Comment by xwowsersx

This may sound silly but I think desktop linux "winning" is of the utmost importance right now. Free software is pretty much shut off from the appliance/mobile computing platforms but if a sizable portion of personal computers remain using free software it will be hard for the big corporations to fully close the web or make platform attestation truly required for everything.

Preserving such mindshare into the future might enable us to show people why they should care about free software and perhaps finally obviate how much malfeasance the perpetrators of closed platforms can do contrasted to the remaining open platforms on pcs (assuming people don't just completely abandon pcs...). This may also help push and convince law makers into legislating in favor of free software and open platforms.

Multiple devices is the answer. Otherwise you end up with people having their banking hacked because they installed a game mod.

> Should service providers be forced (e.g. by regulation) to support consumer hardware stacks they prefer not to?

Yes.

Well, sort of. They don't actually have to do anything. Nobody wants to force them to work for us, that's slavery.

Just don't get in our way when we start writing and using our own software. That's the "support" we want. Just stay out of our way. Leave us alone, without actively discriminating against us for it.

> Should service providers be forced (e.g. by regulation) to support consumer hardware stacks they prefer not to? By what mechanism do you propose we stop a bank from saying "we'll only support connections from iOS devices", if not the democratic market force of ensuring enough of their customers demand access from devices running free and open source software?

The same mechanism that stops a bank from saying, "sure you can withdraw more than $10,000 from your account and we won't ask any questions about what you plan to do with it" - explicit financial regulation with real penalties attached to it, that banks systematically adhere to. I'm not necessarily a fan of all legal regulations around banks or other financial product providers - this is a huge reason I'm interested in truly decentralized cryptocurrency systems - but given that the regulated fiat financial system does exist and is widely used, we might as well demand that these regulations include provisions that the bank has to let people running free smartphone OSs connect to their systems too.

> We need nerds who care about this to stop typing on hackernews and go start a phone hardware company.

We need nerds who care about this to stop complaining about minor things in existing GNU/Linux phones and other similar devices on the market and go buy them. These hardware companies have been there for years already.

It's hard to build a profitable and sustainable business only basing on the minority that doesn't mind it being "too thick", "too slow", "not high-res enough" or "unable to run modern PC games" (all of these are real things I heard from people here, no kidding). And I assure you that if you really care, you'll easily find a way to live with a (swappable) battery that lasts 20 hours.

> By what mechanism do you propose we stop a bank from saying "we'll only support connections from iOS devices", if not the democratic market force of ensuring enough of their customers demand access from devices running free and open source software?

Similar to all the accessibility requirements, of course. Do you think the society / government should force banks to provide services to blind or deaf people? Or should we just let the market decide?

I've done research on this, and have considered it but it's capital and time intensive even if I think it's viable.

There are two reasons I think it's viable now:

1. It's possible to wire an agentic system management service into the OS to handle a lot of the routine stuff, so non-technical users will be able to just talk to their computer and it'll be fine tuned to be good at fixing system issues, installing/removing software, managing windows, etc. I developed a scheduling inversion of control executor for enterprise agent control that I've looked into adapting for this use case.

2. The steam deck has proven a new model. Game friendly and a simplified UI is enough to carry Linux. New Arch rices like Omarchy are pushing the envelope of usability. I've been ricing desktops since enlightenment on slackware 96, so I'm pretty familiar with this world.

Regarding form factor, I'm not a huge fan of phones, too many tradeoffs. I think with strong AI voice systems, the optimal setup is buds + tablet. That's a better setup for mobile linux anyhow, and it makes the hardware almost a non-issue.

This is a valid take. I do not agree with it in general: if we look beside the consumer devices, FOSS software us everywhere. and powers almost everything consequential.

But the mobile phones specifically turned from phones into trusted terminal which institutions like banks and governments use to let users control large amounts of money and responsibility. And the first rule of a secure device is to be limited. In particular, the device should limit the ability of its owner to fake its identity, or do unauthorized things with networking, camera, etc.

This junction of a general portable computer and a secure terminal is very unfortunate, because it exerts a very real pressure on the general computing part. Malicious users exist, hence more and more locking, attestation, etc, so that the other side could trust the mobile phone as a secure terminal.

It would be great to have a mobile computer where you can run whatever you please, because it's nobody's business. And additionally there'd be a security attachment that runs software which is limited, vetted, signed, completely locked-up and tamper-proof on the hardware level (also open-source), which sides of the communication would trust. Think about a Yubikey, or a TPM, but larger and more capable. The cellular modem and a SIM card are other examples, even though they may be not as severely hardened. They are still quite severely limited, and this is good.

If I were to offer an open-source phone (and, frankly, any mobile phone), I would consider following this principle. Much like the cellular modem, it would carry a locked up and certified security block, which would not be user-alterable. It would be also quite limited, unable to snoop into the rest of the phone. The rest of the phone would be a general-purpose computer with few limitations. Anything that would want to run on it securely would connect to the unforgeable interface of the security module, and do encryption / decryption / signing / secure storage that other parties, local and remote, would be able to verify and thus trust.

One can dream.

> We need nerds who care about this to stop typing on hackernews and go start a phone hardware company. That's it.

We need nerds that are more politically conscious than that, and are not naive enough to believe they can solve political problems through creating companies and hardware.

Nerd have been at it since the OpenMoko days, the problem is that they don't understand what the general public cares about, thus all those efforts end up failing, as the few nerds that care about being customers all get a phone, and there isn't anyone left to keep the business going, buying new devices.

At this point there are only two things stopping me from using kde or gnome on my work box: Apple and my employer, and I could probably convince my employer. The hardware though is something I’m not willing to compromise on and Apple is in a tier above everyone else currently, so I’m stuck with subpar macOS, not planning upgrading to Tahoe for as long as possible.

Eh? Samsung still maintains a whole suite of independent alternative apps, providing things ranging from NFC payments to calendaring and contact management, that they stuff onto their phones in addition to the usual Google fare.

Until very recently, most/all of their phones had alternative Samsung-produced chipsets available in various markets (Exynos).

They've got their own app store as a built-in.

And they also maintain their own small-system operating system, with Tizen, in case it all goes to shit.

They've been working very hard on parallel development for quite a long time. They're probably better-prepared to jump ship than any other top-tier manufacturer of Android cell phones is.

Motorola Mobility? That was spun out of the stodgy-big batwing mothership in Chicago a long time ago -- and first purchased by Google, before being sold to Lenovo. Subsequent to Google's influence, whatever remains is ill-prepared to jump ship, but that was certainly a design intent. That behemoth is much more dug-in.

So the outlook is certainly gloomy, but it's not all darkness.

(In terms of things like banks only supporting one OS or another: Gosh. Prior to the entrenchment of the smart phone age, I never installed a company-specific consumer banking application on any computing devices at all. It was OK. I just used Sir Tim Berners-Lee's World Wide Web to do that stuff, sometimes with a side dose of SMS on my dumb-phone for active notifications.

And still today, I don't have banking apps for most of the companies that I do banking-stuff with -- and I get along fine with keeping track of the money I have, the money I owe, and the bills I need to pay.

Maybe the right answer here is to shore up the utility of the platform-independent WWW.)

> To me, this is... fine. Not ideal; but fine. We should fight like hell to score wins where we can, like in right to repair, parts availability, ensuring old devices are kept up to date for as long as possible (Apple is pretty good at this); but if I have to carry an old iPhone in my backpack to access my bank because they refuse to support my hypothetical GnuPhone 5, the world isn't going to end.

But even as you say, as you're using Arch as your desktop computer, things may be fine now, but they're only going to get worse.

Should we all have to carry two laptops because anything running a free software core is just utterly unusable due to remote attestation?

> We need nerds who care about this to stop typing on hackernews and go start a phone hardware company. That's it.

Didn't you just spend most of your comment talking about how the market forces don't care anyway? Would good is starting up a phone hardware company that will ultimately go bust due to total apathy of the general consumer?

Yep

"free and open web" isn't even used to be anymore, many are using bots and AI to make things worse and many people especially young people didn't even do "surfing" on the web anymore

like it or not but internet that need verification on personal level is the future, I don't agree with it either but if you see from the progress perspective its always been like that

Pointless. Silicon fabs currently cost billions of dollars. They are single points of failure. Even if the market starts trending towards openness, governments can just regulate a backdoor into these fabs. They have every incentive in the world to do it. Democratized access to cryptography is subversive.

We need some kind of 3D printer that can print computer chips. We need the ability to make our own hardware at home, just like we can make our own software at home. Democratized electronics fabrication. That's the only way we'll be saved.

> Corporations are free to impose requirements for access to their platforms.

To wit, hardware that I bought is not "their platform", but many corporations sure like to pretend it is.

It's already not illegal to reverse engineer hardware you have bought (for the purpose of maintaining it or compatibility), regardless of how much IP lawyers like to pretend otherwise. (And even if it were illegal, I would contend that reverse engineering is a fundamental right that laws cannot rob you of.)

When BlackRock has stake in 95% of fortune 500 companies, and we are forced to use software and services provided by them because no viable FOSS alternatives exist, it becomes, and already is, a big problem.

You have to own a phone to participate in society these days. I need one to even log onto my laptop for work. Eventually I'm sure some form of digital ID / biometric information will be required for verifying my online identity.

It's a slippery slope, and we're sliding into the abyss.

> Corporations are free to impose requirements for access to their platforms.

Yeah? They shouldn't be. Any attempt to deny us service on the basis of the software we use should be classified as discrimination. It should be a crime of the same caliber as racial discrimination.

This is indeed a way to cope. But why should we have to merely cope? Why do we accept the world getting objectively worse? The necessary technology is cheaper, better and more abundant than ever – so why are we letting a few megacorps and some power-hungry politicians decide how we use it?

> This looks like a loser's move, but if your bank has no other options except for mobile app, you can…

…switch banks.

> No one is going to walk away from money that can be made even if the market is smaller.

Unfortunately the tech industry has shown us that isn't true. For example, look at the iPhone mini - I forget the exact sales numbers others have cited, but it sold very well. There is clearly a solid market there, even if it is smaller. But Apple isn't willing to chase it, and nor are the various Android OEMs. The same may well prove true for open hardware.

> Yes, we're awkwardly cornered - hardware used to be open or easily reverse-engineered. Now it isn't.

When exactly was that? The 1980s?

Linux hardware support is better now than its ever been.

Are you able to source all (or even the majority) of goods and services that YOU use, within the crypto ecosystem? Are you getting paid directly in crypto (or if you offer goods/services, do you only accept crypto)? i.e. direct exchange of crypto for goods and services? If not, you are using an intermediary to convert crypto into fiat and vice-versa. Do you invest in ANY non-crypto assets? If not, you are relying on a financial intermediary. Do you practice true self-custody of your crypto? If not, you are relying on intermediaries.

For all the theory about the being financially independent of intermediaries, in practice it is nigh on impossible for most folks living in the real economy. Meaning that for most of them, even the crypto-knowledgeable, "embracing crypto" means a compromise with the "absurd" as you put it.

This, and especially when the intermediaries attempt to police what you can and can't purchase with your own money when you wish to purchase a fully legal good/service (see: Visa and Mastercard fiasco)

Nothing is stopping your crypto exchange from requiring remote attestation.

Nothing is stopping you from keeping fiat under your mattress.

This isn't really a crypto issue.

I agree. I really like Monero.

That’s the value proposition of banks actually. Unfortunately we have let them delegate responsibility for fraud.

People like you are arguing that one should give up on society because of society's flaws. I think your attitude is sad and poisonous.

We need societies, and we need to work to fix their flaws. Every person cannot be an island.

But they did, there's even people in this thread saying the FSF/GNU is too strict with their requirements and is akin to the "old man yelling at cloud".

What else are they supposed to do then? Start Luigi'ing people?

Checking what software a user is running can be done with open source software, but actually doing so takes away the user's right to run modified copies of software. The fact that it basically needs hardware-backed DRM also doesn't help.

> You can run it, I'm just under no obligation to let your machine send signals to my machine that my machine will respond to if you are running software I do not trust.

If some piece of software I'm running is the only reason for you to refuse the connection, then you should be obligated.

It's slightly similar to how protected class laws work. You can block me for no reason, but not that reason.

This is especially important when I just want to run my own OS and not have people go out of their way to deliberately break things because of that.

If the future hopes for openness in computing rely on ending capitalism, we're already toast. Nobody's going to be building the next generation of chip fabs without gargantuan amounts of funding.

> I'm just under no obligation

You should be.

Smartphones have cryptographic hardware that can provide proof that a device has not been "tampered with". This is called attestation. The hardware attests to the fact trust has been preserved since boot.

Your device will not attest to this if you install your own operating system, if you root your phone, if you do anything that they don't like, anything at all.

You install your bank's app and try to use it. The bank's servers ask for the attestation. You will not have one. They decide you cannot be trusted and deny you service.

Even if you can program your own keys into your device, nobody is gonna trust those keys. Why would your bank trust your own keys? They'll trust Google's keys, Apple's keys, the government's keys. You? You don't get to participate.

The corporations and governments want to own your computer. They demand cryptographic proof that your device is owned by them and that they have complete control. If you don't provide it, you're banned and ostracized from everything.

Remote attestation on Android is one of the primary examples. Banking apps and a bunch of other apps that will cut you off if you do something like root your phone.

> try solving human problems by dealing with human’s

Welp. I actually tried it. Here's my experience.

I contacted my banks and got in touch with their managers and devs. They do have APIs. I wanted to use those to create my own software with read only access to my account. I didn't even want to transfer money anywhere, just get my transactions for accounting purposes. I was using ledger at the time and was getting tired of manually inputting everything into the journal.

I eventually discovered I would need to incorporate and beg the central bank for permission to touch the financial system.

Open source people that want to stick to your grit… don’t work with banks that won’t let you use open source software

there is not a single bank in my area that would let me do that, unless it is by accident. so the choice you suggest is de facto not available.

> But seriously, use a local bank and try solving human problems by dealing with human’s. Quit trying to tech everything… if the open source community would get unified and actualize… thats a fuck ton of people!

Wise, and thus downvoted. Many FOSS enthusiasts are antisocial, sometimes even misanthropic, fragile snowflakes ("I should be able to run any software I like, on any device I like"), so any call for collective political action, that actually could achieve something more, is disregarded.

M-x dispute-charge

[dead]

I think it's fair to put it as a failure, as the overtone window moved so much it now sounds normal that regulation, liability or econ interfere with openness.

The very fact "right to repair" had to be coined, proclaimed and we're fighting for it is a regression from the early days when repairing a radio wouldn't be violating some clause.

Of course, the openness was more accidental or pragmatic than really intended, and we saw companies slowly put up the barriers as they found technical and legal ways to do it (like forbidding plugging third party phones to the network for instance). If it's a frontier, IMHO it would be more akin to the battlefields front lines than anything else.

Put another way, the battle has always been social and legal.

It has lost in it's goal of giving freedom to the end users which is the real goal.

John Deere has built a great tractor that the company itself prevents you from repairing without their involvement.

The only beneficiary of open source there is John Deere.

> Wanting openness in everyday tech isn't "absolutist" in itself. But the article's tone (and a lot of the FOSS movement's rhetoric) frames it as failure rather than frontier.

It is a failure. Things have been moving away from openness. A frontier would move toward it.

https://en.wikipedia.org/wiki/Openmoko

Google recently changed their security policy regarding Android, where there's now a 3-4 month delay between when OEMs get access to security patches and when they're posted to AOSP (it was previously 1 month). The patches are broadly distributed to OEMs, so there's no significant barrier to attackers and companies like NSO Group and Cellebrite obtaining them. GrapheneOS has access to the patches, but the embargoed nature means they're not able to publish the patch source code or any details about what vulnerabilities are being patched. This means that GrapheneOS users are forced to choose whether to opt into the closed source patches and get recent vulnerabilities patched, but lose out on having an open OS.

Read the article, it has examples.

Modern TVs are a simple one.

You can't control any of them fully. Most you can't root.

> it has a very non-open development model - development happens behind closed doors, no process to accept outside contributions, chuck a source code dump over the fence some time after each binary release.

Mostly agree re: your entire post, but, re: OSS above, does not matter, you don't owe an open development model to anyone.

"FOSS won so decisively on the supply side" because it's basically giving away something that would ordinarily cost money. Anyone can "win" by giving away something of value away for free; it's not a victory that's worth anything.

What those adopters are not doing is opening their own source code as FOSS or contributing back to FOSS. That means that there isn't a path to future success.

Yeah to be clear I’d never say it’s “easy” and ready for mass adoption. But I also had 0 issues getting bazzite going on my PC I built with an AMD 9800x3d/9070 working out the gate. I played expedition 33 the day I finished building! Kind of remarkable given the GPU was only a month or two old. What’s striking was that I never had to open a terminal window or install a single driver. Some of the distros are near-turnkey at this point.

Oh I definitely don’t have a choice at work unfortunately so I’m all too aware of this. I’m mostly just talking about personal computing. But point taking!