Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
da_chicken 4 hours ago

Yeah, let's ask the Debian team about installing packages from third party repos.

I'm not on the side of locking people out, but this is a poor argument.

cookiengineer 4 hours ago | parent [-]

> Yeah, let's ask the Debian team about installing packages from third party repos.

Debian already is sideloaded on the graciousness of Microsoft's UEFI bootloader keys. Without that key, you could not install anything else than MS Windows.

Hence you don't realize how good of an argument it is, because you even bamboozled yourself without realizing it.

It gets a worse argument if we want to discuss Qubes and other distributions that are actually focused on security, e.g. via firejail, hardened kernels or user namespaces to sandbox apps.

Ms-J 2 hours ago | parent [-]

"Debian already is sideloaded on the graciousness of Microsoft's UEFI bootloader keys. Without that key, you could not install anything else than MS Windows."

This is only true if you use Secure boot. It is already not needed and insecure so should be turned off. Then any OS can be installed.

cookiengineer 12 minutes ago | parent | next [-]

Now tell me how

Turning off UEFI secure boot on a PC to install another "unsecure distribution"

vs.

Unlocking fastboot bootloader on Android to install another "unsecure ROM"

... is not the exact same language, which isn"t really about security but about absolute control of the device.

The parallels are astounding, given that Microsoft's signing process of binaries also meanwhile depends on WHQL and the Microsoft Store. Unsigned binaries can't be installed unless you "disable security features".

My point is that it has absolutely nothing to do with actual security improvements.

Google could've invested that money instead into building an EDR and called it Android Defender or something. Everyone worried about security would've installed that Antivirus. And on top of it, all the fake Anti Viruses in the Google Play Store (that haven't been removed by Google btw) would have no scamming business model anymore either.

Lammy an hour ago | parent | prev | next [-]

I agree with you and run with it disabled myself, but some anti-cheat software will block you if you do this. Battlefield 6 and Valorant both require it.

HumanOstrich an hour ago | parent | prev [-]

While it's possible to install and use Windows 11 without Secure Boot enabled, it is not a supported configuration by Microsoft and doesn't meet the minimum system requirements. Thus it could negatively affect the ability to get updates and support.

> It is already not needed and insecure so should be turned off.

You know what's even less secure? Having it off.

Lammy an hour ago | parent [-]

The name “Secure Boot” is such an effective way for them to guide well-meaning but naïve people's thought process to their desired outcome. Microsoft's idea of Security is security from me, not security for me. They use this overloaded language because it's so hard to argue against. It's a thought-terminating cliché.

Oh, you don't use <thing literally named ‘Secure [Verb]’>?? You must not care about being secure, huh???

Dear Microsoft: fuck off; I refuse to seek your permission-via-signing-key to run my own software on my own computer.

Ms-J an hour ago | parent [-]

Agreed.

Also Secure boot is vulnerable to many types of exploits. Having it enabled can be a danger in its self as it can be used to infect the OS that relies on it.