There's nothing wrong with the appliance business model - embedded devices that use microcontrollers are Turing complete and yet no one complains about those. It's only when devices are marketed as general-purpose (i.e. smartphones, PCs) but are locked down to prevent running arbitrary user-loaded code that it becomes a problem.
I also mind when things like my tractor or my car are locked down to prevent my ability to use a 3rd party repair shop, repair it myself, or make changes so the item better suits me: The person who fucking owns that computer.
I think there's a very real risk that the concept of "ownership" is going to die if we continue in this fashion.
Do you own a thing if you're prohibited, intentionally - by the manufacturer - from making any changes? I'd say no.
Do you own a thing if it has to check in to an online service controlled by someone else before it works? I'd say no.
Instead you're just renting, and these companies are intentionally rent-seeking (in the worst possible way).
Add that on to the fact that almost everything is rent to buy with "incentives" shoved in your face for never actually finishing out the contract to own something, like your phone. I think ownership for everyone outside of some select few is in very real danger and I've thought so for some time.
I think as long as you're willing to give up your warranty on your tractor/car/whatever because you're hacking on it with 3rd party tools/firmware you should be able to do whatever you want with it. Just remember it's a two way street and everything has a price, you will have to give up something to get something.
I still like my car to have an immobilizer, and locks on the ignition and doors. There is certainly some level of access controls that most people definitely want.
That's not what people are taking about, though. Certainly people want security features that make it more difficult for someone else to steal their car. But those features should be under the control of the owner of the car, not the manufacturer.
It's really hard to do that and make the thing a consumer-friendly product. We've been trying to solve this problem for most of the history of computers, yet, attacking authentication (often indirectly) is still the #1 way that computers are compromised.
Most people simply are unable to properly handle private keys. All of the systems with the highest levels of consumer satisfaction have third parties that manage (or at least can override) keys on the user's behalf. Systems that do what you're suggesting are notoriously plagued with issues surrounding key management to the point where they never reach mainstream use. i.e. PGP, bitcoin, etc.
Those are still "yours" in a sense, so don't fall into the feature set the poster you are replying to is talking about. Though the immobilizer somewhat skirts the line. (Or at least from my personal view).
Think John Deere implementing software lockouts in the tractor ECU. That is nothing more than forcing their business model onto the end user through digital logic.
Those are the sorts of things that need to be legislated. You should not be able to lockout people from ECU for example, but the person would have to be willing that a compromised ECU can blow up/damage their engine and they will have to accept that the warranty is invalid the second they mess with the ECU programming.
That's no good because the car can malfunction for reasons other than damage caused by the ECU, and the warranty covers those reasons too. You shouldn't have to lose your warranty on part A because you modified unrelated part B.
They're just as much "mine" as an iPhone is. It is extremely common for digital authentication of physical keys to be protected by encryption or signing by the manufacturer.
Sure, but to be as blunt as possible - You don't own your iPhone. Full stop.
You are renting it from Apple. They control what you run, when you run it, what you can install, what you can remove.
By default, they're shipping you a device where you're literally not the root user. I can't possibly think of a clearer argument that you're renting, and entirely at the whim of Apple (which does have root access, and actually owns the device you happen to be using).
The issue to me is that ownership implies the right to modify and change a thing, especially in ways that the original manufacturer doesn't support or agree with.
If the manufacturer is still calling all the shots on your device, you don't own the device!
Sure. No matter what your definition of "own" is -- I am saying, my car is already the same thing.
The question is, do we have a good solution to enable the average user to own their device while also ensuring security and availability?
We have two options with cars, either intentionally implement a security hole, or let the manufacturer "own" it. Because the other option -- tell the customer they're SOL when they lose their private key, is not a solution that is practical (grandma will lose hers) or possibly even legal (manufacturers' obligation under lemon law).
This is a solved dilemma. Lets take the car - There's already a huge security hole: The car key.
That key disables all the security measures to stop the car from moving and lets the user drive it.
Why should the same key not also allow 3rd party parts to be installed, or disable any other security feature the user would like to disable?
The user has already been given a device the compromises the entire security system, why do you think they need to do anything as complex as store a private key (it's embedded in the physical key).
Same question for phones - The user's pin/password already removes essentially all functional security from the system. I'd add a requirement for a physical switch to be toggled in the case of the phone (a tiny toggle header, or a certain combination of presses on the available buttons should do just fine) to rule out network based access.
In general though, security measures added by the manufacturer always fail, because the user has to actually use the thing at some point.
So given we already have the hole, the only reasons I can come up with for continuing to forbid the owner of the device from actually owning it are
1. It adds cost to the product
2. It removes future revenue from the company (because that pesky owner might choose a cheaper repair shop if they actually own the device... however will the company maintain their monopoly on parts/service?!?!? Think of the children!)
So many people complained about not being able to run their on firmware on the TiVo that it caused the GPL to be updated to version 3.
While Turing machines are universal, there are practical limitations of the hardware. A tiny embedded microcontroller with kilobytes (or less) of memory is not an attractive target for customization or repurposing. Today it is probably easier/cheaper to simply buy a Rasberry PI or similar.
Also, some companies understand that they are in the business of selling hardware and don't particularly care what you do with it.
>> There's nothing wrong with the appliance business model
Do you mean that literally? There is daylight between "appliances shouldn't exist" and "there's nothing wrong with appliances." I mean, I agree that microcontrollers and smartphones/PCs are different. There's obviously something wrong if problems emerge at some point along a scale. There's no real defining line between GPCs and microcontrollers.
I also don't think it's a problems if someone somewhere has a locked down PC. It is a problem if most people do.
As far as I'm concerned, as soon as you've publically released an SDK and invited third parties to form businesses off of developing software for your device, you have no right to represent the device as an appliance. At that point it is obviously a general purpose computer.
I complain about my TV showing me ads. I complain about my car not resetting one annoying light when i change the oil. I complain about the proprietary connectors on my generic batteries that restrict me to one brand of power tools (that get's discontinued for new proprietary connectors every 2 years).
It's fine if you love exploitation capitalism. But don't go assuming crap about others.