undefined | Better HN

0 pointsuserbinator5y ago0 comments

but software and websites will have the option to refuse service to your modified system.

Oh hell no! This is the scenario that Stallman warned us about, over two decades ago:

https://www.gnu.org/philosophy/right-to-read.en.html

0 comments

4 comments · 2 top-level

floatingatoll5y ago· 2 in thread

Citing a twenty plus year old manifesto with offers no guidance on how to reinterpret the idealistic view of “It is my right to modify” versus the modern day problem of “I must protect myself and others from malicious modifications”.

Stallman hasn’t been of much use for this, and his followers fervently cite his decades-old works each time I raise this point — but meanwhile, this is available today to any website accessed by any Apple Silicon MacBook, and it’s already deployed and in use in the (Linux) servers powering Azure Cloud, and it’ll probably reach the consumer Windows market in the next year.

Now what? After we get past “RMS told us this would happen”, after we blow off steam about “My ideals are being violated”, is there anything left to discuss and consider here?

I thought there was — for example: “Is it possible to reconcile the conflicting needs of safety and modifiability?” — but the prevalence of replies like the above over the past few weeks makes me think that I’m mistaken, and should simply let this go unnoticed until it’s too late and irrelevant what anyone believes.

rstuart41335y ago

> the modern day problem of “I must protect myself and others from malicious modifications”. Stallman hasn’t been of much use for this

Clearly we differ, because it looks to me like Stallman put forward the only plausible solution to someone taking control of my system without my knowledge or permission: open source. Granted, that wasn't what he was trying to do at the time, he was as you say perusing the "It is my right to modify" line. But that's how it's turned out.

You are apparently perfectly happy to have Apple / Google / Microsoft or whoever install whatever backdoors and spyware they please on your system. It's not like you have a choice, or will even know, so it's probably best you've made your peace with it; just as people have made their peace with Facebook, Google Chrome not deleting their own cookies, or Microsoft refusing to copy files because some virus checker had a copyright violation signature fire (that's actually happened to me).

Maybe I'd even be OK with trusting those companies, but I definitely draw the line with governments granting themselves the legal right to rummage through that same cookie jar, which is exactly what the Australian government did with it's Assistance and Access bill. [0] I'm sure all governments do the same thing of course, including the Chinese government. A good indicator of how seriously the governments themselves take this threat is how Huawei is being treated by Western Governments. I have no doubt the Russian and Chinese view western gear with the same level of suspicion. To me that is the only sane position to take.

Just to be clear, I'm not saying TPM's and the DRM they enable aren't useful, but the problem is the lack of visibility into what these black boxes you are carrying around with you and putting in your living room. If you know what those boxes are doing, locking them down so hard they can’t be compromised by someone who has physical access to them is a nice addition, although the threat scenario (someone who has physical access) is very limited so perhaps not a major addition. But what you seem to be applauding is locking them down so hard even you, who has physical access, can’t see what they are doing, and then you go on to pillar a person who proselytized making all software transparent, so everyone could see if there systems system are running software they approve of, and not malware or worse.

[0] Quick summary: the Assistance and Access bill gives the ozzie government the right to force any company to write spyware that won't be detected by their OS's (that's the "Assistance" but), and then install it via their auto patch systems onto to device they nominate (that's the "Access" bit).

floatingatoll5y ago

My personal opinion on this technology isn’t included here, and I’ve made a point of withholding it each time, specifically to deny the opportunity to invoke the messenger’s feelings as relevant to the issue at hand. What I feel about this doesn’t matter, because this is already live in two marketplaces and headed rapidly to a third. I could be pro, I could be con, I could be both/mixed or uncertain/apathetic (hint: it’s not a purist view on either side of the fence). Discussing my viewpoint isn’t even possible, yet half of the words in your reply are dedicated to your speculation about it.

Focus your energy on the real issues at hand:

How are we going to adapt to the reality of secure attestation? How are we going to confront it with technology? How should we legislate to protect against abuse of it? How can we make use of it appropriately?

My goal is to raise awareness, and based on the other half of your reply, I’ve succeeded with one person. That’s progress, I suppose.

pfranz5y ago

At least in the US, my understanding is a 1975 law, the Magnuson–Moss Warranty Act, protects warranties on modified products as long as the modification didn't cause the issue. It comes up all the time with cars since there's an active mod community.

That being said, I usually backup and "factory restore" my computers before servicing. Mostly because I don't want to hand out my password or hand over my personal data, but I expect them to test that its fixed and that's easier in a generic OS. I also think it'd be odd to hand over a Macbook Pro (or even a Microsoft Surface) with Linux installed and expect their random, low-level tech to asses things.

j / k navigate · click thread line to collapse