Email or username:

Password:

Forgot your password?
Jess👾's posts Post Back to profile
Top-level
Rich Felker

@drazraeltod @JessTheUnstill More like including the keys in the box it's sold in.

7 April at 4:18 | Wall-to-wall | Open on hachyderm.io
12 comments
Haelwenn /элвэн/ :triskell:
@dalias @drazraeltod @JessTheUnstill Quite like how the good carriers give the PUK code with the sim card.
7 April at 4:28 | Open on queer.hacktivis.me
Jess👾

It's shitty, but I do get that some manufacturers sell the device itself at below cost because people have to pay for the online services. Game console manufacturers have done that for years. If they sold it easy to unlock, people would just buy the hardware, unlock it, and never pay for the service. Which is a shitty and scammy business model, but at least it does make sorta sense.

@dalias
@drazraeltod

7 April at 6:52 | Open on infosec.exchange
Kevin Karhan :verified:
Cegorach

@JessTheUnstill @dalias and it much more politics-compatible that way

you can sell it as "it's against cheap foreign vendors that don't supply updates" instead of "it's against you"

well known vendors will always claim that THEIR lock in isn't as bad, because they do $bullshit. So they have a way of keeping that claim.

7 April at 8:29 | Open on chaos.social
revolūcijas un iesnas

@JessTheUnstill @dalias @drazraeltod true, which is why requiring the unlock on EOL is a more "reasonable" demand (as in, will receive a less extreme lobbyist pushback).

The problem is when EOL of a device corresponds to EOL of the manufacturer. Can't really force a bankrupt entity that has long fired its engineers to unlock anything.

Perhaps the requirement should be to provide secret unlock instructions as a part of a device certification process. But then of course the repository of these secrets becomes a massive attack target.

Still, the amount of e-waste that could easily serve a new purpose if there was any documentation at all is infuriating.

🤔

@JessTheUnstill @dalias @drazraeltod true, which is why requiring the unlock on EOL is a more "reasonable" demand (as in, will receive a less extreme lobbyist pushback).

The problem is when EOL of a device corresponds to EOL of the manufacturer. Can't really force a bankrupt entity that has long fired its engineers to unlock anything.

7 April at 8:31 | Open on loud.computer
Jess👾

Most of the time, the update to unlock the firmware wouldn't be especially technically complicated. It just requires access to the source code, build pipeline, and signing keys. So even if it's not kept in a central repo, if codified in law that it is a priority liability against the company assets if they declare bankruptcy to provide access to that information and fund a consultant to compile the firmware update, it wouldn't take all that long per device to compete.

Think when a company that holds toxic waste goes under - there's still liability to remediate it that carries on to whomever buys up the assets, and beyond some point it becomes a Superfund site to remediate.

@virtulis
@dalias @drazraeltod

Most of the time, the update to unlock the firmware wouldn't be especially technically complicated. It just requires access to the source code, build pipeline, and signing keys. So even if it's not kept in a central repo, if codified in law that it is a priority liability against the company assets if they declare bankruptcy to provide access to that information and fund a consultant to compile the firmware update, it wouldn't take all that long per device to compete.

7 April at 18:12 | Open on infosec.exchange
Jerry Orr

@virtulis @JessTheUnstill @dalias @drazraeltod reminds me of how nuclear power plants are required to set aside funding for decommissioning the plant before they are allowed to build it. Obviously there are differences with the risk of software key leaks, but it’s a similar concept

9 April at 2:47 | Open on fosstodon.org
Kim
gadgetoid

@JessTheUnstill @dalias @drazraeltod that’s the line- but Nintendo apparently rarely sell at a loss and despite rampant, highly public piracy and the first gen Switch being pwned they are still gangbusters popular.

I’m convinced the “sold at a loss” is a convenient mistruth, perpetrated to help justify high prices, locked-down consoles and mediocre services. None *cough steam deck* of which are needed *cough cough PC* to shift videogames 😫

11 April at 6:01 | Open on fosstodon.org
Kevin Karhan :verified:

@dalias @drazraeltod @JessTheUnstill +9001%

If people are too afraid they could just put it in some sealed envelope on some scratch field and people who never want to mod their devices can just burn it.

Worse is only the purposeful #eWaste generation and literal #theft that #Apple does with #iCloud-Lock, and yet people still defend that shite!
youtube.com/watch?v=ZzS2vwDUO9

#Funfact: this can even be weaponized against unsuspecting users:
youtube.com/watch?v=ifOifNBgyR

Oh and they'll also remotely #brick peoples' devices deliberately after #EndOfLife / #EoL just to be real assholes...
youtube.com/watch?v=UxaCUugPoR

Sadly, these actions don't come up in the #EcoHipster-esque #Greenwashing-Brochures of Apple nor are they being accounted for...

@dalias @drazraeltod @JessTheUnstill +9001%

If people are too afraid they could just put it in some sealed envelope on some scratch field and people who never want to mod their devices can just burn it.

Worse is only the purposeful #eWaste generation and literal #theft that #Apple does with #iCloud-Lock, and yet people still defend that shite!
youtube.com/watch?v=ZzS2vwDUO9

7 April at 8:26 | Open on infosec.space
Go Up