> What general purpose computers (even phones and tablets) do you see going this direction
Windows. Microsoft, as usual, is late to the party, but Win10 is clearly a step towards the walled garden model. It's not there yet, but stuff like their built in app store and removing choice form the user betray the direction MS intends to take Windows.
Intel CPUs. Why do you think there has been a push for SecureBoot and the new SGX instructions? Hardware support is needed if you want to change WinTel boxen form a General Purpose Computer into a locked down appliance. That hardware support now exists in Skylake and later Intel CPUs. Intel even says on their website that the SGX instructions are about creating "trusted" enclaves that software vendors can use that cannot be accessed by someone with physical hardware access.
> So when is this slippery slope going to start?
It started many years ago. Some of us have been warning about these problems for almost twenty years. When we warned that these technologies were coming, we were laughed at because the threat didn't exist yet. When implementations started to show up, we were ignored because nobody was using those tools yet to lock down systems. Now they are slowly starting to turn on, and you've been given yet another warning. Do you intend to wait until the OS is fully locked down? Or do you want to start to fight for your right to run a General Purpose Computer while you s till have the ability to do so?
Today there was even a thread on HN about homebrew having to work around OSX "System Integrity Protection". Sure, you can disable SIP by jumping through a few technical hoops most people won't understand. Are you going to fight back against this trend, or are you going to wait until you cannot disable SIP "for security reasons"?
Just because you've been ignoring these steps doesn't mean they are not happening.
> TPM
The TPM is only key storage and hashing to check the bootstrap chain-of-trust. The TPM never had any "locking" features. Why are you ignoring all the other hardware changes that have happened after the TPM? Active Management Technology (AMT), Software Guard Extensions (SGX), and UEFI SecureBoot have all happened after the TPM.
> And what about users who want a phone that is locked down for security purposes?
You know what would work a lot better? A hardware switch that had to be flipped to install (sudo) software, and had to be flipped back to boot as normal.
> Why shouldn't we be able to choose the phones we want
Of course you have that choice. That doesn't mean it's a smart choice. You're pushing the (incorrect) assumption that security is in conflict with the end user being able to control their own property. Locking your car door does not require giving up your ability to modify the car's engine. There are other ways to provide security. More importantly, the concept of freedom means that some people will do stupid things with that freedom, but we respect their right to make those mistakes. The answer to malware apps isn't removing everybody's right to use the products they buy as they like, but to educate users and write better UIs that help guide novices.
edit: (accidentally clicked submit before I was done)
Windows. Microsoft, as usual, is late to the party, but Win10 is clearly a step towards the walled garden model. It's not there yet, but stuff like their built in app store and removing choice form the user betray the direction MS intends to take Windows.
Intel CPUs. Why do you think there has been a push for SecureBoot and the new SGX instructions? Hardware support is needed if you want to change WinTel boxen form a General Purpose Computer into a locked down appliance. That hardware support now exists in Skylake and later Intel CPUs. Intel even says on their website that the SGX instructions are about creating "trusted" enclaves that software vendors can use that cannot be accessed by someone with physical hardware access.
> So when is this slippery slope going to start?
It started many years ago. Some of us have been warning about these problems for almost twenty years. When we warned that these technologies were coming, we were laughed at because the threat didn't exist yet. When implementations started to show up, we were ignored because nobody was using those tools yet to lock down systems. Now they are slowly starting to turn on, and you've been given yet another warning. Do you intend to wait until the OS is fully locked down? Or do you want to start to fight for your right to run a General Purpose Computer while you s till have the ability to do so?
Today there was even a thread on HN about homebrew having to work around OSX "System Integrity Protection". Sure, you can disable SIP by jumping through a few technical hoops most people won't understand. Are you going to fight back against this trend, or are you going to wait until you cannot disable SIP "for security reasons"?
Just because you've been ignoring these steps doesn't mean they are not happening.
> TPM
The TPM is only key storage and hashing to check the bootstrap chain-of-trust. The TPM never had any "locking" features. Why are you ignoring all the other hardware changes that have happened after the TPM? Active Management Technology (AMT), Software Guard Extensions (SGX), and UEFI SecureBoot have all happened after the TPM.
> And what about users who want a phone that is locked down for security purposes?
You know what would work a lot better? A hardware switch that had to be flipped to install (sudo) software, and had to be flipped back to boot as normal.
> Why shouldn't we be able to choose the phones we want
Of course you have that choice. That doesn't mean it's a smart choice. You're pushing the (incorrect) assumption that security is in conflict with the end user being able to control their own property. Locking your car door does not require giving up your ability to modify the car's engine. There are other ways to provide security. More importantly, the concept of freedom means that some people will do stupid things with that freedom, but we respect their right to make those mistakes. The answer to malware apps isn't removing everybody's right to use the products they buy as they like, but to educate users and write better UIs that help guide novices.
edit: (accidentally clicked submit before I was done)