It seems to depend on whether you're on a desktop or mobile device. [1]

> macOS 13 Ventura was released in 2022 and for portable Macs with Apple CPUs Apple introduced a feature known as ‘Accessory Security’ (also known as ‘Restricted Mode’)

> By default, portable Macs (i.e. laptops) with an Apple CPU running macOS 13 Ventura or newer version of macOS will require the end user to authenticate and approve a Thunderbolt device when initially connected.

> Stationary Macs (i.e. desktops) with an Apple CPU running macOS 13 Ventura or newer version of macOS do NOT implement the ‘Accessory Security’ feature. As a result, Thunderbolt devices will be automatically approved and authenticated when initially connected.

Anecdotally, I have had Dell and Lenovo laptops with Thunderbolt and in Linux I had to manually approve each new device before it would function. [2]

[1] https://kb.plugable.com/docking-stations-and-video/do-i-need...

[2] https://wiki.archlinux.org/title/Thunderbolt#User_device_aut...

Sure, it is. So what? Have you got 200k for lawyers and years of your life to spend in court fighting over it?

I have personally contacted the SFC with ample evidence of deliberate and wilful GPL violations, such as providing a written offer for source code and then ignoring or flat out refusing requests for the source code. The SFC has acknowledged the vendors are violating the spirit and letter of the GPL.

Nothing happens. The SFC is one organisation with limited resources, FOSS developers don't want to spend their time in court, they'd rather develop software. Vendors know 9 times out of 10 they will get away with the GPL violation scot-free.

It's fine to put on your rose colored glasses and pretend GPL forces companies to release source code. Reality is, the vendors have a larger marketing budget than the entire SFC endowment and the vendor's legal team is happy to tar-pit requests ad infinitum.

This is already the case today with many embedded devices. They have secure boot enabled so even if the vendor releases the GPL source code (big if), you can't do anything because the device will only boot the vendor's signed firmware.

> at a minimum I think there should be a wifi card that does refuse modifications and a main application processor that is 100% user controlled so that they can actually fix problems without needing the vendor to help

This is already possible. The RF components frequently have a signed firmware blob that is verified on load. There is no reason but planned obsolescence and greed keeping the application processor locked to running the vendor's signed code.

Have you seen the state of embedded device security? It is already an unmitigated disaster.

Since you bring up botnets, there are far more exploited security vulnerabilities because a vendor EOLed support (or went bankrupt) and their firmware contained bugs that cannot be fixed because a signed firmware is required, or the source code was not provided than because their signing keys were leaked and someone is distributing malicious updates.

> Forcing vendors to release their security mechanisms to the public and allow anyone to sign firmware as the company is not what you want, though.

Yes, it is what I want. I am perfectly aware of the potential downsides and what I am proposing is worth it. The product is already EOL. In our current era of enshittification, vendor pinky promises to implement a user-bypass in their signed boot chain is not good enough. Look at the Other OS controversy on the PS3 if you want an example of this in practice, or Samsung removing bootloader unlocking in their One UI 8.0 update.

> The only real way to make devices securely re-usable with custom firmware requires some explicit steps and action to signal that the user wants to run 3rd-party firmware: A specific button press sequence is enough. You need to require the user to do something explicit to acknowledge that 3rd-party software is being installed, though.

The vendor has implemented an internal pad on the laser-welded, weather sealed, IP-rated smart watch that must be shorted to disable secure boot. Opening the device to access this will essentially destroy it, but we preserved the vendor's secure boot signing keys so missioned accomplished!

IIRC, a certain Marvell SoC datasheet says multiple key slots are supported, but the boot ROM only supports reading the first entry (so really, only one key is supported).

This concept works fine for the author's example of a kitchen scale, but fails when the device in question is something like a router that has secure boot with one key burned into e-fuses.

In that case we need both open software and a requirement that the manufacturer escrow signing keys with someone so that after EOL any software can be run.

If you intend to purchase an item from the merchant anyway, why would you pass on 20% off?

I sign up for newsletters to get a discount then immediately unsubscribe. If merchants are going to offer a discount for me to input my email, copy the code they email me, and GMail unsubscribe why would I turn that down?

Jolla used the crowd-funding campaign to butter up VCs for their next funding round [3] and then decided the Asian LLC handling the crowdfunding would go bankrupt, leaving backers with no tablets and most with no refund. [4]

The real kicker was that the tablets were ALREADY manufactured by their ODM, Jolla just never paid them. Took backers money and stiffed their manufacturing partner too. For a while after the campaign folded you could buy Jolla branded tablets (running Android, it was just an ODM model they flashed Sailfish on) on eBay or Taobao [5]. I just checked and there's a Jolla Tablet listed on eBay right now. [6]

10 years later, it looks like they're trying the same thing. Maybe they think the internet has forgotten, but I have zero interest in supporting their next hardware rug-pull endeavour.

[1] https://together.jolla.com/question/97695/information-regard...

[2] https://www.indiegogo.com/en/projects/jolla/jolla-tablet-wor...

[3] https://jolla.com/content/uploads/2017/02/46_JOLLATABLET_STR...

[4] https://blog.jolla.com/second_phase_refund/

[5] https://old.reddit.com/r/Jolla/comments/3x2s7e/jolla_tablets...

[6] https://archive.ph/Ncf17

This is also the case on the Play Store. Google *always* places the ad above the actual result, even if you search by the app ID (e.g. org.videolan.vlc)

It is absolutely worth hiring and training juniors. The quality of your onboarding process and documentation will improve. Not only that but a junior will ask questions that senior engineers take for granted, such as "why are we doing X this way?" which can lead to improvements that your existing engineers might not have considered.

Finally, if junior engineers are joining your organisation and leaving every 9-18 months, you need to take a serious look at your career progression ladder and compensation. I have seen way too many companies that have an arbitrary "you cannot receive a promotion in the first X months" HR policy which is just asinine. You know who doesn't have this stupid policy? The company your junior just accepted an offer from.

If your organisation doesn't have the tools and processes to up skill junior engineers into seniors, then it doesn't have professional development for senior engineers and is just a career dead end.

Their support is garbage: 1 Android version and only 3 years of security updates for a phone that cost nearly $1000. Google and Samsung offer 5+ years on their flagship phones.

The cameras are held back by incompetent software; the camera app does not even rotate for a left handed mode (they only need to rotate text and icons). Their camera app behaves like a point and shoot camera from 2004, and you have to treat it like that or your photos will be a blurry, underexposed mess. The cameras are technically fine, but the software implementation is truly terrible.

Yes, the phone has a headphone jack and micro SD slot, but those aren't worth it when everything else sucks. Sony is far, far behind other major Android manufacturers when it comes to software quality and support.

I gleefully gave Sony money for the 5 IV in late 2022. The phone stops receiving all updates next month (September 2025). Custom ROMs (e.g. LineageOS) are nonexistent because Sony has such an insignificant market share.

I won't be giving Sony any money for a new phone.

Cisco Meraki did; their low end switches are Marvell and their "high end" switches (MS420, MS425, MS450, MS350, MS355) were all Broadcom based. Were because about a year ago they announced the End of Sale of all Broadcom based switches.

Everything above the low end stuff is now Cisco Catalyst. (Although one can argue everything from Meraki is low end apart from their prices)

> Marvell and Microchip are fighting for the scraps

Realtek also. Lots of smaller L2 managed switches based on the RTL93xx series. [1]

But I am not seriously comparing Realtek to Tofino, that's like comparing Hot wheels to the actual car.

[1] https://svanheule.net/switches/

Yes, they are repairable. That is where the list of Pros ends for me. Perhaps the only unique selling point is being able to upgrade the motherboard later, but...

The screen, keyboard, touchpad, and IO are all inferior to a ThinkPad.

You can only ever have 4 ports, which is considerably less than your average PC laptop of similar dimensions and weight will have.

ThinkPads and other corporate-tier machines are dirt cheap used after 3-4 years, and finding spare parts for them is usually a non-issue as long as you don't mind eBay. Lenovo will happily sell you parts for a few years after the laptop is released, although availability and pricing are not great.

Framework had a partnership to only sell Western Digital SSDs when I ordered mine, and it later came to light that WD had serious firmware issues with these models resulting in sudden data loss. [1]

Additionally, the 12th Gen model has received ONE firmware update in over a year since release. [2] While Framework have committed to delivering more frequent firmware updates, they don't have a good track record there. No LVFS support either, so you have to burn a USB stick to update.

Prior to the firmware update, I've had the laptop completely discharge the battery while powered off, refuse to power up until being connected to a charger for ~15 minutes, and then display a large error saying the screen and battery were not connected (they were).

Even after the firmware update, I still have issues with phantom battery drain when the laptop is completely powered off.

[1] https://community.frame.work/t/tracking-wd-black-sn850-sudde...

[2] https://knowledgebase.frame.work/en_us/framework-laptop-bios...

As yes, Windows, the famously privacy respecting OS. [1] [2]

Apple has also been hard at work developing new ways to gatekeep users from running their own software. [3] macOS updates are also widely known to be small, quick to install, and never leave the computer unbootable. [4] /s

I, like the author, have had Chromebooks for many years. They are, bar none, the most easy to use and secure by default computer I have ever used.

Chromebooks are cheap and are supported for longer than any Windows/macOS release and the update process is utterly seamless and without issue.

It has all but removed IT support requests from my elderly relatives. The worst thing they can do is install a sketchy Chrome extension, but that's painless to remove compared to malware.

[1] https://www.windowscentral.com/how-remove-advertising-window...

[2] https://www.thewindowsclub.com/windows-10-telemetry

[3] https://9to5mac.com/2024/08/06/macos-sequoia-makes-it-harder...

[4] https://support.apple.com/en-us/102531

Indeed, I don't consider the BSD license a good thing from a user's perspective. Companies love BSD/MIT licensed software though.

Maybe I should have included a "/s" in my post.

The BSD license

Yes, thanks to the magic of the BSD license you can ship an appliance that is nothing more than a vanilla BSD and some hacky scripts and never have to worry about your customers demanding to see how much jank you have shoved into the box.

Transformers only apply to AC, where there is a fluctuating magnetic field.

A transformer in a DC circuit is just a physically large (very low resistance) resistor.

The standard practice to convert DC voltage (at least for these voltages) would be a buck converter, which is an active circuit. [1]

[1] https://en.wikipedia.org/wiki/Buck_converter

This is their latest "High performance industrial grade embedded computer" that I can see on their website

Of course you'll have good upstream support for something as old as the i.MX6UL, it's been out for 8 years (7 years at the time they released the TS-7250-V3).

No wonder Raspberry Pi has upended the market, when a single core Cortex-A7 is the competition.

Even an Allwinner chip that has a terrible BSP at release has good upstream support 7 years later.

The irony here is that other SOC/SBC makers are focused more on throwing a barely stable design onto AliExpress for $20 than investing in good upstream support that would allow them to charge a premium.

Raspberry Pi wasn't always able to charge a premium, that benefit came from years of investment into software and community. I have not yet seen another SOC vendor or board partner realize this in any significant way.

Sorry, I should have included the qualifier recent.

Western Digital has had several recent high profile data loss issues

Of course you won't find a storage vendor with a spotless history, but Western Digital flash devices are spontaneously failing in the past 2 years and there's no solid indication that they've actually fixed the root cause in the affected products.