What happened to running what you wanted on your own machine?

Posted by marbartolome 1 day ago

What happened to running what you wanted on your own machine?(hackaday.com)

396 points | 272 comments

everdrive 1 day ago|

It's important to understand that we could genuinely lose general purpose computing. I don't think it's in serious danger at the moment, but we've been in the midst of a slide in that direction for the last 10-15 years. Part of it is mobile phones, part of it is TPM, part of it is market forces. The latest turn is strictly political. We've really foolishly built the technology necessary for authoritarianism just a few years head of a general global trend towards authoritarianism. At the moment, anyone can use Linux; it's better and easier than ever. Will the laws of your country make it harder or more difficult to avoid? Will major vendors lock you out of basic functions? Will age verification require an agent run on your Windows or macOS computer? (or worse, require the use of a smart phone just to use the internet?)

We're not anywhere there yet, but we're closer than we've ever been, and things keep moving in the wrong direction.

stephen_cagle 1 day ago||

I think it is unfortunate how many resources are put into making things secure with TPM's and how little resource is put into basically having secure and simple sandboxing...

All I really want is a computer that allows me to fully control the permissions and filesystem access of all the programs that I manually install on my system. Almost every program (in my case) needs 0 filesystem access outside of what it installed itself and shouldn't be looking or snooping at anything that isn't in its own process space.

I want a clear and simple way to limit the blast radius of how badly a program could actually screw up my system or have access to my files.

I recently experienced the opposite of this on Android, where I tried to install a very well reviewed ebook reader called MoonReader. But MoonReader seems to require complete access to every file on my Android device to work correctly. That is insane. I looked it up a bit more and it seems that Google has simplified (or something) permissions, but now there isn't much choice other than asking for full file access (I just want to give it access to one directory).

Anywho, just a minor vent, that we are insisting that the only way to make things secure is this sort of attestation path, but we don't spend any energy just making it possible to limit the blast radius of software on most OS'.

bhelkey 1 day ago|||

Another simple permission is network access. Why can't I restrict, say, a calculator app from accessing the internet on either iOS or Android?

grebc 1 day ago||

How else are they going to get their “analytics” if they prompt permission for network access?

nekusar 19 hours ago|||

Its not 100% what you're looking for. Probably an 80% case..

But try looking into QubesOS. You create domains where applications can do whatever in the domain (a contained VM). So your personal domain is separate from your bank domain, which is separate from your media domain.

Of course, domains themselves can do naughty things. But they cant cross over to others.

And system resources are a separate domain, as is networking.

Some downsides - gaming is a no go mostly. And if you do SDR stuff, the USB domain is a heavy hit on performance. You really need dedicated machines for those things.

pizlonator 1 day ago|||

> we could genuinely lose general purpose computing.

> At the moment, anyone can use Linux; it's better and easier than ever.

Maybe Linux will save us.

This was a fascinating thing to watch for me (pewdiepie telling people to install Linux): https://www.youtube.com/watch?v=pVI_smLgTY0

My bet is that the momentum is strong enough that:

- A critical mass of PC makers will continue to offer a Linux preinstalled option, or at least some path to installing Linux.

- If Windows and macOS take more rights away, it'll just help Linux's market share.

So Linux's share will probably grow not only because Linux is getting better but because the corpo OSes trying to take away general purpose computing

everdrive 1 day ago||

I love Linux, but if 90% of the US were on Linux the same commercial / political pressures would apply and Linux would just look like Android or ChromeOS. Can you run an alternate OS on your smartphone? Yes, but you can't run your banking app. Linux alone cannot save us.

pizlonator 1 day ago||

But I don't want to run a banking "app" on my computer.

I am happy to use a browser on my computer to log into my bank's website.

01HNNWZ0MV43FF 1 day ago||

If nobody participates in government, the banks and entertainment industry will get whatever they want, which is to lock down your computer into a portable kiosk

pizlonator 1 day ago||

but is Android locking down something because government?

fragmede 20 hours ago||

What do you think happens behind closed doors at the WTO, Davros, TED anywhere immensely powerful meet up to discuss the world's future outside the view of prying eyes?

walterbell 1 day ago|||

EU CRA (enforced Dec 2027) prohibits shipment of non-certified binaries for "critical" software, including firmware and hypervisors. Operating systems like Linux are categorized as "important" software, https://www.whitecase.com/insight-alert/cyber-resilience-act...

skywal_l 1 day ago|||

I might be wrong but I don't think that open source software are subject to the CRA. If you look at article (18) here [0] it seems to explicitly exclude free software that you download from the internet.

[0] https://eur-lex.europa.eu/eli/reg/2024/2847/oj/eng

walterbell 1 day ago||

That depends on the definition of "commercial activity". Some groups have influenced the legislation to exclude specific activity. Some supply chain roles, including developers who contribute patches, are excluded. Others can seek guidance on interpreting the legal text.

  - software that are not monetised by their manufacturers should not be considered to be a commercial activity. 
  - supply of products with digital elements qualifying as free and open-source software components intended for integration by other manufacturers into their own products with digital elements should be considered to be making available on the market only if the component is monetised by its original manufacturer. 
  - development of products with digital elements qualifying as free and open-source software by not-for-profit organisations should not be considered to be a commercial activity provided that the organisation is set up in such a way that ensures that all earnings after costs are used to achieve not-for-profit objectives. 
  - does not apply to natural or legal persons who contribute with source code to products with digital elements qualifying as free and open-source software that are not under their responsibility.

rcxdude 1 day ago|||

This doesn't in general inhibit hobbyists, and for the most part for companies it just adds some fairly sensible requirements around handling security vulnerabilities and making updates available. It is in theory a framework that could be used to add more onerous requirements in future, of course.

elric 1 day ago|||

Death by a thousand cuts. TPM, secure attestation, age verification, DRM, and probably more things I'm forgetting right now.

coldpie 1 day ago|||

Passkeys are another brick in this wall. The authors of the spec built in client software identification and attestation, which means authenticating parties can require you to only use certain, closed-source passkey clients. It's not hard to imagine a future where only blessed Passkey clients, such as Microsoft's, Apple's, and Google's implementations, are allowed by most services.

donmcronald 1 day ago|||

I think passkeys will be used against users. They’ll be used to attest to a user’s trustworthiness by tying authentication back to a real identity. Like another comment mentioned, you’ll end up needing something like a phone that’s locked down. Part of that will be authenticating with a verified ID IMO.

It’ll be incredibly easy to lock dissenters out of modern society. It’s too bad the vast majority of users will happily concede autonomy for a tiny bit of short term convenience.

rcxdude 1 day ago||

I expect there will be backlash from non-technical users due to issues like the comment below where the passkey pushers fail to communicate where the keys are stored and thus users unexpectedly lose access to them.

elric 1 day ago||||

Heh, I'm working on a blog post about this very topic. Passkeys are ... weird. There's a lot of potential for gatekeeping, where websites can indeed require you to use device-bound passkeys through device attestation, and where becoming a vendor requires interacting with the fido alliance....

I would say "I'm sure the mean well", but given that parties like Yubico benefit from not getting more competitors, the cynic in me is a bit worried.

coldpie 1 day ago||

> I would say "I'm sure they mean well",

Yeah, I wouldn't say that. It's clear from their public comments[1,2,3] that the spec authors don't believe the private key actually belongs to the user to do what they want with. They see services restricting what users may do with their own logins as a feature of Passkeys. It's really a shame it went in this direction. Replacing passwords with an easy-to-use keypair auth system would be a massive security improvement. But the Passkey ecosystem is poisoned at this point. Unless they remove the client ID & attestation anti-features, it should be considered a proprietary big tech protocol.

[1] Threatening an open-source passkey client with server-side bans because they don't implement passkey storage on the client device in the way the spec authors prefer. https://github.com/keepassxreboot/keepassxc/issues/10406

[2] Maintaining a list of "non-compliant" clients, including the above open-source one, presumably for use in server-side bans. https://passkeys.dev/docs/reference/known-issues/

[3] While writing an article about this on my website, I actually emailed the two involved spec authors on the above issue, politely asking how their interpretation of the Passkey spec could possibly be compatible with open source software. Neither replied.

rcxdude 1 day ago||

It is particularly odd in the case of open-source clients (or indeed any client that runs outside of some very locked down hardware) because a) there's nothing that prevents the user exfiltrating keys anyway, and b) attestation also means relatively little for such an implementation.

coldpie 1 day ago||

Yes, the problems are obvious and the spec authors definitely know & understand the issues. Their refusal to have a public discussion about it indicates they just don't care, and their maintenance of a "naughty client list" shows Passkeys are intentionally hostile to user freedom.

walterbell 1 day ago||||

Password managers are regulated as "important" software under EU CRA (Dec 2027).

elric 1 day ago||

Thankfully open source software is not subject to that, so FOSS password managers should be fine. Doesn't mean that other forces won't try to tear them down, however.

walterbell 9 hours ago||

See the fine print, https://news.ycombinator.com/item?id=45718665#45722286

bakies 1 day ago|||

Yeah I hate this, installed a new CPU and none of my passkeys work. The browser asks my phone and they don't trust each other and not a damn clue how to fix it.

ianburrell 1 day ago|||

Don't store passkeys in hardware. They are more secure that way, but more dangerous if you lose them. Your passkeys were stored on the old CPU and are gone. If you do, you need to store on multiple devices like phone, tablet, and computer, but that is harder to manage.

Better to store passkeys in password manager. Then they become more secure passwords. The big advantage is that they can't be phished, and sites don't use 2FA with them. It also means you can choose password manager that you trust and work better than Apple and Google.

rcxdude 1 day ago||||

Yep, big problem with them: most users have no idea where the thing that pops up and offers to store the passkeys actually stores them (sounds like in your case, in your computer's TPM was either on the CPU you replaced or complained and reset itself when the CPU changed). It's a ticking timebomb that all the 'users love passkeys! (after we nag them about it every time they login until they give up)' blogs fail to catch.

coldpie 1 day ago|||

You could have used an open source client to manage your passkeys as you like, including backing them up in your own storage format. I wrote about it here: <https://www.smokingonabike.com/2025/01/04/passkey-marketing-...> I was quite excited about it... until I found out that the Passkey spec authors have warned that client that it may face server-side bans because it lets you manage your own private key how you want, and the spec authors think this is appropriate for servers to do. So I deleted all my Passkeys. Sigh.

elric 1 day ago||

Reading these comments, I'm happy to see that I'm not the only passkey skeptic.

coldpie 1 day ago||

You'll probably enjoy this article from one of the original creators of the Passkey ecosystem:

> Since then Passkeys are now seen as a way to capture users and audiences into a platform. What better way to encourage long term entrapment of users then by locking all their credentials into your platform, and even better, credentials that can't be extracted or exported in any capacity.

https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shatt...

Fingers crossed the Passkey user experience remains so bad no one accepts them & they just die on the vine.

robotnikman 1 day ago||||

>secure attestation

And web attestation, which almost became a thing about a year ago. It is gone for now, but it will only be a matter of time before it decides to rear its ugly head again.

_aavaa_ 1 day ago|||

TPMs are not inherently evil. The problem is that they are implemented in a way that gives control over them to the companies rather than the users.

rolandog 12 hours ago|||

This! I think we were all too naïve in having "we would never let it happen, right?" be the motto for our complacency and inaction.

I hope more people come around and recognize that Richard Stallman deserves a big, resounding "you were right, we're sorry" after being attacked for his dislike of "trusted computing" and TPMs [0].

[0]: https://www.gnu.org/philosophy/can-you-trust.en.html

marcosdumay 1 day ago|||

> We've really foolishly built the technology necessary for authoritarianism just a few years head of a general global trend towards authoritarianism.

Hum... It was foolish, but it was decades after the trend started.

Looks to me that the real trend was started mostly by the wide distribution of TV and the subsequent media consolidation (that happened everywhere).

Also, who is "we" here? Because it was exactly the authoritarian-wannabes that created most of it.

robotnikman 1 day ago|||

>At the moment, anyone can use Linux; it's better and easier than ever. Will the laws of your country make it harder or more difficult to avoid? Will major vendors lock you out of basic functions?

Somewhat related, but if x86 loses dominance it will be even more difficult if not impossible to install Linux or other alternate OS's on ARM devices. The majority of consumer ARM electronics make it hard enough, and normally requires you to run a specific patched (and most likely outdated) Linux kernel in order to boot.

There are ARM devices which meet the ARM System Ready standard which allows you to boot whatever OS you want, but they are mostly enterprise devices such as servers. Cheapest one I've seen which your average consumer might buy was an ARM workstation with a starting price of about $1500

rini17 1 day ago||

Raspberry Pi and clones/alikes are ARM devices with perfect Linux support.

bigfatkitten 1 day ago||

Raspberry Pi is one of the least open platforms around.

Broadcom SOCs preferred by Raspberry Pi require proprietary blobs to function, and much of their functionality is buried under a mountain of NDAs.

Rohansi 1 day ago||

That's the current norm for GPUs, no? The Raspberry Pi just happens to use a SoC where the GPU is the primary processor. I wouldn't say it's worse - it's maybe slightly better but still close to par.

timefirstgrav 1 day ago|||

Oh wow... The idea of losing general purpose computing is a terrifying thought I've never considered before.

bo1024 1 day ago|||

"The Coming War on General Computation", Cory Doctorow (2011).

Speech: https://www.youtube.com/watch?v=HUEvRyemKSg

Transcript: https://en.wikisource.org/wiki/The_Coming_War_on_General_Com...

(Of course, Stallman warned of this type of thing much earlier as well.)

ekjhgkejhgk 1 day ago|||

Stallman is always right eventually. It's actually quite incredible.

chipsrafferty 1 day ago|||

[flagged]

ekjhgkejhgk 1 day ago||

He didn't assault anyone.

He said a bunch of things. They've all been collected here: https://stallman-report.org/

What I love about that report is that the author created it with the intention of making Stallman look bad. And if you look at the author's summaries, he looks bad. However, the author also made us the favour of collecting all the statements in one single place. And if you look at the things that Stallman actually said (as opposed to the author's summaries) he doesn't look bad, he looks strictly correct.

fsflover 1 day ago||

And there's a reply to that: https://geoff.greer.fm/2019/09/30/in-defense-of-richard-stal... via https://news.ycombinator.com/item?id=21113414

ekjhgkejhgk 1 day ago||

Yeah yeah but the reason why I link to that, is that if someone is interested they can with minimal effort find by themselves all the information to understand it was just a smear job.

Like, someone says "C assaulted B". And Stallman says "If A forces B to offer herself to C, C didn't assault B". Which is obivously correct. It could only be incorrect if you were redefining words to serve your purposes.

dminik 1 day ago|||

Ok, I'm confused here.

I had a look at what Stallman said and what Minsky allegedly did.

Apparently, Minsky had sex with one of Epstein's girls, who later said she was forced into it. Now, his wife denies the allegation, as she was apparently with him at all times on Epstein's island.

Now, I can believe that he went once, and maybe had sex with someone he didn't know was not doing so willingly. But, what about his wife? Was he cheating on her? Was she a part of it?

And why did he return a second time? And after Epstein's conviction in 2011???

And here comes Stallman, and he's not even denying that he's slept with someone, potentially cheating on his wife? His issue is with the wording?

Nobody in this situation looks good.

wolvesechoes 1 day ago|||

> His issue is with the wording?

Pretty obviously.

He is a weird, socially awkward, maybe autistic guy. And such people tend to be quite pedantic and focused on strange details that "normal" people just jump over.

ekjhgkejhgk 1 day ago||

See my sibling comment.

https://news.ycombinator.com/item?id=45722901

I disagree it's "pedantic". I think it's taking advantage of the system.

ekjhgkejhgk 1 day ago|||

His issue is that saying "assault" to mean "sex with someone" is dishonest, even if that person is 17. Which is obviously is.

Any sane person hears "assault" and thinks that means "assault" instead it means something else.

What is happening is that the meaning of words are being changed for the purpose of using pre-existing laws. Example, you think that Bla is very bad and isn't punished enough by the law. There's law that severaly punishes Fleem. So, whenever you see Bla you call it Fleem and argue that the anti-Fleem law applies. That way you can effectively re-purpose a law. Specific example: "catcalling" is now "sexual assault" in the UK. It's easier to do it this way, than to argue that people should be punished for catcalling.

dminik 1 day ago||

Ok, but surely there are more important thing going on there than the wording.

It feels like Stallman wants to defend his friend, but doesn't really have any way to do that. So, instead, he pivots to pedantry.

Like ok, assuming that Marvin really did not know, it's wrong to label him as a sexual assaulter(?). Though legally a sexual assault still occured.

But, it still doesn't explain, justify or deny that he allegedly slept with someone , possibly behind his wife's back. And it also doesn't explain that they went *BACK* to Epstein's island after knowing he was a sex trafficker. And that presumably the girl he slept with might have also been trafficked.

ekjhgkejhgk 1 day ago||

> Ok, but surely there are more important thing going on there than the wording.

Correct, it's the abuse of the legal system.

> Though legally a sexual assault still occured.

Just because something is true legally doesn't mean it's ok, good, correct, moral or ethical.

dminik 1 day ago||

If the victim really was coerced/forced, then there is no wordplay going on here. No legal tricks. No abuse of the legal system.

We're talking about sex trafficking, which we know did occur and Epstein was convicted of. Twice.

And possibly rape/sexual assault, even though the "perpetrator" did not know about it.

You're getting awfully close to defending Epstein there.

I also can't help but notice that you ignored everything else in my comment?

ekjhgkejhgk 1 day ago||

> If the victim really was coerced/forced

Coerced/forced by whom? Are you actually stupid or just pretending?

dminik 1 day ago||

What do you mean by whom? This conversation isn't about Mickey Mouse. Epstein was convicted for trafficking (eg. coercing/forcing) women.

ekjhgkejhgk 1 day ago||

The specific point I'm talking about is the accusation of Minsky. To my point (and Stallman's) doesn't matter if coersion was done by Epstein or Mickey Mouse.

Anyway, I get that you're confused. However, I've lost interest in talking to you.

fsflover 1 day ago|||

I got what you're trying to say, and I agree. I just added my link for completeness.

dghlsakjg 1 day ago|||

It’s already happening.

Many big institutions lean heavily on mobile apps and other gated computing.

I live in BC Canada and by far the easiest way to authenticate a login to provincial sources involves using the BC ID App as a second factor, even when logging in via desktop. Many banks now also use their app as a second factor, rather than a generic OTP option that can run on any hardware.

There were also issues like running Netflix DRM in browser on Linux for a while.

General purpose computers won’t go away, but they will continue to be gated from more and more services until you are more or less required to have a phone or locked down ecosystem device.

donmcronald 1 day ago|||

> Many banks now also use their app as a second factor, rather than a generic OTP option that can run on any hardware.

This is one I’m willing to tolerate, as long as it’s optional. Something I don’t understand though is banking app setup. When I got a new phone this year, the RBC app made me submit some kind of live selfie.

The thing is, I know they can scan your debit card with NFC and authenticate the PIN. I’ve used it for a password reset in the past. Why is a selfie better than that when they presumably have nothing to compare it to?

fragmede 1 day ago||

do you not use the banks ATM or go into a branch ever? why would they not have anything to compare it to?

dghlsakjg 5 hours ago||

Canada has strong privacy protections and norms.

It would be quite a scandal, legally and socially, if it was discovered that a bank was creating a database of images of their customers without consent.

JuniperMesos 1 day ago|||

> Many banks now also use their app as a second factor, rather than a generic OTP option that can run on any hardware.

A financial institution I have an account with requires MFA to log in, and the only options they support are SMS MFA and their proprietary smartphone app. This is acutely annoying to me, because it means I have to get up and get my phone if I want to log into this site from my PC (or rig up a complicated Android emulator setup).

codyb 1 day ago|||

I sincerely doubt it'll do much, but my next computer will not be Apple. Sadly, I just upgraded a year and a half or so ago, and sadly, good lord those damn arm chips are nice.

So hopefully in 8 years or so when I need a new machine, there's some decent options available to me.

But nice aint worth the cost when it comes at the expense of supporting something which is undermining everything else you believe in.

andai 1 day ago|||

So it's just about incentives right? Who has the power to make these decisions, and what are they likely to decide, given their incentives?

mrkeen 1 day ago||

* Government makes services available via auth app of their choosing.

* Auth app deploys to one or two app stores. No financial incentive to do otherwise.

* App stores remain within walled gardens. Tracking, DRM, proprietary drivers come with.

fragmede 20 hours ago|||

We're both closer than any of us believe. Insofar that ChromeOS is and isn't Linux, it's already locked down signed boot. But also we're further from it because general computing isn't going anywhere soon as long as people keep buying general purpose computers. Still until Qubes or similar sandboxed computing becomes the norm, blaming victims for getting malware onto their system only goes so far, and even if banks don't require it, regular people will start having a banking only computer because oh god please don't steal all my money.

nxor 1 day ago||

[flagged]

everdrive 1 day ago|||

Certainly there was more authoritarianism in past times, but we haven't previously had authoritarian movements at the same time that we've the internet and ubiquitous computing. Authoritarianism isn't meant to be a scare word; in the US, you have the total fecklessness of Congress, the expansion of the executive under every single president in the 21st century. (it's still authoritarianism even if some people like what is being done unilaterally by the executive. eg: both Trump and Biden sought and acted with expanded executive powers. Even if you like the outcomes, it's still actually quite bad. Neither party seems capable of imagining that someone they disagree with could be elected and use those same powers. It's baffling.) You have a lot of governmental changes in parts of Europe, etc.

I think it's pretty uncontroversial that there is a global trend towards authoritarianism, but I'm happy to hear other opinions.

poszlem 1 day ago||||

Don’t think of it as one side against the other. It’s a dialectical process, two extremes, like communists and fascists, seemingly locked in mortal opposition, yet through their struggle, pushing the same totalitarian machinery forward. That old pattern feels disturbingly familiar today.

cool_man_bob 1 day ago|||

That’s a cute soapbox, but I fail to see what it has to do with software freedom.

hollow-moe 1 day ago||

> Vote with your wallet Doesn't work when the only options are bad. Every Android OEM embraces the closing of android because it'll allow them to ship all the spyware they already do without the user being able to remove them (or disable them soon enough). Having 2 or 100 options has no difference if they're all bad.

linuxhansl 1 day ago||

How will Google know about my choice? I want to let them know that now there is no reason anymore to prefer to Android over another ecosystem.

Also, my hardware, my choice. It seems there is no way to actually let them know.

smarek22 5 hours ago||

I'd go with

1) sign a petition on change.org against that APK lockdown (currently 10.5k votes) - https://c.org/BHZzNvR6pr

2) In your Android device or Google account use "Send Feedback" and articulate yourself or "Contact us" in Android under "System settings > Tips and support" or best, if you are paying subscriber for any Google LLC service, send the feedback through the subscription management channels (such as feedback in Google One, Workspace or any other paid service)

NaomiLehman 1 day ago||

I hear you but we are a minority. Apple will demolish the market when Gen Alpha grows up. Look at what phones are used to film at concerts by the crowd in the US. it's hard to find a single non-iPhone. Also for a more unbiased take, look up stats for teen preferences. It's not Gen Z that will change the world.

npodbielski 1 day ago||

Which means that in the future will be less engineers and software developers because they never had a chance to learn. And if somebody will know how all of this works really, they won't be working for peanuts. So in an essence all of those companies are eating their own tails. Which is expected since all of it is driven by the stock exchange executives that are interested only by short term profit. Yes it will be terrible but on the other hand all empires are terrible at some point ridden by the stagnation and multitude of radicoulus laws. Will it be the same with technocracy? Probably yes if they lock it all down, new generations will never learn, they will be less and less people with knowledge to maintain the infrastructure and without maintenance it will collapsee eventually.

MisterTea 1 day ago|

I'm sure there are people in high places believing this is not important because AGI.

npodbielski 12 hours ago||

Which would be fine, if AGI would be real. It is not yet and even if this would be around the corner it would be rather like in some movies: giant computer with tones of equipment, security and personnel making it work. Ah and giant nuclear reactor powering it too. Till we will be having autonomous robots that have intelligence built-in into it, does not require constant connection to some server and can run for few days on internal power... I do not see it happening.

TYPE_FASTER 1 day ago||

> However, there is an increasing userbase whose first experience of computing was in these locked-down tablet and smartphone environments. They aren’t so demanding about little things like proper filesystem access or the ability to run unsigned code. They might not blink if that goes away.

I would also suggest that there is another user base who has been using computers for a long time, before GUIs existed, is fed up with fighting malware, welcomes the protection of a sandboxed, protected system, but doesn't understand the importance of having the option of escaping the sandbox. These users might not see the loss of not being able to install a kext on Mac OS without booting into Recovery Mode. But they will notice the loss when, at some point, we can't run anything that isn't signed on any platform.

Google and Microsoft are slowly moving towards the Apple model because it works as far as decreasing support costs go.

When the day comes that there isn't any hardware we can purchase that we can't install OpenBSD/Linux/whatever we want, it will be too late. We have to push back before then somehow.

khalic 1 day ago||

I was there, 3000 years ago, when we started ringing the bell about “trusted computing”. Honestly it’s not as bad as I expected

JeremyNT 1 day ago||

Alternate take: it's exactly as bad as you expected, but your timeline was off.

And even so, perhaps it's later than you realize. Device attestation in the browser is the final nail in the coffin, and it's a question of "when" not "if" major sites start requiring it in the name of "safety" from bots.

baby_souffle 1 day ago||

> and it's a question of "when" not "if" major sites start requiring it in the name of "safety" from bots.

I recently found a plugin that can alert to JS doing shady "fingerprint-like" activity. I did not expect it to go off quite as often as it does now.

It would seem that some sites are already asking _very_ probing questions about the browser so it's only a matter of time before they go one step further and demand proof and gate on furnishment of that proof.

kruffalon 1 day ago||

Would you mind sharing a link to that plugin?

baby_souffle 7 hours ago||

> Would you mind sharing a link to that plugin?

Sure thing!

https://jshelter.org/ is the homepage.

photios 1 day ago|||

> it’s not as bad as I expected

yet :D

khalic 9 hours ago||

Never underestimate how much things could get worse, touché

aa-jv 1 day ago|||

I don't agree, it is absolutely dreadful, and we saw this coming and did nothing about it.

Think about it: you need permission to run software on your own hardware. Every time you launch a Mac App, it checks in with its masters to be sure its okay to do so - every time you install an app on your mobile device, it does the same thing.

People accept this terrible state of affairs because the "user experience is better" - but this is a fallacy. Under the cover of 'security issues' that their are incapable of fixing, due to very poor architecture decisions, OS vendors have instead bolted on an insanity and sold it to the user as progress.

Every computing device should have everything it needs, onboard, to write software for that computing device. That they don't is because the OS vendors are cowardly running from the bloat of yesteryear and adding more bloat tomorrow to cover it all up.

There will be a backlash against this. We see it already in the retro-computing and alternative-platform hacking communities, which are growing and growing, exponentially, by the year.

Its only a matter of time that someone wraps up this freedom-to-use concept in hardware that is sexy enough to compete with the totalitarian-authoritarian platform providers. Any .. day .. now ..

detourdog 1 day ago||

It can be turned off on your Mac if that is what you want.

swiftcoder 1 day ago||

So far, yes. It's getting hardware with every release. First you had to click approve in a dialog to launch unsigned software. Later you had to right click -> "open" -> then approve. Now you have to open system settings to find the button to show the approval prompt.

Meanwhile to install a kernel extension you now have to reboot into safe mode and disable part of system integrity protection (with big warnings that it's at your own risk).

For the average user, kernel extension are already gone, and unsigned software not far behind.

codyb 1 day ago|||

Devil's advocating here... when have kernel extensions _ever been_ a part of the average user's experience?

vetrom 1 day ago|||

The early MacOS era as well as pretty much the entire classic Mac OS era was infamous for being a more-or-less do it yourself environment for adding bits the OS didn't have or did sub-optimally for given use cases.

The wisdom of such a freewheeling ecosystem in today's era is maybe debatable, but given how user-hostile the mainline OS and software vendors can be, I say there's still plenty of room for that ecosystem and it should be preserved.

codyb 1 day ago||

I guess I do remember adding drivers here and there for scanners and printers back in the day

detourdog 21 hours ago||

The old OS was awesome in that way. As extensions loaded the would appear in sequence at the bottom of the screen when a driver failed the boot would lock-up and one could reboot with extensions off change the boot order or remove the driver from the system folder. Very easy to mess with.

fragmede 20 hours ago|||

ever since that was how you did device drivers. If you anything interesting, hardware wise, it came with drivers that required help from inside the kernel, and maybe you can argue that was different but it's still kernel level stuff that normal users had to install.

fingerlocks 13 hours ago|||

You can also just resign the binaries in one quick CLI command. That can’t go away because it’s baked into the post-compile build stages of Mac and iOS apps. So relax, this thread is all a bunch of silly FUD.

swiftcoder 12 hours ago|||

If you are a developer, with the developer tools installed, sure. That's already well out of reach of the average user.

aa-jv 10 hours ago|||

Yeah, haha. This is not FUD: try to do the same on iOS.

api 1 day ago|||

Mobile is where it’s bad. It never took hold fully on desktop since desktop is used for development and too many other things.

pjmlp 1 day ago|||

PC was an anomaly thanks to IBM not being able to go with their plans.

On UNIX, Sun was the vendor that introduced the concept of SDK SKU, thus for having developer tools, an additional SKU had to be bought, and the until then largely ignored GCC sundenly got a new focus of attention.

Mainframes and micros always needed having a group of folks from the vendor professional services for specific kinds of configurations.

I still remeber working on traditional timesharing UNIX systems, one single server for all teams, what you get to do is decided by IT for your role.

There are plenty of examples from the past on how this has been happening already.

1313ed01 1 day ago||

An anomaly from some corporate pov, maybe, but at home the PC was definitely not more open to general purpose computing than the alternatives. Most early home computers booted straight into a BASIC prompt, and the line between being a programmer and a user was far more blurred than it is now.

pjmlp 1 day ago|||

It definitely was, all other platforms had vertical integration.

bitwize 1 day ago|||

PCs from IBM could do this as well. There was a ROM'd BASIC in IBM computers that they would default to if they couldn't find a bootable disk. The BASIC that came with PC-DOS, BASICA.COM, was actually a wrapper for this ROM BASIC.

The clones relied on GW-BASIC and later QBasic, which came on disk and was bundled with DOS, to supply this functionality, and didn't have BASIC in ROM. In fact, some early BIOS implementations, if they did not find a bootable disk, displayed a message "NO BASIC FOUND" or similar.

fuzzy2 1 day ago||||

But the "walled garden" on mobile (iOS mostly, but now also Android) isn't really about trusted computing at all. Trusted computing (locked bootloaders) is but a small part of it.

Trusted computing and even remote attestation have legitimate use cases. It's good, great even, that they exist. But just like everything, they can be used against you.

cubefox 1 day ago||

In fact most digital goods that are sold in large numbers via download, are, as far as I'm aware, sold with some form of DRM. Like films and video games. Otherwise piracy would be just too easy. MP3s don't have DRMs, and are still sold (e.g. by Amazon), but those now seem to be largely replaced by music subscription services.

And this might be a reaction to the fact that music piracy is quite easy; if it wasn't, perhaps there would be no Spotify where you get basically All The Music in existence for peanuts. (Note that no equivalent subscription service exists with regards to movies or games: Netflix and Xbox Game Pass have only a limited selection of content included in their subscription.)

renegat0x0 1 day ago|||

Mobile is where it is all going. PCs will be like android in the near future.

sumtechguy 1 day ago||

what? windows 11 was just for new features right? ... right?

pjmlp 1 day ago||

Right,

https://learn.microsoft.com/en-us/windows/win32/secauthz/app...

https://learn.microsoft.com/en-us/windows/security/hardware-...

buyucu 1 day ago|||

Trusted computing is just another name for vendor lock-in. It was never about security.

JKCalhoun 1 day ago|||

A more generous explanation is that it might be both — vendor lock-in also happens to be a security measure.

Having important info on your device and having that device accessible to the wild, wild, internet is a very real problem. If the "walled garden" is a flawed solution we should work on a better one.

izzydata 1 day ago|||

Having a separate dedicated general purpose computing device not connected to the open internet perhaps.

buyucu 13 hours ago|||

Anyone who thinks that vendor lock-in is a security feature didn't learn a thing from the Crowdstrike incident last year. The biggest security incident in the history of the entire internet was caused by a cybersecurity ''vendor''.

EvanAnderson 23 hours ago|||

It's really about keeping third-party interests secure from the users. Pesky users being allowed to run their own code thwarts control efforts.

bayindirh 1 day ago|||

I have an ugly hunch that systemd gonna be Google Play Services of Linux at some point.

I beg history to prove me wrong.

For anyone interested, please look at Hardware attestation and TiVoization, thanks.

array_key_first 1 day ago|||

Well systemd is open source so it could just be forked at any point. I don't forsee this happening.

symbogra 1 day ago||||

This is a bizarre comment for an open source init system

bayindirh 1 day ago||

The history of TiVoization[0] tells us otherwise.

[0]: https://en.wikipedia.org/wiki/Tivoization

symbogra 1 day ago||

Is the issue that they support secure boot type features?

bayindirh 1 day ago||

No, the issue is too much of the Secure Boot chain is currently being controlled by Microsoft.

Kernel being GPL has no point currently. Require hardware attestation with Microsoft private keys + systemd-boot + systemd + uutils can create a nice walled garden, allowing "vendors" to build locked-down hardware-OS pairs.

More importantly, uutils is MIT, which can attest at every level, without sharing a line of source code.

This will affect everything from small appliances to big iron and it can be very ugly.

deadbunny 1 day ago|||

You don't have to use MS' keys, you can setup secure boot using your own keys reasonably easily.

https://wiki.archlinux.org/title/Unified_Extensible_Firmware...

bayindirh 1 day ago||

I know. The question is not about what’s possible today.

What prevents Microsoft from updating Windows PC standards and eliminate the possibility of turning off secure boot and allowance of enrolling your own keychain in the secure boot process?

These are long games. Being comfortable today doesn’t guarantee same comfort and allowances tomorrow.

Ironically, we’re discussing this under Android’s increasing restrictions.

The same Android which was championed as the bastion of mobile freedom when it first came out.

symbogra 14 hours ago||

It goes back to the old arguments about free software vs open source. Maybe by restricting devs in certain ways the users are actually more free. But then maybe the system to lock the users in gets built with wholly proprietary software and there's less adoption overall of the FOSS software. I don't really have a good answer. I recently switched to grapheneOS but it feels like fighting a losing battle, and lots of apps don't like that I'm using a non official android build.

I worked at a big company where GPLv2 software could be used in our systems but not GPLv3. Is it better that that GPLv3 software didn't have more users? The company didn't contribute much back so maybe it's not a big loss.

bitwize 1 day ago|||

Uutils is literally one guy's self-tutorial to learn Rust. The fact that it's breaking Ubuntu has more to do with that than some shadowy conspiracy.

bayindirh 1 day ago||

Looking at the uutils/coreutils repository:

    - 22K stars
    - 1600+ forks
    - 33 releases
    - 622 contributors
    - 678 users (at minimum)
    - Code of conduct (with a debian.org mailing address nonetheless)
    - 1 distribution shipping it as default (so far)

The project has the stated goal as follows [0]:

> The uutils project reimplements ubiquitous command line utilities in Rust. Our goal is to modernize the utils, while retaining full compatibility with the existing utilities. We are planning to replace all essential Linux tools.

This is hell of a self-tutorial.

If this was GPL licensed, I'd love to try these. But at this point, it's looking for pushing GNU out of the Linux ecosystem, completely.

[0]: https://uutils.github.io/

dooglius 1 day ago||||

People are trying to lock down Linux yes, but the specific software used for enforcement, systemd or otherwise, is mostly irrelevant.

baq 1 day ago|||

it's in the name, but it's open source and it's replacing a hodgepodge of other stuff (the point isn't why it's replacing it, or how well it's going; the point is there are replacements).

if the computer won't allow to install or use other software until you install a vendor-signed version of systemd on a vendor-signed kernel we'll be there. it's about hardware attestation, not signed software, though.

bayindirh 1 day ago||

What it bothers me is the possibility of TiVoization via Kernel and systemd, actually.

Combined with uutils, which is MIT, you can build a nice (!) walled garden.

Let me say I have seen enough shenanigans over the years.

gjsman-1000 1 day ago||

The future is likely bifurcated trust: Official, encrypted, attested systems; and unofficial, unencrypted, unattested systems.

The GNU freedoms never specified the right to run free software side by side with proprietary software on the same hardware; so the FSF should actually be fine with such an outcome.

iamnothere 1 day ago|||

The problem with bifurcated trust is the ongoing efforts to force people into carrying a “trusted” pocket spy. Cashless payments, mobile train tickets, and digital ID are making it extremely difficult to live without a pocket spy in some places.

If my bank requires me to use a phone for transfers (mine doesn’t), it might be acceptable to leave one in a desk drawer powered off as you would do with a hardware authentication token. It’s a special device for occasionally accessing a service. Fine. But when governments and industry collude to force citizens to carry these devices in order to live life normally, that’s not OK.

My intent is to be as stubborn and obnoxious as possible in resisting this until they either give up and provide an alternate path or lock me away for noncompliance. Fortunately there is still an alternate path available for most things, primarily thanks to elders who have trouble with new tech. (Thank you elders!)

gjsman-1000 1 day ago||

Then get a law passed. Today.

Or… acknowledge this is a fear of a future 30, 40, 50 years away that may never happen, which is never an argument.

It’s like saying the government, because they have power, and the SCOTUS, because they have power, could decide to kill all children. Yes, they could. No, it’s absurd to let that power keep you up at night, or say the solution is to abolish their power.

iamnothere 1 day ago||

> Then get a law passed. Today.

Ha! Let me know how to achieve that and I will. I’ve advocated, donated, and volunteered for years on behalf of a number of causes, some with excellent organizations promoting them, and yet things continue to get worse. The only minor victories have been temporary delays of bad policy.

No, the best response for the average citizen is stubborn noncompliance and constant passive resistance. Drag your feet until the whole thing comes crashing down. And encourage your friends to do it too! (But don’t stop trying through conventional politics, maybe one day it will work. Just don’t get your hopes up.)

gjsman-1000 1 day ago||

You can’t pass a law; because you have almost no bad examples to point to. Emulators, something that happened on the other side of the world, and piracy aren’t arguments.

The banning of Parler did more for activism and awareness regarding platform control than all FOSDEM. Of course, HN happily piled on in favor of this decision, missing the moment to build common ground on platform control, for the sake of political expediency.

If the government, or tech, starts regulating out things people actually care about, then you’ll have your sway. The rush to technical solutions seems to imply we already internally agree tech and government aren’t going to do anything the average person cares about - as it assumes the “bad future” can happen without a national policy discussion anywhere.

iamnothere 1 day ago||

It may be across an ocean, but Europe isn’t exactly the other side of the world geographically or culturally. Many of the ideas being trialed there are working their way into parts of the US. The frog is being boiled slowly, but the heat is rising more quickly in big cities.

> HN happily piled on in favor of this decision

HN is not a monolith with a single opinion. The loudest users at the time (not just here, all over the internet) were pro-censorship political activists, so maybe that caused you to interpret things that way.

> If the government, or tech, starts regulating out things people actually care about, then you’ll have your sway.

The public will not respond until the groundwork has been laid to make effective protest impossible. Only then will important things be regulated out. Until then it will just be “nerd stuff”.

gjsman-1000 1 day ago||

> HN is not a monolith

This is a lazy argument, as I can safely say that 80% or more of HN has the same political bent, and every community ever has said “but not everyone.”

Read the comments on the Parler deplatforming. See what was upvoted. See what the consensus was. Nobody cares about the principles, even here, when rubber hits the road.

Imagine if the undesirables, on either side, started actively using all the decentralized censorship-resist tech for their cause. Would the builders and commentators here be saying “working as designed,” or would there be a sense of fury, a sense of “not like that?” A sense of “that was supposed to enable my cause, not yours?”

Suppose Proud Boys coordinated their Jan 6 activities on Signal and Tor. Suppose Truth Social was built on ActivityPub and MAGA developers were the loudest voices at FOSDEM advocating for censorship-resistant protocols. How do you feel? Are we still citing the same principles? If not, we never believed them.

> The public will not respond until the groundwork has been laid to make effective protest impossible. Only then will important things be regulated out. Until then it will just be “nerd stuff”.

I’m looking at history and noticing that 99.9% of revolutions did not have the internet required to be successful.

iamnothere 1 day ago||

> This is a lazy argument, as I can safely say that 80% or more of HN has the same political bent, and every community ever has said “but not everyone.”

I disagree, but even if you were correct: like, what’s your point? Are you grouping me in with them because I happen to be posting here? I reject that characterization.

Edit: I feel like this is an attempt at some kind of “gotcha” based on the example you provided. No, I don’t believe access to tech should be gated based on politics. IMHO everyone should have access to private and secure systems, as part of their human rights regarding speech, thought, and personal privacy. I attempted to raise this point in several venues during the “deplatforming” fad and explained how the political pendulum made it a bad idea. The mob remained unconvinced.

> I’m looking at history and noticing that 99.9% of revolutions did not have the internet required to be successful.

You tell me how people are going to protest effectively in the face of:

- Ubiquitous visual surveillance and facial recognition

- Ubiquitous audio surveillance via pocket spies and things like Flock/ShotSpotter/other competing systems

- Ubiquitous ALPR systems and GPS-enabled “digital plates” being trialed in some areas

- Data mining coupled with AI behavioral analysis (sloppy but likely good enough)

- An increasing percentage of cars with remote shutdown capabilities

- The replacement of cash with digital currency that can be remotely disabled

The future looks a lot like China, but without their “economic miracle” that has kept the population satisfied.

zelphirkalt 1 day ago||||

That seems to be either an oversimplified take on the FSF's position, or argument in bad faith. The FSF wants people to be able to run free software for all purposes, as they fight for user freedoms. If said free software cannot be used, because of all kinds of vendors limiting their services to proprietary software or platforms, then this should be a major concern to the FSF, because their advocated kind of software is being sabotaged.

lupire 1 day ago|||

In fact FSF specifically exempts special purpose hardware like microwaves from its purview. The philosophy is targeted at software the user has a choice to install. If the hardware provider does not intend the user to choose to install an alternative version of the system software, software freedom doesn't come into play.

https://www.fsf.org/campaigns/free-bios.html

fragmede 20 hours ago||

Which honestly I disagree with. Tivo didn't want you installing alternate OSes on their device and neither did Sony. Alternate OS support was eventually removed from the PS3. As to the microwave, you've not had any of them do anything annoying, like beep annoying at the wrong times, or wanted a button or override beeping in the middle of the night to not wake up other people? why can't I want to install an alternate firmware to my microwave or my TV. My soldering iron supports that.

QuiEgo 22 hours ago||

It seems like the path we’re heading to for the next 5-10 years is that we’ll still have general purpose compute, but many things will require a locked down smartphone as an access token. This is already the case in many corporate environments. More and more webpages are going to go this route in the name of security (along with only allowing access from a “trusted” browser authenticated with a TPM).

So you’ll still be able to write code and scripts and play on the side on your laptop, but if you want to access your banks webpage (or really, anything you get through someone else’s server: streaming media, the news, porn, whatever) you’ll be forced to Chrome + laptop with TPM + authentication through smartphone app.

Not ideal.

isolay 12 hours ago||

> [Apple] promised apps with no viruses and no risks; a place where everything was curated and safe.

Apart from the viruses, nothing of the above is true any more. Apple doesn't care if you're getting screwed over by an app, and neither does Google. If they can increase their profits by taking away our freedom and/or control over "our" devices, then it WILL happen, as sure as death and taxes.

whitehexagon 1 day ago||

I worry that this global push for 'Know Your Developer' and the attempt to make them legally liable for what they produce, is going to destroy open source, An 'open' linux included.

After that, certified locked down BigTech 'Personal Computing' will be the only menu choice.

donmcronald 1 day ago|

Exactly. It’s a tactic so big tech doesn’t have to engage in activity that would justify anti-trust action if they want to ban a developer or even a whole class of apps. It’s also usable in general to benefit the wealthy.

They force anyone distributing software into the legal system so a “3rd party” can sue and destroy the life of anyone that goes against the system they want. Anything they don’t like will be accused of violating patents, etc. and the option to distribute anonymously for the good of users / society will no longer exist.

mrbluecoat 1 day ago||

Executive Summary: run Linux

matheusmoreira 1 day ago||

Won't matter. Remote hardware attestation means they will know you're trying to bypass their control. You'll be denied service at every turn. Can't even log into your bank account.

candiddevmike 1 day ago|||

IMO, I don't see how remote hardware attestation avoids being spoofed. Yes, TPM is involved, but the end of the day, it's an API request/response. There are so many ways the request could be spoofed, and the attestation likely requires coordination with hardware vendors that have proven to be Highly Secure TM with the history of secure boot leaks.

matheusmoreira 1 day ago|||

> I don't see how remote hardware attestation avoids being spoofed

Hardware cryptoprocessor. Keys are held in a tamper resistant secure element. You're not gonna get at those keys without pouring some serious resources into the task.

The keys are owned by the corporation and used to establish a root of trust from boot. If you change anything at all to suit your interests, verification fails, your machine is identified as "tampered with" and designated as untrusted.

iamnothere 1 day ago||

History tells us there will always be a “low cost” vendor with exploitable hardware, or if production becomes more tightly controlled, inevitable cost cutting and declining standards will provide a way in. Not that we shouldn’t oppose locked down hardware, but locking things down creates pressure and motivation for the people who like things to be unlocked.

donmcronald 1 day ago|||

Your untampered device will be enrolled with a verified ID provider and they’ll be part of the attestation. The tamper resistance hardware benefits from decades of hacking. Plus you’re not talking about things like compromising a single long lived key or similar like you could with physical media or players.

We’ll probably get to the point where you need a verified id to buy a phone that does attestation. Tamper with it and go to jail. Who’s going to hack that?

iamnothere 1 day ago||

Even if things get that locked down, I suspect that leaked attestation keys and fake/stolen ID verification will always be a problem. There’s a lot of money to be made in this, and someone will inevitably decide not to leave that money on the table, legality be damned. This risk only goes up with manufacturing that crosses borders, and despite the push to renationalize production, it’s going to be a long time before that is feasible at a mass scale.

A small, hardly exclusive list of things we have been unable to protect through technology:

- DVD/Blu Ray/HDMI copy protection

- Windows product registration

- Device jailbreaking (manufacturers are constantly running to keep ahead of this but old versions are frequently unlocked even with iOS)

- Classified diplomatic documents

- Classified details of warfighting equipment

- Identities of federal employees (and even covert agents)

- Nuclear secrets

Technical measures aren’t always the weak point—bribery works just as well. As the US tech stack continues to decouple from China, they will also have the motivation to break our systems.

pseudalopex 1 day ago||

There is more money to be made selling exploits to criminals or states than selling false attestation or jailbreak to the public.

iOS jailbreak enthusiasts say it wasn't practical since years.

Some state secrets leaked. Many did not.

marcosdumay 1 day ago||||

Everything seems directed into making that "low cost vendor" illegal and consolidating the market into a handful of players.

And yeah, it's a politics problem, not an economic one. If corporations could simply push Trusted Computing without a corrupt police (and military) backing them, we would be there since the 90s already.

matheusmoreira 1 day ago||

It's already been made illegal via DMCA.

https://www.eff.org/deeplinks/2019/06/felony-contempt-busine...

matheusmoreira 1 day ago||||

I hope you're right. Truly.

lbschenkel 7 hours ago||||

Check how Play Integrity works today (DEVICE and STRONG integrities) and how it uses a non-extractable hardware key fused into the chip or security processor. Or read the GrapheneOS attestation guide and their example code. It's un-spoofable hardware attestation.

The fact that you can make it pass in some cases using Magisk and so on is because it's spoofing an older device (launched before Android 8) without hardware-bound keys and Google is deliberately allowing that in order not to blacklist the genuine users.

However, once Google decides that the collateral damage is tolerable and those devices should no longer pass Play Integrity, then it's game over. You can't spoof any newer stuff, as you can't produce the desired signature -- only the hardware can do it and the hardware won't do it.

The only way would be if the manufacturer screwed up and it's possible to run unsigned code (or signed by a different key) and maintain a pristine bootloader, or if the hardware key leaks somehow. In either case, the key is per device so Google is always free to blacklist that device if it really wants to. (Verification of the signatures is always done off-device, through Google's servers.)

coldpie 1 day ago|||

> I don't see how remote hardware attestation avoids being spoofed

I don't disagree, but is that really a game you want to be playing with your government and your bank?

parliament32 1 day ago||||

Given my bank hasn't even moved on from optional SMS-based MFA yet, I expect this to start becoming a problem in maybe half a century.

lotsofpulp 1 day ago|||

If you have the right to run what you want on your machine, then they do too.

So then the problem gets moved up to why are you (or group of you) not powerful enough to negotiate being able to run what you want and either not need “them” or be important enough that “they” need you.

And the answer will come down to the fact that 90% of people don’t care about running whatever they want on their machine, and they want the cheapest, quickest, easiest solution.

matheusmoreira 1 day ago||

> So then the problem gets moved up to why are you (or group of you) not powerful enough to negotiate being able to run what you want and either not need “them” or be important enough that “they” need you.

How tiresome.

You're right, we gotta become more powerful. Via radicalization. They seek to marginalize us. To turn us into second class citizens. To destroy free computing as we know it, destroy everything the word hacker ever stood for. If you're on this site and this doesn't radicalize you, then I don't know what to say to you.

Gotta start lobbying governments to make it a literal crime for them to discriminate against us in this manner. Just like racism.

egorfine 1 day ago||

Until EU forbids you to like they plan in 2027.

rawgabbit 1 day ago|

I place a large part of blame of why the public is accepting of this trend of restrictive computing to Microsoft’s decision to loosen security despite of David Cutler’s excellent Windows NT. Cutler came from DEC VMS and built Windows NT to be an enterprise OS with separation between kernel and user space and enterprise level security. Microsoft to go after the consumer space ran a lot of apps and drivers in the kernel space. This meant for over two decades consumers learnt hackers could easily hack, bypass, and take control over their PCs. If you could disguise your code as a driver, it got God permissions to your PC.

More comments...