It’s been tried a bit before, but didn’t get through. The current situation with secure boot is worrying, because we’re one manufacturer playing ball away from it to become a reality.
I’d like to say there’s strong incentive to not do that, but it seems that logic alone would not stop this kind of push. And weirdly enough, even financial risk might not be enough, as we’ve seen baffling decisions made these last few months.
The main saving graces is that there are more than two manufacturer for motherboard, and as far as I know, patent lockdown and secrecy isn’t as big on PC hardware than on mobile boards, so it might be easier to escape such lockdown. But fully locked down systems under external control is clearly where some people wants us to go.
Users are getting dumber by the day. The people arguing back to me about “this is a you problem” when I mention reasons why device ownership is important is way too fucking high.
This is why you gatekeep hobbies. Keep the dipshits out so they don’t become the masses that ruin what you enjoy.
Exactly, if I like something I try to keep it on the down low, or only spread it in circles where I know it will be similarly appreciated, the moment a majority of the people are into something, that thing will now get subjected to external influences that require it to be liked by everyone and most people are mediocre so the thing moves towards mediocrity
I imagine this will actually create competition. Android is open source. It can be forked.
Also there will always be things like raspberry pi and arduino.
Android is barely open source, and AOSP can no longer directly run on any hardware, not even the pixel. It’s not really forkable and maintainable in any ongoing sense.
You need to be an OEM to get access to the latest android source code now.
The question is, who wants to fork and maintain android? That’s a massive undertaking, one that wouldn’t seem worth it until it started getting meaningful percentages of market share.
Mmmm, Linux
It’s been done before. ChromeBooks comes to mind, but there have been others. Usually winds up killing the outfit that tries it.
As far as I know Chromebooks only survive because of the educational market. Locked down devices are preferable in schools.
I won’t buy one, but I could see such systems becoming dominant in another 20 years or so.
And just like that I’m all about Ubuntu phones now
Which devices are you planning to get at right now?
Either buy pine or try out userland for current but I haven’t completed the research yet
I kind of expect this to happen with Apple’s rumored $600 macbook. Since they just updated ipadOS to run like a locked down version of macOS. I bet they will offer this cheap mac with the same locked down OS since it will have a “phone” processor in it.
They will say this was a compromise needed, but the majority of people will not care. After a few years, the macs that are open will get more and more expensive.
I’m guessing Windows will slowly start to move in thie direction, but I think they will try to push their remote computers thing to accomplish this.
I’m not sure about bootloaders being locked, I am guessing there will always be something that is unlocked and able to run linux though. It is needed for servers and stuff like that. In the worst case, someone will likely sell arm or risc-v powered boards that can be used to run linux.
Just use Linux?
I don’t understand the question…
It is entirely possible to lock down computer parts to only run Windows and signed drivers. However, the sheer amount of available computer parts, open sourced hardware, widely understood technologies, and not enough monopoly makes this unfeasible for anyone to really try to implement (yet).
If Intel started doing Windows only, they would lose so much revenue from big corporations and data centers it would ruin them, and everyone would just buy AMD instead. Consumer market in computer sector is secondary.
For phones, you really do not have enough alternatives. You choose between evil and more evil. Think of it as Linux in it’s starting days - missing features that makes it unusable for the common folk. Linux phones haven’t matured yet, that’s why you have to choose between feature rich vs heavily degraded user experience, as opposed to minor inconvenience of not being able to run some apps.
For starters you do your research and don’t buy that hardware, or maybe better you buy it and then return it because it doesn’t allow you to install the software you want.
Oh and leave a bad review so other people won’t make the same mistake!
Google is not restricting Sideloading.
Its the same way Apple is doing it. You just need to buy a Signaturen from them via ID, and you have to sign every app.
They are not restricting it, they are just adding these restrictions to doing it
They’ll have the power to revoke the ability to install any app for any reason. On top of the chilling affect on developing foss apps.
And what will happen to apps that Google doesn’t like and removes the dev signature? i.e., Revanced
Fear of this is why I have been hoarding any computer that runs for a long time now
Thinkcentre club stand uup !
I think I have 5 😐 or 6 IDK
I don’t know how useful 32 bit old computers are, if they run cryptography software they aren’t completely useless
Mine are all “modern” ones, I think even the old E8300 was 64 bits and that one I left a loong time ago. Do you keep all your computers?
All the ones that run and a couple that don’t. Some are in my mom’s basement though
Any idea what you want to use them for, or is it “just in case”?
At minimum they can be crypto terminals or distraction free writing/eBook reading machines. But mostly just in case it’s all we have left to use.
Microsoft is already starting to lay the groundwork with their CPU and TPM 2.0 requirements.
Apple has been doing this for a long time, though there are ways to get around it on MacOS, for now.
On PC, the answer is Linux. For mobile devices, things are looking more bleak.
Linux won’t be an option if the boot loader is locked. I think Linux is just about popular enough that options should remain but they might become reduced unless it becomes more popular than it currently is.
Linux is heavily used on servers. Losing server sector means a huge chunk of revenue.
Linux is servers.
Hell, VMware migrated to a Linux base a while back, and with their new exorbitant pricing, large environments are switching to things like Proxmox.
The next ten years, VMware will be second string virtualization, even in data centers.
I’m not sure what’s going to happen, but there was a “BIOS War” in the 80’s,when IBM wouldn’t release their BIOS code, so other devs reverse engineered it. No reason why that couldn’t happen again.
I’d imagine not every mobo manufacturer will play ball with whoever mandates a locked bootloader.
Right now, we have google and apple with a duopoly on mobile devices.
The grand majority of all laptops and desktop devices are using motherboards manufactured specifically for those devices (or device series). It’s not much of a stretch to imagine them adding restrictions to their already mature supply chain.
Sure, but there’s Tuxedo Computers, Framework, the PopOS guys selling PCs and many more. Those won’t go away.
The situation is actually quite awful. I remember when TPM was palladium and there were apocalyptic talks in tech conferences about it being the end of general purpose computers. The idea that your computer could veto what it was used for.
The backlash only set them back a few decades apparently. Everyone forgot and now it’s a literal requirement for the latest Windows and in two months they’ll stop supporting the old Windows…
Next phone I get I’ll get fairphone and check the market for an alternative OS at that time. This might be the push that the Linux phone community needs to make it proper and good.
We currently need a KDE phone that they sell where I can buy a KDE phone and support them that way.
The pieces are coming together for Linux notably:
- SPA support instead of apps.
- Waydroid
- Core components such as calling, sim card actions, recording, speakers can be provided by fairphone via drivers.
I’m getting pretty sick of Google and other corpos locking down Android so fuck them, third best phone OS will have to do and I’ll do banking in the mobile browser page.
I just bought the cheapest fairphone I could get to replace my old pixel. Now it’s time to try proper linux on mobile for the first time. I’m excited!
Almost 15 years on Android finally coming to an end! My first Android phone came with Android 2.1 and now 14 shall be the last version I’ll ever use.
This is already happening, but it’s on an organisational level by policy. These policies can be applied to systems that follow trusted computing rules, which is most Windows 10 systems and pretty much all windows 11 systems. Google has laid the groundwork for this since the pixel 3 was released in 2018.
Since then, we have seen Google put the Titan security module in all phones and I’m certain Chromebooks are requiring TPM modules that serve the same function.
Apple has been doing the same since God knows when. Their systems have had unique chips that ensure that when MacOS is installed, it is only installed in Apple computers. There are ways around this, just as there are ways around the TPM requirement for Windows 11.
The trusted computing model, when fully imposed, can basically stop any applications from running that have not been given the blessing of the security team.
As far as I’m aware, the only people taking advantage of the technology are government institutions.
The fact that this can be wielded to enforce control over private individuals by our corporate masters is becoming a very real possibility, but the fact that it hasn’t happened yet, by any vendor, is, in my opinion, good evidence to say that it’s unlikely, but not impossible. Maybe that’s wishful thinking on my part.
In any case, the only truly free operating system left is GNU/Linux, with few other exceptions.
Gnu Hurd ftw ! (I’ll see myself out)
They’re waiting until all the products in the wild can be locked down.
Right now, they’re struggling to get people.to jump to Windows 11, and people are hoarding their old computers. They want all the products that don’t have TPM or its equivalent to be outmoded before they remove the mask.
Microsoft are smart enough to not piss off every giant corporation and destroy their entire business overnight, so you can count on it never being forced by them.
pissing off customers never stopped them for decades different versions of office programs ran side by side with no issues. they auto uninstall other versions of office automatically while stopping the install with a big pop up about compatibility issues.
this impacts all businesses using old versions of access programs alongside more new versions of office with newer installers. along with a byzantine licensing model with bizarre “incompatibilities” between the same year versions in different licensing channels, yeah tell me how microsoft won’t piss off corpo and government clients.
they seem to specialize in pissing off corpo and gov clients.
Sounds like the businesses you’re talking about have incompetent IT staff.
They certainly wouldn’t roll it out overnight but they’ve had their long term targets on OS as a service since Windows 8 and these things tend to come bundled.
Nah, they know their limits. They will keep trying to make an optional locked down OS for regular users a thing, but there will always be a fully “unlocked” version available due to legacy software and the entire worlds reliance on it.
While microsoft also plays in the quarter to quarter economic BS they still have long term planning.
It’s precisely because they have a monopoly on enterprise class software that they could pull this off. That’s why the shift in euro-gov agencies to linux is such a big deal.
MS already has updates as a “free” service and windows insider which requires a paid azure sub which means they already use the threat of “security risks” to force companies to subscribe to azure, which is in effect equivalent to a sub to the OS.
I’m suggesting that they’re going to do what they’ve said they want to do. Just maybe on the longer term or in a novel way.
The biggest motivation they have to keep individual licenses OTP is it gets people used to the ecosystem (customer capture) and they’re massively profiting on all of
yourthat data.Making their OS subscription based is not what we’re talking about though. We’re talking about it becoming locked down and only running signed and approved software like Android is going to do.
That fundamentally breaks windows for most of the corporate world. Literally would break the world as we know it lol.
Last time I used windows in a big corpo settings, there were so many things pudding off both us Devs but also IT.
Switch out a bad RAM stick? Spend an hour with IT.
Use a software? Spend an hour (or days) with IT
Compile your own software? Believe it or not, spend large amounts of time with IT
Like the compiler on a windows PC can’t work without different windows protection systems gets in the way, repeatedly. And then your executable, or some .d’ll just get wiped off the disk 😐🤷🏼♀️
I don’t think they do it intentionally, but big corpos don’t give a shit about their workers conditions, so if they were to enforce things (with backdoors ofc, so that if needed you can deactivate things, remember the unique installation code for windows like 95 or 98?) the grunts will just have to eat it up. And they would probably not have a much harder time, everything is already locked down hardware wise so they are used to all that jazz.
None of your examples at the start I’d that comment make sense or are true.
Also you’re talking about corporate policies for businesses that use windows, not windows itself. Management of devices is one of the biggest reasons why windows is the only real option for big corporations.
Oh I’m very absolutely talking about windows itself, it’s the reason you have go through so many loops to do the tiniest thing.
My point: Microsoft is already doing what you’re supposing they never will.
BTW your first phrase doesn’t make any sense?
This kind of stuff never happens overnight. It happens slowly, incrementally, and the people are never mad enough at too much sudden change to be motivated enough to do anything. People should feel good about the imposition of boundaries, and it helps that for the average user, the boundaries often result in a better user experience.
I don’t think you guys understand that forcing windows to only run approved by Microsoft software would literally break the world as we know it. Microsoft know this. There’s no way around it.
I was responding to this:
Microsoft is smart enough not to piss off every giant corporation
Yeah, and they can’t get rid of “sideloading” without literally killing their entire company because gigantic corporations, where they make the majority of their money, are the ones the most beholden to legacy software that would be blocked if they did. Banks, governments, hospitals, schools…….everything would not be able to function.
Well I think you’re moving the goalpoast a little here 😅, but believe me, they already do, lots of soft that doesn’t get around the windows defender.
You can literally always install software no matter what defender says. Did you not know this?
Wow shows you don’t know anything about computers 😂
Eh, just means it isn’t plug and play. Once you have the hardware, you are the admin.
It may get tougher, but it’ll never be impossible.
Tell that to the Intel management engine or secure platform module
It’s not going to happen.
Motherboard manufacturers are not going to start making Windows only BIOS.
Microsofts target audience isn’t the private user. It’s companies. The money they make selling their OS to private persons are table scraps compared to their enterprise licenses. Any such initiative would fuck over every single enterprise customer.
It’s been attempted in two ways.
First is secure boot. There were a handful of computers sold that did not allow disabling of secure boot, or changing the loaded keys. So it was basically essentially a Windows only computer.
More recently is there was Microsoft Windows S. This was a cheap version of Windows Home that ran on low end computers and was locked to only allow installing apps from the Microsoft store. It was possible to unlock it but as I recall it required an additional fee.Enterprises almost all run Windows anyway so they DGAF.
Fedora supports secure boot out of the box
So does Ubuntu, but there is a catch. Secure boot relies on signature checking, so you can manually add the signature of your OS manually to the UEFI db, but can’t do that on locked UEFI. Major Linux providers went another route, they paid Microsoft to sign a
shimbinary, which in turn can verify and boot the matching Linux kernels. Microsoft refusing to sign shims would be a rather crippling move, but they would get a massive backlash from that.
Enterprises use a lot, and I do mean A LOT of custom software. Either developed in house or by others. They absolutely care.
What Microsoft does within their own OS, as the “S” version you’re talking about. That’s a non issue given you can just flash the drive and install whatever OS you want.
As for the concern that you’d somehow be unable to install another OS. Due to Secure Boot. I personally have never come across a computer that I’ve had full BIOS access to that didn’t allow disabling secure boot. Though some have been more cooperative than others. But maybe I’m just lucky.
But I’m also pretty sure there are linux distributions that support Secure Boot.
Secure Boot for what it’s intended to do, is a pretty good feature. Which is to stop unauthorized software from running before initiating your OS
I was talking about secure boot. If the computer only runs Windows, enterprise doesn’t care. If the computer only runs Windows S, it’s an absolute nonstarter in enterprise tons of apps aren’t on the app store. But Windows S is never targeted to enterprise, only low end home users.
Anything can support secure boot, the question is, are the keys included in the BIOS so it can run that particular OS without loading extra keys?
I’ve also not personally encountered a computer where secure boot couldn’t be disabled or the list of keys modified, but I’ve definitely heard about them existing.
IIRC, I had a PC (since sold) that had secure boot permanently enabled from the factory. That is, in spirit, a PC with a “locked bootloader”, but you might not even notice because many Linux distros have that Microsoft-blessed Linux loading shim… but it is still Microsoft inserting themselves between you and your hardware; they could decide in the next few years they no longer “support” Linux, hypothetically.
