It is indeed a cool project, but this line really bothers me:
So when Apple decided to allow installing custom kernels on the Macs with M1 processor,
The fact that Apple allowed installing different kernels/OSes is wrong - it means that somehow they retained a right of what goes on your machine, and that they deigned to allow you to install something else. It’s also why I cannot support Apple hardware - they attempt to retain ownership of the hardware by hook and crook regardless who the legal owner is.
The fact that Apple allowed installing different kernels/OSes is wrong - it means that somehow they retained a right of what goes on your machine, and that they deigned to allow you to install something else.
I don’t really think that people who put the freedom of their computer environment as an important factor would use Apple hardware anyway.
This seems to show a fundamental misunderstanding of who and what these computers are made for. They’re for people that want or need to run off-the-shelf applications. The term “application” is important: the goal is to apply the computer’s capabilities to solve a problem, often a problem that exists independent of the computer. For example, last night I didn’t do a bunch of matrix math and make some HTTPS requests, I tuned up the colors in a few photos and shared them with friends and family. In this mode of thinking, the particular OS is just how the computer works.
At the same time, making the OS hard to change without Apple’s authorization is good, because they spend an incredible amount of money supporting the computers they sell. Making “exploit delivered by banner ad joined my machine to a botnet in a way I can’t recover from” less likely to happen is hugely valuable from both a support labor and PR perspective, and most users are going to be fine if validating what OSes get installed is done by a professional.
It sacrifices some of the romantic aspects of the computer being like a project car that you can drop new parts in or maybe LS swap it, but instead you get the experience of the reliable car that’s ready for both commuting and road trips, and you can take it to the shop when it makes a funny noise.
Fully agree on “make it harder to change OS”, but Apple also made it harder to make the OS.
You don’t have to sacrifice openness (including openness to the latter). Apple just did because of their secretive corporate culture, strong proprietary background and so on.
Chromebooks are also designed to let a basic end user accomplish the usual tasks without worrying about exploits. It is “hard” to enter developer mode – you have to assert your physical presence to the firmware (sit through a couple minutes of pressing the power button when asked) and let it wipe all data clean. But since the Chromium team has a very FOSS culture, what you get after that isn’t “iBoot can boot your custom binary but you have to reverse engineer how to build one, you’re on your own, we won’t even document our debug interface lol” – instead you get open source firmware (coreboot on CPU, open Chrome EC and Security Chip) and troves of documentation. There’s a schematic for building your own debug cable if you don’t want to buy a nice premade one. Your device is likely supported in upstream coreboot. What you get over the debug cable is standard CDC-ACM consoles (CPU, EC, SC – yes! you can talk to the root of trust, configure a password on it for example!) and an interface for flashrom. Etc.
In your analogy, a Chromebook would be a “reliable car” that comes with detailed technical manuals to turn it into a project car if you want.
To be fair, the Apple hardware’s closedness makes for very interesting reverse engineering blog posts and even livestreams :)
It is indeed a cool project, but this line really bothers me:
The fact that Apple allowed installing different kernels/OSes is wrong - it means that somehow they retained a right of what goes on your machine, and that they deigned to allow you to install something else. It’s also why I cannot support Apple hardware - they attempt to retain ownership of the hardware by hook and crook regardless who the legal owner is.
I don’t really think that people who put the freedom of their computer environment as an important factor would use Apple hardware anyway.
This seems to show a fundamental misunderstanding of who and what these computers are made for. They’re for people that want or need to run off-the-shelf applications. The term “application” is important: the goal is to apply the computer’s capabilities to solve a problem, often a problem that exists independent of the computer. For example, last night I didn’t do a bunch of matrix math and make some HTTPS requests, I tuned up the colors in a few photos and shared them with friends and family. In this mode of thinking, the particular OS is just how the computer works.
At the same time, making the OS hard to change without Apple’s authorization is good, because they spend an incredible amount of money supporting the computers they sell. Making “exploit delivered by banner ad joined my machine to a botnet in a way I can’t recover from” less likely to happen is hugely valuable from both a support labor and PR perspective, and most users are going to be fine if validating what OSes get installed is done by a professional.
It sacrifices some of the romantic aspects of the computer being like a project car that you can drop new parts in or maybe LS swap it, but instead you get the experience of the reliable car that’s ready for both commuting and road trips, and you can take it to the shop when it makes a funny noise.
Fully agree on “make it harder to change OS”, but Apple also made it harder to make the OS.
You don’t have to sacrifice openness (including openness to the latter). Apple just did because of their secretive corporate culture, strong proprietary background and so on.
Chromebooks are also designed to let a basic end user accomplish the usual tasks without worrying about exploits. It is “hard” to enter developer mode – you have to assert your physical presence to the firmware (sit through a couple minutes of pressing the power button when asked) and let it wipe all data clean. But since the Chromium team has a very FOSS culture, what you get after that isn’t “iBoot can boot your custom binary but you have to reverse engineer how to build one, you’re on your own, we won’t even document our debug interface lol” – instead you get open source firmware (coreboot on CPU, open Chrome EC and Security Chip) and troves of documentation. There’s a schematic for building your own debug cable if you don’t want to buy a nice premade one. Your device is likely supported in upstream coreboot. What you get over the debug cable is standard CDC-ACM consoles (CPU, EC, SC – yes! you can talk to the root of trust, configure a password on it for example!) and an interface for flashrom. Etc.
In your analogy, a Chromebook would be a “reliable car” that comes with detailed technical manuals to turn it into a project car if you want.
To be fair, the Apple hardware’s closedness makes for very interesting reverse engineering blog posts and even livestreams :)
So what? ARM chips are generally harder for third parties. Hardware is harder to have open than closed.