The death of general-purpose computing is well underway.
Just imagine the world in a decade or two: it'll be one of mandatory secure boot, remote attestation, and centralized app store distribution. Regular people just installing software? That's unthinkable. It'll put themselves and others at risk. Even browser extensions will be tightly restricted. If you want to write software, you'll have to get a developer's license and accreditation from an industry-wide professional association, who can remove your accreditation (and ability to get a run-your-own-code certificate) for any reason. Sure, you can find some 2019 laptop and run Linux on it, but your ISP won't forward your packets if they're not signed by a trusted kernel. Good luck running some tin-pot mesh network in whatever tiny sliver of unlicensed spectrum remains.
Think this scenario is unlikely? I wouldn't be so sure. All the bits of technical infrastructure we need for this dystopia already exist in one form or another. There's also significant social and political pressure to rein in the internet --- pick your favorite pretext --- and it's inevitable that platform vendors will respond to this pressure. I've heard a disturbing amount of talk lately of the need for centralized control in order to combat "disinformation", for example. Already, we've lost an amazing amount of ground on software freedom relative to what we had ten or fifteen years ago. Most people already use a primary computer that they can neither control nor inspect --- and they like it.
Mark my words: in ten or twenty years, policymakers and very serious establishment types will regard letting regular people just make their own software and connecting it to the public internet as unnecessary, dangerous, and suggestive of some kind of moral fault. It's starting already.
We need to all fight against this future. Software is the medium of our age—restricting who can create it is not unlike restricting freedom of expression.
But, fighting optional code signing the wrong battle. As long as the requirement can be disabled, there's nothing wrong here. Safe, but optional defaults are a good, practical compromise.
What I do find disturbing is when people praise Apple's locked down iOS model, as a means of enforcing privacy standards on developers or some such. People have argued this point on Hacker News: https://news.ycombinator.com/item?id=19051678
> But, fighting optional code signing the wrong battle. As long as the requirement can be disabled, there's nothing wrong here. Safe, but optional defaults are a good, practical compromise.
I'm not convinced this is true. Over time, voluntary adoption of this will steadily increase. Then when it reaches a certain level of ubiquity, Apple can flip the switch to make it mandatory and since 99% of users won't have their day-to-day impacted the blowback will be tolerable to Apple.
This has to be fought now, while it still is optional. Otherwise we're already sunk.
But consider all the legitimate benefits of having these (optional) defaults. I can give a Mac to my grandmother and be reasonably confident she won't download a keylogger that steals her bank password or some such. Meanwhile, I can also give my coworker instructions for running the video downloader Applescript I made.
The problem with "slippery slope" arguments is that in many aspects of life, the optimal solution is a balance between two extremes. You can't reach that midpoint unless you're willing to venture down the slope partway.
Here's another way to prevent this eventuality—teach everyone how to disable these checks, when they have a legitimate reason to do so. I feel like I keep getting blowback for saying this, but I'm pretty frustrated at how strongly much of the Apple community advises against disabling Gatekeeper and SIP. If you want to theme your Mac's UI or modify UI sounds or some such, and you're savvy enough to boot into recovery mode, go ahead and turn SIP off, and don't feel like you're constantly putting your data at risk, because it's really not that big a deal.
You can disable secure boot on most modern machines, install Linux, create a cert and sign Grub or your EFI stub kernel, add that cert to your UEFI (delete the stock ones) and then you have a machine that can boot Linux and not Windows.
Of course the major distros like Ubuntu can boot with the default secure boot keys.
I have a feeling x86 manufactures would face considerable backlash if they tried to lock down SecureBoot in a manner where it's impossible to disable. (and yes, I do know there are some Microsoft devices that are already setup this way, but the majority of manufactures do allow control over SecureBoot). Then again we have Intel ME on all our machines and that's somehow still okay, so maybe you're right.
I have a feeling x86 manufactures would face considerable backlash if they tried to lock down SecureBoot in a manner where it's impossible to disable.
There was "considerable backlash", to say the least, to every little step along the way to the current, ridiculous reality you describe.
No one cared about our objections. The voices of those that care about free general purpose computing are not important to those who make the decisions.
Part of the point of the OP, as i understand it, is that theres also a cultural war going on, where if corporations end to get their way, by controlling/locking developers and users on their platforms, people will see this as normal.
This happened before with radio and TV signals. A great way to have peer to peer comunication, with local TV's and radios, ended up being regulated.. and in our culture, its normal to sit in front of a TV, and have a few monopolies to choose what we will watch.
And right now its unthinkable to revolt to those kinds of laws that forbid us to transmit content, as we accepted as normal (where's the cultural aspect of it, shaping our behaviour).
The same will happen to the next generations if we dont take a stand against this. Normal users wont understand the social, cultural and political implications of this. Companies like Apple defining what you can or cannot use, listen, see or install in your own device.
> A great way to have peer to peer communication, with local TV's and radios, ended up being regulated.. and in our culture, its normal to sit in front of a TV, and have a few monopolies to choose what we will watch.
I don't think this is comparable. Radio and OTA TV needs to be regulated by a central authority or it won't work for anyone beyond a certain level of technological penetration. There's a set amount of data that can fit in the amount of spectrum available, and a radio station is transmitted to everyone whether they request it or not.
You've always been free to create and distribute VHS and cassette tapes because those don't eat into the amount of spectrum available to everyone.
The point is not necessarily that secure boot will be enforced by the hardware, but that this creeping centralization of control will bleed into the network stack, which would leave you with a useless experience if you did opt out.
Yes, you could do that, but 99% of people are going to have no idea how to do that, or even why they should. As a result, the few companies that own the centralized platforms still get the authority to dictate how computing works, and to block you from distributing software that threatens their interests.
Just imagine the world in a decade or two: it'll be one of mandatory secure boot, remote attestation, and centralized app store distribution. Regular people just installing software? That's unthinkable. It'll put themselves and others at risk. Even browser extensions will be tightly restricted. If you want to write software, you'll have to get a developer's license and accreditation from an industry-wide professional association, who can remove your accreditation (and ability to get a run-your-own-code certificate) for any reason. Sure, you can find some 2019 laptop and run Linux on it, but your ISP won't forward your packets if they're not signed by a trusted kernel. Good luck running some tin-pot mesh network in whatever tiny sliver of unlicensed spectrum remains.
Think this scenario is unlikely? I wouldn't be so sure. All the bits of technical infrastructure we need for this dystopia already exist in one form or another. There's also significant social and political pressure to rein in the internet --- pick your favorite pretext --- and it's inevitable that platform vendors will respond to this pressure. I've heard a disturbing amount of talk lately of the need for centralized control in order to combat "disinformation", for example. Already, we've lost an amazing amount of ground on software freedom relative to what we had ten or fifteen years ago. Most people already use a primary computer that they can neither control nor inspect --- and they like it.
Mark my words: in ten or twenty years, policymakers and very serious establishment types will regard letting regular people just make their own software and connecting it to the public internet as unnecessary, dangerous, and suggestive of some kind of moral fault. It's starting already.