We should have the ability to run any code we want on hardware we own

(hugotunius.se)

2071 points K0nserv | 3 comments | 31 Aug 25 21:46 UTC | HN request time: 0.813s | source

Show context

zmmmmm ◴[01 Sep 25 02:51 UTC] No.45088995[source]▶

> In this context this would mean having the ability and documentation to build or install alternative operating systems on this hardware

It doesn't work. Everything from banks to Netflix and others are slowly edging out anything where they can't fully verify the chain of control to an entity they can have a legal or contractual relationship with. To be clear, this is fundamental, not incidental. You can't run your own operating system because it's not in Netflix's financial interest for you to do so. Or your banks, or your government. They all benefit from you not having control, so you can't.

This is why it's so important to defend the real principles here not just the technical artefacts of them. Netflix shouldn't be able to insist on a particular type of DRM for me to receive their service. Governments shouldn't be able to prevent me from end to end encrypting things. I should be able to opt into all this if I want more security, but it can't be mandatory. However all of these things are not technical, they are principles and rights that we have to argue for.

replies(38): >>45089166 #>>45089202 #>>45089284 #>>45089333 #>>45089427 #>>45089429 #>>45089435 #>>45089489 #>>45089510 #>>45089540 #>>45089671 #>>45089713 #>>45089774 #>>45089807 #>>45089822 #>>45089863 #>>45089898 #>>45089923 #>>45089969 #>>45090089 #>>45090324 #>>45090433 #>>45090512 #>>45090536 #>>45090578 #>>45090671 #>>45090714 #>>45090902 #>>45090919 #>>45091186 #>>45091432 #>>45091515 #>>45091629 #>>45091710 #>>45092238 #>>45092325 #>>45092412 #>>45092773 #

JeremyNT ◴[01 Sep 25 03:50 UTC] No.45089284[source]▶

>>45088995 #

This is the crux of the matter.

Maybe conceptually you will be able to run some kind of open operating system with your own code, but it will be unable to access software or services provided by corporate or governmental entities.

This has been obvious for some time, and as soon as passkeys started popping up the endgame became clear.

Pleading to the government definitely can't save us now though, because they want the control just as much as the corporations do.

replies(5): >>45089321 #>>45089323 #>>45089975 #>>45090561 #>>45090592 #

reddalo ◴[01 Sep 25 06:19 UTC] No.45089975[source]▶

>>45089284 #

> as soon as passkeys started popping up the endgame became clear

That's why I'm 100% against passkeys. I'll never use them and I'll make sure nobody I know does.

They're just a lock-in mechanism.

replies(3): >>45090207 #>>45090270 #>>45090402 #

lucideer ◴[01 Sep 25 07:11 UTC] No.45090270[source]▶

>>45089975 #

"Passkeys" is a new brand name slapped on an older open, interoperable technology, so it's difficult for me to be "against passkeys" as they haven't fundamentally changed anything.

Before the branding they were known as FIDO2 "discoverable credentials" or "resident keys".

Two things have changed with the rebrand:

1. A lot of platforms are adopting support for FIDO2 resident keys. This is good actually.

2. A lot of large companies have set themselves up as providers of FIDO2 resident keys without export or migration mechanisms. This is the vendor lock-in part (no export feature), but it's not a feature of the underlying tech itself.

Fwiw FIDO are actively working on some standard for exporting/importing keys so that's something.

If you want to use passkeys without lockin, just use Bitwarden or KeepPassXC - they all have full support. Or you can also store a limited number of passkeys on your FIDO2-compatible hardware key like Yubikey or the open-source Nitrokeys.

replies(3): >>45090466 #>>45090951 #>>45091194 #

1. sunshine-o ◴[01 Sep 25 09:09 UTC] No.45090951[source]▶

>>45090270 #

By the way, notice Yubikey did not really release any new series/models and jacked up their price in just a few years. About 50% in 4 years.

The large adoption of those devices and standards did not lower the price.

They probably just banked on the enterprise market where every CISO was pressured to tick the hardware/2FA checkbox. And is then gonna allow to use the Microsoft/Google "software" one because it is hard to manage otherwise.

replies(1): >>45091334 #

2. lucideer ◴[01 Sep 25 10:16 UTC] No.45091334[source]▶

>>45090951 (TP) #

I think there's a bunch of factors to why yubi have upped their prices - not least, waiting for competition in their form factor & not seeing any emerge (token2 & nitrokey are much bulkier) probably gave them some confidence in the uniqueness of their product offering.

It's also become a much more niche product as software based (and/or primary-device-hardware-based) solutions have evolved & improved. & niche costs more.

All that said I'm really not sure why they've been so quiet on new series releases.

replies(1): >>45092612 #

3. sunshine-o ◴[01 Sep 25 13:37 UTC] No.45092612[source]▶

>>45091334 #

> I think there's a bunch of factors to why yubi have upped their prices - not least, waiting for competition in their form factor & not seeing any emerge (token2 & nitrokey are much bulkier)

It is true about the size.

Sill I do not understand the price difference between 5C Nano [0] and the PIN+ Mini-C [1]. 3 to 4 times more expensive depending on the currency.

- [0] https://www.yubico.com/pt/product/yubikey-5-series/yubikey-5...

- [1] https://www.token2.com/shop/product/pin-mini-c-release3-1-fi...

↑