From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=HTML_MESSAGE, MAILING_LIST_MULTI,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 8865 invoked from network); 4 Jan 2024 22:15:12 -0000 Received: from minnie.tuhs.org (50.116.15.146) by inbox.vuxu.org with ESMTPUTF8; 4 Jan 2024 22:15:12 -0000 Received: from minnie.tuhs.org (localhost [IPv6:::1]) by minnie.tuhs.org (Postfix) with ESMTP id CE0EF43EFC; Fri, 5 Jan 2024 08:15:10 +1000 (AEST) Received: from mail-ej1-f45.google.com (mail-ej1-f45.google.com [209.85.218.45]) by minnie.tuhs.org (Postfix) with ESMTPS id 3DD0943EFB for ; Fri, 5 Jan 2024 08:15:05 +1000 (AEST) Received: by mail-ej1-f45.google.com with SMTP id a640c23a62f3a-a287be6dbc0so114879866b.1 for ; Thu, 04 Jan 2024 14:15:05 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704406503; x=1705011303; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=63xlnpJ4mxD80bpD7dfGO/xgJhd7ip/IR6ZXikzNWHo=; b=b0OLIQp8YY8inHozgc5Yvpq6A6wH5Xax3s0sDyDW6H1LqNkwATdQo63n+D0SJOynhs /bK4fAUMi8xVZlOKmkvzLj/Mz4fYrQ2Bo/eG8Gfpy/XN6yNVCQUNWC3UTYM/ucW3qcgH xSVElbeI4cDU+mSHK0shew9dRuqjREaERb+9oCuL4E05BiQYHMd8ZZpmaPRc7b8Ubltx IiYyGK8dlAhbv6u1yaCX6nbxMX2EadYK3H0eax2t7f/mxLT84uhC1JVXCOYmAnBK2+8d zi8k5VhL+C25lJ5R8578IhzrXa29h8/NrmIaCZ2szTcq7HRSO5J8l+YUgCND5Av7kfme bfqQ== X-Gm-Message-State: AOJu0YzqZNPpc7bQFRd99S4FonZFZMZbn/HMFiAQV4XlozCuT41LeDsG ISurcZVE/SH691y0xfpCL0RwofEbavW65w== X-Google-Smtp-Source: AGHT+IEAgp9Ouc2CaW3+r/vSQ1G037FL6DdcHElh9YHtSEnEapVWQA+DGSvafWXJTqc9Vgy6PvpMxA== X-Received: by 2002:a17:906:6947:b0:a28:25fc:747c with SMTP id c7-20020a170906694700b00a2825fc747cmr636631ejs.151.1704406502476; Thu, 04 Jan 2024 14:15:02 -0800 (PST) Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com. [209.85.208.47]) by smtp.gmail.com with ESMTPSA id m21-20020a1709061ed500b00a236378a43fsm124619ejj.62.2024.01.04.14.15.02 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 04 Jan 2024 14:15:02 -0800 (PST) Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-55590da560dso1182989a12.0 for ; Thu, 04 Jan 2024 14:15:02 -0800 (PST) X-Received: by 2002:a50:d6c5:0:b0:553:4731:2f3b with SMTP id l5-20020a50d6c5000000b0055347312f3bmr708618edj.14.1704406501607; Thu, 04 Jan 2024 14:15:01 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Nevin Liber Date: Thu, 4 Jan 2024 16:14:23 -0600 X-Gmail-Original-Message-ID: Message-ID: To: coff@tuhs.org Content-Type: multipart/alternative; boundary="00000000000014ce34060e26109a" Message-ID-Hash: 6MTTJBDOUKQPASKYMOBROA6Y73YHPFGW X-Message-ID-Hash: 6MTTJBDOUKQPASKYMOBROA6Y73YHPFGW X-MailFrom: nliber@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.6b1 Precedence: list Subject: [COFF] Re: [TUHS] Re: Intel ME, UEFI, User Control was Re: Question about BSD disklabel history List-Id: Computer Old Farts Forum Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --00000000000014ce34060e26109a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Jan 4, 2024 at 1:10=E2=80=AFPM segaloco via TUHS wr= ote: > Part of me wonders if the general computing industry is starting to cheat > off of the smartphone sector's homework, this phenomenon where whole > critical components of a hardware device you literally own are still > heavily controlled and provisioned by the vendor unless you do a whole > bunch of tinkering to break through their stuff and "root" your device. > That I can fully pay for and own a "computer" and I am not granted full > root control over that device is one of the key things that keeps "smart" > devices besides my work issued mobile at arms length. > Except for a lot of devices, you haven't "fully paid for" it, because the price most people pay up front takes into account other revenue streams. Take smart TVs for example: < https://www.businessinsider.com/smart-tv-data-collection-advertising-2019-1 >. That being said, of course they want to keep those revenue streams going as long as possible, and once done, they aren't going to pay for any engineering effort to remove it. How much more are you willing to pay up front for that same TV (2x? 3x? 4x?), and are there enough of you for a manufacturer to offer it? I get wanting to protect users from say bricking the most basic firmware on > a board, but if I want to risk that, I should be completely free to do so > on a device I've fully paid for. Now scale it. How do you keep bad actors from bricking *my* device, especially if my device is on the internet? Then scale it to all the security threats besides DoS. You can disagree with the solutions to these threats, but please don't minimize that these are very real threats. Unfortunately the general public just isn't educated enough (by design, not > their own fault) on their rights to really get a big push on a societal > scale to change this. That is a pretty arrogant statement. It is far more likely that, instead of the rest of us not being as educated as you, we just value different things. Traditional Unix systems have, at best, focused on the developer experience, and have been dwarfed for decades by systems companies focusing on the *user* experience. I'm old enough to remember the decades when Unix was always just a year away from doing better than being a distant third behind Windows and Mac OS on the desktop. I want devices that are easy to get things done, don't require much futzing, and isn't a nightmare for my life (due to my data that it can access) if I happen to break it, lose it or it gets stolen. For example: last year when I was hiking in the AZ desert, I got an email about winning a lottery that I had entered for inexpensive show tickets for the next day, and I bought tickets securely with Apple Pay before the deadline expired. All of that was performed confidently and securely with my iPhone (well, I possibly got the email notification on my watch). While it may not be the world you want to participate in or care about, that is the kind of amazing experience that I value, and it seems the kind of experience that lots of people value, as evidenced by the size of the smartphone market compared with the size of the computer market. The open source world and hackable hardware world don't offer this kind of experience. > People just want I push button I get Netflix, Why wouldn't you?? While Netflix isn't perfect, are you seriously arguing people should *want* a far worse user experience? > they'll happily throw all their rights in the garbage over bread and > circuses....but that ain't new... > It isn't about happily throwing away "rights" (whatever that means). It's about we aren't willing to *pay* for it. It's a tradeoff, and those who want everything hackable haven't shown much value to the rest of us, and there are very real concerns about the costs both in terms of security threats and monetary costs. --=20 Nevin ":-)" Liber +1-847-691-1404 --00000000000014ce34060e26109a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Thu, Jan 4, 2024 at 1:10=E2=80=AFPM se= galoco via TUHS <tuhs= @tuhs.org> wrote:
Part of me wonders if the general computing industry is starting to chea= t off of the smartphone sector's homework, this phenomenon where whole = critical components of a hardware device you literally own are still heavil= y controlled and provisioned by the vendor unless you do a whole bunch of t= inkering to break through their stuff and "root" your device.=C2= =A0 That I can fully pay for and own a "computer" and I am not gr= anted full root control over that device is one of the key things that keep= s "smart" devices besides my work issued mobile at arms length.

Except for a lot of devices, you haven&#= 39;t "fully paid for" it, because the price most people pay up fr= ont takes into account other revenue streams.=C2=A0 Take smart TVs for exam= ple: <https://www.businessinsider.com/sma= rt-tv-data-collection-advertising-2019-1>.

= That being said, of course they want to keep those revenue streams going as= long as possible, and once done, they aren't going to pay for any engi= neering effort to remove it.

How much more are you= willing to pay up front for that same TV (2x? =C2=A03x? =C2=A04x?), and ar= e there enough of you for a manufacturer=C2=A0to offer it?=C2=A0
=
I get wanting to protect users from say bricking= the most basic firmware on a board, but if I want to risk that, I should b= e completely free to do so on a device I've fully paid for.

Now scale it.=C2=A0 How do you keep bad actors from br= icking *my* device, especially if my device is on the internet?=C2=A0 Then = scale it to all the security threats besides DoS.=C2=A0 You can disagree wi= th the solutions to these threats, but please don't minimize that these= are very real threats.

Unfortunately = the general public just isn't educated enough (by design, not their own= fault) on their rights to really get a big push on a societal scale to cha= nge this.

That is a pretty arrogant stateme= nt.=C2=A0 It is far more likely that, instead of the rest of us not being a= s educated as you, we just value different things.

Traditional Unix systems have, at best, focused on the developer expe= rience, and have been dwarfed for decades by systems companies focusing on = the *user* experience. =C2=A0 I'm old enough to remember the decades wh= en=C2=A0Unix was always just a year away from doing better than being a dis= tant third behind Windows and Mac OS on the desktop.

I want devices that are easy to get things done, don't require m= uch futzing, and isn't a nightmare for my life (due to my data that it = can access) if I happen to break it, lose it or it gets stolen.
<= br>
For example: =C2=A0last year when I was hiking in the AZ dese= rt, I=C2=A0got an email about winning a lottery that I had entered for inex= pensive show tickets for the next day, and I bought tickets securely with A= pple Pay before the deadline expired.=C2=A0 All of that was performed confi= dently and securely with my iPhone (well, I possibly got the email notifica= tion on my watch).=C2=A0 While it may not be the world you want to particip= ate in or care about, that is the kind of amazing experience that I value, = and it seems the kind of experience that lots of people value, as evidenced= by the size of the smartphone market compared with the size of the compute= r market.

The open source world and hackable= hardware world don't offer this kind of experience.
=C2=A0
=C2=A0 People just want I push button I get Netfli= x,

Why wouldn't you??=C2=A0 While Netf= lix isn't perfect, are you seriously arguing people should want = a far worse user experience?
=C2=A0
they= 9;ll happily throw all their rights in the garbage over bread and circuses.= ...but that ain't new...

It isn'= ;t about happily throwing away "rights" (whatever that means).=C2= =A0 It's about we aren't willing to pay for it.=C2=A0 It'= ;s a tradeoff, and those who want everything hackable haven't shown muc= h value to the rest of us, and there are very real concerns about the costs= both in terms of security threats and monetary costs.
--
=C2=A0Nevin ":= -)" Liber=C2=A0 <mailto:nevin@eviloverlord.com> =C2=A0+1-847-691-1404
=
--00000000000014ce34060e26109a--