Richard Bucker

The Devil You Know; a Case for ChromeOS

Posted at — Jul 29, 2022

The Problem

“we” the naive computing public whether we’re talking about smartphones, laptops, ChromeBooks, Servers, or toaster ovens are in serious trouble. All technology is dead only we have not realized it yet.

Background

First UEFI exploits from the factory is probably the single scariest thing I can think of. I remember my time at IBM when everything was disconnected. (see OS/2 development to manufacturing). And then I think about all the used hardware on ebay and any other place.

Second, So many startups will buy the bones from another startup and here you go. It’s always intentional but what are the chances that the used hardware you just bought was intercepted and infected?

There was that story that the CIA, FSB or China intercepted a computer and installed some malware before that computer got to the intended recipient.

The Complaint

Well, http/3 is certainly a solution without a problem. Someone has to explain why .5ms is something anyone actually cares about. Taking 3 transactions in the connection and running them concurrently is still n=3. This does not change the world. But what is a problem is the amount of sideloading. Nothing good comes from side loading. Nothing good comes from allowing a smartphone keyboard driver to have access to the internet. Why do we need complex GUI based firmware? Why should firmware be rewriteable at all? Why do ethernet ports need always on admin access.

Free software is not free. The amount of money that Candy Crush spends on development has to be astronomical, Roblox or Minecraft anyone. What do they get in return? Sure there are in-app purchases but is that enough? I have not seen any adverts, what else are they taking from me?

Low-code and No-code have a ton of code behind them. Maybe many millions of lines of code. In fact there is so much more code than if you would have just coded it yourself from scratch. Worse yet any intellectual property built on this structure will become sticky and you’ll never be able to move your project without starting over.

The Linux kernel has many many many millions of lines of code and it is impossible to understand it all and certainly impossible to review every line of code. I’ve worked on some pretty large projects and I know it’s impossible.

The Solution

We need hardware and software that people can reason about. Plain and simple.