←back to thread

We should have the ability to run any code we want on hardware we own

(hugotunius.se)
2071 points K0nserv | 1 comments | 31 Aug 25 21:46 UTC | HN request time: 0.212s | source
Show context
zmmmmm ◴[01 Sep 25 02:51 UTC] No.45088995[source]
> In this context this would mean having the ability and documentation to build or install alternative operating systems on this hardware

It doesn't work. Everything from banks to Netflix and others are slowly edging out anything where they can't fully verify the chain of control to an entity they can have a legal or contractual relationship with. To be clear, this is fundamental, not incidental. You can't run your own operating system because it's not in Netflix's financial interest for you to do so. Or your banks, or your government. They all benefit from you not having control, so you can't.

This is why it's so important to defend the real principles here not just the technical artefacts of them. Netflix shouldn't be able to insist on a particular type of DRM for me to receive their service. Governments shouldn't be able to prevent me from end to end encrypting things. I should be able to opt into all this if I want more security, but it can't be mandatory. However all of these things are not technical, they are principles and rights that we have to argue for.

replies(38): >>45089166 #>>45089202 #>>45089284 #>>45089333 #>>45089427 #>>45089429 #>>45089435 #>>45089489 #>>45089510 #>>45089540 #>>45089671 #>>45089713 #>>45089774 #>>45089807 #>>45089822 #>>45089863 #>>45089898 #>>45089923 #>>45089969 #>>45090089 #>>45090324 #>>45090433 #>>45090512 #>>45090536 #>>45090578 #>>45090671 #>>45090714 #>>45090902 #>>45090919 #>>45091186 #>>45091432 #>>45091515 #>>45091629 #>>45091710 #>>45092238 #>>45092325 #>>45092412 #>>45092773 #
altairprime ◴[01 Sep 25 05:24 UTC] No.45089713[source]
There’s a scenario where this does work: you can install any operating system on the hardware you own, if you complete a “erase all content and settings” dire scary confirmation screen.

- If you want to run something other than iPadOS or Google TV, go for it. (Smart TVs are just tablets with a don’t-touch screen.)

- If you want to install spyware on someone’s phone, you can’t; the HSM keys held by their OS are lost when you try to install a patched version and restore from a backup, and their backup doesn’t restore properly because half of it depends on the HSM or the cloud and everything is tagged with the old OS’s signature.

- If you want to patch macOS and then deploy it to your fleet, you can; it won’t be Signed By Apple but you’re an enterprise and don’t care about the small losses of functionality from that.

- If you want to dual boot, go ahead; the issues with the HSMs not permitting you to host two OSes worth of partitioned keystones can be resolved by regulatory pressure.

This satisfies all the terms of “let me install whatever I want”, while allowing the OG App Store to continue operating in Safe Mode for everyday users in a way that can’t be entrapped without the scammer on the phone telling them to delete everything, which destroys the data the scammer wants.

My car already allows me to do this. My phone should too.

replies(2): >>45089865 #>>45090804 #
mike_hearn ◴[01 Sep 25 08:43 UTC] No.45090804[source]
Your phone can allow that. Many Android devices allow exactly that. Google Pixel devices do, for instance, exactly because Google's Android team has always agreed with you.
replies(1): >>45094886 #
1. altairprime ◴[01 Sep 25 17:44 UTC] No.45094886[source]
I appreciate your support of this position :)