[COFF] Re: [TUHS] Re: Intel ME, UEFI, User Control was Re: Question about BSD disklabel history

[Nevin Liber <nevin@eviloverlord.com>]

[-- Attachment #1: Type: text/plain, Size: 4071 bytes --]

On Thu, Jan 4, 2024 at 1:10 PM segaloco via TUHS <tuhs@tuhs.org> wrote:

> Part of me wonders if the general computing industry is starting to cheat
> off of the smartphone sector's homework, this phenomenon where whole
> critical components of a hardware device you literally own are still
> heavily controlled and provisioned by the vendor unless you do a whole
> bunch of tinkering to break through their stuff and "root" your device.
> That I can fully pay for and own a "computer" and I am not granted full
> root control over that device is one of the key things that keeps "smart"
> devices besides my work issued mobile at arms length.
>

Except for a lot of devices, you haven't "fully paid for" it, because the
price most people pay up front takes into account other revenue streams.
Take smart TVs for example: <
https://www.businessinsider.com/smart-tv-data-collection-advertising-2019-1
>.

That being said, of course they want to keep those revenue streams going as
long as possible, and once done, they aren't going to pay for any
engineering effort to remove it.

How much more are you willing to pay up front for that same TV (2x?  3x?
 4x?), and are there enough of you for a manufacturer to offer it?

I get wanting to protect users from say bricking the most basic firmware on
> a board, but if I want to risk that, I should be completely free to do so
> on a device I've fully paid for.


Now scale it.  How do you keep bad actors from bricking *my* device,
especially if my device is on the internet?  Then scale it to all the
security threats besides DoS.  You can disagree with the solutions to these
threats, but please don't minimize that these are very real threats.

Unfortunately the general public just isn't educated enough (by design, not
> their own fault) on their rights to really get a big push on a societal
> scale to change this.


That is a pretty arrogant statement.  It is far more likely that, instead
of the rest of us not being as educated as you, we just value different
things.

Traditional Unix systems have, at best, focused on the developer
experience, and have been dwarfed for decades by systems companies focusing
on the *user* experience.   I'm old enough to remember the decades
when Unix was always just a year away from doing better than being a
distant third behind Windows and Mac OS on the desktop.

I want devices that are easy to get things done, don't require much
futzing, and isn't a nightmare for my life (due to my data that it can
access) if I happen to break it, lose it or it gets stolen.

For example:  last year when I was hiking in the AZ desert, I got an email
about winning a lottery that I had entered for inexpensive show tickets for
the next day, and I bought tickets securely with Apple Pay before the
deadline expired.  All of that was performed confidently and securely with
my iPhone (well, I possibly got the email notification on my watch).  While
it may not be the world you want to participate in or care about, that is
the kind of amazing experience that I value, and it seems the kind of
experience that lots of people value, as evidenced by the size of the
smartphone market compared with the size of the computer market.

The open source world and hackable hardware world don't offer this kind of
experience.


>   People just want I push button I get Netflix,


Why wouldn't you??  While Netflix isn't perfect, are you seriously arguing
people should *want* a far worse user experience?


> they'll happily throw all their rights in the garbage over bread and
> circuses....but that ain't new...
>

It isn't about happily throwing away "rights" (whatever that means).  It's
about we aren't willing to *pay* for it.  It's a tradeoff, and those who
want everything hackable haven't shown much value to the rest of us, and
there are very real concerns about the costs both in terms of security
threats and monetary costs.
-- 
 Nevin ":-)" Liber  <mailto:nevin@eviloverlord.com>  +1-847-691-1404

[-- Attachment #2: Type: text/html, Size: 5802 bytes --]