The example picture at the top of the article is weird.
The window title reads “nano” but the software running in the window is Pico, Nano’s now deprecated (and strangely-licenced) spiritual parent. Or it’s Nano hacked to have a Pico header which, while somewhat fitting with the theme, that would be even more weird.
I enjoy your optimism Medhir, but it’s more likely in the next five years that people start having their cars remotely bricked than it is any kind of right to root legislation takes off.
That’s already a thing, albeit for leases.
The world would be a better place if locked bootloaders were not a thing. I agree that there needs to be laws in place to prevent the sale of these devices.
Locked in the technical sense of being able to verify the operating system isn’t a bad thing. The problem is when the device owner can’t add signing keys of their choice.
The latter is what GrapheneOS does.
Something that worries me about that is attestation. This is the advice from the GrapheneOS Devs:
https://grapheneos.org/articles/attestation-compatibility-guide
They’re asking app developers to trust their keys specifically, which would mean that the app might work on GrapheneOS, but not my fork of GrapheneOS with some cherry picked fix I want.
It would be much better if we stamped this out now, before all online services require attestation.
Agreed. Microsoft proposed something along those lines under the name “Palladium” a couple decades ago and was widely criticized, even in the mainstream press. Apple and Google doing the same thing to our phones barely got a whimper.
The purpose of a locked boot system is privacy. A MacBook is a less secure device, and one that’s been rooted and had linux installed is basically open season for any attacker. An iPad trades off the ability to put some other OS, for fairly close to total security. State-level enemies can torture you or run expensive intrusion software… and Apple improves the defenses against the latter every time. Now it reboots if it hasn’t been used in a while, say sitting in an evidence locker.
Boot loader aside, you can write code on an iPad.
There are plenty of code editors, interpreters, and several of them have compilers. The premiere one is Pythonista, but I’m also fond of LispPad (R7RS Scheme). There are a few “linux in a box” things like ish, which give a full shell in a sandbox where it’s safe.
I wasn’t able to find any pico or nano apps, but there are several Vims and emacsen.
The purpose of a locked boot system is privacy.
No its not
A MacBook is a less secure device, and one that’s been rooted and had linux installed is basically open season for any attacker.
Its less secure cos u have the freedom to run the software u want. Trading liberty for security is tyranny.
An iPad trades off the ability to put some other OS, for fairly close to total security. State-level enemies can torture you or run expensive intrusion software… and Apple improves the defenses against the latter every time.
They can torture ur password out of u regardless of what software ur running. Almost all apple devices are vulnerable to state actor hacks. The only operating system that has security that is outpacing the general police level device access tools in grapheneos.
Now it reboots if it hasn’t been used in a while, say sitting in an evidence locker.
Grapheme os implemented that 2 years ago. Apple is 2 years behind the known security issues. Grapheme is a custom operating system.
Boot loader aside, you can write code on an iPad.
If u ignore all the killing torture and general awful behaviour of the Nazis they where very industriouse. If u ignore the bad parts u can make anything a positive.
There are plenty of code editors, interpreters, and several of them have compilers. The premiere one is Pythonista, but I’m also fond of LispPad (R7RS Scheme). There are a few “linux in a box” things like ish, which give a full shell in a sandbox where it’s safe.
I want to do X. Sorry u can’t do X but u can do Y
I want to do X not Y.
Also I get that ur part of the apple cult but if u never try something else you will forever be living trapped inside a metaphorical box unaware of what ur missing. Plato’s cave etc etc.
How is it privacy if it locks you into using an OS that reports on you?
This opinion is so backwards, it’s actually impressive.
The purpose of a locked boot system is to control what the device does as much as possible, which intentionally, or incidentally (it makes no difference) means the manufacturer and only the manufacturer gets to decide how much privacy they get to invade.
Get real.
The purpose of a locked boot system is privacy.
No. Once you strip away all the rhetoric, the purpose of a locked boot system is control (over who or what can boot the system).
Current secure boot implementations are like a door lock installed by someone else, which you are not allowed to replace and that may or may not allow you to cut your own duplicate keys for it. You have no control whatsoever over who the people who installed the lock may have given keys to, and if it turns out that the lock has a fundamental design flaw that means it can’t do its job properly, well, sucks to be you. You can’t even guarantee that the lock won’t morph into a new shape randomly or under the control of the installer, invalidating your existing keys in the process.
Rooting a device is a tradeoff. An unreliable door lock that you don’t entirely control may be better than none, but if you know you’re leaving the door unlocked, you also know you need to take other precautions to safeguard what’s inside (or simply not leave anything of value there in the first place).
The ideal would be a locked boot system that is installed by the user and is fully under their control, but I have yet to encounter one.
The ideal would be a locked boot system that is installed by the user and is fully under their control, but I have yet to encounter one.
