this post was submitted on 30 Jul 2023
838 points (96.8% liked)
linuxmemes
21272 readers
410 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack members of the community for any reason.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
- These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudo
in Windows.
- No porn. Even if you watch it on a Linux machine.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
Please report posts and comments that break these rules!
founded 1 year ago
MODERATORS
Not if the server requires the digital signature of a challenge to be produced by a key whose certificate is signed by a "trusted" third party, said third party only providing that key at runtime, if your browser can also provide the same kind of authorization from the OS, itself being only able to produce it if it can safely determine that it's running on completely locked-down hardware AND having online-activated DRM tells him he can provide such key; the hardware itself requiring constant online connexion to ensure it's "authorized", and including yet another layer of keys in hardware.
There's been progress toward this kind of things. At every step, people warning about the risks are seen as lunatics. SecureBoot preventing booting a custom kernel? No problem, microsoft will sign your keys. TPM not delivering keys to non-trusted kernels? No problem, just don't use it (and don't get the keys, obviously). UEFI requiring digital signature to be flashed? It's for your safety, but we won't give you the keys or it would defeat the purpose. Embedded CPU inside your CPU running opaque code on every operation you do? Trust me bro, there's no problem here.
Sure, opensource (or even just open at this point) alternative will most likely remain available as a niche, but once all major services that people want requires such a chain of control, the vast majority of people will gladly flock to locked-down system. Heck, it's already happening. Nowadays I can't even log into my bank website without a trusted iOS or Android device. The "free, open" alternative will be rare, expensive, and only work for people that cares. Which is not too much sadly.