Right to Root Access : technology

[–] [email protected] 96 points 3 days ago (4 children)

The world would be a better place if locked bootloaders were not a thing. I agree that there needs to be laws in place to prevent the sale of these devices.

[–] [email protected] 13 points 2 days ago* (last edited 2 days ago) (1 children)

Imagine a PC with a locked bootloader.

Imagine having to purchase a new PC to simply be able to get updates. Or be locked to windows for life and not have an option to install Linux, BSD, whatever else.

There is zero reason to restrict installing a new os or firmware on a phone except planned obsolescence

[–] [email protected] 6 points 1 day ago

Imagine buying a PC but only be able to install anything from one app store made by the manufacturer

[–] Zak 65 points 3 days ago (1 children)

Locked in the technical sense of being able to verify the operating system isn't a bad thing. The problem is when the device owner can't add signing keys of their choice.

The latter is what GrapheneOS does.

[–] [email protected] 31 points 2 days ago (1 children)

Something that worries me about that is attestation. This is the advice from the GrapheneOS Devs:

https://grapheneos.org/articles/attestation-compatibility-guide

They're asking app developers to trust their keys specifically, which would mean that the app might work on GrapheneOS, but not my fork of GrapheneOS with some cherry picked fix I want.

It would be much better if we stamped this out now, before all online services require attestation.

[–] Zak 13 points 2 days ago

Agreed. Microsoft proposed something along those lines under the name "Palladium" a couple decades ago and was widely criticized, even in the mainstream press. Apple and Google doing the same thing to our phones barely got a whimper.

[–] [email protected] 26 points 2 days ago

I don’t have a problem with boot loaders doing cryptographic checks in general, as long as the ultimate decision lies with the device owner.

[–] Cocodapuf 6 points 2 days ago* (last edited 2 days ago) (2 children)

How do you feel about locked bootloader's on game consoles?

I figure this is one of those edge cases people might fall on either side of. But consoles are also a really large segment of the tech market, so it's worth thinking about.

[–] [email protected] 10 points 2 days ago (1 children)

I feel like consoles are targeted at a section of the population that doesn’t value freedom over how they use their hardware. Locked bootloaders on consoles are technically not good, but it’s almost like it’s part of what defines a game console. If it really valued the users freedom, it’d just be a PC. The steam deck and similar devices are changing that idea though.

[–] Cocodapuf 5 points 2 days ago* (last edited 2 days ago)

I feel like consoles are targeted at a section of the population that doesn’t value freedom over how they use their hardware.

Well I don't think I really believe that. Certainly, I don't think gamers care less about technical freedom than other groups, say for example users of iOS devices, or smart TVs, or routers, or car entertainment systems. Most of those are pretty locked down, but I don't think a lack of caring on the user's part has much to do with that.

but it’s almost like it’s part of what defines a game console.

I do think you're absolutely right about that. A console is supposed to be plug and play. You plug in a controller, and you can play your games. You shouldn't have to worry about drivers, software updates, system specs, whatever; the games just work.

(Admittedly, this has been shifting lately, with constant software updates and different editions of the same console. But I think the point still essentially holds true.)

But yeah, once you start opening up the platform, making it easy to tinker with, suddenly total compatibility can be harder to guarantee, much like it is with Android.

[–] [email protected] 11 points 2 days ago (1 children)

The PS3 used to have an unlocked bootloader with official Linux support. Sony removed it because of piracy. Of course, piracy is still possible, but as always, it's only an excuse to exert more control over customers.

[–] Cocodapuf 1 points 1 day ago

That's pretty cool though, I'm glad they at least experimented with it. I wonder if they just chickened out at some point or if they actually found a steep increase in piracy?

[–] [email protected] 106 points 3 days ago (1 children)

I enjoy your optimism Medhir, but it's more likely in the next five years that people start having their cars remotely bricked than it is any kind of right to root legislation takes off.

[–] [email protected] 38 points 3 days ago

That's already a thing, albeit for leases.

[–] just_another_person 58 points 3 days ago (2 children)

Locked bootloader for warranty coverage: totally fine

Refusal for owner to unlock and void warranty: not fine.

[–] Limonene 65 points 2 days ago (1 children)

I must disagree. For example, the Magnuson–Moss Warranty Act entitles you to use aftermarket parts in your product without invalidating your warranty, as long as the aftermarket parts don't cause damage. I agree with the spirit of this law, and I believe software should be considered a "part" in this context.

[–] [email protected] -3 points 2 days ago* (last edited 2 days ago) (2 children)

This is my first time reading about this. I'm very curious to hear a lawyer's thoughts on this.

If you change the bootloader to some other software, how could the company be expected to provide support for something they may have no knowledge of? Suppose I develop some theoretical SnowsuitOS and then complain to Samsung support when it doesnt run on my smartphone? It seems very likely that some conflict in my code could be causing problems, as opposed to an issue with my hardware.

I feel like to require this, you'd have to prove that the software is functionally equivalent to their software, right? (Side note, isn't this problem undecidable? Program equivalence?)

If you replace a wheel on a tractor you can pretty easily define what it should and should not do. Determining equivalence seems simpler with a physical situation. On the other hand, I'm pretty sure program equivalence is not a solved problem.

My point here is that I don't think it's reasonable to legally require a software company to offer support without limits, because they cannot be sure that there is not an issue with the (unsupported) software you are using.

[–] [email protected] 12 points 2 days ago

Nobody is asking 'software' companies to support software they didn't write.

We are asking hardware companies to support their hardware and not use different software as an excuse not to replace faulty hardware.

They can reflash their own software to test if needed.

Of course hardware vendors could be legally mandated to adhere to standards to make things easier.

[–] [email protected] 13 points 2 days ago

If you change the bootloader to some other software, how could the software company be expected to provide support for something they may have no knowledge of?

like xiaomi did, in the past at least. if you can reinstall the official software, you can receive service under warranty

My point here is that I don't think it's reasonable to legally require a software company to

phone manufacturers are hardware companies first and foremost

[–] Zak 14 points 2 days ago* (last edited 2 days ago) (1 children)

In most situations, even that is giving too much power to the manufacturer. It's fair for them to flash the original software as part of any diagnostic or service process, but not fair to refuse to repair or replace a product that actually has a hardware defect just because the owner put different software on it.

[–] [email protected] 5 points 2 days ago (2 children)

It's fair for them to flash the original software as part of any diagnostic or service process

only fair if it does not come with any data loss. so basically not actually fair

[–] [email protected] 6 points 2 days ago

Backups are, first and foremost, your responsibility. It's unfortunately not realistic to expect someone to diagnose whether an issue is software-related or a hardware failure on any obscure DIY OS you might have installed. But as long as it's possible to flash back the original firmware, warranty should still apply

[–] just_another_person 3 points 2 days ago (1 children)

Software can easily harm the actual device, so locking it to prevent that from happening in a warranty situation doesn't seem super off-base to me.

[–] Zak 3 points 2 days ago

So can installing a faulty third-party cooling fan, but in the USA, the law requires the warranty provider to prove the fault was caused by improper maintenance or defects in third-party components.

[–] [email protected] 14 points 3 days ago (1 children)

The example picture at the top of the article is weird.

The window title reads "nano" but the software running in the window is Pico, Nano's now deprecated (and strangely-licenced) spiritual parent. Or it's Nano hacked to have a Pico header which, while somewhat fitting with the theme, that would be even more weird.

[–] homesweethomeMrL 6 points 2 days ago

*sigh*. What now, Columbo? Y’know I’ve tried to be very helpful you know, with all of your questions, but now it’s becoming very annoying! I’m very busy you know with all my, uh, hacking, as you can plainly see!

[+] [email protected] -46 points 2 days ago (5 children)

The purpose of a locked boot system is privacy. A MacBook is a less secure device, and one that's been rooted and had linux installed is basically open season for any attacker. An iPad trades off the ability to put some other OS, for fairly close to total security. State-level enemies can torture you or run expensive intrusion software… and Apple improves the defenses against the latter every time. Now it reboots if it hasn't been used in a while, say sitting in an evidence locker.

Boot loader aside, you can write code on an iPad.

There are plenty of code editors, interpreters, and several of them have compilers. The premiere one is Pythonista, but I'm also fond of LispPad (R7RS Scheme). There are a few "linux in a box" things like ish, which give a full shell in a sandbox where it's safe.

I wasn't able to find any pico or nano apps, but there are several Vims and emacsen.

[–] rowinxavier 31 points 2 days ago (2 children)

This is simply incorrect. Implementing a lock on a bootloader is not dissimilar to a lock on your house. A person breaking in doesn't care that they are breaking the law, they just need to find the how of breaking in. If I as a consumer want to enter my house or give a copy of my key to someone else as a backup I should be able to do so. If I want to leave my door unlocked I should have that right however foolhardy it is. And when it comes to locking the bootloader of a computer most people won't notice it in general use but that isn't the point. It is about the edge cases, the end of life for the device, the lack of security updates.

[–] [email protected] 11 points 2 days ago

To expand on this analogy: Your (mobile) computer is your property, you shouldn't be treated as if it was only a flat for rent.

[–] [email protected] 0 points 2 days ago (1 children)

The locked bootloader is having a lock at all. Without that, anyone can enter at any time.

In reality, home door locks are merely suggestions, they're trivially picked or broken open, windows can be entered through. But if you DID have a secure building, you wouldn't want any of the security systems to be replaced.

You get full access to operate in a secure building once you've used the key/biometrics/passwords/interrogation. You don't have access to replace the locks with tinkertoy homebrew shit, because we know that's not as competent.

[–] rowinxavier 3 points 1 day ago

I disagree. The current setup is like having the real estate have a key and you have a swipe card. The swipe card let's you into parts of the house but you don't have access to the basement or electrical box. If you wanted access to those you could ask but the real estate basically says no unless they really messed up, and even then they send a tradesperson to do the work and give them the key. If that tradespersons loses the key or gives it to someone else the real estate shrugs and says "What do you want us to do about it? Security is hard."

They also have a contract for all the furniture, most of which is bolted down, so you can't even rearrange your house, let alone install a hand rail in the bathroom for your disabled brother who needs support getting in and out. You also can't install anything on the walls like a TV or a picture frame, and attempting to do so would lead to the possibility of piercing a pipe or cutting a wire in the wall because you don't have schematics.

You can't put a different OS on, you can't modify the one you have, and breaking any of the protections on software is a violation of the DMCA, so you are a renter. You rent the device, they control the features, they decide what parts are available to the public (usually none), they decide when it will be end of life, and they make it very technically difficult to repair anything by using parts pairing. If they sold the device as a subscription with hardware upgrades included, repairs included, ongoing support included, then maybe locking it down would be OK, but otherwise no, it is unreasonable and I don't think we really own our devices in a meaningful sense.

[–] [email protected] 22 points 2 days ago

This opinion is so backwards, it's actually impressive.

The purpose of a locked boot system is to control what the device does as much as possible, which intentionally, or incidentally (it makes no difference) means the manufacturer and only the manufacturer gets to decide how much privacy they get to invade.

Get real.

[–] [email protected] 14 points 2 days ago

How is it privacy if it locks you into using an OS that reports on you?

[–] [email protected] 8 points 2 days ago

The purpose of a locked boot system is privacy.

No its not

A MacBook is a less secure device, and one that's been rooted and had linux installed is basically open season for any attacker.

Its less secure cos u have the freedom to run the software u want. Trading liberty for security is tyranny.

An iPad trades off the ability to put some other OS, for fairly close to total security. State-level enemies can torture you or run expensive intrusion software… and Apple improves the defenses against the latter every time.

They can torture ur password out of u regardless of what software ur running. Almost all apple devices are vulnerable to state actor hacks. The only operating system that has security that is outpacing the general police level device access tools in grapheneos.

Now it reboots if it hasn't been used in a while, say sitting in an evidence locker.

Grapheme os implemented that 2 years ago. Apple is 2 years behind the known security issues. Grapheme is a custom operating system.

Boot loader aside, you can write code on an iPad.

If u ignore all the killing torture and general awful behaviour of the Nazis they where very industriouse. If u ignore the bad parts u can make anything a positive.

There are plenty of code editors, interpreters, and several of them have compilers. The premiere one is Pythonista, but I'm also fond of LispPad (R7RS Scheme). There are a few "linux in a box" things like ish, which give a full shell in a sandbox where it's safe.

I want to do X. Sorry u can't do X but u can do Y

I want to do X not Y.

Also I get that ur part of the apple cult but if u never try something else you will forever be living trapped inside a metaphorical box unaware of what ur missing. Plato's cave etc etc.

[–] [email protected] 5 points 2 days ago (1 children)

The purpose of a locked boot system is privacy.

No. Once you strip away all the rhetoric, the purpose of a locked boot system is control (over who or what can boot the system).

Current secure boot implementations are like a door lock installed by someone else, which you are not allowed to replace and that may or may not allow you to cut your own duplicate keys for it. You have no control whatsoever over who the people who installed the lock may have given keys to, and if it turns out that the lock has a fundamental design flaw that means it can't do its job properly, well, sucks to be you. You can't even guarantee that the lock won't morph into a new shape randomly or under the control of the installer, invalidating your existing keys in the process.

Rooting a device is a tradeoff. An unreliable door lock that you don't entirely control may be better than none, but if you know you're leaving the door unlocked, you also know you need to take other precautions to safeguard what's inside (or simply not leave anything of value there in the first place).

The ideal would be a locked boot system that is installed by the user and is fully under their control, but I have yet to encounter one.

[–] [email protected] 2 points 1 day ago

The ideal would be a locked boot system that is installed by the user and is fully under their control, but I have yet to encounter one.

https://libreboot.org/docs/linux/grub_hardening.html

Technology

Our Rules

Approved Bots