zlacker

[parent] [thread] 11 comments
1. imglor+(OP)[view] [source] 2022-03-05 14:06:18
The benefit of signed code is it grants hardware vendors a perpetual control, gatekeeping, and rent seeking role. It was never your hardware.

The cover story was security, which might be mathematically correct but in practice has been shown false in every way. Look how much malware gets signed and shipped on devices and sold on app stores: the vendor gets their cut, /shrug. Look how many devices have been intentionally bricked to force new sales - yay them again. And then there's the certificate management illusion.

replies(2): >>gruez+F2 >>aaaaaa+I9
2. gruez+F2[view] [source] 2022-03-05 14:29:55
>>imglor+(OP)
> The benefit of signed code is it grants hardware vendors a perpetual control, gatekeeping, and rent seeking role. It was never your hardware.

but in this case it's literally not caused by hardware vendors ? They're not even a party to this arrangement. The requirement is being enforced by windows, and the certificates are issued by various CAs. If you don't want that just use linux or something, or disable signature enforcement within windows.

replies(2): >>krasta+xj >>Ashame+ei1
3. aaaaaa+I9[view] [source] 2022-03-05 15:23:46
>>imglor+(OP)
The /shrug continues until everyone here stops buying Lenovo hardware after they shipped a rootkit, etc
replies(1): >>CyanBi+In
◧◩
4. krasta+xj[view] [source] [discussion] 2022-03-05 16:35:29
>>gruez+F2
Most linux distros have used signed repository packages since forever, right? Not really challenging what you are saying, rather asking whether this is not already a very similar setup. I guess it is a social web of trust among package maintainers as opposed to the certificate authority root of trust in Windows. Or am I making a flawed comparison?
replies(1): >>imglor+FG
◧◩
5. CyanBi+In[view] [source] [discussion] 2022-03-05 16:55:39
>>aaaaaa+I9
Listen, I really like their Legion series

If people have got recommendations I am all ears

◧◩◪
6. imglor+FG[view] [source] [discussion] 2022-03-05 18:28:43
>>krasta+xj
Linux lets you ignore signatures if you prefer. There are plenty of devices that don't.
◧◩
7. Ashame+ei1[view] [source] [discussion] 2022-03-05 22:39:29
>>gruez+F2
You cant disable signature enforcement on Windows. You can test sign and only if you disable secure boot and enjoy desktop watermarks.
replies(1): >>Wowfun+Ai1
◧◩◪
8. Wowfun+Ai1[view] [source] [discussion] 2022-03-05 22:41:34
>>Ashame+ei1
^ Not enough people are angry about this! I have a permanent watermark on my desktop because I use an edid override for my projector and hobbyist drivers for niche video game controllers. It sucks.
replies(2): >>sterli+0a2 >>Schroe+ua2
◧◩◪◨
9. sterli+0a2[view] [source] [discussion] 2022-03-06 08:35:38
>>Wowfun+Ai1
the reason is vendors. in the XP era, OEMs would write crappy drivers, which made Windows unstable or erratic. WHQL was established to ensure quality control, but vendors could simply disable signing if they couldn't be bothered to make their drivers up to code. the watermark was added to prevent such unscrupulous behavior.
◧◩◪◨
10. Schroe+ua2[view] [source] [discussion] 2022-03-06 08:40:47
>>Wowfun+Ai1
Stop using windows. Stop accepting microsoft software at work.
replies(2): >>Ashame+zF2 >>hulitu+V23
◧◩◪◨⬒
11. Ashame+zF2[view] [source] [discussion] 2022-03-06 15:02:13
>>Schroe+ua2
I don't use Windows myself, but I have to develop for it, and hit this problems even when everything I develop is open source.
◧◩◪◨⬒
12. hulitu+V23[view] [source] [discussion] 2022-03-06 17:55:18
>>Schroe+ua2
> Stop using windows. Stop accepting microsoft software at work.

Some people need money to sustain their families. As a prostitute you can choose your clients but this might lead to lower income. ( yes, i do think that me, having to use Microsoft software is prostitution, but i didn't had any employer which gave me a chance to install linux).

[go to top]