Andy Has Just Nailed It (Regarding Complexity and Failure, a la UEFI)
Andy has this excellent new article which includes (among many other things) a discussion of "complexity" (apropos):
Complexity
"Tech is too complex."
It's another way of saying technology has "bad usability". This is often heard in the context of security. Over-complex security fails. Complexity arises from wannabe "features" (things we don't really want, but some 'bright spark' thinks is cool). Engineers call this "feature creep". It's often driven by out-of-control creative marketing and "innovation", for example; operating system makers force "AI" on people whether they ask for that or not.
In 1980 my radio and TV had three or four knobs. A five year old and a ninety-five year old could work them with equal ease. My washing machine had four controls. A kettle or toaster needs a single switch.
Device usability, as immediate affordances, regressed in the past 40 years. Finding domestic appliances that aren't over-complex internet-connected spying devices which incidentally do something useful is a challenge today. It takes my mum 10 minutes to switch on her TV using 4 different remotes.
Remember when BIOS (or the menu thereof) was so simple even a little kid could handle it? That was "safe" enough...
Further down Andy explains what neatly related to 'Secure Boot':
None of this happened because engineers got more stupid.
Whereas it once took a button press and less than a tenth of a second for the TV to switch on, it now takes seven steps and as much as half a minute to "log on" to the BBC iPlayer. Those steps add no functionality. They add no security for the user. They are there to make sure that viewers have paid for a TV license and to stop viewers in other countries watching BBC content. They are security for the service provider. Which is pretty much an indirect way of saying they are security against the user. Almost every other service on the internet now comes with similar baggage, additional cost and labour that is offloaded and imposed on the user, and against the users' interests.
As a rule, engineers still design things to be as simple and efficient as they can. But then UX gurus, marketing and PR, publishers, optimisers, engagement experts, middle-men, financial schemers, "intellectual property" lawyers… all come along, seize control and ruin digital products.
Should the law stipulate basic complexity requirements like those for accessibility? Probably not. Would that kill innovation and dumb-down all technology to the lowest common denominator? Whatever you think, it's clear markets have badly failed to balance the rights and needs of customers to "have stuff that does what they want".
The central crux of utility has reversed. Things are designed for the utility of the supplier, and since we now have monopoly suppliers, the end user is told "take it or leave it". Increasingly the wise choice for your online security, peace of mind and mental health is to leave it.
Got that?
He says "they are security against the user"; to hell with the users. The users no longer own or control what they buy. █