zlacker

> It's 90s DRM wave all over again.

Except in the 90s you controlled 100% of the code running on your computer. Now there are all kinds of treacherous computing with all those "trusted" execution environments and TPMs and all the other bullshit that can't be avoided, with someone else's public keys burned into the silicon.

>>grishk+(OP)
You can still control the code running on your computer. But the websites you send http requests to don’t have to respond.

>>judge2+s6
You can't. On most modern systems there is software that runs with privileges above your OS kernel that you can't remove or modify because it is signed with the manufacturer's key. The key is part of a "trusted" boot chain. The root of trust is usually burned into the silicon in the fuses or the initial bootloader (boot ROM).

TEE on Android, for example. Intel ME on PCs, and probably TPMs also have a firmware of their own. Secure Enclave on Apple devices.

There's an outstandingly good perspective on the issue in another thread: >>36859465

>>grishk+(OP)
Nope. In the 90s we also had tons of closed code on our computers, namely the BIOS, proper firmware embedded in plethora of peripherals (Disks, Ethernet cards, Microcode in the CPU, etc.), yet due to computing constraints, this has been only tried in forms of Pentium 3 Serial Numbers + Windows APIs + IE6.

However; courts, Free Software Movement and alternative operating systems plus Mozilla stopped this.

Now all of them are under attack. Esp. Free and Open Software Movement is being enshittified with a process which we can call as "Rewrite it in Permissive Licenses, so companies can hire you while closing down the ecosystem".

We really need a flood to clear this mess.

>>bayind+2c
> In the 90s we also had tons of closed code on our computers

Sure, there was much closed code, but there was no signed or trusted code. You could still reverse engineer, patch and reflash every single bit of it to your liking, provided you knew what you were doing. On modern hardware, even dumping the decrypted binary for the "trusted execution environment" is a challenge, and getting the thing to run your modified version is simply impossible because it needs to be signed with a key you don't have.

>>grishk+J7
Even so, on most of the platforms you list you can disable the security checks and attestation mechanisms with a custom OS, which mitigates the risk of letting a site know that your computer is running any specific version of an OS with the proper anti-tamper checks. If you find a device that doesn’t, you can just not buy that device. At a certain point it’s not constructive to say “you can’t build that” when there is enough of a consumer benefit/desire and business incentive to do so.

>>judge2+tQ
The problem is not someone knowing something. The problem is that since 99% of people use their devices in stock configuration, "no attestation available" would be interpreted as "attestation not passed". We're already seeing that with banking apps on Android. It doesn't matter whether you've rooted your stock ROM or running something without Google services, the app will refuse to work either way.

>>grishk+J7
But you can still get computers that have none of that stuff, or where it can be disabled.

>>grishk+jX
The bank thing doesn't bother me, personally. I can circumvent such restrictions entirely by using a bank that has a physical branch near me, and doing my business in person.

>>JohnFe+do1
Or by using the website... oh wait.

From what I gather it depends a lot on the country, but in some countries, including Russia where I'm from, money transfers are done through your bank's app. You probably won't go to a branch to send someone $15 for pizzas they ordered at a party or something. Your only option would be to carry cash for such occasions.

>>grishk+Pt1
> Your only option would be to carry cash for such occasions.

I'm in the US, but this is exactly what I do. I don't think I've ever actually used a banking app to send a small payment to someone for things like this, nor has anyone tried to use an app to send money to me. Cash is king.

(I fully understand that not everyone can or wants to handle payments this way. I'm just saying what works for me. I have no banking apps on my phone at all.)

>>JohnFe+Fn1
Can you give me an example?

A computer without TPM, a "management engine", an Ethernet card with real Firmware in a real ROM, no platform controller, nothing.

...and a completely open BIOS w/o any binary blobs, and UEFI layer.

Almost a 486DX, almost.

>>bayind+SA1
I don't have the models memorized and I'm not at home to check, but I recently bought four towers that don't have TPM or a management engine and allow you to disable UEFI. They're not new, true, but they're certainly not 486 level.

> an Ethernet card with real Firmware in a real ROM, no platform controller, nothing. ...and a completely open BIOS w/o any binary blobs

None of which I was talking about. But I am pretty sure that with any motherboard, you can disable onboard Ethernet and install whatever adapter you want instead.