[jmclnx]

>In 2012, an industry-wide coalition of hardware and software makers adopted Secure Boot to protect against a long-looming security threat

This joke never gets stale, wait it is not a joke ?

I still believe the only reason for this to exist is to eventually turn general computing devices into a locked down Cell Phone Spying Device.

[hex4def6]

This has been my theory since Windows 11 required TPM. It's not to protect the consumer, it's to protect the IP-holder.

The PC is the lone outlier in the locked-down, walled-garden world of consoles, cell phones, tablets, smart TVs, EVs, etc. I think there's a concerted effort to change that.

[jandrese]

Absolutely. Look at all of the changes to the media stack Microsoft made for Vista and none of them are to directly benefit the person who bought the OS license. If you have ever wondered how a 486 could play MP3s and still run X but your modern laptop gets hot and spins the fan when you are playing those same MP3s it is because the media companies demanded it.

[tedunangst]

If they're literally the same MP3s, it's because modern software sucks. You can still play them with mpg123 with an immeasurably low cpu load.

[leeter]

The pedant in me wants to point out that most 486s couldn't play MP3s (they just don't have the horsepower, an AM-586 or a DX4 maybe) and you'd need a Pentium. /pedant

OK now to my real point. Vista is actually a really good call out of MS being inconsistent about this. The major changes in Vista (Moving graphics drivers largely out of the kernel, simplifying what sound drivers could do) were all predicated on the fact that hardware vendors are notoriously bad at software. This cannot be understated just how bad they are, NTKernel was originally intended such that vendors would make their own HAL.. one tried and it was so bad MS just NOPE.jpg'd that and did it themselves. So for MS to double down on a system that relies on the same known to be horrible at software vendors is just hilarious to me.

[Scoundreller]

A 486 DX4-100 could play mp3s in stereo (or in mono at 66mhz), but do absolutely nothing else at the same time. I used a DOS mp3 player (mpxplay) and it could be done.

Docs suggest stereo is possible at DX2-80mhz if you disabled screen output and heavy mp3 file pre-buffering.

Top level comment here claims the issue was the on-screen animations and they were able to build a highly optimized mp3 player on a 286 (dunno through what speaker): https://m.youtube.com/watch?v=b0zZpzxHSeM

Even on a later pentium, I had to minimize throttle priority on my web browser because smooth scrolling requires a ton of juice. Still does to this day looking at power consumption on an iPhone.

[leeter]

> Even on a later pentium

MMX helped a lot here, I remember my Pentium MMX 233 had no trouble playing games and playing music. To give you an idea of how crapy that machine was otherwise... it was a Packard Bell with an onboard ATI chip that barely qualified for 3D acceleration. The Pentium 166 (non-MMX) we had would chug on things that the MMX just didn't care about.

> I had to minimize throttle priority on my web browser because smooth scrolling requires a ton of juice. Still does to this day looking at power consumption on an iPhone.

This still to this day amuses me. Metal and DX12 both have calls designed to support this natively on the GPU by allowing the application to shift the rendered area of a very specific box (without rerendering the entire screen) and then render behind in the blank. As far as I know only Safari on iOS does this even close to properly and even then it has other iOS Safari related quirks around that that Apple refuses to fix.

[stonogo]

Indeed, I share this outlook, as do others: https://boingboing.net/2012/01/10/lockdown.html

[kps]

Better late than never. “The actual user of the PC — someone who can do anything they want — is the enemy.” (Intel, 1999)¹

¹ https://www.zdnet.com/article/the-biggest-security-threat-yo...

[out-of-ideas]

fear and planned obsolescence; "all these old things are bad... never mind it's only a day old. throw it away already, and buy the new one. no discounts!"

[NekkoDroid]

Secure Boot itself is fine, the problem is shipping ANY keys by default. I use Secure Boot myself with my own signed keys on my laptop and its nice knowning it can only run what I allow it to run (password protected UEFI ensures only EFI binaries or kernels I signed get booted and that ensure it mounts my encrypted partitions).

The problem is when these other keys are pre-shipped they invalidate the entire "ensures only [...] kernels I signed" part. And just removing the pre-shipped keys can cause other problems: https://github.com/Foxboron/sbctl/wiki/FAQ#option-rom

[tedunangst]

It's only a F12, tab, enter, down, tab, enter away to disable if you really don't like it that much.

[jmclnx]

Yes right now, what about 5 to 10 years from now ?

Or maybe for that option in the future, the device will cost thousands of USD more.

Or you need a special professional license to get a non-locked down device, and the license will cost more than a house in a rich suburb.

[tedunangst]

People have been asking "what about five years from now" for twenty years, so extrapolating from the current rate of change, I'd say things will be fine.

[josephcsible]

You can disable Secure Boot on x86 PCs, but nowhere else.

[tedunangst]

So how do people install openbsd on the thinkpad x13s?

[josephcsible]

Here's an article about the rule being made in the first place (IIRC, the rule got made at the same time Windows on ARM was itself first given to manufacturers): https://softwarefreedom.org/blog/2012/jan/12/microsoft-confi...

I'm not sure how it's working on those laptops, but I'd imagine the choices are either that Lenovo got given an exception, the rule as a whole got changed, or that Microsoft just hasn't noticed or is intentionally looking the other way.