Slashdot Mirror

He's talking BS.
Martin Graesslin, the KWin maintainer, began to prepare KWin for Wayland before Mir was even announced. So he designed the transition path to support two and only two back ends. See https://plus.google.com/115606635748721265446/posts/136nV4uojKH for details (public post, no need for a G+ account).

Graesslin also made it repeatedly clear that he won't support single-distro solutions. That means no support for MS Windows in KWin, OSX' Quartz, or Android's SurfaceFlinger. Somehow nobody ever had a problem with that decision. Only after Canonocal announced Mir Ubuntu fanboys began to whine.

There are no technological benefits for Mir over Wayland. Canonical made false claims as outlined on http://www.phoronix.com/scan.php?page=news_item&px=MTMxODA but they've since redacted the statements. Wayland even works with Android drivers: http://mer-project.blogspot.fi/2013/04/wayland-utilizing-android-gpu-drivers.html

The reasons for Mir are not technological, they are purely economical. Canonical wants to establish asymmetric licensing to have an economic advantage over the competition: http://mjg59.dreamwidth.org/25376.html
Wayland OTOH is under MIT/X11 license for everybody. This means that not only can any Linux vendor grab it and to anything with it, incl. to make an Android version that uses Wayland: http://ppaalanen.blogspot.com/2012/09/wayland-on-android-upgrade-to-404-and.html
Mir's licensing makes it forever impossible to become part of any major BSD variant. Wayland, however, is being ported to FreeBSD: http://www.phoronix.com/scan.php?page=news_item&px=MTMwMzE

Wayland is being pushed by industry giants such as Intel and Red Hat, as well as smaller companies like Collabora (creators of many technologies commonly used on GNU-based Linux such as Telepathy, WebKit-GTK, etc.: https://www.collabora.com/projects/ ).
Mir is just backed by Canonical who, while claiming to be the most popular Linux distributor, still makes no money: http://www.internetnews.com/blog/skerner/canonical-ubuntu-linux-is-still-not-profitable.html

Does it runs Linux? Does gets bricked if try something different from Windows 8, or even windows 8 itself? With that resolution and battery life even Linus could love it... if can run his own system on it, of course.

"privacy advocates fear the inevitable mission creep"
I consider myself a privacy advocate, but I'm also a computer programmer who desperately wishes for a national ID number unique to every citizen. Last year, I advocated for voter ID cards here in Minnesota ( http://mellowtigger.dreamwidth.org/237086.html ) because it seemed like a way to bypass the usual conservative opposition to government ID cards. Finally, conservatives' fear of "furriners" overtaking the country might exceed their fear of religious mumbo jumbo about numbers of the Beast. I'll take progress however I can get it, and voter/immigration paranoia seems like the way I can finally get a national ID number.

http://mjg59.dreamwidth.org/8705.html

That's the link I was thinking of. I was slightly off too; a commenter had the Thinkpad EDID issue, and it was set to a 5:4 resolution on a 720p display.

It will also put me off talking freely and in an unguarded manner in front of female attendees at any conference.

Which will make these women notice the subconscious cues that they are unwanted and unwelcome because of what Adria Richards did, leading to a drop in women attendees, which people like Adria Richards will then blame on the overbearing masculinity of the leadership until the leaders are expelled for their non-existent problem with women so that people loyal to Adria Richards can take over the group. The fake feminists did the exact same thing to the atheist community.

Sorry, you're right. I had somehow got the idea that dev mode wasn't available on the Samsung, but it is.

Chrome OS dev mode is more restrictive than MS' x86 Secure Boot requirements - see http://mjg59.dreamwidth.org/22465.html - but it is indeed less restrictive than MS's *ARM* SB requirements. So indeed an ARM Chromebook is relatively a better choice than an ARM Windows RT device.

To summarize the Ada Initiative's argument, "You should never talk about sex, because if you do, you'll give women traumatizing rape flashbacks and turn all men in the audience into pathological rape-machines. Especially techies, because everyone knows techies are super-rape-happy already. So no talking about sex."

Similar bullshit is going on in the atheist community where PZ Myers and Ed Brayton decided that it is rape when "a guy at an atheist convention was chatting up a girl and asked her to bed, she said no, and that was the end of it" and they're pressuring atheist community organizations to kick out people who disagree as not-real-atheists. People like Richard Dawkins.

Mr. Garrett had the following to say on this topic here: http://mjg59.dreamwidth.org/12368.html

An alternative was producing some sort of overall Linux key. It turns out that this is also difficult, since it would mean finding an entity who was willing to take responsibility for managing signing or key distribution. That means having the ability to keep the root key absolutely secure and perform adequate validation of people asking for signing. That's expensive. Like millions of dollars expensive. It would also take a lot of time to set up, and that's not really time we had. And, finally, nobody was jumping at the opportunity to volunteer. So no generic Linux key.

Mac UEFI is, if anything, even weirder than the usual flavor. Apple laptops running Apple EFI in order to boot OSX work; because Apple makes all of them and none of the parts is dumb enough to lean on the other parts in an unexpected way; but once you try something different, life gets exciting(the, er, interesting transition between 32 bit and 64 bit EFI 1.x was good fun as well).

This fellow used to do EFI-related work for Redhat and is interesting reading on the matter. UEFI is a bloated bear of a 'standard', that makes ACPI look like a brutally efficient paragon of elegance, and things tend to go downhill from there once a vendor gets their sloppy hands all over it...

Seem that the BIOS is locked to just MS products, no matter if all the hardware is supported under linux.

Couldn't get it to boot...unfortunately I'm one of those charlatans that made the fatal mistake of buying a computer with UEFI and no way to turn secure boot off (HP p6-2142), I can't get it to boot anything other than Windows 7, Ubuntu or Fedora. And I was hoping to use FreeBSD...

:-( Secure boot is a nightmare. On top of some UEFI bioses not having the option to disable it, another option is required to enable "legacy boot" mode; where "legacy" in this case means "anything other than Windows 8". Some bioses allow disabling Secure Boot, yet still don't have a "legacy boot" option. :-/

What I'm really dissappointed by is that some manufacturers (Lenovo, for one) don't seem to include anything about UEFI bios settings in their documentation for laptops they sell. I recently had to do an install on a Lenovo P500, and on this box getting into the UEFI bios requires pressing a separate tiny button on the side of the laptop while the laptop is off. See the text on Page 20 and the diagram on Page 5 of the following document (which doesn't ship with the laptop):

      http://download.lenovo.com/consumer/mobiles_pub/ideapad_z500p500_ug_v1.0_july_2012_english.pdf

Matthew Garrett has a signed "shim" for Grub which the other distributions which will let them boot even when the "secure boot" option is enabled; so OpenSuSE will have this solved soon. Hopefully Debian soon will as well.

      http://mjg59.dreamwidth.org/20522.html

A scene from the Oscar-winning movie, The Socialist Network:

The USSR national anthem plays in the background as Mark Zuckerberg, wearing a star-pinned beret and a Che Guevara shirt, reports to the Politburo in an awful fake Russian accent.

"The ten year plan is working, Comrades. The capitalists give us all of their personal information, and when the signal comes we can round them up and deport them to the re-education camps. Then our glorious doctrine shall rule the world! Ha ha ha ha ha!"

The Linux kernel isn't the only piece of copyleft software. I've already explained why it has been so successful - in spite of its license. In every other software category, copyleft projects are gradually losing market share to copyfree ones.

Google has many reasons to regret going with Linux for Android / ChromeOS instead of investing into something like FreeBSD or NetBSD, which needed more polishing on mobile platforms, but they needed a kernel quickly. It's only a matter of time until a specialized genuinely free alternative to Linux becomes good enough, and the industry will very easily switch. Most Android / ChromeOS users won't know the difference.

--libman

2. Mandatory. Secure Boot must ship enabled Configure UEFI Version 2.3.1 Errata B variables SecureBoot=1 and SetupMode=0 with a signature database (EFI_IMAGE_SECURITY_DATABASE) necessary to boot the machine securely pre-provisioned, and include a PK that is set and a valid KEK database. The system uses this database to verify that only trusted code (for example: trusted signed boot loader) is initialized, and that any unsigned image or an image that is signed by an unauthorized publisher does not execute. The contents of the signature database is determined by the OEM.....

I don't think I need to go over the sometimes downright contradictory nonsense within that document. Frankly, it looks as if a great deal has been tacked on to that document ad-hoc without seemingly little thought. As I've said, there is no way an OEM is going to write code for a key database and it shows the difference between specification and implementation. It's already started:

http://mjg59.dreamwidth.org/20187.html

Besides, we're getting somewhat off the beaten track. We are referencing a MSDN document here where Microsoft tells everyone what will and will not run on hardware. That is the problem here.

How isn't this sufficient?

It's not sufficient, because it doesn't solve the problem.

The problem is that MS's implementation of secure boot allows them to control what can and cannot boot on a device.
It is entirely at their discretion.

This is already in practice with the surface tablets
See Mathew Garrett's recent blog post
http://mjg59.dreamwidth.org/21189.html

As you can see, locking out other OSs is already in place for the Surface tablet, which is unable to boot any other system (even with the boot-loader shims done by RedHat, Ubuntu and the Linux foundation.)

Billions have been wasted rewriting the same code ... just to avoid proprietary restrictions, too.

But that code has not been published, and not hypocritically called "free software", enjoying publicity benefits as such.

If someone writes a piece of code that looks suspiciously similar to Microsoft code (that has not been leaked), s\he isn't under threat of legal action, because s\he had no access to the code. But if someone's code is similar to something released under GPL, then this is a problem. Since code follows similar patterns, more and more of the programming noosphere is gradually being locked up under copyLEFT restrictions, and thus more and more people can become subjects of legal threats.

People who want to use copyleft code only have to release their changes, it's not such a big deal...

Except for the people writing under copyFREE licenses (or "public domain" code). FreeBSD had, in effect, recently put adding new features and optimizations on the back burner, so its best minds could focus on rewriting components that are GPL.

Irrational use of violent force, which is what GPL is ultimately backed by, is always a "big deal". Today this violence may get you what you want, forcing others to publish their code against their will, but tomorrow the guns of state will inevitably turn to less sympathetic endeavors. The only way to control this force is through a rational set of principles - initiating aggression is just as wrong when it benefits you as it is when it harms you.

From the point of view of the software ecosystem, I'd say that the GNU toolchain has given birth to what I consider the most successful open-source project ever, namely Linux (probably a billion-dollar success overall), mostly under the GPL. From an industrial point of view, copyleft hasn't harmed Google too much, and Apple is definitely not a model for free software.

As explained in my earlier posts (read that whole comments tree), Linux being more popular / better than BSD UNIX did not come about as the result of any benefits of GPL - to the contrary, it had been swimming against the current. CopyLEFT does produce very real harm, as is evidenced by the fact that copyFREE projects are gradually leapfrogging copyLEFT ones. Apple's choice of PostgreSQL over MySQL is perfectly understandable. You may not consider Apple "a model for free software", but they have made very significant contributions to FreeBSD, LLVM, WebKit, etc.

Google was actually reluctant to choose Linux over a permissively-licensed alternative like Free/NetBSD as the basis of Android / ChromeOS, but Linux was already ahead on ARM, had better drivers, and was more popular with the devs. Like I said, Linux had managed to success in spite of its copyLEFT license, not because of it. Google chose a copyFREE license for every single FLOSS project that they themselves had started, but replacing the Linux kernel simply didn't make financial sense - so far... But they are experiencing plenty of GPL-related headaches, and would probably be even more inclined to avoid it in their future products.

The GNU Project's only advantage is that it was started all the way back in 1983/4. Linux was usable in 1991, and went viral with distros like Slackware and Debian in 1993. FreeBSD did not get rid of the AT&T lawsuit FUD until 1994, when the train has already left. (And it didn't become purely copyFREE until 1999, when the obnoxious advertising clause was finally removed from the license.) Sometimes the cost of switching to a whole different OS outweighs the drawbacks of sticking with a copyLEFT OS, and so L

To this I would add: act as a pure computer monitor. When I hook up a computer to a TV via a DVI-to-HDMI cable and it looks like crap because of overscan I get all stabby.

But other than that, yeah, make it as dumb as possible. My parents' TVs lasted DECADES. I don't want to have to get a new one every five years because DivX/Zune Store/PlaysForSure*/Hulu/Netflix is gone.

* best. name. ever.

Linux Foundation approach to Secure Boot
James Bottomley just published a description of the Linux Foundation's Secure Boot plan, which is pretty much as I outlined in the second point here - it's a bootloader that will boot untrusted images as long as a physically present end-user hits a key on every boot, and if a user switches their machine to setup mode it'll enrol the hash of the bootloader in order to avoid prompting again. In other words, it's less useful than shim. Just use shim instead.

Further UEFI bootloader work
A couple of people have asked whether we're planning on implementing the Linux Foundation approach of simply asking the user whether they want to boot an unsigned file. We've considered it, but at the moment are leaning towards "no" - it's simply too easy to use to trick naive users into running untrusted code. Users are trained to click through pretty much any security prompt that they see, and if an attacker replaces a legitimate bootloader with one that asks them to press "y" to make their computer work, they'll press "y". If that bootloader then launches a trojaned Windows bootloader that launches a trojaned Windows kernel, that's kind of a problem. This could be somewhat mitigated by limiting this feature to removable media, and we're seriously considering that, but there are still some risks associated. We might just end up writing the code but disabling it at build time, and then anyone who wants to distribute with that policy can do so at their own risk.

Linux Foundation approach to Secure Boot
James Bottomley just published a description of the Linux Foundation's Secure Boot plan, which is pretty much as I outlined in the second point here - it's a bootloader that will boot untrusted images as long as a physically present end-user hits a key on every boot, and if a user switches their machine to setup mode it'll enrol the hash of the bootloader in order to avoid prompting again. In other words, it's less useful than shim. Just use shim instead.

Further UEFI bootloader work
A couple of people have asked whether we're planning on implementing the Linux Foundation approach of simply asking the user whether they want to boot an unsigned file. We've considered it, but at the moment are leaning towards "no" - it's simply too easy to use to trick naive users into running untrusted code. Users are trained to click through pretty much any security prompt that they see, and if an attacker replaces a legitimate bootloader with one that asks them to press "y" to make their computer work, they'll press "y". If that bootloader then launches a trojaned Windows bootloader that launches a trojaned Windows kernel, that's kind of a problem. This could be somewhat mitigated by limiting this feature to removable media, and we're seriously considering that, but there are still some risks associated. We might just end up writing the code but disabling it at build time, and then anyone who wants to distribute with that policy can do so at their own risk.

Linux Foundation approach to Secure Boot
James Bottomley just published a description of the Linux Foundation's Secure Boot plan, which is pretty much as I outlined in the second point here - it's a bootloader that will boot untrusted images as long as a physically present end-user hits a key on every boot, and if a user switches their machine to setup mode it'll enrol the hash of the bootloader in order to avoid prompting again. In other words, it's less useful than shim. Just use shim instead.

Further UEFI bootloader work
A couple of people have asked whether we're planning on implementing the Linux Foundation approach of simply asking the user whether they want to boot an unsigned file. We've considered it, but at the moment are leaning towards "no" - it's simply too easy to use to trick naive users into running untrusted code. Users are trained to click through pretty much any security prompt that they see, and if an attacker replaces a legitimate bootloader with one that asks them to press "y" to make their computer work, they'll press "y". If that bootloader then launches a trojaned Windows bootloader that launches a trojaned Windows kernel, that's kind of a problem. This could be somewhat mitigated by limiting this feature to removable media, and we're seriously considering that, but there are still some risks associated. We might just end up writing the code but disabling it at build time, and then anyone who wants to distribute with that policy can do so at their own risk.

I've been following this project for a while now, and it is going in a direction which I believe in.

thank you. i'm very encouraged to hear that.

I am getting tired of proprietary ARM hardware and software.

... you and me both. update from mjg on the Android-related GPL-violations situation of 18 months ago: it hasn't got any better. http://mjg59.dreamwidth.org/8991.html

Here's another link explaining some of the issues with getting thunderbolt to work.

See his blog post -

http://mjg59.dreamwidth.org/15948.html

As for "why try to do it?" - well, probably because liking Apple hardware and high-res displays does not automatically create a liking for XNU/Darwin. Some people prefer Open Source.

That does not mean, everyone now has to pay for the privilege of not having a great public resource destroyed.

What PUBLIC resource would that be? Which country are you in where you have some right to buy a computer which will run an OS of your choice? Why are you entitled to any such thing?

so I will never be able to do any development on locked-down ARM devices.

What a fucking lie. Go and buy any tablet running anrdoid. And do your "development". What development are you going to do thats ARM specific anyway? What great thing are you going to do?

  "But that other person might want to do ARM development.. therefore I can argue for him!"

Obviously, no amount of money I (or any company that I work for) would pay to Microsoft will ever convince them to trust me with such a key, so I will never be able to do any development on locked-down ARM devices.

Another lie. You idiot. Microsoft does not even come into this picture. I was talking about paying motherboard vendors and creating infrastructure for some linux community public key that will be used to sign bootloaders for all the distributions - if they want to. This is purely business. You idiots want to purposely lie, cheat, and mislead and cause fake confusion as usual to make it about microsoft when it has nothing to do with them. You morons don't even understand what it is you are frothing at the mouth for. And what the fuck is this "extortion" "master" crap? Stop doing drugs dude..

http://mjg59.dreamwidth.org/12368.html

An alternative was producing some sort of overall Linux key. It turns out that this is also difficult, since it would mean finding an entity who was willing to take responsibility for managing signing or key distribution. That means having the ability to keep the root key absolutely secure and perform adequate validation of people asking for signing. That's expensive. Like millions of dollars expensive. It would also take a lot of time to set up, and that's not really time we had. And, finally, nobody was jumping at the opportunity to volunteer. So no generic Linux key.

In short, after earning billions of dollars from Linux based services these fucking companies cant even do this - Like I said. they are fucking parasites. Microsoft meanwhile is spending their own money so that their customers can install their product and use secure boot feature.. if they want to.

Its amazing that you can lie so boldly when this whole secure boot has been already exposed as a non issue but linux trolls want to again and again.. make it about big bad evil microsoft vs poor oss developers.b

No, the signing authority is *Verisign*. They're getting the money from Canonical and Redhat. They went to Microsoft because they want to use Microsoft's key, so no keys need to be added by the user to install on a Windows 8 system. They both had other options including signing with their own keys, but that would require the user to add them. This blog post from Red Hat details the different options and their shortcomings, and why signing with Microsoft's key is ultimately the best bet for the time being, namely: "it's cheaper than any realistic alternative would have been. It ensures compatibility with as wide a range of hardware as possible and it avoids Fedora having any special privileges over other Linux distributions."

"That's a nice 3-page essay (double-space I presume), but it doesn't change the fact Canonical and Redhat were forced to buy a license *from Microsoft* or else their OSes would not run."

That's still not a fact. We were not forced to buy a license. We had several options, which Matthew outlined way back at the start of this whole saga, in this blog post:

http://mjg59.dreamwidth.org/12368.html

Specifically, the paragraph headlined "Getting the machine booted". It mentions the other options, including "the possibility of producing a Fedora key and encouraging hardware vendors to incorporate it" and "producing some sort of overall Linux key". There is also the obvious negative possibility of simply not signing anything at all; this would require users to disable Secure Boot in the firmware before installing Linux, but it doesn't prevent them from doing so.

Both Fedora (note, Fedora, not RH; RH does not necessarily always follow what Fedora does) and Ubuntu had several choices and _chose_ to go with the Microsoft signing service as the 'least bad' option (well, Ubuntu will also be self-signing, for OEM preloads). The fact that we are _choosing_ to get our releases signed with the Microsoft/Verisign key does not imply that we were _forced_ to do so. We _choose_ to do so on the basis that it'll provide the maximum possible success rate of Fedora installs with the minimum amount of work. We could have chosen to self-sign, or not to sign at all, and ask users to disable Secure Boot or import our key. We decided not to do so.

"Problem si that peope like YOU seem to think corproatuions never od anything wrong"

This is an absurd stretch. You appear to be implying that anyone who suggests that a corporation might ever do anything at all that is _not_ wrong, must therefore believe that a corporation can _never_ do anything wrong. This is clearly ridiculous and false. You also mistake my opinion that Microsoft's actions are _not illegal_ for an opinion that they're _right_. These are not the same thing at all. I have carefully refrained from stating in public any personal opinion on the Rightness or Wrongness, from an ethical/moral standpoint, of Microsoft's actions. This is intentional. What I have said several times is that I don't believe the actions can successfully be characterized as _illegal_. Not everything that's wrong is also illegal. But if something is wrong/bad but not illegal, then you can't defeat that something through the courts. This sub-thread was prompted by someone saying that RH and Canonical should have chosen to prosecute or sue Microsoft. My point is that this is hardly a viable option if the suit would fail.

Seriously... I read the article the FIRST time this UEFI news was posted from http://mjg59.dreamwidth.org/12368.html, when it was regarding Red Hat, and the edit was already made back then. The money does not go to Microsoft! Why are people still saying this?
It is very misleading to write "Similar to Red Hat paying Microsoft to get past UEFI restrictions" when it is really not the truth.

"Microsoft will be offering signing services through their sysdev portal. It's not entirely free (there's a one-off $99 fee to gain access edit: The $99 goes to Verisign, not Microsoft - further edit: once paid you can sign as many binaries as you want)"

my bias: I have Linux on all of my systems, no MS OS around here. Please, stop the inaccuracies and write what is true.

Did you read? the firmware must be signed, and the hardware will only allow updates if it is trusted

Red Hat's approach, as the other Slashdot story states, is to have a first stage bootloader load and verify GRUB, and then GRUB loads and verifies Linux, and then Linux loads and verifies modules. This works if you run an official kernel with all official modules but not, as that story's featured article mentions, with "out of tree drivers". If you need to compile a kernel module from source to support hardware whose driver isn't yet in the mainline kernel, then as I understand it, you can't load such a module into a securely booted kernel without paying the $99 VeriNorton tax.

They are going out of their way so you can run Fedora on the new hardware. And you want to ditch them because of it? Remind me never to buy you a beer.

They went out of their way to avoid exploiting Red Hat's privileged position with OEMS to gain an advantage over other Linux distros:

We explored the possibility of producing a Fedora key and encouraging hardware vendors to incorporate it, but turned it down for a couple of reasons. First, while we had a surprisingly positive response from the vendors, there was no realistic chance that we could get all of them to carry it. That would mean going back to the bad old days of scouring compatibility lists before buying hardware, and that's fundamentally user-hostile. Secondly, it would put Fedora in a privileged position. As one of the larger distributions, we have more opportunity to talk to hardware manufacturers than most distributions do. Systems with a Fedora key would boot Fedora fine, but would they boot Mandriva? Arch? Mint? Mepis? Adopting a distribution-specific key and encouraging hardware companies to adopt it would have been hostile to other distributions. We want to compete on merit, not because we have better links to OEMs.

Implementing UEFI Secure Boot in Fedora

This probably explains your video issue.

Matthew Garrett recommends against (natively) running Linux on Macs and as he is one of the developers active on Linux EFI/UEFI related stuff that would be required to natively boot Linux on a Mac...

Matthew Garrett recommends against (natively) running Linux on Macs and as he is one of the developers active on Linux EFI/UEFI related stuff that would be required to natively boot Linux on a Mac...

If the Android version doesn't have a (securely) locked bootloader too then yes you will be able to

Well with the prevalence of Microsoft's "solution" they may simply swap Microsoft's keys for their own and install Android.

it is required that the OEMs provide a mechanism to install alternative operating systems.

Except there's no standardization or automation to allowing a user to safely and easily install an OS that isn't already listed in the key storage. Check this writeup once the site is done protesting SOPA/PIPA to see how.

Where did they say that? What I read in all the excerpts was that the competing OS needed to built according to the rules that Intel defined when they defined UEFI secure boot.

That's not "impossible" - According to this, it should be possible. And this says it should take about a week's worth of work for any distro to support it.

That's FAR from "impossible".

This is precisely what any sensible company is doing. We have Sun Java 6 on Linux (and I've even rolled a deb for internal use), but we'll be starting testing on OpenJDK 7 as soon as we've finished the migration we're in the middle of.

How to handroll a .deb of Oracle JDK 6u30. We are using the result in production at work on Ubuntu 10.04 server.

The problem is with the OEM's themselves, but they have little incentive to lock out all the systems.

And yet they've done it before, when in order to reduce costs many OEMs started shipping hardware that heavily relied upon CPU processing and device drivers (remember "WinModems/Printers/Scanners"?), instead of on-board processing. Such devices were significantly less expensive to manufacture, but generally only ever had Windows drivers available from the manufacturer. Users of other OS's (BSD, OS/2, Linux, and even DOS) were generally locked out of making use of these devices and features (in some cases, even Windows users have had problems when older drivers wouldn't work in newer Windows versions, with no new drivers ever having been made available. A family member ran into this with a software-driven scanner they had purchased inexpensively; drivers were only ever made for one version of Windows (either 98 or ME), and it stopped working when they upgraded).

The OEMs didn't care one whit that Linux and OS/2 and other non-Windows users were locked out of using those functions of their systems -- they design the systems to work with Windows, and that was all they supported, and the fact that it saved them a lot of money was the overriding concern.

Microsoft knows what they're doing here, and I think alternative OS users have a lot of reason to complain. Yes, Microsoft isn't preventing any Windows 8 logo program OEMs from providing the option to switch off the secure boot option, but they're not making it mandatory either. They know that the really low-end/bargain OEMs are going to do the absolute least amount of work to get a Windows 8 logo'd system up and running, and probably won't offer this option (as it's not mandatory for the logo program, and will reduce QA costs on their end). True, in the end it's really these OEMs that will be at fault, but Microsoft could have at least held out an olive branch to the computing community to make it mandatory to have this feature disable-able as part of the logo program. But they didn't.

(And before anyone claims again that no OEM in their right mid would do this, first re-read the above mention of WinModems, and then check out this summary of the situation. Note on page 2 the mention that they are already aware of at least one unnamed OEM who is planning on NOT providing a way to disable SecureBoot).

That's going to hurt the cost-concious segment of the Linux community -- currently one of their big arguments against the only other major consumer UNIX-based system (Mac OS X) is they they can buy a $300 beige-box with more CPU power than a comparable Mac and throw Linux on it. Once those ultra-cheap systems are only capable of booting Windows 8, the savings proposition of Linux desktops is going to change. I don't see it happening any time in the near future (as I suspect motherboard manufacturers aren't in a big hurry to stop supplying BIOS based systems), but once legacy BIOS based motherboards are gone and everyone is selling UEFI based boards, Microsoft is going to be able to lock people buying systems from the major OEMs into running only Windows on those systems.

Interestingly enough, the one consumer systems company that already ships every system with UEFI enabled is the one that is least likely to pursue a Windows 8 logo program -- Apple. No word yet on whether or not they're looking to pursue the SecureBoot UEFI extensions for use with OS X, however as they already provide BootCamp for multi-booting, I'd assume they would at least still support the booting of alternate OS's (as I also don't see Microsoft handing them their SecureBoot keys without them agreeing to the logo program -- why would they?)

Could Apple wind up being the bastion of multi-boot freedom? Wouldn't that just turn some peoples world-views upside-down!

Yaz

Microsoft have a dominant position in the desktop operating system market.

Why is it Microsoft's responsibility to get keys other than its own installed?

It is, for the same reason MS was forced to offer some choice for the Internet browser in Europe, remember ?

Oh wait, because Microsoft is the big, bad guy?

Big guy: yes, again we are talking about dominant position and its consequences, which lead to more power and possible abuses, thus the bad guy. Don't you remember some MS abuses?

Here's a few points I noticed: [...]

Add to those points: the dominant position of Microsoft. It should help a lot to understand Garrett's answer

I read the articles attached to this Slashdot story, and my impression was that Microsoft could use UEFI secure booting to make it much harder for PC owners to install Linux alongside or in place of Windows. Red Hat develoer Matthew Garrett explains: "Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled. [...] A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux."

Secure boot is bad. What is mysterious about that? If you want to understand more, related to booting Linux, read these. UEFI secure booting x86 EFI boot stub

It seems that EFI may not be the brilliant thing that it is supposed to be. Somebody doing a lot of work involving it blogs here - http://mjg59.dreamwidth.org/ - and there are lots of depressing things to read there. To quote from the page:

> It's an awful thing and I've lost far too much of my life to it. It complicates the process of booting for no real benefit to the OS. The only real advantage we've seen so far is that we can configure boot devices in a vaguely vendor-neutral manner without having to care about BIOS drive numbers. Woo.

except that porcupines are allergic to raisins...

The craggy looking dude is the JPL integration manager. The demilobular fellow is the Lisp programmer in training.

So I am told: "For paying customers, you get nearly nonexistent, abysmal customer service."

G+ is a disaster at any point where customer service is required. There's a reason for this.

Yes, NIH, apparently.

You are entirely correct. See Matthew Garrett's blog for the icky details of EFI on Linux. He makes this hideous piece of shit work for a living.

My only question is when will Strawberry Perl 5.14 be released?

Strawberry Perl 5.14 may wait for 5.14.1 in a month.

For example, Harper-Collens has put a limit on how many times a library can use a copy of an ebook http://ebooks.dreamwidth.org/32051.html The book can only be circulated 26 times before the DRM license runs out.

This is outrageous and stupid. If possible, boycott all their products.

Not unreasonable? Lies. Utter lies. The US's immigration system is nothing but unreasonable. I've learned this since I've been looking at leaving this country and moving to the UK, and their immigration system is very straightforward. "Got a degree? Speak English? Either a skilled worker or a student or a nanny? OK!" It's a simple points-based system. You get enough points, you're in. It takes a few months, tops. 3 years there and you can apply for permanent residence (which they call indefinite leave to remain).

The US? Have a read of this post by a woman whose fiancee is trying to move to the US to marry her. If you are a child, and your parents have permanent residence here, you have to wait 5-7 years to get a green card. Ditto if your husband is a permanent resident. How could you deal with 5-7 years away from your spouse? If you're 18 and your parent is a permanent resident, maybe you'll see them again in 14 years. Unless you're married, in which case, screw you.

No, the US's immigration system IS NOT REASONABLE. It is not fair. I'm left wondering why the hell anyone would want to move to a place whose laws are so clearly built on hate for foreigners.

Posted as AC because session cookies seem to be FUBAR. I login, and it goes to the front page instead of back to comment screen. I go to the comment screen, and it shows me logged out again. Argh. Dear /.: stop breaking!

Are you seriously going to sit there and argue that open source is a sheer meritocracy with a straight face? Okay. Here are 4 examples:

• Ruby on Rails sexism.
• Mark Shuttleworth refers to Linux as being “hard to explain to girls”. Ensuing flap is brutal.
• DrupalCon Paris homepage objectifies women. Although to be fair, the organizers made changes in response to pressure.
• Stallman refers to EMACS virgins, specifically "women who had not been introduced to EMACS" along with the advice that "relieving them of their virginity" was some sort of sacred duty for members of "The Church of EMACS".

That's the result of a 5 minute google search.

I think the lack of female involvement in projects is actually the cause of the sexism, not the other way around.

So maybe if more women actually bothered to get involved, it wouldn't be considered an all boys club and comments like these wouldn't be made.