even a whole class of apps. It’s also usable in general to benefit the wealthy.
They force anyone distributing software into the legal system so a “3rd party” can sue and destroy the life of anyone that goes against the system they want. Anything they don’t like will be accused of violating patents, etc. and the option to distribute anonymously for the good of users / society will no longer exist.
I believe that in the depths of the cold war, when personal computers were just showing up, it was decided, deep within the National Security Agency,that it was more advantageous to let them continue to proliferate without fostering secure Operating Systems, though they were available.
We all now live with the blowback from that decision. Most people don't even realize that actually secure computing is a possibility now, even here on HN.
This general insecurity means that anything exposed to raw internet will be compromised and therefore significant resources must be expended to manage it, and recover after any incidents.
It's no wonder that most people don't want to actually run their own servers. Thus we give up control and this .... Situation .... Is the result.
I affirmatively argue that actually secure computing is not a possibility. It's fun to build toy models where every process has exactly the permissions it needs and no more, sure. In the real world, your users are going to grant superuser/admin permissions to random installers, and they're not going to perform the complex verification rituals you told them to do beforehand.
It's like trying to set up a warehousing system so perfect that the shrinkage rate is 0.
People are perfectly happy with a walled garden. The question one should always be asking is what is the difference between that and a panopticon? What happens to me if I start seeing faded flowers and no-entry signs? Can I escape? With my stuff or friends or family?
The rot is so much deeper than just running what you want on your own machine. And how we got here is easy to explain. There was once money it letting you run what you want on your machine. Now there's money in not letting you run what you want on your machine. And so, that's what we get.
There exists no path where a publicly traded company doesn't eventually view its customers as subjects. Every business school on the planet is teaching their students strategies and tactics that squeeze their customers in pursuit of maximizing revenue. And those strategies and tactics are often at the expense of creativity, ethics, and community. Just last week people's bed didn't work because the company that makes them architected things such that they have absolute control.
Only a reasonably altruistic private company might buck the trend. But the publicly traded companies are allowed, by the government(s), to use their largesse in a predatory fashion to prevent competition. They bundle and bleed and leverage every step of the way. They not only contribute to the politicians that do their bidding, they are frequently asked to write the laws and regulations they're expected to follow. Magically, it has the effect of increasing the costs of their competition to enter the markets they dominate. And so, the odds of an altruistic private company emerging from that muck is low.
Worse still, many of the elected officials (and bureaucrats) actively own stock in the very companies they are responsible for regulating. Widespread corruption and perversion of the market is the inevitable result.
I'm trying to do a better job and redirect my money to the places that better reflect my values. It's not even a drop in the bucket, but it's a lever where I feel like I have a measure of control.
I place a large part of blame of why the public is accepting of this trend of restrictive computing to Microsoft’s decision to loosen security despite of David Cutler’s excellent Windows NT. Cutler came from DEC VMS and built Windows NT to be an enterprise OS with separation between kernel and user space and enterprise level security. Microsoft to go after the consumer space ran a lot of apps and drivers in the kernel space. This meant for over two decades consumers learnt hackers could easily hack, bypass, and take control over their PCs. If you could disguise your code as a driver, it got God permissions to your PC.
Executive Summary: run Linux
Won't matter. Remote hardware attestation means they will know you're trying to bypass their control. You'll be denied service at every turn. Can't even log into your bank account.
IMO, I don't see how remote hardware attestation avoids being spoofed. Yes, TPM is involved, but the end of the day, it's an API request/response. There are so many ways the request could be spoofed, and the attestation likely requires coordination with hardware vendors that have proven to be Highly Secure TM with the history of secure boot leaks.
> I don't see how remote hardware attestation avoids being spoofed
Hardware cryptoprocessor. Keys are held in a tamper resistant secure element. You're not gonna get at those keys without pouring some serious resources into the task.
The keys are owned by the corporation and used to establish a root of trust from boot. If you change anything at all to suit your interests, verification fails, your machine is identified as "tampered with" and designated as untrusted.
History tells us there will always be a “low cost” vendor with exploitable hardware, or if production becomes more tightly controlled, inevitable cost cutting and declining standards will provide a way in. Not that we shouldn’t oppose locked down hardware, but locking things down creates pressure and motivation for the people who like things to be unlocked.
Your untampered device will be enrolled with a verified ID provider and they’ll be part of the attestation. The tamper resistance hardware benefits from decades of hacking. Plus you’re not talking about things like compromising a single long lived key or similar like you could with physical media or players.
We’ll probably get to the point where you need a verified id to buy a phone that does attestation. Tamper with it and go to jail. Who’s going to hack that?
Even if things get that locked down, I suspect that leaked attestation keys and fake/stolen ID verification will always be a problem. There’s a lot of money to be made in this, and someone will inevitably decide not to leave that money on the table, legality be damned. This risk only goes up with manufacturing that crosses borders, and despite the push to renationalize production, it’s going to be a long time before that is feasible at a mass scale.
A small, hardly exclusive list of things we have been unable to protect through technology:
- DVD/Blu Ray/HDMI copy protection
- Windows product registration
- Device jailbreaking (manufacturers are constantly running to keep ahead of this but old versions are frequently unlocked even with iOS)
- Classified diplomatic documents
- Classified details of warfighting equipment
- Identities of federal employees (and even covert agents)
- Nuclear secrets
Technical measures aren’t always the weak point—bribery works just as well. As the US tech stack continues to decouple from China, they will also have the motivation to break our systems.
Everything seems directed into making that "low cost vendor" illegal and consolidating the market into a handful of players.
And yeah, it's a politics problem, not an economic one. If corporations could simply push Trusted Computing without a corrupt police (and military) backing them, we would be there since the 90s already.
It's already been made illegal via DMCA.
https://www.eff.org/deeplinks/2019/06/felony-contempt-busine...
I hope you're right. Truly.
> I don't see how remote hardware attestation avoids being spoofed
I don't disagree, but is that really a game you want to be playing with your government and your bank?
If you have the right to run what you want on your machine, then they do too.
So then the problem gets moved up to why are you (or group of you) not powerful enough to negotiate being able to run what you want and either not need “them” or be important enough that “they” need you.
And the answer will come down to the fact that 90% of people don’t care about running whatever they want on their machine, and they want the cheapest, quickest, easiest solution.
> So then the problem gets moved up to why are you (or group of you) not powerful enough to negotiate being able to run what you want and either not need “them” or be important enough that “they” need you.
How tiresome.
You're right, we gotta become more powerful. Via radicalization. They seek to marginalize us. To turn us into second class citizens. To destroy free computing as we know it, destroy everything the word hacker ever stood for. If you're on this site and this doesn't radicalize you, then I don't know what to say to you.
Gotta start lobbying governments to make it a literal crime for them to discriminate against us in this manner. Just like racism.
Until EU forbids you to like they plan in 2027.
Windows 11 gives me a giant warning if I actually want to run something.
Computers nowadays are so weird.
The one word answer to this?
Linux.
It got this way because 99% of people are happy running what's in the app store, and the security protections are more valuable than being able to run arbitrary code.
Linux as an answer doesn't address the needs of 99% of people, so 98% will never adopt it. It's better to meet people where they're at and push for sideloading and alternative app stores.
The three word rebuttal?
Banking on GrapheneOS
As long as common PCs can boot an iso we should be good to go.
Only as long as Google doesn't force Web Environment Integrity through. Running a custom OS won't help if important websites refuse to load unless they're running in an approved browser with a set of approved extensions, on an approved OS, on top of approved hardware.
I've been beating the drum that we need mobile drivers licenses and pairwise pseudonyms. It is a path to beating spam and bots in a way that doesn't hand control over to private entities.
Some folks don't like digital identity controlled by government, but it seems like the alternative is digital identity controlled by oligopoly.
Sure, until the software that you need to participate in modern society no longer supports Linux.
The article is largely about phones, where the barrier to install a truly open Linux system are high and getting higher.
There are plenty of smartphone companies locking down their bootloaders, but there are others that will let you unlock your bootloader by just running the basic command.
A much bigger problem for running Linux on phones is that standard Linux runs like crap on phones. It doesn't have the mainline driver support amd64 computers have, and the battery life optimizations that make Android usable need to be reimplemented on top of Linux to get a day's worth of use out of your phone. Unfortunately, most Linux applications are written for desktops where they expect the CPU to be running all the time, the WiFi to be accessible whenever they want, and for sleep/suspend to be extremely incidental rather than every two minutes.
Have an optimised web browser for the OS and you don't really have to worry about 3rd party software performance any more or not that much
I do run GNU/Linux on my smartphone. No Android or iOS.
systemd devs: "lol. lmao."
It doesn't increase shareholder revenue. That is the second highest calling. The only thing more important is marketing and advertising, and this also helps that, so hey, two birds one stone.
Will LineageOS and other similar ROMs have this limitation as well, or will it be baked into the hardware?
No, but when remote attestation reveals that you're running an OS that's not blessed by Google, the megacorps will make their apps all refuse to run on your phone. A few already do so today, e.g., the McDonald's app. In practice, I expect a situation where we have two phones: one to run Big Tech's apps, and one to run indie apps.
> a situation where we have two phones: one to run Big Tech's apps, and one to run indie apps.
This in combination with using webapps where possible
Roms face a different problem: bootloader locking. But the more Android changes drastically, the harder it is to integrate the AOSP changes into the different open projects
> Roms face a different problem: bootloader locking.
Is that a problem these days? It was over a decade ago that I last needed to jailbreak a phone, nowadays it’s just "I’d like to unlock" "Ok".
That’s possible on very few phones these days. Only a handful of OEMs still ship phones that can be bootloader unlocked at all (at least in the US), and even several of THOSE require phoning home to the OEM to get an IMEI-dependent unlock key to pass to fastboot.
Source: 7 years of running deGoogled Android phones and 11 years of running ROM’d Android phones before recently moving to iOS and giving up.
Curious, have run GrapheneOS on pixels ? They don't have this issue, though it might change now.
Given that Google itself is the manufacturer of Pixel devices, I wouldn't hold my breath on them allowing you to keep this ability forever
Two of my deGoogled Android phones were Pixels (4a and 7a) and one was a Nexus (6p). I know them well, though I never ran Graphene on them.
Pretty sure I read Google was no longer going to publish device tree sources for Pixel phones, which will make ROM development for them significantly harder, whether or not the bootloader is open.
Not in the US, so might be one of those pesky regulations we have over here.
It is actually getting worse over time imo. In the days of Froyo, you could run Cyanogen easy without needing keys from anyone. Now you got to go to your manufacturer's website to get the key needed to unlock it. Even after you bought the device, you are reliant on the goodwill of the manufacturer to get the unlocking key.
They will not, but the hardware will (as it already does) do its best to stop you from installing LineageOS and other similar ROMs.
In my opinion, the biggest problem that comes with this, is the fact that google play independent apps will become A LOT less popular. To a point where alternative roms are even less interesting to people which in return makes developing apps for them even less interesting.
Some people even sideload on iOS, which doesn't allow sideloading. They do this by getting an apple developer account, installing Xcode, compiling the apps themselves and refreshing them on their phones every week. And this seems about as popular as Android sideloading where you just download an app and install it...
This idea that protecting users is worth the cost of giving up your ownership rights is fallacious.
Protecting 1 million grannies is an entirely different risk class than the security implications of stopping everyone from using their devices as they see fit.
Protecting 1 million grannies means everyone loses ability to install apps that:
Using Linux is also not a real choice. To access my bank and health services in my country, I require a mobile device that is remote attested by either Apple or Google which are American countries. Hell, it's becoming closer to reality that playing online video games requires remote attestation either to "prevent" cheating or for age verification.Thus the risk widens to the sovereign control a nation has over its own services. A US president could attempt to force Google and Apple to shutoff citizen access of banks and health services of an entire nation. Merely the threat could give them leverage in any sort of negotiations they might be in. For some nations in the future, the controlling nation may be China I imagine.
I think the real regulatory solution here is to break up monopoly practices. While the EU's DMA is all well and good in some ways, the EU is also pushing Chat Control... In a more fragmented market it becomes impossible for a bank or health service to mandate specific devices for access (they lose potential customers) so you could theoretically move to a device that doesn't do draconian style remote attestation that breaks if you go off the ranch. We need more surgically precise regulatory tools than sweeping legislation that would keep using alternatives like Linux or FreeBSD or whatever actually viable. It also makes it much harder for that same legislative body to enforce insane ideas like Chat Control.
The answer is not protect users from themselves. The answer is more freedom, with a legal framework that helps all users have more choices while helping victims acquire restitution.
> A US president could attempt to force Google and Apple to shutoff citizen access of banks and health services of an entire nation. Merely the threat could give them leverage in any sort of negotiations they might be in
This. We can’t anymore say to ourselves “but surely a US president would never do that”?
Reference: recent tirades at Canada, Spain, Colombia, Ukraine, ...
We already have the UK intimating they can exercise parliamentary supremacy over American citizens, so we already have this today. (Reference: https://prestonbyrne.com/2025/10/16/the-ofcom-files/)
Without limitations on authority and control, I worry more that the world will devolve into a multilateral legal hellscape, even moreso than exists today. Given how much is dependent on software, you are going to have the governments of pretty much any country with multinational exposure trying this in the next 10 years if recent UK and EU developments are any indicator.
When they say users need to be protected they don't mean the people. They mean the database record.
Haha, it's a bit sad when the record's get compromised it's still the people's problem. :p https://www.youtube.com/watch?v=CS9ptA3Ya9E
> To access [...] health services in my country, I require a mobile device that is remote attested by either Apple or Google
I knew of banks, but how is it that health services need remote attested mobile devices? Do clinics not support setting appointments through calls anymore, or what?
In my country, the same verification service is used to access banks, health services (private and public), taxes, and even verify online retail purchases. This verification app on Android requires Play Integrity on first time activation so fresh installs of something like GrapheneOS will not let you use the app. It's still currently possible to use a hardware token alternative to the app. It is only getting less convenient and possible to opt out of the digital verification systems even if there's technically still workarounds. In the past, even when such verification systems existed, they were less user constricting (no requirements on remote attestation for example).
I believe if we look at the past compared to now, and then extrapolate towards the future, without proper action, we will keep slipping down the slope.
I see all of these "in my country, we need a phone to do X" posts, and while I believe them, I feel like they always leave out key information. I'd also like to know: What actually happens when the customer does not have a phone? Do you just never get healthcare? Do you just never bank? Surely there are (perhaps inconvenient) alternatives that people without phones can use. The national government doesn't just let its citizens slide into some healthcare-less, unbanked purgatory simply for not having a phone. What is the real, full picture?
As someone in the USA, I could toss my phone in the dumpster forever and still live my life pretty much as I live it today. I might have to make a few minor sacrifices, but I'm grateful we still have that choice here.
Recently, I was referred by my family physician to a healthcare provider. That provider required a mobile phone number for registration. I emailed them to complain about this and their reply was that if I did not have a mobile I should contact the referring medical practice to find an alternative means of treatment. I did, and their response was that I should take it up with the provider. But this is, of course, just one anecdote. I would also be interested in seeing more information.
it's usually to see the results of your lab work, message doctors about refills, etc. You'd probably be able to get some of that mailed instead at the cost of time certainly.
> "When the microcomputer first landed in homes some forty years ago, it came with a simple freedom—you could run whatever software you could get your hands on. Floppy disk from a friend? Pop it in. Shareware demo downloaded from a BBS? Go ahead! Dodgy code you wrote yourself at 2 AM? Absolutely. The computer you bought was yours. It would run whatever you told it to run, and ask no questions."
None of what was written in the rest of the article after this statement has any bearing on what they said in this statement. Sure, they said the "Microsoft Store", but aside from that, you still have the freedom of running whatever software you want on your own desktop computer, laptop computer, or server (Linux, Windows, or Macintosh) ... nothing has changed about this. I, for one, like the increased security on mobile devices. As far as gaming, I am not a gamer, so I just do not care.
> or Macintosh
I'm not sure how many Macs you've used lately, but this isn't entirely true: out-of-the-box, Macs only run software that has been signed and notarised by Apple.
You can still disable this, but the methods of disabling are getting more obscure, and it's not a given they will remain available
> "You can still disable this, but the methods of disabling are getting more obscure"
Which is why after Snow Leopard, I switched to Linux 100%.
Yep, 1984 Camera Tube.
What happened was people ended up putting a lot of money and sensitive data on their computers and desired a system which wouldn’t expose that just because they ran the wrong software.
"Wash me but don't get me wet." (Is this a saying in english?)
I guess you are trying to say: "You can’t have your cake and eat it too." ?!
Also, "want the milk without buying the cow", but I like "don't get me wet" because it highlights not wanting the result without the unpleasant step of the process. Then again, we have "dry cleaning" and ozempic.... https://english.stackexchange.com/questions/429316/wash-me-b...
I'm reminded of a meme involving a dog with a ball: "Please throw? No take. Only throw."
This is the real answer that is rather banal and boring compared to conspiracies of nefarious money harvesting.
95% of people don't know what "Run your own software" means, because to them, the app store lets them chose what apps to install. And they don't get viruses and malware like their 2008 laptop did.
That being said, there absolutely needs to be a mechanism for "lowering the gates" if the user wants full control of the device they own.
And by "people" we mean Hollywood. A great deal of this was created to enable DRM, then exploited for other purposes. For instance, it's illegal (by contract) to let a device without Secure Boot play a 4K stream from any mainstream studio. This is why Windows requires Secure Boot.
The better answer is to build better OSes with better security models.
I should be able to run a crypto wallet I downloaded from a Kim Jong Un fan site while high and it shouldn’t be able to do anything I don’t give it permission to do.
It’s totally possible. Tabs in a web browser are basically this.
I can do it with VMs but that’s lots of extra steps.
Web pages have a lot of restrictions even if you consider the gradual adoption of the project Fugu APIs
Isn't that what Qubes is all about?
Yes but IMHO that approach is a hack. “Fix our 1970s OS by putting it in a box in our 1970s OS.”
Ah yes, the good old freedom for security tradeoff. Of course, in this case it's the security of trillion dollar corporations at the cost of our freedoms...
ReactOS needs donations NetBSD is running a new round of donations F-Droid needs donations
There are more
AROS, GNU-HURD and more
you can always contribute code, maintain an app, report a bug
You can buy HW to run AOSP, like Raspberry-PI or RISC-V
We are the consumers, we have the wallet.
Answer: companies realized that they can milk you for more money by restricting your options and alternatives.
Yes, this is the main idea behind iOS and the App Store. I don't get why smart people are falling for this.
Let me try to strawman a little: I personally accept this on my phone because I honestly don't consider my phone to be a computer, and I don't really care about "computing" on it. My phone is not really that important to me. It is a toy/appliance that I goof around with. What it's running and how "free" and "open" it is, is about as important to me as how free the firmware in my car is, or the software on my gaming console.
I care about the free-ness and open-ness of my computer, because that's where I do all my work, my E-mail, my finances, and all my "serious computing." I feel that a different standard applies on a Real Computer because they are totally different devices, used for totally different purposes. So what I accept on phones, cars, and gaming consoles, I don't accept on my computer.
While this is fine for you, I worry about a sociocultural divide.
I believe the likelihood of a smartphone being the only form of computing (and access to the internet in particular) grows with diminishing income / cultural means.
This is based on anecdotal observation, does anybody here know of relevant survey data?
I suppose the reason for this is that this is how it has always been with mobile computing. People don't even bother to think about their smartphone as a computer anymore.
My fear with IBM and AI, Linux could go down this path.
I remember seeing KDE and GNOME already have their "stores", we need to keep a close eye on Linux.
> The moment gaming became genuinely profitable, console manufacturers realized they could control their entire ecosystem. Proprietary formats, region systems, and lockout chips were all valid ways to ensure companies could levy hefty licensing fees from developers.
This is historically inaccurate. All console games were originally produced in-house by the console manufacturers, but then 4 Atari programmers got wind that the games they wrote made tens of $millions for Atari while the programmers were paid only a relatively small salary. When Atari management refused to give the programmers a cut, they left and formed Activision. Thus Activision became the original third-party console game development company. Atari sued Activision for theft of trade secrets, because the Activision founders were all former Atari programmers. The case was settled, with Atari getting a cut of Activision’s revenue but otherwise allowing Activision to continue developing console games. I suspect this was because the 4 programmers were considered irreplaceable to Atari (albeit too late, after they already quit).
The licensing fee business model was a product of this unique set of circumstances. The article author's narrative makes it sound like consoles switched from open to closed, but that's not true. The consoles (like the iPhone) switched from totally closed to having a third-party platform, after the value of third-party developers was shown.
> Consumers loved having access to a library of clean and functional apps, built right into the device.
How can you say they're "built right into the device" when you have to download them? Moreover, you were originally able to buy iPhone apps in iTunes for Mac, and manage your iPhone via USB.
> Meanwhile, they didn’t really care that they couldn’t run whatever kooky app some random on the Internet had dreamed up.
I'm not sure how you can say consumers didn't really care. Some people have always cared. It's a tradeoff, though: you would have to care enough to not buy an iPhone altogether. That's not the same as not caring at all. Also, remember that for the first year, iPhone didn't even have third-party apps.
> At the time, this approach largely stayed within the console gaming world. It didn’t spread to actual computers because computers were tools. You didn’t buy a PC to consume content someone else curated for you.
I would say this was largely due to Steve Wozniack, who insisted that the Apple II be an open platform. If Steve Jobs—who always expressed contempt for third-party developers—originally had his way, the whole computing industry might have been very different. Jobs always considered them "freeloaders", which is ridiculous of course (for example, VisiCalc is responsible for much of the success off the Apple II), but that was his ridiculous view.
Part of the cycle .. https://www.goodreads.com/book/show/8201080-the-master-switc...
Real world parallels to this abound. You cannot build whatever house you want on your own property, for example; it must meet strict building codes and be verifiably structurally sound. What ever happened to building what you wanted on your own land?
That is not universally true; even today in some states there are areas (and perhaps even entire states) where building codes do not apply, sometimes even to the main structure. Often you only need to comply over a certain size, for human habitation, or to connect to utilities.
The best argument “for” building codes is the same as “for” secure platforms; that people should be able to expect a certain level of competence when buying a structure or phone.
But if you want to do it yourself, there should be a path.
Regulations are at least as old as Code of Hammurabi, naturally they have become less drastic throughout the centuries.
The codes exist but I think what they are saying is that in some places codes are not enforced or even checked. I live in somewhat of a "middle ground" where codes do exist and electrical is checked on a brand new build. They will also nag about septic inspections but will never actually get off their butts and do the inspection. Many such places do exist but they are usually places I would never want to reside. I know of places that I can literally build anything and never once be nagged by inspectors or state/county governments. They are happy enough and lazy enough to receive the property tax revenue.
I have mixed feelings about unenforced regulations. Having unenforced regulations opens up the possibility of targeted abuse of any individuals that are not a cultural fit in the eyes of the government offices and being very relaxed regarding anyone that fits in. This also drives the need for very detailed and expensive inspections prior to purchasing a home and that is a loaded topic all by itself.
Because there are liabilities issues for others. What if your structure falls down on visitors? You cant repair some heath damage or death. Since this kind of problems is easily prevented by professional review, legal constraints make lots of sense.
It is just a prequel to "what thoughts you can or cannot think in your mind", which is a future of technofascism.
> Sadly, over the years, Android has been steadily walking back that openness. The justifications are always reasonable on their face. Security updates need to be mandatory because users are terrible at remembering to update. Sideloading apps need to come with warnings because users will absolutely install malware if you let them just click a button. Root access is too dangerous because it puts the security of the whole system and other apps at risk. But inch by inch, it gets harder to run what you want on the device you paid for.
As much as I want to agree with this author (and do, to an extent) they are also providing the exact and honestly-pretty-good reasons for why this is happening: computers have breached containment, and they did it a long time ago. Computers are not just for us weird nerds anymore and they haven't been for some time; they're tools for a larger, more complicated, more diverse userbase, many of whom are simply not interested in learning how to computer. They just want shit to work, reliably. Random software on the Internet is not a path to reliability if you also don't know how your thing actually works.
I mourn this too but let's not pretend it's simply what happened because corporations are evil (though they are for sure that).
It's particularly hard to swallow these justifications when advanced by Google considering how much malware there is on the Play Store. I have never once had an issue with malware installed via F-Droid but have had multiple issues with apps from the Play Store. But apparently it's F-Droid I need to be protected from. (Granted, the Play Store malware I experienced was in the nature of "pop up ads on your phone randomly", not stealing your bank credentials, but it shows how little actual vetting goes on.)
I do understand the broader point. I know a few elderly people in particular who are walking targets for cybercrime. But I wish we had more differentiation. Locked down, easy to use phones for those who want or need that, and more open phones that act similar to laptops for those who know what they're doing (or, in any case, are willing and able to bear the risk).
I mean, we did. We had iOS and Android. The issue is Apple makes more money via these practices per user than Google did, and Google is therefore imitating them and their products.
If only they did work reliably though…
When the software on these locked down devices breaks down, and it does, everyone is helpless.
When a zero day is found, again everyone is helpless.
If we cannot understand how something works on all layers, stability and security are only promises.
The security argument is the best one to shove all this monopoly practices, but I doubt there are real proof of that somewhere. These days, I think I have most trust in a small app developed by a folk in a garage than something produces by Meta or Google
Exactly: smartphones and tablets are designated safe spaces for 'normies'. If you want to do serious computing, serious machines (laptops, desktops, servers) are still available.
Even as someone who “knows what they are doing” I still want one secure computer to do my banking, hold all my most personal data, etc.
Then I have raspberry pi and steam deck which I use for messing around with and running whatever weird software.
for now.
there are plenty of "honestly-pretty-good reasons" we plebs shouldn't have access to general purpose computers, and we're only a few decades away from them reclassified into the equivalent of fully automatic rifles.
100% agree.
This is a recurring pattern: people make bad choices, mostly out of ignorance, but no one blames the public because we always assume that in a democracy the costumer and the voter are always right.
Behind every corrupt politician or every greedy corporation there are thousands or millions of negligent and ignorant voters and costumers.
And like, with the ubiquity of this tech, I have to kind of concede at least some of the point. A smartphone is just shy of essential for modern living these days. Banking, purchase of goods and services, managing your relationship with your city and state, filing taxes, getting directions, ALL communications, all occur via your phone. Your phone is not MERELY a computer, a CPU with memory attached that you can make do things, for most people, I'd say it's an essential piece of IT hardware. Most people would prefer, I think, to lose their computers, TV's, consoles, etc. far before their phone. A phone is CRITICAL now, for better and worse.
So it sucks ass that a greater and greater share of what we consider computing has to occur in platforms that are utterly locked down to the core, but again, at the same time, putting my "regular user" hat on here: I don't want my phone to run anything from an untrustworthy source. My computer? Shit yeah, I'll try just about anything with a healthy skepticism as required, but not my phone. Losing a computer is irritating. Losing a phone is a fucking MESS.
Doing evil things under the guise of good intentions (with reasons that appear valid on the surface) has always been the playbook. All you're doing is excusing it - let's not.
If this was genuinely about security and UX then they would continue to provide viable "escape hatches", but it isn't and so they don't. That's what's being criticized.
I disagree, I don’t think I’m excusing it at all and your argument hinges on the restriction of software running on hardware to be evil. I wouldn’t describe it that way. I think it’s frustrating certainly but I don’t think you have an inalienable right to run code of your choice.
I would characterize it more as Google is responding to the needs of the vast majority of its users, most of whom do not care to run unsigned software, certainly don’t write it, and have no need of escape hatches. Escape hatches are great, but each also represents a security weakness waiting to be exploited.
And not to leave it merely implied: they are also responding to large development organizations who want locked down platforms in which they can distribute, and more importantly crack down on those who would pirate their, software.
> Escape hatches are great, but each also represents a security weakness waiting to be exploited.
Having money and using them without supervision is a safety risk. You can unknowingly buy food that isn't good for your health. And good food is what you actually need. So transfer your money to me and I will benevolently manage your diet for you. No other motives but your safety and wellbeing, I swear.
By the way, can you really trust the supermatkets? They sell alcohol and alcohol is bad for you.
> I don’t think you have an inalienable right to run code of your choice
> more importantly crack down on those who would pirate their, software.
If you represent the interests of corporations then try leading with that next time.
> Escape hatches are great, but each also represents a security weakness waiting to be exploited.
Besides being a broad statement that lacks citations and no doubt relies on contrived examples where this was implemented poorly, it's also clearly a violation of the EU Digital Markets Act.
> If you represent the interests of corporations then try leading with that next time.
I don't. I'm just saying Google and whichever boogeyman you'd care to slot into position 2 share the same interests. Far more than you or me and Google anyway.
> Besides being a broad statement that lacks citations and no doubt relies on contrived examples where this was implemented poorly
To a laymen user, any software that is running without code signing has a much much much higher chance of being something that has gone wrong rather than Joe Public found a cool image editing app that doesn't want to be distributed via the Play store. Are there exceptions? Sure, I'm certainly a big one. Does that mean I don't understand Google's position here? No.
> it's also clearly a violation of the EU Digital Markets Act.
If true, they'll end up in court, same as Apple did.
> To a laymen user, any software that is running without code signing has a much much much higher chance of being something that has gone wrong rather than Joe Public found a cool image editing app that doesn't want to be distributed via the Play store.
Don't give me these "political" answers. That's just another broadly-agreeable statement that's completely unrelated to the one I asked you to substantiate:
> Escape hatches are great, but each also represents a security weakness waiting to be exploited.
There are 3 problems here:
0. If Google genuinely cared about Android security to this degree, they wouldn't be giving threat actors 4 months to run wild with 0-days before publishing them:
https://news.ycombinator.com/item?id=45158523
https://xcancel.com/GrapheneOS/status/1964754118653952027
1. Crossing the escape hatch != security breach
Mobile security relies on sandboxing, not on Google's approvals. Even the most malicious app approved by Google shouldn't be able to steal information, access information from other apps without authorization, or execute actions on user's behalf.
Whenever this core principle is broken due to inevitable security vulnerabilities, it should be treated as such and promptly patched. Instead these shortcomings are used as convenient excuses to advance these political goals.
2. An escape hatch can be anything:
- "allow installation from unknown sources" like we've always had
- secret settings menu + PIN/password + require a switch to be flipped in the recovery menu during boot + require an ADB command to executed + warnings at every step.
- ADB commands + switch in recovery menu + time delay + require a full device reset with all data being lost
First one is somewhat vulnerable to social engineering though I've personally never encountered a device where someone was tricked into doing this, so it must be more resistant than downloading malware on Windows.
Second is close to impervious to social engineering. Grandma isn't going to be accessing the recovery menu or running ADB commands any time soon.
Third one, while far too restrictive in my opinion would still be better than nothing, it would be impenetrable to social engineering, and safeguard any existing data on the device even in case of a serious concurrent vulnerability in the Android sandbox.
Are all of these completely unacceptable?
On the balance of probabilities, "Joe Public" isn't being tricked into doing anything, he is trying to install ReVanced to get ad-free Youtube.
[dead]
Good. I want walled gardens. I want to be sure all code is audited and vetted.
I don’t like that governments are forcing companies to open their environments up to random code, I wish they instead put legislation in place about transparent vetting processes, and allowing different kinds of apps.
In general I think software engineers get away with things no real engineering job gets away with, and it baffles me.
I hate to be the old guy yelling at the clouds, but was an LLM used to write parts of this?
> Apple sold the walled garden as a feature. It wasn’t ashamed or hiding the fact—it was proud of it... The iPhone’s locked-down nature wasn’t a restriction; it was a selling point.
Please, write as a human, I promise you it's good enough. I'd much rather read something that's a bit clunky but human written than something that's very polished but leaves me wondering what the author actually was trying to say.
Respect your reader, but most importantly, respect yourself as a writter too.
LLMs only know how to use emdashes, semicolons, and ellipses because human writers used them first. The way I see it, a large part of "respecting yourself as a writer" in current year is not letting the mere existence of LLMs change how you write, just because a bunch of people have latched onto cheap signals like the presence of certain punctuation as a hallmark of LLM output.
I don't really think an LLM wrote this, because the use of punctuation is actually a bit clumsy. However, I have no problem parsing the author's intended meaning.
I genuinely don't get what the issue is here.
The TPM and secure boot conversation for gaming has shifted my perspective a lot. This technology is having a positive impact on player experience. It has become quite clear to me that there are wheels that will squeak regardless of the amount of lubricant used. I've begun to consider the position of being able to run anything my way at any time on any machine as being a bit extremist. Especially, in a game theoretic setting with other participants expecting some degree of fair play.
I am allowed to own multiple computers. Many do. I've got a Linux hand held, a windows desktop, an iPhone and a MacBook. All with varying degrees of freedom and function. I don't feel like I'm constrained right now.
HDCP is an example of the other thing in my mind. It adds zero value to anyone's experience. Any potential value add is hypothetical. You can't survey a person after they watch an unprotected film and receive a meaningful signal. It's pure downside for the customer. There's no such thing as competitive Netflix lobbies.
If I want to run arbitrary code, I'll do it on my windows box or fire up a Linux VM in the cloud somewhere. I don't need weird problems on my phone. If you are trying to touch all platforms at once, try using the goddamn web. I've been able to avoid Apple enterprise distribution hell with a little bit of SPA magic and InTune configuration for business customers. For B2C I just don't see it anymore. You need to follow the rules if you want to be in the curated environments.
Even if I try to steelman your argument that locking down general purpose computers has some benefits particularly to gaming, its very short term imo.
How far away are we from hooking up a vision model to the display output of let’s say, Battlefield 6 and hooking in mouse+kb input from said vision model + an aimbot that perfectly replicates a top performing players mouse movements?
I’d say not very far away.
Much like how in online chess, no technical solution can attest that a move is really from a human brain and not a chess program running on his phone.
That same box that lets me play Battlefield 6 is also the only box powerful enough to run the game that doesn't have enough accessibility options that requires me to use CheatEngine to fix.