Comments upon comments ignorant of the realities of the privacy laws governing this domain and the implications on firmware, driver and OS security support. “Just install Linux on it” is a completely unworkable solution. As some have pointed out, the places where this is done have a much thicker IT departments staffed with higher grade professionals to make it work. The thing to be mad here about is the shit support from vendors across the stack. If I had to guess, the worst offenders are probably the SoC vendors who typically ship firmware and driver updates as is the tradition.
That’s exactly the problem. The standard GNU/Linux distro isn’t suitable to allow carrying the responsibility that an innumerable number of users with physical access won’t be able to pwn those machines. Machines that are used by others too. You absolutely can make an OS like that out of Debian or Ubuntu, or what have you. Google has - Chrome OS - but it’ll take a significant development effort. You’d have to basically redo at least some of the work they’ve done. And let’s say you did all of that. Then you end up deploying it on an ARM-based fleet. And there’s a wild vulnerability in the WiFi firmware blob, and the SoC vendor no longer supports it. Every student has root and we’re back to the original problem. 👨🚀🔫
And that’s why instead of getting hardware from a vendor and hoping for the best, you might want to get it in writing that they’ll support their crap till a date. Then you stamp that as the EOL date for that laptop and you present it as part of the spec to whoever might want to buy this laptop. There’s no escaping this problem unless there are no proprietary blobs on the system, which is unlikely for ARM, or you have a solid development team and you’re large enough to have a source sharing contract with the vendor that lets your team fix the vulnerabilities and support the hardware for as long as you like. It’s probably much easier to achieve on x86, which costs more per unit up front.
Comments upon comments ignorant of the realities of the privacy laws governing this domain and the implications on firmware, driver and OS security support. “Just install Linux on it” is a completely unworkable solution. As some have pointed out, the places where this is done have a much thicker IT departments staffed with higher grade professionals to make it work. The thing to be mad here about is the shit support from vendors across the stack. If I had to guess, the worst offenders are probably the SoC vendors who typically ship firmware and driver updates as is the tradition.
deleted by creator
That’s exactly the problem. The standard GNU/Linux distro isn’t suitable to allow carrying the responsibility that an innumerable number of users with physical access won’t be able to pwn those machines. Machines that are used by others too. You absolutely can make an OS like that out of Debian or Ubuntu, or what have you. Google has - Chrome OS - but it’ll take a significant development effort. You’d have to basically redo at least some of the work they’ve done. And let’s say you did all of that. Then you end up deploying it on an ARM-based fleet. And there’s a wild vulnerability in the WiFi firmware blob, and the SoC vendor no longer supports it. Every student has root and we’re back to the original problem. 👨🚀🔫
And that’s why instead of getting hardware from a vendor and hoping for the best, you might want to get it in writing that they’ll support their crap till a date. Then you stamp that as the EOL date for that laptop and you present it as part of the spec to whoever might want to buy this laptop. There’s no escaping this problem unless there are no proprietary blobs on the system, which is unlikely for ARM, or you have a solid development team and you’re large enough to have a source sharing contract with the vendor that lets your team fix the vulnerabilities and support the hardware for as long as you like. It’s probably much easier to achieve on x86, which costs more per unit up front.
Thank you for sharing your experience along with that link.
Because Linus Torvalds stupidly refused to change the Linux license to GPL3.
What difference would the kernel licence make in this context?