OpenBSD's De Raadt Slams Red Hat, Canonical Over 'Secure' Boot 391
An anonymous reader writes "OpenBSD founder Theo de Raadt has slammed Red Hat and Canonical for the way they have reacted to Microsoft's introduction of 'secure' boot along with Windows 8, describing both companies as wanting to be the new Microsoft."
IIRC - Theo (Score:4, Interesting)
Isn't Mr. De Raadt known for being a bit... shall we say, "pointed" on these sorts of things?
So what's the plan, Theo? (Score:4, Interesting)
Ok, Theo, let's hear your solution then. I, for one, would really love the ability to secure boot a Linux system, knowing that every component is still exactly as it was when I last checked it and nobody has sneakily installed malware that secretly emails spam to all my friends and my financial details to carding sites. Trusted hardware root and signed executables are good things. So tell us then how we are supposed to get them? You obviously do not believe that we should be using Microsoft's key to sign the bootloader. What should we use? Keep in mind that while you have no difficulty installing your own keys in the BIOS, to a typical user (you know, those poor shmucks who get infected most often) that's deep voodoo. Also keep in mind that while Microsoft has the pull to get its key loaded by default into all the TPM chips manufactured, Ubuntu does not. Neither does BSD.
This stinks! (Score:3, Interesting)
Re:A bit over the top (Score:4, Interesting)
Desktop and laptop PCs are still 88% dominated by the Microsoft OS. Requiring other OS makers to buy a license from Microsoft is very clear evidence of using their monopoly power to stifle competition. Opera won their lawsuit in the EU with lesser charges. (MS didn't block Opera... just made it difficult to compete against the free OS-embedded IE.) In this case MS is actively blocking Chrome, Ubuntu, Kolibri and other OSes.
I guess I just found another reason to buy a Win7 PC instead of the Win8 version with blockeboot.
Like RMS, Theo De Raadt is right when everyone (Score:5, Interesting)
else is wrong.
Sadly, MS has the power to take control of our computers away from us --and with secureboot they're doing exactly that. This is a direct attack on personal computing and the freedoms of the end-user to control the software on their computer.
RMS and Theo De Raadt are both right on this --but neither one of them has the influence needed to avert this attack, so it doesn't matter.
The era of personal, general-purpose computing is over.
Re:Expected (Score:2, Interesting)
I've posted exactly one thing on the OpenBSD mailing list (I forget what... something technical and innocuous anyway) and I've been flamed by Theo De Raadt. I think you could make money selling T-shirts that said, "I've been flamed by The De Raadt". I've got a lot of respect for what he's accomplished, but flaming seems to be his customary mode of interaction.
I've also, on occasion, had the opportunity to interact with RMS via email. He has always been extremely generous with his time, gracious and polite, even when he disagreed with me. The guy takes a lot of heat for having strong views, but he genuinely seems like a really nice guy.
Really, I can't imagine two people who are more different in character.
Theo ranting, film at 11 (Score:5, Interesting)
Theo, ranting, is why he got kicked off the NetBSD project. Theo, ranting, is why OpenBSD's drivers for Broadcom chipsets stink. (Look up how the original author tried to resolve the licensing problems of sticking his GPL drivers in an OpenBSD kernel and was ignored, then screamed at by Theo for making the issue public.) Theo, ranting, is why OpenBSD doesn't properly handle booting from software RAID. Theo, ranting, is why the OpenBSD installer works like the UNIX crap I learned to loath back in 1985 and can't store the state of what you've already selected or go back, you just have to start over from scratch. Theo, ranting, is why OpenSSH has no built-in support for chroot cages. Theo, ranting, is why OpenBSD has no virtualization server capability. Theo, ranting, is why OpenSSH still stores both host keys and by default, user private keys in clear text with no expiration, and has no plans to fix this. Theo, ranting, is why the "compatiblity chart" is a list of chipsets that don't match the actual chipsets published by the manufacturer, and usually are from chipsets at least 4 years old.
Theo, ranting, usually means you're doing something right for your actual client base rather than for his ivory tower. There's a reason OpenBSD is used only by fanboys who run it on "hobby" systems and don't get any work done. And yes, I've dealt with the crap for years: I *wrote* the first SunOS ports of SSH-1, SSH-2, and OpenSSH. (Theo's fan club did not write SSH: they ported Tatu's previously GPL work into OpenSSH, and screwed up the license. Surprisingly little of the actual codebase is due to OpenBSD hosted development.)
Illogical ad hominem attack != valid debate (Score:0, Interesting)
I feel bad for anyone who has to engage him in real life, and fear something Reiser-like happening in the future. This controlling, manipulative attitude coupled with periodic violent outbursts indicates a deep-seated mental health issue that has gone unchecked for far too long. If you are an OpenBSD developer, watch your back!
So it's better to do PROZAC till you uncork\go postal! Quit trying to play psychiatric science professional - you're not qualified to do so for one thing. Your other example of him allegedly taking over the router of a naysayer made me laugh actually. Why?? First it's unsubstantiated anecdotal b.s. until you supply a citation and proof backing it. Secondly, I also suspect the person it happened to may have had it coming for one (probably a flamer who thought himself untouchable online and quite possibly started with DeRaadt). So, if it happened at all that is, it also shows he wasn't very technically competent from a security standpoint either or it would not have happened to him.
Lastly, as far as verbal assaults - your current blatantly illogical attempt at discrediting a guy based on anecdotal unsubstantiated statements and ad hominem attacks from yourself don't go very far here either. Especially since I doubt you've done 1/10th of what DeRaadt has in the science of computing. I wager I am so right here you won't be able to show you've done more than he has of good repute.
Nobody can tell me that people like yourself, that act the meek worm online with innuendo and implications with no backing is now playing psychiatric pro (which you clearly are not) is not the worst offender of all via implication and innuendo possible.
Get over yourself Mr. Shrink. You aren't one.
Re:A bit over the top (Score:4, Interesting)
Who? [bbc.co.uk] What? [theregister.co.uk]
Re:A bit over the top (Score:4, Interesting)
What about ARM?
What about it?
Microsoft doesn't have a monopoly in ARM devices (tablets and smartphones). Their competitors in Apple and even many Androids have restricted boot to their signed binaries.
We all agree that its not the situation we want, and we all agree we should demand the right to the keys to our devices (which we currently have on x86).
But it is absurd to suggest Microsoft is abusing its monopoly position in the ARM device market.
Re:1 thing I admire about him (Score:2, Interesting)
People like to throw 'ad hominem' around way too much, because it sounds all clever, I guess. It doesn't work all the time.
An 'ad hominem argument' is an error when you're formally debating a specific argument with another person, and you try to win by attacking the person. 'You say that this apple is green, but I say that you smell and your mother is French, therefore the apple is red and I win!' That's a true case of an 'ad hominem argument' which is flawed.
You can't just go around yelling 'ad hominem' every time anyone says something bad about another person, though. AC's whole point, such as it is, is that he stopped being involved with OpenBSD because he thinks Theo is a dick, and he encourages other people not to get involved in OpenBSD because he thinks Theo is a dick. You can't really lob 'ad hominem' at someone, as if it means something, when their entire _point_ is that a person is being a dick. You have to actually engage with the argument that the person is a dick, and try to contradict it.
Re:So what's the plan, Theo? (Score:3, Interesting)
Re:A bit over the top (Score:5, Interesting)
It increases the cost of business for Canonical/RedHat to negotiate with all the OEM manufacturers and get them to include their key.
If you're Microsoft and already have deals with all OEM manufacturers, the cost may be negligible, but if you're Canonical/RedHat and your OS comes pre-installed on less than 1% of desktops, it may not be practically possible.
This is true for anyone who wants to enter the market for desktop operating systems and potentially compete with Microsoft. In economical terms, the SecureBoot system raises the barrier of entry for the desktop OS market.
Because of Microsoft's history of anti-competitive behaviour, I'm also worried about what they'll do next. Once they have control over the SecureBoot system, they could work to make it mandatory, citing piracy as reason. They could also pressure the OEM manufacturers, inofficially, to say "no" when a competitor asks them to include their OS keys. They could make it slow and costly for competitors to get new OS versions signed. Smaller Linux versions, without the backing of a corporation, won't be able to afford signing or getting OEM manufacturers to include their keys.
I don't know what'll happen, but having control over SecureBoot seems like too much power to place in the hands of any company.
Then there's the risk that the state will abuse the system once it's in place. SecureBoot controls what OS can be run, and the OS can control what software can be run, using a system of checksums and signing keys. In fact, the technology for that is already in place in Windows Vista onwards, but for the moment, you only get a warning when you try to run an unknown executable. If the state decides to outlaw certain software (such as encryption, hacking tools or P2P file sharing programs), SecureBoot combined with Windows enables them to enforce that law. If that ever happens, it'd be very good for Microsoft, since it severely reduces competition in the OS market, and gives even more power to the company who handles the signing of their competitors' OS:es.