Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security

>the question is whether the security benefit is worth the loss of freedom.

At least as far as Benjamin Franklin would tell you: No.

Absolutely agree on here as Benjamin Franklin once said: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

The freedom to choose which software runs on your computer is also the freedom to choose that certain software shouldn't run on your computer. The freedom to make that decision should be left up to the individuals rather than being imposed on them, but making an explicit choice that my computer should only run specific firmware builds is an expression of freedom, not a rejection of it.

The key term there is “essential liberty”, by which he meant political rights. Choosing to delegate management of a computer’s firmware to a third party firstly isn’t giving away any political rights, and is a rational choice in some circumstances. It’s a choice I might make for some computers I own or operate, and not others. Suggesting that this choice has anything to do with what Franklin was talking about is nonsense on stilts.

Americans are very uncritically accepting of their system of government in general. It gets taught as this "wow, our system of checks and balances, isn't it amazing!?" and by and large is never criticized or substantially analyzed as to whether it's a system that produces good outcomes. It simply is.

The largest criticism imo is that it biases against action. Every dimensionality of the population gets represented (popular, geographic, regional, etc) and if any segment of the population disagrees, the whole process can be dragged to a halt. And as the Polish Sejm showed hundreds of years ago... the liberum veto is a terrible idea politically. And everyone knows that, but, what is the threshold at which it becomes a bad idea? 90% consensus? 70%? Pure majority? The US system requires very high consensus as some issues show - there are some issues with >90% popular support that still cannot get passed.

https://en.wikipedia.org/wiki/Liberum_veto

Consensus building is good but at the same time there always needs to be someone in the drivers' seat, the idea of "split government" in the sense of the executive and legislature being opposed is fundamentally and innately a bad idea that people just uncritically accept because that's how it is. Again, the executive being the leader of the coalition that controls the legislature is a good way to do that - and then we can work on making the legislature represent the population fairly in the desired ways.

Most of the problems with the US really boil down to "bias against action" and "split government" and "the senate in its entire conception". And federalism really is not great when taken to the degree that the US takes it, either, but again that's something where it's taught as "wow, federalism, how great!" and its downsides are never mentioned. Having regions of the country where human rights are 100 years in the past is pretty bad. Gay marriage wasn't constitutionally protected until like 10 years ago, and it was by court decree, not actual constitutional process. Texas just goes around killing people, some absurd % of the executions happen there and the evidentiary bar is quite low. Social services tend to be similarly scant in these regions and again, it’s not a good thing that states can just choose not to fund (or to place arbitrary restrictions on) senior care or other funding for vulnerable populations. Federalism is supposed to be backstopped by a minimum bar that in practice doesn’t exist in the states, in human rights or social services or many other areas.

Unfortunately, a lot of this was historically necessary to get the US built - you wouldn't have gotten the slave states onboard if they didn't have disproportionate representation and mechanisms for dragging abolitionism to a halt. And it's produced one civil war and a half-dozen-odd constitutional crises over the centuries. But that part gets separated away from the “design choices”, and people only hear the positive.

It's not that they're all inherently bad either but they're deliberate design-decisions that have consequences both positive and negative, they are "tech debt" from politicians who wanted to move quickly and break things, and now they're these sacred cows. And in hindsight some of those design-decisions have been ones that had immensely negative consequences and can't be easily undone... but they were necessary at the time.

Not OP, and I agree that freedom quote is definitely an overreaction in this sense.

Allow me to go off a bit of a tangent. I find this call for freedom much better than what is beaten into children/students in our schools in a small European country, namely Croatia. It is obedience, rote memorization, compliance, anti-individualism, hopelessness, anti-leadership and dependance. Ask any citizen over here what freedom even is, and people would stare at you blankly because frankly, very few would even know how to try to describe it.

For a normal citizen over here, it means what Government allows you to do. And now in my fourth decade in this country it is less and less. People are afraid to speak up because the Goverment is the biggest employer by far. Every forth citizen works for it (directly or indirectly). The previous generation could at least be always safe to have a home so if they get fired, they can try to get a job somewhere else. My generation (and the generation after me) have no economic freedom. I bet 99% of homes bought are with mortgage, so those are all owned by the banks, so people can lose those very easily. And they do. This is not America where jobs are like a revolving doors. People losing jobs here are very concerning thing and getting employed again is difficult. No wonder young people are emigrating en masse because they cannot afford anything here. At least somewhere else they have a chance at a normal life. Here, they'll be almost slaves their whole lives.

People here also don't know how to protest and self-organize, so protests are very rare. It also doesn't help that police is very active in supressing any kind of "undesirable" political activity. As my ex neigbour said (now deceased) who was a chief of regional branch of secret police: "everyone is doing something illegal, if you stick your head in certain matters it will get chopped, and there won't be newspaper articles about it."

When the government enacts laws to remove some remaining freedoms and rights, this goes here even without a whimper. Its not even a headline news. It is a non-news. "Well at least they didn't take away my TV, so all is fine." is a bit of a sarcastic reply from an average citizen here.

Just wanted to put this into a perspective when one would claim that Americans are over sensitive on "freedom fetishism". That's fine in my view, millions of people died for that freedom. For the most of the rest of the world, freedom probably just means something only rich people can afford.

Yes, delegating firmware management unaudited is giving away political rights. You do not know what is in there.

The ones who write the code make the rules. The ones who make the rules, wield power. Those that are attracted to the exercise of power, inevitably abuse it.

Trying to handwave that "computer says no" couldn't possibly be abused to political ends is literally shoving your head in the sand. DRM would not be a thing if computing was fundamentally apolitical.

> The ones who write the code make the rules…

Any code I didn’t write myself, from the ground up using no third party components, in a language I developed, ‘could’ possibly be abused in this way. Even then, do I have to also write the microcode in the chip as well, and supervise the fab? This extreme absolutist stance is completely non viable. I certainly don’t see how I could live life taking that level of extreme paranoid seriously, or how anyone could in an advanced technological society.

The whole point of laws and government is to outsource such concerns. That’s why free speech, the rule of law and democracy matter so much. Those are the essential freedoms he was talking about. Everything else is based on those, because with those you don’t need to trust the vendor, because your legal rights will be protected.

So sure, essential freedoms are exactly that, essential, but extending that to absurd lengths is fuzzy thinking that obscures what’s actually important by confusing it with things that aren’t practically attainable generally anyway.

Except that describes a fantasy reality and not our reality where the user has no say and even if you are lucky enough to be able to run the software that you want it won't have access to the keys demanded by third parties like the media industry. The mere existence of "trusted comuting" is a threat to free computing.

> Americans are very uncritically accepting of their system of government in general. It gets taught as this "wow, our system of checks and balances, isn't it amazing!?" and by and large is never criticized or substantially analyzed as to whether it's a system that produces good outcomes.

Is this really different anywhere else? Pretty much all school I have been trhough (none of it in the US) has been 90% about deferring to authority if you really think about it.