Slashdot Mirror
How Microsoft Can Lock Linux Off Windows 8 PCs
Julie188 writes "Windows 8 PCs will use the next-generation booting specification known as Unified Extensible Firmware Interface (UEFI). In fact, Windows 8 logo devices will be required to use the secure boot portion of the new spec. Secure UEFI is intended to thwart rootkit infections by using PKI authentication before allowing executables or drivers to be loaded onto the device. Problem is, unless the device manufacturer gives a key to the device owner, it can also be used to keep the PC's owner from wiping out the current OS and installing another option, such as Linux."
So it isn't really Microsoft that can lock you out, it's device manufacturer. Likewise they could lock you out of Windows if Linux was the OS that came with computer. Why don't we see a headline like "How Linux Can Lock Windows Off PCs"? Oh right, this is slashdot. We're here to bash Microsoft.
Boot rootkits are a real problem. Microsoft is improving security here. In fact, Linux has had the capability to use (U)EFI for years. Now Microsoft is just making it default in their system, because quite frankly most people aren't that intelligent with computers and the OS needs to decide some security for them. It's funny how in other news Microsoft gets bashed for bad security, and then in other news they get bashed for implementing those security features.
If you don't get the key when buying your computer, complain to your manufacturer. It's their fault. I don't know why you're buying a computer with Windows to begin with if you're going to install Linux anyway, you're just throwing away money. And nowadays there's lots of computers available without Windows, or you can just build it yourself.
Maybe future versions will come from the app store, like with macos.
http://michaelsmith.id.au
Buyer Beware.
-- I ignore anonymous replies to my comments and postings.
I'm sure that's really going to stop linux nerds from doing what they do... which is installing linux on anything and everything.
This will be cured by a boot disk, ala iBoot.
As long as the upgrade is signed, why would that be a problem? This is like tivoization for PCs, they can upgrade but nobody else can modify it.
Live today, because you never know what tomorrow brings
In my opinion neither the title nor the article are overly sensational as claimed by you. While it is technically true that the device vendor does the lock out, this is nothing more than a smoke grenade tampering with the truth.
The fact is that Microsoft will require the manufacturers to support this technology if they want to sell devices on which windows will run. Even more the fact is, that this means that they will have to include keys by Microsoft which will prevent the device from running unsigned code like Linux.
And while it is still a rumor it can probably be taken as a fact that disabling this feature (if made possible by the manufacturers) will likely cause Windows to not start because this is what malicious software would do as well and allowing this would circumvent the security improvement.
So cut the crap. Yes, it will be the device manufacturers who will effectively bring this restriction into life. But it will be Microsoft who forces them to do so.
SUEFI can be set to lock out everything but a given set of trusted hashes(which would indeed preclude any updates of the existing OS) or it can verify the signature of something against a set of trusted keys before loading it.
Outside of a few embedded applications, I'd assume that the latter would be the one that sees more general-purpose-computer use. OSes get patched and updated all the time; but so long as the vendor signs the update the way they signed version n-1, everything will just work...
Because it is anti-competitive. Unless the device manufacturers want their PCs and mainboards to be barred from being sold in the EU, they better find a way to make Linux installation possible.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
From one of TFAs
This reminds me of the way keys are used to protect DVDs and we all remember what happened.
Ten years ago, "Trusted Computing", or whatever it was, was sort of news. And it was not unexpected back then either.
But PKI isn't going to be enough, really. They're going to have to find some people to make examples of and sic the lawyers on 'em.
Of course, real security, in the form of a physical switch, is too simple, and too easy for the owner to, well, switch.
Wow the masses, cow the masses.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
Sorry I can't find any references but I remember a few years ago the RIAA said they wanted something like this. They used their usual dishonest wording and said something like "equipment should not allow the installation of any systems that allow the circumvention of DRM".
...to enable or disable this. If you buy a name brand machine, then yes, you might expect it to be locked down, so if that is the case, then the Linux crowd will simply stick to machines they build themselves, or have built for them that are not locked down. Simple solution really.
Maybe they can stop dual-booting, but what VMs?
Now that we can buy 8gb of ram for about $40; just run win8 in a VM.
Ten years ago this might have been a viable threat to Linux. Today, however, Linux is worth too much money to too many people for this to be used to wipe it out. At worst, it will mean that cheap hardware will be locked down.
I don't exactly see Apple having made many friends by doing that, so it seems entirely consistent to be against another player who is heading down the same path. Hell, forget Apple, the term "tivoization" has been a perjorative for the deleterious effects of lockdown bootloaders since well before team Steve started shipping any devices with them. The position that they are a Bad Thing has been largely consistent across vendors since that time.
Microsoft said they're trying to figure out how to allow users to dual-boot. In the //build/ video discussing the new Windows 8 boot process, the presenter said they were trying to figure out how to keep boot secure but still allow users to boot into Windows 7, since Windows 7 doesn't support this.
And if it works for Windows 7, it'll probably work for Linux.
Windows 8 logo devices will be required to use the secure boot portion of the new spec.
Totally not Microsoft's fault!
I'm sure Microsoft will encourage handing out these keys. No way they'd try to hinder distribution of these keys. After all, Microsoft are the good guys and would never do anything bad to hinder competition and increase their market share. Nossir, not Microsoft. They are saints!
MS wants to take advantage of UEFI, which has obvious benefits. Chromebooks work the same way, but we don't read any heated /. articles about it because Google is charmed and MS is "evil".
It is up to the device manufacturers to figure out a way to let the end-user ultimately take control of their own PCs. They could do that Chromebooks style -- a hardware switch -- or by distributing the key in a secure manner, such as mailing it to the owner's registered home address. Consumers who care about this issue should look for this feature in whatever device they purchase. What's all the fuss?
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
I believe you may be wrong on two counts:
1. Microsoft will most likely sign the code and OEMs will embed Microsoft's public key. The OEMs do have the option of doing the signing, but that option would prevent you (the buyer) from updating/re-installing Windows using non-OEM versions.
2. Microsoft seem to be mandating the trusted boot in order for devices to be certified as Windows compatible, so the OEMs have to go along or be left behind.
While I think the articles on this are inflammatory, I don't think it's as bad as you seem to make out.
As an aside, I've also read convincing arguments that Microsoft don't actually care about Windows on ARM, but just need an option to prevent OEMs installing Android/Linux/A.N.Other OS, much like they did on the Netbooks (hence Windows Starter edition). The theory goes that once Microsoft have an ARM compatible alternative, they're going to insist that OEMs offer ONLY Windows, in exchange for getting/not-losing discounts for Windows-on-desktop licenses. That would give Intel a bit more time to get Atom in to a ready state for tablets, and business as usual would resume. It sounds a bit silly, until you realise that Microsoft have actually done this sort of thing several times before -- it's in their DNA to utterly kill competition using these exact kinds of tactics.
Of course, I'm not actually an expert on any of this, but I have been around long enough to see similar situations play out many times in the past. Leopards and spots etc.
Windows will be very hard to pirate properly now.
Why is this great news?
Because now people who can't pirate will switch to Linux instead! :D
systemd is not an init system. It's a GNU replacement.
Hey, I ain't sticking up for Microsoft! :D
An individual lacks the time to investigate "the truth of the statements of the logic of the conclusions" fully for all statements ever made by all other individuals. So some people employ a heuristic based on previous statements that another individual has made. Those who do not apply heuristics such as ad hominem are vulnerable to ad nauseam.
Just like in the real world, security is a very convenient excuse for trampling over people's freedoms. While I don't doubt that eventually there will be some technical ways to circumvent this, it will be yet another barrier for "normal" people to try Linux. How many people would bother if you can't even boot a Linux live CD without having to flip a setting in the BIOS which will likely have some very scary security warnings about not doing so?
Alex, I'll take keybindings not used by Emacs for $400....
What about laptops?
The article may be somewhat excessively inflammatory, but it is important that people be made aware of this new practice so that they know to ask for the key when buying a PC. My suspicion is that most manufacturers will not give out the key by default, but will give it to you if you ask for it when you buy the PC.
The truth is that all men having power ought to be mistrusted. James Madison
I think that case happens really rarely.
Rarely > never. Once all home PCs come with this lockdown, companies like System76 that specialize in selling PCs specifically certified for compatibility with Linux will start to run out of compatible PCs to rebadge.
Unless the conditions to have the "right" to sell Windows require this. For so-called "security reasons", for example.
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
Why not have a GNU key which Windows will never trust as part of the firmware?
III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIII
...call my PC my trusted companion cube.
I fail to see how this new tech will become a problem. The hardware makers want to sell hardware. Given their already thin margins, it would be stupid of them to agree to limit their boards to any one particular OS.
That said, maybe Dell might try that in the name of security, but that is an end-product seller decision. There will always OTHER makers. You can buy new motherboards from the likes of Intel and Asus, build your own systems.
IF this conspiracy theory did come true, the number of lawsuits and investigations into unfair business practices would drown a the targeted company into oblivion. I guess that is one benefit to be such a litigious country now.
Bearded Dragon
This would be very unfortunate for Ubuntu which plans to increase their user base immensely or any new operating system attempting to make a splash in the market. I suspect the reason for this is that it is the easy way. Linux and Unix don't require this to run securely, yet are still secure.
Using a free OS would be.
But this time your hardware will prevent that. I once saw a small Apple computer with nice specs. It was actually that fact that I had to keep MacOS on it (disc space was not that large) to be able to reach the booting process that stopped me from buying it. I'm afraid that there just will not be any consumer-targeted computers anymore that will allow me to use the OS I want. Mind you, I already cannot buy a computer with the OS I want while having reasonable specs.
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
Then they get a device that doesn't require it. It's an OPTIONAL security addition
The article I read claimed that Microsoft might require this lockdown on all machines preloaded with Windows 8. The Network World article cites a Microsoft presentation with a slide stating that UEFI Secure Boot will be "Required for Windows 8 client".
Soulskill = timothy = kdawson?
= All slashdot editors?
Finally had enough. Come see us over at https://soylentnews.org/
Does this mean that you wont be able to install another version of Windows either?
Mainly because it never took off. Doesn't mean it wasn't scary, nor does it mean that it shouldn't be fought if it comes back for round 2.
Personally I'm waiting for the clipper chip idea to come back.
The iPad is not Turing complete. A machine that is Turing complete can run programs that calculate things that Apple prohibits programs submitted to the App Store to calculate.
that malicious software (windows)
There, fixed that for you. I think this was exactly what the article was about.
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
So a OEM can stop doing bios updates and that will = no more windows updates? or end up blocking updates that change the boot loader? So you will need a new system to upgrade to windows 9?
What about video card will you be locked in a small line of them? Just wait for dell to lock it down so you can pay $100+ the price of a video card on other on line stores from dell. What that new card that just came out BUY a new base system.
Will downgrading be locked out as well? IN enterprise use places are still on XP and are moving to windows 7 now.
Will you be locked in to the OEM windows ver loaded with pre instilled junk? And be locked out of doing a clean install from a windows install disk?
What about enterprise use where they don't want all that dell, IBM, HP crap on there systems?
What about booting to a imaging system? a boot cd / USB for recovering data?
Pardon me as I ramble.
As a guy in the phone support trenches for a certain OEM, I just have trouble seeing this work well for everyone.
I see often enough that businesses will buy a brand new machine with Windows 7 pre-installed, then blow away the OS load to immediately try to install Windows XP.
I have a hard enough time trying to teach these people that they NEED to include the Intel RST driver bundle in their image so that they stop getting STOP: 0x7B on their attempt to install or boot.
I have a hard enough time trying to teach these people that they need to make sure their image is aligned on the new Advanced Format hard drives that are going in some of the smaller form factor machines (usually it's a 2.5" drive), since they want to install XP on the damn thing, then complain a week later that the machine is very slow and almost unusable.
I don't speak to customers too often that aren't running some flavor of Windows, but the few I do run into seem happy when they get someone who understands the issue they've got, and will help them despite this OEM's general policy of not assisting with an OS that the OEM did not ship. These calls are usually large corporations that run Red Hat or SUSE or something else in their corporate environment, and prefer to pay for hardware support from the OEM I work for, just so they can have coverage for all of their users in nearly any country they visit.
Keeping that last bit in mind: An OEM that implements a lockout 'feature' that prevents an operating system other than Windows 8 from being installed had better have a backup plan that keeps businesses happy, or else they've just committed suicide. It's business sales, more so than consumer sales that keep OEMs going, because businesses buy big damn contracts. Piss off the big damn contracts, and you piss off your paycheck.
One of these days, I am going to flip out. When I flip out, I'll be back in five minutes.
Sure - make the key available
Good luck with that. If the key is available, malware installers can trick the end user into entering it as a prerequisite to see dancing bunnies.
did you even read what the human development index encompasses, you moron ? 'standard shitty for everyone' my ass. we are not talking about your average central european ex-communist state or the countries which got involved in right wing shit perpetrated from american corporatism like uk and france. we are talking about sweden, finland, norway et al. these top that index. these have been the 'most socialist' countries throughout last 80 years of their history. not the idiotic countries which switch in between right and left wing parties when they cannot get what they want from that or the other, and end up stepping one step back and forth.
in capitalism countries 'you can work to make your life better' ? WRONG. in capitalist countries, whomever has the most monetary power, works to make his/her life better AT THE EXPENSE OF YOURS.
http://sociology.ucsc.edu/whorulesamerica/power/wealth.html3
this is what happens in a capitalist country. 5% gets 72% of everything, INCLUDING the means to generate wealth, and the majority 85% get only a fucking 15%.
this was even before the 2008 crisis. its now worse in america.
capitalism eventually ends up as feudalism. the richer get more, including the means of wealth generation, and all the rest are obliged to do their activities on their turf. that happened in late roman republic, that happened in early medieval ages, that happened in late 19th century in america, and that will happen EVERY time you implement a dog eat dog system like capitalism. because, in a dog eat dog world, you eventually end up with one big fat dog. its a logical mechanic that cannot be averted.
Read radical news here
At least with capitalism countries you can work to make your life better.
Yeah, tell that to the millions of people stuck working in dead end jobs like Walmart and McDonalds. You can work and work and work in jobs like that and never get ahead at all. Guess which types of jobs are growing the much lately here in the US? That's right, McDonalds and Walmart-type jobs.
I know people with 4 year degrees delivering pizzas because there's no jobs in their field. They live at home and spend every dime they make paying off their ridiculous student loan debt. They worked their ass off and where are they now? The same place they were before, living at home working at Pizza Hut.
The people that champion capitalism as being the most fair have no idea how much luck is required to be successful in it. Hard work != success, at all. Succes != hard work, at all. If you think that's fair, then I suspect you're one of the lucky ones.
Be grateful for what you have. Here in the US if you get sick at the wrong time you lose every possession you have trying to fight it, and you are insured by companies that will use whatever means necessary to not actually pay benefits out, including every legal trick in the book once you try to sue them to hold up their end of the bargain, and to top it all off, we will soon be mandated to purchase this insurance! Yeah, the US is just so great...
They could always switch to Chinese MIPS stuff or something...
Alternately, maybe server hardware that's sold for Linux applications, stuck into a PC case.
Help me understand... all this does is provide keys and such... does it actually prevent anything from happening? My understanding of the tech is that it simply provides keys that allow the OS to know that it was booted cleanly and from the secure environment and also allows it to tell if the devices it's connecting to are really the devices they say they are and not rogue DLLs. Even if this system is in place, what's to stop Linux (or any other OS) from booting on the device and just ignoring the keys? Does the system itself actually prevent startup?
One thing that hasn't been mentioned is the fact that current PC's running Windows 7 or earlier don't have the UEFI bios and therefore can not be upgraded to Windows 8, assuming that M$ has made this an iron clad requirement. So unless the maker of your old PC offers a bios upgrade you are stuck with Win 7 or will have to buy a new PC.
Can you give a precise definition of "boot time rootkit" that does not include a competing operating system, along with a way for a computer to distinguish between the two? If I boot Linux and then run Windows in VirtualBox, is that a "boot time rootkit"?
You are telling me that this new instrument will stop from allowing anyone to install any other os other then MS at this time, because of new technology we are bringing out into the pc world? Is it related to the BIOS, because what I know about installations is that if you boot from a location (cdrom or usbkey) you can then install anything....so unless they are saying that the BIOS will not allow boots from other places other then the c drive and that they check with the os on the c drive first if you are allowed to reinstall, then I would have to say nay to this technology!
Agree that headline is over the top and inflamatory. At the same time, given Microsofts history of using the sort of tactics people are envisioning, I do see this ending badly.
As it stands right now, Microsoft offers price breaks to people who will sign a Microsoft only contract. I've been told that "we can't sell you a PC with no OS, we have a contract with Microsoft to include windows on every PC we sell."
I can definitely see Microsoft making deals/pressuring OEMs to not include the ability to install another OS.
Alternately, maybe server hardware that's sold for Linux applications, stuck into a PC case.
Good luck fitting server hardware into a laptop case. Or do you envision a future where desktops have x86 server boards and laptops are Loongson (sino-MIPS), and makers of non-free software can't provide a single binary that runs on both?
MS is thinking of REQUERING any device maker that wants to use the windows logo on their product to secure the boot process so no other system can interfere with it, it is MS making these demands, not the device makers. No device maker cares about what you do with their product but MS cares about people installing another OS on hardware.
And if you think everyone who runs their own software can afford to buy a key from a registar, you are just a dumb fuck Windows user trading security for freedom.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
We are not talking about mobile phones, this is about PC's and PC makers have traditionally not given a royal fuck what you install once bought their PC. MS cares, Dell doesn't. But if Dell wants to use the Windows logo, MS will make them care.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
It *is* the trusted computing that started years ago, which is now starting to bear fruits. Corporations just took a few years to get the public opinion used to lockdown, for example by planting increasingly closed gadgets in people's everyday life.
First they came for the smartphones...
Yeah, tell that to the millions of people stuck working in dead end jobs like Walmart and McDonalds. You can work and work and work in jobs like that and never get ahead at all. Guess which types of jobs are growing the much lately here in the US? That's right, McDonalds and Walmart-type jobs.
I know people with 4 year degrees delivering pizzas because there's no jobs in their field.
Why would you need to find a job? Make a good business plan or come up with an innovative idea, get some financial backing behind it and there's your success. That's what I meant with working hard, not some dead-end McDonalds job.
There's nothing, absolutely nothing stopping you from trying so. Except in socialist countries, where people have grown to know that the government will always take care of them and they can't improve their life standard much by trying to do new and innovative things, so they stay at status quo.
well said.
Read radical news here
It seems to me that the major Android manufacturers have been introducing unlocked bootloaders lately.
Don't thank God, thank a doctor!
Sure, proprietary OS vendors will take advantage of it, Apple not excluded; but, the BIOS has to go. The BIOS has gone from a great idea to a problem. It is unnecessary, slow, and an attack vector.
Having to work for a living is the root of all evil.
This is getting ridiculous. First the game consoles are locked down, then the phones, then the tablets and not they are ready to lock down the PCs too. How long did it take open source (Linux) to make headway? It never would have happened if this was in place.
I say, if this goes down, then a big "open sit-in" at Redmond is in order. It would be great, like a OSS conference/protest all wrapped into one. And it would send a a nice message to the rest of industry too!
:T:R:A:N:S:
Oh, for FUCK's sake, will you give it a FUCKING rest with the anti-swearing BULLSHIT. Don't like it? Leave. And spare us the FUCKING WHINING.
"make a good business plan or come up with an idea" right ..... i guess all the 85% of american people, including the ones who graduated from colleges, are morons to not be able to come up with such ideas ... its you, the first person to be ever able to think about that.
....
and the already established players in whatever field are just going to let you come up with your business or idea and topple them, because they are morons too
not.
reality doesnt work like it is told in make-believe econ 101 and econ 102 books.
Read radical news here
Why would you need to find a job? Make a good business plan or come up with an innovative idea, get some financial backing behind it and there's your success. That's what I meant with working hard, not some dead-end McDonalds job.
Oh, I'm sorry, I thought we were talking about reality here. You're right, everyone should just be an entrepreneur, what was I thinking?
There's nothing, absolutely nothing stopping you from trying so.
Well, except for that whole "lack of money" thing. Oh yeah, and a lack of time since you already work 2 full-time jobs just to continue living at a first world level. And the kids, yeah, we'll have our nanny take our kids off our hands for a few weeks while we hammer out a business plan and shop it around to investors (I mean, we all know venture capitalists, amirite?). If we blow off our annual trip to the Caribbean we should have enough to cover the mortgage and car payments for a month while we get our new business off the ground, and once the money from our business starts rolling in (it'll have to, there's no way a business could crash and burn!), we'll be on easy street!
You've been reading too much pro-Capitalism propaganda. It's a game, and the game is rigged...it has been for at least a hundred years.
And that could be a problem. More info:
http://www.itworld.com/it-managementstrategy/205255/windows-8-oem-specs-may-block-linux-booting?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+blogspot%2Fitworldvoices+%28Voices%29
Woops, posted anonymously. twasme... Anywa, as long as everyone implements this as an option to switch it off (highly unlikely), there's not a real problem.
Here's the secret to immortality:
Lets not forget that when the IBM PC first launched, the BIOS was the only proprietary component in there.
Only with the reverse engineering and clean room implementation from Compaq did we see the commodity home computer we now know and "love".
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
Read Also, pre boxed computers. The margins on pre boxed computers are so small that 10 minutes paying someone to remove the OS is going to eat almost, or all, all the profits off that computer. And this time could add up, if just 1 out of 1000 computer users asked it to be done it would still add up to days of payroll time, where writing a memo to blow smoke up the proverbial *** of the consumer takes 10 minutes and no one but the corporate goons would know it is blowing smoke.
Kosh: "Understanding is a 3 edged sword, your side, their side, the Truth."
I don't know about the rest of you, but we're getting closer and closer to the day that a desktop PC is considered a relic. For the vast majority of people, "mobile" is where it's at. I'm quickly realizing that for what I spend most of my day interfacing with a "computer", I can just as easily do it with an iPad, assuming I have the bluetooth keyboard.
Admittedly, for development, a PC is a requirement, but, these days, a lot of development can happen under linux, on a server that you ssh into, and again, I'm back at the iPad/keyboard as a "on my desk" solution.
More and more, I'm using my mobile devices as my primary connection to the internet, and less and less, the power-hungry, noisy, slow, crash-prone clunker sitting on my desktop.
If telephones are outlawed, then only outlaws will have telephones.
Un-expeced Finger Isertion ?
I run linux in a VM, till now happy with the performace. Why mess around with dual boot, grub,lilo etc?
For the same reason you don't run Linux and then Windows in a VM. Not everything works or is usable on a VM.
Stop trolling.
These posts express my own personal views, not those of my employer
I guess I was trolled before. Hope you have a nice day in your squeaky clean world.
Problem is, unless the device manufacturer gives a key to the device owner, it can also be used to keep the PC's owner from wiping out the current OS and installing another option, such as Linux.
I have a hard time believing that a PC manufacturer will not give an unlock key to a savvy tech user (which is the type that installs Linux). Unless I'm missing something here, this would not be different from me calling t-mobile to give me the unlock my Android phone and change SIM cards whenever I go to Japan (or anywhere else outside the US.)
Now, consider the typical Linux usage out there. There are plenty of trusty workhorses out there build with PCs and with Linux on them doing their job in different business settings (yes, not every Enterprisey Linux install runs on a mega-quad X-number core Dell box.) It would be very unlikely (I didn't say impossible, just unlikely) for OEM's to actually carry out a complete lock out of new hardware without providing any means beyond a phone call and a fill-form for a hardware owner to get an unlock key.
It would be another piece of red tape, an inconvenience of course. But I highly doubt that this will be a complete stopping roadblock to for installing a non-MS operating system in new hardware.
Then if the seller/manufacturer doesn't include the key, don't buy from them, and always remember to ask before buying... or build your own. :p
I'm not conceited, conceit is a fault and I have no faults.
This won't even stop rootkits -- rootkits will merely switch to messing with parts of OS that are not signed. What in Windows would be all of it except for a tiny bootloader, because they will have to allow third-party drivers, services and countless subsystems updates.
Contrary to the popular belief, there indeed is no God.
I have always thought that BIOS was fairly easy to use if you just read an article about it. I understand that microsoft is concerned about the "safety" of the computer, but i don't think that it should come at the cost of not being able to change the os
that's funny, because i found that when supplying people with GNU/Linux systems, they destroyed the O.S. and installed Windows XP on it. ok, they _tried_ to install Windows XP, but it turned out that there was something strange about the filesystem partitioning carried out by fdisk. the end-result was that these idiots ended up with absolutely no O.S. on their machines, because they'd destroyed what i'd delivered to them, and Windows XP would just sit there trying to do a "disk analysis", with the hard drive light spinning permanently. the solution turned out to be that they needed to completely wipe the front of the disk, to destroy the partition table. whoops...
We tried every trick on the planet to get a Mac Mini (current gen) to run linux and never could get it to boot. Which is too bad for them, because they lost sales. I had no trouble on previous Minis booting/running linux, and it was infuriating being locked out of the machine that way.
The real question is how people like Dell are going to handle it. And whether these machines can have multiple boot keys for multiple OS's.
Microsoft has never used arm twisting to maintain market share with hardware manufacturers?... Oh wait they're famous for it.
I'm thinking about doing the same. What will happen with the music, or the hardware connected to the thin client, like pen drives?
Hosting 20G hd, 1Tb bw! ssh $7.95
You are ignoring a large, third group of us. Those who think that lock-in by anyone is bad
I'm Erwin Schrodinger and I approve of this message, and I do not approve of this message!
I also dual boot Win7 and Fedora on this Thinkpad and Grub is the one in the MBR. However, I haven't succeeded in getting SP1 to download and install. Until now I just figured, "That's just Windows" and didn't care since I only boot it when I'm doing the 'well does this damned site even work on Win+IE?" test and that doesn't happen often anymore.
But I have been saying for a couple of years that while before Microsoft's future vision was to make the PC into an XBox that it changed recently. Now they are clearly back to chasing Apple's taillights and thus intend to make the PC into an iPhone/iPad. Windows 8 clearly has that goal, from the look, the walled garden, App Store, no Flash and now the chains. And these won't be cool designer chains that the elite can jailbreak anyway, these willl be nasty rusty and you will need shots after handling em. Just wait until the malware gets to take over and Norton won't have the keys to even run. No boot a Linux rescue disk to fix things or even try to save the data. Microsoft Hell(tm). If they could have pulled off this stunt with Vista they would have succeeded, but the OEMs just couldn't ensure delivery of TPMs and the corporate world rebelled at the.idea since Microsoft pushed it as a sop to the content industry to protect 'the precious' so they backed off. That was a mistake on their part, because their moment is past and I don't think they can get away with it now. There are things an 800 pound gorilla can get away with that a 700 pound one can't quite manage and Microsoft is now down just a smidge in monopoly power.
Democrat delenda est
>If you buy a name brand machine, then yes, you might expect it to be locked down, so if that is the case, then the Linux crowd will simply stick to machines they build themselves, or have built for them that are not locked down. Simple solution really.
Linux will never thrive in small businesses under these conditions - and that's where Linux is best suited to start, where people are very cost conscious but need flexibility and reliability.
Having to get specially built machines would be a chilling effect indeed.
don't be a spelling loser
Another MS shill that actually still believes that Windows has better driver support than linux.
I applaud the Linux developers for managing to support so much outdated hardware. But among machines less than six months old, this is the case. A lot of things on laptops occasionally require the use of Google and then editing config files as root before they'll work on Ubuntu. Examples of features that don't "just work" on a fresh install from the past two laptops I've owned have included Wi-Fi (Eee PC 900: had to use a wired connection to download, compile, and install a driver), Bluetooth, webcam, suspend (Inspiron 1012: one version of Ubuntu froze coming out of suspend due to race conditions and whatnot), and hibernate (Eee PC 900: coming out of hibernate would cause X to crash a few minutes later).
Or has Ubuntu become the wrong answer for Linux users?
Hi Anders, I didn't know Norwegian prisons let their inmates post to the internet.
The sad fact is, that microsoft was the great innovator in this space. IBM, who came before them, didn't allow any os but their own to use any hardware they produced, nor did they allow any competition on the hardware side of things. They were like apple's iphone business.
Microsoft is the reason that you can install alternative operating systems in the first place. Everyone else managed to blow themselves up, despite having a really strong opportunity. DR-DOS, Concurrent PC-DOS, CP/M, FreeDOS, PTS-DOS, ROM-DOS, Novell DOS, OpenDOS and I'm not even providing a full list here. Geos, PC/Geos, GeoWorks, MAC/OS, OS/2, Amiga/OS, BeOS, Iris, NextStep, RISC OS, Visi On... Microsoft openly competed with all of them and won, mostly on technical merit. Apple was one of the companies that used the courts to prevent alternative operating systems from becoming possible, and has always been openly hostile to competition. Along with that, Microsoft created the market for hardware innovations (my apologies to any lisp/c64/... machine addicts, but ... even you know what I man). You should give them credit for that, even if that credit mostly belongs to Bill Gates, and little claim can be laid to it by the current microsoft crew.
Microsoft is the canonical example of a company that faced lots and lots of competition and won mostly on technical merits.
Besides, I'm kinda starting to hate this anti-microsoft bashing. It's been years since I've used any form of windows on my own machines, or at work. There is no anti-competition behavior microsoft might be doing of that apple isn't doing 10x worse. Compatibility with iWork ? Just try it. Yet apple is not just forgiven for being anti-freedom, but actually revered for it. "A curated experience is better" and so on. And on apple machines, you really can't install the software you want, because there are actual, technical control measures in place that actually try to prevent it.
In this case, people are afraid of what microsoft *might* at some point, try to do. Great. Microsoft, today, isn't the problem. Apple is the big enemy of software freedom today. Microsoft is mostly becoming less free by imitating apple.
So please, let's shelve this discussion until apple has been broken up into a hardware business entirely separate from the software business. Including on the iPhone front.
I haven't seen this mentioned yet, so forgive me if it has been...
I just see this as a way to extort more fees for pre-configured machines. Say you order something from Dell, IBM, whatever... $20 fee to include a piece of paper with your PKI key, so you can install your own OS. This not only protects Microsoft, but has a potential to pad the margin for manufacturers, all while sticking it to the consumer.
Something witty.
If this is something MS can do, of course they will do it! Why even ask? The only glimmer of hope is that they're scared by some kind of anti-trust thing.
to mitigate the realms in which open source software can compete, but this is a very valid method of convincing developers that Richard Stallman was indeed correct, and that GPLv3 is a logical if not necessary path. many have said system builders will turn back to places like newegg and continue to build from components, but in all actuality many motherboard and component manufacturers are required to adhere to the microsoft doctrinal standard including i suspect ACPI obfuscation in order to attain certification. lockout could be considered a part of this to curb enthusiasts and ensure compliance another component microsoft may not be fully aware of is just how much Microsoft benefits from the open source ecosystem. Platforms such as wine, cygwin and samba are seriously pleasant things for many windows administrators and enterprises to have. What microsoft is doing may very well press these players into the GPLv3 realm.
lastly, did Linus think this might happen? that one of the worlds largest players in the tech industry, who determines what netbook OS acer ships and what chipset asus puts on their motherboard, would decide to kill linux by the very limitation torvalds himself championed as a right?
things like GPLv2 and 1 as well as the BSD licenses rely on good faith and to some extent corporate benevolence when faced with tricky things like source code in order to help them grow as a project, as loathe as some are to admit this. If Stallmans blobbed android argument wasnt enough to convince you of the necessity for GPLv3, then perhaps microsoft will force our collective hand.
Good people go to bed earlier.
MS have a history of doing bad things, they might claim its to combat malware when the real purpose is to reduce competition from Linux...
It's possible to implement a secure boot system while still allowing the legitimate owner to boot whatever OS they want, but based on past history MS would intentionally choose an implementation that makes Linux use harder.
Apple have not implemented any such system on their Mac line... They have on their phone/tablets, but phones were never open platforms to begin with... And speaking of which, windows mobile devices often have locked bootloaders, as does the xbox. Apple aren't taking away something that users already have.
Also Apple have not been found to wield monopoly control over any market by a court, for any product that Apple makes there is a viable alternative available from someone else.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Stopping dual boot or changing the OS by users would stop the market penetration by Linux. Maybe the knowledgeable Linux crowd might build their own computers but this is beyond the capacity of probably 99% of computer users. Market penetration by a competing OS would be stopped cold which is what MS wants. They want to stop the downward slide of Windows. Yes, Linux has a very small share of the OS market, but what about some new and different OS that is developed in the future. This would stop them from even starting. It's not just about Linux.
Most likely there will be a single key from Microsoft that MS will use to root sign and validate Windows 8 and future versions of Windows as well as device drivers and things and any Windows version they release will function on any UEFI chain-of-trust-enforcing PC. Same with drivers, any driver that is properly signed for Windows 8 should run on any Windows 8 system without breaking the chain-of-trust (same way driver signing for Windows 7 x64 works now or how driver signing for the Windows 7 Protected Media Path works)
Also, boxed copies of Windows will not require the UEFI chain-of-trust because if they did Microsoft cant sell Windows 8 as an upgrade from XP/Vista/7. I see no reason why boxed copies wont RUN on a chain-of-trust-enforced machine though.
For disk imaging tools and rescue disks and recovery consoles and such things (including forensic tools used by law enforcement) the manufacturers of such tools will simply get their tools signed so that they are allowed to boot without breaking the chain-of-trust (and are therefore allowed to access resources protected by the chain-of-trust).
Corporate users will be given the tools they need to build the Windows+Office+Outlook+Norton+whatever images that they are building now and deploy those images to the PCs whilst maintaining the chain of trust.
Oh and Microsoft themselves have said they want a solution to allow dual booting Windows 8 alongside Windows 7 and if you can boot Windows 7, you can almost certainly boot Linux (I doubt Microsoft would retro-fit the secure boot stuff into Windows 7)
Unless the key comes on a sticker on the pcb, don't buy these motherboards. Let them rot on the shelves.
Don't kid yourself. It's the size of the regexp AND how you use it that counts.
I must say you are not getting the way of the future here. There won't be any machines you can build yourself. The best and newest mobos will not support anything but Windows. You've been outmaneuvered - they've been working on this for over ten years.
Just as you can't shut off GPS tracking on your phone, or the mic for that matter, you will not be able to bypass the switch on the mobo. Try to deactivate it, and the encrypted embedded software will prevent the board from booting, period.
And remember this: any encryption on that subsystem will enable Microsoft to invoke the Digital Millenium Copyright Act against anyone who "breaks" the encryption. You might have rights to mod the hardware, but you have *no* right to break the DMCA and decrypt the bootup blocking software. This is a trap sixteen years in the making. Welcome to the future we warned you about.
This is about as good an idea as car manufacturers welding the hood shut on all their card so only the factory can repair the engine. This is the kind of analogy that needs to be really PUBLICIZED to the Big Box computer shopper.
A "DON'T BUY UEFI" campaign should be started NOW !
I toyed with UEFI boot on my Asus E35M1-M Pro. It more than doubled boot time for Win7 compared to forcing plain BIOS. WTF?
Eloi are stupid, throw morlocks at them!
Laptops?
Better idea -- stop buying PCs.
I mean SERIOUSLY. Current hardware is good enough that we can "skip a generation" and/or buy components directly, assemble our own PCs without restrictions (don't think the Chinese won't be supplying those) and install our own OS.
Maybe if we all "skipped this generation" we can cause our own storm of "Linux on the Desktop", send a strong message to MS and the big PC makers that we're not going to stand for this shit.
We have to vote with our wallets. That's they only way they are ever going to "get it". Otherwise, we will continue to have this crap shoved down our throats.
If telephones are outlawed, then only outlaws will have telephones.
Intel is planning on putting shit like this on ALL their chips as well using tech from the McAfee purchase. Just as you lose Internet freedoms in the name of copyright and child protection, we'll lose PC freedom in the name of anti-virus and malware.
And in both cases, the real bad guys will walk right around it, while we stand there in the virtual TSA line with a rubber gloved hand up our ass.
I8-D
System 76.
If an individual can't do those then why is he even posting?
If every poster were to spend the time and money to read the article and every source that the article cites, each Slashdot story would have about two comments. Say a story or comment relies on conclusions presented in an article in a scholarly journal, and the research wasn't funded by NIH or another organization that requires open access. Not all participants in Slashdot discussions are affiliated with a subscribing university, nor are they willing to pay $35 for pay-per-view access to the article. All they can do is guess, based on the news story, the abstract, and the sources of funding, at what was in the article.
Furthermore, you mention Xbox 360 and PlayStation 3 platforms. Video game console makers are known to use the genetic fallacy, which is effectively the same as ad hominem reasoning, when they assume that all video games developed by teams of individuals working at home are of such poor quality that they would tarnish the console's brand. Case in point: Nintendo's refusal to allow Bob's Game on its platform. This behavior has made me into a sort of home theater PC shill.
It seems bizarre that people think that MS would bother spending resources on trolling Slashdot
I don't think it's people acting on Microsoft's behalf as much as independent fans who at one time thought a Microsoft product was the best solution to a given problem and then decided to stick with "the devil you know".
Dont buy any computer with a Windows 8 logo.
Its not just linux that is blocked its also unsigned versions of windows.
Who makes all the generic motherboards we use?...China.
Who pirates software more than anyone else?...China
Do you honestly think the Chinese mobo makers are gonna make motherboards that wont run windows 7 (or pirated Windows 8)
No microsoft cant block their import... "No sir, these motherboards are made for running linux...not pirated windows!!!"
remember this term "Substantial non-infringing uses"
If this actually happens... I just won't be using Windows anymore. I don't need it anyway. Last time I logged into the Windows part of my laptop, was early July. That was just before I installed Ubuntu so I could have dual boot.
The fact you consider a simple word a 'swear' word is highly indicative of a poor education and a very weak mind.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Excuses are like butt holes. Everybody has them. "Oh my... I can't do X because of rich/capitalism/white man" BS. My next door neighbor is a single mother working two jobs and going to school to become a RN. She doesn't think working as a waitress it a good long term career option, so she is making the required changes in her life. Capitalism is all about how much you are willing to put into life. Period. Stop blaming society on your problems and do something about it. The USA is the great country it is, because of the entrepreneur spirit.
To say that the game is rigged, is correct... It's rigged toward those who work to improve their lives. Showing up for an 8-5 job M-F is not working hard to improve your life. You may be working hard, but if you don't go above and beyond, you won't improve. Somebody above mentioned 85% of the people must be morons... no, they are just stuck in their apathetic ways and want their comfort zone back. Once they wake up and do what it takes to improve their situation, our economy will start moving again.
Some days I get the sinking feeling Orwell was an optimist.
Which works as long as you don't mind giving up your Linux laptop or are willing to lug a desktop around with you when you go on vacation.
If it's implemented in a way that prevents people from installing other OSes on a computer, you can be pretty sure that there's going to be at least a few antitrust violations involved.
just install grub to an alternate partition and create a 512 byte file (linux.bin) of the first section of that partition(containing the bootloader). Copy that file to your C: drive and add the to the list in your windows NTLDR. Then configure windows ntldr to automatically load the grub option. I am currently doing this with win XP and I don't see why it wouldn't still work...unless they have eliminated the NTLDR too. It is essentially a variation of this method http://www.gnulinuxclub.org/index.php?option=com_content&task=view&id=138&Itemid=31
With both Apple and Microsoft dumbing down their OSes, I was expecting either Linux or a future upstart would take over the power user/content creator space. However if computers start getting locked down, using an alternative OS is no longer practical. If Apple and MS succeed in killing the PC as we know it, what alternative will people that have a use for proper full-power open general purpose computers have?
Are these companies really so short-sighted that they'll kill the creation-boom fueled by the general purpose computer for the sake of short term profits?
Never mind. That's a stupid question.
So here's my challenge to the community: I can explain easily why "activation" is a horrible idea (and, I note, the military has been one of the prime drivers for versions of windows which don't require it) but what I'd like to be able to better draw the line about is not "how is xyz technical issue bad for the military" which I regularly do, but "how does abc legislation encourage manufacturers to use xyz technical solution which is bad for the military." If we can get a good answer to that, its the sort of thing that would go great in a letter to, say, republican legislators...
A lot of the open source community is not a fan of the military-industrial complex. I understand why that's so, and, despite my job, even agree. But I would argue that on the issue of DRM, in many ways the military industrial complex could be a serious ally. I can speak of countless situations where DRM related issues have cost the government time, money and opportunity, and while probably many of you will argue that they don't care, in fact a lot do, and it makes a much better and concrete argument relating to the national interest why these things may be bad.... so even if it doesn
Well, the chips are available, and Clevo does make "server-class" laptops.
Alternately, consumer and business laptops will be locked down to Windows, iOS, and Android, enthusiast laptops will be luggables.
I'm reading this as "boot sector protection on steroids" - a security feature that could be disabled in the bios...
so just disable the feature, dban the drive, then install the free OS of your choice - or just go back to building your own computer ...
It ain't what they call you. It's what you answer to. http://mylyceum.us/
I see that the discussion here seems to only deal with how to buy a machine and install something other than Windows 8 (linux, Windows XP, whatever). But in my experience, most linux boxes started life as a Windows-whatever machine that was "cast off" by the user, and given to someone else who installed linux. I have three machines in my office, one bought recently with Ubuntu installed, and the other two cast-off machine that my wife used to use to run Windows ("for work" of course; she's actually a Mac fan and hates MS ;-). One is over 10 years old, and is still doing its job as our gateway/firewall/router system just fine.
The obvious interpretation of this is that a "used" computer couldn't be retargeted to a different task by installing a different OS. Only an OS approved by the original vendor would boot. If this is wrong, and there's a practical way to retarget an old machine that has this "security" feature, it'd be useful to have it documented.
One interpretation is that it's may not be intended solely as a "linux killer"; its primary reason may be a desire to kill any use of old machines, and force everyone to buy a new machine if they want a different OS. After all, the hardware vendor would have a strong motive not to approve such retargeting, and force customers to buy new hardware instead. This would apply to old MS OSs as well as linux or minix or itron or whatever.
Again, if this is wrong, rather than an "OMG, we're fsck'd!!!" rant, it would be useful to explain exactly how one might take an old, cast-off machine, and rebuild it with a new OS (of any sort). If this can't be done easily, then it's time for a rant, lots of publicity, and maybe a few lawsuits.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Ah, the "I know a person that can do it, so that means everyone can" argument. I know it well, I hear it a lot when talking to people about the cyclical nature of poverty and wage slavery. "[Insert name here] made it out of the ghetto and became a multimillionaire, that means that everyone in the ghetto is there by their own choice!" "[Insert name here] started in the mail room and worked his way up to CEO, therefore everyone can do it if they really want it bad enough!"
The reason why that is notable is because of the extremely long odds they beat to get where they ended up. For every person that made that climb from entry level to CEO, there are 99,999 that never made it beyond entry level, not because they were necessarily any less qualified or driven, but because they just weren't in the right place at the right time. You think the best man for the job gets promoted in today's business world? LOL
For every person that is able to make it out of the ghetto and become successful, there are thousands more that try just as hard and don't make it. Once social services get severely curtailed, if not axed entirely, due to this carefully engineered economic crisis, even fewer people will be able to make it. Are they all lazy? I mean, it certainly sounds like that's what you're saying, 85% of people are lazy. Couldn't it be that they're trapped in a dead end job because they lack the resources required to go out and get a better one? That's even ignoring the health care aspect, you know, the people that are stuck in a shitty job because they need health insurance for their sick spouse or child, insurance they will lose when they change employers. What should they do? Throw caution to the wind and bet on "making it?" Those with money can afford to take risks, hell, we just got done handing trillions of dollars to banks to cover the losses of their speculation. Those working at Walmart can not, and even if they could, you think a bailout is waiting for them?
If you're unable to see how much of this game relies on luck then you're either blind or willfully ignorant.
Games are not the only thing computers are used for. I don't even consider games when I make a purchasing decision.
I've fallen off your lawn, and I can't get up.
While I think the actual risk of the nightmare scenario happening is pretty low (*), there is one way the problem is being described, which is terrible.
A UEFI machine without known keys doesn't lock out Linux, it locks out the owner of the machine. That the owner might happen to want the penguin is almost irrelevant. You're talking about a scenario where people are buying combination locks from a manufacturer who doesn't tell the combination to the buyer. This is a bigger issue than Linux and should be described as such. Tell people you're talking about everything turning into iPhones and Xboxes. Inability to install Linux isn't the problem, it's an example of the problem.
That all aside, Microsoft is not going to make contractual agreements with manufacturers to withhold keys from users. They can't do that with opening up a can of inevitable government whoop-ass.
(*) except in scenarios where people buy their equipment from industries kind of "off to the side" from the manufacturer, like how most people (in USA) buy handheld PCs from their ISPs right now. Or I can see it happening with computers built into cars, for example. Shit like that.
I knew that; I was using a pedagogical simplification. When people say "Turing complete" of a physical computer, they really mean LBA-complete. Please allow me to rephrase:
The iPad is not LBA-complete. A machine that is LBA-complete can run programs that calculate things that Apple prohibits programs submitted to the App Store to calculate.
...and feed it to my Mac.
(waits a few)
Why, hello there, Linux OS.
Or, I can just double click on the Terminal icon and get a BASH shell.
Microsoft, why u no stop acting like a dick?
Guaranteed! This comment 100% Anthrax free!
Hmm... This is really disturbing... If it's true. Though like most of the other protection windows tries to put on their operating systems, I doubt this will be as strong as it's meant to be. I suspect it will be cracked a few months after coming out.
All the world's a CPU, and all the men and women merely AI agents
UEFI will only load a cryptographically signed bootloader. It doesn't care about your disk hardware.
If UEFI is mandatory on your system, this means that only people who have the private signing keys for the public key blocks in your BIOS will be able to produce a bootloader image that your BIOS will load. Microsoft will of course have one of these keys.
Even if UEFI is only the default and you can disable it, it has a chilling effect. People will not just be able to shove a LiveCD into their computer and try it out, unless the Linux distributor somehow manages to get a signing key into that UEFI EEPROM and sign their LiveCD bootloaders with it. Explaining to people that they just need to stick in a LiveCD or USB stick is easy. Perhaps you might get them to push F8 or whatever the key is to choose a boot volume. But get them to rummage around in the BIOS settings, and disable an option which probably has a red label saying "ooooo scary, security risk, don't do that!"? Much too much hassle for the average Joe.
The sad thing is, it's a useful tool. It IS useful for protecting against rootkits. It's probably a good thing for the average user that MS is pushing it. But it's dangerous to our freedom to do what we will with our computer, for exactly the same reason as it's useful - it serves to prevent unauthorized code running on your machine.
The question is, who holds the keys for the authorization? Even if you can load new keys into your UEFI, you obviously need a trusted OS to do it (or it would be a pretty worthless security feature). At it's simplest, you could type them into a BIOS screen (a block of checksummed text, perhaps). But if manufacturers don't roll this feature into their BIOS setup, then it's left to an OS that boots from storage. And of course, only a *signed* OS can do that in secure mode. Which means the people with signing keys in your BIOS get to control whether you can add more keys. So you may end up owning a copy of Windows just so you can "bless" your machines with a key for your chosen Linux distro... if this is permitted at all.
I don't think I will be able to convince the purchasing department at my work to buy bunch of bits and pieces and let me build my own laptop.
AccountKiller
Only in the US, that is. The rest of the world will happily hack, crack or otherwise disable this crap without second thought.
Besides, it only takes one (1) smart mobo manufacturer to realise they get all of the non-windows market when they don't include the pricey chips on their gear. They won't let that opportunity slip.
TL;DR version: DRM doesn't work. Never has, never will.
If you can toggle the thing on and off, that really defeats the whole purpose of it, now, doesn't it?
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
Big data centers which buy thousands of machines at a time to run Linux will insist on being able to do so. We'll certainly see rackmount machines that will run Linux.
Does the same hold true if Linux comes preinstalled and for some ungodly reason we want to install windows?
We show geeks how to get their dream girl at EyesOfOdessa.com
Comment removed based on user account deletion
I really think this decision is so retarded that it will cause Joe Public en masse to finally wake up and wean themselves off of their Windows addiction.
Hopefully enough people will vote with their wallets that Microsoft will be moved so far along their own path of self destruction that they will reach their goal early.
This story needs more aluminum foil and less content.
Oh, wait. No - it's already full of ridiculous paranoia and FUD. This is not going to happen, and you're retarded if you think it will.
I'm not real savvy with everything being mentioned here, but what if I buy a machine with Windows 8, and in a couple of years the better version of Windows 8 (which will be named Windows 9, right?) comes out and I wish to purchase Windows and upgrade my existing machine?
Will this not prevent, not only the installation of a Linux OS, but also ANY OS other than what comes pre-installed? And if so, wouldn't that work against Microsoft, since people are stupid enough to buy the next $200 version of Windows when it comes out, regardless of the quality, thus taking away a lot of revenue from Microsoft?
guys, this is just rediculous.
the article is plain wrong:
1) windows 8 will run fine on existing non-UEFI computers.
2) windows 8 does NOT require UEFI/PKI.
3) the only requirement here is for a new computer to get a 'built for windows 8' sticker on it, it must use the UEFI/PKI authentication.
it's about the sticker people, nothing else. if it has the sticker on it and you want to run something other than windows 8 on it, DON'T BUY IT!
Excuses are like butt holes. Everybody has them. "Oh my... I can't do X because of rich/capitalism/white man" BS. My next door neighbor is a single mother working two jobs and going to school to become a RN. She doesn't think working as a waitress it a good long term career option, so she is making the required changes in her life. Capitalism is all about how much you are willing to put into life. Period. Stop blaming society on your problems and do something about it. The USA is the great country it is, because of the entrepreneur spirit.
That's a delightful story up to the point where something outside her control goes wrong. Let her get sick and see how well that dream plays out. What sort of medical benefits package does a waitress going to nursing school have? All it takes is one such event and the "American Dream" can easily fall to pieces because the societal safety nets aren't sufficient to cover the sorts of problems that the majority of Americans run into. I truly wish that capitalism was all about how hard one is willing to work, but I'm not naive enough to think that's the case in reality.
Oh, and I wish your neighbor all the best, but considering that I know several nurses who have no trouble getting jobs but couldn't get a nursing job sufficient to pay for their student loans, I suspect her American Dream just might not have a happy ending, unless you count working two jobs (one of them as a nurse) to be success.
Virg
Issue 1:
The OS can be subverted by a rootkit:
The system is designed such that it is not possible to change the core of the OS, except by patches from the OS vendor. This could be used to pull off other dirty tricks, for example to install DRM that makes it impossible to output music in decent quality, unless the music player identifies itself with a key. One could imagine that this could also interfere with your ability to record your own music, e.g. a birthday song.
Issue 2:
Assume the OS core somehow IS subverted by a rootkit:
This could for example happen by someone getting at the master keys for signing OS updates. Or by a hardware vendor submitting a bad driver.
When it happens, you are completely fucked, a bit like you would be with already existing trojans that encrypt your data and ask you to send money for the decryption key. The reason that you are fucked is that most of your data will also be encrypted, so that it is impossible to recover by just placing the HD into a different PC. And in addition, it is harder to remove the rootkit, since it is now part of the protected OS core.
Finally, to sum it up, what is wrong with DRM is that it places control over the device you just bought with the OS vendor, not with you. So you just bought a device that doesn't really belong to you, but to the state and the music industry.
Hey don't blame me, IANAB
The difference is that when you buy an iWhatever you're buying Apple's software running on Apple's hardware. Anyone selling hardware can put their own OS on it - your car, your microwave, they're all running the software the hardware manufacturer put there.
The difference here is that the lock-in is being applied by a software manufacturers and then sold by the hardware companies. It's like making a microwave that will only heat Brand-X food, or a car that will only run on fuel from a Multinational-Y. It's no great benefit to most users, a hindrance to a few, and will change the advice I give in all my "You're a geek, which computer do you recommend?" emails.
Please consider this account deleted, I just can't be bothered with the spam anymore.
I run linux in a VM, till now happy with the performace. Why mess around with dual boot, grub,lilo etc?
For the same reason you don't run Linux and then Windows in a VM. Not everything works or is usable on a VM.
Stop trolling.
Trolling? Oh, come on. I think it's a fair point.
I run Linux exclusively, because it's the system that I want to run. But it seems to me that Linux could run quite well in a VM. TTY apps are a no-brainer, of course. X stuff would require a good X server on the host OS (I guess GL could be an issue, though.) So what's not going to work well under a VM?
Bow-ties are cool.
Yes, IBM's enterprise machines, up until recently, let you run no alternative OS. But the IBM PC has been open from day one. You've always been allowed to run alternate OS'es on your PC. You thought Microsoft "let" you run alternate OS'es? They did not then, and do not now, own the PC HW architecture. It was IBM's openness that let you do this, not Microsoft's.
(IBM did try to keep some of the particulars of the BIOS secret to prevent PC clones, but it was swiftly reverse-engineered and IBM did not stop it, despite the long-demonstrated ability to have their lawyers crush the opposition.)
Any serious user would install linux on a separate hd or ssd to benefit from the native file system.
You don't need a separate hard disk, a separate partition is quite sufficient.
Bow-ties are cool.
You're missing the part about Microsoft being a convicted monopolist. From your ID, maybe you're too young to have been around long enough to see some of Microsoft's practices firsthand. or maybe you're just trolling.
Look, it's just a hard drive. They're so !@#$ing cheap now. Take the damn thing out of the computer and SMASH on it sharp rock (yeah, when I bash Micro$oft I really BASH 'em!) Install new drive...cost $50. If you're not tech savey enough to put in a new drive...another $50 to the local tech shop.
Every Linux box I've ever had has started life as a Windows PC. My first was my older Windows box that I had already replaced, and loaded Linux on as a lark. Later, I got castoff but still good machines from work to use as file servers, etc, around the house. This is a really common use case.
What are these "socialist countries" you are referring to ?
Why is there no HARDWARE BASED OVERRIDE to turn off this behavior? No software or root kit could EVER change a jumper or DIP switch on the motherboard. So wouldn't it be reasonable to have some [not terribly easy] hardware based way to disable or reset the locking when a customer doesn't want it or needs to be able to install something else?
Plus- how are people going to feel when their brand new computer right now can't upgrade to MS-Windows 8, simply because it doesn't have the lockdown feature?
Some motherboards will have a switch in the bios settings where you simply turn the UEFI stuff off. And some will have a jumper for disabling it. Because some manufacturers are in the "enthusiast" market, selling to people who use motherboards in strange ways.
And for the rest - you can flash a different BIOS, there are providers of alternative BIOSes. Or wait till someone inevitably leak (or reverse-engineer) the key used for signing. Some manufacturers may be light on key security if it helps sales.
If Microsoft went ahead with this, it wouldn't be long before the technology was broken. Then it'd take a bit longer to figure out how to incorporate that hack elegantly into a Linux install process. I don't think there's much to worry about as a Linux user, provided you believe that the open-source community is collectively able to outsmart Microsoft.
RS
windows 8 will run fine on my homebrew PC
Which homebrew laptop motherboards and cases do you recommend?
How about requiring physical interaction? This would resolve the security issues without harming our right to modify our own hardware.
At first, I thought about some kind of "while rebooting, press and hold Scroll Lock to allow the install", but the keyboard is driven by low-level I/O firmware, so that's out.
Then I thought that a physical button would be good, but the scammers could fool Grandma into pushing it "to protect your PC!"
How about a jumper that, while open, does a one-time skip of the UEFI enforcement, and prompts you to sign the new UEFI yourself?
This solution fits the problem -- without unduly interfering with our ownership rights. It's a pain for a newbie to crack the case, but maybe that would be educational, too.
Now I'll have to virtualize Windows inside of Linux when I feel like running it....Oh wait, I all ready do that.
That's a whole lot of assertions based on precisely no evidence. No statements from Microsoft. No actions by Microsoft, other than their intention to use UEFI. In fact, if one can disable UEFI in hardware after boot, that would render the issue moot. Is MS also going to strongarm manufacturers to exclude that feautre?
The Ars article was a lot less 'chicken little':
And while it is still a rumor it can probably be taken as a fact that disabling this feature (if made possible by the manufacturers) will likely cause Windows to not star
According to this post on msdn.com, that would appear to not be true. MS claims to support legacy BIOS as well as allow dual booting. They don't specifically mention Linux, but I don't think that was an intentional slight.
Not to mention which, since the last round of DOJ suits, MS has seemed to stay away from blatantly anticompetitive tactics. And this would probably be the most blatant they've ever done, if they were to do it.
Basically, while I like to bash MS as much as the next guy (as long as you're not the next guy, apparently), do you have absolutely ANYTHING to back up some rather bold claims?
if they make it so you can't just turn off the security feature and install linux the European union will smash the shit out of them.
This is a joke. I am joking. Joke joke joke.
Seriously, every time he opens his mouth he sounds like a conspiracy nut but he is so fucking on the ball that almost everything he says eventually comes true. His 1997 article The Right to Read may have seemed ridiculous fourteen years ago, but reading it now it seems masterfully prophetic:
My major concern is re-purposing computers which have Windows currently. I don't consider myself to be a computer manufacturer, so I buy refurbished PCs (cheaper) and install Linux. I've done this with several towers and a few laptops. This won't affect me personally, as it will take a while for this new lock-in to filter down to the refurb market and by that time I may be doddering away in a retirement home anyway, saying things like "By cracky" and "In my day" and reminiscing about core memory.
Boo hoo!! Its fine by me to knock Microsoft. Both at work and home I have paid for so many buggy MS operating systems over the years since MS Dos, and usually the only solution is to buy the next version, which is equally buggy.
Heavy is the head that wears the tinfoil hat.
Yes there is no reason why they wouldn't just provide the option to turn it off in BIOS, or to enable other OS certificates to be installed.
It would be an option right next to the boot device order.
Its just a secure boot area, go into BIOS and unlock it to install/upgrade your alternate OS, then lock it again when finished to protect yourself from rootkits.
Hardware manufacturers have no reason to want to restrict their product to Windows 8 only, they know there is a market for other OS's, including Win XP.
PC's are a different case to the locked down devices such as iPad, games consoles, Chromebook. The OS is part of those products, Windows on the other hand is third party software which you can buy separately in a box.
Unless Microsoft release their own branded tablet/laptop (for example an xbox360 packaged as a laptop, which is entirely possible) then they have no hope of getting away with locking PC's to Windows.
Could you imagine the ass whooping they would get for trying? Look at their history, such as the trouble in EU over Internet Explorer bundling.
From my understanding of the technology this simply places a lightweight OS between the traditional bootloader and the BIOS. The BIOS doesn't have much space to store malware in, and since its different on different motherboards, why even try when you'll probably break the system anyway. Doesn't providing a lightweight OS that has access to far more storage and all the hardware in the machine that starts before your OS boots present a new era for virus writers?
To offset political mods, replace Flamebait with Insightful.
couldn't you just get rid of windows by chucking the hdd in another (linux booted) pc as slave/non-boot disk and use gparted etc to delete partitions? if you're booting linux with the windows disk tagging along for the ride (ie no microsoft code has a chance to execute), how can it protect itself? the only way they could really stop you is if they struck a deal with hdd/cpu/bios manufacturers etc to lock out anything but windows.
even easier... just stick the hdd in a usb enclosure and gparted it (don't even have to reboot your linux box)
...linux enthusiasts should just avoid windows logo boxes. you can get more bang for your buck if you build a machine yourself anyway (been there, done it). buy the components individually and you won't have to worry about having to try to crack any stupid oem keys. if anything it will probably put a small dent in microsofts market share because linux enthusiasts may have paid the microsoft tax just to avoid building a system. now they'll pay a computer shop $25 to build it for them without going through oems (better for local economies and all that).