Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Please take a moment to reflect on the current situation before launching the "corporate overlord" and related snark.

Many existing customers effectively do not own what they already have; their systems have been infested with malware and crapplications.

Locked-down bootstraps are the least-bad of a very bad lot of approaches available for dealing with the changes in the user base, and with the increasingly less-experienced and less-DIY users for modern systems.

Security attacks are only getting more subtle, complex and sophisticated. The Microsoft Terminal Server-derived Microsoft code-signing digital certificates is a recent example of the complexity of the environment.

How do you deal with these changes in attacks and with the changes in the user base otherwise, given the numbers of systems out there, and the changes in the knowledge and experience of the user base?

Do any of us like these locked-down bootstraps? Emphatically, no. So figure out another way to ensure this security, get yourself patent or three (and yes, software patents are issued for far too many years) and get yourself rich by solving this problem.



I personally don't see many bootloader attacks these days. Consider that SecureBoot only protects from attacks like this, after bootstraping it is upto the OS to ensure security. So purely from this, I don't think the tradeoffs are worth it. Once you have infastructure like this, it isn't hard for it to be misused (even with good intentions).


What proportion of attacks are stopped by securing the boot loader like 2%? Does anyone really think this will stop most malware?




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: