←back to thread

We should have the ability to run any code we want on hardware we own

(hugotunius.se)
2071 points K0nserv | 2 comments | 31 Aug 25 21:46 UTC | HN request time: 0.545s | source
Show context
tzury ◴[01 Sep 25 01:47 UTC] No.45088695[source]
We need both options to coexist:

1. Open, hackable hardware for those who want full control and for driving innovation

2. Locked-down, managed devices for vulnerable users who benefit from protection

This concept of "I should run any code on hardware I own" is completely wrong as a universal principle. Yes, we absolutely should be able to run any code we want on open hardware we own - that option must exist. But we should not expect manufacturers of phones and tablets to allow anyone to run any code on every device, since this will cause harm to many users.

There should be more open and hackable products available in the market. The DIY mindset at the junction of hardware and software is crucial for tech innovation - we wouldn't be where we are today without it. However, I also want regulations and restrictions on the phones I buy for my kids and grandparents. They need protection from themselves and from bad actors.

The market should serve both groups: those who want to tinker and innovate, and those who need a safe, managed experience. The problem isn't that locked-down devices exist - it's that we don't have enough truly open alternatives for those who want them.

replies(23): >>45088735 #>>45088761 #>>45088840 #>>45088846 #>>45088867 #>>45088917 #>>45088924 #>>45088947 #>>45089091 #>>45089098 #>>45089274 #>>45089445 #>>45089853 #>>45090037 #>>45090783 #>>45091788 #>>45091834 #>>45092235 #>>45092332 #>>45092365 #>>45092417 #>>45092508 #>>45094664 #
mjevans ◴[01 Sep 25 02:17 UTC] No.45088840[source]
Incorrect.

Choice 2. Empowered user. The end user is free to CHOOSE to delegate the hardware's approved signing solutions to a third party. Possibly even a third party that is already included in the base firmware such as Microsoft, Apple, OEM, 'Open Source' (sub menu: List of several reputable distros and a choice which might have a big scary message and involved confirmation process to trust the inserted boot media or the URL the user typed in...)

There should also be a reset option, which might involve a jumper or physical key (E.G. clear CMOS) that factory resets any TPM / persistent storage. Yes it'd nuke everything in the enclave but it would release the hardware.

replies(6): >>45088909 #>>45088912 #>>45088914 #>>45088933 #>>45089048 #>>45091997 #
Barbing ◴[01 Sep 25 02:34 UTC] No.45088912[source]
>big scary message

Open question:

Any idea on making it so difficult that grandma isn't even able to follow a phisher’s instructions over the phone but yet nearly trivial for anyone who knows what they’re doing?

replies(3): >>45088926 #>>45088928 #>>45088960 #
1. XorNot ◴[01 Sep 25 02:37 UTC] No.45088926[source]
Fix the phone system so calls must positively identify themselves.

There is no reason anyone purporting to be from a business or the government should be able to place a call without cryptographically proving their identity.

replies(1): >>45088982 #
2. Barbing ◴[01 Sep 25 02:48 UTC] No.45088982[source]
I like that! I’m sure it would take a little bit of time for folks to stop trusting calls from personal numbers where highly-capable social engineers do their best work, but eventually I expect nearly all of us would learn the lesson.

And presumably we could set up notifications so our elderly relatives’ phones would alert us to calls from unverified numbers not in their contact list lasting longer than a minute or two.