We should have the ability to run any code we want on hardware we own

(hugotunius.se)

2071 points K0nserv | 1 comments | 31 Aug 25 21:46 UTC | HN request time: 0s | source

Show context

zmmmmm ◴[01 Sep 25 02:51 UTC] No.45088995[source]▶

> In this context this would mean having the ability and documentation to build or install alternative operating systems on this hardware

It doesn't work. Everything from banks to Netflix and others are slowly edging out anything where they can't fully verify the chain of control to an entity they can have a legal or contractual relationship with. To be clear, this is fundamental, not incidental. You can't run your own operating system because it's not in Netflix's financial interest for you to do so. Or your banks, or your government. They all benefit from you not having control, so you can't.

This is why it's so important to defend the real principles here not just the technical artefacts of them. Netflix shouldn't be able to insist on a particular type of DRM for me to receive their service. Governments shouldn't be able to prevent me from end to end encrypting things. I should be able to opt into all this if I want more security, but it can't be mandatory. However all of these things are not technical, they are principles and rights that we have to argue for.

replies(38): >>45089166 #>>45089202 #>>45089284 #>>45089333 #>>45089427 #>>45089429 #>>45089435 #>>45089489 #>>45089510 #>>45089540 #>>45089671 #>>45089713 #>>45089774 #>>45089807 #>>45089822 #>>45089863 #>>45089898 #>>45089923 #>>45089969 #>>45090089 #>>45090324 #>>45090433 #>>45090512 #>>45090536 #>>45090578 #>>45090671 #>>45090714 #>>45090902 #>>45090919 #>>45091186 #>>45091432 #>>45091515 #>>45091629 #>>45091710 #>>45092238 #>>45092325 #>>45092412 #>>45092773 #

cryptonector ◴[01 Sep 25 05:50 UTC] No.45089822[source]▶

>>45088995 #

There is also the possibility that without a [paid] curator (the vendor, like Google or Apple) we can't have security for how do we ascertain provenance? You might not buy that argument, but the vendor will make it, and it will resonate with the public and/or the politicians.

Establishing trust with hardware, firmware, and operating system software is currently an intractable problem. Besides the halting problem and the reflections on trusting trust problem (i.e., supply chain problems) the sheer size of these codebases and object code (since you'll need to confirm that the object code is not altered as in the reflections on trusting trust paper) is just too big for the public to be able to understand it. Sure, maybe we could use AI to review all of this, but... that's expensive if every person has to do it, and... that's got a bootstrapping problem.

Basically the walled garden is unlikely to go away anytime soon. It would be easier to change the rules politically to do things like reduce transaction fees, but truly allowing the wide public to run anything they want seems difficult not just politically but technically, because the technical problems will lead to political ones.

replies(2): >>45089995 #>>45090458 #

1. estebarb ◴[01 Sep 25 06:23 UTC] No.45089995[source]▶

>>45089822 #

Not really. Many countries emit digital signatures that could be used to prove that someone signed something. We would just need to convince countries to use that same infra for companies. So it may be possible to require everything to be properly signed, without requiring everyone to be bound to certain company wishes.

↑