This is often in the name of copyright protection and increasingly in recent years in the name of providing better security. ‘Better security’ of course begs the question, against what threat model? It’s better security against malicious 3rd parties but what if I’m worried about what the 1st parties are doing?
I’d like to add that FOSS generally has better, although sometimes imperfect (node-ipc malware for example), security against 3rd party malware as well. This is summed up pretty well with Linus’s law: “given enough eyeballs, all bugs are shallow”. If we’re going to have BCI in the future it’s crucial that it’s done securely, FOSS would definitely be an advantageous paradigm for that.
To clarify it’s the ability to lock you’re bootloader that I’m saying is better protection from 3rd parties not the propriety nature of many of the current locks. The HEADs tools for example which allows you to verify the integrity of your boot image in coreboot would be a FOSS alternative that provides analogous protection. Indeed it’s not real security if it’s not out there in the open for everyone to hammer with full knowledge of how it works and some nice big bug bounties (intentional or unintentional) on the other side to incentivise some scrutiny.
Interesting article.
I’d like to add that FOSS generally has better, although sometimes imperfect (node-ipc malware for example), security against 3rd party malware as well. This is summed up pretty well with Linus’s law: “given enough eyeballs, all bugs are shallow”. If we’re going to have BCI in the future it’s crucial that it’s done securely, FOSS would definitely be an advantageous paradigm for that.
To clarify it’s the ability to lock you’re bootloader that I’m saying is better protection from 3rd parties not the propriety nature of many of the current locks. The HEADs tools for example which allows you to verify the integrity of your boot image in coreboot would be a FOSS alternative that provides analogous protection. Indeed it’s not real security if it’s not out there in the open for everyone to hammer with full knowledge of how it works and some nice big bug bounties (intentional or unintentional) on the other side to incentivise some scrutiny.