This whole debacle reeks of stupidity. The only thing that will happen is that the criminals they are (allegedly) trying to catch will simply move their comms to different channels. What's stopping a sophisticated crime syndicate form simply creating their own app which will have a small enough footprint such that it will fly under the radar?
From the perspective of tech companies, they are being put between a rock and a hard place by simultaneously being asked for more privacy, and also less privacy.
How long until the bureaucrats start saying "These unregulated foreign VPNs are a danger to our private data / economy / national security / children"?
I mean, if a jurisdiction is making people's phones spy on them, then it's not much of a stretch to also make those phones not connect to unapproved VPNs, or even to prevent them installing unapproved apps (despite the recent win of the EU supporting sideloading on mobile OSes).
Unless they try to aggressively regulate the sale, import and manufacture (at this point, many hobbyist level homebrew retrocomputers are powerful enough to run a VPN) of general purpose computer devices or aggressively firewall all of the EU and punish anyone using to obscure encrypted data flows through approved protocols, this will of course only stop the people who actually don't have anything to hide. It'll be trivial to work around for anyone actually up to no good
> It'll be trivial to work around for anyone actually up to no good
I never claimed they were motivated to actually stop these crimes.
If the real ultimate goal is to prevent the spreading of "state secrets" (i.e. journalists exposing government malfeasance), or reduce copyright infringement, or limiting the spread of "disinformation", or banning memes that insult public figures, then the government needn't worry about "hobbyist level homebrew retrocomputers". Most people will continue to use mainstream platforms, and most governments mostly care about controlling most people.
Besides, the next step will be to make ISPs deny service to any machine which doesn't have Secure Boot enabled, and which isn't running an "approved" OS, which checks every executable you run. Suddenly your general purpose computing device isn't very useful any more.
If the goal is to create an authoritarian dictatorship, then sure, controlling "most people" is usually enough because you can control the press by sending thugs to their offices.
But your "next step" is far beyond what even China does.
It would kill off any ability for software development. I'm all for being vigilant, but these scenarios are not realistic. As for a general purpose computing device being useful, as long as you can send or receive text or sound or images in any format that can be intercepted, you can tunnel arbitrary data. After all, we have a long history of using acoustic coupled modems. No, it's not practical for regular users, but if we get subjected to that kind of authoritarianism, it's worth doing for the sake of it.
> But your "next step" is far beyond what even China does.
And yet online services blocking access to non-SecureBoot devices is already the norm for industries ranging from online gaming[0] to fast food![1]
Add in the fact that Hollywood wants this (for DRM and blocking torrenting apps) and governments like Australia claiming their laws trump the laws of mathematics[2], and you can almost guarantee that this is going to become mandated as soon as enough Windows 10 users update to Windows 11.
> It would kill off any ability for software development.
Software development would have to be sponsored by approved companies, or at the very least you'd need to apply to the government for a "licence to code", with your ID number baked into every app you create. As an interim step, governments may allow devices to access a "legacy" portion of the internet which doesn't require SecureBoot to be enabled, but expect that portion to get smaller and smaller each year.
> as long as you can send or receive text or sound or images in any format that can be intercepted, you can tunnel arbitrary data.
But which app are you going to use to create those sound or image files? I suppose you could create your "illegal" files on an airgapped non-approved device, and transfer them via USB to the approved device, and people could do the reverse process when they receive them, but that's a cat-and-mouse game which 99% of people can't or won't play, and governments will win by mandating cryptographic watermarks in any files created.
> And yet online services blocking access to non-SecureBoot devices is already the norm for industries ranging from online gaming[0] to fast food![1]
Specific online services doing so is very different from a general ISP ban. A general ISP ban is impossible as long as you have an IO channel of any kind, including projection of text or playing sound. See the end of this comment. SecureBoot in itself also does not in any sense stop general purpose computing of unsigned code.
> Software development would have to be sponsored by approved companies, or at the very least you'd need to apply to the government for a "licence to code", with your ID number baked into every app you create.
... and you've just kneecapped your software industry in favour of companies outside of said authoritarian hellhole. Won't happen. The EU has a long history of crazy demand like this being proposed, and they end up dying or getting watered down to nothing because there's nowhere near sufficient support for going as far as you suggest.
> But which app are you going to use to create those sound or image files? I suppose you could create your "illegal" files on an airgapped non-approved device, and transfer them via USB to the approved device,
Missing the point. If you can play and record sound on an approved device, for example in a call, or transfer text, no matter how filtered, you can use that as a channel for an non-approved device. We used to use heavily filtered low-fidelity audio channels to transfer data, via acoustically coupled modems, after all. Any attempt to filter this just reduces to making it seem more plausibly like acceptable material, e.g. encoding it in speech for example. This is not even a hard problem, though data rates would be low. If a channel can transfer language, it can transfer data.
But we're talking a regime more oppressive than China for this to even be relevant. Even in China today, "normal" VPN tech is sufficient, though a hassle.
> SecureBoot in itself also does not in any sense stop general purpose computing of unsigned code.
It's true that SecureBoot isn't enough, but its current lack of ubiquity is the only thing holding back such a law. A government couldn't demand that a large proportion of voters throw away their PCs / phones, but requiring people to use an "approved" app store is as simple as writing a law and making a couple of calls to Microsoft, Apple, and Google. (See the end of this comment.) Just look at how quickly voters accepted having to carry around a Covid Pass app.
> and you've just kneecapped your software industry ... The EU has a long history of crazy demand like this
Indeed, and this is what people said about the GDPR, and it's what people said about Apple's on-device content scanning, and yet both of those got implemented (to some extent). The regulations I'm imagining are actually quite modest, and basically all software industry groups would support them. They just have to publish a public key on their website, perhaps in some .well-known location, and that would be enough to connect their submissions to app stores with their official company registration details.
Germany, for example, already requires that companies include Impressum information on their websites[0], and the EU is apparently trying to take this idea to its logical extreme with its controversial QWAC certificates[1]. In reality, it is businesses who decide what is reasonable or practical for a jurisdiction to mandate, and Apple is already making people pay an annual developer's tax to them to prove their identity, so no politician is going to say that an "online software development licence" is some sort of impossibility or gross infringement of people's freedoms. (Indeed, a law that makes things slightly more inconvenient for small developers/companies will only be more supported by the lobbyists of big companies, which is further grounds to suspect this will happen).
> If a channel can transfer language, it can transfer data.
You're right, it is possible to generate files that hide encrypted data within them, while also deniably hiding the fact that the encrypted data is there at all, and to do so in a way that is robust against the digital-analog-digital round trip (twice, since both the sender and receiver have to transfer the message between a locked-down and a jail-broken device). And of course the software to do this will have to be sent carefully from person to person, on USB sticks, since any computer that's allowed online will treat it as malware. And people will have to preserve old, unapproved devices to run this code on, which will become increasingly hard to find (with the sale, and then possession, of them being made illegal).
> But we're talking a regime more oppressive than China for this to even be relevant.
It's not more oppressive than China, at least not at the beginning. The first steps are already in place, and no one complained. If a jurisdiction can mandate multiple app stores, then it can mandate only "approved" app stores, and 50% of the population (the Apple fans) will cheer for such regulations, saying that side-loading is dangerous and only the most trusted gatekeepers should be allowed to decide what runs on people's devices.
If you're still not convinced, imagine that the law initially applies just to companies, and is pushed to prevent piracy and to protect cybersecurity of the economy. Would companies really reject such a rule (if it was phased in over a long enough timeframe that all their computers already supported SecureBoot by default)? Perhaps there would be an exemption for software companies to start with, if you think that's a sticking point. Also, imagine these laws being introduced in the aftermath of a cyberattack on energy infrastructure which causes massive prolonged blackouts. I'm not saying this would be a false flag... I'm just saying that one way or another, such a law will pass, even in a liberal democracy.
I know the feeling. I flirted with vim and later neovim for a few years on-off, but kept going back to vscode because i wasn't as fast in vim. I did stick with the vim keybinds in VSC though and, over time, each foray into vim lasted longer until the time came where I finally stuck with it.
I'd recommend using one of the pre-baked configs (LunarVim, Astro, NvChad) to get a taste for what a batteries included vim build feels like. If you're like me you'll use it for a while, tinker with the configs etc. until you reach a point where something annoys you and you'll build a config from scratch. Seeing a fully completed config and playing with it has been really useful!
Was it worth it? Hard to say, but I'm now at the point where all the vim stuff is muscle memory, and I'm now getting comfortable with macros etc. You reach a point where rather than thinking of editing code as an interaction with an interface you start to think of it as just editing code. It's a difficult concept to get across but the fact i rarely interact with a mouse has definitely led me to become less easily distracted while coding.
My custom config feels like what I imagine having a model railway would feel like. It takes a bit of maintenance and tinkering, but it does exactly what i want it to and I get a sense of satisfaction from keeping it up to date.
It's difficult to describe how incredibly valuable this is. Pretty much my entire software stack[1] is scriptable, which means I can sand every corner as soon as it becomes an issue. The impact to my productivity from reduced mental load is honestly incalculable, and I'm pretty sure I couldn't concentrate nearly as deeply on complex things without it.
[1] I've started scripting my browser to behave better too, but that's the main holdout at this pt
It's not a matter of national expenditure, but that of personal expenditure of those pulling the strings. It's just being framed that way by the "will of the people"/"take back control" brigade, and people are dumb enough to listen.
I love how easy it is to browse for music by record label on rdio. Not something you can do on other platforms and it's a great way to discover new music! It'll be sad to see it go.
Does not hurt, but I think most people don't really care or remember the record label.
For me the killer feature would be a sophisticated implementation of "if you like this song, here are some you may also like". Sophisticated, because the music I like is usually an amalgam of multiple styles, for example jazz-funk-soul. The existing software is way too simplistic right now:
1.it usually classifies music in exclusive styles (soul or jazz, but not both),
2. the recommendations that come up are usually the well known artists, and I am more interested in less known ones (because I am familiar with all the big names already).
Those two problems are exactly what the curation of a record label provides. If I really like a song or album by Hudson Mohawke or Flying Lotus, then I know I can find similar releases from the Warp or Brainfeeder labels. This lets me explore similar artists that may not be as well known. I have experienced very high rates of success with this method, much better than any algorithmic recommendations.
From the perspective of tech companies, they are being put between a rock and a hard place by simultaneously being asked for more privacy, and also less privacy.