zlacker

[parent] [thread] 3 comments
1. Anthon+(OP)[view] [source] 2025-12-06 19:24:47
> So why would a company, in this new environment, invest resources in making their hardware compatible with competing software environments?

Because that's what customers want to buy. People are paying premium iPhone prices for hardware with mediocre specs and then the hardware sells out when someone like Purism or Fairphone actually makes an open one. How many sales would you get if you did the same thing on a phone that was actually price/performance competitive with the closed ones?

Meanwhile all of that "profit center" talk is MBA hopium. Nobody is actually using the Xiaomi App Store, least of all the people who would put a different OS on their phone.

The real problem here is Google. Hardware attestation needs to be an antitrust violation the same as Microsoft intentionally breaking software when you tried to run it on a competing version of DOS and for exactly the same reason.

replies(2): >>srouss+I1 >>matheu+W3
2. srouss+I1[view] [source] 2025-12-06 19:40:23
>>Anthon+(OP)
Some of the funnest work, if you could get it, was swapping ssds out of laptops coming through customs for high value targets.
replies(1): >>Anthon+ct
3. matheu+W3[view] [source] 2025-12-06 19:58:20
>>Anthon+(OP)
> Hardware attestation needs to be an antitrust violation

Yes!! Absolutely agree. This needs to be made illegal.

◧◩
4. Anthon+ct[view] [source] [discussion] 2025-12-06 23:50:25
>>srouss+I1
Which is another reason we need to strip this hardware attestation stuff out of the hardware. It either needs to use exclusively keys the user loaded into the device themselves or the keys aren't on the device whatsoever and then the "high value targets" verify the contents of the drive from a known-clean machine once they get it back from the adversarial foreign officials before putting it back into service. Or better yet, keep a separate laptop on each side of the border and then sync the data over the internet instead of losing physical control over the device at an adversarial border.

Plenty of adversarial countries have a competent security service. A foreign government can compromise the corporation's root signing key for the devices through technical attacks and through bribery, espionage, physical intrusion, etc. And they're not going to tell you that they have before using it against your high value targets, so how do you protect them? By not relying on systems with a single point of compromise.

[go to top]