UEFI Secure Boot and Linux: Where Things Stand 521
itwbennett writes "Assuming that Microsoft doesn't choose to implement Secure Boot in the ways that the Linux Foundation says would work with Linux, there 'will be no easy way to run Linux on Windows 8 PCs,' writes Steven Vaughan-Nichols. Instead, we're faced with three different, highly imperfect approaches: Approach #1: Create UEFI Secure Boot keys for your particular distribution, like Canonical is doing with Ubuntu. Approach #2: work with Microsoft's key signing service to create a Windows 8 system compatible UEFI secure boot key, like Red Hat is doing with Fedora."
itwbennet finishes with: "Approach #3: Use open hardware with open source software, an approach favored by ZaReason CEO Cathy Malmrose." When you can't even use a GPLv3 licensed bootloader to boot your system, you might have a problem. Why is everyone so quick to accept the corpse of TCPA in new clothes?
Approach no. 4 - Do nothing (Score:3)
Just wait for a while. System admins will find it very difficult to install Enterprise Licensed Windows licenses. MS will be forced to cave in, and provide easy mechanisms to do that for early adapters. Just use whatever technique the local PC vendor guy recommends.
Re:Approach no. 4 - Do nothing (Score:5, Interesting)
WHAT?!? Secure Boot will do nothing to impede enterprise Windows users. You'll either use Windows8/2012 and have a signed boot loader or use 2008R2/7 and disable secure boot. Btw it would also do nothing to impede enterprise Linux users either, they'd either use a commercial signed distribution or build their own and have the build process install their keys into the TPM chip (trust me, enterprises already deal with crypto from internal PKI to external SSL to drive encryption).
Re: (Score:3)
Secure Boot will do nothing to impede enterprise Windows users.
Most enterprises are still on XP; so Secure Boot has to be disabled or bypassed in millions of corporate desktops. If hw mfrs try to shove Windows-8 and above only PCs to the Corporate segment, nobody will buy them. Either way, I don't see Secure Boot as a viable option for PC mfrs.
Re:Approach no. 4 - Do nothing (Score:4, Interesting)
Why does this keep popping up? XP won't even boot under UEFI.
Re:Approach no. 4 - Do nothing (Score:4, Insightful)
If you're turning off UEFI, why are you worried about secure boot?
Re: (Score:3)
Re: (Score:2)
Yeah, because it departments are know for implementing the most sane and practical solutions for every problem, not the one that advertised itself as the only one available and take cto to dinner.
Man, I'm glad that means my it dept will drop exchange soon..
Re:Approach no. 4 File complaint to D.O.J. (Score:5, Insightful)
If this is not an example of Microsoft's monopolistic practices i don't know what is.
Re:Approach no. 4 File complaint to D.O.J. (Score:4, Insightful)
Oh and btw, doesn't Apple also restrict what boots and how? to make sure you ONLY buy Apple hardware? Yep, MS keeps 90% of the market, can and WILL dictate to the OEMs how to build their machines, and there is nothing anyone can do about it, thanks to Apple's efforts.
And top it off, MS is getting more into the hardware market, and controlling the software sales channels, they want to be just like Apple. I can't wait to see how it comes out. My guess is both MS and Apple will end up being losers, and guess what, linux will still be a loser also. Something new will come along, dictated by ATT and the Olympic comittee, and the 99% will still be whining about how the 1% controls everything. Nothing will change.
Re:Approach no. 4 File complaint to D.O.J. (Score:5, Informative)
First off Apple's share of the desktop market in the USA is 8-12% which is about where it was when Microsoft was considered a monopoly. Microsoft's defense at this point might be the existence of a tablet market where they have no presence. But even if one does include tablets Windows still far outsells iOS and OSX combined. Apple targets profitable customers not marketshare.
As for Apple restricting boot. No they don't. In fact they produce and support a multi-platform bootloader for their computers: http://www.apple.com/support/bootcamp/ [apple.com]
They also work with parallels and VMware to help people load virtual images of windows.
Apple doesn't mind in the slightest if you buy their hardware and then run someone else's OS on it.
On their iOS devices, iTunes allows you to put any BIOS image in you want.
Re:Approach no. 4 File complaint to D.O.J. (Score:5, Informative)
First off, learn manners.
Now for lurkers:
start iTunes on your Mac and hold home- and on/off-button on the iphone. connect mac and iphone and keep holding the buttons on the iphone.
the iphone boots in restore-mode, itunes opens up the restore dialog. release the two buttos on the iphone.
hold option-key on the mac and then press "restore" in iTunes. Dialog pops up asking for the firmware to use then point to the new file and you are set.
_________
And of course Apple lets you install apps on iOS without their approval. They don't let you distribute them widely without their approval. But you can install anything you want using iTunes.
Re:Approach no. 4 - Do nothing (Score:5, Interesting)
I can't imagine how one word of that would be inaccurate.
Re:Approach no. 4 - Do nothing (Score:4, Interesting)
Nokia N900 - Commercial, retailed phone, fully open bootloader.
But, your point still stands.
That being said, I fully expect the "unlocked" bios-emulation mode to be around for at least 8 years, if not more - corporate needs XP support. However, the lock would actially be a /good/ thing... if we can install our own keys.
I'm hoping for that sort of support, so corporate IT could sign particular versions of files and/or bootloaders and lock things down. Seems like a step up, there, so long as the accepted key list is editable.
Re: (Score:3)
I can even cite precedent on the realism level of my assessment. A decent amount of customers want to overclock their computers. I've never, ever seen a motherboard from any manufacturer like Dell or HP or Acer that lets you overclock it. It's a
Re:Approach no. 4 - Do nothing (Score:5, Insightful)
More than XP, I am thinking different flavours of Windows 8. System admins need to wipe off the OEM stuff and install their Enterprise License stuff on new kit. That could be a different flavour of 8 or earlier versions of the OS as well. If they can't do it, they will simply ignore Windows 8 and wait for the next version that removes the restriction of Secure Boot.
Re:Approach no. 4 - Do nothing (Score:5, Interesting)
System admins need to wipe off the OEM stuff and install their Enterprise License stuff on new kit.
Most corporate desktop admins are far happier if the machine can be deployed with less mucking around. Just unboxing 1200 new machines is a pain in the ass... if they also have to reimage and reconfigure each new machine (actually easier and more streamlined than unboxing these days, but nonetheless, extra time, extra money they'd rather not spend), they'll not be so joyous, and everything slows down.
If they can't do it, they will simply ignore Windows 8 and wait for the next version
Half right... because this, basically, is wise. The other half is they will harden what they have. Microsoft early adopters and fanbois notwithstanding, Microsoft has done nothing to increase the productivity of the office worker since XP/Server 2003/Office 2003. The pitfalls of XP are well known and huge incident databases have been built: nothing can break that doesn't have an immediate fix. Seven and even Vista is still in the early stages of figuring out all the solutions of all that can and does go wrong. I think any large or medium sized corporations still on the 2003 paradigm are fine and well under the budget expendature of those idiots that needlessly and irrationally raced to upgrade as long as they are in a rotation of reimaging every XP machine every 4-6 months... if their network infrastructure is resilient to the trouble users can get into, they may never need to upgrade these to new systems until the physical machines and their components cease to function.
Re:Approach no. 4 - Do nothing (Score:4, Interesting)
Most corporate desktop admins are far happier if the machine can be deployed with less mucking around. Just unboxing 1200 new machines is a pain in the ass... if they also have to reimage and reconfigure each new machine (actually easier and more streamlined than unboxing these days, but nonetheless, extra time, extra money they'd rather not spend), they'll not be so joyous, and everything slows down.
If you are deploying 1200 new machines Dell or HP or whoever will most likely gladly pre-install your corporate OS image for you. There will be an additional cost for doing so but it's usually much less than having your own desktop support staff doing it.
Re:Approach no. 4 - Do nothing (Score:5, Informative)
Re:Approach no. 4 - Do nothing (Score:4, Insightful)
People are not as productive with XP/2003 and I dispute that claim. When you have computers that take 8 minutes to be responsive to start up, or inactive for 3 hours every Tuesday due to McCrappy doing a scan limiting 1 app open at a time, can't find files in a share with 10,000 files, help desk putting out fired with rootkits and viruses all day that eats up into productivity.
Sure your friendly beancounter accountant only looks at cost but it is always assumed workers are just as productive regardless of time and equipment.
A modern Windows 7 environment you have instant search and can find things like Acme corp sales distribtion 2008 within seconds! The calls for malware go down in half. Your systems do not have Windows rot and get all sluggish. To boot your computers go into sleep mode and you can save millions or at least hundreds of thousands in energy costs.
Your workers can use more functions in Office they didn't know where there either. Sorry ribbon haters but studies show otherwise and after 1 month of using it you will not want to go back. I can just use my keyboard now with Win 7/Office 2010 and hardly use the mouse as much with instant search and the using the numbering shortcuts with the ribbons. It rocks on a laptop too.
Your workers will be spending more time working and getting things down. You really need to sell yourself better at work rather than kiss up with the cost accountants.
Comment removed (Score:5, Interesting)
Re:Approach no. 4 - Do nothing (Score:4, Informative)
Most corporate desktop admins are far happier if the machine can be deployed with less mucking around. Just unboxing 1200 new machines is a pain in the ass... if they also have to reimage and reconfigure each new machine (actually easier and more streamlined than unboxing these days, but nonetheless, extra time, extra money they'd rather not spend), they'll not be so joyous, and everything slows down.
This isn't even slightly true. Already every corporate re-images every desktop they get because they all come with Windows 7 and their 12 year old Line of Business apps are all certified for Windows XP only. I know for each of our 15000 or so desktops, every one of them gets attached to the network and the first thing that happens is a tech hits F12 and whacks in the provisioning admin credentials to kick off the otherwise completely zero-touch imaging process. I don't know where you get the idea that it's extra time or that configuration is necessary. Deploying Windows over the network can be done with zero intervention.
Re: (Score:3)
Except for the fact that it never works.
When I still had an XP machine here, I would use it to search my main machine over the network, because it was faster and actually found things.
Now I use an app called Everything.
approach #4 (Score:4, Funny)
Re:approach #4 (Score:5, Informative)
if ntldr is modified, it won't pass the hash check and the UEFI loader won't execute it.
Re:approach #4 (Score:4, Insightful)
Aproach #4 (Score:5, Insightful)
Lawsuit?
Re: (Score:3)
Lawsuit?
Well that or anti-trust, since this is clearly anti-competitive.
I can accept something like a Mac being locked down, to a certain extent, since it is Apple hardware with Apple software - though I don't believe they prevent you from installing other operating systems? Generic PC hardware not at all, since this is third party hardware, with Windows being an add-on. If Microsoft wants hardware this locked down to run Windows, then they should sell their own hardware.
What I would like to see is being able to di
Restrict Government PC Purchases to Open Hardware (Score:4, Interesting)
It seems like the obvious way to block this type of stuff is to pass legislation requiring government agencies to only purchase PCs that are free from such encumbrances. The state and taxpayers benefit from keeping their OS options open on new computer hardware and more importantly they represent a large enough percent of total sales to actually get a proper response from manufacturers.
Secure Boot won't catch on (Score:5, Insightful)
Approach #4: ignore UEFI Secure Boot. It's a blunt solution to an obscure problem. More importantly, it's such a huge pain in the ass, not just for Linux but for ALL system integrators, that anyone actually preventing the user from disabling Secure Boot will end up limiting their own marketability. Two things will happen:
1. It will be relegated to tiny niches where security trumps usability
2. It will be cracked
This is not an either/or. Both things will happen. This whole fiasco is nothing but a huge waste of time for everyone involved.
Re: (Score:3)
Re:Secure Boot won't catch on (Score:5, Informative)
In the past, I would have agreed with you, but hardware DRM is getting pretty good:
PS3s took almost five years to get cracked, and new PS3s are immune to any holes in them that were used by GeoHot to bust the thing open in the first place.
Satellite TV has not seen any cracks since the patch several years back which completely fried any "master key" cards.
The iPhone 4s is barely jailbroken with only userland available. This is with the best minds in the world working on cracking the thing.
Most Android phones still have locked bootloaders, which nobody has yet been able to get. Newer Android phones actually have a daemon that looks for root process signatures then "bricks" the phone if found until the firmware is reflashed... and with some devices, the reflash is not available to the public.
So, even though hardware might be in the user's physical control, it nowhere near belongs to the user.
Re:Secure Boot won't catch on (Score:5, Insightful)
We used to call them "general purpose computers"
We dropped the "general purpose" part at some point, because it seemed redundant at the time.
Now maybe we need to bring back this term.
These machines you are talking about are not "general purpose" computers at all.
It once again goes to show that the Microsoft slogan is "Where do you want to be taken today"
Re:Secure Boot won't catch on (Score:4, Funny)
"Guess where we'll be taking you today."
Re: (Score:3, Informative)
This is _not_ DRM, its a security implementation to prevent malware from writing to the boot processes and preempting any possible Operating System security. It does seem a bit like we're trying to right the leaning tower of pizza with a bomb on the low side to see if it will right itself again!
I'm sorry to be so obvious but this needs to be kept far away from the association of DRM.
Here is a rather awesome talk about UEFI and RedHat's work on it. Basically his experience was its very buggy and there are a
Re:Secure Boot won't catch on (Score:5, Insightful)
PS3s only took about 5 months to be cracked. They were initially untouched because they provided people what they wanted: The ability to boot linux. Once the feature was taken away, it was cracked in very little time at all.
And the new PS3s are "immune" not due to anything other than harassment of GeoHot by sony. We'll never know if this is true though, because he's barred from ever touching anything branded by Sony ever again.
And pretty much all Android phones have the bootloaders completely bypassed with 2ndinit.
Satellite, you've got me on, because I haven't had any interest in.
Re: (Score:3)
Also not cracked: DTCP which, for a good number of years, protected (and still does) the Firewire output of cable set top boxes. Firewire is falling out of favor fast, but DTCP still hasn't been cracked, and I'm pretty sure that goes for newer non-firewire implementations such as DTCP-IP.
And don't forget HDCP which protects HDMI connections between A/V devices. The master key was leaked, not cracked. There's a huge difference there.
Security will not catch on (Score:2)
1. It will be relegated to tiny niches where security trumps usability
God forbid in this day of malware, server breaches, and root kits, someone should be triumphing that over usability.
Re: (Score:2)
God forbid in this day of malware, server breaches, and root kits, someone should be triumphing that over usability.
Indeed. If only people would dump Windows and run Linux, we'd all be better off.
Re:Security will not catch on (Score:4, Informative)
Nice try, but the breaching of the kernel.org website had no bearing on the integrity of the kernel sources [linuxfoundation.org].
Re: (Score:3)
Re:Security will not catch on (Score:5, Informative)
That type of rootkit was common years ago and still is. Typically they target one of the low level OS components such as the SATA driver, which is loaded before any security stuff and has full access to the entire memory space.
At first anti-virus software couldn't even detect it because the rooted OS was prevented from seeing the file in directory listings or accessing it directly. Eventually they figured out how to get around that, but still couldn't remove the file. Then they figured out how to remove the file when booted into a different OS (i.e. take the HDD out and put it in another machine) but of course that deleted the SATA driver so a XP refresh install was required. That was where I left it when I stopped working in that business.
Re:Security will not catch on (Score:4, Insightful)
They didn't have to crawl or beg, they just asked and Microsoft said yes. Microsoft was anxious to support Ubuntu since they don't want a repeat of the paranoia that surrounded Palladium.
It'd be a lot easier to accept if the task were granted to a company with no stake in the OS market, like Intel.
Most likely there are going to be about 6 signing authorities on the BIOS that ship. Microsoft, someone like Verisign, a few Asian ones, maybe the hardware vendors themselves (i.e. Dell signs for UEFI in Dell's and collects the check). There is no reason to believe Intel, Western Digital (which has played for open standards for decades) or someone unexpected like NVidia won't step forward. I could see IBM who is much more trusted by the Linux community doing it.
Re:Secure Boot won't catch on (Score:4, Insightful)
I thought the requirement to run Windows 8 was to have a BIOS option to disable secure boot, or rather, enable legacy (BIOS) booting. So if the user wishes to run another OS, they could - disable secure boot, and the PC boots like it always has - via the old BIOS method. Of course, if you want to boot back into Windows requires flipping the option back (the files are signed and verified before loading, so it's not like running another OS will break the security - the UEFI verifies the loader, the loader verifies the kernel, the kernel verifies the drivers and Windows binaries, etc.).
I know RedHat and Canonical were worried that the option would be well, optional, but I thought it was now required. And it will be for a little while because Windows 7 isn't ready for secure boot - it can be EFI-booted in 64-bit mode but that's experimental.
Then there is well, Apple. Whose EFI-based firmware probably doesn't have secure boot in it and thus unable to boot Windows 8... (and probably the only provider that has an easily-accessible EFI boot - is there any other reason why there's an EFI bootloader for Linux for the past few years?)
Re:Secure Boot won't catch on (Score:4, Interesting)
Re: (Score:3)
Windows 8 doesn't require secure boot. At all. It will happily boot on a pc without it, or with it turned off. I. E. All the legacy kit out there running windows 7.
In order to sell an x86 pc as windows 8 certified, you have to have secure boot; it has to have the Windows 8 signing key as default; and it needs to be able to be turned off. The latter matters to Microsoft because all those enterprise users doing their downgrade rights to 7 would be furious if they couldn't buy new new pcs and put older version
Re: (Score:3)
I thought the requirement to run Windows 8 was to have a BIOS option to disable secure boot, or rather, enable legacy (BIOS) booting.
There is no such requirement to run Windows 8. There is a UEFI secure boot requirement if you want to put a sticker on the system saying "designed for Windows 8". There is also a requirement that the user must be able to switch off the secure boot.
Of course, if you want to boot back into Windows requires flipping the option back (the files are signed and verified before loading, so it's not like running another OS will break the security - the UEFI verifies the loader, the loader verifies the kernel, the kernel verifies the drivers and Windows binaries, etc.).
No, you do not need to flip the option back to boot Windows 8. If you don't flip it back you will not have the security that comes from the knowledge that the boot loader and kernel has not been tampered with, but Windows 8 will boot.
Of course, if you want to boot back into Windows requires flipping the option back (the files are signed and verified before loading, so it's not like running another OS will break the security - the UEFI verifies the loader, the loader verifies the kernel, the kernel verifies the drivers and Windows binaries, etc.).
That is correct. But while th
Another Approach (Score:5, Interesting)
(Too many #4 here already, so I'll skip the numbering)
What about clustering all Linux enthusiasts' computers together and cracking Microsoft's signing key, SETI-style? I'm not sure about the mathematics there (taking longer than the galaxy will exist, etc.), but maybe it's possible. Or maybe somebody made a mistake and the key is much weaker than it is thought at the moment (see PS3).
Re:Another Approach (Score:4, Interesting)
What makes anyone think that UEFI will be any more secure than anything else Microsoft releases? Actually cracking the key may take longer than the universe has been in existence but I'm betting dear Microsoft won't do any better at engineering this than anything else. There is probably an easily exploitable hole that doesn't require actually cracking the key.
Cheers,
Dave
Re:Another Approach (Score:4, Interesting)
UEFI and Secure Boot aren't the same thing.
Approach #4 (Score:4, Informative)
Disable secure boot.
From http://msdn.microsoft.com/en-US/library/windows/hardware/jj128256:
"Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv. A Windows Server may also disable Secure Boot remotely using a strongly authenticated (preferably public-key based) out-of-band management connection, such as to a baseboard management controller or service processor. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure Boot must not be possible on ARM systems."
They made disabling secure boot required for the Windows logo on x86 (while probably worried about the threat of an antitrust investigation).
Re: (Score:2)
I wonder will that allow booting of fedora or ubuntu which are having their distros signed by Microsoft to boot on arm hardware? anyone else know i would really like to have a ubuntu tablet and that seems like a cheap way.
Re: (Score:3)
Just buy an Android one next year. It looks like you'll have the best of both worlds.
http://www.ubuntu.com/devices/android [ubuntu.com]
http://en.wikipedia.org/wiki/Ubuntu_for_Android [wikipedia.org]
http://www.youtube.com/watch?v=wzc0uMXGFBY [youtube.com]
Re:Approach #4 (Score:5, Interesting)
You need to do more with a computer than just smile smugly and say "i'm runng xyz cool thing". ... Okay.. maybe *you* don't...
Ah, my little troll is back! Nice to see you again.
And you're right. Computers are tools, they are at their best when they're used to create cool (and mundane) things, and that's the subtle difference between smartphones and desktop computers that I think Ubuntu got right this time.
You see my little pet, despite what many people say, phones and tablets aren't for passive consumption, that's the role of TV, books, and maybe e-readers. What Android, iOS et al excel at is to communicate and share cool things (and mundane things, but who wants to talk about those).
The thing is, computing as a field is all about thresholds. There were text and math thresholds as CPUs/memory etc became large enough and powerful enough to run text editors, then a little faster for word processors, spreadsheets and simulators. Graphical display thresholds gave us GUIs, sound subsystem thresholds and video playback thresholds got us music and movies. There are people here who looked in awe at early Amiga/Atari demos playing two or three simultaneous animations. Desktop computer hardware stopped being a limitation to creating images, video, text, music etc in the late '90s. Phone hardware now is far past that threshold and is about to pass the capabilities of desktop computers from less than a decade ago.
Coincidentally, a decade ago was when mainstream OS development stagnated. XP was released about then, and continues to be used in business today largely because its successors do little or nothing to improve productivity. You see where I'm going with this, cherub? We have hardware with enough power to run the content creation software and fit in our pockets. That limitation is gone. The remaining limitations are the OS and software stacks, and the peripherals - big screens, digitisers, scanners etc etc, and guess what? Ubuntu has an answer.
We're seeing enough hints in the market from the likes of Asus, Samsung, Lenovo and even Microsoft that this is something the world's looking for. I'd say Canonical/Ubuntu is in a very good place right now.
Re: (Score:3)
You mean whenever I decide to compile a custom kernel I'd need to pay $80 to Microsoft to run it on a machine with SecureBoot? To run my custom kernel on my computer?
Sorry, that doesn't sound like a good deal to me. Real secure boot would look like this:
"You are trying to boot from a new kernel or an existing kernel has been modified. This might indicate that a virus is trying to gain access to your computer. Choose Use Previous Kernel if you are unsure about the reason for this message. Would you
Re: (Score:2)
No kidding. Where is the issue where when you can just do this? You'd think the the general population of people who will be loading their boxes with alternate operating systems could figure this out.
Re:Approach #4 (Score:4, Insightful)
Yes, because Microsoft would never, ever, even possibly ever imagine thinking of making it compulsory on x86.
This is why I hate Microsoft (Score:4, Interesting)
Re: (Score:2)
And safeboot won. Thanks to Ubuntu having too much money.
Now it will be one more pain to buy new machines. Will have to scavenge model numbers know to have a correct implementation... Which will be rare.
Re:This is why I hate Microsoft (Score:4, Interesting)
They don't try to make better products, they just try to kill the competition. I see ads for their crap with cool songs, a lizard, and neat apps everywhere but the actual thing doesn't work. Even they can't work it right, as shown by several demos they have done. They seem to recognize it but instead of dealing with it, they just try to eliminate everyone else. Linux has a MUCH better programming environment than anything Microsoft can offer. Even its overall usability (I use Ubuntu) is more intuitive. So Microsoft tries this shit. It's not secure and it's not user-friendly. It's just meant to make Linux harder to install. And I can't support a company that takes this approach. Fuck them. It's a good thing their company is dying. Hopefully more OEMs see this and start offering Linux PC's, but I kind of doubt it.
Ok, I'm probably going to kill my karma and move from Excellent to Suspected Troll, but so be it...
Until 5-6 years ago, I would totally agree with you. I've been a *ix advocate for years and will be for a while. However, with the introduction of Windows XP, I've switched from using *ix (more specifically Red Hat, and later on FreeBSD) on my desktop to Windows. Why? Because things just work out of the box. I was used to googling for hours and hours to find the right dependencies for a certain application I wanted, which then would be conflicting with something that I'd already installed and after being forced to use Windows by my then-employer, I quickly installed it on my PCs at home, too.
When Asus came with their small netbooks, I bought a Linux version. Unfortunately I found it quite unusable so I installed Windows. Again. In my opinion, *ix is perfect, more than perfect in the role of a server. Apache kills IIS just by looking at it. Sendmail outperforms Exchange while picking its nose. SSH is far better than using RDP to administer your server.
As recent as four months ago, I tried switching to Ubuntu on my corporate Windows Vista laptop. After two days of downtime, I found that I was unable to find a decent calendaring tool that would work with the companies Exchange server. No Lync support. Only partial support for Office tools. I returned my laptop to the IT department to have a new Windows image installed and within 3 hours I was back online.
Microsoft sucks when it comes to their business practices, I fully, more than fully agree with you on that. But their products are no longer that bad as they once were.
BUT MOMMY, TIMMY WAS DOING IT TOO! (Score:3)
> Why is everyone so quick to accept the corpse of TCPA in new clothes?
Only softies and people who don't know any better do. Pointing at Apple and saying they lock their phones and tablets too ignores the fact that what they do is also wrong. It's like Timmy beating up Bobby on the playground, and when you beat up Bobby, you point at Timmy and say "well, he was doing it too!"
The rest of us want to punch people in the face for even suggesting TCPA 2.0
--
BMO
Flash the BIOS (Score:5, Interesting)
Re: (Score:3, Interesting)
They are almost certainly going to be requiring signed firmware images on any Win8 Logo'd hardware so no you won't be hacking the BIOS so simply.....
Frankly from a security standpoint what they are proposing makes sense. they aren't even receiving any money from the likes of Ubuntu or RedHat if they choose to use this system. Yeah, it might be painful and it's certainly different but it makes security sense if done right. Had some sort of international consortium come up with this and Microsoft joined in wo
Re: (Score:3)
Well if you tell a potential new Linux user they have to flash the BIOS (find the right one for each motherboard) they are going to be a lot less likely to do that than when you tell them: here pop in the LiveCD.
Similar problem when it's just about turning off secure boot - sounds dangerous right from start, and they'll probably have been warned about not turning that off when some software asks them to.
Re: (Score:3)
I've used Linux since kernel version 0.99pl15. I don't "love to screw" with my BIOS. I might do it, but it would annoy me.
Anyway, the days of Slackware on sixty 3.5" floppy disks are long gone, you don't need to be a geek any more to use Linux. My wife is perfectly happy with it, so is my dad, and I find it a lot easier to support their systems than if they had Windows machines.
Wait wait... (Score:2)
Re: (Score:2, Funny)
I will. it's an awesome operating system... since I spend 95% of my time in the start menu I'm glad they made it full screen and interactive.. it's like a video game!
I'm confused (Score:2)
Re: (Score:2)
I thought this would only be a problem for people who are afraid to muck around in their bios. The situation is that even tech-savy users can't turn this shit off?
1. That makes life painful for non-techies who want to install Linux and can currently just boot from a CD or USB installer with no BIOS changes.
2. As soon as Microsoft can demand that this be made compulsory, they will.
Oh, sorry, I forgot 'the slippery slope is a logical fallacy', so Microsoft couldn't possibly ever do that.
EU vs monopolistic behaviour? (Score:5, Interesting)
Seems to me that this is a very serious violation of the spirit of the antitrust rulings when MS killed netscape. Why aren't our consumer protection agencies stepping in to forbid MS from doing this?
Re: (Score:3)
Most regulators can only operate reactively. Even if you issue a complaint today there's a lot of hoops to jump through before anyone can even get Microsoft in a courtoom:
- Someone has to release a Windows 8 PC with secure boot. That hasn't happened yet.
- The hoops necessary to disable secure boot need to be sufficiently complicated that its demonstrably a problem. This won't be apparent for some time after we see a serious number of Secure a lot PCs shipping.
- organisations with some influence (not individ
Just sign your bootloader... (Score:3)
The MS specs require any MS-certified firmware to allow the user to load their own keys. So, if you want to install linux, just generate your own keypair, use it to sign any OSes you want to boot, and install it as a trusted key in your firmware.
Viola, you can still use secure boot, and you can boot whatever you want, and as a bonus not even MS can install something on your hard drive and have it be bootable.
Or you can just disable secure boot.
Distros should just make it easy for users to sign their bootloaders. This should be easy for distros that have the user manually install grub/etc. Or the distro could just supply a pre-signed bootloader and a key for the user to load into their firmware.
Re: (Score:3)
You say "just" for things that require a second computer
Not so easy for the teenager who is mowing lawns and raking leaves to buy a computer to learn programming.
Now these kids are locked out of the Linux experience because they don't have the resources to "just do" the stuff you find so trivial.
what's the value to the user? (Score:3)
Forgotten in all of this is that there is no actual value added for the user in all this.
When it's all said and done, from the user's point of view, it's a step backward in usability and utility without providing ANY extra security for the user's data.
Think about it: for an actual boot-sector virus to work, it have to break into your computer already. Well since it's already broken in, why does it need the boot sector? It can just break back in using the same mechanism it used in the first place. Secure boot gets you no extra security.
Notice that Windows had to mandate this, is there any clamor from the user base for computers that are more difficult to use?
Re: (Score:3)
Nonsense. People care so long as there is money to be made.
In this case, there isn't much to be made. MS & Canonical have written off the desktop market, and who knows what Apple will be doing next. As such, the lockdowns will continue while the tech sector undergoes decay, up until someone has a brilliant idea that forces the various players to reassess. Since many of them have consulted their crystal balls which say tablets and cell phones are the way of the future, this change is highly unlikely.
Windows 8 is not going enterprise and OEM's (Score:5, Insightful)
Windows 8 is not going enterprise and OEM's need to not lock out XP / Windows 7 as they will lose the enterprise market if they do so.
the MB makers likely will not want to go windows 8 only.
Re: (Score:3)
Well first off most people capable of a server install will be capable of disabling UEFI or self signing so my inclination is no. Right now this is mainly being pushed as a desktop feature. On the other hand once implemented there is no reason that it couldn't be a server feature. Servers are always going to be more diverse hardware and server installs always more complex so people who make server class hardware are likely to offer better instructions for over riding.
I honestly think the Linux desktop pe
Re: (Score:3)
I've got nothing? You mean like the thing that you didn't address, but keep throwing fits about, "A PC in every home, running Windows?" You're like a little kid who thinks it cannot be seen because it has the eyes covered -- just because you are unable or unwilling to, you know, catch up, doesn't mean I don't know what I know.
It just means it's STILL waiting there to be addressed by you, if you could just stop crying for a second :D
I care. (Score:2, Insightful)
There are a lot of people who care. Unfortunately there are not enough people making purchasing decisions based on that.
It's freedom, not price that matters. (Score:4, Informative)
If you purchase something purely based on price you are one stupid user. Freedom matters and just because the majority don't understand the issue doesn't mean it doesn't mean the lack of freedom isn't harming them.
The lack of freedom causes so many problems. It prevents competition, it prevents compatibility, it prevents upgradability, it makes common applications obsensely and abusively exspensive.
Now I'm not saying you shouldn't pay the developers. You should contribute. For most people payment is how one contributes. While selling free software may not work terribly well for developers due to the lack of understanding of what free software is and is not contributory models work fairly well if done right. So do agrements between companies supporting free software like ThinkPenguin and Trisquel. Or Google and distributions/web applications. There are other agrements as well. Such as CDs and merchandise. All of these have value and can and do fund free software development.
Re:yes and no (Score:5, Interesting)
microsoft wont go out of business but they could very easily marginalize themselves to the point that they are no longer the 800 pound gorilla of the desktop PC market, and more than likely Apple and Linux will grab more userbase, i prefer old school distros like debian & slackware so apple wont be getting any of my money
Re: (Score:2, Insightful)
The problem is the whole "Desktop PC" market is becoming marginalized. Mobile devices are where a majority of computing dollars are going (in the consumer world).
Computers used to be huge and had a whole room dedicated to merely running them. Desktops revolutionized that, but the computer still lived in a specific room and you had to go to that room to do your computing (office or wherever).
The whole idea of going to a specific room to do your computer is going away; at least for average people. Microsof
Re:yes and no (Score:4, Informative)
Mobile devices are where a majority of computing dollars are going (in the consumer world).
I think it may be where it's going soon in the corporate world too, especially with BYOD. If so, Ubuntu may be on to something with their Ububtu for Android kit.
It lets you run your phone/tablet as a portable device, then as a full desktop OS once it's docked with a monitor, mouse and other external peripherals. In the video, they're even showing it running Citrix for some legacy applications.
http://www.ubuntu.com/devices/android [ubuntu.com]
http://en.wikipedia.org/wiki/Ubuntu_for_Android [wikipedia.org]
http://www.youtube.com/watch?v=wzc0uMXGFBY [youtube.com]
Re: (Score:3)
Yes. Anecdotal evidence warning: (Score:3)
Both my wife and my sister have very nice laptops ca. 2009-2010. I used to do an ongoing and significant amount of Windows tech support for both of them.
Nothing in about 2 years. What they have in common: both have iPhones.
I don't live with my sister, so I don't know whether this is absolutely true in her case, but my wife hasn't even opened her laptop in months. I regularly see her using her iPhone for web browsing, Facebook, email, etc. (As in, for several hours a day.) And I have recently done iPhone-rel
Re:yes and no (Score:4, Insightful)
A) Most houses have 1 or 2 desktops (shared by the family), but most people have their own smartphone or laptop (since they take it with them to work/school/etc).
B) Desktops tend not to be replaced as often, partially due to them being more powerful/dollar in the first place, and partly because they are SO MUCH easier to upgrade.
C) Desktops cost a LOT less (unless you get a screaming gaming rig) than any other computing device out there, so comparing the *amount* people spend on desktops vs mobiles is pointless.
D) A lot of people that build gaming machines (and even some that don't), build there computers 1 piece at a time, and thus don't get counted as "PC Sales", almost NOBODY does this with laptops, cellphones or tablets.
Mobile devices may be on the rise, but I doubt desktops will dissapear any time soon, at least not until they stop being half the price of a less powerfull laptop!
Unrelated Note: Why won't slashdot's comment boxes resize horizontally in Firefox?
Re: (Score:3)
Mod parent up. Of /course/ Desktop sales are on the decline - a P4 is "usable" still, and a C2D is a perfectly good main system.
With computers lasting for a number of years, and there being no reason to upgrade...
Of course, mobile devices may be on the rise, but it's sort of a "comlimentary" device, not a replacement. Sure, some can use it to fully replace their desktop, but those are the people who could be switched to a shiny Linux distro as well.
Re: (Score:3)
You make some good points. However consider your "retraining" statement, then look at Windows 8 vs Windows XP. I work at a Fortune 100, and they still deploy new machines downgraded to Windows XP. They're just starting to use Windows 7 and that's because it breaks a lot of things to make that change. Moving from XP to 7, and from Office 2003 to Office 2010 requires massive retraining - so Microsoft no longer has an advantage in saying "you won't have to retrain".
The funny thing about Apple having lost t
Re: (Score:3)
Why does this piss you off? And is it the locking out of other OS's from Apple's hardware, or the fact that no one seemed to care, that's upset you?
When Apple licensed the Mac OS back in the 90's it hurt what little business Apple did have. Apple is, and has always been, a system provider, meaning hardware+software. While selling the Mac OS to run on non-Mac hardware has been tossed around for years, it will never happen since Apple wouldn't sell enough copies to stay in business by selling hardware that ca
Re: (Score:3)
Apple doesn't lock other OSes from Apple hardware. They in fact write a multi OS bootloader (Bootcamp) and give it away free to make it easy for people to install other OSes. They work with VMWare and Parallels for people who want to run OSes in VMs.
None of what you are saying is true.
Re: (Score:3)
I am very close to buying a laptop from a company that manufactures laptops designed to run linux. Either ZaReason or System76. I am currently using an early 2007 Macbook Pro, which has been a fairly nice machine. However I don't like the way consumer computing is going, and I feel the need to stand up for my right to run a Turing complete computing device. And $800 or so for a laptop isn't too much for me to plop down.
Re: (Score:3)
um, grub is a bootloader not an operating system, and windows 8 is a operating system (the operating part is disputable) not a bootloader. the windows bootloader can't boot any operating systems other than other versions of windows. your comment does not make any since.
Re: (Score:3)
And what if I want to run my own bootloader and kernel, on a machine I own?
Re: (Score:3)
Then install your own key or disable secure boot. What else could you possibly expect to do? Secureboot isn't an issue for anyone running their own bootloader and kernel.
Re: (Score:2)
Re: (Score:3)
What us? Who the fuck is us? There is no us. Microsoft has a voluntary & optional program for putting MS logo on your product.
There is nothing "voluntary" in commerce.
Oh, and monopoly maintenance is illegal even by US corporate-criminal-friendly standards.
And stop with the "poor oss developers" angle. It is a flat out lie. Billions of dollars has been poured into linux development to get it to its current state from the pathetic state it was a few decades ago.
That does not mean, everyone now has to pay for the privilege of not having a great public resource destroyed.
If all the big Linux based services companies can't spend some money so that a simple cryptographic key is included in the UEFI based motherboards so that THEIR CUSTOMERS can have an easy way to install THEIR PRODUCT,
The "big Linux based services companies" are not the only people affected by this. I am a Linux developer, and my ability to contribute to Linux development depends on my access to those keys. Obviously, no amount of money I (or any company that I work for) would pay to M
Re: (Score:2)
I haven't read TFA but I assumed it was about ARM, in which case solution #4 is "buy x86". If TFA is about x86 then the author is an idiot. An article about how this could be the start of a slippery slope might be better, but unless something has changed since I last read the MS literature, disabling secure boot is an easy solution.
And given how easy rooting an Apple phone has been, I can't imagine that rooting UEFI will be any more difficult.
Re: (Score:3)
So anyone who says Linux is not "average user" ready, you're just plain wrong. My tech support record flies in the face of that.
Re: (Score:3)
Linux is completely unusable to the average computer user, so I dont think there is much loss here. Suffering from the same fragmentation as Android and lack of support for so many software companies. No one wants to find stupid workaround back-ass-wards ways to just get they're damn computer working.
Feeding the troll, I know, but still.
Last week I attempted to rescue my friend’s laptop. Some sort of low-end Lenovo. Not even a factory reset made it recognize its own battery, play sound without distortion, or work without staggering for 20 seconds every few minutes. She needs Windows for work, so she set off to buy a new laptop.
I loaded Bodhi Linux on the faulty laptop just to see if the problem was in Windows and related software, or if it was in fact in hardware (as the laptop had worked normall
Re:He's right you know... (Score:5, Informative)
Ever install Vista or Win7?
Yes. I bought this laptop I'm using a couple of months ago. It dual-boots Win7 and openSUSE 12.1, both of which I installed myself.
Boot the disk, answer a couple of questions, the installer does the rest...
First question: Does it have all your device drivers?
essentially imaging the system to a clean install for a computer that doesn't have Windows installed.
With none of those applications you go on about.
Linux in orders of magnitude more difficult to install...
With apologies to any equines who may be in the audience, that's complete and utter horseshit. To quote your own fine self, installing a modern Linux distro is a case of "Boot the disk, answer a couple of questions, the installer does the rest".
...not to mention all the 0.x unfinished apps for supposed Windows app substitutes.
What Windows apps? You mean the apps *for* Windows that don't actually *come* with Windows that you have to find (and possibly *buy*) and install separately? As opposed to the hundreds (thousands?) of perfectly usable apps available in any halfway respectable Linux distro that you can load as part of the OS installation?
BTW, the installation of Windows 7 Pro and about a dozen applications which had to be obtained and installed separately (following the OS installation) took almost exactly *twice* as long as as the openSUSE installation, which provided *everything* I need for both personal and work use with just 2 exceptions--Skype, and a proprietary app we use at work.
Oh, and let's not forget cost: the Windows 7 Pro OEM DVD (English) ran me about 1350 SEK (call it US$200); the blank CD on which I burned the Linux network installer was about a dollar and a half (~10 SEK).
TL;DR: Windows took twice as much time to install, cost me 200 times as much money, and provided about 10% of the software.
So... You are badly misinformed, deluded, or just plain lying. I'd say it's a bit of all 3.
What is it with you guys, anyway, that you find Linux so threatening that you have to resort to spewing garbage like this about it?
Re: (Score:3)