There is a unique branch of mathematics known as boolean algebra.
A boolean is either a 1 or a 0, true or false.
Boolean functions include AND, OR, and NOT.
Some have combined these functions into others, such as NAND, NOR, XOR, and XNOR.
It’s actually quite an interesting idea, but wasn’t thought about much…
…until humans invented devices that can function as logic gates for these functions.
That’s right. They combined electrical components to make logic gates. These logic gates can be combined to make a machine that can do stuff.
General-purpose computers are just fancy calculators
This eventually led to the integrated circuits of today.
The reason I bring this up is that there is a push by technology companies to make it so we can’t run software on our own general purpose computing devices, unless that software is approved by them. This is gatekeeping the functionality of a machine that would otherwise do it’s job.
The fact that embedded devices that are designed to do a specific task and nothing else (e.g. a game console) already exist, doesn’t change the fact of the matter that these are a different class of devices.
First, you got the single-purpose device class. Devices that do one thing, and do it well.
Then you got general-purpose devices. Devices that are specifically designed to do anything that a user programs it to do.
The problem is that these tech companies (and even some governments) want to prevent general purpose devices from being programmed in an ‘unauthorised’ manner.
My question is this:
Authorised by who?
Who owns the device?
If I had to choose between an iPhone (cost over 2 grand), and a game console (cost 800 bucks), neither of which allow for unsigned code execution, I’d get the cheaper option that actually has some good games on it.
If I pay for it, knowing it’s a general purpose device, I should be able to install whatever the fuck I want to install, run whatever I want to run, and destroy it if I ever want to.
If my choice is between a crap device that’s locked down, and a more expensive higher-end locked down device that can’t do any more than the crap one, I’d get the cheaper one.
This is compounded by another fact: Modern web browsers are designed to run arbitrary code on the website they’re browsing using Javascript and Web Assembly. Websites can do some rather interesting stuff with this, including running an entire x86 virtual machine inside the web browser. In addition, many modern websites will cease to function without the ability to run unverified code.
I mean hell, someone recompiled Super Mario 64 to web assembly using Emscripten, so it can be played inside a web browser. If only someone could be bothered to do this with GIMP, I’m sure it would mane many people’s lives easier if someone did, especially for iOS/Android users.
Locking down a general-purpose computing device is not feasible if one can run an entire operating system inside it’s web browser now, is it?
Then there’s the other problem. Stupid governments thinking they can dictate how operating systems work, locking them down to ‘protect the children’ by requiring age verification to use them:
- How are you going to enforce this against older devices?
- How are you going to prevent people from compiling their own operating systems, like what you can do with Linux distros?
- How are you going to prevent people from using older operating systems, or smuggling alternative ones on SD cards?
- How is this going to effect system users that aren’t representive of an individual person, such as ‘Admin’, ‘root’, or ‘nobody’?
- What are you going to do about virtualisation and emulation?
- What are you going to do about offshore developers that don’t give a shit about your bullshit?
- How are you going to prevent people from building their own computes?
And let’s not get started with that ‘censoring the internet to protect the kids’ bullshit. This can easily result in access to life-saving resources being restricted from access to those who desperately need them. I can’t stress this enough, as someone who is in such marginalized circumstances (intersectionally, of course: trans and disabled).
Locking down devices will also make it much harder for people to learn how to develop software.
Another reason that companies use as an excuse to lock down their platforms is ‘security’, as if sandboxing and virtualization techniques didn’t solve that problem already.
Google cited fake banking apps as a reason to lock down Android, despite the fact that progressive web apps exist, essentially allowing anyone to fake a banking app? Someone should tell them about that.
Yes indeed, you can make a functional website that can seamlessly be installed as a full featured app, with many browser APIs providing many necessary app features too.
Web browsers have APIs for notifications, battey status, clipboard, file system, geolocation, device vibration, device sensors, MIDI devices, WebGL and WebGPU for 3d rendering and AI workloads, content security / DRM (if desired), WebRTC for real time audio/video communication, picture-in-picture, screen capture, and service workers (allows for offline web apps), just to name a few. These are more than enough for many apps, like social media apps, communication apps, streaming apps, navigation apps, text/image editors, and games. As such, for many apps, there is simply no real reason to publish to an app store anymore. Just maintain a generic web app, and one doesn’t need to compile for multiple platforms, or wait for any sort of attestation.
There are some experimental upcoming APIs for USB, Bluetooth, NFC, HID devices, idle detection, VR/AR/XR, payment, audio session, credential management, etc, that should allow for even more advanced web apps. A good list is available here.
The only thing this kind of device lock down will effect, are the apps that actually need to be natively run on the device, with platform-specific APIs. This includes accessibility utilities, automation apps, device assistants / smart home apps (at least until a WebAPI is made for this), media players, many games/emulators, VPNs, certain security apps, and other system-specific apps, like button remappers and widget apps.
Another thing this will effect, is offline app installation and offline app development. If there isn’t a workaround (e.g. Android’s ADB installation), this will prevent apps from being installed in mission-critical circumstances where the internet may not be available. E.g. deploying a Bluetooth communication app during an emergency, like a natural disaster, or a war zone.
Advice for politicians, and operating system developers:
If you cowards are concerned about children:
- Don’t touch the operating system.
- Only enforce age verification onto applicable app stores that provide 18+ content for purchase, like Steam or Google Play. All others should be considered unenforceable, due to alternative app sources, and the lack of verification that comes with that.
- Leave the rest of the responsibility to the parents and caregivers. Any failure of parents’ to screen for inappropriate content should be considered negligence at best (if unintentional), and abuse at worst (if intentional). There are plenty of parental control tools that may be deployed if needed for compliance (i.e. for prevention, or for resolving a parental negligence situation).
If you cowards are concerned about malware:
- Secure the system, and provide safe guards, like malware scanners, and additional user confirmation or a disclaimer for unverified app installation.
- DO NOT PREVENT THE INSTALLATION OF UNVERIFIED APPS. Provide a sandbox for them if necessary.
- Consider the possibility of progressive web apps masquerading themselves as app clones, before even thinking about malicious apps that masquerade as other apps, since web apps can bypass web filters as trivially as using another domain/subdomain/subdirectory. And again, provide realtime anti-malware scanning capability for detecting known malicious apps, and provide additional user confirmation or a disclaimer for unverified app installation.
Advice for centralised social media platforms, and porno sites:
- Bring your own age verification, or pay someone else to do it. Especially for social media sites, since they already have enough information to verify age of users in most cases. As for porno sites, this can be as simple as verifying age via a credit/debit card processor (they can verify age at the bank’s KYC level).
- Allow the option for a program, app store, or browser plugin to verify a users age if desired, but don’t use it as the only option, as while such a solution may be convenient, it will not be available in all circumstances.
- Do not blame the operating systems for your lack of oversight. Own it, and clean up your own mess.
Read the advice above, and don’t make any of our lives worse. Amateur computing will live on in the same way as amateur radio, just without the need for a radio license. Hardware will always be available, and hobbyists will always get their fix, especially as STEM education fields remain increasingly important as time goes on.
If you bastards kill the internet, we will make our own. This can be as simple as running Yggdrasil (or a future variant of Yggdrasil?) on all computers, as it can bridge multiple transports, including leased lines, WiFi mesh, local networks, enterprise networks, metropolitan area networks, satellite links, licensed/unlicensed radio links, and the many surviving parts of the Internet. I2P can be run on top of it if needed.