We should have the ability to run any code we want on hardware we own

(hugotunius.se)

2071 points K0nserv | 2 comments | 31 Aug 25 21:46 UTC | HN request time: 0.522s | source

Show context

tzury ◴[01 Sep 25 01:47 UTC] No.45088695[source]▶

We need both options to coexist:

1. Open, hackable hardware for those who want full control and for driving innovation

2. Locked-down, managed devices for vulnerable users who benefit from protection

This concept of "I should run any code on hardware I own" is completely wrong as a universal principle. Yes, we absolutely should be able to run any code we want on open hardware we own - that option must exist. But we should not expect manufacturers of phones and tablets to allow anyone to run any code on every device, since this will cause harm to many users.

There should be more open and hackable products available in the market. The DIY mindset at the junction of hardware and software is crucial for tech innovation - we wouldn't be where we are today without it. However, I also want regulations and restrictions on the phones I buy for my kids and grandparents. They need protection from themselves and from bad actors.

The market should serve both groups: those who want to tinker and innovate, and those who need a safe, managed experience. The problem isn't that locked-down devices exist - it's that we don't have enough truly open alternatives for those who want them.

replies(23): >>45088735 #>>45088761 #>>45088840 #>>45088846 #>>45088867 #>>45088917 #>>45088924 #>>45088947 #>>45089091 #>>45089098 #>>45089274 #>>45089445 #>>45089853 #>>45090037 #>>45090783 #>>45091788 #>>45091834 #>>45092235 #>>45092332 #>>45092365 #>>45092417 #>>45092508 #>>45094664 #

mjevans ◴[01 Sep 25 02:17 UTC] No.45088840[source]▶

>>45088695 #

Incorrect.

Choice 2. Empowered user. The end user is free to CHOOSE to delegate the hardware's approved signing solutions to a third party. Possibly even a third party that is already included in the base firmware such as Microsoft, Apple, OEM, 'Open Source' (sub menu: List of several reputable distros and a choice which might have a big scary message and involved confirmation process to trust the inserted boot media or the URL the user typed in...)

There should also be a reset option, which might involve a jumper or physical key (E.G. clear CMOS) that factory resets any TPM / persistent storage. Yes it'd nuke everything in the enclave but it would release the hardware.

replies(6): >>45088909 #>>45088912 #>>45088914 #>>45088933 #>>45089048 #>>45091997 #

flomo ◴[01 Sep 25 02:33 UTC] No.45088909[source]▶

>>45088840 #

Keep in mind one of these third parties would almost certainly be Meta (because users want their stuff), and that would almost certainly be a privacy downgrade.

replies(1): >>45088937 #

echelon ◴[01 Sep 25 02:39 UTC] No.45088937[source]▶

>>45088909 #

Freedom > Privacy > Security

Never give up your freedom.

If you have to give up your privacy to ensure your freedom, so be it.

If you have to give up your security to ensure your privacy, so be it.

This goes for governments and phones.

replies(2): >>45088953 #>>45089093 #

flomo ◴[01 Sep 25 03:11 UTC] No.45089093[source]▶

>>45088937 #

Always fun to interact with some internet Thomas Jefferson giving freedom speeches from his mother's basement.

Reality is that people pay a lot of money because they 'trust' Apple (and to a lesser extent Google), but Meta is the sleaziest one of them all. (And I don't use their shit either.) But people want Whatapp and Instagram, and so you are telling them now they have sell-out and go to the "Meta App Store" to talk to their friends. That fucking sucks. And I think you agree with that.

replies(3): >>45089461 #>>45093296 #>>45097769 #

dzikimarian ◴[01 Sep 25 15:10 UTC] No.45093296[source]▶

>>45089093 #

Under such topics there are always comments about each vendor making their own store, yet it didn't happen on Android, where it's currently perfectly possible.

replies(1): >>45099369 #

1. flomo ◴[02 Sep 25 05:14 UTC] No.45099369[source]▶

>>45093296 #

Sorry, I haven't had an Android phone since the original Nexus, so hopefully you can clarify. Could you install some hypothetical 'Meta Store' from the Google Store? Or do you mean more like Meta could just sell their own phone (eg Amazon)?

replies(1): >>45099822 #

2. green7ea ◴[02 Sep 25 06:42 UTC] No.45099822[source]▶

>>45099369 (TP) #

Both are possible.

You can have alternative app stores on Android without any restrictions — the most famous example would be F-Droid which hosts free software. Nothing stops Epic, Meta or any company from also having such a store.

When you ship a certified Android, it has to come pre-installed with the Google Play Store but some vendors like Amazon and Huawei ship an alternative OS with their own stores to replace the Google one. It's not officially Android but can be based on the Android Open Source Project.

Very few companies have chosen to do either and it was usually because they were forced to (Huawei).

↑