zlacker

[return to "Pluton is not currently a threat to software freedom"]
1. messe+sa[view] [source] 2022-01-09 03:37:29
>>foodst+(OP)
The fearmongering about Pluton feels very similar to the criticism that was levied against UEFI Secure Boot when it was being debuted. In the end, x86 systems didn't become any more locked down.

I predict that this will blow over, and won't be a big deal in a few years time once FOSS drivers for what is effectively just a new breed of TPM are released.

If in five years, it turns out I was wrong, I'll eat my hat. Although defining "my hat" by then might be difficult, as it'll probably be subscription based.

◧◩
2. heavys+Lb[view] [source] 2022-01-09 03:48:09
>>messe+sa
Some x86 systems weren't completely locked down, but similar systems successfully lock down millions of phones, tablets and console devices (which are x86 systems these days).

The trend for security in desktop computing that's pushed by these large companies is to, over time, approach similar levels of lock down that mobile devices currently have. Both Windows and macOS are approaching the iOS security model that depends on manufacturers blessing what software can run on their products, and banning software they don't want users to run.

For example, with Defender on Windows and Gatekeeper on macOS, developers need to buy certificates from Microsoft and Apple's partners in order to distribute and run their software on users' desktop computers. If developers want their software to run on Windows or macOS, they need to remain in good standing with Microsoft or Apple. If Microsoft or Apple decides they don't like you or your app, all they need to do is to revoke your signing certificate, and Defender and Gatekeeper won't let your software run on Windows or macOS. That, or they can choose to no longer renew your certificates after they expire.

◧◩◪
3. gruez+ed[view] [source] 2022-01-09 04:01:38
>>heavys+Lb
> Some x86 systems weren't completely locked down, but similar systems successfully lock down millions of phones, tablets and console devices.

so shouldn't we be protesting against the systems that are locked down, instead of protesting against largely non-problematic implementations? For instance, with secureboot you can load your own keys, and the TPM isn't some sort of coprocessor that has access to your entire system.

>If Microsoft or Apple decides they don't like you or your app, all they need to do is to revoke your signing certificate, and Defender and Gatekeeper won't let your software run on Windows or macOS.

I'm not sure about gatekeeper, but at least on windows smartscreen can be disabled. I understand how having a gatekeeper sucks, but I also understand the problem of malicious software, which gatekeeping partially mitigates. In the end the fact that you can disable makes it a non-issue for me.

◧◩◪◨
4. im3w1l+np[view] [source] 2022-01-09 06:01:17
>>gruez+ed
It is not a non-issue. Because 95% of people will not disable it. This means that if Microsoft asks some company to make changes to their program, then they will have a lot of leverage behind that ask. Even if you personally disable the gatekeeping, you will be affected indirectly as the market for non-compliant programs will be unsustainable. Everything you run will be microsoft compliant, outside maybe one or two hyper-niche things.

This is what Android has taught us.

◧◩◪◨⬒
5. Godel_+Lx[view] [source] 2022-01-09 07:45:22
>>im3w1l+np
Except there are a ton of people (as in millions of them) who have smartscreen disabled because they're using a non-microsoft antivirus program. So no, this is a non-issue.

Also, smartscreen is not a naive block of unsigned code. Code blocking is reputation based, and people disabling smartscreen and running a binary contributes to that reputation. Which means that people like gp are actively helping by continuing to use Windows and running safe-but-unsigned apps. So, to reiterate, not an issue.

[go to top]