Richard Stallman Speaks About UEFI 549
An anonymous reader writes "Despite weaknesses in the Linux-hostile 'secure boot' mechanism, both Fedora and Ubuntu decided to facilitate it, by essentially adopting two different approaches. Richard Stallman has finally spoken out on this subject. He notes that 'if the user doesn't control the keys, then it's a kind of shackle, and that would be true no matter what system it is.' He says, 'Microsoft demands that ARM computers sold for Windows 8 be set up so that the user cannot change the keys; in other words, turn it into restricted boot.' Stallman adds that 'this is not a security feature. This is abuse of the users. I think it ought to be illegal.'"
Sucks to be a used PC reseller... (Score:4, Interesting)
Re:Sucks to be a used PC reseller... (Score:4, Insightful)
It only applies to ARM devices, not all PCs.
Re: (Score:3)
You say that like they cannot possibly be the same thing.
PC these days doesn't mean x86-based.
Re: (Score:2, Insightful)
You say that like they cannot possibly be the same thing.
No he didn't, he said ARM devices are "not all PCs." Read better.
Re:Sucks to be a used PC reseller... (Score:4, Insightful)
I think the implication is that should Microsoft choose to not support x86 devices, then ARM devices may be "all PCs" that can run Windows 8.
Re:Sucks to be a used PC reseller... (Score:4, Insightful)
Of course Microsoft will support x86 PCs.
The difference is that simple "here's what the lawyers are telling us" thing. Microsoft was judged a monopoly, but very specifically on x86-based PCs. That's just the way the court defined it. Now, as with their IE vs. Netscape things, it's not necessarily kosher for a proven monopoly to use their monopoly powers to grab some new territory. But as Microsoft has always proven, it's better to do that damage now and get slapped on the wrist later, with the damage probably undoable, than to just not do it.
So they'd like to lock-down all PCs. We have known that for years -- they've been talking about doing just that for years. But the lawyers are certainly telling MS brass that you can't just go and make it virtually impossible to put something other than Windows on every new PC. So they're leaving that option in the hands of the manufacturers, and the simple fact that virtually all PCs will be shipped with the locks enabled, if there's a key hidden in there were only we computer savvy folk know where to find it.
But ARM isn't x86, and Microsoft has no monopoly there. So they're going for it -- grabbing for all they can. Same reason the ARM systems won't allow anyone who isn't Microsoft to use the Win32 APIs. They're all there on the ARM machines, just as on the x86 machines. But Microsoft is legally bound to make all OS calls they use available to all developers. But clearly, the lawyers have decided that, too, only applies to x86 machines.
This is very likely to be a train wreck of a launch. Buyers have enough trouble understanding the tech, now they're going to have to figure out why one tablet sold with Windows will run all their existing Windows programs (though it'll need a mouse and keyboard, but ok, I like those on my Android tablet when running shells, etc), and the one sold next to it will only run brand new stuff you have to buy directly from Microsoft. Should be fun to watch.
Re:Sucks to be a used PC reseller... (Score:5, Informative)
The word "PC" comes from "IBM PC compatible"
No it doesn't, it is an abbreviation for the term "Personal Computer". It was in use before there even was an IBM PC.
Re:Sucks to be a used PC reseller... (Score:5, Insightful)
Re: (Score:2, Insightful)
Re:Sucks to be a used PC reseller... (Score:4, Informative)
Re:Sucks to be a used PC reseller... (Score:5, Insightful)
No.
The *concept* communicated by that saying is a valid one, even if the actual "froggy-facts" don't support it's literal meaning in the real world. It has become part of the culture and popular language usage.
Deal.
Strat
Re:Sucks to be a used PC reseller... (Score:4, Informative)
Just because one is paranoid does not mean that nobody is out to get you. Paranoia is a logical reaction when somebody or something *is* out to get you. Considering that the natural progression of government is to expand in size, scope, and power while individual liberty shrinks, OP's reaction is not unreasonable.
"Guard with jealous attention the public liberty. Suspect everyone who approaches that jewel." - Patrick Henry
"The Price of Liberty is Eternal Vigilance." - Thomas Jefferson
"The course of history shows that as a government grows, liberty decreases." - Thomas Jefferson
"There is danger from all men. The only maxim of a free government ought to be to trust no man living with power to endanger the public liberty." - John Adams
I would rather err on the side of caution.
Strat
Re: (Score:3, Insightful)
You say fallacy, I say heuristic (Score:5, Insightful)
the slippery slope argument is a logical fallacy
Logical fallacies work only in the case where all premises are known with certainty. Where premises are not knowable with such certainty, or where premises change over time with a change in culture, fallacies become heuristics.
Re:What instead of the boiling frog? (Score:5, Funny)
all the way to the death camps
You know, using a slippery slope argument is a shockingly bad way to convince someone that a slippery slope isn't a logical fallacy. Just saying.
Re: (Score:3, Insightful)
Re:What instead of the boiling frog? (Score:4, Funny)
Re:Sucks to be a used PC reseller... (Score:5, Interesting)
There are legal reasons for the present arrangement. When Microsoft was investigated for antitrust in the past, the scope of its monopoly was defined in the trial as "Intel based personal computers". Hence locking down Intel will likely trigger another round, in EU if not in US. On ARM, Apple is king, so if it's good for them, it's good for MS.
Re:Sucks to be a used PC reseller... (Score:5, Insightful)
I don't see what the problem is here.
Re:Sucks to be a used PC reseller... (Score:4, Insightful)
Yeah, this will be great you naive fool right up until the time x86 boards stop shipping with secure boot disableable and when Verisign stops selling keys for less than 99,000 dollars for "security" reasons. The funny thing is the hackers will just find a way to infect your machine around this scheme and the consumers will be left holding the bag. Again. I hope the EU steps in and brings MS to their knees.
Re:Sucks to be a used PC reseller... (Score:5, Insightful)
Problem is - you cannot generate your own key. You HAVE to get the key somewhere else, and getting that key will cost money (yes for non-commercial use it is free .... for now). Some operating systems are self build, and they have to get a new key every time they change something at kernel level. That will be a great hindrance.
Now - you can say "big deal - just switch off secure boot". The problem with that is a lot of people just want to dual boot with Windows. Problem with that is - if your distro has no key, yo are forced to do a cumbersome "reboot - go to BIOS - switch off secure boot - save settings - reboot again - start the distro" and when you go back to windows you have to do "reboot - go into BIOS - switch on secure boot - save settings - reboot again - boot Windows". This gives a physical and psychological barrier, that will be a big hindrance for acceptance of any other OS than Windows. In fact all not-signed disto's will be "flagged" as difficult to use, just because the hoops you have to jump trough to get everything working. This creates a unfair advantage for windows (because secure boot is on by default if you want to have a Microsoft certification).
And there are problems with getting this key. The user cannot generate the key themselves. If that would be the case all problems where over. No the user politely have to ask for a key, and so are depending on a third party if they are allowed to use the hardware they just bought for dual-booting. As I said - for now it is free, but there are no guarantees it will stay that way. And if you are making a OS for commercial purposes, you have to pay $99 - again ... for now. This could easily be raised to $999, or $9999 or $9999999 or whatever they want.
And last - if Microsoft has secure boot in place it is a given fact (make no mistake - you wont get a MS approved certification if the hardware you make has no secure boot, so most hardware makers wont take any risk and comply to the demands of Microsoft). And when secure boot is in place Microsoft can increase the demands surrounding this secure boot (if this will be in the field of key generation or increased "safety" demands is to be seen, but you can be sure it will generate a increased barrier for other operating systems).
Re: (Score:3)
That they will not allow you to turn it off.
Which, as I've understood it, is exactly what they require of all arm-based computers designed to run win8.
Re: (Score:3)
Wrong. In order to meet MS's requirements for Windows on ARM, the firmware must not allow SecureBoot to be turned off or a new key set.
Re: (Score:3)
Since I work for Microsoft, but nowhere in the top levels of course. The plan is that on X86 pc's secureboot is optional in the bios for windows 8. But on tablets and smartphones it is not optional which is the test.
the plan is that secure boot is like a "beta test" for desktops since it will be optional in the bios. But the plan is on the next version of windows "windows 9" you could say that secure boot WILL NOT BE OPTIONAL on desktops.
That has been the plan all along on internal meetings, memos and even
Re: (Score:3)
Re: (Score:3)
Which they are. The ipad is a relatively young device. If you have an original model ipad, you're locked out of the current iOS release, and the older iOS releases are slowly becoming less and less useful. Give it n years and an original model ipad that has no other hardware defects will be rendered completely useless due to only being able to run an obsolete OS. This is NOT a good situation for computing to find itself in.
Re: (Score:3)
I don't know who was the money to buy expensive toys that the manufacturer leaves behind two and a half years later. I guess it is good that someone out there is willing to take the hit.
Re: (Score:3)
And where the fuck was RMS when Apple was doing the same to iOS for fricking years?
Free Software Foundation "Defective By Design" site, specifically highlighting the locked down nature of the ipad [defectivebydesign.org]. Not sure if it's directly steered by Stallman, but I'm pretty sure he's always been vocal about the evils of DRM in Apple products.
Crippled Hardware (Score:5, Insightful)
The Hardware is crippled for the sake of Microsoft. Period.
Secure boot is Microsoft's attempt to maintain computer OS market share as their influences is being stripped away by the likes of Google (Android) and Apple (iOS). With HTML5 on the way, we will have WEB based applications that rival desktop versions, and run on ANY device. The OS is just a layer to get to where the real work gets done, information exchange.
AND the worst part is, secure boot doesn't actually fix the problem it pretends it solves. It can't. This is the whole DRM of DVD's and BluRay all over again. Look at how well that is working out.
DRM is broken by design.
Re:Crippled Hardware (Score:5, Informative)
Re:Crippled Hardware (Score:5, Insightful)
Don't like it? Go into your BIOS and turn it off. The specification mandates that it have a disable option.
Yeah, and?
Windows 9 will probably make 'Windows Lockin' mandatory on x86 as it does on ARM, and it dramatically increases the difficulty of installing an alternate OS. No more booting Linux from CD and installing without even touching the BIOS.
Re:Crippled Hardware (Score:5, Insightful)
And when that happens, you will have a good reason to get upset. Until then it's just speculation.
Yes, you're right. Microsoft would never, ever even think of locking all other operating systems out of the PC market.
How could I possibly have been so stupid?
Meanwhile, back in the real world, the day you're locked out of all new PC hardware is a day too late to get upset about it.
Re: (Score:3)
Microsoft isn't about the "quick fix"... you think because it hasn't happened yet that they don't (or aren't secretly planning) to do the very thing we're complaining about? Technology will catch up with their mad aspirations, and the fact that it took 20 years doesn't mean they aren't going to do it. It means they are _still_ planning to do it. They have been slowly removing flexibility and freedom from their OS (and treating their users like dirty thieves)... now they intend to finish their scheme by sta
Re: (Score:3)
Because if they wanted to do that they've had nearly 20 years to do it. They aren't going to do it. It isn't feasible and their biggest problems aren't at the boot loader, it's the iPad and android devices.
On one hand, the iPad outsells Dell's entire PC line, so why should Microsoft really care about Linux's minuscule 2% desktop marketshare?
On the other hand, the popularity of tablets will allow Microsoft to escape all anti-trust regulators. So, if they want to hook their OS to locked-down proprietary hardware, they will be able to get away with it within a few years.
On the third hand, Linux has enough marketshare in tablets, workstations, and servers that slashdot-types will be able to get whatever hardware
Re:Crippled Hardware (Score:5, Insightful)
speculation true
Re:Crippled Hardware (Score:5, Insightful)
If I want to buy a Windows lockin computer to run Windows, that doesn't keep anyone from producing a product that can run any free os.
That is correct, but playing devil's advocate here... the market for such a product would be relatively small, and it would need to be purpose built for that market, and purpose bought.
The days of taking home a used PC from the office that had been retired and popping linux on it to play around would be over.
The days of dropping a live distro in would be over.
The days of buying a PC and dual booting linux would be over.
We would instead need to special order a linux capable product, and use it for that purpose. Its not the end of the world, but it would be the end of an era that would be greatly missed by those of us that care.
Re:Crippled Hardware (Score:5, Interesting)
Re:Crippled Hardware (Score:5, Interesting)
So when you get your MB (made in China), with a BIOS apparently coded in a rural part of China (have you seen BIOS lately?), and find it doesn't let you disable it...
What, exactly, is your recourse?
Coreboot [coreboot.org] is the only answer, and that's not going to happen while Microsoft (and probably Apple as well) isn't bankrupt.
Re: (Score:3)
Get hardware with a "certified for Win8" logo. MS requires that any such provide a way to disable secure boot.
Or do research on hardware you buy before you buy - a good idea in general.
Re: (Score:3)
AMD has actually committed to supporting Coreboot on their CPUs and chipsets.
Re: (Score:2)
Re:Crippled Hardware (Score:4, Informative)
The way I see it, if this were about the user, they would allow the user to change the key to whatever the user wants. Then you can sign your own OS.
We've known for a long time [wikipedia.org] that Microsoft wants to lock other OSes out of the hardware.
Re:Crippled Hardware (Score:5, Informative)
Don't like it? Go into your BIOS and turn it off. The specification mandates that it have a disable option..
No, no the specification does NOT mandate that it have a disable option. The specification simply does not prohibit providing such an option (for the moment at least). The motherboard manufacturer and/or BIOS makers are completely free to not provide a disable option if they so desire.
Whether the (lack of) option becomes common or not is another thing entirely, of course.
Re:Crippled Hardware (Score:4, Insightful)
If you don't know what a BIOS is, you probably shouldn't be changing what OS you're using.
Re:Crippled Hardware (Score:5, Insightful)
AND the worst part is, secure boot doesn't actually fix the problem it pretends it solves. It can't. This is the whole DRM of DVD's and BluRay all over again. Look at how well that is working out. DRM is broken by design.
That depends on what problem it is you think it pretends to solve. A computer made to only run signed code doesn't have the same fundamental weakness as DRM has where the private key has to be somewhere to decrypt it, nobody but Microsoft is going to have Microsoft's private signing key and unless they give you that option disabling the signature check is going to be extremely hard. Getting any other code to run - except user space code in Win8's application sandbox - will be as hard as cracking the Xbox360 or the PS3. I suspect that with a "boiling the frog" strategy the current document said people MUST be able to disable it on x86, the next one will say MAY and with a nudge and a wink to the OEMs it's going to end up at MAY NOT.
Re: (Score:3)
with a nudge and a wink to the OEMs it's going to end up at MAY NOT.
There will always be OEMs willing to ignore the "rules". For example, during the heyday of the DVD and Blueray players it was very easy to purchase one that ignored region codes, "user prohibited operations" and other such DRM nonsense and these "hacked" players remain available to this day. If demand exists the market will supply it no matter what the laws or rules say. Don't allow yourself to be ruled by silly laws; those who know don't care and those who care don't know.
Re: (Score:3)
I would have had first post! (Score:5, Funny)
But I couldn't boot into my OS.
The Right To Read (Score:5, Informative)
Richard's story, The Right To Read [gnu.org], has already sort of predicted this move.
Despite what people say about Restricted Boot, it opens up the world of computers to a whole new set of attacks... by megacorporations like Microsoft.
Re:The Right To Read (Score:5, Interesting)
Re:The Right To Read (Score:5, Funny)
That's only because the bad guys look at what he fears for some good ideas.
Now if only RMS had've patented his ideas :)
Agree with Stallman on this. (Score:5, Insightful)
I also can understand hardware requirements for a licensed OS, such a certain button layout, screen resolution, etc. Those make sense and ensure it runs as intended. The same way, Microsoft can make their own devices and lock them and it's their choice.
But manufacturers being forced by to lock the devices by the mobile OS supplier? That's abuse!. It's Microsoft abusing their desktop PC monopoly power, patents, etc. against the OEMs. What is MS afraid of, people installing Android or Ubuntu on their newly acquired devices?
Re:Agree with Stallman on this. (Score:4, Interesting)
Re: (Score:3)
That's exactly what they're afraid of. They don't want Windows to become known as part of the crapware you blow away to install a real OS on the device.
That's exactly how I think of it most of the time on servers and desktop machines.
Re: (Score:3)
I really do wholehearted agree, without reservation at all.
But also (you knew there would be a "but" didn't you?) I think we can demand anything we want (take it or leave it), such as serving the public good, if any of those manufacturers want the special favor of limited liability protection, an unnatural right.
I also think we can demand anything we want (take it or leave it) from those who want government-granted monopolie
Re: (Score:3)
No, *you* own the hardware - it was your money that payed for it. Stop buying into and repeating the corporate propaganda, that's why they can get away with this anti-social stuff.
Okay. Today it's news... (Score:2)
Yeah, and RMS was talking non-sense yesterday. What is the world coming to ...
Yesterday? I'm a big fan of RMS - since before the beard - but the day he doesn't talk non-sense will be news.
You're welcome.
S/BOOT is about taking people's freedom (Score:5, Insightful)
Let me explain ... me I just bought an wireless access point ... and I have no intention at all of using it
as an access point. I want a device with a set of excellent antenna's, great rx sensitivity and it has to
have monitor mode so I can capture raw 802.11 frames and I have to be able to make it send arbitrary
802.11 frames as well.
Yeah I found a great little device for doing just that ;-)
Thankfully this device is not locked down with a secure boot loader !!! I did have to open it up and access
the serial port on the board to load dd-wrt (an alternative linux distribution for wifi routers) but it was *easy*
and the chipset it has is a.) linux supported and b.) the chipset and the linux driver support monitoring
and injection.
IF SECURE BOOT COMES AROUND WE WONT BE ABLE TO DO THAT ANYMORE!!
If the router had had a secure boot scheme I would have had to first work hard on getting around that. JTAG. ... the ARM
Glitching, and in a few years from now even these techniques might not work anymore. In FACT
chips do have a jtag interface but now there's SECURE MONITOR MODE for jtag meaning you have to first
do a cryptographic challenge/response sequence before you get access to the chip via JTAG.
WTF!! I FUCKING OWN THIS BOX WHO THE FUCK ARE YOU TO KEEP ME FROM USING IT AS I SEE FIT, YOU SCUM!!
Anyhow here's the game plan that's been decided in the back room .... There will be secure boot on commodity hardware.
Vendors who are in the club will get their code signed easily. For a while small fries will also get their code signed for a
fee. The consumer will have the impression that there is still choice, Linux is not going to go away tomorrow, a signed and
authorized kernel will be available.
However, you will find that you're going to be locked out more and more out of your system. At some point you will not be sure
anymore what is running in the background and what backdoors are introduced into the system. You will have to trust a kernel
image that is given to you encrypted and that may contain all sorts of things.
It's the future they want. The ability to access/erase/modify your data, activate your microphones and video cameras, prevent you ... and they will detect that you tried and put you away.
from doing anything they don't want you to. Sure there will be exploits for a while and ways to regain access however limited or temporary
but as the game plan advances.. give it another 10-15 years at the rate tech is advancing and it will be VERY HARD TO IMPOSSIBLE for
YOU small fries to do anything about it. Maybe someone with millions of $$$ can hack their devices but you with a small salary will
not
Well that's their game plan .... Now YOU!!!! need to do something about it!!!
IT STARTS WITH SAYING NO TO ARM AND BROADCOM HARDWARE
IT STARTS WITH INFLUENCING BUYING AT WORK.
IT STARTS WITH GETTING RID OF THEIR STOCK
IT STARTS WITH CALLING THEM UP AND BUGGING THE SHIT OUT OF THEM
IT STARTS WITH EDUCATING EVERYBODY ELSE AROUND YOU.
Enough all caps. But yeah to drive the point home.
It starts with easy things and yes.. the way freedom is going away it may well end someday with a whole lot of violence, blood and tears ...
Enough. Think this one through. Do you want to spend the rest of your life with locked down ipads never sure if
they're watching you with it, too scared to type anything 'radical' into it, too locked down to do what you want
while the box has the 100x the power tech has to do but is using that to make your life hard and miserable???
Help me out here, I don't want this kind of future.
Re:S/BOOT is about taking people's freedom (Score:5, Insightful)
I agree with pretty much everything you said... But getting rid of ARM? What sort of stupid bullshit is that? The problem has *NOTHING* to do with the architecture and everything to do with Microsoft. Putting it into perspective - there is not a single ARM device that you can buy today that has UEFI... And somehow the problem is ARMs' fault?
I guess perhaps the mindset of the embedded industry who don't think that proprietary blob drivers are a bad thing (hey, nobody but us will ever update the software!) is partly to blame. Yes, most of these companies use ARM, but it still has nothing to do with ARM.
Good for Stallman (Score:5, Insightful)
Just warm boot after boot (Score:3)
Cant the entire kernel go into a BIOS? (Score:4, Interesting)
This about tivoization not anti-trust. (Score:4, Interesting)
Let me clarify what some people are saying about how Microsoft can't demand locked BIOS because of anti-trust laws.
They are wrong. MS can demand secure boot. As long as there is a way for other comercial companies to get into this scheme, they can't be accoused of monopolizing the market.
And why would they? Secure boot won't prevent Google from releasing another TV OS. Won't prevent Apple from selling more iPads, won't even prevent System 76 from selling Ubuntu. But your S76 laptop won't have the DRM hardware module to run Netflix and your PVR that does have it won't install another OS.
Freedom will be isolated to specific machines to be easily ignored while all useful applications will be restricted to a "safe zone". That is, safe from user's freedom.
Re:You know what you're getting (Score:5, Insightful)
It's not that simple. Many users don't know what UEFI or Restricted Boot are. If they see a Certified for Windows 8 logo on a computer when they're buying it, they don't know that means extra restrictions for them.
Not everybody cares about computers, which is why Restricted Boot is so bad.
Re: (Score:2)
Many users don't know what UEFI or Restricted Boot are.
Then what are the odds that those users will ever want to install another OS besides Windows?
Re: (Score:2)
It depends on what restrictions are added later. Most people don't realize how important their freedom is until after it's gone.
Re: (Score:3)
This is blatantly false. No PC boots from the CD by default. You always have to change the setting.
Weird. Mine do and always have.
Re: (Score:3)
No. Most computers allow the user to press a key (ESC, F12, or other) to boot from another device without going into BIOS
Shackles (Score:5, Insightful)
If Microsoft got what it demands, that ARM devices that runs Win 8 be permanently locked, then the only option that I have, as a consumer, is to NOT BUY THAT DEVICE
No point of supporting dictatorial regime, be it political dictatorial, or hardware dictatorial
Re:Shackles (Score:5, Insightful)
Of course, the salesdroids would point the finger squarely at ARM, should the sales numbers not measure up.
Voting with your wallet only works correctly if the fallout falls in the right place.
Re:Shackles (Score:5, Insightful)
Re:Shackles (Score:5, Insightful)
Windows RT-exclusive application (Score:4, Insightful)
the only option that I have, as a consumer, is to NOT BUY THAT DEVICE
There is no way to run Windows RT applications if you do NOT BUY THAT DEVICE. What do you recommend for people whose job involves running a Windows RT-exclusive application? Or do you expect such applications not to exist?
No point of supporting dictatorial regime, be it political dictatorial, or hardware dictatorial
Tell that to anybody who has ever bought a video game console.
Re:Windows RT-exclusive application (Score:5, Interesting)
Re: (Score:3)
Buy an x86 tablet or ultrabook with a secureboot implementation that is required to be unlocked.
Will these be able to efficiently emulate applications distributed in the form of ARM machine code? That's what I meant by "Windows RT-exclusive". For example, someone who reviews Windows RT apps for a living would need to run Windows RT apps.
Re: (Score:3)
Re: (Score:3)
Re:Windows RT-exclusive application (Score:5, Informative)
I'd be quite surprised to see one. The only API that Microsoft allows third-party developers to use on Windows RT is WinRT (well, and web apps of course). Although it is possible to write native apps using WinRT, the dev tools make it very easy to compile those apps for multiple architectures (ARM for Windows RT, x86 and x64 for "normal" Win8). So, unless somebody intentionally limits their market share to Windows RT only, for absolutely no benefit to themselves, I really don't expect to see Windows RT-exclusive apps at all.
Besides, most people will probably write WinRT (Metro-style) apps using a managed language, like C# or Javascript. That gets you compatibility with both Win8 and Windows RT without even the trivial hassle of recompiling.
Re:Shackles (Score:5, Interesting)
It is even worse than that - if it is wont be possible to change the certificate on a machine and that certificate get compromized, then it means there is no security anymore neither... The device is now junk after maybe one month of owning it. You need a new device regardless. And dont tell me you have not heard of the certificates for BlueRay and so on being compromised...
The alternative - Microsoft can remotely update the certificate, but that also mean any remote attacker who break the key can change it... Again, no security... The only way to make it secure in the long run is to allow users change the key when needed.
Re:Shackles (Score:5, Informative)
It is even worse than that - if it is wont be possible to change the certificate on a machine and that certificate get compromized, then it means there is no security anymore neither... The device is now junk after maybe one month of owning it. You need a new device regardless. And dont tell me you have not heard of the certificates for BlueRay and so on being compromised...
BluRay players have a private key to decrypt that can be compromised. Secure Boot only has a public key to verify so it can't be compromised, there's no secret.
The alternative - Microsoft can remotely update the certificate, but that also mean any remote attacker who break the key can change it...
No. If Microsoft was to be hacked and their signing key compromised - a pretty heavy feat of hacking in itself, they'd pull out their root key and revoke that key then create and sign a new signing key. This is PKI 101, you always have a root key for situations like this. Of course if their root key was compromised they're fucked, but that one is deep in a vault deep in the bowels of Microsoft and the only place it'd come out would be in a secure facility to sign a new signing key.
Re:Shackles (Score:5, Funny)
FTFY. The root key wants to be found.
Re: (Score:3)
and hopefully they don't repeat the recent mistakes that allowed malicious software to be signed by a MS certificate. MS doesn't do PKI very well.
Re:Shackles (Score:4, Funny)
Re:Shackles (Score:5, Interesting)
Funny you should mention blu-ray. I just bought a blu-ray player and the Firefly blu-ray discs (full series plus the movie). The player and the discs were such a PITA to use that I returned everything as defective. The fact that the player also skipped when playing regular DVDs was bad, and the ridiculously bad user interface and slow load times, and hopelessly slow and useless 'web interface'.
But the fact that one has to sit through (feels like) 10 minutes of WARNING COPYING IS EVIL messages at the start, and another 10 minutes of WARNING COPYING IS EVIL at the end OF EACH EPISODE, IN FOUR DIFFERENT LANGUAGES was beyond the pale. AFAI am concerned, this ridiculous waste of my time constitutes a defective product. So, no more blu-ray for me, and $200 of lost sales for the vendors - not to mention that Samsung will have to repackage the player for resale.
For perspective, had I kept the blu-ray it's likely I would have spent $300 over the next year on videos. And I need a big screen TV, preferably with passive 3D (I happen to like 3D). So that's a total of about $1500 in lost sales - sorry folks, get your act together. Until I can watch a 3D blu-ray movie on a device of MY choosing, _at least_ as easily as I can watch a DVD now (preferably easier), my money will stay home.
I had read the various complaints from /.ers and others about the problems with blu-ray, and now I have experienced them first hand. I'm no pirate - the only videos I've downloaded have been from archive.org, and authorized ones. But I was sorely tempted to buy a blu-ray drive for my desktop (which I was going to set up with MythTV anyway) and rip the Firefly discs. I would have even kept them, if I could watch the stupid things without so much hassle. They've actually made watching a movie in your own home a bigger hassle than driving to the theatre (in my case a 40 minute drive, and paid parking to boot).
I wonder if a class action suit against the media companies regarding the lack of usability and lack of fair use would succeed.
In any case, this UEFI thing appears to be the first step in destroying the personal computing device market and turning it into a monopolist's dream, following the blu-ray debacle. If all else fails, I'll just spend the time on my sailboat, and exude feelings of pity for young whippersnappers who are growing up with no alternative to being 'sharecroppers' for the media.
Re: (Score:3, Informative)
I don't believe that ripping your own BRD is illegal, this is well-established practice and nobody can seriously complain about it.
Anyway, if you are on OSX, there is no other way than ripping the BRD if you want to watch them.
I don't believe you've met the DMCA. Ripping a DVD or BluRay is illegal.
Re: (Score:3)
http://www.neowin.net/news/us-government-makes-jailbreaking-unlocking-and-ripping-dvds-legal [neowin.net]
http://money.usnews.com/money/business-economy/technology/articles/2009/09/30/is-it-legal-to-copy-a-dvd [usnews.com]
What's illegal, again? If you do it for noncommercial use (such as making a backup to your hard drive) it's perfectly legal.
Welcome to several years ago. Do try and catch up.
Re: (Score:3)
Neither article that you listed says that is legal to break the copy protection for the typical user. The Neowin site lists 4 exceptions, none of which seem to apply to copying media unless you are a teacher. The other exemptions are to locate security flaws, jailbreak a phone to go to another service provider or bypass the need for a dongle. None of which seems to apply. The usnews report specifically says that it illegal to break the encryption protecting dvd's and blueray although cdroms without sec
The elephant in the discussion (Score:5, Insightful)
If Microsoft got what it demands, that ARM devices that runs Win 8 be permanently locked, then the only option that I have, as a consumer, is to NOT BUY THAT DEVICE
No point of supporting dictatorial regime, be it political dictatorial, or hardware dictatorial
The elephant in the discussion is the iPad, an ARM based device with a locked bootloade. No one wants to talk about making it illegal, only Windows RT tablets must be outlawed, Apple is free to do whatever they want. Say you bought an iPad on Slashdot, automatically get +5 for not choosing a PC with Windows. But guess what? Apple bans Firefox from the iPad while you can even install Linux on a PC.
Re: (Score:3)
No-one wants to pay the Apple tax so they can run Linux on an iPad. Windows tablets would be the cheap end of the market where installing another OS is a sane option... except Microsoft are prohibiting that.
cheap end of the market ? (Score:4, Interesting)
> Windows tablets would be the cheap end of the market
There seems to be the idea that:
Apple desktop = expensive. Windows PC = cheap.
Therefore:
Apple tablet = expensive. Windows tablet = cheap.
There is no evidence for this, except contrary evidence that Windows XP and 7 Slates were more expensive than iPads by quite a margin. In fact the unwillingness of OEMs to build Windows 8/RT tablets leading to MS having to build their own Surface seems based on the fact that they (OEMs) could not build any that would be competitive pricewise with iPad given they would have to give MS $80.00.
MS may well have to subsidize Surface, they will _not_ be cheap.
With x86 tablets, they will be even more because the i5 is way more than an ARM SoC.
Re:The elephant in the discussion (Score:4, Informative)
No-one wants to pay the Apple tax so they can run Linux on an iPad. Windows tablets would be the cheap end of the market where installing another OS is a sane option... except Microsoft are prohibiting that.
Except that Android tablets are the cheap end of the market (well, some of them are), and already ARE Linux.
Re: (Score:3)
Re:The elephant in the discussion (Score:4, Insightful)
I got a neat "rotten Apple" sticker from the FSF that begs to differ with your sentiment about Stallman... "and his ilk."
He's right (on this he is VERY right and not off in the weeds with the details like some other things he talks about), and ARM is just solidifying the already convicted company of trying to do an end-round on the market to lock people into their OS and their OS alone. It bit them in the ass once, and now they're trying a different tactic... crippling the hardware.
Sorry, there's nothing "Anti-MS" about this news. It's MOTS from a company (like Apple) that has been fucking us in the ass for years. Thank FSM for Stallman and Linus Torvalds. I refuse to use Windows and I refuse to allow general purpose computing hardware to be compromised so Microsoft can play catchup to its competitors by locking down hardware. The fact that I can rip out my stupid Windows license and install Linux after I unpack my PC is one of the reasons I've not taken a pitchfork to Bill Gates' and Steve Ballmer's collective scrotums. What I would really like to do is take a dump in an envelope and mail back my Windows Recovery CD to Ballmer's office, C.O.D. When they perfect the lockdown on ARM, who doesn't honestly (and with a straight face) believe they won't be doing the exact same thing to x86 platforms? Hmm? If anyone believes that the venerable PC is safe from Microsoft's disease has been asleep for the last 20 or so years...
Re: (Score:3)
It's not necessarily even that; back when I was working for a hardware company we had to get the 'designed for Windows' (or whatever it was called) logo because if all the hardware in an OEM machine had the logo the OEM got a discount on Windows. A hardware manufacturer without the logo would have to sell for substantially less to get OEM deals.
Re: (Score:3)
What's more, when Windows pukes on itself and the non-power user takes it to "my computer friend" who proceeds to want nothing more to do with it since no rescue discs will work... They are gunna be pissed.
If so much as a hint for a recommendation on their next machine is mentioned, said computer geek will strongly say anything but this.
It's not just us who will end up not buying the things but everyone else, as people tend to remember getting burned on a bad purchase.
This is the very market Microsoft is t
Re: (Score:3)
What's more, when Windows pukes on itself and the non-power user takes it to "my computer friend" who proceeds to want nothing more to do with it since no rescue discs will work
There should be less need for a "rescue disc" with the "refresh" feature of Windows 8 [pcworld.com]. It wipes the Windows folder and reinstalls any Metro style applications obtained from the Windows Store.
When Windows pukes on itself, it's often not bootable so accessing the "refresh" feature may not always be possible.
Re: (Score:3)
How? Is not the user free to make the decision whether or not to purchase the product? Yes he is.
Why, yes. Instead of buying a $50 'made for Windows' motherboard they'll be able to buy a $1000 'made for Linux' motherboard with is exactly the same hardware with the 'Windows Lockin' disabled.
No discount for bringing your own phone (Score:2)
You can buy a locked cell phone for "$50" with a 2-year service commitment at $60/month, or the same phone unlocked for $500. The unlocked phone is of course a much better deal most of the time.
Unless the month-to-month service is also $60 per month.
Re: (Score:3)
Re:How? (Score:4, Interesting)
Any time I see a response to the tune of "... so and so is free to make a choice about such and such", I also think that there is no such thing as "free to choose" if one does not/can not/will not understand the finer details involved in that choice.
I can only freely choose to not buy this if I understand what does and does not work and how it can/will impact me. Most typical computer purchases are not made with this level of understanding.