Archive for the 'GNU/Linux' Category

05 MayTo Whom Is Free Software Relevant?

r0ml writes,

Availability of the source code is probably only relevant to computer programmers. After all, if you aren’t a programmer, what would you do with source code? In which case, a freely copyable binary would be equivalent to freely copyable source code. The ability to do something with the source code (i.e. to create a derivative work), is something only a programmer could do. Strikes me as the definition of a programmer. Yes, I know that benefits might accrue to the non-programmer indirectly, but conceding that there are no direct benefits to most people doesn’t seem like a great debating point.

We know that only 2.4% of the population are employed in “computer and mathematical occupations”. Which would seem to put an upper bound on the number of people to whom Free and Open Source Software would be relevant. And any movement which can only possibly be relevant to such a small fraction of the population is going to have difficulty garnering widespread support, or even interest.

While I am interested in the topic he goes on to discuss later, whether or not universal programming literacy ought to be a goal of our society, I think these first paragraphs go too far.

Availability of source code is extremely relevant to the non-programmer. The most important example of why is vendor lock-in, a serious problem with proprietary software, and nearly impossible with free software.

If I have to use a piece of software, either to operate this blog or to run part of my business, and I have a choice between a proprietary program (or even a no-cost binary provided without source) where any problems I have can only be solved by the software’s author, who is the only person with source code access, versus a piece of free software where I have access to the source code, and even though not a programmer myself, where I can hire any competent programmer to solve my problems with the software for me, I would, other things being equal, always choose the latter.

Free software creates a competitive market in software services because the code is available for anyone to examine and modify. That means even if I myself can’t modify it to any useful effect, I can at least enter a competitive marketplace of those who can. With proprietary software if I want my problem solved, and if I’m not an important enough customer I may even be ignored. If they are willing to help me, then the proprietary software owner can charge monopoly prices for the fix I want.

This reason alone makes free software extremely relevant to the non-programmer. It removes the proposed upper-bound on to whom free software is relevant, and gives a good reason why free software is having no problem garnering widespread support and interest. I don’t expect that I have to explain this to r0ml, but as I said, those two paragraphs seemed to overstate the situation.

16 AprSound Working on Post-February 2005 12″ G4 Powerbook

The Debian Sarge net install for ppc doesn’t get sound working on the most recent Powerbooks. To make it work we need to apply Ben’s patch to the most recent kernel. This took me forever to figure out, but here it is in eight easy steps.

1. Download and prepare the Linux 2.6.11 source
cd /usr/src
wget http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.11.tar.bz2
tar -jxf linux-2.6.11.tar.bz2
rm linux
ln -s linux-2.6.11 linux

2. Download and apply the Linux 2.6.12-rc2 patch
cd linux
wget http://kernel.org/pub/linux/kernel/v2.6/testing/patch-2.6.12-rc2.bz2
bunzip2 patch-2.6.12-rc2.bz2
patch -p1 <patch-2.6.12-rc2

3. Download and apply Ben’s powerbook sound patch
wget http://sharealike.net/debian/ppc/benssoundpatch
patch -p1 <benssoundpatch

4. Compile your patched kernel
make menuconfig # be sure to include ATA 100 support or your kernel won’t boot.
make-kpkg clean
make-kpkg –append-to-version=.050416 kernel_image # 050416 is the date in YYMMDD format

5. Prepare to install the compiled and patched kernel
Take a look at your /boot directory. There is a vmlinuz and an initrd.img file for the standard Debian kernel, but your new kernel will not need an initrd.img file, and will just have a vmlinuz file. If you want to keep several kernels available for use then note the names of their vmlinuz files for when we edit yaboot.conf in the next step. Now to install the kernel:

cd /usr/src
dpkg -i kernel-image-2.6.12-rc2.050416_10.00.Custom_powerpc.deb # Note again that your YYMMDD version will likely differ.

6. Edit your yaboot.conf file
vi /etc/yaboot.conf

You’ll want something like mine:

boot=/dev/hda3
device=/pci@f4000000/ata-6@d/disk@0:
partition=5
root=/dev/hda5
timeout=100
install=/usr/lib/yaboot/yaboot
magicboot=/usr/lib/yaboot/ofboot
enablecdboot
macosx=/dev/hda6

image=/boot/vmlinux
label=Linux-2.6.12
read-only

image=/boot/vmlinux-2.6.8-powerpc
label=Linux-2.6.8
read-only
initrd=/boot/initrd.img-2.6.8-powerpc

ybin -v # If you don’t do this your Powerbook may not boot!

7. Prepare for reboot
Before rebooting make sure you’ve got ALSA installed:
apt-get install alsa-base alsa-oss alsa-source alsa-utils alsamixergui gnome-alsamixer

I also needed the zd1211 driver for use with my wireless USB key. I got the CVS version:
cvs -z3 -d: pserver:anonymous@cvs.sourceforge.net:/cvsroot/zd1211 co -P zd1211 # There’s not supposed to be a space between ‘-d:’ and ‘pserver’ but if I don’t include the space here it prints a stupid smiley graphic. p

Cross your fingers and reboot.
On reboot, after pressing L for Linux you then can press TAB at the next prompt to see your two kernels. Type in the one probably called Linux-2.6.12 and press enter.

Sound should now be working. If, like me, you can just barely hear the internal speaker but the headphone jack output sounds fine, then start gnome-alsamixer and crank up the DRC Range setting. Then you can hear the internal speaker fine too.

8. Get wireless USB key working again
To get the zydas driver working again:
cd zd1211

make clean
make
make install # The version as of 04-15-2005 installs to the wrong directory. Do this:
mkdir /lib/modules/2.6.12.-rc2.050416/net
mv /lib/modules/2.6.12-rc2/net/zd1211.ko /lib/modules/2.6.12.-rc2.050416/net
depmod -a
modprobe zd1211
lsmod # Just to confirm that it’s there.
ifconfig wlan0 up
iwconfig wlan0 essid default # ‘default’ is the name of my no-WEP wireless router.
ifup wlan0

Ta-Dah! You’ve got sound on your wireless-enabled Debian-running Powerbook!

13 AprMunich Court Enforces GPL Again

Despite earlier concerns reported on Slashdot that the GPL might be particularly difficult to enforce in Germany, that country’s courts now hold the distinction of having enforced it twice. The first enforcement came in 2004 when Harald Welte of the netfilter/iptables core team sought to enjoin Sitecom from distributing its WL-122 router, which used netfilter’s GPL’d code, without also providing the source code and a copy of the GPL, as that license requires. The Munich Court granted Welte a preliminary injunction and then upheld that injunction (Court’s decision in English pdf) and now Sitecom provides the source code from their website. Welte, who also now runs gpl-violations.org to track GPL violations, and who personally handed over warning letters at Cebit to companies not in compliance with the GPL, reported on his blog today that he has obtained a new preliminary injunction enforcing the GPL, this time against Fortinet for distributing their firewall products (FortiGate and FortiWiFi) that include GPL’d code while Fortinet refuses to release the source. Congratulations again to Welte and his attorneys! (This was a Slashdot submission of mine that was accepted.)

Update: There’s a good article describing more details of the case.

19 MarDebian Sarge on New 12″ Powerbook with 802.11g Wireless!

12inch Powerbook With Debian on it I bought a 12″ G4 Powerbook on Mar. 13. (Tech details later).

I dual-boot OS X (10.3.7) and Debian GNU/Linux. What follows explains how you too can run Debian alongside OS X on this great-looking hardware. You also get 802.11g wireless!

Requirements:
0. G4 Powerbook & OS X CD. HOWTO for those built after 1-05.
1. Wired Ethernet Connection (used during install).
2. USB Mouse (trackpad support not automatic + provides right mouse button).
3. ZyAIR G-220 Wireless B/G USB-Key (find low price @ pricegrabber) (Or try any other device using the ZyDAS ZD1211 chipset).
4. 1 Blank CD-R.

Note:
What this HOWTO won’t get working: suspend.
What simply isn’t supported yet: Airport Extreme.

HOWTO:
0. So long as you have a wired ethernet connection you can use later during the install, download the Debian Net Install Image from this page: http://www.debian.org/devel/debian-installer/
It’s the netinst CD image, with Debian base, click on the “powerpc” link. Burn that image onto your blank CD-R. Confirm that the CD is OK.

1. Insert the OS X Panther CD and use the Disk Utility to partition the drive into two partitions. I used HFS+ for each.

2. Install OS X on the SECOND partition. (You now have about an hour to go to another computer and sign the petition to get Broadcom to release details on the chipset in Airport cards and to call them at (949)450-8700 to discuss this nicely. Follow up with a hand-written letter about how you buy hardware that you know will work on GNU/Linux systems and then to send it to Broadcom Corporation 16215 Alton Parkway P.O. Box 57013 Irvine, California 92619 USA).

3. Once OS X is installed and working, put the Debian Net Install CD in and reboot. Hold down the ‘C’ key to boot from CD-Rom. Install Debian. The only default choice I changed was for the graphics driver. I chose the nv driver because these Powerbooks have the NVIDIA GeForce FX Go5200. The installer will guide you through partitioning, but basically you’ll make an 820k newworld boot partition near the front, a swap partition, and a root partition (which can be subdivided some more if you like). I chose not to mess with the crufty “free space” partitions that Mac leaves behind because some say they’re important while others say they aren’t. I didn’t want to have to start over for 128 megs.

4. The default install left me with an 800×600 display that was too bulky for my tastes. Once things are working edit /etc/X11/XF86Config-4 so that Section “Screen” has a DefaultDepth of 24 and that the Depth 24 SubSection has a mode of “1024×768″ listed before the others.

Getting Wireless G to work

5. While you still have that wired ethernet connection, download the latest zd1211 driver. I had success with the version from March 15.

6. Also use apt-get or dselect to make sure you have some needed packages: apt-get install gcc kernel-package kernel-source-2.6.8 libc6-dev tk8.3 libncurses5-dev fakeroot wireless-tools

7. Once that’s done go to /usr/src and look for the kernel-source-2.6.8 directory. You need to create a symbolic link like this: ln -s kernel-source-2.6.8 linux
Then do an ls -l to confirm there’s now a link to /usr/src/linux. Then make one more symbolic link (which will be used in compiling the zd1211 driver) like so: ln -s /usr/src/linux /lib/modules/2.6.8-powerpc/build [UPDATE: THIS LAST LINK IS PROBABLY UNNECESSARY WITH MORE RECENT VERSIONS OF THE ZD1211 DRIVER]

8. Type make menuconfig and accept all the options as they are.

9. Go to the directory where you put the zd1211 driver and unzip and untar it with something like: gunzip -dc *zd1211*.tar.gz | tar -xvf -

10. cd into the new zd1211 directories and find the Makefile. Open it in a text editor and find the line that looks like: KDIR := /lib/modules/$(KERNRELEASE)/build and change it so that it looks like: KDIR := /lib/modules/$(KERNRELEASE)-powerpc/build [UPDATE: THIS IS UNNECESSARY WITH MORE RECENT VERSIONS OF THE ZD1211 DRIVER]

11. Type make clean | make | make install

12. This step might not be necessary but then I did: cp -r /lib/modules/2.6.8/net /lib/modules/2.6.8-powerpc and I added that powerpc path to /etc/modutils. I think what really got the module ready for use was: depmod -a

13. Type modprobe zd1211 and do an lsmod to confirm it’s there.

14. Edit /etc/network/interfaces to include this:
# The ZyAIR G-220 USB Key 802.11b/g
auto wlan0
iface wlan0 inet dhcp

15. You may have to plug and unplug the ZyAIR somewhere in here to make it work, but what works for me is this:
ifconfig wlan0 up (now both ifconfig and iwconfig will show the device)
iwconfig wlan0 essid default (now wlan0 found my access point)
ifup wlan0 (now it receives an IP address and I’m on the net!)
Also, don’t have it plugged in when booting up or you get an infinite loop that prevents booting.

Battery Monitor
16. I have a working battery monitor in Gnome. I think I did this: apt-get install gpmudmon-applet and then right click on the panel, click add to panel, then select Pmud monitor. (At the same time I installed several other packages so I’m not completely certain this is the one that did the trick. I’d welcome confirmation.)

Trackpad Support
17. So, all this time you’ve been working without the Apple trackpad. Annoying. You can get it working by following the instructions here. You can also read the debian-powerpc thread discussing this driver. I believe you’ll need at least a 2.6.11 kernel for this to compile and on my 2.6.12-rc2 kernel it compiled but the trackpad was so jumpy I found it unusable. I’ll update this as support improves.

Bluetooth Support
18. Bluetooth will work, but I haven’t tried this yet. Read about it on the debian-powerpc mailing list.

Sound
19. Getting sound to work requires recompiling the kernel with appropriate patches. I describe how to get sound working on a post-February 2005 12″ G4 Powerbook in a separate post.

Technical Details on my Powerbook
Processor: PPC 1.5GHz
uname -r : 2.6.8-powerpc
gcc –version : 3.3.5 (Debian 1:3.3.5-8)
lsmod | grep hci : ehci_hcd ohci_hcd usbcore ohci1394 ieee1394

I’ll try to update this as I get more things fixed. Email brianwc at berkeley edu or leave a comment here with problems and corrections.

14 FebLinking to Red Hat Without Permission

http://www.redhat.com

I’m linking to Red Hat(R) without permission. Mwah ha ha ha ha! MWAH ha ha ha ha! MWAH HA HA HA HA! Red Hat(R) has a stern Trademark policy and are giving the good folks at Centos a hard time about it. Their stupid letter now on Centos’ front page purports to prevent linking without permission. Ummm. Welcome to the internet, Red Hat(R)! So glad you could join us!

I’ve been wanting to write something about this, but have been a bit short on time. Their TM policy is so extreme it seems to me it might even be attempting to prevent purely descriptive uses of their marks, which TM law doesn’t allow TM-holders to prevent (this might even be TM misuse), or it could almost be active inducement of TM infringement because they know people copy GNU/Linux distributions like theirs (that’s the point!) yet they‘ve intentionally designed their distribution and their TM policy so that it takes a computer whiz to figure out how to strip every occurrence of ‘Red Hat‘(R) or the Fedora Hat Image from the CDs. (This last paragraph is chock full of untested and novel legal theories that I don’t have time to discuss or explain. I’ll get to it at some point.)

03 FebOSI Shake-Up and Sun’s Big Mistakes

The Open Source Initiative (OSI) announced Wednesday that their founding president, Eric S. Raymond, will step aside as OSI expands. OSI said Russ Nelson will succeed Raymond as president and that it intends to expand its role beyond its traditional stewardship of the Open Source Definition and the certification of open source licenses. OSI will establish principles of open source development and best practices, create a registry of software projects consistent with open source licenses, and add international perspectives and initiatives related to open source. Lawrence Rosen, OSI’s first general counsel and secretary and its one-time executive director, is also stepping aside as OSI has hired two new lawyers: Mark Radcliffe, a partner at DLA Piper Rudnick Gray Cary, has been named OSI general counsel and Laura Majerus, a partner at Fenwick & West, will hold the new position of director of legal affairs. Michael Tiemann will become vice president and Danese Cooper will continue as secretary and treasurer. There are also reports that this shake-up may have been much-needed due to personality conflicts within OSI.

In that article, Danese Cooper is quoted, defending Sun’s recent CDDL license. Of course, Ms. Cooper, works for Sun, so consider the source. I’m thrilled to see Sun’s OpenSolaris and their recent patent pledge, but I’m not terribly surprised that Sun seems to be screwing this up. (How long have they been saying they’d open source Java?) First their patent pledge was unclear. Will Sun’s patents be licensed to all developers working under an OSI-approved license or merely to those contributing to the new open source version of Solaris? See Sun Solaris Patent Release Questioned; Daniel Ravicher’s Letter Re: Sun’s Patent Grant to Open Source Community (pdf); Richard Stallman, Sun’s no-op announcement; and Bruce Perens, The open-source patent conundrum.

We already know that the CDDL is incompatible with the GPL. Big Mistake #1. Now all the improvements of GNU/Linux under the GPL and any goodies from OpenSolaris under CDDL will have to live on opposite sides of Sun’s new artificial Berlin Wall. [ReaganVoice]“Mr. Schwartz, tear down that wall!”[/ReaganVoice] If the best parts of both operating systems could cross-pollinate, everyone would benefit. It also seems that Big Mistake #2 is going to be that Sun’s patent pledge only applies to developers working on projects licensed under the CDDL. So Sun is telling developers, “If you work for us, on our operating system, where none of your improvements can ever escape into the Linux kernel, then we won’t sue you. But, if you work on GNU/Linux, then watch your back, because we may bring a load of more than 1,600 patents down on your head.” If Sun really wanted to one-up IBM’s pledge of 500 patents, (Feast for open source as IBM opens patent pantry; IBM Pledges 500 U.S. Patents To Open Source In Support Of Innovation And Open Standards; Jim Wagner, IBM Pledges Patents to Open Source.) then they’d make the same pledge that IBM did and they’d guarantee that anyone working under an OSI-approved license has nothing to fear from Sun’s patents.

17 Sepsharealike.org is back!

Sorry.

This site has been down for a couple weeks because I upgraded Apache and it didn’t play nice with php4. Unfortunately, I didn’t have time to fix it either. It’s the interview season on campus for me and I’ve been surprised at how time consuming that process has been.

Another thing that has had my attention lately… Jac and I have just started telling people that we are expecting our first child to arrive some time near the end of March. She’s doing OK, but is dealing with a good bit of nausea.

OK, now if I could just find time to try to build one of these MythTV Linux PVRs. That would be cool. Ahh, well, back to Employer Research.

20 AugThe GPL’s Day In Court

I posted on IBM’s recent motion for partial summary judgment against SCO at bIPlog. Check it out.

05 AugIBM Should Organize a Defensive Patent Pact

In light of the recent report by Open Source Risk Management that 283 granted but not-yet court-validated patents could possibly be used to attack the Linux kernel (pdf), IBM has pledged not to use its patent portfolio against the Linux kernel. That’s nice.

But I want more.

I think IBM should organize a defensive “Patent Pact” with HP, Novell, Intel, AMD, Red Hat, Sun, etc. whereby each of them singly and as a group pledges:

  1. Not to assert any patent infringement claims against the Linux kernel and
  2. If any plaintiff does assert a patent infringement claim against the Linux kernel then each member of the pact will do a thorough review of their own patents and will bring suit against that plaintiff for all legitimate claims of patent infringement and
  3. If a given plaintiff appears to be unsusceptible to patent infringement counter-claims, then all other legitimate causes of action will be explored and brought and
  4. Not to enter into any other agreements that would limit their ability to fulfill the terms of this agreement.

This would be a powerful defense for the kernel. It would cloak the kernel in a patent suit of armor that only a fool would dare to challenge. Sure, you could sue someone claiming that the Linux kernel infringes one of your patents, but if you did so, you’d have to brace yourself for an onslaught of claims.

Perhaps I’m naive, but I don’t think Microsoft is really planning on bringing patent infringement lawsuits against the Linux kernel. I think annoying little non-businesses like SCO or these companies that have no business other than IP-licensing are more likely to try something like this. Those latter non-companies are the reason for point 3 above. If someone doesn’t use or produce any products, but just extorts money from real businesses, I mean, just licenses their IP, then you’d have to explore other causes of action.

One question would be to whom each of these individual companies would make such a pledge. They could each make the pledge to one another, but it seems also the pledge should be made to Linus and all the other copyright holders who’ve contributed to the kernel.

You’d also want to explore any possible anti-trust or unfair competition issues, but I think, without knowing, that if you allowed anyone to join such a purely defensive pact, it would be fine.

So, let’s have it IBM; give us something even better, and let’s have it in writing.

25 JanEFF’s Trusted Computing Class

On Saturday, January 24, 2004, I attended an all-day class on Trusted Computing hosted by the Freedom Technology Center in Mountain View, CA. The class was taught by the Electronic Frontier Foundation‘s Staff Technologist, Seth Schoen.

You could get the basic flavor of the class by reading Seth’s articles, Trusted Computing: Promise and Risk and Give TCPA an Owner Override. He is writing a book on Trusted Computing, and spent the day taking us through his outline in detail.

This was an excellent class because of Seth. He is able to explain extremely technical hardware specifications to someone who is not an electrical engineer or even a computer scientist. He also has a balanced view of Trusted Computing, and took the time to point out the possible benefits of this technology along with the potential abuses.

We began with a discussion of some of the basic problems of computer security. Example: Presently, it is difficult, if not impossible, to know with certainty whether your computer is doing what you think it is doing and only what you think it is doing. That is, if you’ve ever left your computer physically unattended on your desk, or if you’ve ever been on the internet or a network without a completely patched system, or even if the manufacturer of your computer installed your O/S for you, then for all you know you could right now be infected with a boot sector virus that starts prior to your O/S, takes control of key features of the O/S and systematically fools any anti-virus software (or other security tool) that subsequently runs. The problem is probably worse if you need to know with certainty that a remote computer you wish to communicate with has not been compromised.

We also discussed the security problem that Roman poet and satirist, Juvenal, noted as long ago as the first century A.D. “Who will watch the watchers?” Your anti-virus program and indeed, any other security tool, can be compromised just like a regular application can and then cheerily report that all is well. The basic upshot of this preliminary background was that current computer security poses some fairly intractable problems.

Enter Trusted Computing. The amazing thing about these chips is that, if implemented as planned, I think they would actually do something to solve some of these very hard security problems discussed above.

The next four hours or so were spent detailing the four different initiatives out there that fall under the heading of Trusted computing. They are TCPA (now known as TCG), Intel’s LaGrande, AMD’s SEM, and Microsoft’s Palladium (now known as NGSCB). This was probably the most valuable part of the day, because understanding how this stuff works and why one might be motivated to design it in this way is necessary in order to begin to think of alternative methods of design that might achieve similar ends with less potential for abuse or to discuss it intelligently at all.

We spent a lot of time looking at the four main features of trusted computing which are:

  1. Sealed Storage
  2. Attestation
  3. Secure I/O
  4. Memory Curtaining

One key thing that I do not think is widely known is the extent to which all of this hardware is walled off from the rest of the machine. It will be touted as an “opt-in” system, so that if you do not want to use the trusted computing chip (the TPM), you need not. You can continue running Linux, BSD, or OS X and nothing has changed. It’s true that the TPM could conceivably be running nefarious programs that report on you, but the design is such that these reports would be sent through the regular part of your computer where you maintain control. So, a firewall or other software on that side could detect any uninitiated actions of the TPM.

Of course, lots of things are “opt-in” in name, but in practice, given other considerations, you can be left with little real choice. This is a big problem I will save for later. The point is that the story is not as simple as many Slashdot posters frame it. It’s not “Microsoft wants to crush Linux and so they are going to force a chip down consumer’s throats that will make it impossible to install a non-MS O/S.” In fact, the only TPM that you can buy right now comes in an IBM laptop that runs Linux! You can read a fairly technical article about this.

But there is the potential for abuse. Since that’s what everyone wants to hear about, here’s the scoop on that. This architecture makes problems that we have now, which can be worked around (sometimes only through extreme measures by super-geeks) truly insurmountable.

  1. Software Lock-in
  2. Software tethering to a single computer
  3. Prevention of Software Inter-operability
  4. Forced DRM restrictions
  5. Forced Upgrades/Downgrades
  6. Total Elimination of Software Reverse Engineering
  7. Truly Undetectable Spyware/Adware
  8. Hardware Lock-in

But what I really learned is that these potential abuses are not really the problem. This stuff is coming and I don’t think we’re going to stop it. The real problems are 1) Microsoft’s 90%+ market domination and 2) Consumer Apathy. Because the potential abuses mentioned above only truly become frightening when combined with these additional realities. When so many people use a Microsoft OS and when so many people do not care about or understand most of the potential abuses listed above, then we get a far more greater likelihood that these potential abuses will become real abuses.

I think our best defense temporarily is that IBM and Sun are members of the TCG, and given their interests in operating systems other than Windows, they are not going to do something that would allow for in principle or in practice O/S lock-in. The fact that so many internet servers run on other O/Ss also make it difficult to imagine that non-MS O/Ss could be kicked off the internet, for instance. (This could happen if your ISP’s router had a TPM chip and a policy requiring all connecting computers to prove they were running the latest Windows OS with all patches applied.)

Personally, I think the fact that such an architecture makes reverse engineering of software in principle impossible is enough reason to scrap the whole thing. I doubt most people care so much about reverse engineering though. The only avenue I see for motivating wide-spread consumer concern is to hammer on the very real possibility of undetectable spyware. Sadly, many people don’t even care about their privacy, so this may not work either.

When our audience is the industry and not consumers, then Seth’s proposal of an owner override to attestation becomes a pretty great idea. It defeats some of the benefits of the architecture, but also prevents some of the abuses.

Overall, I think framing the question this way might be best: Do we want to continue to have computers over which the individual has total control or do we want to have computers where we give up part of our control to the hardware itself/a third party? The thing about total individual control is that individuals are sometimes up to no good or are too lazy/uninformed to keep their systems secure and so some harm comes from giving them total control over their computers. But, the best argument here might be: That’s OK. We simply prefer to live in a world where we control our computers. Even if ceding some of that control brought us better security in some instances, we might simply say: So what?