Linus Torvalds Explodes at Red Hat Developer 786
sfcrazy writes "Quite a lot of people raised their eyebrows the way ex-Red Hat developer Matthew Garrett made Microsoft the 'universal' control of any desktops PCs running with UEFI secure boot. Though the intentions of Garrett were clear — to enable GNU/Linux to be able to run Linux on Windows 8 certified PCs with secure boot; it was clearly putting Microsoft in a very powerful position. Linus, while a supporter of secure boot, exploded at Garrett and Howells when they proposed its inclusion in the kernel. Linus responded: 'Guys, this is not a d*#@-sucking contest. If you want to parse PE binaries, go right ahead. If Red Hat wants to deep-throat Microsoft, that's *your* issue. That has nothing what-so-ever to do with the kernel I maintain. It's trivial for you guys to have a signing machine that parses the PE binary, verifies the signatures, and signs the resulting keys with your own key. You already wrote the code, for chissake, it's in that f*cking pull request.'"
Update: 02/25 17:24 GMT by U L : The headline/article are misleading, since mjg seems to agree that the patch is a bit complicated : "(I mean, *I'm* fine with the idea that they're *@#$ing idiots and deserve to be miserable, but apparently there's people who think this is a vital part of a business model)". The issue at hand is a set of patches to load and store keys inside of a UEFI PE binary which is then passed to the kernel, which then extracts the keys from the binary. It's absurd, it's messy, and it's only needed because Microsoft will only sign PE binaries so not supporting it makes restricted boot even more difficult to support.
Linus has always been an a-hole (Score:1, Interesting)
so uh... (Score:1, Interesting)
burned out maybe?
Linux i like. Linus not so, after seeing a talk.. (Score:5, Interesting)
Posting anonymous just to be sure..
Since i saw a Google Tech Talk with Linus on stage, i certainly like him less.
http://www.youtube.com/watch?v=4XpnKHJAok8 [youtube.com] (mostly about Git but nonetheless showcasing his persona)
Linux is great and all, but i am certainly not a fan of Linus anymore. Respect though for his incredible achievements.
He's a dick the same way Jobs was (also sharing similar strengths regarding vision), and i now realize he basically is a real life Sheldon Cooper, ego humor and everything.
Re:Linus Torvalds is his own worst enemy (Score:0, Interesting)
You, sir, are a liar. I've worked for half a dozen Fortune 500 companies, and I have only ever seen RedHat in production environments where Linux is used. The company I work for now is in the process of replacing a 200+ server environment, moving from HPUX/PA-RISC to RedHat/x86_64 because they want to get away from some of the red tape and bureaucracy.
Bottom line is that big, successful, organized companies need contracts, paper trails, and paid support -- something RedHat provides above and beyond any of the other distros. They know their customers and play to their needs; that is why they are successful and profitable where so many others are not.
Re:so uh... (Score:4, Interesting)
Re:Torvalds vs Ballmer (Score:2, Interesting)
Maybe Linux should ask his wife -- the six-time Finnish national Karate champion, according to Wikipedia -- for some fighting tips.
Re:Linus Torvalds is his own worst enemy (Score:4, Interesting)
Thanks for the pointer to Eric S Raymond. I only knew of his from The Cathedral and the Bazaar. I had no idea he was a right wing nut, global warming and HIV denier, Bush jr supporter, islamophobic war-monger, homophobic, racist troll.
http://rationalwiki.org/wiki/Eric_S._Raymond [rationalwiki.org]
Him and Stallman, what a pair! By comparison Torvalds looks quite tame and reasonable.
Re:Where should we start? (Score:5, Interesting)
Good summary. A better way to do this is to a) make it easy for users to add keys, like a really obvious box on boot-up: "Do you really, really want to add keys for this new OS you are installing?" and b) have BIOS makers and main-board vendors include the keys for most Linux distros.
The problem with that is however that secure boot is broken as soon as a single OS maker/distro gets compromised. So while this is better, it still sucks badly, security-wise. "secure" boot is one of the ideas that looks good on first glance, but when you really get into the details it turns out to be fundamentally broken. Its only really reliable function is to make booting/installing anything but Windows harder and possibly infeasible for the average user. And, yes, that includes recovery CDs, utility CDs for restoring backups, hardware diagnostic CDs, etc. MS does not care that it screws over the user as long as their market-share increases. Plain old massively unethical business practices disguised as security feature.
Re:so uh... (Score:4, Interesting)
He is right and has little patience for stupidity. Furthermore he doesn't need to be nice. So he isn't.
I have found that Linus is willing to make very forceful, negative statements about technology that he is unfamiliar with.
For example, in an email list discussion, he made these kinds of disparaging statements about technology that I work with, describing particular aspects of how the technology work. Unfortunately, his statements were all wrong. I called him on it (in off-list email). He responded indicating that he wasn't interested in the technology and had not looked at it in years.
It's OK that he isn't interested in it, but that doesn't give him the right to make up stuff about how it works.
And, because I have observed this with topics that I am familiar with, I am less likely to believe him on topics that I am less familiar.
Re:Linux i like. Linus not so, after seeing a talk (Score:2, Interesting)
Re:Linux i like. Linus not so, after seeing a talk (Score:4, Interesting)
Someone needs to be a dick to make Linux continue to be successful. How big a dick is questionable, but look at HURD and Plan10... It's a design by committee process without as strong a leader, neither has made any actual progress towards being usable, and both have been around for 2 decades.
Re:Linus Torvalds is his own worst enemy (Score:1, Interesting)
Even if dropping the bomb on somebody is justified I'd expect more professionalism from somebody of his stature rather then resorting to juvenile insults and grotesque metaphors.
Professionalism seems to be dying a slow death.
Re:Ideology is what it's all about (Score:4, Interesting)
I believe the differences are due to the way the 2 OS licenses approach the definition 'community' differently:
* BSD - Here is our community -- you can take what you want; you don't have to give anything back.
* GPL - Here is our community - you can use what you want but you must also give back.
The true strength of community comes not only from what you can take from it, but also what you can give back.
Both licenses have enabled fantastic engineering and applied ideology in practical cooperation -- but it appears GPL is more focused on the long-term and BSD is focused on the short-term.
A lot of Misunderstanding Here (Score:4, Interesting)
I think a lot of folks here are missing the point. The trouble is that the kernel running in secure boot mode has to be able to receive signed keys in a secure way (if you think secure boot is worth anything, many do not).
Linux running in secure boot mode is a done deal. The question is how do you import keys that are signed by Microsoft. In an ideal world you'd just upload the signed X.509 cert and you'd be done. Unfortunately, Microsoft will only sign PE binaries.
So the developers opted to enclose the X.509 cert in a PE binary. Unfortunately, that means the kernel needs to be able to read the PE binary and verify the signature all in kernel space, then extract the x,509 cert. This is undeniably messy.
Now lots of folks will argue that there's no point to this and it should be done in user space. I'm not going ti argue with that, but the reality is that most of the mechanics of this are already implemented, just not the PE stuff. You can sign kernel modules and verify them in kernel space with x.509 certs (at least by my reading of the thread).
Frankly, I think this is pretty much the only thing to do short of talking MS into signing x509 certs. The other suggested work-arounds involve additional authorities or doing stuff in user space. They are all workable, but are pretty clumsy compared to what's being proposed.
I think it may have been a mistake to just drop this ugly change on Linus without his involvement. My guess is that if the problem had been stated before coming up with a proposed implementaon, they might have come up with essentially the same solution with less drama.
Re:Linus Torvalds is his own worst enemy (Score:4, Interesting)
In fairness to your point, it's not just the Linux kernel. Linux distro package management is light years ahead of what Windows and even OS X have (yes: I use, love, and contribute to homebrew). Also, I develop software that runs on Linux servers and some of it is barely above kernel level. Running Linux means that I can test a lot of my work more quickly than if I had to deploy it to a development server after every save. But more than that, I genuinely love Linux. It's been good to me and I enjoy using it.
Still, I strongly prefer the OS X desktop. It's not from lack of trying the various FOSS offerings. I started off on Windowmaker and Enlightenment, then worked my way through the various Gnome epochs, KDE 2/3/4, a few tiling WMs (I wrote the semi-official Qtile-on-Ubuntu guide a couple of years ago), LXDE, and several others I'm sure I've forgotten along the way. OS X seems to be what Gnome tried and failed to achieve: a nice-looking, comfortable desktop without a million config knobs that most people can use out of the box. As much as I like Linux-the-OS, I like using OS-X-the-Desktop.