Comment by tavavex
1 month ago
People always say things like these, and I wish it were that way too. Maybe if history had gone a little differently.
But what's the point of defining these standards now? Is the world where this is the reality still feasible? It seems nearly impossible, unless you're an extremely wealthy and influential individual. What I'm seeing is that we never will move to a world where a device that you bought is truly "yours" anymore. Instead, we'll be renting one of the approved devices, ran by one of the tech megacorporations and overseen by your government. They will give no real way to execute any random code that you want, unless you're also licensed and vetted as a developer. They will be tightly surveilled, all information will be saved, every interaction between these devices will be controlled for the sake of security. It will be an entire web of trust, defined by the powers that be. We're seeing early attempts at it now, but we still haven't hit full centralization. But once we do, what happens then?
I said it elsewhere in the thread, but the current model is already falling apart: it has led to random IoT devices becoming parts of widespread botnets, affecting Internet functioning, and putting unwitting consumers at risk.
Fixing that problem might turn out to be cheaper for competitors by making their platforms more open and avoiding the full responsibility as a vendor.
Basically, combine current and future legislation about electronic waste, cybersecurity of IoT and connected devices, and the carve-outs for free software and open source platforms, and suddenly it becomes much cheaper to ship a product that will run for 20 years (say a washing machine) if you as a vendor can guarantee some of this for the warranty period (1-5 years), and open up the platform to consumers and shift the responsibility at that point. Also imagine the case of a vendor going under which needs to be covered too (this would make subscriptions infeasible too).
If legislation demands this (imagine no insecure devices for 20 years), markets will do the rest.
> I said it elsewhere in the thread, but the current model is already falling apart: it has led to random IoT devices becoming parts of widespread botnets, affecting Internet functioning, and putting unwitting consumers at risk.
But isn't this also exactly how the pitch will sound for what I proposed? You know, "The internet is too important and random people are allowed to upload and run random dangerous code within it with no oversight, this has to be stopped." The manufacturers will never bear the consequences of their choices, the consumers will. There might be a push to make the internet watertight by requiring all major websites and services to only allow access to "secure" devices and block all other traffic. After all, why spend money on cybersecurity when everyone can only use the (important parts of the) internet with their real names, and developers are de-anonymized?
Will this actually improve security? It seems very unlikely. But despite it, this move seems like exactly the kind of thing that's coming, because it massively benefits both companies and governments.
You are right, which is why I stress the time component and e-waste concerns. If combined they end up meaning that a vendor ships you a device and they need to take it back for recycling in 2-7 years when they stop providing security updates, market will force a change.
At the moment, laws are disjoint even in EU, and not strict about what happens when you stop fixing security bugs.
I mean, maybe, but I think what you're describing is a view so bleak and fatalistic that it amounts to saying the world may as well self-destruct because there's nothing we can do about it.
Ubuntu for android?
How's Ubuntu (or hell, any Linux distro) for mobile going to change what I outlined? It's not going to matter what OS you're running once all the important websites and services you use every day (up to and including government services) start requiring some form of attestation or other layers of security that will no doubt only be provided by a few locked-down vendors. Once that happens, your Ubuntu Touch phone will be about as useful as a Nokia 3310, at least online. After all, it's <0.01% of the market and open (therefore dangerous), Google or Microsoft or Apple aren't going to sign off on that. A natural consequence of that will be that "unsecured" devices will be stamped out, perhaps not by force, but just economically. That's the day when what I described will just become mundane reality.
When that happens we'll abandon the web as you described it and build a new one that better resists the cancer. Honestly there are a lot of bad decisions baked into out default stack that it's gonna be refreshing to be rid of. Not just malware and corporate overreach, but 1980s thinking that seemed fine at the time and turned out to not be.
So to answer your question: Ubuntu will let you access the next web, and Android probably won't.
4 replies →