this post was submitted on 30 Jul 2023
843 points (96.8% liked)

linuxmemes

21378 readers
1189 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
  •  

    Please report posts and comments that break these rules!


    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't fork-bomb your computer.

    founded 1 year ago
    MODERATORS
     

    you are viewing a single comment's thread
    view the rest of the comments
    [–] cley_faye@lemmy.world 16 points 1 year ago

    Your open source browser can run a spoof of an “official” browser

    Not if the server requires the digital signature of a challenge to be produced by a key whose certificate is signed by a "trusted" third party, said third party only providing that key at runtime, if your browser can also provide the same kind of authorization from the OS, itself being only able to produce it if it can safely determine that it's running on completely locked-down hardware AND having online-activated DRM tells him he can provide such key; the hardware itself requiring constant online connexion to ensure it's "authorized", and including yet another layer of keys in hardware.

    There's been progress toward this kind of things. At every step, people warning about the risks are seen as lunatics. SecureBoot preventing booting a custom kernel? No problem, microsoft will sign your keys. TPM not delivering keys to non-trusted kernels? No problem, just don't use it (and don't get the keys, obviously). UEFI requiring digital signature to be flashed? It's for your safety, but we won't give you the keys or it would defeat the purpose. Embedded CPU inside your CPU running opaque code on every operation you do? Trust me bro, there's no problem here.

    Sure, opensource (or even just open at this point) alternative will most likely remain available as a niche, but once all major services that people want requires such a chain of control, the vast majority of people will gladly flock to locked-down system. Heck, it's already happening. Nowadays I can't even log into my bank website without a trusted iOS or Android device. The "free, open" alternative will be rare, expensive, and only work for people that cares. Which is not too much sadly.