Call For Testing BSD Fund

The Crossroads

#SoftwareFreedom #HardwareFreedom #RestrictedBoot #Apple

August 27th, 2012

Version 1.1

© Michael Dexter

This swing of the IT pendulum is poised to slice off the hand that feeds it

It's the oldest rivalry in computing: An invisible pendulum swings between one generation of users accessing centralized servers from thin clients and the next ruling their cubicles with powerful distributed workstations. Thanks to the recent boom in handheld computing fueled by near-ubiquitous mobile bandwidth, the pendulum is currently taking an unprecedented swing to the thin client/powerful server side and vendors love it: The smart phone has finally brought computing to the truly mass market and provides ongoing hardware, bandwidth and "app" revenue opportunities. The data center industry that feeds these devices is also seeing historic growth and actual innovation as demonstrated by the brilliant Open Compute Project. The casualty of this latest swing of the pendulum however is the very demographic that develops the content that fuels this growth: the "power user" workstation jockeys who edit the videos you watch, draft the plans to the office you inhabit, layout the magazines you read, map the city you live in and serve countless other vertical markets. Tasks that strain the best of personal workstations and the networks that connect them.

What threatens these professional users is the pollution of the workstation ecosystem with thin client technologies: dumbed-down user interfaces, hermetically-sealed hardware and restricted boot loaders. While the open source community has only dabbled in the first of these three, the latter two are serious threats that will equally impact users of open source and proprietary operating systems.

I will examine these impacts on a market that I have a unique fondness and respect for: enlightened architectural and prepress firms. These demanding production environments are characterized by sophisticated users who rely on proprietary software but are passionate about reducing and ultimately eliminating it. They have optical connections between their branch offices, build their networks with tools like FreeNAS, pfSense and OpenBSD, use MacBooks running open source and proprietary OS's for offices tasks and run just enough Windows to support their proprietary design software. Some run Windows Server in virtualized environments but would run open source alternatives if provided the right system administrator.

Though usually running a proprietary OS, their MacBooks have had the advantage of interchangeable power supplies, easily-swapped out hard drives and repair services at the corner mall. The value of these can't be ignored: I have seen conference speakers swap MacBook hard drives before going stage after and accidental coffee spill. I swapped drives several times when needing repairs while living in a former-Soviet republic and once even dropped off a MacBook for a motherboard replacement on a Saturday evening and picked it up Sunday morning. Unfortunately, the recent introduction of the hermetically-sealed "Retina" MacBook signals the end of this era and Apple even introduced a new power connector to add insult to injury. The platform that once promised an open source kernel with the ZFS file system backed by the best hardware service in the business has now done away with all of these. A move to a restricted boot loader would fully condemn the MacBook as a non-starter for the "power" users and developers that made it so popular. Apple's message is literally and figuratively, "don't leave the mall."

Virtualize the Proprietary

As for their Windows requirements, these design firms generally view Windows as a necessary evil that you virtualize whenever possible. Just as with Windows Sever, the sheer time it takes to install and configure the required software discourages one from running it on bare metal. Restricted boot loaders threaten this model and ultimately should motivate open source developers to improve hypervisors like BHyVe, VirtualBox, Xen and KVM, WINE Windows API compatibility, and open source BIOS solutions like coreboot, U-Boot and OpenBIOS. Inside deals aside, proprietary software vendors should build their software against WINE and hardware vendors should accept that firmware is rarely a value-add.

Where security is a slogan

While bringing security to the firmware level is a very good thing, it is only as secure as it our ability to audit it. By definition, a "secure" firmware is one that provides all users the ability to scrutinize, build, install, test and fix it. Anything short of that is at best a slogan and at worse a promise of security for which vendors must assume full legal responsibility. To assume this responsibility would be revolutionary but instead they will continue to hide behind warranty disclaimers that are far longer than any found in any open source license. The notion of a vendor-controlled "secure" boot strategy also raises the question of how such firmware will comply with international cryptographic import/export controls. With governments playing an increased role in computer inspection and intrusion, the public must be provided clear and reasonable compliance guidelines.

Where does this leave BSD users? While we all have to band together to fight for genuinely-secure boot loaders, two compelling OS options are available here and now: OpenBSD if you want to roll your own desktop and PC-BSD if you want the greatest amount of software options in the least amount of time. As I have reported before, the OpenBSD ACPI stack brings suspend and resume functionality to a remarkable number of notebook models and its new rthreads implementation promises a very snappy GUI experience. Whereas OpenBSD allows you to install any GUI you want, PC-BSD includes all of the leading window managers in its base distribution and makes it easy to switch between them when logging in. I don't know of a single Linux distribution that offers this level of window manager agnosticity out of the box or definitively won the GUI battle.

Continue or turn?

Many of us saw this day coming and remained cautiously optimistic. I am hearing Mac users say that they probably won't buy another Macintosh to run Mac OS X even if virtualizing Mac OS X is not officially an option on anything but Apple hardware. I invite notebook vendors to do to their professional lines exactly what they have done to to their server lines: provide a higher level of documentation, drivers and support, offer ECC memory and extended life models. We must all lobby for fully-open and secure firmware and convince vendors that this small corner of their product is a much bigger value-add if open rather than proprietary. Finally, with handheld computers eating into their notebook sales, vendors must accept that professionals will continue to drive workstation "trucks", as Steve Jobs so eloquently dismissed them.

Join me in thinking long and hard about your next computer purchase and asking your vendors for nonproprietary options. It we don't, hermetically-sealed systems and restricted boot loaders will bring end of personal computing as we know it.


Copyright © 2011 – 2014 Michael Dexter unless specified otherwise. Feedback and corrections welcome.