No Windows 8 Plot To Lock Out Linux

First time accepted submitter Bucky24 writes "ZDNet's Ed Bott decided to contact major PC makers to find out the truth about Windows 8 SecureBoot. The responses are encouraging for those of us who run third party operating systems. Dell plans to have a BIOS switch to allow SecureBoot to be disabled, and HP assures us that they will allow consumers to make their own choice as to what operating system to run, though they have not given details as to how."

At first at least.

1. Embrace.

Re:At first at least.

[bryan1945]

We promise! Really!

Re:At first at least.

[dingfelder]

until they patch it

Re:At first at least.

[Neil+Boekend]

And in the end. If the PC manufacturers decide to disable the option of installing another OS they are not allowed to sell their shit in the EU.
PC manufacturers still have to give you a discount if you don't want MS windows on your system, although they do tend to make it difficult (and they do tend to put it on there anyways, but you don't have to pay for it). Anti-monopoly rules ya know.

Re:At first at least.

[makomk]

That doesn't mean they can't sell different models in the US which don't have a way to disable secure boot - and laptop manufacturers have to have region-specific models anyway due to stuff like keyboard layout and wireless regulations.

Re:At first at least.

It really doesn't matter what the facts are, does it? Those of you who want to see a big evil conspiracy are going to see one no matter what.

This has been a non-story from day one. Companies like Red Hat didn't freak out, because instead of seeing red as soon as they heard the word "Microsoft", they actually bothered to understand what was going on.

This isn't about Linux; MS no longer sees desktop Linux as a threat. It's about competing with closed systems like iOS that are much less vulnerable to malware.

Re:At first at least.

[realityimpaired]

In most laptops, the keyboard is a user-changeable part. It's trivially simple for me to switch the keyboard in my laptop... there's a bezel at the top of the keyboard that conceals a single screw that holds the keyboard in. Undo the screw, the keyboard pops up, and there's a small ribbon connector under it. Disconnect the ribbon connector, it's really easy to switch out.

The *only* other piece of hardware that's regionally different is the 3-prong connector to the wall. The A/C brick itself is universal input... I have used mine in Canada, Italy, France the UK, Germany, and the Netherlands Antiles. That makes sense from a logistical sense... fewer parts means less money spent duplicating manufacturing processes. With the power brick specifically, it means less hassle for somebody like me, as I only need to buy an adapter kit for the wall jack, rather than a whole new power brick when I travel. This is why the wireless card, for example, is a firmware switch, and not actually physically different in my Canadian wifi card versus a French wifi card. The French card has a few channels available to it at the upper end (in Canada, it's 1-11, in France it's 1-14), but there's absolutely no reason to manufacture hardware specific to the Canadian/US market when they can simply disable the extra channels in software.

That same reasoning with the wifi card is why they wouldn't bother to make a US-specific version of the hardware that disables the feature. If they did anything, they'd simply implement it in the BIOS, but even that is pushing the bounds of reality... Dell/HP/Lenovo etc. want you to buy their product, and they're smart enough to realize that if you can buy essentially the same hardware from Acer without that limitation, then you're going to buy it from Acer if that limitation would prevent you from using their product. It's unlikely you'd *ever* see that kind of limitation imposed by Acer, because they're based in Europe and are governed by different laws than a US-based manufacturer like Dell. That said, it's unlikely you'd *ever* see that kind of limitation from Dell, either, considering how Dell actively supports Linux development, and bundles Linux on several of its consumer models of system. (in fact, the laptop I'm typing this on came pre-installed with Ubuntu 10.04 LTS on it.)

Re:At first at least.

[Kamiza+Ikioi]

2. Extend.

Re:At first at least.

[Dekker3D]

2 is extend and 3 is extinguish?

Re:At first at least.

[jellomizer]

And why would Hardware manufactures want to wast money time and resources to come up with different product models for each country if they can avoid it. They don't make money selling Windows, They make money selling hardware. Having Windows preinstalled makes their customers happy. If they don't want Windows they are just as glad that they wipe out the old OS and put whatever you want on it. Just don't call for support because they may not be able to help you.

The reason why many conspiracies don't exist is because everyone has different agendas, and it is more work and a hassle to keep the conspiracy then the problem they are trying to solve.

Re:At first at least.

[Andrewkov]

And why would Hardware manufactures want to wast money time and resources to come up with different product models for each country if they can avoid it.

Because they want to charge different prices in different regions, and prevent people from buying the product in a cheaper region.

Re:At first at least.

[gtall]

Gee, I don't know, maybe because in the past MS has used their pricing to influence the software installed on machines? Surely, they wouldn't think to use this old trick again....nope, no chance of that...couldn't happen....never...

Re:At first at least.

[doston]

You're right. If Budweiser can have 3% beer just for Utah laws, this can be accomplished.

Re:At first at least.

[jellomizer]

Microsoft has lost their strong arm. They are still big and influential. But Unlike the late 90's a hardware company can survive without Microsoft.

Re:At first at least.

[bryan1945]

The fun part about ACs are that they are so freaking humor-impaired. That and the fact they have no balls to put a name behind their statements.
What freaking company (well, apparently Red Hat, I guess) hasn't made promises about things that don't happen?
Go grow some balls and a sense of f'n humor.

Ed Bott

[bmo]

Ed Bott is nothing more than a Microsoft mouthpiece. Not going to RTFA and almost didn't RTFS because of his name. His hobbies are trolling and shilling for Microsoft.

The only difference between him and Robert Enderle is that Robert is a more honest whore.

--
BMO

Re:Ed Bott

[hedwards]

He's probably technically correct that it isn't a plot to lock out Linux. In practice though, I'd be surprised if it didn't end up like ACPI early on, where MS' implementation was the only one that many vendors bothered with, opting not to fix bugs that MS had a workaround for.

Re:Ed Bott

[syousef]

His hobbies are trolling and shilling for Microsoft.

It's not a hobby if you make your living that way.

Re:Ed Bott

[izomiac]

I read the article and regret it. The author called Dell and HP "spokespersons" and asked about their company's plans. One non-decision-making employee says Dell is currently planning to provide an option, and a similar HP employee has no idea what SecureBoot is, but can confirm that HP is not participating in a conspiracy (the stated question apparently).

So, after two phone calls and an e-mail, the author's fact-checking work is done, so the article moves on to mocking selected quotes by open source advocates. I'll try to remember Ed Bott's name, as he obviously has such high journalistic standards.

Re:Ed Bott

[hedwards]

When they do it by including undocumented workarounds for a known standard, yes it certainly is evil. And in the case of ACPI, it didn't just affect people that wanted to have pure code, it also affected all the other projects that depended upon the code being implemented to standards. It took years to sort that out and ultimately, just served to benefit MS.

Had MS actually implemented the standard that everybody else was using, the one that Intel provided a validator for, it wouldn't have been an issue.

Re:Ed Bott

[bmo]

There is at least one person who thinks highly of Ed Bott, however.

The net effect of that big brainwashing effort is that some of the more credulous and less informed people now distrust a very smart analyst like Rob Enderle, very smart journalists like Maureen O'Gara and Dan Lyons, or a very smart author like Ed Bott, only because they comment on certain issues with greater sanity than Groklaw.

- Florian Mueller

*spit*

--
BMO

Re:Ed Bott

[Penguinisto]

True, but how much profit and lock-in can you get from that?

Re:Ed Bott

[Penguinisto]

Yep... you get used to glazing past anything with Ed Bott's tagline in it. He's notorious for being a better Microsoft mouthpiece than Microsoft's PR department.

I just have a hard time deciding if it's because he loves Microsoft that damned much, or if he's just doing it to generate eyeballs and clicks.

Re:Ed Bott

[sortius_nod]

anything on ZDNet is going to be a Microsoft shill piece.

Re:Ed Bott

Ugh, Florian Mueller called him very smart? Reading that article and comparing it to the reality...
Linux Aus council ARE talking to hardware manufacturers. Ed Bott won't actually research his statement implying no FOSS people are though, because that isn't part of his agenda. It would have been worth mentioning the Red Hat and Canonical white paper (http://blog.canonical.com/2011/10/28/white-paper-secure-boot-impact-on-linux/). That doesn't fit is agenda though.

Re:Ed Bott

[poetmatt]

no worries. the EFF has picked up on the article's FUD, among others. The funny thing is that moving forward with secureboot in ways that are undocumented/lock out linux would bring so many lawsuits to microsoft that even the lawyers will be falling over themselves to sue them. It would quite literally give novell so much ammunition it's not even funny.

Re:Ed Bott

[jcombel]

said it before, still relevant:

not sure what the /. issue with the guy is.

ed bott makes a living writing publicly (for news sites and publishing his own books) on technology topics, mostly about windows - he likes windows, he writes about it, and publishes his work. getting paid to do what you like in a field that you like doesn't make you a shill. it makes you happy. it's a pretty cynical worldview, to assume that people aren't doing honest things because they like them, but instead dishonest things because a MegaCorp is paying them BIG BUX.

Not going to RTFA and almost didn't RTFS because of his name.

choosing to remain in your echo chamber will leave you with few new ideas. if that's your prerogative, though, knock yourself out.

Re:Ed Bott

[betterunixthanunix]

Quick fix from Microsoft:

"In response to criticism from the US government and the open source community, our secure boot loader will now allow users to run Linux! You will, of course, be running in a hyperviser to ensure that you do not attempt to access the Windows partition or overwrite the bootloader, which is necessary for your security!"

The purpose here is to ensure that the user cannot modify Windows, and the purpose of that is to ensure that DRM systems become effective (i.e. because if you can modify Windows you can extract keys or use cracks or whatever). If Microsoft were legally required to allow dual-booting, they would do it in a way that does not really give you control of your computer, much like Other OS on the PS3.

Re:Ed Bott

[bmo]

not sure what the /. issue with the guy is

If you've ever read more than one Ed Bott article, you'd know. People accuse the FOSS crowd of being stubborn. You have to be stubborn to refute the repeated lies that Ed and so-called journalists and "analysts" like him will spew. It gets old quick.

getting paid to do what you like in a field that you like doesn't make you a shill.

I agree. Mary Jo Foley isn't a shill. She still seems to have her dignity and integrity about her, more or less. She may be a fangirl, but I don't think she's a shill.

In an ideal world, all journalists have integrity and dignity.

Ed Bott has none. That's the issue. For those of us who didn't fall off the turnip truck yesterday, it's blatantly apparent.

--
BMO

Re:Ed Bott

[jcombel]

You have to be stubborn to refute the repeated lies that Ed and so-called journalists and "analysts" like him will spew. It gets old quick.

i don't mind being wrong, and would like to be as informed as possible. could you link to me an article he wrote containing verifiable lies?

Re:Ed Bott

[bmo]

Oh here we go.

>pretend to sound reasonable
>pretend to ignore all the other stuff that Ed Bott has said
>ask me to go dig up his articles

No, you can go read his articles over on ZDNet. They are indexed and you can judge for yourself.

--
BMO

Re:Ed Bott

[jcombel]

i've read a few (only ones that have been front-page story'd on slashdot) and they all seemed reasonable and factual so far. from what i understand the guy has written several entries per week for the last umpteen years, i think just directing me to his hundreds of entries is a bit unreasonable. if you don't want to go link diving, that's fine, i don't want to go digging either. do you remember any particular topics that he lied or misrepresented, so that i might try my google fu for a couple minutes?

Re:Ed Bott

[Zancarius]

His hobbies are trolling and shilling for Microsoft.

I agree. I've long stopped reading anything of his simply because it's just regurgitated press releases from Redmond.

Re:Ed Bott

[The+Askylist]

My only question is - how can booting into Windows version anything be called "secure boot"?

Surely the term "locked-in boot" is more accurate?

Re:Ed Bott

[Zancarius]

Okay, I'll bite. Let's take this article as a fine example of his work:

Allow me to illustrate by turning the argument around in an equally cynical way, with an equally inflammatory rhetorical flourish:

People who make their living in the Linux ecosystem are demanding that Microsoft disable a key security feature planned for Windows 8 so that malware authors can continue to infect those PCs and drive their owners to alternate operating systems.

Oh, wait. Now that I think about it, thatâ(TM)s actually pretty close to the truth.

Bott takes a provocative approach by claiming to "turn the argument around" using "equally inflammatory rhetorical flourish"--then implicitly claims it's "close to the truth." In other words, he's essentially linking malware authors with people who are attempting to drive users toward alternative OSes like Linux. Is it a joke? Maybe, but his last statement leaves one wondering if he really does believe it.

He claims that UEFI will magically prevent rootkits from working simply because the BIOS will then be able to detect mangled files. I'm not sure Bott fully understands the purpose of a rootkit, but if one were well designed, UEFI will achieve nothing toward this goal. Indeed, unless UEFI contained signatures for all Windows system files, I'm quite certain that it would be fairly easy for an interested party to circumvent. After all, the objective of a rootkit is to hide the rootkit from examination, and running one under UEFI would simply require hooking into the OS at points that the UEFI does not check. But no, Bott seems to espouse this technology as magical!

Let's not stop there.

In this article, Bott's original post immediately presumes that the reports of MSE incorrectly flagging Chrome as malware were the fault of the users downloading compromised versions or installing on a compromised Windows install. It seems that it never occurred to him that it could have been a false positive in MSE until after it was confirmed with MS.

Now, before you tell me that I'm nitpicking, consider this: False positives are not at all unheard of with antivirus software. Avira, Avast, AVG, et al, have been known to flag valid, clean software as potentially dangerous, and most sensible people installing something from a known-good source that claims the source file is not compromised will immediately assume it's a false positive and submit it to the AV company. While Bott did the correct thing in submitting it, he dismissed it as the fault of users simply because he couldn't recreate the problem. Ah yes, not a chance that MS could do anything wrong...

Oh, and then there's this wonderful masterpiece in which Bott proudly declares Microsoft's victory. While this may be true--Linux on the desktop is unlikely to become a reality--you have to dig a bit to find that he concedes, quote, "On the server side, of course, Microsoft continues to acknowledge that Unix and Linux are strong competitors." You can tell he was salivating over the prospect, though, never mind that Android is, essentially, Linux under the hood.

And what about his article The Hidden Costs of Running Windows on a Mac? Not only does he go out of his way to point out that you have to buy licenses (hint to you, Mr Bott: you're still buying OEM Windows licenses when you buy a Dell), but he points out possible performance issues and the likes. Honestly, I think this is a true shill piece; if someone has decided that they want to run Windows on their

Re:Ed Bott

[bmo]

For many years, Ed was on the side of SCO. His typical characterizing the FOSS crowd as dirty unkempt, unwashed hippies over the same years, and his continual use of the word "freetard" was, and is, reprehensible. And yes, there is a lot of it, which is why I don't want to go diving in the filth.

Not reasonable in the least.

If you read the post I put up here that had the quote from Florian, Florian lists almost all the "paided" shills for Microsoft and calls them "smart" thus aligning himself against FOSS and with Microsoft. Ed Bott is one of them. He left out Paul Murphy, AKA Rudy de Haas.

And that's not ad-hominem.

There is a lot of animosity from people like me that people like them earned.

--
BMO

Re:Ed Bott

But to be fair how can you recruit Linux cheerleaders without also creating a meeting point for people who hate Microsoft?

Re:Ed Bott

[benjymouse]

He claims that UEFI will magically prevent rootkits from working simply because the BIOS will then be able to detect mangled files. I'm not sure Bott fully understands the purpose of a rootkit, but if one were well designed, UEFI will achieve nothing toward this goal. Indeed, unless UEFI contained signatures for all Windows system files, I'm quite certain that it would be fairly easy for an interested party to circumvent.

Ed Bott is right and you are wrong. You believe "signatures" is hashes (because there is no code signing in Linux?). They are not hashes, code/file signing is based on asymmetric keys for integrity protection and is pretty solid (unless you let Debian developers modify the code for key generation). The UEFI firmware will have a table with approved public keys. Any bootloader and its data will have to be signed with one of the corresponding private keys if secure boot is switched on. The bootload'er vendor can update and distribute a new version as long as he signs the bootload'er. If it works anything like Windows kernel signing (but remember this is a industry UEFI standard not exclusively available to Windows) the signature will protect executable as well as config data etc.

After all, the objective of a rootkit is to hide the rootkit from examination, and running one under UEFI would simply require hooking into the OS at points that the UEFI does not check.

Wrong again. The UEFI secure boot is the last missing link in the secure Windows boot chain. Each step will validate the next one before relinquishing control to it (letting it execute): 1) The UEFI firmware validates the signature of the bootload'er. If the bootload'er has been tampered with UEFI will *not* execute the bootload'er 2) Bootload'er runs, loads OS boot definitions, checks (through signatures again) that they have not been tampered with. If the chosen OS is set to secure boot, the bootload'er checks the OS integrity (through signatures again) before launching the OS. 3) The OS gains control and before loading kernel executables and kernel mode drivers, it checks that they come from signed cabinet files. If they don't the kernel will refuse to load them.

Microsoft did not require that system vendors and motherboard vendors makes it impossible to switch off. Microsoft does not require that their public key is the only one in the system. In order to get the "Designed for Windows 8" sticker they *do* need to 1) enable secure boot by default, 2) pre-register Microsofts public secure boot key, 3) Not provide a programmable interface for switching secure boot on/off and not provide a programmable interface for changing the registered secure boot keys.

There is some FUD speculation about a conspiracy that Microsoft will secretly require the vendors to *enfore* secure boot with Microsofts key exclusively. That would prevent other bootload'ers from loading. This is despite the fact that Microsoft has publicly said that they prefer that vendors do not do this but that they cannot mandate this, as it is ultimately the vendors choice, not Microsofts. In fact, it would hurt Microsoft as it would exclude the enterprise and corporate sector from downgrading to non-secure boot aware OSes like Windows 7, Server 2008/R2 etc.

This issue had the wrong address from the start, and that is what Ed Bott is ranting about. This is about HW vendors, not Microsoft.

Windows 8 will not require secure boot, but will support it. Windows 8 will boot on any machine, secure boot or not. The issue is whether hardware/system vendors will provide the on/off switch *or* allow the key table to be updated by the user. So far not a single hardware vendor has said they will disable the on/off switch, if you disregard the very suspicious claim by Red Hat employees that they "know" one vendor who has "privately and anonymously" declared that they will disallow Linux. Several vendors (Dell, AMI) is now on record for saying that they will allow secure boot to be switched off while others has declared their intention to do so.

Re:Ed Bott

[znerk]

Now, before you tell me that I'm nitpicking, consider this: False positives are not at all unheard of with antivirus software. Avira, Avast, AVG, et al, have been known to flag valid, clean software as potentially dangerous, and most sensible people installing something from a known-good source that claims the source file is not compromised will immediately assume it's a false positive and submit it to the AV company. While Bott did the correct thing in submitting it, he dismissed it as the fault of users simply because he couldn't recreate the problem. Ah yes, not a chance that MS could do anything wrong...

Don't leave out the big boys... McAfee has twice released an update that deleted (not quarantined) critical Windows system files with no confirmation; those files were not infected, they were bog-standard OS files.

I'll link to Bott's post on the subject, for additional irony.

Re:Ed Bott

[RocketRabbit]

It's telling that you didn't even have the courage to respond under your user name here slick.

And you were down boated.

Re:Ed Bott

And he is wrong, how?

Re:Ed Bott

[EvanED]

Indeed, unless UEFI contained signatures for all Windows system files, I'm quite certain that it would be fairly easy for an interested party to circumvent.

I'm pretty sure that's exactly what they have in mind.

Well, not exactly. More likely, UEFI will validate the bootloader and the bootloader will validate the rest of the system... but getting a system up and running which is trusted from first power on is pretty much what this is designed to do.

Re:Ed Bott

[lanner]

Mod this up to five bajillion

Re:Ed Bott

[emj]

You are rambling, but you do have some points, Windows needs to be cheaper, but they have tried correcting that with cheaper Office and Windows for families and students.

Linux is doing fine, not that many people care about saving time and worries by installing Linux though.

Re:Ed Bott

[AmiMoJo]

Right, somehow it's Microsoft's fault for vendors not fixing their BIOS code. If they couldn't be bothered to validate it then it's their own fault.

Re:Ed Bott

[Dr_Barnowl]

The bootloader will refuse to load an unsigned kernel. The kernel can then refuse to load unsigned executables, if it chooses. This will probably not be the default - after all, there are a lot of executables out there that are not signed - but it would be perfectly possible to configure the OS to only load signed code.

This doesn't prevent exploits via kernel API calls, but this would prevent you installing a persistent piece of code with kernel access - you'd have to re-exploit the OS each time it booted. For example, it wouldn't guard you against the recently revealed 0-day kernel exploit in Word, but it would prevent that exploit from permanently rooting your machine by installing kernel drivers (unless you somehow manage to pull off getting your exploit drivers signed).

Re:Ed Bott

[makomk]

Microsoft created the tools that generated the broken BIOS code in the first place, and they designed them in such a way that they always generated broken, non-standards-compliant code - in fact there are reasons to believe this may have been deliberate.

Re:Ed Bott

[RocketRabbit]

He implied that ZD isn't a MS shill op. They are.

Re:Ed Bott

[sgt+scrub]

The UEFI firmware will have a table with approved public keys. Any bootloader and its data will have to be signed with one of the corresponding private keys if secure boot is switched on.

I'll give it 1 month, to be on the safe side, for a signed driver to appear that can root Windows 8. Giving the simplicity of obtaining sensitive information from a vendor these days, it will be trivial for nefarious people to obtain keys. Owner controlled keys are the only true protection from root kits. It is like adding entropy to /dev/random

The issue is whether hardware/system vendors will provide the on/off switch *or* allow the key table to be updated by the user.

The issue is if the vendor will provide the key table to be updated AND Windows 8 will run on hardware where the key table is controlled by the owner. Having nothing but an On/Off option is completely unacceptable.

Re:Ed Bott

The important distinction here is that the ACPI fiasco took place in the 90s, when MS still saw desktop Linux as a potential threat to Windows dominance.

That is no longer the case. Even with modern desktop Linux being far more user friendly than it has ever been, its user base is still limited to geeks and hobbyists.

Re:Ed Bott

[Kjella]

Microsoft did not require that system vendors and motherboard vendors makes it impossible to switch off. Microsoft does not require that their public key is the only one in the system. In order to get the "Designed for Windows 8" sticker they *do* need to 1) enable secure boot by default, 2) pre-register Microsofts public secure boot key, 3) Not provide a programmable interface for switching secure boot on/off and not provide a programmable interface for changing the registered secure boot keys.

There is some FUD speculation about a conspiracy that Microsoft will secretly require the vendors to *enfore* secure boot with Microsofts key exclusively. That would prevent other bootload'ers from loading. This is despite the fact that Microsoft has publicly said that they prefer that vendors do not do this but that they cannot mandate this, as it is ultimately the vendors choice, not Microsofts.

So what would prevent Microsoft from adding a 4) to their list of conditions mandating you be able to turn it off though a non-programmable interface? Nothing. Of course you can't force them to get the sticker, but that's what this is all about. That is why my bullshit detector sets off when they say they can't. Because they could, they're not going to but they could.

Re:Ed Bott

[hedwards]

When your computer won't boot because it panics during hardware initialization, I'm not really sure how it's not lock in. Even in more moderate cases where some hardware just doesn't work, it's still somewhat hard to justify how that isn't lock in. Most people, myself included, don't like paying for hardware that doesn't work.

Re:Ed Bott

[mr100percent]

Why would it matter if the employee is decision-making or not? Spokespeople don't make decisions, only announce what the company has internally decided.

Re:Ed Bott

[Frenzied+Apathy]

Nice rant. I'd mod you up if I could. Totally agree on all points...

Re:Ed Bott

Congratulations on achieving a distinctive writing style. While reading what you posted I thought that sounds like hairyfeet and when i scrolled up to check it was.

I don't know if that's a positive or not. Sometimes you do make good points other times...

most things on linux can be achieved with the use of a gui or a command line. That is a positive, replacing admin tools with simpler gui versions is not the best way to go. eg replacing synaptic with ubuntu software centre is dumbing down with the biggest problem being a lack of feedback to the user.

Sure the alternative view of software is useful in showing what is popular and what is available but maybe it should be an alternative view in synaptic rather than a more limited replacement.

When everything works flawlessly then error messages are not needed but when things go wrong they are and when windows tells you the audio hardware may have been removed from your laptop and then said missing hardware works after rebooting you know we are a long way off from perfect whatever os you use.

I'm not worried that linux market share is low linux evolves continually in many directions that is a good thing because you don't have to put up with the options a particular distro goes with I am glad i can use something else other than ubuntu.

Re:Ed Bott

[Microlith]

But they will absolutely not allow users to define what keys are used for secure boot.

There is some FUD speculation about a conspiracy that Microsoft will secretly require the vendors to *enfore* secure boot with Microsofts key exclusively. That would prevent other bootload'ers from loading. This is despite the fact that Microsoft has publicly said that they prefer that vendors do not do this but that they cannot mandate this, as it is ultimately the vendors choice, not Microsofts.

I doubt they will be explicit about their desire for such crippling. Microsoft wants the availability of other OSes to be at the whim of the vendor, but have ensured that their platform will ABSOLUTELY be available. If anything, much like the browser issue in the EU they should be forced, as a convicted felon, to work with vendors to ensure other options are available.

Or are you saying we should just trust Microsoft not to do things to disenfranchise and drive competitors out of the market? In the face of their history?

In fact, it would hurt Microsoft as it would exclude the enterprise and corporate sector from downgrading to non-secure boot aware OSes like Windows 7, Server 2008/R2 etc.

Considering all of those OSes support UEFI boot, I'm sure they could add support down the line if they really wanted to.

Re:Ed Bott

[Just+Some+Guy]

This is despite the fact that Microsoft has publicly said that they prefer that vendors do not do this but that they cannot mandate this, as it is ultimately the vendors choice, not Microsofts.

Mmmm-hmmm. And shipping a pre-installed alternative browser was the vendor's choice. And selling non-Windows operating systems pre-installed was the vendor's choice. And making netbooks with decently non-crappy specs was the vendor's choice. Sorry, but I've seen what happens when the vendors are given free rein - as long as they're OK with losing their OEM Windows license discounts. Fool me once, shame on you. Fool me 247 times, kiss my ass.

So far not a single hardware vendor has said they will disable the on/off switch, if you disregard the very suspicious claim by Red Hat employees that they "know" one vendor who has "privately and anonymously" declared that they will disallow Linux.

That sounds suspiciously like Ed Bott's previous claims:

anonymous AppleCare support representative spoke to ZDNet's Ed Bott over the weekend, telling the reporter that complaints about malware infections on the Mac increased significantly in the first half of May.

I haven't used Red Hat in over a decade, but quite frankly I trust their references to "private and anonymous" sources more than those of Bott, who seems to have made a career of "other OSes suck, too!"

Re:Ed Bott

We all have options.
I see a great market share waiting for those who build a company that does not lockout other operationg systems(not only Linux) from their computers.
You don't like what you have? Stop whining about it and start a f*cking business instead of being a useless clod.

Re:Ed Bott

[benjymouse]

First, you're missing the whole point. Root kits don't come in through the boot loader. That was the way it was done when DOS was the most used OS. Instead, they either use an exploit against the OS, or simply uses Administrator privileges to hook into the system (many users are still running as Administrator, and those who still have UAC turned on, have no idea when it's ok to click "allow".

You should have followed along then. Windows (the x64 editions) since Vista is using kernel and driver signing. The kernel will *not* load from a cabinet file unless the cabinet is signed with a key trusted by the kernel. Furthermore, the kernel will *not* load a kernel mode driver unless it has been signed using a valid code certificate issued by a trusted issuer (e.g. Verisign).

This means that a rootkit cannot tamper with kernel executable files or cabinet files in order to insert itself during boot. As soon as it changes the content of a cabinet file, the signature will not validate and the kernel will refuse to load it.

So how do one circumvent this? Either by creating a malicious driver and somehow obtain a private key to sign it. One can steal it from an ISV or try to trick the issuer into believing you are a legitimate business. Either of these options rely on a certificate which can be revoked. So, when your malicious code is discovered on a single system, the certificate you used to sign the driver will be revokes and after that your code will not load during boot.

Windows x64 has yet another obstacle: Having your driver with loaded is not enough. You need to hook into the kernel to do your evil thing. But Windows x64 also has online integrity checks. Basically it checksums many/most of its internal tables, and if your driver tampers with them, the periodic integrity checker will halt the system.

So, what's left. Contrary to what you believe, the good old bootsector hack is back: http://www.dataprotectioncenter.com/antivirus/sunbelt/how-the-tld4-rootkit-gets-around-driver-signing-policy-on-a-64-bit-machine/. By taking control early on, a rootkit can continuously check for when a know driver/module is loaded and then modify it in memory.

This latter attack vector is precisely what is being addressed by UEFI Secure Boot.

A couple of hardware makers have said they will not be adding an on/off switch.

Yeah? Who?

Re:Ed Bott

[bmo]

The butthurt from the Windroid Shills is amazing to watch here.

Being called out on Microsoft's shenanigans is a bitch, ain't it?

--
BMO

Re:Ed Bott

[hairyfeet]

Thanks but I knew I'd be modded down for daring not to follow the groupthink and hey...I was! surprise surprise. Doesn't make black into white nor will it change the facts and the facts are thus: Linux has been flatline for nearly 4 years now, that is 16 quarters of nearly ZERO growth. the last numbers I saw on servers had Linux losing share as well, even with the frankly crazy price of winServer, why?

Because as a Linux admin friend told me "If you give a Linux and Windows admin a task that the Linux admin has done repeatedly well then the Linux guy WILL win, but if you give them both a task that neither has done? before the Linux guy is done reading man pages and Googling the Windows guy will be at home making a sandwich" Its simple and the reason why CLI is dead everywhere else, GUIs reward exploration, CLIs reward repetition.

And nobody is saying you can't have CLI, hell with both OSX and Windows you can script all damned day long if that melts your butter, with Powershell on winServer you can automate the entire server farm, help yourself.

But the problem the Linux community has, and feel free to check ANY forum and see for yourself, is this: somewhere along the way the community was taken over by the "FLOSSie club" mentality, where those that use Linux are somehow "better" than everyone else and the goal is NOT to free people from not having control of their software as stated by RMS when he created the GPL, but instead to "keep out the noobs" and make sure the "unwashed masses go back to windblows" and like a cancer as this idea spreads it destroys all in its wake.

I've been called every filthy name in the book for daring to say things like "Users should be able to use CLI but it should NEVER be a HAVE TO". Now when did such an obvious statement become hearasay? I'm a retailer, I sell computers to normal folks, Suzy the checkout girl, Brian who runs a backhoe, the nice old guy in front of you in line at the bank, and right now Linux simply doesn't meet their needs. And the truly sad part is when retailers like myself say "This is what we need to help spread FLOSS" we get told "Fuck off and die parts monkey, go back to windblowz LOL!".

It is THIS attitude that is dooming FLOSS, not some conspiracy, not some secret bribery, just the simple fact that the community has become infested with groupthink and trolls and all that refuse to follow the party line are cast out and hatred spewed at them. In the end retailers like myself have practically begged for changes, only to be spit upon, so who is to blame for the lack of FLOSS adoption? The community who refuse to believe that the consumer market is worth having, not if it means things could be easy for the "noobs".

They can label it a rant, label me a shill, but it won't change reality nor will it get a single retailer to sell your product nor a single user to actively switch. In the end the community has no one but themselves to blame for the current lack of FLOSS adoption. And I think its just sad, as there are many that could be free from DRM and have choice but they simply aren't "leet" enough to be worthy of the FLOSSie club.

Re:Ed Bott

[sirlark]

Wrong again. The UEFI secure boot is the last missing link in the secure Windows boot chain. Each step will validate the next one before relinquishing control to it (letting it execute): 1) The UEFI firmware validates the signature of the bootload'er. If the bootload'er has been tampered with UEFI will *not* execute the bootload'er 2) Bootload'er runs, loads OS boot definitions, checks (through signatures again) that they have not been tampered with. If the chosen OS is set to secure boot, the bootload'er checks the OS integrity (through signatures again) before launching the OS. 3) The OS gains control and before loading kernel executables and kernel mode drivers, it checks that they come from signed cabinet files. If they don't the kernel will refuse to load them.

None of which prevents the installation of a rootkit, it just prevents the machines from rebooting successfully after one has been installed. So now, instead of being able to boot my machine and at least attempt to clean things up, I can't boot my machine at all, and last time I checked boot disks in windows were a REAL pain in the ass... mostly people will just have to let their vendor rescue disks take care of it, i.e. wipe their data, and present them with a shiny new crapware infested machine. Actually, come to think of it, what are the chances that vendors will start ensuring their own crapware is loaded at boot too?

Re:Ed Bott

[makomk]

So how do one circumvent this? Either by creating a malicious driver and somehow obtain a private key to sign it. One can steal it from an ISV or try to trick the issuer into believing you are a legitimate business. Either of these options rely on a certificate which can be revoked.

Of course, once your malicious code is running in the kernel it can quite easily block any updates to the certificate revocation lists...

Re:Ed Bott

Pathological hypergamy.

Re:Ed Bott

Really?

Steven J. Vaughan-Nichols,
ZDNet resident Linux guy

Wow, quite the article...

[fuzzyfuzzyfungus]

While nice, if true, to hear that OEMs will be doing (part of) what people would like to see(specifically, having an option to disable 'secure boot' is better than nothing; but what you really want is the option to do a keyfill with trusted keys of your choice: signed boot components make good sense, it's just not being able to choose who is trusted to sign them that is an issue); this article could hardly be any smarmier or less informative.

"In response to the FUD campaign of the freetards, I asked some PR people. Dell said 'yes', HP emitted word salad, AMI said that they would do whatever their customers felt like. Case Solved!" If it weren't for the smirking invective, the whole thing could have been boiled down to a single paragraph(or, heaven forfend, bulked out with technical information...)

Re:Wow, quite the article...

[hedwards]

At that point, you might as well ditch it completely and just have a special boot chip that can be made writable via jumper and most of the time set to read only.
It would solve the problem without the need for such a scary possibility as the vendor being able to lock you out of your OS of choice.

Re:Wow, quite the article...

[fuzzyfuzzyfungus]

As best I can tell, EFI was what happened when somebody looked upon the BIOS, saw that it sucked compared to the OS, and decided that(rather than building a new firmware aimed at getting into the OS as simply and quickly as possible) they would build a BIOS large enough to possess every vice of an operating system and leave implementation to the capable hands of the PC OEMs, whose dedication to software quality is legendar...

Re:Wow, quite the article...

Just replace "somebody" with "a large bureaucratic committee of people." I still have to wait for IDE controller initialisation on my Z68 system which takes just as long as it would have for a BIOS on a RAID controller on a 386. Except instead of 33 MHz IDE, it is 6 Gbit SATA. And, instead of a PCI add in card, it's built into the damned chipset. EFI basically solved all the wrong problems.

Re:Wow, quite the article...

[wzinc]

I think the issue is n00bs will try Linux for the first time, fail, and think it's no good. Ubuntu, etc will have to plaster "turn-off SecureBoot" all over their site. Of course, like most BIOSes, it will be poorly translated, and you'll have to hunt all over for the right setting. People are always saying how closed Apple is on this site, but they specifically wrote a BIOS emulator so you could run Win/Linux on a Mac. Apple will be the most open hardware maker after this!

Re:Wow, quite the article...

[Microlith]

EFI is what happens when Intel (rightly) concludes that switching to a new architecture, IA64, would allow them to abandon all the problems of x86 and thus eliminate the then 20 year old BIOS in favor of something more capable. It is also what happens when Intel goes hugely NIH and decides to create something almost, but not quite, like OpenFirmware.

large enough to possess every vice of an operating system and leave implementation to the capable hands of the PC OEMs, whose dedication to software quality is legendar[y]...

No joke. I'm working with a vendor that is implementing one now, and it's quite chaotic. Also the "browser" system used by UEFI for creating GUI dialogs for the platform is probably one of the worst ways to do a GUI, definitely showing its Intel state machine roots rather than something more apt like Qt or even WinForms.

Re:Wow, quite the article...

AMI said that they would do whatever their customers felt like.

And the question is "Who are the customers".

$5 says it's not us.

Re:Wow, quite the article...

[perryizgr8]

i dont see any advantage of efi over bios. my bios works, i don't have to fiddle with it and it is quite fast (~5 seconds). so what's all the fuss about?

Re:Wow, quite the article...

[The+Askylist]

You've obviously forgotten what the old Sparcs were like :-P

Re:Wow, quite the article...

[Microlith]

The primary benefits come in when you're a major system buyer needing to administer many machines, possibly before the OS comes up. But it's better than the BIOS as a whole due to not being limited to the 16-bit modes of the CPU, instead switching rapidly into the 64-bit environment immediately, far easier to develop option ROMs for, and if set up properly, and with properly written option roms (a.k.a. drivers) can boot much faster.

Of course, all of this could have been had with OpenFirmware but Intel decided they were too good for that.

Re:Wow, quite the article...

[lanswitch]

It's not up to the U.S. market to decide whether all pc's should be running SecureBoot. Would China go along with Secure Boot, or would they just design and build their own PC's?

Re:Wow, quite the article...

[k8to]

Doing it in soft/firmware, and doing it right, is definitely preferable. We could go back to jumpering IRQs and DMA channels, but I think we're all happier doing this with software.

Doing it wrong in firmware with no escape clause is pretty bad though.

There *are* unpleasant boot sector type compromises. Old viruses did this of course, but fairly sophisticated attacks are possible.

Re:Wow, quite the article...

"Apple will be the most open hardware maker after this!"
Fanboi.

Re:Wow, quite the article...

[znerk]

Ubuntu, etc will have to plaster "turn-off SecureBoot" all over their site.

... which Microsoft can then point at as an obvious indication that *nix is evil and/or insecure.

Re:Wow, quite the article...

[znerk]

It's not up to the U.S. market to decide whether all pc's should be running SecureBoot. Would China go along with Secure Boot, or would they just design and build their own PC's?

You decide.

Re:Wow, quite the article...

Erm. What they are talking about is equivalent to a jumper. The thing is, people don't think in terms of jumpers anymore. They think in terms of software based alternatives (e.g. in the firmware).

While some vendors won't provide the option to run alternative OSes, some will. At least on a limited range of models. In spite of all of this hysteria of Microsoft wanting to eliminate competitors (which may or may not be true), hardware vendors are in the market of providing products which meet customer needs. And Linux (plus BSD, plus other OSes) are a strong enough part of that picture to matter.

And, for what it's worth, I don't think MS is out to kill competitors. They are certainly trying to limit the reach of competitors, but that is an entirely different matter.

Re:Wow, quite the article...

Please try to sell that idea to the manufacturer of cheap netbooks/laptops... "We want you to add a hardware switch to your devices, that has no purpose other than allowing other OSes to boot". Remember that these are the same people who will give you the absolute worst touchpad because it saves them 2 cents.

That will never work -- unless you define work as "make them die laughing".

Re:Wow, quite the article...

[jedidiah]

I am usually the first to flame Apple but I could see this very well coming to pass.

Apple kit may turn out to be the easiest consumer PCs on which to run the OS of your choice.

Freaky stuff.

Re:Wow, quite the article...

[hedwards]

Just tell that to people whose firmware has gotten infected with malware because some people that never update their BIOS don't want to open their case and flip a switch to do so.

In the past it might have been sufficient, but I'm not sure that's really the case anymore.

Re:Wow, quite the article...

[hedwards]

As opposed to the proposed system where if the manufacturer fucks it up there's pretty much no escape? I'm sorry, but I don't buy that, it seems far more likely that you'd have trouble under the proposed system than the one I'm pushing for.

Re:Wow, quite the article...

[wzinc]

Fanboi + right == fine with me

Re:Wow, quite the article...

[s.petry]

Lock you out of your OS? How about disable devices the vendor does not like, or modify device priority favoring who they like. I agree that BIOS security is lacking, but an OS and OS Vendor is not who we the consumers should be trusting to correct the lack of security.

Not really that surprising

[robot256]

After all, when you're simply pushing commodity hardware with no particular value added, adding "can run non-Windows OS" is just another bullet-point feature you can add to your list, and one that even normal people will look for "just in case" they want to try out this Linux thing or whatever. What's the point in locking yourself in if there isn't anything special about the hardware in the first place? Even Apple doesn't limit what its hardware can run, only what its OS will run on.

Besides, there are plenty of enterprise customers running Linux servers and workstations, so making that an option would just add uncertainty to the supply chain and make those customers uncomfortable.

Re:Not really that surprising

[betterunixthanunix]

even normal people will look for "just in case" they want to try out this Linux thing or whatever

The last time I dealt with a "normal person" buying a computer, the conversation went like this:

Me: "...this has 2 gigabytes of ram, which should last you a few years."
Her: "It's so ugly! What about that one, that one looks prettier!"
Me: "That one has a lower end processor and less memory. Are you sure you want something that is less capable?"
Her: "Look they are letting me pick the color!"

Non-technical people are just that: non-technical. Computer makers and especially Apple know exactly how to take advantage of such people, which is what "secure boot" is all about. This is about ensuring that customers can be locked into DRM-laden platforms, plain and simple. Dell will probably have the option described in TFA...in their high end workstations, that are prohibitively priced, with the option disabled for "consumer" systems. My guess is that this will not happen in the first generation of systems with "secure boot," but more likely in the second or third generation, when more "strategic" platforms are deployed out of the box for which DRM is a key part of the control.

Re:Not really that surprising

[mehrotra.akash]

I have personally seen a gril going and asking the salesman : which of these laptops are available in pink After that she bought the one with the least weight among the pink ones She did not check the config even once

Re:Not really that surprising

[Velex]

Her: "Look they are letting me pick the color!"

My case is transparent purple, you insensitive clod. Seriously, going on 12 years, I've had a matching purple power strip and case. Otoh, when I first built my system it was and AMD Thunderbird with a Voodoo 5 Video card. It was pretty kick-ass at the time. These days I have tons of ram, tons of processor, tons of everything, and the best part is, I still have a matching purple case and purple power strip!

Boys.. you just don't get it. Girls.. you don't get it either. I guess I don't know what my point is, other than form + function = win and gender = fail.

Re:Not really that surprising

[Ltap]

Mod parent up. The ability to boot a different OS will become a feature for "serious users" that costs thousands of dollars. The days of installing Linux on older desktop systems for hobby purposes will be over unless someone cracks this stuff.

Re:Not really that surprising

People like you make my head hurt.

Your opinions are not objectively superior no matter how amazing they seem inside your head.

Re:Not really that surprising

that thoundth thuper fabulouth!

Re:Not really that surprising

[Gerald]

I'm confused. Are we supposed to go "tsk tsk" and be dismissive or be impressed that she had clear and concise specs which the vendor was able to meet?

Re:Not really that surprising

[mug+funky]

in a dept store, the laptops all have the same features, save for some corner cases.

there's no shame in "just wanting something to browse on, and maybe some other stuff". if that's what you want, then every machine in the store is good enough.

given that, why on earth wouldn't you choose the prettiest, lightest, cheapest one (though i'd include battery life as well, because using these things in bed with the power plugged in causes awful things to happen to the power jack).

my wife's getting an iPad 2.0. she knows how much i dislike Apple, but the thing is... it's the best tablet out there for plain old tabletty stuff, and has some features the others don't offer, at the same price point.

i can't forbid her to buy it, or it'd expose me for being an arrogant fuck (she MUST NOT FIND THIS OUT about me).

of course, i'll get her old netbook with HDMI and a fuct screen. i'll nuke win7 and put linux on it, like my other netbook. horses for courses.

Re:Not really that surprising

[kimvette]

For all you know, she could be a hardcore geek, and just wanted a cheap notebook she doesn't care about to surf the web at Starbucks.

Not all notebooks have to be powerful enough for realtime 3D modeling and nuclear reaction simulations. :-)

Re:Not really that surprising

[jejones]

"What's the point in locking yourself in if there isn't anything special about the hardware in the first place?"

Don't you remember Microsoft's campaign against "naked PCs" (i.e. computers sold without an operating system)? I'm sure that we'll see a similar campaign for OEM systems and motherboards set up to preclude installing a non-MS operating system.

Re:Not really that surprising

If all she needs is browsing/mp3 player, ocasionally taking laptop to some trip with her, well... whats the problem?

Re:Not really that surprising

[fahrbot-bot]

Me: "...this has 2 gigabytes of ram, which should last you a few years."

My preference would be for RAM that lasts longer that a few years...

Re:Not really that surprising

[Travoltus]

That's like asking for a car that's pink. She picks the lightest weight one. And it turns out it's something on the quality level of a Yugo.

Re:Not really that surprising

I'm a bit disturbed that you felt a need to highlight the gender of the "dumb user" when your own is clearly irrelevant.

Re:Not really that surprising

Did you not read the article, summary or even the title? Keep fantasizing freetard.

Re:Not really that surprising

Do you have anything bouncing in your head that can be observed in reality? Any documents or agreements signed that show this clause? Any leaked email from Microsoft showing this?

More FUD? No thanks.

Re:Not really that surprising

[znerk]

Not trying to tell you how to keep your system running, but if you've been running your system off the same "power strip" for 12 years, you should know that any "surge protection" capabilities it had are extremely likely to be failed at this point, without indicating in any way that it has done so.

On a related note, I run any piece of electronics I purchase from a battery backup, not just a surge strip. This is likely due to me not trusting the power anywhere I've lived in the last 2 decades, but it is also due to my knowledge that the dips and brownouts are just as harmful as the spikes, and a surge protector only covers the spikes.

The way I see it, not buying a solid battery backup to go with your expensive and shiny toy is good only for making sure you'll need to upgrade more often to replace failed components.

Re:Not really that surprising

[znerk]

I have personally seen a gril going and asking the salesman : which of these laptops are available in pink
After that she bought the one with the least weight among the pink ones
She did not check the config even once

If her computing requirements are "check email and shoe-shop online", then she probably didn't need to concern herself over anything other than whether she was able to lug it around, and whether it matched her handbag.

Re:Not really that surprising

[znerk]

If all she needs is browsing/mp3 player, ocasionally taking laptop to some trip with her, well... whats the problem?

In that case, I'd recommend an iPod or android phone. Same price, probably available in pink (or at least a case can be found in that color), and it fits in a pocket instead of requiring yet another bag to carry - unless the laptop bag is an opportunity to find one more "oh so cute" accessory for her outfit?

Re:Not really that surprising

[Robert+Zenz]

What's the point in locking yourself in if there isn't anything special about the hardware in the first place?

You did not get the whole "we're doing everything we can to force Windows upon users" thing Microsoft is doing, right? If every new PC can only run Windows, guess what OS everyone will buy...

Besides, there are plenty of enterprise customers running Linux servers and workstations, so making that an option would just add uncertainty to the supply chain and make those customers uncomfortable.

And? It's not like MS doesn't have salesman.

Re:Not really that surprising

Rather inconvenient platform since most such girls are likely to spend a lot of time chatting away. Not exactly the most convenient thing to do on an 3-4 inch device.

Re:Not really that surprising

A lot of these people know what they want, and "DRM" is a "good thing". Not because it locks out options, but because it locks out bad "options" ... i.e. malware. Things like RAM and GPU and CPU mean little to them because it just doesn't have much impact upon what they do: web browsing, email, casual gaming, etc.. If it did matter to them (e.g. will it play this game) they would start caring more. But the fact of the matter is, it doesn't matter because it doesn't matter ... unless they are into something in particular. Mainstream software targets the lowest common denominator so any hardware works, so that rarely matters much. Malware targets the lowest common denominator as well, so hardware that implements DRM is probably better in their mind.

Re:Not really that surprising

[adolf]

Heh.

The last time I had a discussion like that was with my wife. She wanted to buy an Alienware machine for her gaming fix, and I wanted to build her one from parts.

So she shopped out a reasonable Alienware box, which is easily considered to be the most overglorified brand of PC in the world.

I insisted on competing with a list of parts of similar quality and feature from Newegg, though I skimped a lot on the case (but still included a good power supply).

It turned out that Alienware was only about $150 higher than my total bill of materials on a like-for-like box, included a year of on-site warranty service, and a wide array of choices for color and lighting, and was done.

So if time is money (it is), and warranties are useful (it was, once, for a minor issue), then Alienware would plainly win. And it did: Other than one little problem with the lighting, which they gladly fixed by sending a tech out from 45 miles away to change a little PC board, it's been a completely solid machine.

And so, when it came time to upgrade my own desktop system, I got an Alienware for myself. The case is fucking awesome, both in looks and raw utility, the parts are all of very high-quality, and it worked fine out of the box with zero bullshit and without installing Windows myself. (In neither case was there any crapware to remove.)

So what did buying a pretty-looking computer cost over a boring-looking one? IMHO, all things considered: It was roughly free.

Both systems simply work, and they even every neatly built the Firewire port out into the front panel (along with audio from the X-Fi sound card) using very clever parts and cabling that I simply cannot buy off-the-shelf but which will be compatible with whatever motherboard I install in the future. FFS, even the included DVD burner is the best and fastest I've ever used.

Don't get me wrong. I do really enjoy building/tweaking/hacking my own computers, and have for decades....but, seriously: Just because you get to pick a color doesn't mean that it's a bad deal, and there's more to a quality computer than just the CPU and RAM specifications. (How good are the capacitors? How many lies are behind the power supply's ratings? Would you rather have an EVGA video card with reasonable longevity or a Super Rainbow Happy Flower card with possibly iffy/under-spec'd components? How fast is the hard drive? Is the case actually fucking useable when adding/changing hardware, or is it an unforgivable PITA? Do you want massively-overkilled cooling that can be dialed down to calm-and-useful, or a system that needs to sound like a jet engine in order to barely keep up under load? etc.)

All of this is just two data-points worth of anecdote, but when if the next upgrade cycle requires buying an entirely new system just like the last one did, it's likely to be an Alienware machine. And if it's practical to upgrade the existing box piecemeal instead of replacing it absolutely, the very lovely and easy-to-work-on Alienware case will house whatever it is (including a huge motherboard, full-length PCI cards, and a reasonable abundance of drives) neatly, quietly, and without drama.

Honestly, my only real complaint about the Alienware boxen that I have here is that they're very, very heavy: Shipping weight on the PC alone is something like 80 pounds (including a lot of packaging), and it takes a bit of grunt to move it around. It would be nice if the pretty cases were built from aluminum instead of steel, but that'd easily eat up the monetary price differential vs. a quality DIY solution.

You can go ahead and laugh about "oh but I get to pick a color!!!" all you want, but please realize that there's more to a useful computer than numbers and that it may be advantageous to you if you wouldn't dismiss things so easily just because they happen to cost slightly more.

Re:Not really that surprising

[jedidiah]

So you seriously expect us to believe that the company that was sued repeatedly by the US and other governments for abusive monopolistic behavior is not going to exploit something like this to their advantage?

Why are you making excuses for a thug?

Re:Not really that surprising

[jedidiah]

DRM doesn't lock out anything, or rather lack of DRM doesn't mean anything.

MacOS is a pretty good demonstration of this. So is Linux.

"The lowest common denominator" argument is just retarded. There's plenty of Atari malware that demonstrates this.

Re:Not really that surprising

[jedidiah]

> in a dept store, the laptops all have the same features, save for some corner cases.

No. No, not really.

Laptops in truth have a wide array of features and hardware differences that each can be very significant.

If nothing else, you have to worry about "build quality".

Re:Not really that surprising

DAMN if i could i would down-rate you to zero, from title "microsoft campaign not to sell naked PCs" i expected to see youtube video ad showing some naked girls being "sold" (not in slavery sense) and comparing them to PCs (similar to " you would not steal this movie" from MPAA or "fur is bad" from PETA) what an useless link/waste of time

Re:Not really that surprising

[greed]

Well, you can try and get people like that to make better decisions by explaining why the heavier one in blue is better.

Or you can get a company to make a better lightweight one in pink and get a cut of the action yourself. (Or you can re-skin other vendor's machines; there's a variety of businesses doing that with MacBooks; you can even get pink.)

I can pretty much guarantee the money is found by accepting people as they are and selling them something they think they want. (I don't know how to actually do that, so I remain a cog in the corporate machine.)

Re:Not really that surprising

[KnownIssues]

Because she had the mistaken assumption that the store wouldn't be selling a laptop that was useless, so obviously the only thing of significance that should be different is its cosmetic appearance. She probably also bought a car based on its shape and color and possibly how it felt to drive, gas efficiency, maybe based on safety features if she had kids, but probably not based on horsepower, number of valves, ease of repair, or how easy it is to get to the oil.

We techie people like to get all condescending with women regarding technology because they don't place as much importance on statistics and numbers like we do, but the truth is they just know those things aren't important to them. If an ugly lump of gray plastic in the middle of your living room with wires hanging out and as loud as a jet engine appeals to you then great, but don't expect that to be a selling point for everyone.

I understand she's going to be coming back and complaining that her laptop is too slow. It's the vendor's fault for not selling a fast enough laptop in pink. Don't tell her she has to make a choice between an ugly gray computer that's fast enough or a slow pink computer--tell her how she can make the pink computer as fast as the gray one.

Damn, I'm getting old.

Re:Not really that surprising

[CCurzon]

The way I see it, not buying a solid battery backup to go with your expensive and shiny toy is good only for making sure you'll need to upgrade more often to replace failed components.

That's a feature. "Darn lightning. Honey, I need to buy a new motherboard, processor, video card...."

Re:Not really that surprising

I recall reading somewhere that pink laptops are less likely to be stolen. Maybe a security measure.

Re:Not really that surprising

[Kjella]

I've done something almost the same, minus the pink part. I wanted a *cheap* netbook. Like in, it's so cheap I can afford to break it, have it stolen etc. because you always worry about where your expensive gear is. So I picked the lowest of the low, didn't really care for the config at all. Good thing too, because I half broke it some months later. Sometimes there really is just one variable that matters, and it isn't performance.

Re:Not really that surprising

[grcumb]

That's like asking for a car that's pink. She picks the lightest weight one. And it turns out it's something on the quality level of a Yugo.

Well, I say she's smart - smart enough to choose a laptop that nobody will ever (EVER!) steal from her....

Re:Not really that surprising

[nukenerd]

We are supposed to get the point that typical buyers would not take the slightest account of whether Secure Boot could be disabled or not.

Re:Not really that surprising

[makomk]

The article, summary and title are pure pro-MS spin. All any of the PC manufacturers Ed Bott talked to have actually promised is that they'll still provide the option to run Linux on some of their computers, and I think only Dell has even promised that much. That's entirely consistent with restricting it to a few expensive high-end workstations.

Re:Not really that surprising

[RMH101]

To be honest, for most people *any* current laptop is perfectly capable of dealing with Facebook, email, music and writing a few documents. And cheap enough that you can just buy a new trailing-edge one every couple of years...
Your criteria are probably power and performance. Hers were looks and lightweight portability. Both are equally valid criteria for spending your own money...

Re:Not really that surprising

[znerk]

It turned out that Alienware was only about $150 higher than my total bill of materials on a like-for-like box, included a year of on-site warranty service, and a wide array of choices for color and lighting, and was done.

That's horrible, and you don't deserve to call yourself a system builder.

I was able to duplicate, for all intents and purposes, a $6,000.00 Alienware rig for $2150.00 a couple years ago. With a pretty case, and extra lights. That price included the Windows7 Ultimate license.

Built it for a friend, and the only warranty he decided he needed was the one to three year manufacturers' warranties on the individual components. Then again, it didn't sound like he'd get much better of a warranty from Alienware, despite paying nearly 3 times as much for their rig.

Re:Not really that surprising

[znerk]

Rather inconvenient platform since most such girls are likely to spend a lot of time chatting away. Not exactly the most convenient thing to do on an 3-4 inch device.

Yeah, I've never seen someone "chatting away" on a phone...

Re:Not really that surprising

[adolf]

You don't deserve to tell me what I deserve to be able to call myself. But since you're an asshole, I'd guess that you're used to hearing things like that.

That said: The systems I was comparing were in the $1,500 range, not the $6,000 range, and at this lower price-point a fairly big percentage of the cost is spent on fixed expenses (good motherboard, big PSU, fancy case, DVD-R, good cooling) than on high-margin upgrades that can easily be installed later for far less cash.

That system builders (whether Dell, Apple, Alienware, or IBM, or Joe's PC) often have huge margins on upgrades (as you and your friend discovered) isn't anything new, and is not what is being discussed.

What was being discussed, instead, was the inherent price differential of "pretty" vs. "not-so-pretty." And I have found, in my two examples, the price to be close to zero.

Please do try to understand the discussion next time.

Re:Not really that surprising

[znerk]

This was not an "upgrade" of any kind. This was one of the systems "off the rack", so to speak. The comparison was actually made after the build, "just to see".

The extra money I spent went towards things like big a honkin' video card and a BluRay burner... things like a pair of SSDs for a RAID1 array to boot from. None of these items were "high margin upgrades". None of these would have been cheaper later, when the massive amount of power and the flexibility to perform any and all tasks a system could be asked to was what we were building for in the first place. We did, actually spend about $120 we didn't need to on "pretty" (lights, windowkit, some paint).

What I was discussing was the inherently large price difference between "Comes that way from the manufacturer" and "Built it using a carefully selected list of parts purchased online". I have found, in my two examples, that Alienware is overpriced, and that you're a sad sack of a man who can't, apparently, save any money building it yourself versus "purchasing the one off the rack".

I'm sorry you got stuck at a price point just below where there is a serious difference between "really nice" and "Oh wow".

Re:Not really that surprising

[adolf]

Not sure how you manage to spend $6,000 at Alienware without upgrades. Looking just now, the most expensive base desktop system is about $4k.

But I can see that your reading comprehension is terrible, so I'm just going to assume that your math is equally bad. Or that perhaps you're just legitimately stupid.

(It's OK. We can't all be above-average.)

Re:Not really that surprising

[znerk]

Not sure how you manage to spend $6,000 at Alienware without upgrades. Looking just now, the most expensive base desktop system is about $4k.

But I can see that your reading comprehension is terrible, so I'm just going to assume that your math is equally bad. Or that perhaps you're just legitimately stupid.

(It's OK. We can't all be above-average.)

What part of "a couple years ago" did you not understand? To me, that would imply that I would not be able to price-check using the current website prices, considering the (relatively) rapid changes such a site would undergo, to fluctuate with the component market.

... and you have the temerity to attack my reading comprehension?

Re:Not really that surprising

[adolf]

Sure. Why not?

You made it personal. I'm just trying to keep it that way.

But anyway, let's suppose that we simply rewind to a point roughly a couple of years ago. It sure looks like their most expensive base ("off the rack") desktop system was, amusingly, about $4k at that time, while their least expensive was about $1200.

So if you've got a point to make based on anything even resembling a fact, I'm still waiting for it.

Load your own keys?

[tchuladdiass]

I want to leave secure boot enabled, but put me in charge of the keys. That is, I want to load my own public keys into the system (through a secure channel, such as a bios screen or flipping a physical switch, for example).

Re:Load your own keys?

[fuzzyfuzzyfungus]

You crazy consumer, you. Next you'll be wanting to know your TPM's private endorsement key.

Re:Load your own keys?

[syousef]

I want to leave secure boot enabled, but put me in charge of the keys. That is, I want to load my own public keys into the system (through a secure channel, such as a bios screen or flipping a physical switch, for example).

What's the point of that? Are you frightened your girlfriend/boyfriend/wife/mother/roommate is going to try to install an OS you don't like when you're not watching?

The point of this is blocking people from hacking the OS. It is to keep YOU out not to help you keep others out. If you have the keys it has already failed.

Re:Load your own keys?

[tchuladdiass]

The point is to know that what I'm booting up is what I installed. You know that thing that was invented back in the 80's or so, called a "boot sector virus"? Yes, I know it's kind of hard to get one of those installed on a Linux system, but there are a number of server systems that have been "owned". Right now if I suspect that something is fishy with one of the servers I'm tasked with maintaining, it would be nice to know that all the automatic validity checks I put in starting with the initrd image on up are actually trust worthy. And when you've got several hundred systems to maintain, each with their own patch schedule and different customer group, every little bit helps.

Re:Load your own keys?

[sjames]

Most people don't actually need it at all and should just turn it off. However, others might actually find the feature useful if it exists and they can manage trust on it. Otherwise, it should be left out entirely. Why should I pay for a "feature" that can only act counter to my wishes?

Re:Load your own keys?

Most people don't actually need it at all and should just turn it off. However, others might actually find the feature useful if it exists and they can manage trust on it. Otherwise, it should be left out entirely. Why should I pay for a "feature" that can only act counter to my wishes?

Most people *do* need something to protect them from their own actions. A system like this will prevent an infection from being able to take up permanent residence in a system. Windows already has kernel signing and driver signing in place for x64 systems. Secure Boot is the piece missing at this point. It is closing the door on boot sector rootkits.

Re:Load your own keys?

The point is to know that what I'm booting up is what I installed. You know that thing that was invented back in the 80's or so, called a "boot sector virus"? Yes, I know it's kind of hard to get one of those installed on a Linux system

Say what?
If you can achieve a root local privilege escalation then all you need is: dd if=mybootvirus.bin of=/dev/sda1 bs=512 and you've got it installed. It is not any more difficult than Windows, it's only the fact that most users are more knowledgeable and exploits are less common that protects it.

Re:Load your own keys?

So, you're afraid that you might want to go back to DOS, where boot sector viruses were the norm... Tell you what. On DOS, boot sector viruses were easy. On a modern OS, they are damned hard, and there are plenty of much easier ways, that this won't prevent.

Re:Load your own keys?

[sjames]

And then Miss Sally will get them all some juice and tell them a story before nap time.

A system like that will prevent the kernel itself from being infected on disk. There's a zillion other vectors unless the user is willing to surrender total control to the vendor including only viewing documents approved by the vendor (good luck with that!).

It's also noteworthy that there are SEVERAL known viruses that are signed by (presumably) stolen keys.

Re:Load your own keys?

[tchuladdiass]

Almost every root kit (Unix, Windows, Linux, etc) starts off with modifying the boot sector. Some may even go as far as modifying the BIOS. Now granted that on Unix type systems, root kits are installed after someone hacks your system. But on Windows, I've run into a fairly large number of root kit viruses that have an altered boot sector (the only way I've been able to clean them / detect them is to boot a Linux CD to run a virus scanner -- AVG has a somewhat useable one out).

Re:Load your own keys?

[gmueckl]

But boot sector viruses still happen. I remember a piece (by Kapersky people, I think) on an incredibly well crafted worm that would start out using an own boot sector, propagate the system infection from boot stage to boot stage by patching the newly loaded stage on the fly using data that was stored in a hidden miniature file system. It would even foul up the hard disk driver to redirect accesses to the true boot sector to a copy of the original one that was created during the initial infection.

Ultimately, if such a malicious piece of software is engineered well enough it cannot possibly be detected from within the running operating system (Blue Pill was a good demonstrator for that). So the signature checks in UEFI are the only viable concept to detect if someone wants to mess with your system boot and the checks were obviously designed with that in mind. As far as I understood things, the UEFI spec puts the user in control of signing key management. In this scenario, nothing would prevent Linux from enabling the same checks - and work. The recently published white papers from Canonical and Red Hat explained that nicely.

Re:Load your own keys?

You can use your installation media to clear bootsector malware of any kind!

1.) Boot up to RECOVERY CONSOLE (read only environs of the install media, use this)

2.) Use FixMBR to FIRST fix a bootsector

3.) OPTIONAL: IF a bogus rootkit protects that with a driver (ala hello_tt.sys, from "the indestructible rootkit" a month or so ago)? You can use the DISABLE command to stop said "bogus bootsector protector" driver (again, hello_tt.sys in the case above), which upon reboot disables the protective driver from loading and protecting its bogus bootsector!

* You do those steps, in THAT exact order, with most ANY rootkit (provided their drivers do NOT protect the reg init. area for drivers (which isn't always the case in rootkits, using drivers for that))?

It's history!

(AND, yes, with tools you already OWN if you're a Windows user!)

(Of course, you "penguins" will "conveniently omit" that is possible, as you have... it's that, or you are ignorant of tools Windows has already for the job - take your pick!)

Should the rootkit "haul in" more malware? Well, 2 ways to kill that too (sometimes, rootkits do that also in usermode):

A.) RECOVERY CONSOLE bootup, use the DEL command on the offending malware's files...

OR

B.) ProcessExplorer.exe (to first find the offending exe or, dll/lib even if loaded under another process, infesting/infecting it, to first halt the parent callng process & delete the malware dll/lib on disk being called on).

"Here endeth the lesson" - and you? YOU needed it... period!

APK

P.S.=> You Linux people had best learn more about Windows, before you shoot your mouths off about it, & claim Linux only can "clean it", as you seem to be insinuating, trying to make it appear as if LINUX IS EVEN NEEDED AT ALL!

(Again, I state that, because your IGNORANCE, is utterly astounding)

However, again - I don't think it's ignorance on YOUR part here: It is more CONVENIENTLY ignoring/omitting the fact Windows has tools for that already, on the read-only install media!

You're just sending out your usual "FUD" trying to make it seem as if Linux is necessary for tasks (as Mr. Bott says in his articles, & with TECHNICALLY INACURRATE BULLSHIT from you Penguins)... when, it's QUITE CLEARLY, not!)...

... apk

Re:Load your own keys?

[shutdown+-p+now]

Same reason why it makes sense on Windows - it establishes a chain of trust that lets you make sure that you're still running the boot loader, kernel etc that you have installed - not a rootkit version of the same. It's useful with any OS that potentially has vulnerabilities.

No *Plot* to Lock Out Linux

... but if it turns out that way, oops, our bad. (Not really) Sorry about that.

Just the new modern version of the old mafia line...

"That's a really nice libre operating system you've got there. Be a shame if you couldn't install it on any new PCs you buy. A real shame."

Re:No *Plot* to Lock Out Linux

[inkscapee]

... but if it turns out that way, oops, our bad. (Not really) Sorry about that.

Just the new modern version of the old mafia line...

"That's a really nice libre operating system you've got there. Be a shame if you couldn't install it on any new PCs you buy. A real shame."

Heh, exactly right. It's a farce anyway, because if they were serious about security they wouldn't boot Windows at all.

I doubt that Microsoft would try this

[MrKevvy]

They were successfully sued (albeit more of a slap on the wrist) for antitrust violations simply for bundling a browser with an operating system.

Colluding with hardware manufacturers to actually lock out rival operating systems making them an enforced monopoly is several orders of magnitude more severe. Why would they risk that when other operating systems have such a tiny market share anyways? The possible penalties are not worth it for a small increase.

Re:I doubt that Microsoft would try this

[hedwards]

The difference is that MS is requiring secure boot for a special logo, but not telling manufacturers whether or not to allow other oses to be installed. In practice, I wouldn't be surprised if some vendors opted not to allow people to turn it off or provide alternate keys.

Re:I doubt that Microsoft would try this

[walterbyrd]

MS would just say that the hw makers decided to do it. Besides, MS never gets more than a slap on the wrist.

Why would MS do this? The same reasons that MS funded the scox-scam, and bribed officials in the OOXML scam.

Re:I doubt that Microsoft would try this

[nightfell]

I think it's much simpler than that. For MS to go to any trouble to lock out Linux, Linux would have to be an actual threat to them. Linux's market share is around 1%. It's truly not worth their effort, and it's completely impossible for them to lock Linux out of every PC. The best they could hope for is to lock down some PCs from some manufacturers and some motherboards from some motherboard makers. That's it.

On the other hand, individual PC makers could decide locking their computers to Windows would be beneficial. MS could offer a licensing discount, and quite simply, locking the boot system could help lower support costs for the manufacturer.

Re:I doubt that Microsoft would try this

[gman003]

Besides, MS never gets more than a slap on the wrist.

Not in the US, but the European Union is pretty good at it. Back in 2008 they fined the company over 10% their annual revenue, just for bundling Windows Media Player.

Re:I doubt that Microsoft would try this

[gman003]

That's on the desktop. Which, admittedly, is a major source of revenue for Microsoft, but not the only one. On servers, you're looking at about a 50/50 split (plus or minus 30%, depending on how you define "server" and who's paying for the study). Microsoft is definitely threatened there - they may even be the underdogs in that case.

Re:I doubt that Microsoft would try this

[perryizgr8]

yeah, that was stupid.

Re:I doubt that Microsoft would try this

[Intropy]

Ah, but now you're talking about the market in which people know exactly what they want and how to ask for it. If you're selling a board for the server market, then you're a fool to eliminate half your potential customers by supporting only Windows.

Re:I doubt that Microsoft would try this

[Lando]

I may be way off base here, but though Microsoft was declared to be an illegal monopoly, wasn't their punishment settlement basically an agreement that gave them more control and profit than they had before? I'd have to go back and read through the documentation. That being the case, wouldn't it be in Microsoft's best interest to get in trouble again. Either way, it would be 10+ years before the case went to trial and by that time it would be the defacto standard .

Re:I doubt that Microsoft would try this

[blowdart]

Add to that it's doubtful you'd want to protect a server like this. Lets take bitlocker as an example, as that's an existing Microsoft security technology. It requires a TPM chip, and those aren't common on server boards. Plus, if you reconfigure and reboot you get a BIOS prompt, and you can't easily deal with those remotely. I really doubt this would be rolled out in data centers.

Re:I doubt that Microsoft would try this

[Hatta]

Microsoft was sued for antitrust violations before they started making political contributions. Now they contribute heavily to both parties and lobby the shit out of congress.

Re:I doubt that Microsoft would try this

[shutdown+-p+now]

They were successfully sued (albeit more of a slap on the wrist)

The total cost of the lawsuit in EU for Microsoft was $3.6B. It could easily be larger - at some point the company was fined for non-compliance with an earlier decision at a rate of 1.5 million Euro per day - and EU threatened to increase that to 3 million per day in case of further non-compliance at some point.

So, no, it's not a slap on the wrist. Not if you persist.

Re:I doubt that Microsoft would try this

[shutdown+-p+now]

http://en.wikipedia.org/wiki/European_Union_Microsoft_competition_case

Re:I doubt that Microsoft would try this

http://www.akamarketing.com/palladium-project.html
They have been trying to get this done since at least 2000. And yes, it is exactly locking out everything that they don't want you to be able to run.

Re:I doubt that Microsoft would try this

[randyleepublic]

Yeah but nowadays we bow very, very low to our corporate masters. Who's going to fuck with one of the few profitable US "manufacturers"? This going down, and it is going down in a very fucked way.

Re:I doubt that Microsoft would try this

yeah, that was karma.

TFTFY.

Re:I doubt that Microsoft would try this

[znerk]

Why would they risk that when other operating systems have such a tiny market share anyways?

... because the "other operating systems" are gaining ground?

Re:I doubt that Microsoft would try this

[Lando]

I was thinking of the US case http://en.wikipedia.org/wiki/United_States_v._Microsoft where Microsoft got to continue doing exactly what they were doing and got a green light to continue their business practices without having to worry about getting in trouble for it in the future.

Disabling secureboot implys a Non-Win OS is risky

The requirement to disable Secureboot in order to run a non-Windows OS will imply that the other OS is less secure. Just another way for M$ to try and make the hardware pseudo-proprietary. This is not much different than the 'Windows Key'. Ask yourself, Is this an attempt to incorrectly solve a problem that doesn't exist or just another FUD tactic from a behemoth corporation?

No, that's not a solution

[liquidweaver]

Disabling secure boot is not a solution - it's crippling the security, needlessly. I'd love to hear my Dell rep explain to me on my next round of server purchases that I cannot use a fantastic feature to protect the security of my linux servers because they were too lazy/corrupt to enable me to use my own platform key. I will buy from the vendor who allows my to set the PK, and will not from those who refuse. Period.

Re:No, that's not a solution

Um, the point of secure boot is not just so you trust your own computer, it is also (and perhaps more importantly) so others know they can trust your computer. No vendor with half a brain is going to let you use your own key.

Re:No, that's not a solution

[mystik]

Remote attestation will verify the trust all the way to the root platform key, be it Microsoft's or another vendor.

The power to install my *OWN* key, means *I* have the power to trust that *my* server, with *my* software has not been compromised. This is kind of a big deal, and helps protect against all sorts of rootkits.

A toggle that is simply "Use MS's Key" and "Use no key at all" is not an acceptable option.

Re:No, that's not a solution

it is also (and perhaps more importantly) so others know they can trust your computer

That is not for the vendor or anybody else except the owner to decide. If the owner decides to [not] put in keys
of other parties that may [not] be trusted by others it is their choice. Not yours, not M$ and not anybody else.

Ownership, by definition, is the ability to control something. Not giving owners the keys is a direct attack on
ownership rights, devaluing the product to a rental.

Re:No, that's not a solution

[Penguinisto]

I get the feeling that, come your next server RFP, your HP and Dell sales reps are going to ask you which secure boot version you want - Windows, ESXi, RedHat, or SuSE (maybe, but only because Intel has a hard-on for it as their own preferred server distro). You really won't have any other alternative.

'course, that's going to limit the flexibility, and require you to buy a new server (or buy some sort of firmware/EFI flash utility) whenever you put another OS on it. Then again, considering that you'll be buying something from the vendor, it's not like they're going to lose that much sleep over it...

Re:No, that's not a solution

[betterunixthanunix]

I get the feeling that, come your next server RFP, your HP and Dell sales reps are going to ask you which secure boot version you want - Windows, ESXi, RedHat, or SuSE (maybe, but only because Intel has a hard-on for it as their own preferred server distro). You really won't have any other alternative.

I doubt it, there are too many businesses that need to be able to run whatever they want on their servers. Right now businesses want more flexibility, not less.

What you can bet on, though, is that you will never be allowed to use any of those servers to play movies, music, or video games. The split between "consumer" systems and "enterprise" systems is going to be enforced with secure boot. Consumers will not be able to install their own OSes, or if they do disable or modify secure boot, they will permanently lose the ability to run movie or music playing software. My system has an option to disable the TPM...but once disabled, it can never be reenabled, and there is no reason to think that the new boot process will be any different.

Hackers enjoyed a 30 year victory period, where PCs were available to all and controlled by their users. That period appears to be ending, with the same entrenched media interests reasserting their control. At the end of the day, the secure boot process is about marketing PCs as media consumption platforms. You cannot run whatever software you please on your cable TV box or satellite receiver, nor can you run any software you please on your DVD/Bluray player, nor on your video game consoles. The goal is for your PC to act as a replacement for all of that, and the loss of control is a key step in that process.

Re:No, that's not a solution

[Bengie]

ROFL. You must be new to IT.

Booting from the Network, boot up memtest, booting up WinPE, booting up Spin Rite... All are not signed OSs.

The day IT can't use their tools on the computers is the day billions of dollars of computer orders will suddenly stop going to OEMs.

So, you are absolutely sure that OEMs are going to abandon enterprise customers because they didn't want to pay an extra $0.01 per computer to allow an option to disable secure boot? Think about that for a bit.

In other news, vaccinations don't help, fluoride is a mind control agent, Jews run everything, and OEMs will make secure boot mandatory on desktops/laptops/etc. You must have a very stressful life, being scared about everything.

Re:No, that's not a solution

[The+Askylist]

Are they going to tie ARM into this shit? The new 64 bit chips are due soon, and scalable to 128 cores on a single board.

If it comes to it, I'll run OpenRISC on a FPGA rather than pay dues to the Man...

Re:No, that's not a solution

Huh? It ain't that complicated to unpack a .mkv, decode a stream of H.26n and write it to the framebuffer; ditto for audio. VLC isn't going away any time soon.

Or do you mean playing movies that are distributed on shiny plastic coasters? Yeah, let me tell you how we're not going to be distributing multimedia in The Future...

Re:No, that's not a solution

[logjon]

I don't think SuSE is a maybe, thanks to Novell.

Re:No, that's not a solution

One other thing that the Red Hat/Canonical engineers suggested was that instead of simply disabling Secure Boot, the BIOS could allow the user to generate their own key for whatever bootloader they choose e.g. the one placed there by that Ubuntu released they just installed.

Ed Bott was very careful to overlook this point.

Re:No, that's not a solution

[WorBlux]

You're confusing it with TPM. Secure Boot is just meant to validate the boot-chain.

Duh

[bigstrat2003]

There's never been any real reason to believe that locking down of this feature would happen, apart from FUD. This whole thing is a tempest in a teapot, and it's frankly sad to see how many members of the community are willing to believe that "on by default" necessarily means "unable to turn off".

Re:Duh

[Sasayaki]

For now.

Features like this tend to creep their way in slowly.

- It's something you can turn on.
- It's on by default, but you can turn it off easily.
- It's on by default and you need a CS degree to turn it off.
- It can only be turned off by hacking your system.
- It can only be turned off by hacking your system, and this is illegal to do.

Re:Duh

[TechyImmigrant]

>There's never been any real reason to believe that locking down of this feature would happen, apart from FUD.

This is untrue. An OEM can control whether or not the purchaser can control the keys and trust list on the hardware they sell. There is nothing about secure boot that forces the OEM to take one action or another. Locking down of the feature might well happen on some platforms. Check before you buy.

Re:Duh

[Microlith]

Damnit. Posting to clear bad mod :(

Re:Duh

[bigstrat2003]

Except, as another commenter pointed out already, there's practically no incentive for Microsoft to push such an agenda with PC makers (the market for Linux/other OS desktops is very small compared to Windows, and no threat at this time), while there is a strong disincentive (if caught, they would be slapped HARD). I fully appreciate the nature of slippery slopes, but that doesn't mean that one must assume that we will arrive at the bottom just because the potential is there.

Re:Duh

Except common sense, and past experience, which shows that many a vendor will implement as
little of a feature as will get Windows to boot.

Re:Duh

[bigstrat2003]

The fact that it is possible for something to occur is not a reason to believe that it will occur. It's possible that I'll take horrible offense to one of your posts, engage in some drawn-out process to hunt you down in real life, and murder you brutally. You'd be a fool to spend even a moment's thought worrying about it, however, because such an event is exceptionally unlikely.

Re:Duh

[DarwinSurvivor]

Or they're just making DAMN SURE it won't by making everyone aware of the possibility.

Re:Duh

[betterunixthanunix]

There's never been any real reason to believe that locking down of this feature would happen, apart from FUD

Yeah, because we never saw a company try to pull something like that...

http://en.wikipedia.org/wiki/Xbox
http://en.wikipedia.org/wiki/Playstation_3
http://en.wikipedia.org/wiki/Nintendo_wii

Let us not forget that media consumption is widely considered to be a strategic area for personal computer vendors to move into. We are going to be seeing more and more entertainment moving to PCs, and hardware and software makers can make their systems more competitive in the entertainment marketplace by locking down their products. Remember how the CSS keys were obtained? That is the sort of thing that movie studios want to prevent people from doing in the future, and that means that they are going to fight to ensure that people do not control their own computers.

Just you wait. It won't be the first generation of UEFI systems, it will be a subsequent generation; the feature will be quietly slipped into consumer systems. Companies will advertise to consumers how their systems support some new video distribution system or format, and most people will never even question the loss of control (or notice it). The free software community will be forced to buy high-end workstations or systems from lesser known PC makers, and will be left out of the loop on new media formats as we already are with mainstream gaming.

Re:Duh

[exomondo]

For now.

Features like this tend to creep their way in slowly.

- It's something you can turn on.
- It's on by default, but you can turn it off easily.
- It's on by default and you need a CS degree to turn it off.
- It can only be turned off by hacking your system.
- It can only be turned off by hacking your system, and this is illegal to do.

out of interest, where has such a thing followed that progression?

Re:Duh

[exomondo]

>There's never been any real reason to believe that locking down of this feature would happen, apart from FUD.

This is untrue. An OEM can control whether or not the purchaser can control the keys and trust list on the hardware they sell. There is nothing about secure boot that forces the OEM to take one action or another. Locking down of the feature might well happen on some platforms. Check before you buy.

An OEM can completely lock you out of the BIOS too, this is no different.

Re:Duh

In the masturbatory world-saving fantasies of every basement-dwelling fat fuck that dwells here. Real world? Can't think of any.

Re:Duh

[Penguinisto]

Gaming consoles for starters. Used to be you could mod the unholy crap out of 'em, mod others' boxes, and nobody would care.

Do it now and you're screwed for most online uses of the device. Pass it around, and you're under arrest.

Re:Duh

[bigstrat2003]

To repeat myself from a post further up:

The fact that it is possible for something to occur is not a reason to believe that it will occur.

As a corollary, the fact that something vaguely similar has happened in a not-entirely-related arena is not a reason to believe that the event will occur. Nothing has ever stopped PC manufacturers from locking down their computers in ways that are unfriendly to the consumer. They have not done so. There's no evidence to suggest that they will start doing so now. In fact, there is reason to believe that it will not happen.

The whole thing is pure unsubstantiated FUD, unless someone can drag up a scrap of evidence that PC manufacturers are planning to restrict users from disabling the secure boot feature. And that's not even getting into the common claim that this is a conspiracy perpetrated by Microsoft, which, again, there has been not a scrap of evidence to support that I've seen.

Re:Duh

[nightfell]

For now.

Features like this tend to creep their way in slowly.

Only if there's some reason for them to. Features don't just magically creep in on their own. People have to have some motivation to implement them. So, what's the motivation here?

- It's something you can turn on.
- It's on by default, but you can turn it off easily.
- It's on by default and you need a CS degree to turn it off.
- It can only be turned off by hacking your system.
- It can only be turned off by hacking your system, and this is illegal to do.

Can you cite even one example of this ever happening? How can you say this tends to happen? It's just geek paranoia. Nobody is going to try to stop you from running Linux, and nobody even *can* stop you. The worst thing that can happen is that there will be *some* hardware that can't run Linux, just has been the case since Linus first started this project.

Re:Duh

[betterunixthanunix]

As a corollary, the fact that something vaguely similar has happened in a not-entirely-related arena is not a reason to believe that the event will occur

Not entirely related? Let's see...

• Gaming is a billion dollar industry on both consoles and on PCs.
• The business strategy surrounding PCs is based on media consumption, for which DRM has never been taken off the table.

In general, when large companies with entrenched interests in marketing their platforms to music and movie studios talk about security, it is safe to assume they are talking about the security in the context of preventing people from doing certain things with their computers. Blizzard has invested significant resources in this sort of security, to enforce the rules of their video game and ensure that people have paid the appropriate fees.

There's no evidence to suggest that they will start doing so now.

Does this count?

http://en.wikipedia.org/wiki/Digital_Entertainment_Content_Ecosystem

Re:Duh

[bigstrat2003]

Not entirely related? Let's see... Gaming is a billion dollar industry on both consoles and on PCs. The business strategy surrounding PCs is based on media consumption, for which DRM has never been taken off the table. In general, when large companies with entrenched interests in marketing their platforms to music and movie studios talk about security, it is safe to assume they are talking about the security in the context of preventing people from doing certain things with their computers. Blizzard has invested significant resources in this sort of security, to enforce the rules of their video game and ensure that people have paid the appropriate fees.

That's not entirely related, as I said. What happens on gaming consoles has some relevance to what happens on general-purpose PCs, but not total relevance. They are not the same market, and it doesn't follow that a trend in one will happen in the other.

Does this count?

Not in the least. Even if your link showed that there was an incredible concerted effort to cram DRM down the throats of unwilling consumers everywhere (which it doesn't, the existence of the consortium described there doesn't tell us about their actions), it doesn't provide evidence that PC manufacturers are going to disable the ability to change the secure boot parameter, which is the specific issue under discussion. I happen to agree that there is a strong push from media companies to create DRM as strong as possible, but that general trend is not evidence to suggest that this specific thing will happen. There are many other ways that such a trend could manifest itself, and this would be taking unnecessary steps (locking the OS down to Windows doesn't do any good unless you ensure that your media could only be played on Windows... but that step alone fulfills the requirements, because simply installing an alternative OS won't circumvent that restriction).

Re:Duh

out of interest, where has such a thing followed that progression?

Audio and video copy protection. It used to be that any 10-year-old with a ghetto blaster or $5 set of RCA cables could make a mix tape or back up his CD collection. Then came the analog hole, macrovision, and now the DMCA and ACTA, making it effectively illegal to exercise you own rights under copyright law, or--heaven forbid--share information.

This is pretty basic stuff.

Re:Duh

[styrotech]

Well if MS has no incentive to push this agenda, why don't they seem interested in adding one clause to their requirements that would eliminate even the potential for slippery slopes.

All they have to do is require that all OEMs give the user the ability to control this (which is most OEMs will do anyway). The whole issue goes away and nobodies default security is any less than it would've been anyway.

After all, even Windows only users should want that control over their hardware - who the hell trusts OEMs not to screw something up later?

Or has Apple trained us all to be meek little consumers that have no problem ceding all responsibility to the manufacturer?

Re:Duh

[clarkn0va]

hardware and software makers can make their systems more competitive in the entertainment marketplace by locking down their products.

O the irony of that statement! And yet I concede that in this twisted world you are indeed correct.

Re:Duh

[exomondo]

Gaming consoles for starters. Used to be you could mod the unholy crap out of 'em, mod others' boxes, and nobody would care.

Do it now and you're screwed for most online uses of the device. Pass it around, and you're under arrest.

Yeah but was never something you could just flip a documented switch to turn on/off, unlike Secureboot or any other BIOS features.

Re:Duh

[Microlith]

Even if your link showed that there was an incredible concerted effort to cram DRM down the throats of unwilling consumers everywhere

And yet, in the face of DRM system after DRM system being introduced, you deny that the industry isn't explicitly taking this route? HDCP was created by Intel, this boot lockout method was developed by a consortium including Apple, Microsoft, and Intel as the biggest players. Virtually every ARM chip includes such system-crippling capabilities and it is regularly deployed. Microsoft has created and unleashed multiple DRM systems, Apple continues to use DRM on virtually everything except Music and OS X. Ebooks are plagued out the gate with DRM.

They have been trying for a long time now to ram DRM down our throats. Here is the perfect chance to take yet another possible avenue of piracy away.

it doesn't provide evidence that PC manufacturers are going to disable the ability to change the secure boot parameter

No, but it's a pretty easy conjecture. Consoles, tablets, and smartphones have shown that so long as you don't unduly hinder people's ability to tune out and consume, they generally won't put up a fuss. And as a bonus, you can recruit them to shout down those who disagree with your actions.

locking the OS down to Windows doesn't do any good unless you ensure that your media could only be played on Windows... but that step alone fulfills the requirements, because simply installing an alternative OS won't circumvent that restriction

Well, they don't need to worry about ensuring it doesn't play on other platforms because you won't be able to boot other platforms. And if they are truly concerned, they could always store the keys in a TPM module, and ensure it goes from the TPM module to the CPU's cache for decryption and ensure it never hits system memory.

Re:Duh

All they have to do is require that all OEMs give the user the ability to control this (which is most OEMs will do anyway). The whole issue goes away and nobodies default security is any less than it would've been anyway.

I thought MS forcing OEMs to do anything was evil. But when its something that YOU want, its evil NOT to force OEMs. Funny how that works.. But then again I am not an anti-ms troll.

Re:Duh

because whether a vendor adds it or not is NOT something they should be writing into any contract, Why would ANYONE want Microsoft to start putting requirements into OEM contracts for anything but there own stuff, it is moronic and would set a terrible precident, if you don't trust the OEM's then complain to the OEM's, don't look to an even bigger bastard to stomp on there necks to do your job for you, the only thing that will result from that is both of your necks being hurt.

Re:Duh

How hard would it be to install a new bios? I am a little ignorant here, so let me try to explain. Would a group of manufacturers be able to drive up the cost of a new bios to the point where it would be not only something that a relative few could do themselves, but also be something that would also be cost prohibitive? The legality seems less important to me (consumer) because I am not worth the time to chase on an obscured and greyed area of the law.

Re:Duh

[benjymouse]

Except common sense, and past experience, which shows that many a vendor will implement as
little of a feature as will get Windows to boot.

Right, so that is why I cannot change BIOS settings. Oh wait...

Re:Duh

[znerk]

All they have to do is require that all OEMs give the user the ability to control this (which is most OEMs will do anyway). The whole issue goes away and nobodies default security is any less than it would've been anyway.

I thought MS forcing OEMs to do anything was evil. But when its something that YOU want, its evil NOT to force OEMs. Funny how that works.. But then again I am not an anti-ms troll.

Forcing someone to allow choice sounds suspiciously like "Do not remove freedoms", to me. Guess you must be a pro-MS troll.

Re:Duh

[vga_init]

Don't forget the OLPC XO-1. I got one of the original XO-1 units sold to the public, and its firmware was locked pretty good and would only load signed code. In order to just gain access to the firmware, I had to electronically send my laptop's serial number to the OLPC project, and they had to send me back a special code that would unlock the firmware *temporarily* (this happened whenever the code was present on a removable storage device during boot). Upon doing that, I then further had to modify an environment variable in the firmware to disable boot security on the device once and for all. Of course, that couldn't stop someone from simply booting into the firmware prompt and re-enabling it with a single command, causing the headache all over again. And guess what? I don't even have the unlock code anymore!

Re:Duh

Well, if media corporations insist on not selling me their products then I will be more than happy to find a suitable alternative.

Re:Duh

[makomk]

If you've got an OEM machine, you probably can't change most of the BIOS settings. A lot of OEM BIOSes even do things like disabling virtualization and removing the option to re-enable it.

Re:Duh

[drsmithy]

Yeah, because we never saw a company try to pull something like that...

Your examples are all devices designed and sold as specific-purpose appliances, not general-purpose computers.

Do you have any more a bit more relevant ? Can you offer a reason why this would suddenly happen now, and not twenty years ago when the PC world was vastly more homogenous ?

Re:Duh

[kiwix]

Well, making a private use copy of a song or movie you buy used to be pretty simple in the analog days.

Then came Macrovision. And CSS. And AACS. And the DMCA.

If you want an example of a specific feature that was pushed onto users, HDCP is a good one. Initially it was implemented in monitors just in case your next OS would need it, and then it became mandatory in order to watch any HD content.

SecureBoot is exactly the same. TPM have been present in many computers in the last years, just in case some people would have a use for them. SecureBoot will make them mandatory if you want some shiny sticker. Soon enough it will be mandatory if you want to watch some media or play some games. Microsoft have been working on something similar for almost ten years.

There are some good reasons to use such a system, for security (it can prevent some kind of malware), or in order to access files in a way that the author can control (security sensible documents, or media and games). But there's also a bunch of bad reasons: maybe Microsoft have some patents and they plan to collect royalties, maybe they want to make money out of an App Store and prevent you from installing foreign applications, maybe they want to kill some competition...

In any case, there are two things that are quite wrong:

• 1. Most users will give away the control of their machine to Microsoft and Big Content. Even of I don't have to do the same that worries me.
• 2. I really don't like the idea of hardware manufacturers giving Microsoft a special access to my hardware, and I sure hope they will be mandated to give me the power to revoke that special access and give it to someone else.

Re:Duh

[malignant_minded]

Companies will advertise to consumers how their systems support some new video distribution system or format, and most people will never even question the loss of control (or notice it). The free software community will be forced to buy high-end workstations or systems from lesser known PC makers, and will be left out of the loop on new media formats as we already are with mainstream gaming.

While I agree it is likely and annoying I also think it is a good thing in many ways. I know so many people that run VLC or some other OSS because the awesome stuff like WMP wants me to install a codec "How come I can hear it but can't see my movie!" They have no clue what OSS is just that they can google VLC anytime they get a PC and watch their kids baby movies without a second thought on tweaking software or downloading codecs. These kind of artificial walls have made the community stronger by providing a goal to strive for. Be better than that shit.

Re:Duh

Let me try and explain it like I would to a four year old. Microsoft sells operating systems. OEMs sell computer hardware. OEMs want operating systems to run on their hardware. They negotiate pricing agreements with Microsoft on volume licences. Microsoft says that if an OEM wants to use Microsofts logo on their machine to market their hardware they must allow Microsofts OS to boot in a particular way. Microsoft does not give a fuck whether you can run Linux or Amiga or whatever the fuck else you morons want to run on it.

Freetards want Microsoft to force OEMs to be friendly with non-MS operating systems. in other words they want that Microsoft basically help their competition. Why the fuck is Microsoft obligated to do that?

You don't have any "rights" or "freedoms" to dictate what private businesses should or shouldn't do in voluntary contracts.

Re:Duh

Newsgroups.

Open wifi.

Re:Duh

[MrVictor]

out of interest, where has such a thing followed that progression?

One major one that I can think of is the kernel mode code signing policy for all 64-bit versions of windows starting with Vista. In XP it was something that you could turn on. With Vista it became harder and harder to turn off. Now you can turn it off with a BIOS setting or something but the OS will refuse to play any protected DRM content. There were a few hacks published that got around all of this.

So the answer to your question is a definite yes.

Re:Duh

[TechyImmigrant]

The fact that it is possible for something to occur is not a reason to believe that it will occur. It's possible that I'll take horrible offense to one of your posts, engage in some drawn-out process to hunt you down in real life, and murder you brutally. You'd be a fool to spend even a moment's thought worrying about it, however, because such an event is exceptionally unlikely.

The two are not equivalent. There's only one of you. There are many OEMs. The odds stack up differently.

Re:Duh

It is called DMCA.

Remember that? where it was suddenly illegal to use refurbished ink cartridges? (at least until the court knocked it down). Where it is illegal to listen to your own music or watch your own movies?

Re:Duh

[Dunega]

This is the very definition of FUD.

Re:Duh

[Microlith]

Why would ANYONE want Microsoft to start putting requirements into OEM contracts for anything but there own stuff

Because they've been convicted of abusing their position in the market to benefit themselves at the cost of competition?

if you don't trust the OEM's then complain to the OEM's, don't look to an even bigger bastard to stomp on there necks to do your job for you, the only thing that will result from that is both of your necks being hurt.

I'm sure the OEMs are more than willing to ignore Linux users in exchange for being friendly with Microsoft.

Re:Duh

Seatbelts.

Originally an "option" on new vehicles. You could buy a car with them or without.

Next up, they came in every car, but you could choose whether to wear them or not.

Now they come on every car, and it's mandatory that you wear them, and illegal if you remove them.

Re:Duh

[gmueckl]

This may have been part of a scheme to decrease the (black market) resale value of these units in order to minimize theft. I think they were pretty concerned about that when designing these computers.

Re:Duh

[styrotech]

Huh? They're already making OEMs that want the sticker comply to a much bigger list of requirements. What's the problem with closing one loophole that gives all buyers the same freedom as most buyers from decent OEMs will get anyway?

Closing that loophole will not affect the functionality, security, or configuration of the majority of hardware one bit. What is really wrong with it?

By doing this MS will only putting their money where their mouth is - they are saying this won't be a problem. Why not ensure it won't be a problem for anyone - not just Linux users?

I don't get why all these pro MS posters see a problem with that. Surely no sane Windows user would want an OEM to be in charge of the keys determining what their machine can boot without the ability to bypass themselves it at a later date.

I'm really surprised how far this Apple walled garden thinking has permeated into Windows users. Then again, wasn't much of the success of Apple due to the OS vendor being able to shut out any shenanigans from OEM manufacturers or telcos? Why wouldn't MS want to protect their own users from crappy OEMs?

Re:Duh

[styrotech]

Let me try and explain it like I would to a four year old.

You're not acting like you're explaining it to a four year old, rather you're explaining it as if you were a four year old.

Freetards want Microsoft to force OEMs to be friendly with non-MS operating systems. in other words they want that Microsoft basically help their competition. Why the fuck is Microsoft obligated to do that?

No, they're wanting the status quo. They are wanting MS to make an extremely minimal change to the new requirements that they're forcing on OEMs anyway. And this change is something most OEMs initially will do anyway, so will not require any extra work for them.

This isn't wanting MS to help them gain some new priviledge, this is wanting MS to not do things in a way that will hinder them.

Are you trolls so jealous of Apple that you want that locked boot loader experience on your PCs? What the hell is really wrong with MS asking all OEMs to leave in the firmware option to disable this the same way the majority of OEMs (at least initially) will do anyway?

Re:Duh

This isn't wanting MS to help them gain some new priviledge, this is wanting MS to not do things in a way that will hinder them.

What are you smoking buddy?

1) Microsoft says, hey OEMs if you want to use our logo and brand for marketing you give us X
2) Freetards say, hey Microsoft why don't you force OEMs to do Y and Z.
3) Microsoft says, We dont care what OEMs do with Y and Z. Its irrelevant to us. They are free to do what they want.
4) Freetards say, OMG.. Microsoft is evil.

Re:Duh

[styrotech]

OK then my anonymous troll - what possible issue could you have with ensuring secure boot is always able to be disabled by the user? What possible detrimental effect is that going to have on your future Windows 8 PC purchases, or MS itself, or any OEMs, or anyone else?

How is it that you think MS making OEMs ship secure boot, shipping it enabled, shipping it with the Windows 8 keys etc etc not forcing them to do something (just a friendly business deal), but suddenly now adding the requirement to keep secure boot configurable (which most OEMs are going to do anyway) is now suddenly some draconian "forcing them to do X and Y" and the most pressing issue facing pro-MS trolls at the moment?

It's just a tiny implementation detail that matches the default settings in a whole bunch of harder stuff the OEMs will already have to comply with, and makes ZERO difference to the majority of systems shipped.

After all, MS is insisting (seemingly on faith) that secure boot will always be able to be disabled. What is wrong with MS codifying what they say will happen anyway? There is no trade-off here - it's just a sentence or two added to a draft document that will match what mostly is already going to happen anyway. What exactly is the big deal?

Isn't that putting their money where their mouth is and defusing the whole issue? Or would they rather fuel the FUD and conspiracy theories?

Re:Duh

[exomondo]

But Secureboot is only required for Windows, not for any other operating system. Do you really expect that motherboard manufacturers will - for some reason - disallow disabling of it and effectively allow only Windows to be installed on systems built with their peripherals? There's no reason they couldn't have done this before if they wanted to.

Re:Duh

[exomondo]

Where it is illegal to listen to your own music or watch your own movies?

I'm not sure you understand the DMCA, i'm no advocate of it but i know it hasn't prevented me from legally watching my own movies or listening to my own music.

Re:Duh

[exomondo]

But that's just a Windows thing, if you choose not to run Windows you aren't hamstrung by kernel mode code signing. The issue here is that if - for some unspecified reason - secureboot could not be turned off there would be no alternative OS, but of course if OEMs or motherboard manufacturers wanted to lock people in to windows there's no reason they couldn't have done it before.

Re:Duh

[MrVictor]

Umm, you asked for an example of such a feature creeping its way in and I gave you one.

SecureBoot is just a Windows thing too. If you just build you own computer from scratch you aren't hamstrung by SecureBoot.

Re:Duh

[exomondo]

SecureBoot is just a Windows thing too. If you just build you own computer from scratch you aren't hamstrung by SecureBoot.

Did you read the article? Or even the summary? Or the comment thread? Secureboot is a component of UEFI, the concern has been that for some unspecified reason motherboard manufacturers or OEMs would prevent Secureboot from being turned off and would therefore only boot an OS corresponding to the embedded keys.

Re:Duh

How wonderfully naive you are. Past experience tells us what to look out for. Microsoft are still as evil as ever and this is a company that virtually forced OEMs to only sell Windows (through illegal deals that gave OEMs much better prices if they only sold Windows). Now, Microsoft were eventually busted for it, but too late to help their competitors, so they won't be so blatant about it this time round, they'll just make sure they keep the deals completely off the record to give them plausible deniability.

I do really hope I'm wrong. But this article was apparently written by a Microsoft shill (according to other posters here) who did minimal investigation, so I wouldn't count on it being accurate, assuming he told no outright lies the statement from Dell seems a positive one. The one from HP seems indefinite and would they really admit involvement in a conspiracy even in they were, but hypothetically if they were the spokespeople wouldn't be told anyway. And the one from AMI is irrelevant, AMI will make the UEFI firmware to the specs the hardware manufacturers ask them to.

They is always the possibility the fuss the people in the FOSS community are making over this makes Microsoft back off from any coercion of the OEMs lest they get another anti-trust case against them, so what might have happened if no fuss was may be different to what will happen now.

Re:Duh

what possible issue could you have with ensuring secure boot is always able to be disabled by the user? What possible detrimental effect is that going to have on your future Windows 8 PC purchases, or MS itself, or any OEMs, or anyone else?

What kind if stupid shoolboy logic is this? There are plenty of things I don't care about. That doesn't mean that all of them *MUST* be in the contract or else MS is suddently evil.

is now suddenly some draconian "forcing them to do X and Y" and the most pressing issue facing pro-MS trolls at the moment?

Who says it is? People respond to comments. You should ask why slashdot wants to "suddenly" hype a non-issue turing it into yet another Us-versus-them comment troll fest.

After all, MS is insisting (seemingly on faith) that secure boot will always be able to be disabled. What is wrong with MS codifying what they say will happen anyway? There is no trade-off here - it's just a sentence or two added to a draft document that will match what mostly is already going to happen anyway. What exactly is the big deal?

Nobody has said that secure boot will always be able to be disabled. They simply don't care about any other OS other than windows.

"Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows"

http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx

Isn't that putting their money where their mouth is and defusing the whole issue? Or would they rather fuel the FUD and conspiracy theories?

LOL... so the problem here is that MICROSOFT who wasn't the one that started the conspiracy theory is to blame? Instead of the myriad of fretard blogs, slashdot ms-bashing, and other speculation from IT magazines? Are you high or something? Slashdot trolls and freetards alike feel that when nothing is written about specifically in a contract it implies that any possible conclusion out of the giant set of all possible conclusions in reality is equally probable. Thats the problem here. The defective brains of freetards.

Re:Duh

[MrVictor]

Calm down. I know what secureboot is. I should have said it is a Windows thing since the fear is MS will be conspiring with PC makers to lock out linux using it. I was simply trying to give you an example of such a feature progression.

Re:Duh

[styrotech]

What kind if stupid shoolboy logic is this? There are plenty of things I don't care about. That doesn't mean that all of them *MUST* be in the contract or else MS is suddently evil.

You must really not care about this - it shows in the vehement way you keep replying.

Nobody apart from a few loopy internet posters is claiming MS is evil over this. Hell I trust MS to do the right thing far more than I trust the most/all OEMs, that is why I'd like MS to ensure ALL it's customers have control over their boot loader. It's a requirement that won't affect the good OEMs or MS at all, and just prevents some bad OEMs messing with peoples ability to control their own hardware.

Why do you seem so concerned about sticking up for the right of bad OEMs to take away customers control over their boot loader?

This is what MS said in that very same post you linked to:

At the end of the day, the customer is in control of their PC. Microsofts philosophy is to provide customers with the best experience first, and allow them to make decisions themselves. We work with our OEM ecosystem to provide customers with this flexibility. The security that UEFI has to offer with secure boot means that most customers will have their systems protected against boot loader attacks. For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision.

All I'm asking is for MS to ensure that is what happens and write it into the requirements. It can't be that big of a deal and writing down in one place must be much be easier than talking to every OEM and trying to cajole them into following MS wishes - surely?

I just can't understand why someone would resist this so strongly.

Re:Duh

[exomondo]

Secureboot is in no way a Windows thing, it can be used for securely booting any OS. Whether MS uses it in their product is irrelevant, they don't have control over the feature unlike kernel-mode driver signing.

Re:Duh

[MrVictor]

Wow. You are a pedant troll. Go back to kindergarten where you belong.

Re:Duh

[exomondo]

Oh grow up, pointing out that Secureboot is a UEFI feature and not a Windows feature is hardly pedantic.

Re:Disabling secureboot implys a Non-Win OS is ris

Ask yourself, Is this an attempt to incorrectly solve a problem that doesn't exist or just another FUD tactic from a behemoth corporation?

Neither. You present a false dilemma.

No. Its worse than it looks.

[unity100]

If it was something that was really locking linux out in an apparent fashion, matter could be taken into courts.

But now customer is not prevented from doing it - but, this time will need to be able to get into bios, turn it off, and only after that install linux.

as you can readily agree, vast majority of computer users would not even know what 'bios' was. so, if a non-tech person from idaho was recommended linux, and got ahold of a cd and attempted to install it ............ go figure.

This situation will make it slower for linux proliferation in mainstream, due to the tech aptitude threshold. And conveniently too - you cant argue against it because if someone knows what a bios is and what is the setting for allowing other oses, s/he can do it. if not, s/he can not. so convenient.

Re:No. Its worse than it looks.

Yeah, that's it. Linux has just been zipping up the charts in terms of consumer installs. It is surely secure boot that is preventing widespread adoption of Linux.

Re:No. Its worse than it looks.

[FrootLoops]

You understand your argument is that someone who wants to install an alternative OS themselves can't be bothered to change a BIOS setting? How often have you set up a Linux box without the need for any tweaks/configuration that's not harder to do (or figure out/find!) than changing a BIOS setting? I just don't buy it. Yes, this would be a barrier for my grandparents to switch to Linux, but there are so many other things in the way it's ridiculous to focus on that.

That's not to say there might be other, more workable arguments against this feature. It's just that your example situation is ridiculous.

Re:No. Its worse than it looks.

[data2]

I know quite a few people, actually, who have done exactly that and that would be lost in a typical BIOS with all its acronyms. Part of the reason is that most of the software they use on windows (firefox, thunderbird, Libre-/OpenOffice) is there as well, so they already know the names.

Re:No. Its worse than it looks.

If you don't know what a BIOS is, using linux is probably out of the question anyway. Unless you bought a very, very specific combination of hardware that happens to work out of the box (particularly laptop graphics cards and any kind of wireless is at the very least crippled).

Re:No. Its worse than it looks.

[HopefulIntern]

Also, installing Ubuntu these days is as easy (if not easier) than installing Windows. Unless you want to keep a previous windows installation on a separate partition, it really is easy and intuitive enough that anyone could do it.

Re:No. Its worse than it looks.

[jedidiah]

> How often have you set up a Linux box without the need for any tweaks/configuration that's not harder to do (or figure out/find!) than changing a BIOS setting?

That describes pretty much every machine I've installed Linux on in the last 10 years including laptops, low profile HTPCs, and multi-core desktops.

The closest thing to what you are trying to claim would be booting up a MacOS install disk so you can re-partition your system and have it boot in BIOS mode.

Re:No. Its worse than it looks.

[logjon]

I run a debian core + lxde distro on my old netbook (1.6GHz atom + 512m ram) that takes me a few minutes to get running the way I want it to once core is installed.

Re:No. Its worse than it looks.

Given the nvram can be written by the OS, I doub't it'll be a BIOS option. If it is, we can disable it in nvram and then reboot using a convenient autorun. Might get some FPs in Norton, though. We'd also need to recognise a lot of different bioses, but that's nothing a good GitHub project can't solve.

Re:No. Its worse than it looks.

[Crayon+Kid]

so, if a non-tech person from idaho was recommended linux, and got ahold of a cd and attempted to install it ............ go figure.

If someone cannot figure out a BIOS switch then maybe they're not the type of person you want using Linux in the first place.

Why does the Linux community try to woo "lusers"? I've never quite understood this. It's quite a departure from traditional Linux geeks, who abhorred users in the good old fashion of the BOFH.

It's like watching Leonard try to attract Penny in "The Big Bang Theory" and fail over and over. Except here there's not even the prospect of getting some sweet booty out of it. What do these ordinary users bring to the community? Absolutely nothing. Linux and FOSS has always been about contributing and they don't.

Is it some kind of statement, a pride thing? Linux is already everywhere else, does it really grate so much that there's one niche left that a technological dinosaur won't give up?

Will windows 7 run in SecureBoot mode? as if not

[Joe_Dragon]

As if SecureBoot needs to be off for windows 7 to boot then OEM will be just about forced to have it off or at the very least on the business line.

Even then for home use let's see windows 8 metro ui may be a no go for
*metro app only in metro ui, so no steam, no iTunes, and other apps in metro mode.
*app store lock in and censorship for metro apps.
*no multitasking as it is now in metro mode.

I think people will go back to 7 or say 7 is fine.

What if I want to dual boot?

[Osgeld]

Do I have to rip the side of my case off and find a single dip switch between the video card and CPU?

Um nah, that's ok you can keep that.

Hardware manufacturers

Why are they asking Dell and HP, whom honestly although they can request features with the buying power they have, they aren't the ones that make motherboards or bios's. So why are we 1. asking them 2. giving a shit what they answer?

Re:Hardware manufacturers

[petermgreen]

Have you ever worked with big brand OEM systems? Afaict they pretty much always have bioses that have been customised by the OEM to remove options.

missing the obvious, here.

[texaport]

it is really just a plot to keep my reverse-Hackintosh from coming to market. I cannot see how we will ever have an inexpensive, stand-alone Mac running Windows 8 (ie., free from Bootcamp, VMWare or Parallels) Well played, Microsoft.

halloween v.2011?

[rainhill]

No plots? I'll wait for halloween docs version 2011 to confirm this.

dont make stupid arguments.

[unity100]

Something that will slow down something, will slow it down, regardless of how fast or slow that was.

For what its worth

[abednegoyulo]

The freedom of choice on what operating system the user wants on his/her computer is like the freedom of every car owner to select which gasoline station he/she wants to fill his/her car.

Correct me if my car analogy is wrong.

Re:For what its worth

[betterunixthanunix]

How about the freedom to choose an independent mechanic?

http://en.wikipedia.org/wiki/Motor_Vehicle_Owners'_Right_to_Repair_Act

No more easy, idiot-proof installation of $DISTRO

So I guess now people will have to figure out what magical key combination gets them into their BIOS/UEFI setup screens and then find some no doubt confusingly named option to toggle, to be able to boot a Linux (or non-Windows) live-CD at all.. This is sad, because distros like Ubuntu were doing a pretty decent job at making installing Linux idiot-proof.

Wether or not this was some evil plan of Microsoft (there are obviously good reasons why one might desire the secure boot feature), I think this little detail can slow Linux adoption on the desktop more then you might think (and you and I may not care about that, but I understand why the EFF and some Linux hackers do). It means anyone not familiar with PC BIOS setup screens will probably need help installing anything non-Windows.

Personally the only reasonable thing I think that can be done to make this secure boot work without overly complicating non-Windows installs and without confusing users too much is perhaps this: when the BIOS is made to boot code it can't verify, it'll simply ask the user something along the lines of: "An unrecognized operating system has tried to boot. If you are installing a new operating system, press F2, otherwise, press any other key to boot securely."

CS degree? try MS CERT to trun on boot os MS old o

[Joe_Dragon]

CS degree? try MS CERT to trun on boot os MS old or IT CERT / TECH SCHOOL / IT license to trun on boot Linux.

any ways windows lock in with app store lock in will be a MAJOR Anti trust issue.

Also there are industrial systems ruining old software / hardware that will be need to be on there own and I don't think people will like having to be locked into coding for what even UI MS wants to force on you as part of there locked down app store for your system that is running industrial systems.

What about nuclear plans and other places with systems that don't run windows?

Unacceptably thin concession

[mysidia]

Dell plans to have a BIOS switch to allow SecureBoot to be disabled,

Can you please remind me again... what percentage of the average user population knows how to change a BIOS switch?

Currently they can just pop in their knoppix CD or try Ubuntu with a Live CD; No expertise regarding BIOS settings required (normally).

What we have here is an anti-competitive practice being endorsed by Microsoft in the form of a logo validating "Secure" boot.

This is a low blow, and a shoddy attempt to ward away other OSes, and prevent you from booting your computer to whatever application or OS you want to boot it into.

Re:Unacceptably thin concession

In most consumer sistems i have used, you actually have to go into the BIOS to change the boot order, or press a key to go to boot source selection.

If you can do that I don't see why you couldn't disable secure boot, it's just one or two extra steps.

Re:Unacceptably thin concession

How will it be secure if anybody can just pop in a CD and take over the computer?

dom

Re:Unacceptably thin concession

[Bengie]

"Currently they can just pop in their knoppix CD or try Ubuntu with a Live CD; No expertise regarding BIOS settings required (normally)."
Currently they can just run their favorite malware and screw their computer; No expertise regarding BIOS settings required (normally)

I use to be able to run any config I wanted, but now they have all of these "users" and stuff to help keep my machine more secure. Passwords, Users, encryption, tokens, all of this stuff is just trying to make things more confusing. I should be able to have any code run on any computer with full privileges.

It's a conspiracy I tells ya.

Security: What makes things confusing for end users
End Users: Their own worst enemy

Re:Unacceptably thin concession

[bongey]

Who actually runs Lunix on non-servers and has an ounce of sense? 0%

FYI : Millions actually, 500,000 activations every day.
Ever hear of this thing call Android. It is on these thing called "smart phones" . Well this thing call Android , actually runs Linux behind the scenes.

Re:Unacceptably thin concession

[gregrah]

This just isn't a concern for me.

Installing and configuring Linux is difficult. Some slashdot readers will disagree with me, but as CS degree-holder and Linux user who has spent hundreds of hours troubleshooting fresh Linux installations on my own machines (and in several cases reverting back to windows because of some deal-breaker hardware incompatibility issue), I can confidently say that I would NEVER recommend to any of my family members that they attempt to install Linux on their own.

In other words, I view the ability to google for solutions when a strange error message pops up (i.e. when the SecureBoot check fails) as a prerequisite to installing Linux (or any operating system, really) on a system.

For the majority of PC buyers, I think that the added security of SecureBoot far outweighs the potential risk that they might get flustered when attempting to install Linux.

Sure - for developers working on Live CDs, I can see how this would be a pain in the ass. But try to think of the bigger picture.

Re:Unacceptably thin concession

[gregrah]

Somewhat ironically, most of these Android smart phones which have helped bring Linux to the masses also came with a variant of SecureBoot installed.

Re:Unacceptably thin concession

[inkscapee]

This just isn't a concern for me. Installing and configuring Linux is difficult. Some slashdot readers will disagree with me, but as CS degree-holder and Linux user who has spent hundreds of hours troubleshooting fresh Linux installations on my own machines (and in several cases reverting back to windows because of some deal-breaker hardware incompatibility issue), I can confidently say that I would NEVER recommend to any of my family members that they attempt to install Linux on their own. In other words, I view the ability to google for solutions when a strange error message pops up (i.e. when the SecureBoot check fails) as a prerequisite to installing Linux (or any operating system, really) on a system. For the majority of PC buyers, I think that the added security of SecureBoot far outweighs the potential risk that they might get flustered when attempting to install Linux. Sure - for developers working on Live CDs, I can see how this would be a pain in the ass. But try to think of the bigger picture.

Hey that's great, if you're not getting paid to spout baloney you should be! It's very sincere and hardly sounds like a paid shill. Not to mention your total arrogance in believing it is OK to restrict other people's choices because of something you think you have no use for. Anyway protecting the boot sector adds maybe 0.0000000002% additional security to Windows, the guaranteed speed portal to the World Wide Botnet. Computer users who take security seriously don't use Windows. Period.

Re:Unacceptably thin concession

[gregrah]

I'd rather be a paid shill than a crackpot!

Re:Unacceptably thin concession

[gl4ss]

How will it be secure if anybody can just pop in a CD and take over the computer?

dom

exactly.

and it's not like some bioses haven't had similar function before.

what people should be complaining would be for lack of standard bootloading for arm computers.

Re:Unacceptably thin concession

[Florian+Weimer]

And most Android devices have their own equivalent of Secure Boot, limiting consumers what kind of operating systems they can run on the hardware.

Re:Unacceptably thin concession

[bongey]

Only difference is that the hardware manufacturers came out with the standard, no a OS vendor. I have no problem with secure boot , but I do have problem when a OS vendor is trying to dictate the standard, it is a conflict of interest. Now working together with different OS vendors and hardware manufactures would be better.

Re:Unacceptably thin concession

If Knoppix or Ubuntu want to get their signing keys to be recognized by a particular UEFI manufacturer out of the box, they are free to make a deal with OEMs regarding that. There's nothing in Windows 8 certification requirements that restricts OEMs from recognizing other keys. It only requires that Microsoft key is recognized, and that keys are verified by default during boot.

Re:Unacceptably thin concession

[inkscapee]

I'd rather be a paid shill than a crackpot!

You're doing fine being both.

Re:Unacceptably thin concession

[Zontar+The+Mindless]

Installing and configuring Linux is difficult. Some slashdot readers will disagree with me, but as CS degree-holder and Linux user who has spent hundreds of hours troubleshooting fresh Linux installations on my own machines (and in several cases reverting back to windows because of some deal-breaker hardware incompatibility issue), I can confidently say that I would NEVER recommend to any of my family members that they attempt to install Linux on their own.

As someone who's used Linux almost exclusively, on a daily basis, for both work and personal computing for the last six years... I call bullshit.

You are...

[ ] making stuff up

or

[ ] leaving out some important detail(s)

(Check all that apply.)

Re:Unacceptably thin concession

[mysidia]

Installing and configuring Linux is difficult.

What utter nonsense you are spouting.

Download a Gnoppix or Ubuntu Live CD ISO, burn the ISO to a CD, pop it in the CDROM drive, reboot your computer.

THERE you have "installed" and are running Linux from CD.

Configuration is not something that end users do. Good operating systems always use the defaults... Convention over Configuration

Unlike Windows, Linux does not require configuration for basic functionality to work securely.

End users always follow the wizard or GUI with minimal actions, because they don't really understand what's going on inside the appliance (and that's ok), and the result they get is the defaults.

End Users don't know about going into the BIOS, regardless of OS.
End Users don't know about editing files or configurations, regardless of OS.

But end users can still have Linux up and running no problem.

The supposed "secure" boot (which doesn't really add any security), changes matters entirely.

Oh... I see, with SecureBoot if someone gets a boot sector virus, a very rare creature indeed nowadays (since Windows is so easy to infest), instead of having their system boot with the infection, they will have a "Sorry, you cannot boot message"

So for the sake of a mirage of security, Microsoft is getting PC makers to stomp out Linux for end users.

Re:Unacceptably thin concession

[gregrah]

You misunderstand me when I say "configure". The last time I installed linux on a new system (a laptop), I ran into the following issues out of the box:

1. The system would mysteriously hang on boot about 1/3 of the time
2. The system would crash when plugging in an external monitor
3. The system would not resume from suspend
4. The mouse/trackpad would stop responding after a couple minutes of use
5. Battery life was cut in half vs. running windows

By "configure", I meant fix all of the above problems - any one of which I view as a critical showstopper issue - by tweaking drivers, startup scripts, and system params. All of these issues were at least as difficult to solve as flipping a BIOS setting.

Re:Unacceptably thin concession

[mysidia]

By "configure", I meant fix all of the above problems - any one of which I view as a critical showstopper issue - by tweaking drivers, startup scripts, and system params.

That's not "configuring"; that's hacking, which is something done by kernel/driver experts, developers, and maybe IT admins to try to make something broken work.

I would say whatever distribution you were using had a bug when it was being utilized on the hardware that you had chosen.

That's not the general state of Linux -- usually things work much better, at least when you are utilizing a recent version on compatible hardware.

Yes... if you have incompatible hardware there is a chance you may be able to hack system parameters to make it work anyways; don't call that "configuring though"... tweaking driver parameters is an advanced subject.

The existence of broken hardware interfaces that can be made to work with tweaking though, is dismissable as unintentional; either there's a bug in the software, a bug in the driver, or a bug in the hardware -- hardware maker, kernel driver developers share equal responsibility there.

But it's much better than "the hardware deliberately makes alternative OSes not work" because they're not signed, etc, etc

please keep in mind

[Truekaiser]

we are at least a year away from 8 being released. plans change and they might change their minds. it would be pref-able that NO motherboard had this option to start with.

A Call To Arms - Very Important !

If you do not have complete control over the platform key, you DO NOT own your own computer!

Its that simple, if you dont own the master keys, prepare to have DRM and any other technology the government wants shoved down your throat

Think it wont happen?

They already tried: http://www.politechbot.com/docs/hollings.090701.html

Re:A Call To Arms - Very Important !

I forgot to add this:

When you throw a toad in boiling water it jumps right out

If you put it in some cool water and slowly turn up the heat, the toad will stay in there until it boils alive

We are currently that toad and they are turning up the heat, "Trustworthy Computing", TPM chips, Secure Boot, all the technologies are being put in place to take away our rights and implement the Security Systems Standards and Certification Act

Do you think the DMCA is bad?

How bad will DMCA + SSSCA be? You could be arrested for even trying to 'tamper' with your own computer!

The price of freedom is eternal vigilance.

More info on the SSSCA is at http://www.drmwatch.com/special/article.php/3095161

Just you wait, eventually we will be moved in a more and more restricted world, with someone other than us owning the master keys to our own computers

Re:Will windows 7 run in SecureBoot mode? as if no

[tepples]

As if SecureBoot needs to be off for windows 7 to boot

Unless Microsoft releases a service pack that adds UEFI Secure Boot support to Windows 7.

*metro app only in metro ui, so no steam, no iTunes, and other apps in metro mode.

Then press the Windows key to bring up the desktop.

When you switch from hard drive first to CD first

[tepples]

You need to get into BIOS to switch from hard drive first to CD first or USB first anyway. What's the big deal from switching from "hard drive first, secure boot on" to "CD first, secure boot off" or "CD first, import new bootloader key from CD"?

Don't believe it

I don't give that article any credibility because of the completely inaccurate rubbish ZDnet has come out with on that issue already. Their story on Linux Australia and secure boot was far from the truth and very clearly shows that they did not read their source (our mailing list) properly. They claimed that we had a case against MS for a product no where near release because some of us contacted the ACCC and got a canned response saying there was the possibility of court precedings. The reality was that we got canned responses and the council is talking to hardware manufacturers and experts. Considering how far off they were with that, I don't believe that article even slightly. In that article they imply that no FOSS groups are talking to hardware manufacturers, but I know that Linux Aus at the min

Another Benefit

[no-body]

Even if it can be disabled, great FUD argument is that all which disables it is UNSAFE!

It's an ongoing turf war.

Re:Another Benefit

[Prof.Phreak]

Better yet, if OEMs provide only a Windows8 app to disable the bios feature---yes, you *could* do it, but you'll need Windows for it. (yes, I'm speaking of all those OEMs who at one time only had a *Windows* based bios updater).

self-described

[PopeRatzo]

From the comments at the ZD story:

Protecting 99% of users is more important than catering to the whims of a whiny 1%.

Where have we heard that before?

Can you believe Microsoft is using the language of Occupy Wall Street to try to position itself as the "masses" fighting the "whiny 1%" of people who prefer OSS?

ZDNet, Ed Bott, and some Microsoft executives all need to burn in hell.

Re:self-described

Maybe if you'd actually read the article and had any kind of reading comprehension you'd know that that's basically the opposite of Microsoft's actual position. You might also have gathered that that's a comment a user left on the article and that internet commenters tend to be idiots (you being a very good case in point),

Re:self-described

you too, dipshit

Missed the point

[betterunixthanunix]

If your computer is going to run consumption-oriented software, then a priori its owner is assumed to be untrustworthy. This is indeed a security engineering problem: they want to prevent a repeat of the CSS key leak, which was only possible because DVD playing software could be examined. If you choose not to forfeit that sort of control over your computer, you will simply not be allowed to play new movies (not immediately; think 20 years into the future).

"If large numbers of people are interested in freedom of speech, there will be freedom of speech, even if the law forbids it; if public opinion is sluggish, inconvenient minorities will be persecuted, even if laws exist to protect them." -- George Orwell

Re:Missed the point

[Lehk228]

chip still holds the key, a fancy enough antenna(narrowly directed, multi pickup, and a high speed sampler) and a decent AI should be able to pry the key out of the chip by analyzing the electronic noise it makes

Re:Missed the point

[znerk]

chip still holds the key, a fancy enough antenna(narrowly directed, multi pickup, and a high speed sampler) and a decent AI should be able to pry the key out of the chip by analyzing the electronic noise it makes

At that point, I think it would be easier/cheaper just to sue.

For example, if DVD decryption hadn't been broken open and spread across the internet, it might be viable to sue the DVD-making companies to acquire their key in order to decrypt the DVD for "software interoperability" purposes, or sue someone else to acquire whatever information is required in order to make the disc playable.

That is to say: I have a valid, legally-purchased media containing valid, legally-purchased media, and am attempting to utilize valid, legally-purchased hardware to access that media... and it won't work because my PC is running something other than Windows? I can sue Microsoft for anti-trust, I can sue the DVD drive's manufacturer for failure to provide support, I can sue the DVD distributer for failing to indicate that Windows is required in order to use the media for its intended purpose, I can sue the DVD consortium for encrypting the content in the first place.

Alternatively, I could just go torrent it, but that discussion is irrelevant to the current one.

Microsoft Tax

[Rie+Beam]

What about license agreement? I remember the whole "Microsoft Tax" issue a few years back, where it was basically determined that if you purchased a computer and did not approve the license, you could get a refund on the operating system software (i.e., Windows).

If I purchase a computer and have no plans to dual-boot Windows and Linux, how is this not forcing an illegal tie-in on the consumer? In that I literally cannot opt out of using a Microsoft product? Didn't they -just- have huge lawsuits about this a decade ago? Would they be so idiotic as to try to require bundled software once again?

Re:Microsoft Tax

That's actually impossible these days. That was an artifact of the Windows XP license, you can no longer obtain a refund for bundled windows.
Even if you legally could, it's absolutely impossible to get through the wall of customer service drones that insist that Windows was bundled and therefore your only recourse is to return the machine.

Re:Microsoft Tax

[znerk]

More importantly, if you purchase a computer and do plan to dual-boot, this technology could make that an impossibility.

That is, you may not be able to run Windows on a machine that is "compromised" by having the Linux bootloader installed.

The way I see this whole deal

If anything, lock out, if it indeed takes place, is more likely to effect prebuilt of-the-shelf OEM craputers, the ones that don't ship with the OS CD, and are filled to the brim with crapware, ie: things nobody in their sane mind, except the tech illiterate would opt buying. The higher end systems, as well as anything someone builds on their own, will likely not be effected by this.

Re:The way I see this whole deal

[znerk]

If anything, lock out, if it indeed takes place, is more likely to effect prebuilt of-the-shelf OEM craputers, the ones that don't ship with the OS CD, and are filled to the brim with crapware, ie: things nobody in their sane mind, except the tech illiterate would opt buying. The higher end systems, as well as anything someone builds on their own, will likely not be effected by this.

Actually, I find it quite economical to purchase those "craputers" on occasion. No configuration headaches, and with the addition of a decent video card, quite suitable for playing the latest crap games on. Biggest benefit? $400 gaming rig with a 1-year warranty, available immediately (no shipping time, no shipping charge).

Admittedly, if I were going to purchase a PC for "serious" usage, I would build it from carefully selected components, purchased online so as to maximize my bang-per-buck and ensure maximum compatibility and reliability for its intended purpose.

If I just want something to bang on when I'm looking to waste time? Who cares if the power supply won't outlast the warranty? Why worry about a motherboard failing a smoke test 6 months into the purchase? It's cheap enough to replace when the warranty runs out, anyway, so whatever.

Besides, you can always bring it in for warranty work just before the warranty expires, get it running "top-notch" for what it is, then put it in the paper for 75% of what you paid for it and sell it to some other poor schmuck who really doesn't know anything about tech. It boots up, it obviously works just fine.

Re:Your welcome, take some things to heart.

[mug+funky]

I SAID "GOOD DAY".

You don't want to dual boot anyway.

[mark_reh]

I used to dual boot win XP and Ubuntu. Win XP started trashing the file system on the HDD and I tried to run chkdsk to fix it but Grub wouldn't allow chkdsk to run. So the file system kept getting worse and worse and the performance suffered mightily. I finally had to wipe the whole thing and start over.

The best way to run windows in in a virtual machine in the Linux or your choice. Who needs Windows anymore any way? OK, I do- I still need it to run Google Sketchup- and that even requires IE- yuck!

Re:You don't want to dual boot anyway.

[ledow]

Sorry, but you're an idiot. If you dual-boot you can't be an idiot and have to be careful what tools you use to manage the disks. Letting disk corruption just sit there while you continue to use the system is not a "dual-boot" problem, but the problem of you not caring about your data's integrity.

"Grub wouldn't allow chkdsk to run"? Then you need to read the million-and-one articles on how to chkdsk your system when you're running GRUB and/or use the Windows boot CD as you're supposed to. This may involve reinstalling Grub but that's literally a two-minute job.

But apparently that's too much effort for the sake of your data integrity of a system that probably took 10-20 times as long for you to setup.

Dual-boot *isn't* the ideal choice for some. Nor is virtualisation. But if you are going to dual-boot you need to be more careful than just allowing disk corruption to build up, using the wrong tools, and not doing read/write disk checks that modify the MBR on the disk that you're booted from (at least without knowing so and being able to repair the MBR).

"It's not paranoia ...

... if they're really after you." -- H. Ross Perot.

This shouldn't be an issue

[Dogun]

I don't see why linux can't adapt to these boot protection schemes. Self-signed or vendor signed, as long as there's a way to import your key information, what's the issue? Frankly, code signing is a good thing, especially if you can perform it from the ground up.

I understand the anxiety, here, especially given that Sinofsky is not a popular figure and nobody wants to trust any initiative he backs. That having been said, MS (and partners) would be opening themselves up to swift antitrust action again if they were to engage in industrywide attempts to lock out OtherOS.

It's also important to recognize that there are deployments out there where people WOULD like systems where you CAN'T disable secure boot, and have really stringent protections around the boot process. It is unlikely that this type of configuration is one that would be used in the general consumer market; there's too much of a need for boot media and utility software. Imagine not being able to run memcheck or a recovery tool, ever.

Now, really, we need to hear this kind of language from BIOS, mobo, and ready-built systems manufacturers. Overall, an initiative like this is a good thing, but everybody needs to be on the same page. Not foaming at the mouth.

Re:This shouldn't be an issue

[Microlith]

I don't see why linux can't adapt to these boot protection schemes. Self-signed or vendor signed, as long as there's a way to import your key information, what's the issue?

Ah, I see you are utterly oblivious to the topic being discussed. Linux could easily adapt. The problem is that MS is using their position in the industry to bias this security measure entirely in their favor and against any and all Linux platforms. All the vendors will have Microsoft's keys. They are unlikely to have any keys for any Linux vendors, possibly aside from Redhat and SuSE. On top of that, they are extremely unlikely to add key management capabilities into consumer hardware so if you make a custom build of GRUB, LILO, or whatever the *BSDs use, you're shit out of luck.

MS (and partners) would be opening themselves up to swift antitrust action again if they were to engage in industrywide attempts to lock out OtherOS.

Well, it'll just be more subtle than that. MS leaves it open to the whims of vendors, with a helpful nudge into the locked state. And the vendors oblige. No provable conspiracy, just "market forces" at work.

there are deployments out there where people WOULD like systems where you CAN'T disable secure boot

Then, obviously, they should be able to install their own keys and lock out free access to the BIOS.

It is unlikely that this type of configuration is one that would be used in the general consumer market; there's too much of a need for boot media and utility software. Imagine not being able to run memcheck or a recovery tool, ever.

Well, that's why you send it back to the manufacturer or buy a new one. You aren't supposed to understand computers, after all. They're the New TV and the Internet is the new Cable.

everybody needs to be on the same page

And from the looks of things, all the OEMs and system vendors are on the same page. Microsoft's.

Just need self-signing

[pslam]

The solution is obvious: allow installation of your own root certificate. This is supposed to be for security, not vendor lock-in. Without this option, I simply don't believe their intent.

Journalists are Stupid

[Doc+Ruby]

Of course if some big tech corps, that have lived through a decade and more of Microsoft subject to restrictions for abusing its PC monopoly, tell some journalist that they're not going to help Microsoft compete unfairly with Linux then they must be telling the truth.

Journalists are stupid. Especially when they expect the rest of us to be as gullible as they are for a living.

Ophcrack = dead

I'm actually glad we'll have EFI secure boot enabled by default.
Ophcrack is a major security concern for mobile devices running windows.

Whine all you want.

Your warranty is now void.

[XStylus]

PC Manufacturer: "Sure, we'll provide a utility to disable secure boot! To download it, just enter your serial number. Note that your warranty will now be voided."

Re:Your warranty is now void.

[jedidiah]

My current "oldest box" is a Compaq I bought because it was the cheapest thing I could lay my hands on at a regular B&M store at the time.

It has outlasted 2 generations of Mac Minis without a single bit of trouble while the Mac Minis in question have suffered partial or complete hardware failures.

Warranty? Who cares. Those tend to suck anyways.

Re:Your warranty is now void.

[omnichad]

Unfair comparison - laptop parts crammed into a tiny case will last as long as a laptop. This isn't Apple's fault. The point is, anything with adequate cooling and bigger desktop parts will last a long time except for manufacturing defects on components. This is what the warranty is good for anyway.

Reality

[DaMattster]

The story leaked and PC manufacturers became concerned over public outcry and lost sales. I am not naive enough to believe that the thoughts of a locked down boot loader never was given any serious consideration by MS and the hardware manufacturers.

Re:Reality

[Neil+Boekend]

Yeah, but if they have a competent legal department it would laugh at the marketeers who cooked it up.
The EU would fine them for something like 10-20% of their annual revenue (or disalow the sales of MS Windows 8 in EU).

Not everyone needs higher end hardware

[perpenso]

I have personally seen a gril going and asking the salesman : which of these laptops are available in pink After that she bought the one with the least weight among the pink ones She did not check the config even once

And if she is just going to browse the web, maybe use an email client (more likely web based email) and maybe run the bundled word processor what is the problem? I think we are long past the point where even the most modest computer at the local retailer has performance far beyond the needs of casual users. Hell, a tablet plus a bluetooth keyboard is probably an option for many such users.

Re:Not everyone needs higher end hardware

[Therad]

I think you are almost right, except that I would like to add that 90% of what "Power Users (TM)" do can be done on a tablet. Hell, I have almost not touched a computer at home since I bought my Transformer. I would not want to any developing on it, but everything "consumer" related it is perfect for.

Re:Not everyone needs higher end hardware

clueless users are really the ones that needs 8core+ and a massive amount of ram.
Thats the only way for the computer to run normall when they manage to install all the fake antivirus adware etc.

Most cluless people that i help have so much crap running within two weeks that a 286 would be faster to browse the web

Re:Not everyone needs higher end hardware

...which completely misses the point.

The example was not about choosing something underpowered per se, but about the complete lack of concern for the technical specs.

And hence the likelihood that the buyer might give up the freedom to run the OS of their choice on the hardware they have purchased before they are ever aware that they could or should have that freedom.

And because many (most?) will choose complex devices on the basis of what the makers/sellers tell them are this week's 'important features'.

And that offering options costs more than not offering options, especially if those options have very limited mass-market appeal.

And that as a result, those options will be removed, sooner or later.

And then we're stuffed.

Re:Not everyone needs higher end hardware

[nukenerd]

Again, as I said to a similar poster above, the point is not about the power of the PC, it is that typical buyers would not take the slightest account of whether Secure Boot could be disabled or not.

The problem, as you ask and do not seem to have spotted yet, is that it will not be possible to kick Windows off a PC and install Linux or BSD instead - if Secure Boot cannot not be switched off.

That might not be a problem for her, or you, but it will be for me because I am outnumbered by such typical buyers to the extent that the market might not bother to cater for me, except perhaps if I pay a premium.

Re:Not everyone needs higher end hardware

[perpenso]

Again, as I said to a similar poster above, the point is not about the power of the PC, it is that typical buyers would not take the slightest account of whether Secure Boot could be disabled or not.

The larger point is that the system as shipped from the factory exceeded the user's needs. It is nearly a certainty that the system is viewed as an appliance to be used and not something to be tinkered with.

The problem, as you ask and do not seem to have spotted yet, is that it will not be possible to kick Windows off a PC and install Linux or BSD instead - if Secure Boot cannot not be switched off.

You are mistaken. My post found here, http://slashdot.org/comments.pl?sid=2506468&cid=37930364, argues why the purported problem seems to be somewhat hysterical - an inconvenience not the end of the world.

Re:Not everyone needs higher end hardware

[nukenerd]

You wrote :-

"The larger point is that the system as shipped from the factory exceeded the user's needs. It is nearly a certainty that the system is viewed as an appliance to be used and not something to be tinkered with."

Actually, the larger point of this /. discussion is meant to be whether Linux will be locked out of PC's, not whether typical PC's exceeed typical user's needs. Scroll up to the title and see.

Re:Not everyone needs higher end hardware

[perpenso]

You wrote :- "The larger point is that the system as shipped from the factory exceeded the user's needs. It is nearly a certainty that the system is viewed as an appliance to be used and not something to be tinkered with." Actually, the larger point of this /. discussion is meant to be whether Linux will be locked out of PC's, not whether typical PC's exceeed typical user's needs. Scroll up to the title and see.

Well its a good thing that I responded to a specific post about a customer's behavior rather than to the summary.

BTW, I showed that the larger point of the summary is mostly hysteria here: http://slashdot.org/comments.pl?sid=2506468&cid=37930364

Re:Disabling secureboot implys a Non-Win OS is ris

[Intropy]

No. It's a real attempt to solve a genuine security issue dealing with threats like a boot sector virus. The only security implication is that in this one single way the other OS is less secure, and it will actually be true.

what the hell?

[slashmydots]

Yeah, that's so comforting because I know when I think Linux experts, I think of HP and Dell machines sitting on their desks. Ask ASUS how their retail boards' BIOS will be configured.

Re:what the hell?

[Microlith]

when I think Linux experts, I think of HP and Dell machines sitting on their desks

Perhaps not everyone wants to build their own system? Maybe they just want a bunch of identical boxes for whatever task they have at hand?

Ask ASUS how their retail boards' BIOS will be configured.

Considering ASUS gets the Windows logo on all of their hardware, I expect that out of the gate they'll be set to locked mode, maybe with the option to disable it.

But who knows, they might require you download a secondary BIOS image that adds the disable option, but upon installing forces you to agree to give up your warranty. You know, sorta like what the HTC, SE, and Nexus handsets do when you unlock them. Isn't that an awesome thought?

Re:what the hell?

But who knows, they might require you download a secondary BIOS image that adds the disable option, but upon installing forces you to agree to give up your warranty. You know, sorta like what the HTC, SE, and Nexus handsets do when you unlock them. Isn't that an awesome thought?

I was mildly amused when I found that the installer of ASUS' Linux based quick boot environment, MagicGate, was a .msi

Re:what the hell?

[Microlith]

That's ExpressGate.MagicGate is Sony's MemoryStick DRM system.

There will be Linux friendly motherboards ...

[perpenso]

Normal people would not care if the system could run Linux. They don't know how to use Linux, they probably don't even know what it is.

In any case, if the computers found in retail establishments are locked down to run only Windows it hardly matters. Motherboard manufacturers like ASUS, Gigabtye, MSI, etc will surely offer motherboards that are Linux friendly. They already produce motherboards and other products targeting the hobbyist market. Don't want to screw together your own computer? Well there have always been local clone shops and online sites that were happy to build a PC from hobbyist oriented components.

In addition to the hobbyist option above there will likely be professional grade stuff from major vendors. So maybe you have to go to Dell or HP's Small/Home office product line rather than the consumer product line.

Less convenient than what we have today? Sure. You could even say annoying. However it would not be the end of the world for fans of Linux.

Re:There will be Linux friendly motherboards ...

[timbo234]

And what about laptops and netbooks, which are the majority of the 'PC' market today?

Re:There will be Linux friendly motherboards ...

[perpenso]

And what about laptops and netbooks, which are the majority of the 'PC' market today?

Note that one of the motherboard vendors, ASUS, offers laptops. Perhaps other vendors have or will follow them. This would seem probable if the traditional laptop vendors left a void in the market by not supplying Linux compatible models themselves.

Re:There will be Linux friendly motherboards ...

[timbo234]

No, vendors won't. If these locked down UEFI setups (with no off switch or way to import your own keys) become the default it's game over. The void left by the Linux market would be too tiny to make it economically worth producing different hardware designs, especially when margins are already razor thin.

Re:There will be Linux friendly motherboards ...

[perpenso]

No, vendors won't. If these locked down UEFI setups (with no off switch or way to import your own keys) become the default it's game over. The void left by the Linux market would be too tiny to make it economically worth producing different hardware designs, especially when margins are already razor thin.

These vendors are already serving the very small build your own PC market. If this little niche is worth their effort then the Linux community will also be worth their effort.

Re:There will be Linux friendly motherboards ...

[timbo234]

I'm talking about laptops and netbooks and there's no build-your-own market for those. I'm sure it'll always be possible to put together a desktop PC yourself that doesn't have this UEFI stuff locked in, but you can forget about laptops and netbooks.

Re:There will be Linux friendly motherboards ...

[perpenso]

I'm talking about laptops and netbooks and there's no build-your-own market for those. I'm sure it'll always be possible to put together a desktop PC yourself that doesn't have this UEFI stuff locked in, but you can forget about laptops and netbooks.

Nope. One of these motherboard vendors, ASUS, is already offering laptops. Others may follow, especially if a vacuum exists because major vendors don't offer Linux compatible options.

Re:There will be Linux friendly motherboards ...

[timbo234]

You're just repeating the exact same thing you said several posts back, so I'll repeat my answer - no vacuum exists because the market for Linux on laptops and netbooks is too small, no one is going to make special versions of any hardware for the Linux consumer market. If laptops and netbooks get locked-down UEFI with no off option by default then it's game over for Linux.

Re:There will be Linux friendly motherboards ...

[perpenso]

You're just repeating the exact same thing you said several posts back, ...

Well the post I responded to seemed to have missed that post given its laptop comment.

... so I'll repeat my answer - no vacuum exists because the market for Linux on laptops and netbooks is too small, no one is going to make special versions of any hardware for the Linux consumer market.

Pardon the repeat but this was debunked previously too. Given that the very small hobbyist build-it-yourself market is viable the consumer Linux market would seem viable too.

The "special version" is just different BIOS firmware.

Re:There will be Linux friendly motherboards ...

[timbo234]

"Well the post I responded to seemed to have missed that post given its laptop comment."

Huh? My first post was about laptops and netbooks, you're the one who brought the self-build market into it, even though it has nothing to do with laptops.

"Pardon the repeat but this was debunked previously too. Given that the very small hobbyist build-it-yourself market is viable the consumer Linux market would seem viable too."

You haven't debunked anything - the build-it-yourself market exists only because it's just the same parts sold separately as opposed to together in a brand-name box.

"The "special version" is just different BIOS firmware."

This is the whole problem, it's extra hardware and firmware that someone has to pay to develop, when there's no commercial reason to do so given the less than 1% market share of Linux and other 'alternative' OSes.

Re:There will be Linux friendly motherboards ...

[perpenso]

the build-it-yourself market exists only because it's just the same parts sold separately as opposed to together in a brand-name box.

Not really. The retail oriented motherboards are typically different from motherboards in brand name boxes. These differences tend to be more involved than a simple BIOS with different settings as a Linux friendly laptop would require.

Re:There will be Linux friendly motherboards ...

[timbo234]

Aren't the feature differences just because there's a wider choice of motherboards out on the open market when you buy them yourself, whereas in a brand-name computer you only have one or a small number of m'board and CPU choices? And it still has nothing to do with laptops, you can't (in any practical way) choose or change the motherboard in a laptop or netbook.

Re:There will be Linux friendly motherboards ...

[perpenso]

Aren't the feature differences just because there's a wider choice of motherboards out on the open market when you buy them yourself, whereas in a brand-name computer you only have one or a small number of m'board and CPU choices? And it still has nothing to do with laptops, you can't (in any practical way) choose or change the motherboard in a laptop or netbook.

The feature differences in the do-it-yourself market are there because hobbyists are more discerning about features and probably willing to pay a little more, as opposed to mass produced systems that are probably more concerned about costs.

Again, the ***exact same company*** that produces hobbyist do-it-yourself motherboards ***also sells laptops***. If they can service the hobbyist market for motherboards they can service the hobbyist market for linux laptops. The laptops only need a ***slightly reconfigured BIOS***, its a pretty minor thing compared to what they already do.

Re:There will be Linux friendly motherboards ...

[timbo234]

What features and what's an example of a motherboard where there's a difference between what you get if you buy it as part of a packaged PC or as a separate part?

Re:There will be Linux friendly motherboards ...

[timbo234]

And more importantly how does any of this apply to laptops?

Asus making both PC motherboards and laptops really proves nothing. Do they have Linux laptops now or just Windows laptops which might or might not work with Linux, just like everyone else?

Re:There will be Linux friendly motherboards ...

[perpenso]

What features and what's an example of a motherboard where there's a difference between what you get if you buy it as part of a packaged PC or as a separate part?

How about a shiny box that includes panels, cables, etc that are not needed in an mass market factory environment; a printed manual that shows you how to install the motherboard and do things like how to over clock or otherwise configure the timing of the CPU yourself. I believe these retail oriented motherboards also sometimes include more ports than a mass market factory motherboard. Again mass market factory motherboards are more cost oriented and the hobbyist market is more feature oriented.

Even *if* the retail and mass market factory motherboards were the same - which I believe is rarely true - the fact that they have a shiny retail box for hobbyists shows they ***are willing*** to have a separate SKU to keep track of and sell a retail oriented variation and deal with all the administrative overhead that requires.

Even *if* the retail and mass market factory motherboards were the same - which I believe is rarely true - even offering something as simple as a user oriented manual demonstrates the ***are willing*** to endure an additional cost to reach the hobbyist market. Note that a BIOS with a different configuration would be significantly less costly than a manual.

If they are willing to takes steps, including a manual and alternative BIOS, to support hobbyists overclockers surely they would support Linux users.

Next they'll want Windows 8's birth certificate

[FyberOptic]

This is such a ridiculous conspiracy that only Microsoft haters could have roused up so much in people. Microsoft doesn't have the control over PC manufacturers as people seem to think based on all of this nonsense. And manufacturers aren't idiots; they know that they sell plenty of hardware to corporations, networking/hosting companies, research labs, etc, and they know that those clients need machines which can run alternative operating systems without all of this implied dicking around.

What I think it boils down to to some degree is jealousy that Microsoft has taken security so seriously, and even doing some things that Linux is not, so they can't use that same old FUD/rhetoric about their operating system being the most secure or keep implying that Microsoft doesn't take security seriously. Because let's face it, this has been a big part of the pro-Linux fanboy campaign for years. What have they really got left now? Just the old "Micro$haft is for fags." I guess.

Don't get me wrong though, there's nothing wrong with honest Linux advocacy; I've used the operating system for countless things for over 10 years now, and still on a daily basis. For my particular server management/networking/development tasks, it's the best choice for those jobs, and I'd recommend it any day of the week. But, it's not as the main OS on my primary home PC. Nor do I really want it as such. We're not talking about Windows 95 here, even though that seems to be the last thing a lot of the hater camp has any experience with. Win7 is probably the best operating system that I've ever used, and I know a lot of people who agree. Windows 8 has the potential to be even better. So if they think they can better secure countless peoples' machines with a new technology, preventing them from infections which affects the internet for ALL of us, then for crying out loud let them do it without trying to get in a bunch of childish jabs to take their spotlight away.

Knowing Slashdot, a "how much is Microsoft paying you" sort of response to a comment like mine won't come as any surprise at all. But I don't need money to see right through this incredulous conspiracy scenario.

Re:Disabling secureboot implys a Non-Win OS is ris

[Microlith]

It will be true, but not the fault of the OS (rather, an unfair and untrustworthy means of key distribution.)

This is a stupid story.

[RightSaidFred99]

What next, a story on how it turns out 9/11 wasn't an inside job?

Nobody but paranoid neckbeard kooks thought there was some grand conspiracy to lock Linux off of the PC.

Re:This is a stupid story.

[Narcocide]

Well, actually in many ways there IS a grand conspiracy to lock Linux off the PC; luckily for Linux however the conspirators (hardware manufacturers and desktop productivity and gaming software creators, primarily) can't be trusted by their ringleader (Microsoft) any more than the ringleader itself can be trusted.

Re:Will windows 7 run in SecureBoot mode? as if no

[Microlith]

Windows 7 already supports UEFI boot and I'm sure the bootloader and kernel are already signed. I imagine what they don't have is the tight integration between the boot verification and the DRM subsystems/Bitlocker.

Re:Happy November from the Golden Girls!

[inkscapee]

It's a *confident*. Derp...

Confidante... I rather like cosmonaut.

What is SecureBoot?

[FrootLoops]

Am I just out of the loop, or are most people here just talking out of their ass? What is SecureBoot and why is it controversial?

The article assumes you already know what it is. All the highly rated posts assume you already know. Yes, I can pick up some things from context (enough to argue about it even!). No, that does not mean I should post my half-assed opinion as fact.

The fact is, SecureBoot is a hardware manufacturer's issue. If Apple had suggested it, there would be no controversy. And anyway, manufacturers would have to be stupid not to provide an option to disable it / install another OS: it doesn't serve their interests. If Microsoft paid them so that it served their interests, well there's anti-trust for you if I ever saw it. Complete non-issue brought to you by Microsoft Hate (tm).

Re:What is SecureBoot?

[dell623]

Just like all the major manufacturers shipping with Windows pre-installed and charging you a license fee by default should be anti trust if you ever saw it: http://en.wikipedia.org/wiki/Windows_refund

Or that the few manufacturers that dare to let you buy laptops without Windows are forced to charge you retail prices for the license like Clevo, Sager -- you have to pay $99 for a Windows license from them, you really think Dell pays Microsoft $99 per windows license?

Re:What is SecureBoot?

[FrootLoops]

You missed my point. I said "No, that does not mean I should post my half-assed opinion as fact. The fact is, [my half-assed opinion]". I was just trying to show how easy it is to "discuss" this issue while knowing next to nothing about it.

ff

aaa

This is an important issue, we can't be complacent

[dell623]

It is good to hear this from the manufacturers, but I wouldn't take it for granted yet or ever. The manufacturers and Microsoft should be made to feel that they will face massive legal trouble and a repeat of anti trust and monopoly cases if they go ahead. Linux users and anyone else who cares about consumer choice really should make sure this issue doesn't fade away from the news and public debate. I would not be surprised if some time in the future someone sneaks in a machine where it's impossible or unreasonably difficult to install windows.

With the emergence of Apple and all the criticism they receive for some policies, people seem to be forgetting this is Microsoft we are talking about.

- They still bundle Internet Explorer with windows despite it being completely unnecessary. I don't care what components are shared between IE and Windows, I shouldn't be forced to open up Internet Explorer after installing Windows, Windows should ship with other browsers or at least give you the choice to pick a browser to download and install the first time you turn on a laptop or when you install windows - with many consumers, if they open windows and find an icon to IE half the battle is lost, and the amount of time users spend in the browser keep increasing.

- More importantly, almost ALL non Apple laptop brans still ship their laptops with Windows. You still have no choice to ask for a computer with no OS and save on license fees.

- Most laptops still ship with junk like Office starter edition which is a completely useless piece of software with limited functionality solely intended to push users to buy Microsoft Office

This is how Microsoft works, it is fundamental to their business model. People who think this is a non issue should not forget history, or try to buy a Dell or HP laptop without Windows installed.

I have read that you can refuse to accept the Microsoft license agreement for Windows on a laptop and demand a refund on the license price for Windows: http://en.wikipedia.org/wiki/Windows_refund

However very few know about this and the process is so convoluted with no guarantees that it's not worth anyone's time to bother except as a matter of principle.

Does anyone seriously put it past Microsoft and the OEMs to implement something similar with SecureBoot? Here's you new laptop with Windows, Internet Explorer and Microsoft Office starter edition, if you would like to install Linux, you have to contact your manufacturer, ask them to send you an unlock code by post. Or you know you could just use Windows which you have already paid for..

Two things

[peppepz]

They only have to "recommend" two things for this maneuver to stop being a problem.

• Provide the absolute warranty that the feature can be disabled on any PC-compatible machine;
• Provide a standardized, user-friendly way to disable the feature.

Anything less than this, is an unacceptable competitive advantage for Microsoft against its closed-source competitors. I'm not even talking about the user's freedom and open source software here.

Note: by "disabling the feature" I actually mean either disabling the feature completely, or allow it to work with other vendors' signatures.

Re:Happy November from the Golden Girls!

[MightyMartian]

This is ground control to Major Tom... please fuck off

Missed the point - again

[benjymouse]

In the CSS case the player / player software needed to have the private decryption key. Thus there was always the potential for reverse engineering.

In the case of integrity protection (Secure Boot), the UEFI firmware needs a public key. The corresponding private keys needed for signing the boot loader will live in FIPS certified hardware security modules deep within Microsoft (and other OS / boot loader vendors). A HSM does not allow any private keys to be retrieved, but it will allow signing code/cabinet files if you present the correct number of hardware (USB) keys and passcodes.

Careful there...

[Isaac+Remuant]

While I dislike what both Mueller and Bott write, that kind of ad hominem via opinion proxy can be used by anyone.

If you support cause A and someone who is ill perceived, even by yourself, praises you, that doesn't diminish the validity of your cause in any way.

I see this tactic used all too often by mass media to attack people associating them with evil or laughed at characters.

Re:Careful there...

[Rogerborg]

Uh... it's not ad hominem to point out that the listed "experts" have a track record of being wrong, wrong and wrong again, and have been repeatedly caught with their hands in Microsoft's pockets.

Groklaw (under Pamela Jones) has called things correctly far more often than not.

Full Disclosure: On a personal note, I detest that whiny martyr PJ and her horde of White Knight sycophants, but I do have admit that it's hard to find examples of her getting things wrong.

Re:Careful there...

[Isaac+Remuant]

My point was that it sounded (To me) as if you tried to attack Bott solely on the basis of being praised by Florian Mueller.

It's not that important, just a note that such an attack can be used against anyone pretty effectively and is usually by itself.

Re:Careful there...

[grcumb]

My point was that it sounded (To me) as if you tried to attack Bott solely on the basis of being praised by Florian Mueller.

It's not that important, just a note that such an attack can be used against anyone pretty effectively and is usually by itself.

While it's true that guilt by association is a logical fallacy, experience teaches us that people's reputation is rightly affected by the company they keep.

If Rob Enderle, Maureen O'Gara, Dan Lyons, Ed Bott and a total stranger all agree on the same thing, I am naturally inclined to disbelieve (and distrust) the total stranger too, because anyone who is either too stupid or too dishonest to see the blatant falsity of their claims isn't worth paying attention to. Not on that topic, anyway.

Now, if they later redeem themselves, or if they prove to be expert and reliable on unrelated topics, then there's every chance I'll begin to give them the benefit of the doubt on all topics.

Trust isn't a boolean value. It is never absolute. Being associated with known deceivers, though, casts my opinion of a person in a deeper shade of doubt. They'll have to work harder to come back into the light.

Re:CS degree? try MS CERT to trun on boot os MS ol

[znerk]

Your post was unintelligible because public school didn't help you enough. Please learn to spell and punctuate properly before posting again, so that the rest of us can successfully parse your intended meaning.

This has been a public service announcement, as well as an ad-hominem attack.

Thank you and have a nice day.

The real issue, the taboo one

[benjymouse]

Is that someone in the community has realized that even with the ability to import your own keys or switch off secure boot, there is probably a license problem with GPLv3 which will set Linux, BSDs etc at a disadvantage.

To distribute a "signed" GRUB you would be required to make the private key available. Which would undermine the security of Secure Boot and thus there is not a chance that the corresponding public keys could be accepted for distribution with UEFI in new systems.

This is a real security feature, one which will prevent boot sector rootkits which is a threat to *any* operating system. The GPLv3 run afoul of this. This is why FSF wants vendors to implement the draconian "setup mode" scheme.

That is the dirty secret, the taboo: Secure Boot will give a closed source system (or at least a system with secret private keys) a clear security advantage. Rather than coming clean, FSF, Red Hat and Linux Foundation has launched a FUD campaign hoping to stir up enough fear to mandate a considerably worse installation experience for *all buyers* of systems.

Re:The real issue, the taboo one

[oreaq]

To distribute a "signed" GRUB you would be required to make the private key available.

I don't know how secure boot works or what it actually does, so allow me some questions: Why can't you just sign GRUB yourself with your own private key before installing it and then use your own private key for secure boot? Why does GRUB have to be signed by some central authority in order to be used by secure boot?

That is the dirty secret, the taboo: Secure Boot will give a closed source system (or at least a system with secret private keys) a clear security advantage.

Seems to me that "somebody" chose a "secure boot" implementation to achieve just that, i. e. to punish open source systems. Am I missing something here?

Re:The real issue, the taboo one

[Microlith]

even with the ability to import your own keys or switch off secure boot, there is probably a license problem with GPLv3 which will set Linux, BSDs etc at a disadvantage.

Nope. No issue there, so long as you can install your own keys or switch off secure boot. The problem would come if I received a system with secure boot on and a signed GPLv3 bootloader that I could not replace, and was provided no key with which to sign it.

The GPLv3 run afoul of this. This is why FSF wants vendors to implement the draconian "setup mode" scheme.

I like how setting up a system such that it can still be configured by the end user is "draconian" whereas somehow a scheme that is locked by default to Microsoft and only Microsoft is somehow "liberating" I guess?

Secure Boot will give a closed source system (or at least a system with secret private keys) a clear security advantage.

False. As-is, it will give Microsoft and only Microsoft an advantage due to the deliberate difficulty in getting keys out there and adding them to the platform. What SHOULD happen is there should be a menu that allows me to import keys I select, but MS et. al. can't have that happen.

Sorry, your points are trollish at best.

Re:The real issue, the taboo one

[omnichad]

My guess is just the fact that the CD you're booting off of to do it must be signed, and so you'd have to do the signing under windows before burning a disc. Kind of involved.

Re:When you switch from hard drive first to CD fir

[znerk]

You're missing the part where you can't toggle this option in the BIOS - one of MSFT's requirements is that it not be a programmable interface.

At best, we're looking at stepping back a decade in hardware configuration. "No programmable interface" means we have to crack the case and flip a jumper or dip switch. The hardware manufacturers won't mind in the slightest, they'll just begin refusing your warranty because you opened the case - and we're right back to the "black boxes" that computers were 25 years ago.

Not only that, but what were you doing opening the case, anyway? The system comes configured optimally from the manufacturer, there's no reason to be messing around inside it - you must be a pirate!

This is going to have a phenomenal effect on the IT industry, if handled improperly.

This is BS slippery slope

They give u a choice now, so there will be little resistance to ubiquitous implementation, and then they will change their story.
Scumbags at work

-HasHie

"Assure"

"...assures us that they will allow consumers to make their own choice..."

And I hear:

"I can assure you, the state of emergency will in no way be used to violate civil rights."

Because they can predict what others will do with the power in the future. I assure you.

third party?

Since when non-MS OSes are third party? That sounds stupid.

It should not be their choice.

The standard should itself demand some way to ensure that the choice is on users side, not just manufacturers. Because all manufactures and their business is directly and only tied to MS, why would they risk and act against MS will by allowing other OS's?

Re:Duh VT KVM laptops

[Marco+Polo]

really can't think of us getting screwed you've never gotten a laptop with a VT compatible CPU and the option is disabled in bios...
well just go in a turn it on....

OH WAIT.... THERE IS NO MENU OPTION TO TURN IT BACK ON.... so someone must hack the bios to turn it on...

yes i am using a laptop with just such an issue(never dreamed to check that before buying the laptop)

geek paranoia is because we've been screwed over and over...

and if it's not paranoia it's let's keep watch and make sure it does not happen...

but please explain why how VT option is not an option on some laptops... some OEM decided that i should not be able to run VM's(with cpu acceleration) on my laptop?

Just as there's no Nokia plot either

[phonewebcam]

Elop chose the best tool for the job, which happened to be WP7, and apart from him being the 8th largest m$ shareholder when he took the job doesn't have any hidden agenda at all. You can trust Microsoft.

That ok Steve?

You still have not provided any examples

[benjymouse]

of Ed Bott being caught lying. You may dislike what he writes and may disagree with his opinions.

But you accused him of *lying*. And you still have to provide evidence of that.

Re:You still have not provided any examples

"People who make their living in the Linux ecosystem are demanding that Microsoft disable a key security feature planned for Windows 8 so that malware authors can continue to infect those PCs and drive their owners to alternate operating systems."

This is a direct lie, they want a secure way to reset the key set to empty(such as a hardware switch/jumper), and they want it to ship empty. When empty it should boot anything but also accept any keys the orating system gives it. The first time windows boots it will lock the computer to its boot-loader but if you do not turn it on with windows you can install another orating system. This system then has the same option but may also give the user the freedom to change the set of installed keys. The end affect for windows users is the same and so is the security level, but you also get the ability to install things other than Windows, or use a non standard boot-loader for windows which might for instance include a few extra security checks.

Common position from Canonical and RedHat

[alci63]

Canonical (the company behind Ubuntu) and RedHat, as well as a Kernel developper, have published a white-paper regarding the subject. It can be found here http://blog.canonical.com/2011/10/28/white-paper-secure-boot-impact-on-linux/ What they suggest is to let the user manage the keys necessary to allow a secure boot process on any operating system they choose.

MS has won here

[JabrTheHut]

And I don't understand why /. users can't see it.

The minute you have to add in extra steps just to install Linux then MS wins. Comparing Windows to Linux for first-time Linux users, they're going to think "Wow, Windows sure is easy to use. Not like this Linux stuff where before you can even put the CD in you have to start changing settings! When are they going to make Linux easy to use?"

And that sad fact is that this is probably just aimed at stopping people downgrading their PCs to older versions of Windows in the future. Linux - and Hackintoshes - are just the icing on the cake. MS' probable goal is to stop future PC buyers from buying a new PC and downgrading from the future Vista lemons that MS will push on everyone to the future XPs.

Kept your Windows 9 Blu-ray disk set from your last PC? Ah, sorry, you can't install it on your new Intel Core 8-64 machine - you have to keep the Windows 11 with the 'Verified User' core. Secure boot won't let you install anything older than Windows 11. Now remember, only you are licensed to use this OS instance, any other user must purchase and install their own license. Now, get ready for biometric verification, or the police will be querying why you have a stolen copy of Windows when the OS phones them...

Re:MS has won here

[Microlith]

And I don't understand why /. users can't see it.

Err, why do you think people are up in arms?

use win8 to boot a linux dstro

[jjohn_h]

You have got a win8 machine and win8 is in control of the MBR.

You can always boot a Linux distro using grub4dos. Get 'grldr' from its package und put it in c:\ adding an entry like

C:\grldr="grub"

in boot.ini and also a line for your specific distro in c:\menu.lst.

When the machine starts, you will see the win8 boot menu, you pick grub, you see grub4dos boot menu according to menu.lst, you pick your distro.

Re:use win8 to boot a linux dstro

[ledow]

So what do you do when the Windows bootloader has a bug that you can't fix, or sets up interrupt hooks for anything it likes (i.e. snooping on any data it wants without your OS being able to detect?), or fails to boot because it doesn't like a new piece of hardware etc.

That's not really a solution, more a temporary workaround, and of course we'd be able to get *something* working but that's not the point.

Most importantly, though, what if you DON'T HAVE an installation of Windows, don't want to buy one, bought the machine exclusively for Linux etc. If Windows 8 machines MUST have this secure boot thing to run Windows 8, does that mean we MUST boot Windows 8 on them even if we don't want to use it. That's the problem.

Re:use win8 to boot a linux dstro

[TuringCheck]

First of all this won't work - Win8 will refuse to run the grub4dos as it's not signed.

Second, this prevents completely replacing the operating system.

Re:When you switch from hard drive first to CD fir

You are a complete retard.
"Not a programmable interface" means that the OS or something running in the OS can't change the switch.
Because Secure Boot isn't secure, if the Malware can first turn it off and then restart the system to insert itself into the boot chain.

Time to accept the inevitable..

The trouble is, this M$ shill pretty much spot on: the opposition to this technology amounts to whining by a small minority. Even if that wasn't the case, the entire fruits of the information revolution that we have enjoyed for the past few decades is rapidly on the way to the equivalent of a virtual totalitarian police state, because the Authorities will no longer tolerate so much freedom and power in the hands of the 99%.
It is time to accept that those people who genuinely enjoy freedom need to become technologically self sufficient. There is a new revolution gathering pace in the form of those who don't want to rely on consumerism to satisfy their needs and would rather build things for themselves. Right now, all the knowledge you need to continue having what you are used to is still available for anyone who cares to search for it. Start educating yourself on the basic principles of computer hardware, mesh networks, electronics. Sieze the day, for tomorrow that knowledge might be restricted, or forbidden.

Third party operating system?

What's that?

It's not the PCs you have to worry about

[DrXym]

It's the tablets. I seriously doubt any PC manufacturer would give a crap about you installing whatever you like on your PC. PCs will be the way they've always been for the forseeable future.

But if they're selling Windows branded tablets or other hybrid form factors then that's another matter. I would not be surprised if they become contractually obliged to secure the devices given that Microsoft intends them for delivering premium content like apps, videos, music through their own store. It won't be a case of them choosing not to allow rooting but a case of them being unable to allow it.

I think for Microsoft's sake they should back off this since it would end up in the courts and consider another way of securing their content, e.g. a hardware key in the device which is disabled in rooted devices.

Re:It's not the PCs you have to worry about

[letsief]

I'd mod you up if I had points. I think you're absolutely right on tablets. Desktops and laptops will have a way to turn off secure boot for legacy reasons. A fair number of customers will want to run XP/Vista/7, and/or old add-on cards that aren't fully UEFI compatible.

But tablets are another story. There is little expectation that someone would install an old OS on a Windows 8 tablet, since Windows 8 is the first tablet-friendly Windows OS. Yes, there might be some Linux options, but I don't think that will influence the market as much on tablets as it might on desktops or laptops. Just as significantly, the hardware in the tablet is the only hardware you'll ever run on that device. You don't need support for legacy option ROMs to support old add-on cards.

Well, she gets it wrong with Apple

When Apple did to Pystar what SCO did to IBM, Pam is all "Well, you can always just not buy Apple stuff huh" and "Well, it's allowed, that's why there's a DMCA law in the first place, and Pystar can always show the court that this isn't anything to do with copying, just reverse engineering" etc.

She has a significant blind spot when it comes to Apple.

So what

If you're the type of person that runs Linux for your daily usage, and happen to have Microsoft Windows on your system, then when MS try to block Linux, the user is 9/10 going to uninstall windows.

Anyhows, VirtualBox for the win.

Look at Go Corp. to see how this went last time

[WillAdams]

Jerry Kaplan's _StartUp_ should be required reading for anyone in the tech industry who has to do business / compete w/ Microsoft.

Short version --- Microsoft initially supported a dual-boot BIOS which allowed pen computers to be built which would run both Windows and PenPoint (and other operating systems), then pulled support after the initial generation.

William

Dont' forget about NDAs

Ask OEMs about the provisions in their agreements with MS that seek to eliminate competition. We know such exist, because they've been exposed in legal proceedings, yet no OEM will talk about it except under oath in a court of law. Secrecy has always been MS most potent weapon, and no journalist will get a confirmatory answer to this question until MS agree to withdraw their NDAs.

Thank goodness

Pleeeeease Dell be good to the open-source guys & we'll be good to you! :)

Re:Thank goodness

[koan]

Build your own....

Imaging

[domatic]

In my workplace we use FOG to image Windows onto the machines. A toggle to turn off Secure Boot would not suffice. We absolutely would have to be able to sign the bootloader we are serving over PXE. Otherwise, we could be faced with imaging machines then having to manually turn on Secure Boot so the Windows machines will start.

This isn't just about Linux desktops. Many shops use Linux a LOT to make managing Windows easier. I do not fancy having to shell out for a proprietary solution that probably won't work as well as what I downloaded for free.

Re:Will windows 7 run in SecureBoot mode? as if no

[letsief]

It would be difficult to have a meaningful signature on the bootloader right now, given that its the first OS component that is loaded during boot. You need some sort f root of trust that is loaded before the OS, which basically means it needs to be in the BIOS. The bootloader would need to be signed using a private key corresponding to a public key that is loaded on the Windows 8 logo PCs. Since Microsoft probably hasn't even completely gotten that UEFI secure boot signing service up yet, I doubt that the bootloader is signed in a way that is compatible with UEFI secure boot.

Though you're right, Windows 7 already supports UEFI boot. For Windows 7 itself to support secure boot you would probably just need a fairly simple OS update.

But, the bigger problem for existing systems is option ROMs. I doubt Nvidia has released a UEFI device driver for their cards. Secure boot probably forces you down a UEFI-only boot path, meaning you can't execute legacy option ROMs. That might not be a problem for some, except that you probably want to initialize your video card at boot so you can see what's going on.

More Linux "FUD" from you

Just as Mr. Bott said right @ the outset of his article: "The campaign to spread FUD about Windows 8 is picking up momentum. In the past week, high-profile Linux advocates have tried to add fear, uncertainty, and doubt into what should be a smooth process for implementing a new next-generation security feature." from http://www.zdnet.com/blog/bott/leading-pc-makers-confirm-no-windows-8-plot-to-lock-out-linux/4185?tag=nl.e539

More Linux "FUD" from you

Just as Mr. Bott said right @ the outset of his article: "The campaign to spread FUD about Windows 8 is picking up momentum. In the past week, high-profile Linux advocates have tried to add fear, uncertainty, and doubt into what should be a smooth process for implementing a new next-generation security feature." from http://www.zdnet.com/blog/bott/leading-pc-makers-confirm-no-windows-8-plot-to-lock-out-linux/4185?tag=nl.e539

More Linux "FUD" from you

Just as Mr. Bott said right @ the outset of his article: "The campaign to spread FUD about Windows 8 is picking up momentum. In the past week, high-profile Linux advocates have tried to add fear, uncertainty, and doubt into what should be a smooth process for implementing a new next-generation security feature." from http://www.zdnet.com/blog/bott/leading-pc-makers-confirm-no-windows-8-plot-to-lock-out-linux/4185?tag=nl.e539

More Linux "FUD" from you

Just as Mr. Bott said right @ the outset of his article: "The campaign to spread FUD about Windows 8 is picking up momentum. In the past week, high-profile Linux advocates have tried to add fear, uncertainty, and doubt into what should be a smooth process for implementing a new next-generation security feature." from http://www.zdnet.com/blog/bott/leading-pc-makers-confirm-no-windows-8-plot-to-lock-out-linux/4185?tag=nl.e539

More Linux "FUD" from you

Just as Mr. Bott said right @ the outset of his article: "The campaign to spread FUD about Windows 8 is picking up momentum. In the past week, high-profile Linux advocates have tried to add fear, uncertainty, and doubt into what should be a smooth process for implementing a new next-generation security feature." from http://www.zdnet.com/blog/bott/leading-pc-makers-confirm-no-windows-8-plot-to-lock-out-linux/4185?tag=nl.e539

More Linux "FUD" from you

Just as Mr. Bott said right @ the outset of his article: "The campaign to spread FUD about Windows 8 is picking up momentum. In the past week, high-profile Linux advocates have tried to add fear, uncertainty, and doubt into what should be a smooth process for implementing a new next-generation security feature." from http://www.zdnet.com/blog/bott/leading-pc-makers-confirm-no-windows-8-plot-to-lock-out-linux/4185?tag=nl.e539

More Linux "FUD" from you

Just as Mr. Bott said right @ the outset of his article: "The campaign to spread FUD about Windows 8 is picking up momentum. In the past week, high-profile Linux advocates have tried to add fear, uncertainty, and doubt into what should be a smooth process for implementing a new next-generation security feature." from http://www.zdnet.com/blog/bott/leading-pc-makers-confirm-no-windows-8-plot-to-lock-out-linux/4185?tag=nl.e539

More Linux "FUD" from you

Just as Mr. Bott said right @ the outset of his article: "The campaign to spread FUD about Windows 8 is picking up momentum. In the past week, high-profile Linux advocates have tried to add fear, uncertainty, and doubt into what should be a smooth process for implementing a new next-generation security feature." from http://www.zdnet.com/blog/bott/leading-pc-makers-confirm-no-windows-8-plot-to-lock-out-linux/4185?tag=nl.e539

I think

[koan]

If you bought your computer from Dell or HP you have failed a test and should go back to sitting in front of the TV.
If Microsoft had any minerals in their management they would've put an end to all the crap that gets loaded on these Dell's and HP's so that their OS would actually run correctly.

9 times out of ten when i help someone with their computer I advised formatting and installing only the OS, then add only what you need, the rest is bloat and crapware.

This is about security

Linux isn't doing well on that front lately (all current data here):

Not only does Linux have 4x++ the amount of unpatched security vulnerabilities its competitor Windows Server 2008 does, but it bears 3 remotely exploitable unpatched security vulnerabilities (THE WORST KIND!):

http://secunia.com/advisories/44754/

http://secunia.com/advisories/19402/

http://secunia.com/advisories/14295/

The Linux folks are talking DISABLING SECURITY here? They're essentially asking a great security feature BE STOPPED on secure boot!

(Gosh, why's that? So they can continue to hack Windows perhaps?? I'd say so, but it seems lately Linux is taking a HUGE "Beating" on the security-front, see next below on that very note in fact!)

---

3/4 of the CA's breached ran Linux, see here:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

Each was compromised, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/

---

Since you in the business of "ribbing on Windows", well, then it's my "civic duty" to show even MORE CURRENT INFORMATION about Linux being "so secure" (not):

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com (runs Linux) Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

*That's ALL pretty current information... very recent too, & as anyone reading can see? Linux isn't really "big" on security, especially lately!

APK

P.S.=> And, lastly of course? There's ANDROID (a Linux variant/uses Linux kernel) so please, tell us - how's ANDROID doing on the security front?? Not very well...

This is sort of funny on that note in fact: I tried to post all of the known security issues I have catalogued here for it, & SLASHDOT's FORUM ENGINE CAN'T EVEN HANDLE THE LOAD (too many is why)...

Fact is, Android shows anyone that once Linux got a decent share of market on a platform, it too, can be found to be insecure & was benefitting on PC's via "security-by-obscurity" only (lack of widespread usage vs. competitors) & since nobody was using it? Why bother attack it (mindset of hacker/cracker types is this) - this is, how it REALLY is. All the "fud" you heard on /. for years was "LINUX IS SECURE, WINDOWS IS NOT" b.s. ... so much for that, in light of current information above!

There in ANDROID also? Bugs in the kernel too, not just bugs in the JAVA/Dalvik front end have been found on that note also.

Guys, listen - they ALL need work on the security front, every OS there is!

Even though Windows Server 2008 shows less unpatched security vulnerabilities http://secunia.com/advisories/product/18255/?task=advisories [secunia.com] than the Linux CURRENT KERNEL ALONE

Re:This is about SECURITY

[bmo]

Hey APK, there is a reason why everyone hates you.

Take a wild guess as to what it is.

--
BMO

Re:This is about SECURITY

[TangoMargarine]

The Linux folks are talking DISABLING SECURITY here? They're essentially asking a great security feature BE STOPPED on secure boot!

(Gosh, why's that? So they can continue to hack Windows perhaps??

Yeah, because Linux should just say, "Well, it looks like they finally did us in...time to just roll over and die," after 20 years of offering an alternative to the proprietary OS's. Guess somebody should call up Linus and let him know that Linux is completely pointless now and he should find something else to do. Not to mention, claiming that the only reason Linux exists is to "hack Windows" is incredibly dismissive and insulting 1) to the history of UNIX-based/-like operating systems and 2) to pretty much anybody who's ever contributed anything to Linux.

I take it by "4x++" you mean "5x?" Otherwise how about we cut the inflammatory bull and just leave it at "4x+."

Finally, please stop using bold all over the place. It's almost as bad as all-caps.

That Guy Who Signs In
...tango

This is about security

Linux isn't doing well on that front lately (all current data here):

Not only does Linux have 4x++ the amount of unpatched security vulnerabilities its competitor Windows Server 2008 does, but it bears 3 remotely exploitable unpatched security vulnerabilities (THE WORST KIND!):

http://secunia.com/advisories/44754/

http://secunia.com/advisories/19402/

http://secunia.com/advisories/14295/

The Linux folks are talking DISABLING SECURITY here? They're essentially asking a great security feature BE STOPPED on secure boot!

(Gosh, why's that? So they can continue to hack Windows perhaps?? I'd say so, but it seems lately Linux is taking a HUGE "Beating" on the security-front, see next below on that very note in fact!)

---

3/4 of the CA's breached ran Linux, see here:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

Each was compromised, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/

---

Since you in the business of "ribbing on Windows", well, then it's my "civic duty" to show even MORE CURRENT INFORMATION about Linux being "so secure" (not):

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com (runs Linux) Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

*That's ALL pretty current information... very recent too, & as anyone reading can see? Linux isn't really "big" on security, especially lately!

APK

P.S.=> And, lastly of course? There's ANDROID (a Linux variant/uses Linux kernel) so please, tell us - how's ANDROID doing on the security front?? Not very well...

This is sort of funny on that note in fact: I tried to post all of the known security issues I have catalogued here for it, & SLASHDOT's FORUM ENGINE CAN'T EVEN HANDLE THE LOAD (too many is why)...

Fact is, Android shows anyone that once Linux got a decent share of market on a platform, it too, can be found to be insecure & was benefitting on PC's via "security-by-obscurity" only (lack of widespread usage vs. competitors) & since nobody was using it? Why bother attack it (mindset of hacker/cracker types is this) - this is, how it REALLY is. All the "fud" you heard on /. for years was "LINUX IS SECURE, WINDOWS IS NOT" b.s. ... so much for that, in light of current information above!

There in ANDROID also? Bugs in the kernel too, not just bugs in the JAVA/Dalvik front end have been found on that note also.

Guys, listen - they ALL need work on the security front, every OS there is!

Even though Windows Server 2008 shows less unpatched security vulnerabilities http://secunia.com/advisories/product/18255/?task=advisories than the Linux CURRENT KERNEL ALONE

This is about security

Linux isn't doing well on that front lately (all current data here next below on that very note):

Not only does Linux have 4x++ the amount of unpatched security vulnerabilities its competitor Windows Server 2008 does, but it bears 3 remotely exploitable unpatched security vulnerabilities (THE WORST KIND!):

http://secunia.com/advisories/44754/

http://secunia.com/advisories/19402/

http://secunia.com/advisories/14295/

The Linux folks are talking DISABLING SECURITY here? They're essentially asking a great security feature BE STOPPED on secure boot!

(Gosh, why's that? So they can continue to hack Windows perhaps?? I'd say so, but it seems lately Linux is taking a HUGE "Beating" on the security-front, see next below on that very note in fact!)

---

3/4 of the CA's breached ran Linux, see here:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

Each was compromised, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/

---

Since you in the business of "ribbing on Windows", well, then it's my "civic duty" to show even MORE CURRENT INFORMATION about Linux being "so secure" (not):

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com (runs Linux) Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

*That's ALL pretty current information... very recent too, & as anyone reading can see? Linux isn't really "big" on security, especially lately!

APK

P.S.=> And, lastly of course? There's ANDROID (a Linux variant/uses Linux kernel) so please, tell us - how's ANDROID doing on the security front?? Not very well...

This is sort of funny on that note in fact: I tried to post all of the known security issues I have catalogued here for it, & SLASHDOT's FORUM ENGINE CAN'T EVEN HANDLE THE LOAD (too many is why)...

Fact is, Android shows anyone that once Linux got a decent share of market on a platform, it too, can be found to be insecure & was benefitting on PC's via "security-by-obscurity" only (lack of widespread usage vs. competitors) & since nobody was using it? Why bother attack it (mindset of hacker/cracker types is this) - this is, how it REALLY is. All the "fud" you heard on /. for years was "LINUX IS SECURE, WINDOWS IS NOT" b.s. ... so much for that, in light of current information above!

There in ANDROID also? Bugs in the kernel too, not just bugs in the JAVA/Dalvik front end have been found on that note also.

Guys, listen - they ALL need work on the security front, every OS there is!

Even though Windows Server 2008 shows less unpatched security vulnerabilities http://secunia.com/advisories/product/18255/?task=advisories than the Linux CURRENT KERNEL ALONE

This is about SECURITY

Linux isn't doing well on that front lately (all current data here):

Not only does Linux have 4x++ the amount of unpatched security vulnerabilities its competitor Windows Server 2008 does, but it bears 3 remotely exploitable unpatched security vulnerabilities (THE WORST KIND!):

http://secunia.com/advisories/44754/

http://secunia.com/advisories/19402/

http://secunia.com/advisories/14295/

The Linux folks are talking DISABLING SECURITY here? They're essentially asking a great security feature BE STOPPED on secure boot!

(Gosh, why's that? So they can continue to hack Windows perhaps?? I'd say so, but it seems lately Linux is taking a HUGE "Beating" on the security-front, see next below on that very note in fact!)

---

3/4 of the CA's breached ran Linux, see here:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

Each was compromised, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/

---

Since you in the business of "ribbing on Windows", well, then it's my "civic duty" to show even MORE CURRENT INFORMATION about Linux being "so secure" (not):

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com (runs Linux) Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

*That's ALL pretty current information... very recent too, & as anyone reading can see? Linux isn't really "big" on security, especially lately!

APK

P.S.=> And, lastly of course? There's ANDROID (a Linux variant/uses Linux kernel) so please, tell us - how's ANDROID doing on the security front?? Not very well...

This is sort of funny on that note in fact: I tried to post all of the known security issues I have catalogued here for it, & SLASHDOT's FORUM ENGINE CAN'T EVEN HANDLE THE LOAD (too many is why)...

Fact is, Android shows anyone that once Linux got a decent share of market on a platform, it too, can be found to be insecure & was benefitting on PC's via "security-by-obscurity" only (lack of widespread usage vs. competitors) & since nobody was using it? Why bother attack it (mindset of hacker/cracker types is this) - this is, how it REALLY is. All the "fud" you heard on /. for years was "LINUX IS SECURE, WINDOWS IS NOT" b.s. ... so much for that, in light of current information above!

There in ANDROID also? Bugs in the kernel too, not just bugs in the JAVA/Dalvik front end have been found on that note also.

Guys, listen - they ALL need work on the security front, every OS there is!

Even though Windows Server 2008 shows less unpatched security vulnerabilities http://secunia.com/advisories/product/18255/?task=advisories than the Linux CURRENT KERNEL ALONE

This is about SECURITY

Linux isn't doing well on that front lately (all current data here):

Not only does Linux have 4x++ the amount of unpatched security vulnerabilities its competitor Windows Server 2008 does, but it bears 3 remotely exploitable unpatched security vulnerabilities (THE WORST KIND!):

http://secunia.com/advisories/44754/

http://secunia.com/advisories/19402/

http://secunia.com/advisories/14295/

The Linux folks are talking DISABLING SECURITY here? They're essentially asking a great security feature BE STOPPED on secure boot!

(Gosh, why's that? So they can continue to hack Windows perhaps?? I'd say so, but it seems lately Linux is taking a HUGE "Beating" on the security-front, see next below on that very note in fact!)

---

3/4 of the CA's breached ran Linux, see here:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

Each was compromised, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/

---

Since you in the business of "ribbing on Windows", well, then it's my "civic duty" to show even MORE CURRENT INFORMATION about Linux being "so secure" (not):

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com (runs Linux) Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

*That's ALL pretty current information... very recent too, & as anyone reading can see? Linux isn't really "big" on security, especially lately!

APK

P.S.=> And, lastly of course? There's ANDROID (a Linux variant/uses Linux kernel) so please, tell us - how's ANDROID doing on the security front?? Not very well...

This is sort of funny on that note in fact: I tried to post all of the known security issues I have catalogued here for it, & SLASHDOT's FORUM ENGINE CAN'T EVEN HANDLE THE LOAD (too many is why)...

Fact is, Android shows anyone that once Linux got a decent share of market on a platform, it too, can be found to be insecure & was benefitting on PC's via "security-by-obscurity" only (lack of widespread usage vs. competitors) & since nobody was using it? Why bother attack it (mindset of hacker/cracker types is this) - this is, how it REALLY is. All the "fud" you heard on /. for years was "LINUX IS SECURE, WINDOWS IS NOT" b.s. ... so much for that, in light of current information above!

There in ANDROID also? Bugs in the kernel too, not just bugs in the JAVA/Dalvik front end have been found on that note also.

Guys, listen - they ALL need work on the security front, every OS there is!

Even though Windows Server 2008 shows less unpatched security vulnerabilities http://secunia.com/advisories/product/18255/?task=advisories than the Linux CURRENT KERNEL ALONE

This is about SECURITY

Linux isn't doing well on that front lately (all current data here):

Not only does Linux have 4x++ the amount of unpatched security vulnerabilities its competitor Windows Server 2008 does, but it bears 3 remotely exploitable unpatched security vulnerabilities (THE WORST KIND!):

http://secunia.com/advisories/44754/

http://secunia.com/advisories/19402/

http://secunia.com/advisories/14295/

The Linux folks are talking DISABLING SECURITY here? They're essentially asking a great security feature BE STOPPED on secure boot!

(Gosh, why's that? So they can continue to hack Windows perhaps?? I'd say so, but it seems lately Linux is taking a HUGE "Beating" on the security-front, see next below on that very note in fact!)

---

3/4 of the CA's breached ran Linux, see here:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

Each was compromised, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/

---

Since you in the business of "ribbing on Windows", well, then it's my "civic duty" to show even MORE CURRENT INFORMATION about Linux being "so secure" (not):

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com (runs Linux) Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

*That's ALL pretty current information... very recent too, & as anyone reading can see? Linux isn't really "big" on security, especially lately!

APK

P.S.=> And, lastly of course? There's ANDROID (a Linux variant/uses Linux kernel) so please, tell us - how's ANDROID doing on the security front?? Not very well...

This is sort of funny on that note in fact: I tried to post all of the known security issues I have catalogued here for it, & SLASHDOT's FORUM ENGINE CAN'T EVEN HANDLE THE LOAD (too many is why)...

Fact is, Android shows anyone that once Linux got a decent share of market on a platform, it too, can be found to be insecure & was benefitting on PC's via "security-by-obscurity" only (lack of widespread usage vs. competitors) & since nobody was using it? Why bother attack it (mindset of hacker/cracker types is this) - this is, how it REALLY is. All the "fud" you heard on /. for years was "LINUX IS SECURE, WINDOWS IS NOT" b.s. ... so much for that, in light of current information above!

There in ANDROID also? Bugs in the kernel too, not just bugs in the JAVA/Dalvik front end have been found on that note also.

Guys, listen - they ALL need work on the security front, every OS there is!

Even though Windows Server 2008 shows less unpatched security vulnerabilities http://secunia.com/advisories/product/18255/?task=advisories than the Linux CURRENT KERNEL ALONE

This is a test

Slashdot will not let me comment anywhere, so I'm writing this to give it another try, even if it's spam.

This is about SECURITY

Linux isn't doing well on that front lately (all current data here):

Not only does Linux have 4x++ the amount of unpatched security vulnerabilities its competitor Windows Server 2008 does, but it bears 3 remotely exploitable unpatched security vulnerabilities (THE WORST KIND!):

http://secunia.com/advisories/44754/

http://secunia.com/advisories/19402/

http://secunia.com/advisories/14295/

The Linux folks are talking DISABLING SECURITY here? They're essentially asking a great security feature BE STOPPED on secure boot!

(Gosh, why's that? So they can continue to hack Windows perhaps?? I'd say so, but it seems lately Linux is taking a HUGE "Beating" on the security-front, see next below on that very note in fact!)

---

3/4 of the CA's breached ran Linux, see here:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

Each was compromised, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/

---

Since you in the business of "ribbing on Windows", well, then it's my "civic duty" to show even MORE CURRENT INFORMATION about Linux being "so secure" (not):

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com (runs Linux) Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

*That's ALL pretty current information... very recent too, & as anyone reading can see? Linux isn't really "big" on security, especially lately!

APK

P.S.=> And, lastly of course? There's ANDROID (a Linux variant/uses Linux kernel) so please, tell us - how's ANDROID doing on the security front?? Not very well...

This is sort of funny on that note in fact: I tried to post all of the known security issues I have catalogued here for it, & SLASHDOT's FORUM ENGINE CAN'T EVEN HANDLE THE LOAD (too many is why)...

Fact is, Android shows anyone that once Linux got a decent share of market on a platform, it too, can be found to be insecure & was benefitting on PC's via "security-by-obscurity" only (lack of widespread usage vs. competitors) & since nobody was using it? Why bother attack it (mindset of hacker/cracker types is this) - this is, how it REALLY is. All the "fud" you heard on /. for years was "LINUX IS SECURE, WINDOWS IS NOT" b.s. ... so much for that, in light of current information above!

There in ANDROID also? Bugs in the kernel too, not just bugs in the JAVA/Dalvik front end have been found on that note also.

Guys, listen - they ALL need work on the security front, every OS there is!

Even though Windows Server 2008 shows less unpatched security vulnerabilities http://secunia.com/advisories/product/18255/?task=advisories than the Linux CURRENT KERNEL ALONE

looks like:

m$ is joining the "occupy" movement ... occupy your bios

Re:CS degree? try MS CERT to trun on boot os MS ol

This was painful to read.

The Appstore on Apple and Google devices has not caused a "major anti-trust issue", how is this different?

Unlike Apple's appstore, this does not lock all developers out of the system. The Win Appstore only locks out developers that write Metro apps. Unless you want to write Metro apps "running industrial systems", I don't see an issue here.

This feature's about SECURITY

Linux isn't doing well on that front lately (all current data here):

Not only does Linux have 4x++ the amount of unpatched security vulnerabilities its competitor Windows Server 2008 does, but it bears 3 remotely exploitable unpatched security vulnerabilities (THE WORST KIND!):

http://secunia.com/advisories/44754/

http://secunia.com/advisories/19402/

http://secunia.com/advisories/14295/

The Linux folks are talking DISABLING SECURITY here? They're essentially asking a great security feature BE STOPPED on secure boot!

(Gosh, why's that? So they can continue to hack Windows perhaps?? I'd say so, but it seems lately Linux is taking a HUGE "Beating" on the security-front, see next below on that very note in fact!)

---

3/4 of the CA's breached ran Linux, see here:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

Each was compromised, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/

---

Since you in the business of "ribbing on Windows", well, then it's my "civic duty" to show even MORE CURRENT INFORMATION about Linux being "so secure" (not):

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com (runs Linux) Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

*That's ALL pretty current information... very recent too, & as anyone reading can see? Linux isn't really "big" on security, especially lately!

APK

P.S.=> And, lastly of course? There's ANDROID (a Linux variant/uses Linux kernel) so please, tell us - how's ANDROID doing on the security front?? Not very well...

This is sort of funny on that note in fact: I tried to post all of the known security issues I have catalogued here for it, & SLASHDOT's FORUM ENGINE CAN'T EVEN HANDLE THE LOAD (too many is why)...

Fact is, Android shows anyone that once Linux got a decent share of market on a platform, it too, can be found to be insecure & was benefitting on PC's via "security-by-obscurity" only (lack of widespread usage vs. competitors) & since nobody was using it? Why bother attack it (mindset of hacker/cracker types is this)!

Yes folks, from the mindset of hacker/crackers - this is, how it REALLY is.

All the "fud" you heard on /. for years was "LINUX IS SECURE, WINDOWS IS NOT" b.s. ... so much for that, in light of current information above, and yes, next below too!

There in ANDROID also? Bugs in the kernel too, not just bugs in the JAVA/Dalvik front end have been found on that note also.

Now, lol, the "Penguins" are trying to get a great security feature disabled to boot (pun intended) apparently, because they aren't able to keep pace with changes?

Tough cookies!

Guys, listen - they ALL need work on the security front, every OS there is!

Even though Wind

An answer (on security, & Linux specifically)

Linux isn't doing well on that front lately (all current data here):

Not only does Linux have 4x++ the amount of unpatched security vulnerabilities its competitor Windows Server 2008 does, but it bears 3 remotely exploitable unpatched security vulnerabilities (THE WORST KIND!):

http://secunia.com/advisories/44754/

http://secunia.com/advisories/19402/

http://secunia.com/advisories/14295/

The Linux folks are talking DISABLING SECURITY here? They're essentially asking a great security feature BE STOPPED on secure boot!

(Gosh, why's that? So they can continue to hack Windows perhaps?? I'd say so, but it seems lately Linux is taking a HUGE "Beating" on the security-front, see next below on that very note in fact!)

---

3/4 of the CA's breached ran Linux, see here:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

Each was compromised, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/

---

Since you in the business of "ribbing on Windows", well, then it's my "civic duty" to show even MORE CURRENT INFORMATION about Linux being "so secure" (not):

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com (runs Linux) Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

*That's ALL pretty current information... very recent too, & as anyone reading can see? Linux isn't really "big" on security, especially lately!

APK

P.S.=> And, lastly of course? There's ANDROID (a Linux variant/uses Linux kernel) so please, tell us - how's ANDROID doing on the security front?? Not very well...

This is sort of funny on that note in fact: I tried to post all of the known security issues I have catalogued here for it, & SLASHDOT's FORUM ENGINE CAN'T EVEN HANDLE THE LOAD (too many is why)...

Fact is, Android shows anyone that once Linux got a decent share of market on a platform, it too, can be found to be insecure & was benefitting on PC's via "security-by-obscurity" only (lack of widespread usage vs. competitors) & since nobody was using it? Why bother attack it (mindset of hacker/cracker types is this)!

Yes folks, from the mindset of hacker/crackers - this is, how it REALLY is.

All the "fud" you heard on /. for years was "LINUX IS SECURE, WINDOWS IS NOT" b.s. ... so much for that, in light of current information above, and yes, next below too!

There in ANDROID also? Bugs in the kernel too, not just bugs in the JAVA/Dalvik front end have been found on that note also.

Now, lol, the "Penguins" are trying to get a great security feature disabled to boot (pun intended) apparently, because they aren't able to keep pace with changes?

Tough cookies!

Guys, listen - they ALL need work on the security front, every OS there is! However, the Pengui

He implied Linux Penguins stated

TECHNICAL INACCURACIES (which they did, in order to mislead others via "FUD" & right @ the outset of his article!)... he called a spade, a spade, plain & simple!

LOL, & the Linux crew's trying to DISABLE A GOOD SECURITY FEATURE AS WELL!?/b> Man, please... lol, just because they can't keep up with changes I'd say.

HOWEVER - On that note, specifically security?

* See here (Linux isn't doing well RECENTLY mind you, @ all, & yet, they want to disable a security feature on PC hardware?? Please...) -> http://tech.slashdot.org/comments.pl?sid=2506468&cid=37935048

(Ever wonder WHY slashdot's LOSING READERSHIP? It's simply because readers are becoming MORE INFORMED, and can separate BULLSHIT from TRUTH - & the "Pro-*NIX/Penguin/Anti-Microsoft Brigade" around here on /., blew it, because folks ARE AWARE OF YOUR UTTER LINES OF "FUD" BULLSHIT!)

APK

P.S.=> Ed Bott's RIGHT about you Penguins, no wonder your OS is in last place in marketshare (near last vs. obscure OS like BSD etc.): You'll pull ANY SHIT you can, including "FUD" & technical misinformation (because it fools "noobs" easily enough is why) to mislead others! Talk about desperate... lol!

... apk

Re:He implied Linux Penguins stated

[RocketRabbit]

Wait, you're implying that Ziff-Davis isn't a Windows centric shill shop?

It's difficult to interpret your comment, however it sounds as if you are familiar enough with Ed Bott to make statements for him about people who use operating systems that aren't Windows.

Perhaps you are part of some fan club. That's great. However, comparing the situation with Windows and that of Linux is ironic considering that remote exploits in Windows have been responsible for countless problems in the past, and even though Windows Server 2008 may (at this time) have fewer vulnerabilities that will change I'm sure.

Anyway, why do you assume I am a fan of Linux anyway? Is it because I won't swallow the poison pill from Microsoft any more?

Agreed 110% (& they want security OFF?)

Linux isn't doing well on that front lately (all current data here):

Not only does Linux have 4x++ the amount of unpatched security vulnerabilities its competitor Windows Server 2008 does, but it bears 3 remotely exploitable unpatched security vulnerabilities (THE WORST KIND!):

http://secunia.com/advisories/44754/

http://secunia.com/advisories/19402/

http://secunia.com/advisories/14295/

MOST IMPORTANTLY - Seems the Linux folks are talking DISABLING SECURITY here? They're essentially asking a great security feature BE STOPPED on secure boot!

(Gosh, why's that? So they can continue to hack Windows perhaps?? I'd say so, but it seems lately Linux is taking a HUGE "Beating" on the security-front, see next below on that very note in fact!)

---

3/4 of the CA's breached ran Linux, see here:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

Each was compromised, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/

---

Since PENGUINS here are in the business of "ribbing on Windows", well, then it's my "civic duty" to show even MORE CURRENT INFORMATION about Linux being "so secure" (not):

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com (runs Linux) Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

*That's ALL pretty current information... very recent too, & as anyone reading can see? Linux isn't really "big" on security, especially lately!

APK

P.S.=> And, lastly of course? There's ANDROID (a Linux variant/uses Linux kernel) so please, tell us - how's ANDROID doing on the security front?? Not very well...

This is sort of funny on that note in fact: I tried to post all of the known security issues I have catalogued here for it, & SLASHDOT's FORUM ENGINE CAN'T EVEN HANDLE THE LOAD (too many is why)...

Fact is, Android shows anyone that once Linux got a decent share of market on a platform, it too, can be found to be insecure & was benefitting on PC's via "security-by-obscurity" only (lack of widespread usage vs. competitors) & since nobody was using it? Why bother attack it (mindset of hacker/cracker types is this)!

Yes folks, from the mindset of hacker/crackers - this is, how it REALLY is.

All the "fud" you heard on /. for years was "LINUX IS SECURE, WINDOWS IS NOT" b.s. ... so much for that, in light of current information above, and yes, next below too!

There in ANDROID also? Bugs in the kernel too, not just bugs in the JAVA/Dalvik front end have been found on that note also.

Now, lol, the "Penguins" are trying to get a great security feature disabled to boot (pun intended) apparently, because they aren't able to keep pace with changes?

"Tough cookies!"

Guys, listen - they ALL need work on the security front, every OS there is! However, the Penguins saying to turn the secure boot feature off? It's NEGATING a good security feature, one hacker/cracker types take advantage of!

DUMB, DUMB, DUMB! They should adapt Linux for it, or get lost... that's my take on it, period.

Even though Windows Server 2008 shows less unpatched security vulnerabilities http://secunia.com/advisories/product/18255/?task=advisories than the Linux CURRENT KERNEL ALONE http://secunia.com/advisories/product/2719/?task=advisories

Mind you, it would be more unpatched security bugs present on a full linux distro most likely due to app bugs that come in said distro beyond

Data on Linux marketshare then

Doesn't look like "zipping up the charts" to me -> http://www.netmarketshare.com/ but instead Linux's dead near last & only ahead of more obscure OS!

Still - I figure you were being sarcastic (or trying to spread more "FUD" - I'll go with the former!), so, there's a bit of concrete, visible, & verifiable data for you to work with... & it shows how "well" Linux is doing in terms of overall marketshare (badly).

APK

P.S.=> Mr. Bott's right: The Penguins will pull ANY TRICK THERE IS, to mislead others via "FUD" (especially "noobs", because they're easily misled with 1/2 truths OR twisted truths/partial information/technically inaccurate information & they won't look into things & check them out either most times mind you)...

... apk

Penguins want GOOD SECURITY turned OFF?

Linux isn't doing well on that front lately (all current data here), & especially since Linux folks're essentially asking a GOOD SECURITY FEATURE BE TURNED OFF (you wanted OBJECTIVITY? Here's facts for that much then - Especially on security, which this is, after all, ALL ABOUT):

Not only does Linux have 4x++ the amount of unpatched security vulnerabilities its competitor Windows Server 2008 does, but it bears 3 remotely exploitable unpatched security vulnerabilities (THE WORST KIND!):

http://secunia.com/advisories/44754/

http://secunia.com/advisories/19402/

http://secunia.com/advisories/14295/

The Linux folks are talking DISABLING SECURITY here? They're essentially asking a great security feature BE STOPPED on secure boot!

(Gosh, why's that? So they can continue to hack Windows perhaps?? I'd say so, but it seems lately Linux is taking a HUGE "Beating" on the security-front, see next below on that very note in fact!)

---

3/4 of the CA's breached ran Linux, see here:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

Each was compromised, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/

---

Since you in the business of "ribbing on Windows", well, then it's my "civic duty" to show even MORE CURRENT INFORMATION about Linux being "so secure" (not):

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com (runs Linux) Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

*That's ALL pretty current information... very recent too, & as anyone reading can see? Linux isn't really "big" on security, especially lately!

APK

P.S.=> And, lastly of course? There's ANDROID (a Linux variant/uses Linux kernel) so please, tell us - how's ANDROID doing on the security front?? Not very well...

This is sort of funny on that note in fact: I tried to post all of the known security issues I have catalogued here for it, & SLASHDOT's FORUM ENGINE CAN'T EVEN HANDLE THE LOAD (too many is why)...

Fact is, Android shows anyone that once Linux got a decent share of market on a platform, it too, can be found to be insecure & was benefitting on PC's via "security-by-obscurity" only (lack of widespread usage vs. competitors) & since nobody was using it? Why bother attack it (mindset of hacker/cracker types is this)!

Yes folks, from the mindset of hacker/crackers - this is, how it REALLY is.

All the "fud" you heard on /. for years was "LINUX IS SECURE, WINDOWS IS NOT" b.s. ... so much for that, in light of current information above, and yes, next below too!

There in ANDROID also? Bugs in the kernel too, not just bugs in the JAVA/Dalvik front end have been found on that note also.

Now, lol, the "Penguins" are trying to get a great security feature disabled to boot (pun intended) apparently, because they aren't able to keep pace with changes?

Tough cookies!

Guys, listen - they ALL need work on the security front, every OS there is! However, the Penguins saying to turn the secure boot feature off? It's NEGATING a good security feature, one hacker/cracker types take advantage of!

DUMB, DUMB, DUMB! They should adapt Linux for it, or get lost... that's my take on it, period.

Even though Windows Server 2008 shows less unpatched security vulnerabilities http://secunia.com/advisories/product/18255/?task=advisories than the Linux CURRENT KERNEL ALONE http://secunia.com/advisories/product/2719/?tas

They want a GOOD security feature off? B.S.!

Linux isn't doing well on that front lately (all current data here), & especially since Linux folks're essentially asking a GOOD SECURITY FEATURE BE TURNED OFF:

Not only does Linux have 4x++ the amount of unpatched security vulnerabilities its competitor Windows Server 2008 does, but it bears 3 remotely exploitable unpatched security vulnerabilities (THE WORST KIND!):

http://secunia.com/advisories/44754/

http://secunia.com/advisories/19402/

http://secunia.com/advisories/14295/

The Linux folks are talking DISABLING SECURITY here? They're essentially asking a great security feature BE STOPPED on secure boot!

(Gosh, why's that? So they can continue to hack Windows perhaps?? I'd say so, but it seems lately Linux is taking a HUGE "Beating" on the security-front, see next below on that very note in fact!)

---

3/4 of the CA's breached ran Linux, see here:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

Each was compromised, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/

---

Penguins (especially here on slashdot) ARE in the business of "ribbing on Windows", well, then it's my "civic duty" to show even MORE CURRENT INFORMATION about Linux being "so secure" (not):

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com (runs Linux) Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

*That's ALL pretty current information... very recent too, & as anyone reading can see? Linux isn't really "big" on security, especially lately!

APK

P.S.=> And, lastly of course? There's ANDROID (a Linux variant/uses Linux kernel) so please, tell us - how's ANDROID doing on the security front?? Not very well...

This is sort of funny on that note in fact: I tried to post all of the known security issues I have catalogued here for it, & SLASHDOT's FORUM ENGINE CAN'T EVEN HANDLE THE LOAD (too many is why)...

Fact is, Android shows anyone that once Linux got a decent share of market on a platform, it too, can be found to be insecure & was benefitting on PC's via "security-by-obscurity" only (lack of widespread usage vs. competitors) & since nobody was using it? Why bother attack it (mindset of hacker/cracker types is this)!

Yes folks, from the mindset of hacker/crackers - this is, how it REALLY is.

All the "fud" you heard on /. for years was "LINUX IS SECURE, WINDOWS IS NOT" b.s. ... so much for that, in light of current information above, and yes, next below too!

There in ANDROID also? Bugs in the kernel too, not just bugs in the JAVA/Dalvik front end have been found on that note also.

Now, lol, the "Penguins" are trying to get a great security feature disabled to boot (pun intended) apparently, because they aren't able to keep pace with changes?

Tough cookies!

Guys, listen - they ALL need work on the security front, every OS there is! However, the Penguins saying to turn the secure boot feature off? It's NEGATING a good security feature, one hacker/cracker types take advantage of!

DUMB, DUMB, DUMB! They should adapt Linux for it, or get lost... that's my take on it, period. Better than posting TECHNICALLY INACCURATE & MISLEADING "FUD" (which Mr. Bott's dead right about) - that's been happening for YEARS here on /., rampantly, ala "Windows != secure/Linux = secure" stuff bullshit (see above).

Even though Windows Server 2008 shows less unpatched secur

Re:They want a GOOD security feature off? B.S.!

[WorBlux]

"Guys, listen - they ALL need work on the security front, every OS there is! However, the Penguins saying to turn the secure boot feature off? It's NEGATING a good security feature, one hacker/cracker types take advantage of!" Have you actually read the Linux foundations recommendations? If actually followed it would allow every operating system to use Secure boot in a sane way. One interesting recomendation was to have a CA that would KEK public-private pair to validate a wide variety of things including periphrial devices and open source distributions. Secure boot is set up in such a way that it doesn't require any changes to the underlying OS at all so long as platform owners can modify the keys during the firmware setup or have a say to resetting to the initial mode on the hardware. Thus there is nothing that can be done to the Linux kernel to make it adapt, because the compatibly concerns aren't within the behavior of the kernel, but within the behavior of the firmware. Turning it off is just the minimally acceptable option.

Data on marketshare AND SECURITY then

Marketshare-wise: http://www.netmarketshare.com/ & doesn't look like Linux is doing well, overall (& this article's MAINLY about overall usage, the PC desktop/laptop market - NOT SERVERS). Linux != Threat, FAR from it...

That all said & aside, Linux people want a security feature (a good one) TURNED OFF? Heh - They're outta their MINDS, especially nowadays, AND ESPECIALLY REGARDING LINUX'S SHOWING LATELY ON THE SECURITY FRONT (see below, especially regarding servers):

Linux isn't doing well on that front lately (all current data here), & especially since Linux folks're essentially asking a GOOD SECURITY FEATURE BE TURNED OFF:

Not only does Linux have 4x++ the amount of unpatched security vulnerabilities its competitor Windows Server 2008 does, but it bears 3 remotely exploitable unpatched security vulnerabilities (THE WORST KIND!):

http://secunia.com/advisories/44754/

http://secunia.com/advisories/19402/

http://secunia.com/advisories/14295/

The Linux folks are talking DISABLING SECURITY here? They're essentially asking a great security feature BE STOPPED on secure boot!

(Gosh, why's that? So they can continue to hack Windows perhaps?? I'd say so, but it seems lately Linux is taking a HUGE "Beating" on the security-front, see next below on that very note in fact!)

---

3/4 of the CA's breached ran Linux, see here:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

Each was compromised, per this article's proof thereof -> http://itproafrica.com/technology/security/cas-hacked/

---

Since you in the business of "ribbing on Windows", well, then it's my "civic duty" to show even MORE CURRENT INFORMATION about Linux being "so secure" (not):

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com (runs Linux) Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

*That's ALL pretty current information... very recent too, & as anyone reading can see? Linux isn't really "big" on security, especially lately!

APK

P.S.=> And, lastly of course? There's ANDROID (a Linux variant/uses Linux kernel) so please, tell us - how's ANDROID doing on the security front?? Not very well...

This is sort of funny on that note in fact: I tried to post all of the known security issues I have catalogued here for it, & SLASHDOT's FORUM ENGINE CAN'T EVEN HANDLE THE LOAD (too many is why)...

Fact is, Android shows anyone that once Linux got a decent share of market on a platform, it too, can be found to be insecure & was benefitting on PC's via "security-by-obscurity" only (lack of widespread usage vs. competitors) & since nobody was using it? Why bother attack it (mindset of hacker/cracker types is this)!

Yes folks, from the mindset of hacker/crackers - this is, how it REALLY is.

All the "fud" you heard on /. for years was "LINUX IS SECURE, WINDOWS IS NOT" b.s. ... so much for that, in light of current information above, and yes, next below too!

There in ANDROID also? Bugs in the kernel too, not just bugs in the JAVA/Dalvik front end have been found on that note also.

Now, lol, the "Penguins" are trying to get a great security feature disabled to boot (pun intended) apparently, because they aren't able to keep pace with changes?

Tough cookies!

Guys, listen - they ALL need work on the security front, every OS there is! However, the Penguins saying to turn the secure boot feature off? It's NEGATI

Factual error

Ed Bott's piece states: "First of all, that’s factually in error: the blog post in question was written by Microsoft’s Tony Mangefeste, who works on the Ecosystem team that in turn coordinates with PC hardware makers." Well if he followed the link to the Microsoft blog he would see Steven Sinofsky's name at the top of the blog and Tony Mangefeste's name at the bottom. IMO anyone referring to the MS blog could use either name.

third party

[Dani+Filth]

I don't use a "third party" operating system, unless you're referring to Windows?

Unpatched REMOTE vulnerabilities in Linux?

3 remotely vulnerable ones (worst kind), & those have MANY UNPATCHED PARTS TOO/THEY'RE MULTI-PART (meaning actually MORE than 3 issues unpatched that are REMOTELY VULNERABLE (worst kind)...

Windows Server 2008, by way of comparison? 2!

HOWEVER - In Windows Server 2008, BOTH are fairly EASILY WORKED-AROUND (& for servers, doesn't matter, especially those run in "headless" mode (no GUI)):

---

http://secunia.com/advisories/41874/

That one for Windows? ColorUI.DLL??

What would you need that for in a SERVER first of all, especially one run in "headless" mode???

It's also EASILY worked-around, via 1 of 2 methods:

1.) Unregister the offending DLL (colorui.dll) IF it is of an OLE Server type lib/dll (or blow it off the disk & replace it with a stub until a patch releases, replacing it in "System File Protection Areas" Windows maintains also, to stop it being replaced again with a non-patched model...).

or

2.) Run in headless mode (which many servers do, & they run MORE EFFICIENTLY by not running the GUI too this way).

---

http://secunia.com/advisories/41984/

That one's EVEN EASIER!

All one has to do, is inspect the %PATH% environment var (echo %PATH% via commandline OR use the SYSTEM icon in control panel to edit it, both systemwide globally, OR by user profiles!).

* Also - it might also be a GOOD IDEA to disallow apps that run by batch using SET statements also (they can SET & append things to the %PATH%).

APK

P.S.=> NOW - Care to show me workarounds for ALL the remote problems in Linux's latest/greatest kernel?

I just worked around BOTH remotely vulnerable unpatched issues easily in Windows & in a couple ways!

BOTTOM-LINE HERE, is this: FIRST - Show me that Ed Bott's lying, ok? I say that, because FOR PETE'S SAKE - Linux folks WANT TO TURN OFF A GREAT SECURITY FEATURE, instead of adapting their OS to it!

(No one can tell me "it can't be done" - I've been coding forever, there's always an answer: Sometimes, it's "paperclip/rubberband/chicken-wire rig work", & others it's not & takes longer, but they all get solved! This is the NICE part about coding in fact (most of the time, lol, & I've been doing it as a pro since 1994)).

SECOND - Then, show me you can work-around the 3 MULTIPLE PART REMOTELY UNPATCHED SECURITY ISSUES IN THE "LATEST/GREATEST" LINUX KERNEL, ok??

In the end???

Linux will still have 4x++ the # of UNPATCHED SECURITY VULNERABILIES in its "latest/greatest" kernel anyhow, see SECUNIA.COM for that (that's what they report & do, specifically/largely there) & per my LAST post? You can see how "well" (not) Linux is doing on the security front - servers-wise too, & even on ANDROID phones!

... apk

Re:Unpatched REMOTE vulnerabilities in Linux?

[tragedy]

I'm pretty sure this is some kind of troll-bot.

Re:Unpatched REMOTE vulnerabilities in Linux?

I'm pretty sure your reply was more off topic FUD from a Linux groupie.

Re:Unpatched REMOTE vulnerabilities in Linux?

[tragedy]

Just observing the large number of formulaic posts, often with little or no bearing on the parent post, made by an AC, apparently signing at the end as apk. The posts are long, rambling, bizarrely formatted, with lots of pointless bolding and capitalization as well as excessive punctuation. Forgive me if the posts aren't being generated by some sort of near random content generator, but they really look like they are.

I think calling me a Linux "groupie", I think that's going a bit far. It is certainly true that I primarily use Linux. I got used to a Unix environment early on, so Linux was a natural progression for me. I think it would be fair to say I'm a fan. "groupie" is unfair, especially with the snide, condescending tone you seem to have intended. As for FUD, I don't think I was intending to spread fear, but I supposed I did have uncertainty and doubt about whether the spam-like flood of those posts came from a real human being. My reply was also no more off topic than the reply to my reply was. I admit I wasn't adding any new information or arguments to the conversation. I was providing a critique of someone else's "contribution", however, and I believe that still qualifies as on topic.

Then the penguins should CODE one

Or, is that "too hard", asking them to keep up with changes?

Also, per the article, I didn't see ANY MAJOR VENDORS ASKED STATE THAT THEY WOULDN'T ALLOW IT TO BE TURNED OFF IN THE SYSTEM SETUP!

(Did I miss something? If so, show me where in said article of Mr. Bott's, thanks!)

(Dumb though it is to do that, especially for Linux KERNEL ALONE, which has 4x++ the amount of security vulnerabilities Windows Server 2008 has, & 3 MULTI-PART remotely exploitable issues (lol, more like 20 of them when you look at them)).

Now, by way of comparison?

Windows Server 2008 has ONLY 2 SINGLE PART REMOTELY EXPLOITABLE ONES, & they're easily enough worked around too, as follows:

http://secunia.com/advisories/41874/

That one for Windows? ColorUI.DLL??

What would you need that for in a SERVER first of all, especially one run in "headless" mode???

It's also EASILY worked-around, via 1 of 2 methods:

1.) Unregister the offending DLL (colorui.dll) IF it is of an OLE Server type lib/dll (or blow it off the disk & replace it with a stub until a patch releases, replacing it in "System File Protection Areas" Windows maintains also, to stop it being replaced again with a non-patched model...).

or

2.) Run in headless mode (which many servers do, & they run MORE EFFICIENTLY by not running the GUI too this way).

---

http://secunia.com/advisories/41984/

That one's EVEN EASIER!

All one has to do, is inspect the %PATH% environment var (echo %PATH% via commandline OR use the SYSTEM icon in control panel to edit it, both systemwide globally, OR by user profiles!).

* Also - it might also be a GOOD IDEA to disallow apps that run by batch using SET statements also (they can SET & append things to the %PATH%).

---

* NOW, IF "little ole' me" CAN FIGURE THOSE WORK-AROUNDS OUT? Then, certainly, the Linux guys can figure out a way, programmatically, to overcome this (apparently not - odd, considering all those "Open SORES eyes" poring over its code don't DO VERY WELL, now do they? Even WHEN many of them are BIGTIME PROS from Novell &/or IBM, heck, even MS guys have helped on that note with Linux too!)

APK

P.S.=> NOW - Care to show me workarounds for ALL the remote problems in Linux's latest/greatest kernel?

I just worked around BOTH remotely vulnerable unpatched issues easily in Windows & in a couple ways!

BOTTOM-LINE HERE, is this: FIRST - Show me that Ed Bott's lying, ok? I say that, because FOR PETE'S SAKE - Linux folks WANT TO TURN OFF A GREAT SECURITY FEATURE, instead of adapting their OS to it!

No one can tell me "it can't be done" - I've been coding forever, 17++ yrs. as a pro in addition to network administration work, & there's always an answer!

(Yes - Sometimes, it's "paperclip/rubberband/chicken-wire rig work", & others it's not & takes longer, but they all get solved! This is the NICE part about coding in fact (most of the time, lol, & I've been doing it as a pro since 1994)).

SECOND - Then, show me you can work-around the 3 MULTIPLE PART REMOTELY UNPATCHED SECURITY ISSUES IN THE "LATEST/GREATEST" LINUX KERNEL, ok?? Good luck, you'll NEED it (but, you can show us all how much you really, REALLY understand your Linux OS!)

In the end???

Linux will still have 4x++ the # of UNPATCHED SECURITY VULNERABILIES in its "latest/greatest" kernel anyhow, see SECUNIA.COM for that (that's what they report & do, specifically/largely there) & per my LAST post here -> http://tech.slashdot.org/comments.pl?sid=2506468&cid=37939566 ?

Well - There, You can see how "well" (not) Linux is doing on the security front - servers-wise too, & even on ANDROID phones also

... apk

Re:CS degree? try MS CERT to trun on boot os MS ol

[grcumb]

Your post was unintelligible because public school didn't help you enough. Please learn to spell and punctuate properly before posting again, so that the rest of us can successfully parse your intended meaning.

This has been a public service announcement, as well as an ad-hominem attack.

No, that was not an ad hominem attack. No attempt was made to sully the person or their character; only their language skills were criticised.

Please learn to reason before posting again, so that the rest of us no longer need to correct your logic.

This has been a public service announcement, as well as a satirical reminder that taking a holier-than-thou tone often redounds against the author.

(I humbly await the next installment in this series....)

Nobody said "LINUX SHOULD DIE" etc.

I only pointed out that Linux isn't "adapting to change"& from the article, it seems they insinuated Windows is "locking them out" - that wouldn't be MS doing it, it's be said vendors (the 2 big ones in DELL & HP Mr. Bott spoke to).

I used Linux (KUbuntu 10.10 & patches) for MOST of 2010 in fact, & certainly ALL thru the summer... a patch blew it up on me, of all things, & I can safely say "it's not windows, not by a longshot & not in a good way"... it's less versatile, has less drivers of high quality (makes sense, PC makers & parts makers KNOW what drives the PC world is why), less high quality & less used wares on it, less games (big home market thing) etc. & more! In fact, I've used various Linux distros since 1994 (Slackware 1.02 being my 1st - yes, I look at "how the other 1/2 lives" to learn & grow!)

NOW - Thing is?

Well - Neither DELL nor HP is doing that... lol! Show me where they said they are "locking out Linux" (especially intentionally), ok??

* BOTTOM-LINE: Today, out there now? The security/hacker-cracker problem's gone NUTS... how do I know, & especially since 2004? Well, I've been populating a custom HOSTS file since 1997, & the "jump" in bad hosts/domains has shot way, Way, WAY UP since then... especially the past 2 yrs.!

That ALL said & aside:

Linux folks asking vendors TURN OFF a VALUABLE & EFFECTIVE security measure, especially for layered security (which I am QUITE expert on, see here http://www.google.com/search?sclient=psy-ab&hl=en&site=&source=hp&q=%22HOW+TO+SECURE+Windows+2000/XP%22&btnG=Search&gbv=1&ei=UA-zTsH5GqrX0QGV8L3TBA , OR here http://www.bing.com/search?q=HOW+TO+SECURE+Windows+2000%2FXP&go=&qs=ns&form=QBLH ... I practically "wrote the book" on how to do that & have since 1997... )?

VERY DUMB!

( & that's what Linux folks are basically asking for in today's "World-of-Malware-In-General Exploits" & those exploits? They're becoming FAR more dangerous, more rootkit tech (especially combined bootsect/driver ones), even dedicated partitions work if not hacking BIOS from various vendors & more!)

Why don't they adapt for it? Nobody's stopping them! Perhaps they are unable to?? Again - I didn't see vendors STATE they were locking out Linux! Show me where they have... ok?

* Lastly & by the way? I'll post in the style I like, and IF YOU DON'T LIKE IT? DON'T READ IT!

APK

P.S.=> As far as "hack Windows", & it being done by Penguins? Yes, I said it - what BETTER WAY for they to discredit MS!

Better than "FUD" is, & being caught in it, like Mr. Bott has done... good for him, about time they did in bigtime journalism in this field!

See - put it this way:

I personally know Linux folks that do it in fact OR try to, we converse on it @ times... & judging by the "anti-microsoft/anti-windows" sentiments around here (which EVERYONE here knows about worldwide no doubt, lol)??

Yea, I'll stand by it.

Yes - I'm fairly sure that "goes on" from the "penguins" even here too IF they have time & are inclined to do so... but, what they do NOT understand is, that ONLY MAKES WINDOWS STRONGER!

I.E./E.G.-> MS patches consistently, 2nd week of every month, when these things are found & IF it is quickly + reliably patchable, especially REMOTELY EXPLOITABLE ONES (which Linux is behind in/has more of, mind you)...

Heck, the 2 MS has NOT patched? EASILY WORKED AROUND! I even posted that much here as to how to go about it easily enough via workarounds, how/when/where/why ->

Re:Nobody said "LINUX SHOULD DIE" etc.

[TangoMargarine]

has less drivers of high quality (makes sense, PC makers & parts makers KNOW what drives the PC world is why)

Granted. Linux has drivers for a bunch of other platforms Windows has never touched, though, obviously.

NOW - Thing is?

Well - Neither DELL nor HP is doing that... lol! Show me where they said they are "locking out Linux" (especially intentionally), ok??

1) They're obviously never going to admit to doing it, regardless of whether they are or not.
2) The people the guy talked to were not really in a position to be knowledgeable about this stuff, from the sounds of it.
3) The general consensus from the posts here is that article author is hardly an unbiased, reliable source himself. Quite the opposite.

That ALL said & aside:

Linux folks asking vendors TURN OFF a VALUABLE & EFFECTIVE security measure, especially for layered security

Yeah, why would Linux want to turn off a "VALUABLE & EFFECTIVE security measure" that prevents it categorically from being booted? Linux people have no problem with the security itself, just that Linux is probably going to be "coincidentally" left out in the cold by it.

It really sounds like a terrible idea to begin with. If they won't give customers the keys to sign the stuff with (which seems to be the whole point of the system in the first place), either 1) Linux booting is disallowed, or 2) they make the secure boot disable-able, which completely defeats the whole purpose of it to begin with if all anybody has to do to bypass it is toggle an option in the BIOS (well, I suppose you could lock down your BIOS so maybe not). Sure, it's great if all you care about is running Windows...at least until a bug creeps in and Windows accidentally its own signature...or the first h/cr/acker figures out how to invalidate the signature...

(which I am QUITE expert on, see here http://www.google.com/search?sclient=psy-ab&hl=en&site=&source=hp&q=%22HOW+TO+SECURE+Windows+2000/XP%22&btnG=Search&gbv=1&ei=UA-zTsH5GqrX0QGV8L3TBA , OR here http://www.bing.com/search?q=HOW+TO+SECURE+Windows+2000%2FXP&go=&qs=ns&form=QBLH ... I practically "wrote the book" on how to do that & have since 1997... )

Well, you wrote *a* book. Damn, dude: nobody's ever going to accuse you of being terse! As for being an expert, I guess I'll just have to take your word on that one.

Why don't they adapt for it? Nobody's stopping them!

Um, yeah, that's kind of the point...

Perhaps they are unable to??

They may eventually, yeah, but it'll suck in the short term if it goes the way it looks like it's going to.

Again - I didn't see vendors STATE they were locking out Linux! Show me where they have... ok?

See above.

APK

P.S.=> As far as "hack Windows", & it being done by Penguins? Yes, I said it - what BETTER WAY for they to discredit MS!

Yay stereotyping. Like I said, this is about being able to boot Linux, period. Yes, there are some people who may use that ability maliciously, but there's also a hell of a lot of people who don't.

& judging by the "anti-microsoft/anti-windows" sentiments around here

Okay, yes, I'll give you that one. Diversity of opinions and plenty of people on both sides, etc., etc....but yeah.

Yea, I'll stand by it.

Yes - I'm fairly sure that "goes on" from the "penguins" even here too

Your "registered 'luser'" name says it all

Now, eat this -> http://tech.slashdot.org/comments.pl?sid=2506468&cid=37935088

* LINUX FOLKS ASKING TO TURN OFF A VALUABLE 'layered security/defense-in-depth' FEATURE? DUMB!!!

(I also didn't see either HP or DELL say they were trying to "lock out" LINUX either... can you show me WHERE they did? Because it wouldn't be MS doing it... it'd be the hardware makers!)

Go for it... good luck, you WILL need it... especially vs. what's in that post (concrete, easily verified data from reliable & reputable sources no less!).

APK

P.S.=> Good luck disproving the points I made in the URL above - you'll NEED it!

... apk

Courts take time to resolve matter

[failedlogic]

Manufactures have lead times to make new computers. Courts take time to process a suit or probably even rule and enforce an injunction. The rulings will presumably need to be made in each country: US, EU, Canada, Japan, etc.

Let's say this is a Microsoft conspiracy to lock out any OS other than Windows 8 onwards from booting on a brand new PC and court finds them guilty just before or after Wndows 8 launches. If not MS is guilty then some HW manufacturer or the OEM.

There's going to be a boatload of inventory piling up and nowhere to ship and sell it. The market will still end up getting flooded with several million PCs in various countries both for Corporate desktop and consumer. The OEMs are going to complain about stock piling up and needing to sell it. And people already bought PC will keep it. One way or another MS will end up winning with millions of PCs that cannot install anything other than Windows 8.

Re:Happy November from the Golden Girls!

[inkscapee]

So sorry, I understand your sensitivity to being a third-grade dropout. We'll dumb down so you can feel better about yourself.

Ok, here we go (rebuttal time)

"Yay stereotyping." - by TangoMargarine (1617195) on Thursday November 03, @07:04PM (#37941772)

See above - you're no better, and you EVEN ADMITTED A HUGE ANTI-WINDOWS/ANTI-MICROSOFT BIAS AROUND HERE next below...

(Not stereotyping here - talking straight fact YOU RECOGNIZE YOURSELF!)

---

"Okay, yes, I'll give you that one. Diversity of opinions and plenty of people on both sides, etc., etc....but yeah." - by TangoMargarine (1617195) on Thursday November 03, @07:04PM (#37941772)

There you are, per my last part of my reply above!

---

"Yeah, I'm not going to argue technical merits with you..." - by TangoMargarine (1617195) on Thursday November 03, @07:04PM (#37941772)

Why not? This would show us IF you understand Linux, even at a POWER USER type level?? YOU might even be some "food for thought" for others who perform said patches.

Look - I've been coding professionally, since 1994. There are times that the ODDEST people come up with a GOOD IDEA, even non-coders (albeit here, only conceptually, for coders to work with as a basis)... is it the "norm"? No, but it DOES HAPPEN!

---

"1) I don't want to spend a lot of time doing research on it, which you apparently have way more time to do/research stored up, ready-to-go than anything I could probably come up with anyway" - by TangoMargarine (1617195) on Thursday November 03, @07:04PM (#37941772)

Not a lot of research to do, I posted the links to the 3 multipart LINUX KERNEL remote errors, all you have to do, is look @ them & IF You have a SOLID TECHNICAL ANSWER? Let it rip... again - you MAY point the way to a fix, whether you know it, or not.

---

"2) I don't have hardly any knowledge personally on any of that stuff (hence most of my arguments regarding other aspects)" - by TangoMargarine (1617195) on Thursday November 03, @07:04PM (#37941772)

Ok, then fair enough, but... do pay attention to what I wrote above - sometimes the answers COME FROM UNLIKELY SOURCES (even if only conceptual ones).

---

"3) The general consensus from the posts here is that article author is hardly an unbiased, reliable source himself. Quite the opposite." - by TangoMargarine (1617195) on Thursday November 03, @07:04PM (#37941772)

LOL, THE POSTERS HERE ARE HUGELY WHAT I CALL "Pro-*NIX", you even admit that yourself below... so, please man: DO give us a break on the "jump on the bandwagon" technique of MARKETING there... lol!

I'll tell you this straight, & I challenge ANYONE here to disprove it:

Around here? Hah - I've run MOST of these NIX schmos down, & beaten them with FACTS, especially the "Pro-*NIX crew" as I call them, & so many times on tech issues, most of them HATE me!

(E.G.-> Had my life threatened here, properties, & more like libel etc. - that tell you anything? IF you require proof of it, ask... I can put it out, in seconds (yes, I have it bookmarked just in case anything DOES happen to me or mine etc.)).

Now, conversely - are there some SHARP intelligent & experienced on many levels in computing knowledgeable folks around here? You bet, but they are NOT the majority...

---

"Granted. Linux has drivers for a bunch of other platforms Windows has never touched, though, obviously." - by TangoMargarine (1617195) on Thursday November 03, @07:04PM (#37941772)

Windows only builds drivers for platforms it runs on, which of course, happen to be the MOST USED THERE IS (Linux HAD to go 'chasing' other platforms to run on, diff. CPU platforms, even hardware types (mobile phones) etc. because it wasn't and still ISN'T beating Windows NT based OS - they're both the SAME AGE roughly too, mind you - there is no "age advantage"...

See - MS US

Facts in my posts too much for you?

Absolutely. You cannot "get the better of" the facts I posted, regarding security (especially the failings of Linux in that very regards & facts, are facts - especially those from RECENTLY documented & respected + reliable sources I use)

THAT, is that... period.

So - If all you have is your off topic "english grammar critiques", then get your "hooked on phonics" out, & learn to read (or, conversely? Don't like my posts?? Hey - Do NOT read them - yes, it's THAT simple!).

That's in regard to this statement from yourself:

"Just observing the large number of formulaic posts, often with little or no bearing on the parent post, made by an AC, apparently signing at the end as apk. The posts are long, rambling, bizarrely formatted, with lots of pointless bolding and capitalization as well as excessive punctuation. " - by tragedy (27079) on Thursday November 03, @09:05PM (#37942956)

As to that? Well, I said all that needed to be said, above... & "here endeth the lesson" on THAT much, rather easily!.

(Try to stay on the topic, won't you?)

---

"I think calling me a Linux "groupie", I think that's going a bit far." - by tragedy (27079) on Thursday November 03, @09:05PM (#37942956)

First of all - WHO SAID YOU CAN THINK? Your thoughtless adhominem attack against myself calling my reply a bot (or whatever) isn't too cool, & QUITE off topic and evidences this reply for me, quite easily!

---

"It is certainly true that I primarily use Linux." - by tragedy (27079) on Thursday November 03, @09:05PM (#37942956)

Yep, proving my point again: THE TRUTH COMES OUT, as I knew it would

Yes, you're yet another "Linux Groupie/Penguin" type... off topic & all, complete with illogical adhominem attacks too directed my way...

(That type of crap? It's quite typical of "your kind online" when faced with documented, concretely verifiable facts from reputable, reliable & respected sources as I used - it's all you've got in the end, vs. truth/facts, is why... I've seen it 1,000's of times (its EFFETE & WEAK!!!))

---

"I got used to a Unix environment early on, so Linux was a natural progression for me." - by tragedy (27079) on Thursday November 03, @09:05PM (#37942956)

So did I, the mid to late 80's, along with Vax VMS just before that, & later IBM midrange System 34/36/38 into the AS400 (OS400) systems... but for PC's, Windows (based on VMS a first 'love' for me type thing, using the term loosely) seemed right, especially Windows NT-based ones (of which NT/2000/XP/Server 2003/7/Srv2k8 are based on currently).

Windows is, to put it plainly, #1 out there for a reason: Versatility on PC's &/or Servers mostly (tons of apps from many sources of FAR HIGHER QUALITY OVERALL THAN LINUX HAS THIS IS CERTAIN), better driver support, flexibility, tons of hardware & software vendor support + more...

No... Linux just does NOT "measure up" as well on ALL of those fronts.

Linux's MAIN niche? Servers!

That, however, is ONLY because it is FREE (businesses love freebies even more than normal folks do, because MAKING MONEY, not spending it (if/when possible), IS THE NATURE OF BUSINESS - keep costs low, profit high as possible etc./et al!)

---

"I think it would be fair to say I'm a fan. "groupie" is unfair, especially with the snide, condescending tone you seem to have intended." - by tragedy (27079) on Thursday November 03, @09:05PM (#37942956)

That "snide condescending tone" is only well-deserved RIDICULE directed your way, from myself.. why?

Ok - First:

For your illogical off topic adhominem attack directed my way

Second:

The fact you are UNABLE TO DISPROVE MY POINTS on a technical level, the ones I put up regarding Lin

Re:Facts in my posts too much for you?

[tragedy]

Have you ever been diagnosed with a mental illness? Seriously, your posts come across like something from the time cube guy. You can call my post an "illogical off topic ad hominum attack", but it was the nature of your numerous posts I was attacking, not really you, per se. You yourself seem to have no trouble getting personal with attacks on people, I notice. The majority of your posts in this article seem to be repetitive rants. You gloat over imagined victories. I didn't address your so-called points because they were, for the most part, off topic. For some reason being off topic isn't such a sin when you do it. Also, I really honestly wasn't sure at first if your posts weren't coming from some sort of wacky content generator. I'm reminded of early print advertising, with its inexplicable font shifts, underlining, size changes, etc. My comments were not illogical. Your comments simply struck me as bizarre and I said so. Logic didn't really enter into it on way or another.

Seriously, your reply that "THE TRUTH COMES OUT" to my statement that I do, in fact, use Linux is bizarre. Linux users aren't exactly unusual on this site, much less in the comments of articles regarding Linux specifically. I'm not a member of some cult, I just use a particular operating system and you've apparently already pegged all Linux users into some particular niche in your mind and hold yourself up as superior to them. From my perspective, it looks like some sort of childlike egomania on your part.

Folks in the Linux world don't want useful security features stopped. What they want is for them to be implemented in such a way that the hardware still belongs to the person who paid good money for it and not to the original hardware manufacturer or their financial partners. There's nothing wrong with the concept of secure booting, but, if I'm buying a walled garden, I want the keys as well. The kind of people who are enthusiasts for free software tend to be the kind of people who don't like to be locked out of the things they own. I feel the same way about phones, and music players, and cars. You can imagine how I feel about laws that make it illegal to hack your own hardware, repair your own car, etc.

As for security of Linux vs. Windows in general, I don't think we're going to agree on those ever. I've used MS Windows since 2.0.3 I believe. Before I used Linux or it even existed. I also used various Unix variants before Linux. My personal computer for most of high school was a Silicon Graphics machine running Irix. When I first heard about Linux, I actually bought into some of the things people were saying comparing it to so called "real" Unix systems, and I didn't try it for a while. Since then, however, I've mostly been a Linux person. I mean, let's face it, Windows 95, 98, and ME were junk compared to Linux (Windows ME was junk compared to 98 and even 95, of course). Windows NT and its descendants were more impressive, but if we're talking about security, Microsoft never managed to impress me. The tight integration of the security hole otherwise known as Internet Explorer into Windows. Autorun, for crying out loud. I've just seen Microsoft do too many security brain dead things to take them seriously on the security front. Linux isn't some shining panacea, but it's what I use. It's given me plenty of problems over the years, but never as many as Windows.

As for disproving the points in the post you provided the link to. What points? You mentioned 3 remote unpatched vulnerabilities in the latest Linux kernel, but didn't say what they were. Then you went on about some Windows vulnerabilities and how to work around them. I haven't read anything I can think of by Ed Bott, and I don't know if he's a liar or not. He's a writer for a periodical who has managed to keep his job in this day and age, so that pretty much automatically makes him a shill. My mother has a newspaper reporter friend, and I was quite impressed by the multiple Pulitzer prizes he had on his wall when I met him, but, despite that I saw articles writt

Don't trust HP

My roommate has an HP notebook and the BIOS will not allow any OS except VISTA to be installed.

UEFI will not create any real problems

[lsatenstein]

I dont suppose for any minute that the number of mother boards out there serving as process controllers for numerical machines, etc, are trivial in number.

These organizations will need to either rework their software at great cost for redeployment, (If the source even exists), or force the vendor to sell a board with a legacy bios.

I also read where RedHat was as much prepared as MS for UEFI, so that the linux community will be able to integrate their software with it.
It will or may cause a problem for VM software, but I expect that with human intelligence, which we all have, that problem will be resolved.
I thought that one could always write a Bios in the middle software that would understand UEFI, but provide the classical bios for legacy systems.

ANSWER A QUESTION FOR ME (see inside)

Need not apply, because that's EXACTLY what your replies are. I posted those links all thru my posts but I'll post them again for your reference (not only are there 3 remote unpatched ones in the current latest Linux kernel, but they are in MULTIPLE PARTS (more like 20 of them)):

http://secunia.com/advisories/44754/

http://secunia.com/advisories/19402/

http://secunia.com/advisories/14295/

The 2 outstanding unpatched in Windows Server 2008 by way of comparison are SINGLE issues, & easily worked around (servers run headless, don't need colorui.dll that way, &/or unregister said lib, problem solved) + The %PATH% problem's just a matter of editing out % variable related ones that don't expand out properly via the SYSTEM icon in control panel (gui easy) - fixed.

* QUESTION: Can you do the same for all the outstanding unpatched remotely exploitable security vulnerabilities in Linux?

(I'd like to see that if you can is all...)

APK

P.S.=> I'll be waiting for that question above being answered most of all, & as far as folks around here saying Ed Bott's "full of it" well, he got the answers he got from both DELL & HP: Neither company is stopping folks from installing Linux, or even TRYING to... What Linux folks cannot seem to stand, is that they're in last place is all (in terms of overall marketshare/usage) - & Mr. Bott's article shows the LENGTHS (reprehensible ones no less) they will go to to try to change that (since they're in danger of "extinction" pretty much)... apk

Re:ANSWER A QUESTION FOR ME (see inside)

[tragedy]

In your first link, 8 of the 10 problems listed are listed as fixed (most of them only apply to alpha CPUs anyway). The remaining two only affect 2.6 series kernels. One of them requires an application or user with special networking privileges to exploit and the other is patched.

Your second link also only applies to 2.6 series kernels and is listed as fixed as of 2.6.16.1

Your third link is just under six years out of date and doesn't include any remote exploits in any case.

In regards to your postscript, I'd like to re-iterate that Linux users have a genuine concern about being locked out of their own hardware. As I've already stated, journalists like Ed Botts have massive conflicts of interest that we take into account. Dell and HP don't need to be part of a conspiracy to lock out Linux users to carelessly and lazily kludge their UEFI implementation just to the point where Windows boots, but other Operating systems run into problems. We've seen that sort of thing often enough in the past.

P.S. What reprehensible lengths ("LENGTHS", no less) are Linux folks going to in order to avoid extinction? Also, how do you reconcile saying that Linux users are in danger of extinction with your claims that Linux users concerns about implementations of secure boot are unfounded?

Telling lies isn't helping you

See subject-line above, & this page for the third one, regarding this from you:

"Your third link is just under six years out of date and doesn't include any remote exploits in any case." - by tragedy (27079) on Friday November 04, @05:08PM (#37952372)

Since you don't read well, look for this "2005-02-16" on this page:

http://secunia.com/advisories/product/2719/?task=advisories

And, look up the "WHERE" there (which clearly shows remote, as to where it can be exploited from) & LIKE YOU SAID, IT'S BEEN THAT WAY FOR 6++ YRS. NOW! no less!

(You also show the remotely exploitable unpatched security vulnerabilities in Linux aren't fixable by the end user!)

---

However, I can show easy work arounds for Windows Server 2008 & its 2 single part remotely exploitable unpatched security vulnerabilities, & myself (unlike yourself - all I see from you is excuses, but no fixes).

Again - in Windows Server 2008, they're ONLY SINGLE PART ONES, & NOT multiple part holes as they are in Linux's latest kernel... (Which makes those 3 remotely exploitable holes in Linux kernel 2.6 into 20, lol):

http://secunia.com/advisories/41874/

That one for Windows? ColorUI.DLL??

What would you need that for in a SERVER first of all, especially one run in "headless" mode???

It's also EASILY worked-around, via 1 of 2 methods:

1.) Unregister the offending DLL (colorui.dll) IF it is of an OLE Server type lib/dll (or blow it off the disk & replace it with a stub until a patch releases, replacing it in "System File Protection Areas" Windows maintains also, to stop it being replaced again with a non-patched model...).

or

2.) Run in headless mode (which many servers do, & they run MORE EFFICIENTLY by not running the GUI too this way).

---

http://secunia.com/advisories/41984/

That one's EVEN EASIER!

All one has to do, is inspect the %PATH% environment var (echo %PATH% via commandline OR use the SYSTEM icon in control panel to edit it, both systemwide globally, OR by user profiles!).

* Also - it might also be a GOOD IDEA to disallow apps that run by batch using SET statements also (they can SET & append things to the %PATH%).

APK

P.S.=> So much for all those years of hearing (as Mr. Bott said) FUD from the Linux people around here of "Linux = Secure, Windows != Secure" b.s., & Thank you for showing us that you cannot patch all the holes in remotely exploitable security vulnerabilities in Linux as I can in Windows Server 2008, with relative ease ... apk

Re:Telling lies isn't helping you

[tragedy]

Good grief.

An Anonymous Coward, signing as APK wrote:

Since you don't read well, look for this "2005-02-16" on this page:

I read fairly well, but I refuse to do some large research project for you when you clearly can't be bothered. Some summary says "remote" in it, but you don't make an attempt to list which parts are actually remote exploits. In any case, you clearly also couldn't be bothered to check out the part that said that the last update was 2005-12-01. Issues 4-18 from that page are fixed in kernel 2.6.11. Issue 3 is only for 2.4 kernels and is fixed in 2.4.32-rc1. Issue 2 is fixed in 2.6.11.2. Issue 1 is apparently fixed in 2.6.8.1. You didn't even address the problems with the other two links you provided, so I assume you're conceding that they're non-issues. The fact that you don't comprehend that something that hasn't been updated in nearly 6 years might just possibly be out of date means that anything you say might have to be taken with a pretty huge grain of salt. Also, what do you mean by "++"? You keep using it. Are you using it to mean "increment"? So, by "6++", do you mean 7? Also, in what way do I "show the remotely exploitable unpatched security vulnerabilities in Linux aren't fixable by the end user!"?

You then go on about some security issues in Windows and how to work around them by disabling features and claim that, by pointing out that the listed issues are fixed or patched already that I'm providing excuses, not fixes. I don't have to provide new fixes for them, since the old fixes work fine. Then you go on about 3 supposed vulnerabilities in the latest Linux kernel being 20. Which 3 vulnerabilities? The ones from the links you provided which are all fixed already? And what do you mean they're in the "latest kernel"? They were all in the 2.6 or 2.4 series.

As for Windows or Linux being more secure. Frankly, absent gaping flaws, I generally see security these days as having more to do with the user and usage profile of the machine than the particular operating system. Microsoft has mostly gotten their act together on security. As for security bugs, all major operating systems have them, both discovered and as yet undiscovered. It's a simple fact of life.

Linux extinction data (overall marketshare)

http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8&qpcustomd=0

Says it all. 20 yrs. of existence and dead last in terms of overall marketshare on desktops.

Linux has its niche on servers because there's no cost to use it and that's the only reason it hangs on at all. Cheap.

(That "cheap" shows through in 3 multi-part unpatched security vulnerabilities (that actually come out to many more than 3 when you look at them) that are remotely exploitable!

* You were also unable to show work-arounds that an end user could do either as you were asked to do.
So much for Penguins knowing their own OS "weapon of choice" & I do mean WEAPON in the case of Linux, because hacker/crackers certainly ARE taking advantage of it... see these recent exploits:

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com (runs Linux) Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

Then, there's ANDROID also, and it's showing us all that all the FUD on /. for years now that Linux is secure is just that, fud. It's being torn up in the hundreds with exploits and yes, ANDROID uses Linux kernel.

There's also the 4 CA's breached that run Linux also:

http://uptime.netcraft.com/up/graph?site=StartCom.com
http://uptime.netcraft.com/up/graph?site=GlobalSign.com
http://uptime.netcraft.com/up/graph?site=Comodo.com
http://uptime.netcraft.com/up/graph?site=DigiCert.com

(Mind you: All that I posted? Has occurred in the past few months now, & VERY recent!)

APK

P.S.=> As to "extinction" well... This entire article's replies seem to insinuate that the Penguins "fear" this secure boot feature WILL make Linux extinct (I doubt that, but read some of the replies besides our own) & Linux's overall marketshare on desktops doesn't help...

... apk

Re:Linux extinction data (overall marketshare)

[tragedy]

Wow. Two replies from you to my reply. Well then. With regards to Desktop market share, there aren't really any big surprises there. People have to actually know what an Operating System even is before they can actually choose one. In my experience, a good 70% of computer users don't even know what an OS is, let alone that they have a choice of what to use. I feel a bit dirty even visiting that site since they're affiliated with Alexa. I've removed their adware/spyware from hundreds of Windows machines and don't exactly have fuzzy feelings towards them. If the numbers from that site actually come from the Alexa spyware, then I would think there's a bias towards reporting the operating system of the kind of people who allow that spyware to be installed on their systems in the first place.

The low cost is a plus for servers, but it's also popular because it's a Unix variant. Also, because the kinds of people who become system administrators tend to be the kind of people who are enthusiasts for computer technology and like playing around with it. Linux is ideal for that. I've addressed the supposed 3 vulnerabilities you've talked about relentlessly in your many posts. You're using outdated information. That said, I'm sure there are other vulnerabilities in Linux, just as I'm sure there are other vulnerabilities in Windows and in Mac OS, and any other OS out there.

As for being unable to show workarounds to the issues you listed. I showed that the issues you listed aren't issues anymore. What more could you reasonably want?

As for websites being exploited. Happens all the time regardless of OS or web server software. Once again, it comes down more to security practices than to particular choice of OS. Take the recent Certificate Authority exploits as an example. It shouldn't have even been possible to compromise the keys in the first place as they shouldn't have been on machines connected to the Internet. That it could happen was a failure of security process.

Android has security vulnerabilities for sure. As do IOS, Windows Mobile (my current phone is a Windows Mobile phone, overall I'm unimpressed), Blackberry, etc. No big surprises there.

As to "extinction", you're back-pedalling. You're the one who brought it up, implying that Linux folks were going to reprehensible lengths to avoid it. So, I'll ask again, what reprehensible lengths are they going to? Also, how can you justify claiming that there's nothing to worry about, while simultaneously claiming that there's some sort of extinction to avoid?

P.S. It's confusing when you reply multiple times to my reply. It makes the thread complicated to follow.

I wouldn't run that CA on Linux then

4/5 CA's breached recently ran Linux:

http://uptime.netcraft.com/up/graph?site=StartCom.com
http://uptime.netcraft.com/up/graph?site=GlobalSign.com
http://uptime.netcraft.com/up/graph?site=Comodo.com
http://uptime.netcraft.com/up/graph?site=DigiCert.com

Linux also has 3 multipart (so, more like a lot more than 3 actually exist) unpatched security vulnerabilities in its latest mainstream kernel (2nd one is patched in 2.6.19 update though, but the 3rd one below has existed for 6++ yrs.)):

http://secunia.com/advisories/44754/
http://secunia.com/advisories/19402/
http://secunia.com/advisories/14295/

---

NOW - Patching Windows Server 2008's 2 remotely exploitable unpatched security vulnerabilities is CAKE though (via easy workarounds - can you do the same for the list of unpatched remotely exploitable security vulnerabilies in Linux?):

http://secunia.com/advisories/41874/ [secunia.com]

That one for Windows? ColorUI.DLL??

What would you need that for in a SERVER first of all, especially one run in "headless" mode???

It's also EASILY worked-around, via 1 of 2 methods:

1.) Unregister the offending DLL (colorui.dll) IF it is of an OLE Server type lib/dll (or blow it off the disk & replace it with a stub until a patch releases, replacing it in "System File Protection Areas" Windows maintains also, to stop it being replaced again with a non-patched model...).

or

2.) Run in headless mode (which many servers do, & they run MORE EFFICIENTLY by not running the GUI too this way).

---

http://secunia.com/advisories/41984/ [secunia.com]

That one's EVEN EASIER!

All one has to do, is inspect the %PATH% environment var (echo %PATH% via commandline OR use the SYSTEM icon in control panel to edit it, both systemwide globally, OR by user profiles!).

* Also - it might also be a GOOD IDEA to disallow apps that run by batch using SET statements also (they can SET & append things to the %PATH%)...

APK

P.S.=> On this issue though, in secure boot firmware? Seems that Linux = out of luck with next gen PC hardware then, in terms of secure boot functionality (unless it can get control of those keys, or find friendly hardware makers that allow some other (or that) work-around...)!

However, think about this: IF the firmware is an eeprom (eraseable/rewriteable), then WHY CAN'T THE LINUX FOLKS PICK A MOBO MAKER & WORK ON THAT TYPE OF WORK-AROUND? Is THIS possible in your estimation??

Heck - malware makers are out there doing THAT VERY THING, actually working @ the hardware level on BIOS exploiting that way (knew this was coming when I saw mobo maker utilities that allowed BIOS patching in Windows alone)

...apk

In other words - YOU CAN'T DO IT (I can)

I show easy workarounds for the 2 single problems in WinSrv2k8 though:

"I refuse to do some large research project for you" - by tragedy (27079) on Friday November 04, @06:38PM (#37953182)

First: It's not MY fault that Linux's remotely exploitable unpatched security vulnerabilities are SO NUMEROUS (and multi-part, beyond merely 3 issues)...

Second: You cannot produce what was asked of you: Show easy work-arounds the end-user can perform to fix said remotely exploitable security vulnerabilities in Linux's latest mainstream kernel (whereas I can for Windows Server 2008 a full "distro" no less)...

(No, after your failure to do what I asked of you, it seems more like you are incapable of doing that... & so is the Linux community in general apparently, because as you said, some of those issues have been outstanding for 6++ yrs. now!)

---

"The fact that you don't comprehend that something that hasn't been updated in nearly 6 years " - by tragedy (27079) on Friday November 04, @06:38PM (#37953182)

Uhm, that is the LATEST mainstream Linux kernel mind you... & again, it's NOT MY FAULT the folks working on it let unpatched remotely exploitable security vulnerabilities exist on it (possibly explaining all the security breaches I noted in the 4 CA's, Kernel.org, Linux.com, & even MySQL.Com being breached!)

---

"You then go on about some security issues in Windows and how to work around them by disabling features " - by tragedy (27079) on Friday November 04, @06:38PM (#37953182)

Features you DO NOT NEED on Windows Server 2008 in "servercore/headless mode" (or you can perform the unregister colorui.dll trick too and keep your gui - NOT LOSING FUNCTIONALITY, so you are WRONG again... lol!)

Also, the %PATH% issue doesn't "disable functionality" either:

It's merely an edit in the SYSTEM icon control panel ENVIRONMENT area, or even registry work here:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment

---

* So, you can try to "rib on me" about my posting as ac, but this ac has apparently "kicked your ass" on ALL fronts, easily... so much for being a "registered 'luser'" here, or Penguin in general (especially if "little ole' me" can sweep the floor with your kind SO easily)...

APK

P.S.=> Better luck next time... & tell the Linux kernel team to work on the 6++ yrs. outstanding security issue too (as well as the other multipart issues still outstanding in Linux as remotely exploitable)...

... apk

Re:In other words - YOU CAN'T DO IT (I can)

[tragedy]

Anonymous Coward, apparently also known as APK wrote:

I show easy workarounds for the 2 single problems in WinSrv2k8 though

Good for you. Really. You get a biscuit. I don't recall ever saying that you couldn't.

First: It's not MY fault that Linux's remotely exploitable unpatched security vulnerabilities are SO NUMEROUS (and multi-part, beyond merely 3 issues)...

Second: You cannot produce what was asked of you: Show easy work-arounds the end-user can perform to fix said remotely exploitable security vulnerabilities in Linux's latest mainstream kernel (whereas I can for Windows Server 2008 a full "distro" no less)...

First: It's not your fault that the security vulnerabilities are so numerous. It is your fault that you didn't do the research to make sure that the vulnerabilities you're going on about still exist. It should occur to anyone capable of basic reasoning that a security notice that hasn't been updated in nearly 6 years might be out of date.

Second: Have you stopped beating your wife? Yes or no? Why should I produce workarounds the end user can perform beyond updating the kernel through the regular update tool. If you had actually provided a single exploit that wasn't already fixed or worked around, then you might have a point, but none of the exploits in the links you provided fit into that category. If you'd actually read what I'd written, you might know that. You keep writing that there are outstanding issues that have existed for "6++" years, as you put it. I already gave you the kernel release numbers where all of those issues were fixed. You can't just keep claiming that those are still outstanding issues. The fact that you still insist that they are just shows that you either have poor comprehension, or some sort of bizarre pathology. If you insist that those issues are still outstanding, the ball is in your court for you to prove it with some valid source.

Then, dear me, you do the loud crowing about supposed victory again. That's something people with a mental age of five do. Declaring victory in a debate by loudly repeating yourself with your fingers in your ears doesn't make it so. Also, when did I rib on you about posting as AC?

Quit crying like a 2 yr. old already (lol)

You couldn't live up to what was asked of you here http://tech.slashdot.org/comments.pl?sid=2506468&cid=37953256 and you blew it on other areas too, like saying I was disabling functionality, lol, when I did no such thing.

APK

P.S.=> Also your screwup on saying I was "disabling functionality"? Now, THAT was "classic", lol... apk

Re:Quit crying like a 2 yr. old already (lol)

[tragedy]

How did I not live up to what was asked of me? The easy workaround to the issues you mentioned is to use the automatic update tool in the distro you're using to get the latest kernel that doesn't have the security issue in it. I showed you where all of the issues you mentioned had actually been fixed. Your assertion is ridiculous. You also seem to ignore pretty much every question I've asked of you, whereas I've made a good faith effort to answer yours.

As for disabling functionality, your two solutions for the colorui.dll problem are either to run in headless mode, which at least counts as not making use of functionality, or to unregister and remove the offending DLL. Tell me, if you do this, how do you use the color control panel applet? You can argue that it's functionality you don't need, but there's no sane way you can argue that it isn't disabling some functionality. For the other issue, you said that it would be a "GOOD IDEA to disallow apps that run by batch using SET statements". Once again, hard to argue that setting up a situation where some things can't run isn't disabling some functionality.

I really would be interested in you actually addressing some of the things I've said rather than just evading.

2.6 Linux has partial or NO fixes on these

"I showed you where all of the issues you mentioned had actually been fixed" - by tragedy (27079) on Friday November 04, @10:29PM (#37954676)

Where? I see there are 2 MULTI-PART ISSUES with unpatched security vulnerabilities, that are REMOTELY EXPLOITABLE in them, & within the 2.6 mainstream Linux kernel that do NOT have solutions here:

PARTIAL FIXES ONLY PRESENT HERE:

http://secunia.com/advisories/44754/ (still has issues #'s 3,4,8 & 9 are STILL UNRESOLVED - show us how you can work-around them, as I did in the 2 single unpatched security vulnerabilities in Windows Server 2008 & I did so without disabling functionality in the colorui.dll issue (headless/servercore mode, OR unregistering said DLL)

NO FIXES @ ALL ARE PRESENT HERE:

http://secunia.com/advisories/14295/ (NOT A SINGLE ONE IS FIXED HERE, & there's 18 OF THEM!)

(And, mind you - that's the LINUX 2.6 KERNEL only - the other parts of Linux of FULL Linux distros in apps & more probably add more).

Like I said to you before? LIES aren't helping you... see above!

---

"Tell me, if you do this, how do you use the color control panel applet?" - by tragedy (27079) on Friday November 04, @10:29PM (#37954676)

#1 - In "servercore/headless mode", why would I do that?

#2 - On a server PERIOD, why would I NEED IT FOR??

(I don't know if you KNOW this or not, but, much of the time servers are SETUP in VGA mode - because it's DAMN STABLE!)

* The %PATH% parsing expansion issue is a non-issue, editing the path via SYSTEM ICON/Environment does that or editing the registry here HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment

APK

P.S.=> On a workstation, you MIGHT need colorui.dll, but on a server?? Come on, lol... apk

Re:2.6 Linux has partial or NO fixes on these

[tragedy]

Anonymous Coward signing as APK wrote:

http://secunia.com/advisories/44754/ (still has issues #'s 3,4,8 & 9 are STILL UNRESOLVED - show us how you can work-around them, as I did in the 2 single unpatched security vulnerabilities in Windows Server 2008 & I did so without disabling functionality in the colorui.dll issue (headless/servercore mode, OR unregistering said DLL)

Ok. Considering that you've claimed I have reading comprehension difficulties, I find this amusing. From the same page you linked to:

Vulnerabilities #1, #6, and #7 are fixed in version version 2.6.39.3 and 2.6.35.14. Vulnerabilities #2 through #5 and #10 are fixed in version 2.6.35.14.

So, that's vulnerabilities #1,2,3,4,5,6,7 and 10, fixed in version 2.6.35.14. I previously mentioned that there was a patch for 8, and 9 requires special capabilities applied to the user or application.

For http://secunia.com/advisories/14295/, all 18 of those issues have been fixed, not none of them. This is the one that hasn't been updated on the secunia site in nearly 6 years. What a shocker that a notice that hasn't been updated doesn't have up to date information. I previously wrote:

Issues 4-18 from that page are fixed in kernel 2.6.11. Issue 3 is only for 2.4 kernels and is fixed in 2.4.32-rc1. Issue 2 is fixed in 2.6.11.2. Issue 1 is apparently fixed in 2.6.8.1.

Once again, the ball is in your court to prove that those 18 issues from an out of date notice are still issues since they're listed as fixed in other sources.

As for the third link you were proudly posting before and now seem to be silently ignoring: http://secunia.com/advisories/19402/, despite the many times you posted it, you were apparently incapable of reading the part of it that said:

Solution
Update to version 2.6.16.1.

As for your fixes to the Windows issues disabling functionality, you're not actually saying that they don't disable functionality, just that you don't think the functionality is important. I agree that it's probably not very important functionality, but it's still functionality that's being disabled. I'm only making an issue of this because you attempted to lambast me and label me a liar for saying that your fixes disabled functionality. Your fixes do, so my statement, which wasn't of any real importance anyway, was accurate.

LEARN TO READ (you messed up)

NO FIXES @ ALL ARE PRESENT HERE:

http://secunia.com/advisories/14295/

NOT A SINGLE ONE IS FIXED HERE (& there's 18 OF THEM!) & I'll even QUOTE secunia on that now:

"Secunia is currently not aware of an updated kernel version addressing the vulnerabilities."

(And, mind you - that's the LINUX 2.6 KERNEL only - the other parts of Linux of FULL Linux distros in apps & more probably add more).

AND

PARTIAL FIXES ONLY PRESENT HERE:

http://secunia.com/advisories/44754/

Still has issues #'s 3,4,8 & 9 are STILL UNRESOLVED - you SCREWED UP LARGE!

Now, show us how you can work-around them, as I did in the 2 single unpatched security vulnerabilities in Windows Server 2008 & I did so without disabling functionality in the colorui.dll issue (headless/servercore mode, OR unregistering said DLL)

* Like I said to you before? LIES aren't helping you... see above!

APK

P.S.=>

"As for your fixes to the Windows issues disabling functionality, you're not actually saying that they don't disable functionality, just that you don't think the functionality is important. I agree that it's probably not very important functionality, but it's still functionality that's being disabled. " - by tragedy (27079) on Friday November 04, @11:47PM (#37955094)

NOT THE POINT - Point is, I CAN FIX THEM/WORK-AROUND THEM (especially when unnecessary), & you can't with the lists of errors above, & apparently, neither can anyone else from the Linux camp... period!

... apk

Re:LEARN TO READ (you messed up)

[tragedy]

An anonymous coward signing as APK wrote:

NO FIXES @ ALL ARE PRESENT HERE:

http://secunia.com/advisories/14295/

NOT A SINGLE ONE IS FIXED HERE (& there's 18 OF THEM!) & I'll even QUOTE secunia on that now:

"Secunia is currently not aware of an updated kernel version addressing the vulnerabilities."

You really are just sticking your fingers in your ears and saying "LA LA LA I can't hear you", aren't you? That notice is completely out of date. All of those issues are fixed. When they say that they are "currently not aware of an updated kernel version addressing the vulnerabilities", they're writing that nearly 6 years ago. They created the notice, then they abandoned it and didn't update it when fixes for the issue came about. I already listed the kernel versions where all of those were fixed, and I'll do it again:

Issues 4-18 from that page are fixed in kernel 2.6.11. Issue 3 is only for 2.4 kernels and is fixed in 2.4.32-rc1. Issue 2 is fixed in 2.6.11.2. Issue 1 is apparently fixed in 2.6.8.1.

You haven't disproven that at all. All you've done is repeated your tired old outdated, obsolete Secunia link over and over again without any rational analysis of it.

As for where you wrote:

PARTIAL FIXES ONLY PRESENT HERE:

http://secunia.com/advisories/44754/

Still has issues #'s 3,4,8 & 9 are STILL UNRESOLVED - you SCREWED UP LARGE!

You complete moron! Can't you even read, in the very notice you're linking to, that issues 3 and 4 on that list are resolved? It says "Vulnerabilities #2 through #5 and #10 are fixed in version 2.6.35.14". In case you weren't aware (although you should, because I've already told you more than once) "#2 through #5" parses as #2,3,4,5. That includes 3 and 4. Do you understand that? Do you have some sort of argument as to how it doesn't, or are you capable of admitting that you made a mistake? As for 8 and 9, I discussed how those could be worked around, but I did a little more digging and found out that it's unnecessary anyway. I downloaded the source for 2.6.39.4 and had a look at l2cap_core.c which includes a version of Dan Rosenberg's patch:
/* Reject if config buffer is too small. */
len = cmd_len - sizeof(*req);
if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
l2cap_build_conf_rsp(sk, rsp,
L2CAP_CONF_REJECT, flags), rsp);
goto unlock;
}

nl802.11.c includes:

i = 0;
if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
request->ssids[i].ssid_len = nla_len(attr);
if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) {
err = -EINVAL;
goto out_free;
}

SMALL CORRECTION (U still messed up)

NO FIXES @ ALL ARE PRESENT HERE:

http://secunia.com/advisories/14295/

NOT A SINGLE ONE IS FIXED HERE (& there's 18 OF THEM!) & I'll even QUOTE secunia on that now:

"Secunia is currently not aware of an updated kernel version addressing the vulnerabilities."

(And, mind you - that's the LINUX 2.6 KERNEL only - the other parts of Linux of FULL Linux distros in apps & more probably add more).

AND

PARTIAL FIXES ONLY PRESENT HERE:

http://secunia.com/advisories/44754/

Still has issues #'s 8& 9 are STILL UNRESOLVED - you SCREWED UP LARGE!

Now, show us how you can work-around them, as I did in the 2 single unpatched security vulnerabilities in Windows Server 2008 & I did so without disabling NEEDED functionality in the colorui.dll issue (headless/servercore mode, OR unregistering said DLL)

* Like I said to you before? LIES aren't helping you... see above!

APK

P.S.=>

"As for your fixes to the Windows issues disabling functionality, you're not actually saying that they don't disable functionality, just that you don't think the functionality is important. I agree that it's probably not very important functionality, but it's still functionality that's being disabled. " - by tragedy (27079) on Friday November 04, @11:47PM (#37955094)

NOT THE POINT - Point is, I CAN FIX THEM/WORK-AROUND THEM (especially when unnecessary as in colorui.dll on servers, & the %PATH% issue? A NON-ISSUE YOU CAN EASILY EDIT via GUI or registry edit), & you can't with the lists of errors above, & apparently, neither can anyone else from the Linux camp... period!

... apk

Re:SMALL CORRECTION (U still messed up)

[tragedy]

You double posted. My reply to the first version of this you posted is at 37958398.

I did & it KICKED UR ASS (U FAIL)

NOT A SINGLE ONE IS FIXED HERE (& there's 18 OF THEM!) & I'll even QUOTE secunia on that now:

http://secunia.com/advisories/14295/

"Secunia is currently not aware of an updated kernel version addressing the vulnerabilities."

* KINDLY SHOW US PROOF THEY ARE FIXED (all 18 of them) as you stated... I'll be waiting, but until then? YOU HAVE FAILED!

Funniest part is, the "captcha" is CLINCHER, lol... & this IS the "clincher" to finish you off with...

APK

P.S.=> Additionally - The other STILL IS MISSING PATCHES FOR ISSUES #8&9, & right here:

PARTIAL FIXES ONLY PRESENT HERE:

http://secunia.com/advisories/44754/

Still has issues #'s 8& 9 are STILL UNRESOLVED - you SCREWED UP LARGE!

... apk

Re:I did & it KICKED UR ASS (U FAIL)

[tragedy]

You are such a duplicitous idiot. I'm sorry to feed a troll. I'm especially sorry I went to so much trouble to feed a troll. Here goes anyway.
You say that:

NOT A SINGLE ONE IS FIXED HERE (& there's 18 OF THEM!) & I'll even QUOTE secunia on that now:

http://secunia.com/advisories/14295/

"Secunia is currently not aware of an updated kernel version addressing the vulnerabilities."

Once again, your reading comprehension and comprehension in general are simply broken. That is an advisory from nearly 6 years ago with incomplete information in the summary. If you bothered to dig deeper than the summary, the links to the CVE's on that page directly state that 9 of those 18 problems are fixed. The other 9 are also fixed, although the information directly on that Secunia page doesn't say so, but other sources do. Since you asked me to "KINDLY SHOW US PROOF THEY ARE FIXED (all 18 of them) as you stated..." (even though the responsibility is yours to prove that information that old is actually correct rather than mine to prove it wrong), here's some additional information:

#1 is covered by CVE-2005-0176, which is addressed at http://secunia.com/advisories/cve_reference/CVE-2005-0176/, which specifically says that it affects only kernel versions 2.6.9 and earlier.

#2 is covered by CVE-2005-0178, which is addressed at http://secunia.com/advisories/cve_reference/CVE-2005-0178/, which specifically says that it affects only kernel versions before 2.6.8.1.

#3 is covered by CVE-2005-0204, which is addressed at http://secunia.com/advisories/cve_reference/CVE-2005-0204/, which specifically says that it affects only kernel versions before 2.6.9

#4 is covered by CVE-2005-0177, which is addressed at http://secunia.com/advisories/cve_reference/CVE-2005-0177/, which specifically says that it affects only kernel versions before 2.6.8.1.

#5 is covered by CVE-2005-0209, which is addressed at http://secunia.com/advisories/cve_reference/CVE-2005-0209/, which specifically says that it affects only kernel version 2.6.8.1.

#6 is covered by CVE-2005-0210, which is addressed at http://secunia.com/advisories/cve_reference/CVE-2005-0210/, which specifically says that it affects only kernel version 2.6.8.1.

#7 is covered by CVE-2005-0449, which is addressed at http://secunia.com/advisories/cve_reference/CVE-2005-0449/, which specifically says that it affects only kernel versions before 2.6.8.1.

#8 is covered by CVE-2005-0839, which is addressed at http://secunia.com/advisories/cve_reference/CVE-2005-0839/, which specifically says that it affects only kernel versions before 2.6.11.

#9 is covered by CVE-2005-0937, which is addressed at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0937, updated 08/21/2010. It It lists affected kernel versions and they stop at 2.6.9.

#10 is covered by CVE-2005-0867, which is addressed at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0867 updated 08/21/2010. It lists affected kernel versions and the only version is 2.6.0. Confirmed fixed in 2.6.9.

#11 is covered by CVE-2005-0135, which is addressed at http://web.nvd.nist.gov/view/vuln/

Re:I did & it KICKED UR ASS (U FAIL)

If Linux is "so great" how come its marketshare's so insignificant http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8&qpcustomd=0 with users? It's security lately also looks very poor also per this post's data http://tech.slashdot.org/comments.pl?sid=2506468&cid=37972974 noting many breaches of Linux systems, including its own kernel repository, the past few months. I have been following this post and your exchanges, and both systems have problems but your denials don't seem to jive with secunia's data tragedy, and there's no denying almost no one uses Linux, and that Linux has been breached rampantly lately (especially Android models of it).

Re:I did & it KICKED UR ASS (U FAIL)

[tragedy]

I think the answer to your first question is fairly obvious. It's because the vast majority of people don't even know what an Operating system is, let alone that they have a choice, and Windows comes pre-installed on just about every computer. Also, what is with you replying twice to my post and linking to your first reply in your second reply? Seriously, there's something wrong with you.

Re:I did & it KICKED UR ASS (U FAIL)

Excuses, excuses. Linux is in last place because it's not as good as Windows. Fact. Argue with the numbers.

Re:I did & it KICKED UR ASS (U FAIL)

[tragedy]

Linux isn't actually in last place. There are diehards out there still using Amigas and people running their desktops on BSD variants and Solaris. But, yes, it's certainly a long way from mainstream. By and large, that's the way I prefer it actually. For one reason, for exactly the reason you gave about more exploit attempts appearing for more popular Operating Systems. I prefer my OS to be less of a target. Also, being mainstream, or trying to be (a la Unity in the latest Ubuntu), can lead to some really bad design decisions. At least, to me they're bad design decisions. To the general public they may be great, but I've long since realized that the average computer user doesn't represent me at all.

As for Linux not being as good as Windows, in what sense? I can do everything I need and want to do with Linux. My systems seem to be stable and secure. What else is there? Your assertion that market share is directly proportional to quality is laughable when you look at how people actually buy things. Wal~Mart is a leviathan for a reason.

Finally, I find it laughable that you say to argue with the numbers. Incredibly hypocritical from the guy who continuously refused to accept that a nearly six year old advisory might not be current any more. Frankly, you just don't have much credibility in my eyes.

Linux still has unpatched remote bugs (U FAIL)

NOT A SINGLE ONE IS FIXED HERE (& there's 18 OF THEM!) & I'll even QUOTE secunia on that now:

http://secunia.com/advisories/14295/

"Secunia is currently not aware of an updated kernel version addressing the vulnerabilities."

* KINDLY SHOW US PROOF THEY ARE FIXED (all 18 of them) as you stated... I'll be waiting, but until then? YOU HAVE FAILED!

Funniest part is, the "captcha" is CLINCHER, lol... & this IS the "clincher" to finish you off with...

Your "work arounds" you CLAIM to have posted, well... why have they NOT been propogated to all kernel builds of 2.6x as well then?

I'd like to SEE your "work-arounds" for the unpatched issues then please... As well as updated information that shows the one with no fixes above HAS fixes, & if so? Why again IS IT NOT PROPOGATED TO ALL LINUX 2.6x kernel builds?

APK

P.S.=> Additionally - The other STILL IS MISSING PATCHES FOR ISSUES #8&9, & right here:

PARTIAL FIXES ONLY PRESENT HERE:

http://secunia.com/advisories/44754/

Still has issues #'s 8& 9 are STILL UNRESOLVED - you SCREWED UP LARGE!

... apk

You're FULL OF IT, that advisory says

This, verbatim -> Solution Secunia is currently not aware of an updated kernel version addressing the vulnerabilities.

Also, if Linux is SO SECURE, then why did all of these breaches happen on it recently?

4/5 CA's breached recently ran Linux (from http://itproafrica.com/technology/security/cas-hacked/ & slashdot's recent article on digicert):

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

http://uptime.netcraft.com/up/graph?site=DigiCert.com

Hmmm?

How about these breaches of security on Linux also??

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/ [theregister.co.uk]

---

Mysql.com (runs Linux) Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

*That's ALL pretty current information... very recent too, & as anyone reading can see? Linux isn't really "big" on security, especially lately!

APK

P.S.=> And, lastly of course? There's ANDROID (a Linux variant/uses Linux kernel) so please, tell us - how's ANDROID doing on the security front?? Not very well...

This is sort of funny on that note in fact: I tried to post all of the known security issues I have catalogued here for it, & SLASHDOT's FORUM ENGINE CAN'T EVEN HANDLE THE LOAD (too many is why)...

Fact is, Android shows anyone that once Linux got a decent share of market on a platform, it too, can be found to be insecure & was benefitting on PC's via "security-by-obscurity" only (lack of widespread usage vs. competitors) & since nobody was using it? Why bother attack it (mindset of hacker/cracker types is this) - this is, how it REALLY is. All the "fud" you heard on /. for years was "LINUX IS SECURE, WINDOWS IS NOT" b.s. ... so much for that, in light of current information above!

Re:You're FULL OF IT, that advisory says

[tragedy]

An Anonymous Coward signing as APK wrote:

This, verbatim -> Solution Secunia is currently not aware of an updated kernel version addressing the vulnerabilities.

This, verbatim -> Last Update 2005-12-01

Now, try to put those two things together. I know you can if you really, really try. See, the way it works is that, when they wrote "currently", they meant in 2005. Then they never updated the page again. In the meantime, the security problems were fixed, but the page remained the same. Do you grasp that concept? So, the advisory doesn't say I'm full of it, as your subject line states, because it's from nearly 6 years ago, but I'm talking about the present.

As for your examples of Certificate Authorities being hacked, I should point out that I never claimed that Linux was somehow unhackable. All I ever claimed was that the three links you provided of supposed unpatched security vulnerabilities were not in fact unpatched. Given that one of the links you gave said right on the Secunia page that it was already fixed, the other two said that most of the issues had been fixed and that I then showed that all of the outstanding issues had been fixed, I think that I'm completely vindicated there. You're clearly not mature enough to admit when you were wrong. All you seem to know how to do is evade and move on to new claims.

So, there are ways to break into a Linux system, just as there are ways to break into a Windows system. Many of those ways don't rely on flaws in the Operating System. Security is about a lot more than just the OS. The CA's that were compromised clearly had bad security overall.

I should also point out that, although the attack on those CA's could have started through their web servers, and their web servers could have also been the actual key signing boxes (perfect example of stupid security design), it's naive of you to assume that their entire infrastructure used the same OS as their web server.

As with the other sites you listed that were compromised, all I can do is repeat myself. Linux itself and server software that runs on it can be insecure, or poorly secured, just like Windows or Mac OS, or any other Operating System you care to name. Linux is neither significantly better or significantly worse than Windows in that regard.

As for your postscript about Android, I am once again not shocked in the slightest that an OS for cell phones has security issues. What you say about any popular Operating System being subjected to more attacks is also true. As for "fud" about Linux being secure and Windows not being so, I should point out that Linux users have never been in a position to actually spread much Fear, Uncertainty and Doubt about Windows due to the marketplace dominance of Windows. There's been plenty of FUD from Windows users and Microsoft itself about Linux over the years. Overall, I try not to pay too much attention to hyperbole from either side and simply use what I prefer.

Re:You're FULL OF IT, that advisory says

For years here I kept reading from people that Linux is secure and earlier than 2005 to the present day. The lists of exploits at secunia show quite otherwise as does ANDROID, a Linux kernel using OS.

The security breaches around Linux that were posted are very recent which really doesn't help its case either because for all those years, security issues kept popping up in it.

The number of breaches recently occurring on pretty important Linux bearing systems, especially the CA's and KERNEL.ORG (linux's sourcecode repository iirc) only goes to further my point that much of what you heard on slashdot was fud.

All the excuses you or others make, trying to "pass the buck" don't make those evidences I posted "go away" either.

APK

Re:You're FULL OF IT, that advisory says

[tragedy]

Well, the Linux vs Windows security argument goes back a long way. All the way to the early days of Linux, which back to the first big version of Windows: 3.1. 3.1 didn't really have any security to speak of. A Unix variant, just by virtue of having file permissions, was light years ahead in terms of security. For about the first decade of the existence of Linux, Microsoft quite evidently took security for granted in its operating systems. The fact that, for the longest time, autorun would run any executable an autorun.bat file told it to without prompting the user and without an easy option to disable it shows that. Since around XP SP2 or so, Microsoft has been getting its security act together more. I will certainly grant that, at the moment, Microsoft seems to pay attention to security in Windows as much as the Linux community pays attention to security in Linux. Right now, I couldn't, with any confidence, say that either is more secure than the other. We see security goofs from both Windows and Linux, but we no longer see the gaping, security-blind holes that Microsoft was formerly known for. Many of the people using Linux still remember the lousy security record Microsoft had in the old days. Some things form a persistent opinion that doesn't change easily.

As for Android, which you keep bringing up, it's a completely different beast than standard Linux. It uses a version of the Linux kernel, but it's not a typical distro. It's still pretty immature, and it suffers from the same problem that Microsoft used to (and many are sure that it still does): the notion that user convenience is more important than security. Android is still relatively immature and should improve with time.

I wonder, how do you expect anyone to take you seriously in a conversation if you never bother to address their points and keep pushing your own? The best you seem to be able to manage about the fact that all of your examples from Secunia (which you have some strange obsession with) were out of date and already fixed (most of them half a decade ago), is to remain silent on them. No mea culpa from you. No admission that you could have been mistaken. You posted them again and again and again even in the face of direct evidence (in many cases right in the linked page itself, or in its sub-pages) that they weren't valid any more, along with childish declarations that you'd "KICKED [my] ASS", or that half-decade advisories say I'm "FULL OF IT" or that I'm "crying like a 2 year old" or that "[I] can't do it" (regarding working around already fixed security holes), or that I'm "telling lies". You said all of those things, but you don't offer so much as an admission that you're mistaken. I've gotten into long, sometimes heated, discussions like this one before (although, frankly this one was only so long because you were apparently incapable of keeping track of which of your assertions had already been concretely disproven), and they usually actually end fairly amicably when people with differing viewpoints listen to what I have to say and I listen to what they have to say. That works with rational people. You haven't shown any sign of being a rational person. You just have some sort of bizarre anti-Linux agenda to push and you'll push it, deriding anyone who disagrees with you, and ignoring reality even when it's carefully shown to you.

Oh well. At least you've shown that you're capable of posting without all the bolding and writing in all caps and bizarre punctuation.

Linux isn't as good as Windows

In this/these sense(s) - & I ran it for all of summer 2010 into 2011, & before that (Slackware 1.02 circa 1994, RedHat 6.x, etc. on & off over time - I always come back to Windows, & some of the reasons for that are below):

"As for Linux not being as good as Windows, in what sense?" - by tragedy (27079) on Tuesday November 08, @03:10PM (#37989440)

1st - Linux also doesn't have as high quality drivers or as many because board makers KNOW what is "running the show/market " out there, Windows - so, they cater to it immensely!

2nd - Nor does Linux have as many games, by FAR, either (this is mostly the home market in fact!)

3rd - Linux only has 1.19% of marketshare amongst users on the desktop, see here -> http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8&qpcustomd=0

4th - Despite all those "Open 'SORES'" eyes (most of whom couldn't code to SAVE THEIR LIVES mind you) allegedly poring over Linux code, how come it has that many more unpatched bugs than Windows 7 has, hmmm?? Not just remote exploits but bugs period (localsystem & localnetwork exploitable) -> http://secunia.com/advisories/product/2719/?task=advisories

Closed source is HARDER for hacker/crackers to attack as well, because you're stuck either disassembling it (especially tough with kernel level debuggers) OR fuzzing it, either is tougher than searching out problems in Linux, which you just load into a compiler & step trace its "Open 'SORES'" code with to find screwups in security... hence it still has more security bugs, AND, they are unpatched (despite all the "Open 'SORES'" eyes poring over it, lol!)

* There you go...

APK

P.S.=> There IS A REASON LINUX IS DEAD-LAST IN THE EYES OF USERS OVERALL (& the only REAL REASON it gets used @ all is because it's a 'freebie', low cost = appealing to businesses, that is, until Linux gets breached (& there's plenty of CURRENT DATA on that from my posts here in the CA breaches, KERNEL.ORG, MySQL.org & others being penetrated & yes, they run Linux))... apk

Re:Linux isn't as good as Windows

[tragedy]

1st. Circular reasoning. You're claiming that Linux is worse because vendors don't pay as much attention to it because it's a smaller market because it's worse. In any case, Linux drivers for most things seem to be more than acceptable.

2nd. Games? Seriously? I like games, really, but it's not a convincing argument for which OS to use. Get a console. Oh, and also, that's the circular argument again. Game makers make games for Windows because Windows is the most popular (and also they enter into sweetheart deals with Microsoft in some cases) . So, if people use Windows because it has more games, then it's a self-fulfilling prophecy.

3rd. You're big on circular reasoning. As evidence for why Linux is worse because it has less marketshare, you present the fact that it has less marketshare. Brilliant, truly.

4th. "Open 'SORES'". Lovely. You haven't provided any meaningful comparison of bugs and vulnerabilities in Windows vs Linux. All you've done is present a link to a Secunia page (what is with you and Secunia?) that lists all kinds of advisories, including the three invalid ones you were touting in earlier posts. A list, by the way, that goes back to Linux kernel version 2.2, so it's hardly a valid comparison with just Windows 7. You would need to compare with all Windows versions in that time period. For that matter, you'd have to use some better methodology than just... Actually, you didn't use any methodology at all, you just made an unfounded statement and gave a link to a list of Secunia advisories for Linux. Also, if, as you claim, closed source is harder to exploit by hackers/crackers, then the bugs should be harder for third parties to find as well, hence fewer third party security advisories.

Your logic is invalid. You've sadly fallen back into your bizarre posting style. It's hard to take anything you say seriously when you apparently don't know how to mark a footnote with an asterisk properly.

As for your postscript, you fail to realize that most Windows users don't even actually know what Windows or an Operating System is, let alone what Linux is. It isn't dead last in their eyes because they're not even aware of anything else.

You make mistakes yet again

File permissions? Read Only (for example) has been around since DOS!

"Well, the Linux vs Windows security argument goes back a long way. All the way to the early days of Linux, which back to the first big version of Windows: 3.1. 3.1 didn't really have any security to speak of. A Unix variant, just by virtue of having file permissions, was light years ahead in terms of security." - by tragedy (27079) on Tuesday November 08, @03:44PM (#37989982)

AND? SeLinux was the ONLY THING that "bolted on" other forms of granularity of security (MAC - which is a COPY OF ACL'S IN WINDOWS... period!)

---

"For about the first decade of the existence of Linux, Microsoft quite evidently took security for granted in its operating systems." - by tragedy (27079) on Tuesday November 08, @03:44PM (#37989982)

Linux is only a HUGE RIPOFF of UNIX, and it is the thing that has been killing std. UNIX in fact, so all it is is carrying on over its ancestor (and yes, UNIX is its ancestor & Linux is classified as a form of UNIX).

---

"The fact that, for the longest time, autorun would run any executable an autorun.bat file told it to without prompting the user and without an easy option to disable it shows that." - by tragedy (27079) on Tuesday November 08, @03:44PM (#37989982)

AutoRun errors have happened in Linux - see here:

http://linux.slashdot.org/story/11/02/07/1742246/USB-Autorun-Attacks-Against-Linux

AND QUITE RECENTLY!

---

"Since around XP SP2 or so, Microsoft has been getting its security act together more." - by tragedy (27079) on Tuesday November 08, @03:44PM (#37989982)

Hmmm, recall the ACL/MAC data above? That's been around since early Windows NT... MS, since 1992 & Windows NT-based OS, has ALWAYS had it in mind (in fact, NT-based OS since 3.x series of them has had been given C2 status (ala the security "orange book")...

---

"I will certainly grant that, at the moment, Microsoft seems to pay attention to security in Windows as much as the Linux community pays attention to security in Linux." - by tragedy (27079) on Tuesday November 08, @03:44PM (#37989982)

CONCESSION (per my statement in my ps below)

---

"Right now, I couldn't, with any confidence, say that either is more secure than the other." - by tragedy (27079) on Tuesday November 08, @03:44PM (#37989982)

I think they both need work, & iirc, I even stated that in my 1st post, but I just do NOT like how the mantra around here for FUD was "Linux = secure, Windows != secure" type b.s.!

---

"We see security goofs from both Windows and Linux, but we no longer see the gaping, security-blind holes that Microsoft was formerly known for." - by tragedy (27079) on Tuesday November 08, @03:44PM (#37989982)

Linux has them too, see the AutoRun issue you overlooked above in fact... lol!

---

"Many of the people using Linux still remember the lousy security record Microsoft had in the old days. Some things form a persistent opinion that doesn't change easily." - by tragedy (27079) on Tuesday November 08, @03:44PM (#37989982)

I could put out a list of things (not just the current data I have been using in KERNEL.ORG, mySQL.org, The CA's being breached that ran Linux & more) that would make your HEAD SPIN from over time, & yes, on Linux + its weaknesses in security... would you like those? It'd only take me a minute...

---

"As for Android, which you keep bringing up, it's a completely different beast than standard Linux. It uses a version of the Linux kernel, but it's not a typical distro. It's

Re:You make mistakes yet again

[tragedy]

Read-only as a an example of security? Seriously? Any user of the system could change that with the attrib command. Read-only was only there so the absolutely clueless couldn't accidentally del things they shouldn't.

Additional security granularity from SELinux is nice, but was hardly necessary to have more security than Windows in the old days. Windows simply wasn't designed as a multi-user system from the start. It wasn't until Windows NT that it started to get real security, and those features didn't make it into mainstream windows until XP.

Linux isn't a "RIPOFF" of Unix. It is, as you state, a Unix system, descended from other Unix variants. That's not ripping off, that's just carrying the torch. Whether Linux has been killing off the other versions of Unix is an interesting question. I'd have to say that it's a big factor. The closed nature of many traditional Unix shops just couldn't compete with the open nature of Linux among the kind of people who prefer a Unix variant. The increasing complexity and expense of developing high-powered processors which has driven the desktop field pretty much entirely to Intel and AMD is a major factor as well. DEC, Sun, SGI and others all used to build their own hardware and provide their own Unix variants to go with their hardware. Now those days are gone, and those old school Unix variants are going with them.

Autorun from inserted media without warning is always a bad idea. Those Linux distros that do it hopefully learn their lesson fast. Years of it being a problem on Windows should have been all the lesson they needed. It's not an intrinsic Linux feature, fortunately.

I was thinking more of mainstream Windows than NT/2000. The fact that Microsoft saw security as a special extra feature for professionals only doesn't exactly make me think any better of their attitude towards security in that era.

The difference between the derision from the Linux side for Windows and the derision from the Windows side for Linux has always seemed to me to be how much from the Windows side actually came, through various avenues, from Microsoft itself. The dislike of Microsoft from many Linux users was well founded. Attitudes like yours towards Linux, I've never understood. No-one seems to be forcing Linux on you or the public at large, but the same can't be said for Windows. The security case against Microsoft has, however, traditionally been a pretty good one.

The autorun thing is quite shameful for those distros that implemented such features. It was especially shameful precisely because Windows had that gaping hole, that consistently caused major security issues over and over and over for years without doing anything about it. Nothing you can say now can change the fact that, in the past, Microsoft didn't have its security act together. A list of security breaches regarding Linux that you assembled wouldn't change it. For that matter, with your terrible record of checking your data, I'd be hard-pressed to pay attention to any list you've provided. I've spent way too much time in this thread doing your research for you while you make yourself look ridiculous deriding me over your incorrect information.

On to Android again. It doesn't matter if it has a Linux kernel, it's still not in the same family as a regular distro. Its security can't be compared to mainstream versions of Windows, as you try to do, any more than Windows Mobile or IOS can be compared to mainstream Windows or mainstream Linux Distros.

Finally, you smugly state, after I point out that you're incapable of admitting when you've made a mistake:

Plenty of that from you though here... a few times now in this conversation

Wow. It's absolutely incredible what an unabashed little troll you are. You actually think it's a badge of honor that you can't admit that you've made a mistake even when it's clearly proven. And you think that someone else having the maturity and basic decency to agree with you when you make a correct statement is somehow some sort of great victory for you? What kind of utter moron are you? I am more and more certain that you really do have some serious psychological problem.

Your adhominem attacks aren't "good logic"

Facts below also tend to disprove you once more on security. No faults here @ all in my reasoning: Time to dismantle YOUR reasoning:

"1st. Circular reasoning. You're claiming that Linux is worse because vendors don't pay as much attention to it because it's a smaller market because it's worse. In any case, Linux drivers for most things seem to be more than acceptable." - by tragedy (27079) on Tuesday November 08, @08:25PM (#37993846)

First of all, vendors don't, & that's a fact. Linux drivers aren't that great, & certainly NOT by comparison to the attention in that area given Windows... period.

---

"2nd. Games? Seriously? I like games, really, but it's not a convincing argument for which OS to use. Get a console. Oh, and also, that's the circular argument again. Game makers make games for Windows because Windows is the most popular (and also they enter into sweetheart deals with Microsoft in some cases) . So, if people use Windows because it has more games, then it's a self-fulfilling prophecy." - by tragedy (27079) on Tuesday November 08, @08:25PM (#37993846)

Yes, seriously: It's one of the LARGEST MARKETS THERE IS, period (especially for the home market segment, the biggest per unit/per machine one there is overall). There's no circular logic here - it's just logic, and FACT (thus, no denying it).

---

"3rd. You're big on circular reasoning. As evidence for why Linux is worse because it has less marketshare, you present the fact that it has less marketshare. Brilliant, truly." - by tragedy (27079) on Tuesday November 08, @08:25PM (#37993846)

LOL, but that "circular reasoning" (not) is kicking your butt, & merely with facts.

Put it THIS way: IF Linux were better overall than Windows is, I'd be running it. So would everyone else most likely.

(IS it "ok"? Yea, Linux can "do the job", but, not as good as Windows does it... that's all!)

---

"4th. "Open 'SORES'". Lovely. You haven't provided any meaningful comparison of bugs and vulnerabilities in Windows vs Linux" - by tragedy (27079) on Tuesday November 08, @08:25PM (#37993846)

WRONG: I posted a truckload of recent problems Linux has been experiencing!

1.) KERNEL.ORG its sourcecode repository being hacked/cracked into

2.) Linux.com being hacked/cracked into

3.) MySQL.com being hacked/cracked into

4.) The 4 CA's that run Linux (regards SSL) being hacked/cracked into

5.) ANDROID Linux being rampantly burnt on security as well (for years now!)

(In fact, links to ALL OF THOSE are below in my p.s.!)

---

"Your logic is invalid." - by tragedy (27079) on Tuesday November 08, @08:25PM (#37993846)

Is it? Those are FACTS above... period: Concrete, Visible, & verifiable FACTS no less, from reputable sources (including news on this very website no less).

---

"You've sadly fallen back into your bizarre posting style. It's hard to take anything you say seriously when you apparently don't know how to mark a footnote with an asterisk properly." - by tragedy (27079) on Tuesday November 08, @08:25PM (#37993846)

You say MY LOGIC is bad? Do you know what an adhominem attack is?? Do you know what being OFF TOPIC IS??? You should - you're doing both now, and have before here... Also - Not ALL of these posts here are mine mind you!

(Trying to "pick at" my writing style though, lol, man... THAT is piss poor logic on those grounds alone!)

Seems you're also able to read & respond to what I write just FINE also...

So, what's your point (other than proving your being an off topic troller using adhominem attacks)????

---

"As for your postscript, you fail to realize that most Windows users don't even actually know what

Re:Your adhominem attacks aren't "good logic"

[tragedy]

Ok. Moron, try to follow, please?

1st. You state that vendors "cater to [Windows] immensely" and less to Linux because Windows is "running the show" and therefore they don't support Linux to the same degree. But you were providing this as an example of how Linux is supposedly worse than Windows. You specifically said "Linux is in last place because it's not as good as Windows", then I asked in what ways is Linux worse than Windows and you provided these four points. I'm truly confused as to how you can't understand that this first example is circular reasoning. It basically boils down to: "Linux is in last place because it's worse than Windows because it's in last place". That's circular.

We can disagree on drivers plenty, I'm sure. One of us might have had good experiences where the other has had bad experiences and so forth. I've had some truly horrendous driver experiences on Windows, some of which were far worse than any experience I've had in Windows. I remember waiting for some of my hardware to be supported in NT 4.0. It never was, but Linux worked with it right out of the box (well, sleeve, I was ordering from Cheapbytes back in those days if I recall correctly).

2nd. It is circular logic, not just logic. You're just listing another secondary effect (the same one as your first example, really) of being a less prolific OS. It is true, but it's not a way that Linux is somehow intrinsically worse than Windows, which is what you claimed to be providing. The fact is, Linux can play any of those games if they're ported to Linux. The fact that most of them haven't been ported isn't some intrinsic property of Linux

3rd. I can't believe you're actually defending this one. At least the first two examples had an intermediate step in the circular logic chain. This one was just pure circular logic. You can't claim that there are intrinsic reasons for something to have low marketshare, then quote an externality, like the fact that it has low marketshare as one of those intrinsic reasons. You just can't. A five year old would understand that you can't. It's a giant logical fallacy. How can you be so free of the ravages of intellect that you can't see that? Or is it that you can see that, but you choose not to because you're a liar?

Also, what is it about you that gives you such a huge ego? The fact that you're not running Linux is supposed to prove that it's no good. Are you secretly some multiple nobel prize winning superspy astronaut cowboy? What shining qualities do you posses that we should all know to line up behind you and do exactly as you do?

4th. "Meaningful comparison". Not anecdotes. "Meaningful comparison". You've consistently proven yourself incapable of any sort of actual analysis. You know that you're not going to convince me posting the same tired old links. Why even bother? You claimed in your 4th example of how much worse Linux supposedly is than Windows that it has some significantly larger portion of security flaws than Windows, but you still haven't provided any real analysis to support your opinion. That leads me to believe that your opinion is unfounded.

Facts, even when you capitalize and bold the word, do not equal logic. I don't want to have to teach you what logic is. For example, simply stating that Linux has a lower marketshare than Windows doesn't prove anything intrinsic about Linux. That would only be the case if certain bizarre theories about the invisible hand making markets infallible were true. Oh. I just realized. You're probably one of those idiots who feels awe in the presence of simple emergent properties and actually believes that about economic markets. Sigh. Well, anyway, it's pretty obvious from your posts that you couldn't string together a logical argument to save your life.

I know what an Ad Hominem attack is. My comments to you are certainly becoming more personally abusive. It's sort of hard not to considering how rude you've been. Despite that, commenting on your posting style is not an Ad Hominem attack. The content of your pos

Your further mistakes aren't helping U

START OF A BIG MISTAKE OF YOURS HERE:

"It wasn't until Windows NT that it started to get real security" - by tragedy (27079) on Tuesday November 08, @09:27PM (#37994526)

I was never talking about any other kind... strictly Windows NT-based OS only! However, I had to POINT OUT THAT FILESYSTEM PERMISSIONS DID EXIST BEFORE THAT OS FAMILY, even from DOS days (just not granular BY USERS or GROUPS, such as ReadOnly attributes, which yes - still exist thru Fat16/32 & NTFS4/5 etc.).

---

MAIN BIG MISTAKE OF YOURS HERE:

"and those features didn't make it into mainstream windows until XP." - by tragedy (27079) on Tuesday November 08, @09:27PM (#37994526)

WTF? They've been around since Windows NT 3.x as far as filesystem ACL's... NT 3.1, 3.5, 3.51, 4.0, 2000/XP/Server 2003/7/Server 2008... period!

First of all, you said FILE Permissions pal, & guess what READ ONLY is: File system permissions related security (stops immediate deletes w/out warnings):

"Read-only as a an example of security?" - by tragedy (27079) on Tuesday November 08, @09:27PM (#37994526)

Sorry, but it is, AND again - YOU SAID FILE PERMISSIONS!

Yes, MS had this since DOS... & ACL's are improvements on it @ the filesystem, & registry levels (which Linux MAC "bit off of" (stole basically)).

---

More mistakes from you...

"The autorun thing is quite shameful for those distros that implemented such features. It was especially shameful precisely because Windows had that gaping hole, that consistently caused major security issues over and over and over for years without doing anything about it." - by tragedy (27079) on Tuesday November 08, @09:27PM (#37994526)

Funny LINUX MADE THE SAME MISTAKES, and AFTER MS DID (not learning by their mistake either, tsk-tsk, lol!):

AutoRun errors have happened in Linux - see here:

http://linux.slashdot.org/story/11/02/07/1742246/USB-Autorun-Attacks-Against-Linux

AND QUITE RECENTLY!

---

Even MORE MISTAKES FROM YOU...

"Additional security granularity from SELinux is nice, but was hardly necessary to have more security than Windows in the old days. Windows simply wasn't designed as a multi-user system from the start." - by tragedy (27079) on Tuesday November 08, @09:27PM (#37994526)

Windows NT was (the only kind I've been taking of, Windows NT-based OS), & Citrix code as "Terminal Server" even made it MORESO... period!

---

Your mistakes continue (you're slipping, worse than earlier posts... and worst part is, you were actually giving me a "better run for my money" than others here usually do who are "penguins"... too bad!)

"Nothing you can say now can change the fact that, in the past, Microsoft didn't have its security act together." - by tragedy (27079) on Tuesday November 08, @09:27PM (#37994526)

Who CARES about the past - it's the PRESENT THAT MATTERS, & HOW'S LINUX DOING NOW ON SECURITY RECENTLY? See next below, lol:

---

"The security case against Microsoft has, however, traditionally been a pretty good one." - by tragedy (27079) on Tuesday November 08, @09:27PM (#37994526)

Yea, well... THIS from RECENT HISTORY on Linux' security failings isn't helping you now, is it? Nope, see them again:

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2

Re:Your further mistakes aren't helping U

[tragedy]

Ah, of course, it's a huge mistake of mine not to realize that you're the type who likes to paint the bullseye around the hole after firing the shot. Obviously you were never talking about any other kind. Sure I believe you. After all, you've been so honest so far.

I hate to break it to you, but the windows NT family wasn't mainstream until Windows XP. I ran NT and 2000, and they never had the driver support to be mainstream versions of windows. Before XP, the previous mainstream version of Windows was 98 (I'm pretending ME never happened in the same way I pretend Highlander 2 never happened). The vast majority of Windows users had as little idea of the existence of NT and 2000 as they did of the existence of Linux.

File attributes like read-only are only security features if anyone using the system can't write to the file at will, otherwise they're just file attributes. When I said "file permissions", I imagined you'd understand that the concept of permission would actually have to be involved. Obviously I was wrong. I seem to be wrong every time I assume you'll understand something that should be obvious. Also, Linux didn't steal the concept of ACLs from windows. Windows ACLs are just an implementation of ideas Butler Lambert put forth in the 70's. By and large, there's nothing new under the sun in the computing world, no matter who wants to take credit for "inventing" what.

Autorun again (and you repeating yourself). You don't address the fact that it only affected certain distros, not the core Linux OS itself. Also, the Linux distros it affected actually cleaned up their act. Windows allowed blind autorun with no warning for years and years.

Yes, Windows NT was designed with a multi-user model in mind. Your ex-post facto declaration that it's the only version of windows you've been talking about rings a bit hollow to me. You might have made some indication that's what you meant at some point before this. The fact that you didn't makes this look like backpedalling on your part.

As for my supposed "mistakes" continuing. Just saying it doesn't make it so. Your style of self-involved rhetoric is pretty transparent. The fact that you can't see that is just plain sad. Just as is your habit of figuratively covering your ears and humming when someone says something that disproves one of your statements.

As for who cares about the past... _YOU_ care about the past. Or at least, you cared about the past up until the point that you decided to change your position, yet again, but pretend it had been your position all along. You are the one who was complaining about supposed FUD from Linux users and wrote: "For years here I kept reading from people that Linux is secure and earlier than 2005 to the present day."

You repeat your list of compromised Linux systems again. How did we get on this anyway? I've never claimed that Linux has some magical perfect security. I've repeatedly pointed out also that security is an end to end process. It's not just the OS. Setups running Linux, Windows, FreeBSD, other Unix variants, OS X, whatever, have all been breached. Your slapdash, anecdotal methodology doesn't prove anything. Your bizarre claim that security breaches should "never happen", despite the obvious reality that systems running all kinds of operating systems have been breached. Just look at Stuxnet, which ended up affecting a load of systems that, by rights, should have been completely shielded from the Internet.

You go on and claim that I said that autorun issues were "UNIQUE TO WINDOWS" you lying, worthless piece of dirt. I've listened to you spew a lot of vileness in this pointless thread, but inventing quotes from me takes the cake. Tell me you puling, vomitous mass, just where did I say that? Will you actually admit that you just made it up, or can you prove it somehow? I think you're just a worthless trolling _LIAR_. I think you're incapable of understanding the most basic concepts and you overcompensate by constantly claiming victory even when there's no competition. Are you

U can't escape ur mistakes quoted

WRONG #1 of 3:

"It wasn't until Windows NT that it started to get real security" - by tragedy (27079) on Tuesday November 08, @09:27PM (#37994526)

and

"and those features didn't make it into mainstream windows until XP." - by tragedy (27079) on Tuesday November 08, @09:27PM (#37994526)

Clue/New NEWS/NewsFlash:

They've been around since Windows NT 3.x as far as filesystem ACL's... NT 3.1, 3.5, 3.51, 4.0, 2000/XP/Server 2003/7/Server 2008... period!

---

WRONG #2 of 3, YET AGAIN:

"The autorun thing is quite shameful for those distros that implemented such features. It was especially shameful precisely because Windows had that gaping hole, that consistently caused major security issues over and over and over for years without doing anything about it." - by tragedy (27079) on Tuesday November 08, @09:27PM (#37994526)

Funny LINUX MADE THE SAME MISTAKES, and AFTER MS DID (not learning by their mistake either, tsk-tsk, lol!):

AutoRun errors have happened in Linux - see here:

http://linux.slashdot.org/story/11/02/07/1742246/USB-Autorun-Attacks-Against-Linux

(AND QUITE RECENTLY!)

---

WRONG #3 of 3, YET AGAIN:

"Additional security granularity from SELinux is nice, but was hardly necessary to have more security than Windows in the old days. Windows simply wasn't designed as a multi-user system from the start." - by tragedy (27079) on Tuesday November 08, @09:27PM (#37994526)

Windows NT was (the only kind I've been taking of, Windows NT-based OS), & Citrix code as "Terminal Server" even made it MORESO... period!

* DO YOU LIKE BASEBALL? Well, lol... "3 STRIKES, YER' OUT!!!"

APK

P.S.=> U FAIL... hugely, several times no less, and I thought you said you were done here? You SURE ARE, bigtime... well-done, cooked, ROASTED (by your own mistakes)

... apk

Re:U can't escape ur mistakes quoted

[tragedy]

Mainstream versions of Windows is a concept you can't seem to grasp, apparently.

Then you repeat yourself again, not even actually trying to respond to anything actually from the post you're replying to. I assume you have lots more spamtroll posts to copy and paste together.

Moron? "3 STRIKES, YER' OUT" (lmao)

WRONG #1 of 3 (toss all the names you like, you screwed up again):

"It wasn't until Windows NT that it started to get real security" - by tragedy (27079) on Tuesday November 08, @09:27PM (#37994526)

and

"and those features didn't make it into mainstream windows until XP." - by tragedy (27079) on Tuesday November 08, @09:27PM (#37994526)

Clue/New NEWS/NewsFlash:

They've been around since Windows NT 3.x as far as filesystem AND REGISTRY ACL's... NT 3.1, 3.5, 3.51, 4.0, 2000/XP/Server 2003/7/Server 2008... period!

---

WRONG #2 of 3, YET AGAIN:

"The autorun thing is quite shameful for those distros that implemented such features. It was especially shameful precisely because Windows had that gaping hole, that consistently caused major security issues over and over and over for years without doing anything about it." - by tragedy (27079) on Tuesday November 08, @09:27PM (#37994526)

Funny LINUX MADE THE SAME MISTAKES, and AFTER MS DID (not learning by their mistake either, tsk-tsk, lol!):

AutoRun errors have happened in Linux - see here:

http://linux.slashdot.org/story/11/02/07/1742246/USB-Autorun-Attacks-Against-Linux

(AND QUITE RECENTLY!)

---

WRONG #3 of 3, YET AGAIN:

"Additional security granularity from SELinux is nice, but was hardly necessary to have more security than Windows in the old days. Windows simply wasn't designed as a multi-user system from the start." - by tragedy (27079) on Tuesday November 08, @09:27PM (#37994526)

Windows NT was (the only kind I've been taking of, Windows NT-based OS), & Citrix code as "Terminal Server" even made it MORESO... period!

* DO YOU LIKE BASEBALL? Well, lol... "3 STRIKES, YER' OUT!!!"

APK

P.S.=> U FAIL... hugely, several times no less, and I thought you said you were done here? You SURE ARE, bigtime... well-done, cooked, ROASTED (by your own mistakes)

... apk

Re:Moron? "3 STRIKES, YER' OUT" (lmao)

[tragedy]

Good grief. You can't even get together the energy to post a reply that has anything at all to do with the post you're replying to. Sad.

If Linux = secure, why's this happening?

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

Linux's showing in CA's breached recently too? Ok:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

http://uptime.netcraft.com/up/graph?site=DigiCert.com

Those CA's (for SSL) got breached & RUN LINUX (StartCom, GlobalSign, DigiCert, & Comodo)... per these articles verifying that:

http://itproafrica.com/technology/security/cas-hacked/

and

http://it.slashdot.org/story/11/10/28/1954201/four-cas-have-been-compromised-since-june

* Additionally, there's also ANDROID'S (yes, it's a Linux, & uses a Linux kernel) "fine security track-record" (lol, NOT) also...

(Why's that, as to all of the above? LOL, we KNOW why... see my ps below!)

APK

P.S.=> All those years of hearing the typical FUD of "Linux = SECURE, & Windows != Secure" around here on /., only to see recent history (VERY recent in those above no less) show QUITE OTHERWISE!

So, Mr. Adhominem attacker... why's that?

Yes... Your name tossing's only showing your frustration with yourself, especially after your BLUNDERS pointed out here -> http://tech.slashdot.org/comments.pl?sid=2506468&cid=38011564 as well...

... apk

Re:If Linux = secure, why's this happening?

[tragedy]

My frustration is mainly with you. I am a little frustrated with myself for having bothered to reply to you at all. Mostly, though, I'm frustrated with dealing with a troll who's obviously barely capable of even reading the other person's post before replying with a formulaic post. Also, whatever you may think in your warped mind, your inability to admit you made a mistake when it's clearly pointed out to you isn't some sort of victory. It's pathetic.

That's pretty much all I have to say. You say nothing new or interesting in this post, nor do you in the post you linked to. You're not worth any detailed reply.

No you can't "grasp" it

Windows 2000 was pretty "mainstream" & widely used (+ so was Windows NT itself, & in both the 3.5x - 4.0 series).

APK

P.S.=> They each/all also had ACL based security @ the filesystem + registry level as well... Face it - you screwed up there too! apk

Re:No you can't "grasp" it

[tragedy]

Come on. 2000 was never particularly widely used. Only in business environments. The driver support was lacking for too much consumer-level hardware, for one thing. And of course, as you pointed out, games are important to mainstream acceptance, and 2000 didn't have the support from games companies. NT was even less mainstream. XP was the first mainstream NT derivative.

Anyway. I was interested in whether or not you were actually a career troll, or if it was just this one article you were posting on and you were having a bad week or something. So, I looked for you via google. It seems that you're pretty much a career troll. At least, it looks to me like just about everyone, just about everywhere you post thinks so. You can call this an Ad Hominem attack if you want, but an Ad Hominem attack isn't always a logical fallacy. When it bears on your character and your actual ability to engage in rational debate it's perfectly valid. An example would be someone who insists that the moon landings were faked because rocketry is impossible and refuses to even look at the mountain of evidence that thousands of rockets have been launched or to look through a telescope at the artificial satellites. In such a case, calling the person crazy might technically be an Ad Hominem attack, but it's not a logical fallacy.

So, anyway, some great links related to you:
This one about a situation where you threatened to sue over a piece of software of yours being identified as malware. It seems to me you could have worked with them to resolve the issue amicably, but you couldn't help yourself.

This insane thread that you posted to for years. My favorite quote from it is: "Great Scott! APK's numerous and highly repetitious responses read like examples from a freshman textbook on logical fallacy and deceptive rhetoric." I think that poster had you pegged perfectly.

This exchange which was absolutely hilarious. That one really was worth a LOL!

This has a list of some of your ars technica posts. You seem to have been hated there right from the start for good reason. The fact that you seem to have believed that C++ was dying, but that Delphi was the future is hilarious. It's also really funny when you post under a different alias pretending to be some random person supporting you. It's so blatantly obvious that it's you, even when you use a handle like Cybordeath. I'm a bit disturbed by some of the racism, homophobia and misogyny in some of your posts, by the way. Your temper seems to have calmed a bit over the years. Your fundamental troll nature seems to be coming through even more as you age, however.

So, basically, you're a very well known troll, which is an accomplishment, I suppose. Getting sucked into long flame wars with you doesn't seem wise, and it looks like any discussion with you pretty much has to turn into a flame war.

Re:No you can't "grasp" it

CA sold off their utilities suite division, and CA's disreputable (this deals with thor schmuck) being caught in accounting and other types of scandals:

http://www.eweek.com/c/a/IT-Infrastructure/CA-Struggles-with-Scandal/

and

http://www.google.com/search?sclient=psy-ab&hl=en&site=&source=hp&q=%22CA%22+and+%22scandal%22&btnG=Search

The link at Windows IT Pro also shows that Jeremy Reimer (whom arstechnica no longer employs as a writer because of this and other misdeeds of his) was caught impersonating APK on his forums also, as well as libeling he childishly, email harassing apk, and stalking him forums to forums, on top of making threats to apk and his home as well which ended up bringing not only Reimer's ISP Shaw Canada into it, but Canadian law enforcement into it in a Det. Felton of Vancouver BC, which made Reimer and his friend Jay Little stop (along with a Jarrett DeAngelis who was caught lying there also and on this forums too).

(That said, it's known that that impersonating apk was also done at arstechnica forums itself also and they were also caught using the same email from multiple usernames while impersonating apk there also (ManWithNoHead = GOD = same person)).

Your sources are no reputable.

You are not reputable.

You can't even do an adhominem attack properly, as illogical as it is and invalid to begin with.

Your further messes have been shown throughout this exchange and you resorting to the last resort of trolls in off topic illogical adhominem attacks does the rest.

You lose and not even with any grace or dignity.

Re:No you can't "grasp" it

[tragedy]

Good grief. Could you stop splitting the thread by multi-posting already?! I know you have trouble restraining yourself from copy and paste spam, but please exert yourself.

LOL! Quite literally. Your two links have nothing to do with that Thor guy, whose last name you can't get right. I also find it hilarious that you put in that bit about someone supposedly impersonating you and, right in it, claim that two of your detractors are the same person, when the section you've copied and pasted is obviously from some previous post where you were pretending to be a second person. The way you suddenly drop into referring to yourself in the third person kind of gives it away. Were you posting as Cybordeath at the time? Or some other alias?

My sources are virtually every discussion thread you've posted in pretty much ever. Do you think there's just some huge conspiracy against you? Isn't it just possible that all these people hate you because you barge in, blaring loudly, and act like a total jerk. And not just like the typical forum jerks that we end up thinking of as eccentric members of the family. You're more like the cloudcuckooland maniac living in the creepy abandoned looking house up the street who routinely runs around shouting and banging trash can lids at 2:00 am, then gets territorial and fires his shotgun at people who come around to complain the next day. Something like that anyway.

Seriously, why do _you_ think nearly everyone on the Internet who knows you hates you and even those who think of you as a friend at first distance themselves more and more as time goes on? Think about this. Have you ever truly apologized for anything, ever? You strike me as the sort who is virtually incapable of it and, even if you're forced to somehow, you frame it in such a way that it's not really an apology such as: "I'm sorry that you think that..."

P.S. You can't just declare victory and have it be so. You sound like a small child when you do that.

Re:No you can't "grasp" it

U were asked to show what u did better/earlier than apk did in commercial software code, technical trade shows, and publications in the computer science area as apk has. So, where are they on your part? You obviously have nothing and you are as was stated of you: You're a n'ere do well and a talker that tries to cut others down but doesn't have a pot to piss in himself. You avoid this and this is obivous why. You're nothing and you know it as well as a never will be. Being reduced to name tossing attacks on your part is reprehensible as well but then that's just your weak retaliation versus the plain truth about you being a nothing and nobody.

Re:No you can't "grasp" it

Looks like current facts on Linux being repeatedly breached here http://slashdot.org/comments.pl?sid=2506468&cid=38012024 and it's funny you avoid those facts from very recent current data on that. You're also clearly nothing more than a troll who is off topic and trying to dismiss the fact you've been called out as nothing more than a neer do well who has never done anything others note as decent in commercial wares, technical trade shows, or publications as apk has. Your type never will accomplish anything and you know it. You can't handle truths about Linux, or yourself, clearly. Whose fault is that? Your own. All the names you toss only show your own frustrations when you are faced with truths about Linux and yourself.

Re:No you can't "grasp" it

[tragedy]

Wow, suddenly two APK supporters in the same thread. Using his sentence style, bizarre quotes around words that have no need for quotes and tired old rhetoric. Wait a second... Could it be. Why it's Alexander Kowalski again, pretending to be a fan of himself.

Re:No you can't "grasp" it

[tragedy]

Wow, a "THIRD" (see what I did there? Capitalized, bolded and in quotes) APK supporter... Wait a minute, it's just APK again.

  Get a grip. This thread has been off-topic since you started it. You didn't have anything real to say about UEFI, you just came in to spam the place with some links to out of date Secunia advisories about Linux.

AGAIN:If Linux = secure, why's this happening?

ALL RECENTLY AS WELL:

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

Linux's showing in CA's breached recently too? Ok:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

http://uptime.netcraft.com/up/graph?site=DigiCert.com

Those CA's (for SSL) got breached & RUN LINUX (StartCom, GlobalSign, DigiCert, & Comodo)... per these articles verifying that:

http://itproafrica.com/technology/security/cas-hacked/

and

http://it.slashdot.org/story/11/10/28/1954201/four-cas-have-been-compromised-since-june

---

* Additionally, there's also ANDROID'S (yes, it's a Linux, & uses a Linux kernel) "fine security track-record" (lol, NOT) also...

(Why's that, as to all of the above? LOL, we KNOW why... see my ps below!)

APK

P.S.=> All those years of hearing the typical FUD of "Linux = SECURE, & Windows != Secure" around here on /., only to see recent history (VERY recently in those above no less) show QUITE OTHERWISE!

So, Mr. Adhominem attacker... why's that?

Yes... Your name tossing's only showing your frustration with yourself, especially after your BLUNDERS pointed out here -> http://tech.slashdot.org/comments.pl?sid=2506468&cid=38011564 as well...

... apk

Reduced 2 more adhominem attacks?

FIRST - Linux is NEVER WIDELY USED period, especially on desktops by end users -> http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=8&qpcustomd=0

PERIOD/FACT!

Now, as to your FURTHER attempted adhominem attacks?

You?

LMAO, I strongly you've never done a damned thing worth noting in the computer sciences... have you? I don't know of any decent works by anyone called "tragedy" after all... lol!

(Poor tactics on YOUR part - simply because I can turn them against you & make YOU look very, Very, VERY POOR indeed, as to what you truly are - in other words, a zero/nothing/"ne'er-do-well" on YOUR part!).

As to SOME of the decent things I have done in this field?

Well - I wager I've done more of them, & before you did (while you were still in diapers most likely also) - SHOW US YOU'VE DONE MORE, EARLIER, & BETTER THAN I HAVE "BIG TALKER" - OK? HERE'S A SAMPLING FOR YOU TO START WITH"My Name is Ozymandias: King of Kings - Look upon my works, ye mighty, & DESPAIR..."

----

Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue, page 61

(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row 2000-2002, in its HARDEST CATEGORY: SQLServer Performance Enhancement).

WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)

PC-WELT FEB 1998 - page 84, again, my work is featured there

WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there

PC-WELT FEB 1999 - page 83, again, my work is featured there

CHIP Magazine 7/99 - page 100, my work is there

GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it

HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), 2001 my work is there, first one featured, yet again!

Also, a British PC Mag in 2002 for many utilities I wrote, saw it @ BORDERS BOOKS but didn't buy it... by that point, I had moved onto other areas in this field besides coding only...

Being paid for an article that made me money over @ PCPitstop in 2008 for writing up a guide that has people showing NO VIRUSES/SPYWARES & other screwups, via following its point, such as THRONKA sees here -> http://www.xtremepccentral.com/forums/showthread.php?s=ee926d913b81bf6d63c3c7372fd2a24c&t=28430&page=3

It's also been myself helping out the folks at the UltraDefrag64 project (a 64-bit defragger for Windows), in showing them code for how to do Process Priority Control @ the GUI usermode/ring 3/rpl 3 level in their program (good one too), & being credited for it by their lead dev & his team... see here -> http://ultradefrag.sourceforge.net/handbook/Credits.html or here http://sourceforge.net/tracker/?func=detail&aid=2993462&group_id=199532&atid=969873

AND lastly: http://g-off.net/software/a-python-repeatable-threadingtimer-class where I got other programmer's work WORKING RIGHT (in PyThon no less, which I just started learning only 2 week ago no less) by showing them how to use a "Dummy Proxy Function" as I call it, to make a R

Re:Reduced 2 more adhominem attacks?

[tragedy]

Of course Linux isn't a mainstream OS on the desktop. I never claimed anything remotely like that. Your statement about Linux doesn't change the fact that the NT series wasn't mainstream until XP.

What do my accomplishments in the world have to do with anything we've been talking about? Your creepily obsessive need to compare yourself favorably to everyone is something that everyone who has read any of your trolling can spot easily. You create extra accounts to post from in support of yourself to talk about how great you are and how awful your detractors are. That's just pathetic. Now you feel that, because I've discovered just what you are, you have to try to make me out to be something lesser than your self-publicized greatness. You're crazy. Actually, I've begun to suspect that you might have some sort of medication issue. I've seen people act kind of like you in reaction to drugs like Paxil. Although, maybe some sort of amphetamine makes a better explanation.

Anyway, I am quite a bit younger than you, so I don't have as much time in the field. I don't have any big public accomplishments to point to. I've helped build two tech startups and been a jack of all trades. My last job title at the most recent one is senior network adminstrator (the senior in the title wasn't really deserved, it was just because when we started I was the only network administrator). The actual duties of that job are everything from network administration to client support to light application programming to lugging racks around and slicing my fingers up on poorly finished edges. I've made very minor contributions to a few free software projects (mostly in documentation) and that's about it. I'm not in academia. I don't have a big list of publications. Like most people, I do my job as well as I can, and work to learn new things and improve myself.

You don't seem to understand the logical paradox in crowing about being older than me, while simultaneously lambasting me for supposedly being less accomplished. You see, if you're mocking me for being in diapers when you were accomplishing supposed great things, that means you're comparing yourself against a baby and saying that you're terrific because you can do more than a baby. You demand that I show that I've done more than you, earlier than you. That's basically you setting the bar high for me and low for you. If the age difference between us is that big (from what I could tell, it's at least 15 years), then your list of accomplishments below, which starts in 1997, starts when you were at the very least a year or two older than I am now and probably more. That just underscores how crazy your argument is.

As for Ozymandias, I'm guessing that you haven't actually read the poem or you wouldn't be using that quote here. Here is the wikipedia page for the poem, which has a copy of it on the right. If you read the poem, it does actually describe you in many ways. The sneer on the face of the broken statue. The arrogant self-aggrandizement delivered oblivious to the fact that all the reader can see of the claimed great works are a barren wasteland. So, the quote works well for you, but I don't think that's how you intended it. The words themselves are a wonderful example of irony. Ozymandias intends for the reader to despair because they will never achieve his state of glory and power but, instead, if the reader despairs it's because they realize that even their own glory will wither and fade and be forgotten.

The windows NT magazine article you mention seems to be available online here. They don't mention you at all, just the software. They say it has serious bugs that locked up a system in one case so it could only be repaired with another copy of NT installed on a different partition. They also do say that, in some circumstances, it increased disk performance by about 10%, although it could also

Haven't had enough yet? Ok, more:

You also failed to omit that Jeremy Reimer and his friend Jay Little pursued me to troll me at Windows IT Pro magazine's forums, and got THEIR ASSES KICKED on the fact that Exchange Servers can be "unfrozen" by memory optimizers

(The topic @ hand there no less, and Little (reimer's henchman "expert", lol - NOT) claimed literally to be an "EXPERT ON EXCHANGE")...

Reimer was off topic the ENTIRE TIME no less, and I also caught Jarrett DeAngelis (doctoral candidate then @ Notre Dame, another "henchman" of Reimer's because he's too stupid & uneducated in computing to try it himself vs. myself) lying on his real name, which he admitted in the end, and he AGREED with a GOOD 99% of what I stated also. Reimer ended up being tracked on tracking tickets by his ISP Shaw Canada too, & backing off in his trolling (especially when law enforcement came into it).

In the end? Reimer was no longer allowed to write for Arstechnica, especially after being caught impersonating NOT ONLY MYSELF, but also a Mr. Martin Meszaros who publicly denounced Reimer there.

On Thor SCHMUCK?

Ha - (unlike other sources) refused to remove a program of mine (that was down graded to ZERO THREAT LEVELS later mind you by CA) from a list he kept!

I found out later HE IS THE ONE WHO SUBMITTED IT TO CA, & he could not prove any malicious intent in its code (funny CA didn't list PING, because it could issue a "ping of death" OR Spybot Search & Destroy which alters a HOSTS file (a criteria of theirs no less)).

Small wonder CA sold off their PC utilities division - it was junk, no matter HOW MANY LIES THEY TOLD OF OTHERS in their wares & HOW THEY WERE CAUGHT IN ACCOUNTING SCANDALS PER MY LAST POST PROOF THEREOF !

(What they did to myself? Hey - That wasn't me alone either, folks like Nir Sofer of NIRSOFT had this happen, and lo & behold, in the past so has Dr. Mark Russinovich on his ps tools suite!).

No, after the ABOVE? LMAO - It's clear you are here and that you are trying to adhominem attack me as a "last resort" & failing like your usual... lol!

APK

P.S.=> Still - CAT'S OUTTA THE BAG ABOUT LINUX SECURITY, especially CURRENTLY, per the below (Especially "Schroedinger's cat especially, no longer in a "super-positional wave state" of doubt as to his dead/alive state, but in Linux's case. security state, lol - per what's next below that YOU WON'T EVEN TRY TOUCH, lol!):

IF Linux = secure, explain this (recent)

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

Linux's showing in CA's breached recently too? Ok:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

http://uptime.netcraft.com/up/graph?site=DigiCert.com

Those CA's (for SSL) got breached & RUN LINUX (StartCom, GlobalSign, DigiCert, & Comodo)... per these articles verifying that:

http://itproafrica.com/technology/security/cas-hacked/

Re:Haven't had enough yet? Ok, more:

[tragedy]

You also failed to omit that Jeremy Reimer and his friend Jay Little pursued me to troll me at Windows IT Pro magazine's forums, and got THEIR ASSES KICKED on the fact that Exchange Servers can be "unfrozen" by memory optimizers

"Failed to omit" would mean that I included it, which I didn't. I don't even know if it's true, and your view on reality has proven to be just a little skewed. A link would be nice. By the way, tech-oriented forums can be a bit of a small world. I know you probably think that the world revolves around you and that anyone you run into somewhere other than you expect them must be stalking you, but it is quite possible, and probable, that they didn't pursue you, but merely saw you posting there too. I don't know if you've noticed, but your posts are all over the place. You post a lot. Really a lot.

Once again, we also see that you believe that everyone who doesn't like you is in cahoots. It's clearly more complicated than that. You're a uniter, not a divider. You bring people together harmony. Oh, and in mutual dislike of you.

As for someone being banned from Ars Technica for his reaction to you, I can see it. You bring out the worst in people. People who know me would be surprised at how nasty I've gotten on this thread. Actually, I've noticed that I've been in a foul mood all week. I think you might have something to do with that. I really wish this thread would end. The problem is, I can't just stop posting. I think I naturally find it rude not to reply to someone when they take the time and effort to reply to you. In this case, I think it's turned into a pathology.
 

On Thor SCHMUCK?

Ha - (unlike other sources) refused to remove a program of mine (that was down graded to ZERO THREAT LEVELS later mind you by CA) from a list he kept!

I found out later HE IS THE ONE WHO SUBMITTED IT TO CA, & he could not prove any malicious intent in its code (funny CA didn't list PING, because it could issue a "ping of death" OR Spybot Search & Destroy which alters a HOSTS file (a criteria of theirs no less)).

Yeah, a security researcher erring on the side of caution, what a shock. You do realize that if ping were a new utility that suddenly came out, rather than a decades old utility, it probably would be branded a threat by security researchers until they could verify it. The kinds of things that system utilities do are often quite similar to the kinds of things security threats do. What happened to your utility happens all the time. Usually working in good faith with the people doing the research clears things up quickly. Your over the top behaviour, however, surely delayed things. For that matter, your behaviour probably threw up a bunch of red flags.

Incidentally, trying to implicate someone very distant from the CEO of a company in the CEOs scandal just because you consider them a personal enemy is sad.

Like I figured: You're a "ne'er-do-well", lol!

So, again: What have YOU ever done better, earlier, & more of in computer science than I have? NOTHING, lol (I was right). BELOW IS MORE THAN YOU WILL EVER DO, because you haven't shown us you've EVER DONE SQUAT OF GOOD NOTE IN COMPUTING (and that's only a partial list of mine, I've done LOTS more over time too):

"What do my accomplishments in the world have to do with anything we've been talking about?" - by tragedy (27079) on Saturday November 12, @03:14AM (#38033346)

You don't HAVE ANY, lol, & I was correct (like I usually am about "your kind", the online "ne'er-do-well" troll).

---

Aha: THE TRUTH COMES OUT:

"Anyway, I am quite a bit younger than you, so I don't have as much time in the field. I don't have any big public accomplishments to point to." - by tragedy (27079) on Saturday November 12, @03:14AM (#38033346)

You never will - I did that SMALL PARTIAL ONLY LIST OF SOME OF MY "FAVS" my 2nd yr. out of college no less in CSC... lol!

---

HOWEVER - Easiest "shooting down of yourself" is right here:

"The windows NT magazine article you mention seems to be available online here. They don't mention you at all, just the software. They say it has serious bugs that locked up a system in one case so it could only be repaired with another copy of NT installed on a different partition. They also do say that, in some circumstances, it increased disk performance by about 10%, although it could also slow down the system in other cases. Also, did you really work for EEC Systems? It's just that Superdisk-NT wasn't written in Delphi, and you seem to be pretty heavily based in Syracuse New York, not Massachusetts where EEC Systems was based." - by tragedy (27079) on Saturday November 12, @03:14AM (#38033346)

LOL, I did the work remotely (for FREE @ first, until they bought out my code) - & I IMPROVED THAT EARLY MODEL BY OVER 40% EFFECTIVENESS FOR SPEED!

* Tell you what - like I said before & YOU AVOID? Write Mr. Eric Dickman, CEO of SuperSpeed.com (then EEC systems) & ask him about it... My ideas were used for Ramdisks on Databases for SuperDisk, & I improved the tuning engine for SuperCache by 40%!

(He won't deny it, and tell him I said "Hi Eric" (he's pretty cool & was good to do work for & with!)).

---

"I also can't find the other Windows magazines you mentionBook, or the Spanish or British ones. I do note that all you say about them is that your work is there. I'm assuming you don't mean that you've published magazine work, so what is it?." - by tragedy (27079) on Saturday November 12, @03:14AM (#38033346)

Software I wrote - things I've done that YOU NEVER HAVE or WILL, lol... & I've got NO REASON TO LIE ABOUT IT (that'd be destroying my own GOOD rep needlessly)... too bad all YOU have is being a trolling off topic "ne'er-do-well" here (that's not adhominem attack on my part directed YOUR WAY either, just fact, based on your lack of performance!).

---

"I can't find the 1997 "top freeware and shareware" issue of Windows magazine. Was it a regular issue? If so, do you have an issue number?." - by tragedy (27079) on Saturday November 12, @03:14AM (#38033346)

3 times - June 1997, Sept. 1997, Winter 1998 issues... whereas yourself, by WAY OF COMPARISON? ZERO!

---

LEARN TO READ "ne'er-do-well":

"For Ultradefrag64, it looks like you contributed an icon" - by tragedy (27079) on Saturday November 12, @03:14AM (#38033346)

http://ultradefrag.sourceforge.net/handbook/Credits.html

or here

http://sourceforge.net/tracker/?func=detail

Re:Like I figured: You're a "ne'er-do-well", lol!

[tragedy]

The 15 year age gap is based on guesswork based on things you've said here and there about when you graduated college. But you completely failed to address why it is that you demand that I have more public accomplishments than you, and that they all be at a younger age than the earliest accomplishment on your list. Why is that a prerequisite to talk to you?

I should also note that I've developed applications as well, but they've been internal things for companies I've worked for, not packaged software sold in stores. Most programmers work is never seen by the public at all as most software written is for internal use. Having software you worked on being reviewed by a magazine is hardly the gold standard for what makes a good programmer.

Could you elaborate more on what exactly you did for this Superdisk-NT software? You mention increasing the speed of the software 40%. I assume you mean you increased the speed of the core functionality of the software, rather than just decreasing the programs loading time or something like that. What details can you give on how that 40% speed increase is calculated. Does it mean making the program operate the same, but use 40% less CPU time, or does it mean adding 40% to the average speed boost that the program grants to disk access?

I've sent an e-mail to superspeed's pr dept to try to reach Eric Dickman since you didn't provide any contact info. I imagine it will take time to get a reply. Can you tell me what year he offered you a job. Was it 2003 2003 or 1999. I sometimes get confused about the precise year of things that happened years ago as well.

You wrote:

LEARN TO READ "ne'er-do-well":

"For Ultradefrag64, it looks like you contributed an icon" - by tragedy (27079) on Saturday November 12, @03:14AM (#38033346)

http://ultradefrag.sourceforge.net/handbook/Credits.html

or here

http://sourceforge.net/tracker/?func=detail&aid=2993462&group_id=199532&atid=969873

That first link, in regards to you, says only:

Special thanks for good suggestions (in alphabetical order):
Alexander Peter Kowalski - Process priority control (not implemented yet).

and the second link is to you contributing an icon, which wasn't accepted for the program as far as I can tell. Since what I wrote (and you clipped off halfway) was actually:

For Ultradefrag64, it looks like you contributed an icon that does not seem to have been accepted (it was a pretty nice icon, but might have been considered too derivative of other Windows icons, or it might just not have scaled down well to their size requirement) and suggested that they use a particular Windows API. In the credits, they thanked you for your suggestions. It was nice of you to contribute, but it's far from a towering achievement.

Unless there's some additional thing you did for that project that's contained in that link, then it looks like I'm not the one who needs to learn how to read.

As for my question about what was in those other magazine articles you quoted, I'm not saying you're lying about it, I'm saying that I don't have any access to those articles, so I don't know what's in them. So, why don't you just tell me? What applications of yours did they talk about in those magazines and what did they say (no need to quote in full, just a general overview).

Regarding your postscript. Are you trying to imply that I create additional accounts to jump into the conversation, pretending to be someone else, and support myself? Where exactly are you getting any indication I do this? Your imagination

Quit projecting your own failures in life

Hahaha apk was right you're nothing more than a done nothing ne'er do well. Speak for yourself because you post multiple times stupid! Talk about stupid on your part, pot calling the kettle black, and you do what you bitch about and you have to go off topic and try illogical adhominem attacks. You can try to dismiss or belittle what others have done that did well in the eyes of others, but you haven't done squat yourself. A mere talker is all you are and a ne'er do well. An armchair quarterback nobody and nothing. You say others hate others but you aren't even worthy of that much because you're invisible, a nothing nobody ne'er do well, and you know it. So do the rest of us reading. You've been shot down on every off topic illogical adhominem attack you've tried so far and it's obvious why you attempt them: You can't handle the truth that you're a waste of life in the computer sciences who has never accomplished anything others note as good, and you know that you never will or you would have by now.

Re:Quit projecting your own failures in life

[tragedy]

Ok, this is truly sad. Not only did you post four replies to my reply, but you're trying to pretend that you're not Alexander Peter Kowalski here, but rather some other AC posting in support of him. You do understand that we're posting in a thread attached to an article that's long off the Slashdot front page. That means that it's very unlikely anyone is reading this and so very unlikely anyone else would comment. If anyone is reading this, by all means, chime in. Not that there's anything to chime in about. APK has clearly had issues for a long time, and I'm obviously a bit crazy myself to keep replying to him.

I suppose it's possible that it's possible that APK types these messages, but then has his cat press the submit button for him so that, in his eyes, he's not lying when he claims that it's not him posting. Maybe he has a family member do it. I find it a bit unlikely he'd have any children around to do it for him, though, but maybe a sibling or something.

And yes, I do post "multiple times", just not multiple times in reply to the same post, unless I have something to add that I forgot the first time, which is pretty rare. Also, when I do that, I generally do it as a reply to my own post, rather than another reply to the parent post. That way, with the way Slashdot currently handles threading, it's potentially less confusing to follow. I'm pretty certain I haven't double replied to any of your posts on this thread. If you look at each of my posts and click on "parent" at the bottom, you'll see that it jumps to one of your posts. To be fair to you, the flattened threading that Slashdot presents after the thread has gotten too deep can make it confusing to realize this.

The rest of your post isn't saying anything new. It's just the same, tired line from you.

Linux isn't secure per CURRENT information

Your excuses are worth nothing in light of real world examples here:

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

Linux's showing in CA's breached recently too? Ok:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

http://uptime.netcraft.com/up/graph?site=DigiCert.com

Those CA's (for SSL) got breached & RUN LINUX (StartCom, GlobalSign, DigiCert, & Comodo)... per these articles verifying that:

http://itproafrica.com/technology/security/cas-hacked/

and

http://it.slashdot.org/story/11/10/28/1954201/four-cas-have-been-compromised-since-june

---

* Additionally, there's also ANDROID'S (yes, it's a Linux, & uses a Linux kernel) "fine security track-record" (lol, NOT) also...

(Why's that, as to all of the above? LOL, we KNOW why... see my ps below!)

APK

P.S.=> All those years of hearing the typical FUD of "Linux = SECURE, & Windows != Secure" around here on /., only to see recent history (VERY recently in those above no less) show QUITE OTHERWISE!

... apk

Excuses, excuses, you "ne'er-do-well"

You've never accomplished anything in the computer sciences of any decent note, and you NEVER will (or you would have by now), but I have...

So much for your bullshit excuses.

I've also built 30 enterprise class systems as well of client server design professionally since 1995 as well.

So much for your further excuses and utter bullshit.

Since you asked specifically on this?

I also increased the speed and efficiency of SuperCache-NT, & applied ideas for database work on SuperDisk-NT, since you asked, that led to how well EEC Systems/SuperSpeed.com did @ Microsoft Tech-Ed 2 yrs. in a row in the hardest category there - SQLServer Performance Enhancement (both myself & John Enck of Windows IT Pro magazine (then Windows NT mag) "hit upon" this idea back in the mid 1990's & extolled it on EEC Systems' website in fact)...

That's examples of things I was doing while you were still in diapers, and only a fraction of what I could put out here mind you... whereas you? You have ZERO... lol!

You're trying to "discredit me"/"lessen my accomplishments" (again, only a tiny fraction of what I could put up) and you?

You with NOTHING to your name/credit?? See my "p.s." below...

(By the way - I never EVER posted @ Arstechnica as "Cybordeath", no need to do that much... they were caught impersonating me there, as well as on Jeremy Reimer's forums (which Reimer admitted was not myself) so, your further bullshit & "desperate attempts" @ adhominem attacks? Please... make me laugh more - Reimer was caught red-handed doing it to myself & others (which is part of why Arstechnica no longer allows him to write for them) @ Windows IT Pro magazine forums, where he pursued myself to trolling off topic the entire time, and ending up having himself caught & shot down for it by his ISP and law enforcement in Canada, as well as being shot down on Exchange Servers (his friend Jay Little the alleged "expert", lol, not, had THAT happen to he vs. myself))

APK

P.S.=> Please - Give us a break, you f'ing "ne'er-do-well" talker with not a DAMN THING to show for yourself by way of comparison to just a tiny FRACTION of what I could put out... apk

Re:Excuses, excuses, you "ne'er-do-well"

[tragedy]

You've never accomplished anything in the computer sciences of any decent note, and you NEVER will (or you would have by now), but I have...

But, assuming your accomplishments are as grand as you make them out to be (you haven't really listed anything that isn't pretty much typical work for some sectors of the IT field), you haven't actually listed anything from more than 15 years ago. If my estimate of you being 15 years older than me seems to be more or less correct. So, that means that I haven't yet reached the age where you started your glorious career of accomplishment. So, therefore, isn't there hope for poor little me to someday measure up to your glory and magnificence? ;)

Since you asked specifically on this?

I also increased the speed and efficiency of SuperCache-NT, & applied ideas for database work on SuperDisk-NT, since you asked, that led to how well EEC Systems/SuperSpeed.com did @ Microsoft Tech-Ed 2 yrs. in a row in the hardest category there - SQLServer Performance Enhancement (both myself & John Enck of Windows IT Pro magazine (then Windows NT mag) "hit upon" this idea back in the mid 1990's & extolled it on EEC Systems' website in fact)...

Ok. You increased the speed and efficiency of SuperCache-NT, but specifically how? You have to understand that, for a disk-caching program whose goal is to speed up the system, saying that you increased the speed of the software is ambiguous. Sure, it was a long time ago, but you have to remember some details. Now, you've expanded a little on your original description by saying that you "applied ideas for database work" to the software, but that's still pretty ambiguous. What ideas did you apply? It's all sounding very generic
 

That's examples of things I was doing while you were still in diapers, and only a fraction of what I could put out here mind you... whereas you? You have ZERO... lol!

I think you have your timeline wrong. If I am about 15 years older than you, then I was well out of diapers when that software came out. Also, the opinions of cantankerous old men everywhere aside, being born before someone else isn't an accomplishment.

(By the way - I never EVER posted @ Arstechnica as "Cybordeath", no need to do that much...

Oh please. Cybordeath shows up right after you are banned and starts posting specifically about you and your disputes. His posting style is altered from yours without all the bolding and capitalizing and not so much stuff in quotes and not as much extra punctuation, etc., but everything else about the way he expresses himself is extremely similar to you. There's pretty much universal concensus on the forum that Cybordeath is you. It seems pretty unlikely that you'd have such a rabid fan, obsessed with carrying on your feuds who didn't chime in before you were banned, but signs on right after. Sorry Clark Kent, the glasses aren't fooling anyone.

Also, you've posted a few times in this thread in support of yourself, while pretending to be someone else, and you've followed me to another thread to post multiple times from a small comment I made and not signed your posts there. Based on that evidence, I'd have to say that my (and everyone else's) theory on the identity of Cybordeath is probably pretty solid.
 

P.S.=> Please - Give us a break, you f'ing "ne'er-do-well" talker with not a DAMN THING to show for yourself by way of comparison to just a tiny FRACTION of what I could put out... apk

Give what a break? Replying to you? I wish I could. It wastes too much time. But it's somehow addicting. I can't help myself. Every time you say something ridiculous, I just have to try to get you to understand the real world. I know you never will, but I just can't help myself.

You ask for proofs, but you never provide them

When YOU are asked to show works that have done well in the eyes of others professionally as I have been able to supply easily (and only a FRACTION of what I actually could)... you're all talk, b.s., & I have to say lies at this point on that note.

NOW - since you asked for proofs of myself and my words? I don't RUN AND LIE as you do... lol!

Facts that Jeremy Reimer of Arstechnica impersonated me, libeled myself, was off topic & trolling the ENTIRE TIME @ Windows IT Pro forums and got himself caught impersonating not only myself, but also a Mr. Martin Meszaros too, then lastly being SHOT DOWN IN FLAMES on Exchange Server being unstalled by memory optimization programs with backing proof from MS documentations, are below

I only state facts, and I posted links to that before on this site, but here you are again:

http://www.windowsitpro.com/article/internals-and-architecture/the-memory-optimization-hoax#feedbackAnchor

As to Thor Schmuck and CA? WELL, your sources are CRMINAL and disreputable:

http://www.associatedcontent.com/article/215116/computer_associates_cofounder_led_22.html

Additionally?

Thor Schmuck's FAR from a "security researcher" - he doesn't even HAVE A CSC degree, for Pete's sake, or security certifications etc./et al!

APK

P.S.=> Your foundations are CRUMBLING FAST, built on houses of sand, in your attempts to discredit myself - where you have shown us all that you MERELY TALK A "BIG GAME" but when YOU ARE ASKED FOR PROOFS? YOU HAVE ZERO, lol...

So, show us proof of your having done wares for others professionally, won't you? You can't and you KNOW it. Without said proofs as I can produce, you are full of it... period.

You also avoid the fact that Linux has shown itself numerous times to be shit for security, and RECENTLY too!

---

Kernel.org, it's OWN SOURCECODE REPOSITORY, lol, very bad, being breached

Linux.com also

Mysql.com also

4 CA's for SSL security (very bad also)

Android Linux "fine security track record" (lol, not)

---

All/each of the above are all recently and widely known + documented by reputable sources worldwide...

Lastly, you certainly cannot show you've done more that others noted as good in written publications of respected note as I have, respected trade shows for commercial software code as I have, OR even in shareware/freeware as I have around the computer sciences... all while you were STILL IN DIAPERS I strongly wager up to the present day!)...

BOTTOM-LINE THOUGH, since you 'demand proofs'/links etc.:

Yes - you TALK A "BIG GAME" but when YOU ARE ASKED FOR PROOFS, especially of noted accomplishments that did well in the eyes of others in computing in publications, commercial ware code you have done, tech trade show placements/showings, books, magazines, newspapers, etc. as I have done more times than you ever will? YOU HAVE ZERO, just a lot of "talk" - you're a WINDBAG blowhard and pitiful, lol... apkb

Re:You ask for proofs, but you never provide them

[tragedy]

Your first link consists of you posting an insane number of off-topic posts to the comments section of an article about memory optimizers. Something in there about someone pretending to be someone else who had endorsed one your products withdrawing his endorsment in a forum. An actual link to the the post where they impersonated him would be preferable. Or was that link actually it and you expect me to slog through 435 pages of comments, mostly by you? I think I'll pass, thanks.

Your second link is about how the co-founder of CA systems was apparently embezzling. Great. Was he one of your enemies too? If not, what does that article have to do with anything? How does this supposedly discredit your actual enemy? Also, why should I care? You don't have just a few people who despise you with cause. It seems like nearly everyone you have any interaction with ends up that way with enough exposure.

Regarding the rest of your post... I didn't demand any of that stuff from you to begin with, I just questioned the parts that were questionable after you posted them. The rest of your nonsense we've already discussed.

Current Linux "security" (lol, NOT) data then

IF Linux = secure, as is often said here on this site, explain this (recent verifiable data on Linux security breaches)

KERNEL.ORG COMPROMISED: (very, Very, VERY BAD - this is the sourcecode repository for Linux!)

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

Linux's showing in CA's breached recently too? Also very, Very, VERY BAD - this is SSL security oriented:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

http://uptime.netcraft.com/up/graph?site=DigiCert.com

Those CA's (for SSL) got breached & RUN LINUX (StartCom, GlobalSign, DigiCert, & Comodo)... per these articles verifying that:

http://itproafrica.com/technology/security/cas-hacked/

and

http://it.slashdot.org/story/11/10/28/1954201/four-cas-have-been-compromised-since-june

---

* Additionally, there's also ANDROID'S (yes, it's a Linux, & uses a Linux kernel) "fine security track-record" (lol, NOT) also...

(Why's that, as to all of the above? LOL, we KNOW why... see my ps below!)

APK

P.S.=> All those years of hearing the typical FUD of "Linux = SECURE, & Windows != Secure" around here on /., only to see recent history (VERY recently in those above no less) show QUITE OTHERWISE!

... apk

Re:Current Linux "security" (lol, NOT) data then

[tragedy]

Pure copy and paste reply. Nothing to see here.

What's that U say, Mr. "ne'er-do-well"?

That U talk a big game but when asked 2 show u've done more of good note in commercial software code, technical trade shows, books, magazines, newspapers, n' better, + earlier than apk in computer sciences, u have zero? Make us laugh some more, Mr. "ne'er-do-well".

Re:What's that U say, Mr. "ne'er-do-well"?

[tragedy]

Uh yeah. Talking about yourself in the third person like that and referring to yourself as a plural doesn't strike me as too healthy.

Dear Mr. "ne'er-do-well" (lol)

Speak for yourself, writing books in YOUR MULITIPLE OFF TOPIC ILLOGICAL ADHOMINEM ATTACK BASED so-called "replies" of yours, lol!

You write books practically, and in MULTIPLE replies (off topic illogical adhominem attack based ones no less), so please: "Pot calling the kettle black" now, are we? LOL!

You end up saying nothing on topic, just more evasions of proving things you are asked to (which you demanded of myself mind you and I provided it, because i have those things, you do not and you never will)

You make me laugh with your illogical off topic adhominem attacks in some attempt to try to "discredit me" but finding your sources are invalid and CRIMINAL even (CA, and Jeremy Reimer/Jay Little/Arstechnica, to name a couple I shot down easily with documented proofs no less - you know, the thing YOU NEVER HAVE to your credit OR defense!))

Especially nothing of import is being said from you, or that is on topic here either @ this point!

You evaide that which was asked of you, such as showing you've done more, better, & earlier than I have in the computer sciences arena in:

---

1.) Books

2.) Magazines

3.) Newspapers

4.) Other written publications of respected note as I have

5.) Commercially sold software code from a certified Microsoft Partner to YOUR credit (which I was paid on & improved the performance of it by 40% no less)

6.) Doing well @ technical trade shows such as MS Tech Ed, 2 yrs. in a row, for ideas on using SuperDisk-NT with Database engines (both Mr. John Enck & myself came up with this, & he's an editor for Windows NT mag (now Windows IT Pro) & as far back as 1996...

---

* Mind you - ONLY RECENTLY in the past few years now really, & on this type of technique in the last point? Only NOW is being used with SSD's & such in the "mainstream" for performance, mind you, and you see it in the media from "big data" users/companies etc./et al... I was doing it more than a decade++ ago!

APK

P.S.=> YOU? You make us all laugh - how/why? Well, simple:

You're a "ne'er-do-well" who hasn't done squat of good note, and you NEVER will - and you KNOW it! Hence your "evasions" & attempts @ cutting down where I have done well, and you never have or will... period!

... apk

Re:Dear Mr. "ne'er-do-well" (lol)

[tragedy]

Speak for yourself, writing books in YOUR MULITIPLE OFF TOPIC ILLOGICAL ADHOMINEM ATTACK BASED so-called "replies" of yours, lol!

You write books practically, and in MULTIPLE replies (off topic illogical adhominem attack based ones no less), so please: "Pot calling the kettle black" now, are we? LOL!

I do write fairly long posts sometimes. In this thread, it's mostly because I'm actually trying to address most of the things said in the parent post. I don't, however, write multiple replies to a single post (unless I need to make a correction or addition, in which case I clearly state that) and I haven't anywhere in this entire thread. It may appear that way if you don't know how Slashdot displays threads. Basically, the thread view flattens out after a certain number of posts in the thread and becomes a flattened view and it can become hard to tell what follows what. You can actually tell, however, you just need to do the legwork. You can open each of my posts in this thread directly, then hit the parent link at the bottom and see that each one is a child of one of your posts.

You end up saying nothing on topic, just more evasions of proving things you are asked to (which you demanded of myself mind you and I provided it, because i have those things, you do not and you never will)

The only thing on topic in this article is discussion of the possible implications of certain features in UEFI to the ability of end-users to boot their OS of choice. When you first posted, you were essentially off topic. You made a token mention of the issue, but only so that you could spam a bunch of Secunia links supposedly proving that Linux was insecure. I spent an unreasonable amount of time proving to you that each and every one of those security vulnerabilities was invalid, mostly because you couldn't be bothered to spend the time actually reading the pages you were linking to. The rest of this thread has been even more pointless. I eventually started to wonder just how crazy you were and searched around for you and discovered that you're infamous. You've been banned practically everywhere that they have a system for it and even people who don't hate you only seem to be able to not hate you by distancing themselves. I hope for your sake that your personality affliction only affects your online correspondence and doesn't extend to your real-life, face to face behaviour.

Your insistence that I demanded that you list your resume is bizarre. I never demanded that of you. Having seen it doesn't change my opinion of you. That opinion was formed by your behaviour. You could be a janitor or a rocket surgeon for all I care and I'd still have the same opinion of you because of your actions.

You make me laugh with your illogical off topic adhominem attacks in some attempt to try to "discredit me" but finding your sources are invalid and CRIMINAL even (CA, and Jeremy Reimer/Jay Little/Arstechnica, to name a couple I shot down easily

Alexander, you discredit yourself. Again, and again, and again, and again. In this thread on Slashdot and in just about everything else I can find anywhere that you've posted on. My "sources" aren't any particular person. Even when I linked to that blog post about your application being incorrectly blacklisted as malware and you threatening to sue, it was specifically your behaviour there I was showing. On all those links, pretty much everyone could see how awful you were being. In some of them, people who actually considered you a friend wondered aloud why you were acting that way. Why do all of those people have the same opinion of you, even when seeing you post for the first time? Are all of those people (and non-people since you seem to be also listing an entire company and a website) "invalid and CRIMINAL"?

What's with the constant claims of having achieved some sort of victory? It seems like just about every time you reply to anything you have have to post that you "sh

"Play it again sam..."

http://slashdot.org/comments.pl?sid=2506468&cid=38040964

* "Read 'em & weep..."

APK

P.S.=> Not GOOD enough with the link above? Ok, here 'tis again:

IF Linux = secure, as is often said here on this site, explain this (recent verifiable data on Linux security breaches)

KERNEL.ORG COMPROMISED: (very, Very, VERY BAD - this is the sourcecode repository for Linux!)

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

Linux's showing in CA's breached recently too? Also very, Very, VERY BAD - this is SSL security oriented:

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

http://uptime.netcraft.com/up/graph?site=DigiCert.com

Those CA's (for SSL) got breached & RUN LINUX (StartCom, GlobalSign, DigiCert, & Comodo)... per these articles verifying that:

http://itproafrica.com/technology/security/cas-hacked/

and

http://it.slashdot.org/story/11/10/28/1954201/four-cas-have-been-compromised-since-june

---

* Additionally, there's also ANDROID'S (yes, it's a Linux, & uses a Linux kernel) "fine security track-record" (lol, NOT) also...

(Why's that, as to all of the above? LOL, we KNOW why... see below!)

All those years of hearing the typical FUD of "Linux = SECURE, & Windows != Secure" around here on /., only to see recent history (VERY recently in those above no less) show QUITE OTHERWISE!

... apk

Re:"Play it again sam..."

[tragedy]

Wow, so not only do you post a copy and paste reply to me, but when I remark that you did, you post a reply with a link to that same copy and pasted reply? Then most of the post is a copy and paste of your tired, old line about Linux that's already been addressed multiple times. Sad, sad, sad.

The only ridiculous thing is you

I merely pointed out that you haven't accomplished a thing that said others noted your work's decent in publications, trade show works, commercial or even freeware/shareware work... & yet you see fit to try to cut me down? Please. You're showing your "tell", Mr. "ne'er-do-well".

Increasing SuperCache's efficiency came about by my asking EEC/SuperSpeed.com IF they had done ANY work on flexible parameterization of drivers utilized in their initialization (which IS possible on other diskcaches, even older smartdrive from DOS) - they had not. This is where that came in, because w/ diff. datatypes, system RAM setups, & use-patterns, it matters and IS possible... so, I went @ it for Mr. Dickman, & it worked out (for free on my part @ first) & so well, they bought the rights from the code out from me (easily ported code to other languages no less).

The db end of things came on SuperDisk-NT though, NOT Supercache-NT... I had, for YEARS, been putting even smaller db's temp/scratch areas onto ramdisks/ramdrives, & the performance gain is HUGE... putting entire DB devices onto those, or even SSD's (as you see now lately especially), does even more... so much so, that eventually after iirc, SQLServer 5 or 6, MS started building a separate memory area (reserved for the db itself) into memory.

It just works!

---

So, now you're OLDER than I, & you have LESS to show for yourself in the field of computing than I do, speaks WORLDS about you... you truly are SHOWING YOUR "TELL" as what I called you - Mr. "ne'er-do-well"!

---

As far as arstechnica? Hey, others there defended myself as well, one being a fellow named DosFreak (who introduced me to them no less & whom I still call a pal online, good guy is why)... he told them once to stop talking about myself behind my back (good man)... they're like gossiping hags!

All because I asked them the SAME QUESTION I did of yourself here - you cut me down? Show ME you have done better, before I have, & more times... that's all!

(Truth hurts... you only make that seem even more true now - Geek Angst, it's HILARIOUS!)

APK

P.S.=> Since you try to "cut me down" & berate a small fraction of what I can show I have done in this field...

Well - I have simply just "called you out" on that same question above, as I did arstech people, and you have ZERO TO SHOW for yourself... pitiful really!

Especially if you are my senior in age, and in this art & science of computing is all, and since you try to "Cut me down" on it, it's funny you have less to show than I do! Pretty simple... apk

Re:The only ridiculous thing is you

[tragedy]

Still not a very deep explanation of what you did for EEC Systems software. "flexible parameterization of drivers utilized in their initialization" doesn't actually say anything very specific. But whatever.

As for putting frequently accessed data into ramdisks, of course it works. It's been done for years. If you have enough RAM and you can identify what you should spend it on. It's not as if you invented the idea. Are you saying that the work you did was in identifying which data to cache to ram to speed up database access?

As for the older/younger thing. No, my bad, that was a typo. Actually, I started typing "If you are about 15 years older than me,", then thought better of how to structure the sentence. I should have erased and rewritten, rather than just changing two words. In any case, that part from my post should have read:

I think you have your timeline wrong. If I am about 15 years younger than you, then I was well out of diapers when that software came out. Also, the opinions of cantankerous old men everywhere aside, being born before someone else isn't an accomplishment.

As for Arstechnica, and pretty much every forum I could find where you've posted, even if you had a small number of allies (and pretty much every ally still seemed to want to distance themselves from you), seemed to be overwhelmingly against you. In this thread, you talk about how you were kicked from majorgeeks.com despite the fact that a part owner was an ex-friend of yours. Then you mention how you were banned from ntcompatible.com by another friend (unless it was the same friend, you were unclear). I was amazed to actually see the word "sorry" come from you in that post and an admission you actually made a mistake. I didn't think you were capable of it. Kudos to you for that. Still, you ought to consider the possibility that maybe, just maybe, the reason so many people turn on you has something to do with the way you act.

As I've stated before, we seem to be peers. I have nothing to prove to you in order to be permitted to speak. And no, I'm not your senior in age. There was a typo, but the very next sentence after the one with the error should make it clear that was a typo.

Easy list for you now, you'll evade it

1.) Show us you've done more, earlier, & BETTER than I have in the computer sciences in commercial software code, books/magazines/newspapers or even freeware/shareware than I have since you see fit to try to "cut me down" on them, & they're only a SMALL PARTIAL LIST of what I could put up in FULL (& I quit doing that stuff years ago, no need now - I've already done it) - ok? Pretty simple this one, & you've already shown you CANNOT... pitiful.

2.) I post VERY RECENT real-world breaches with systems using Linux in my p.s. below... care to deny them? They're not just buglists unpatched, but real world RECENT DATA showing how "secure" Linux is showing itself to be... despite all the /. FUD spread around here for years on that note (security of Linux = good, Windows = bad etc.)

3.) My guess is since you use your "b.s. name", tragedy, that you've been BANNED quite a lot - I've been banned a couple times, but only after being attacked & confronting my naysayers with #1 above... I've yet to meet someone who can live up to #1 above in fact (& it gets them SO STEAMED, all they have is a "ban" OR evasions of that as you are doing - Sure I can beat those & use a name like "tragedy" but why? I don't hide (as others, like yourself, obviously DO, under assumed guises)).

4.) I noted this in other posts - SQLServer prior to version 6 iirc, used to use DISKBOUND (hdd) devices, NOT ram based placements of devices into reserved by DB memory areas (pure memory)... this changed later as performance of using Ramdisks (in software OR even SSD types) helps TONS for performance. Did I think of it first? I don't know - but what I DO KNOW, is that the idea took hold & took off after the showing of using ramdisks or SSD's for that very thing did well enough to place @ MS Tech Ed 2000-2002 as a finalist in the hardest category there - SQLServer Performance enhancement! Have you done better?? No, obviously!

5.) I never threatened to sue Thor Schmuck - I only said I probably could (& CA was caught in LITERALLY CRIMINAL SCANDALS, & also sold off their utilities division that called 1 ware of mine a malware - funny, they didn't list PING, or spybot search & destroy (which the former can do a ping of death or can, & how Spybot S&D alters a hosts file)... both are criteria of their 21 point removal system in fact, a test I passed on ALL GROUNDS (they reduced the level of threat of my app to ZERO in fact).

* In the end? It is VERY EASY to "shoot you down", & with facts...

(So, YES - Your evading those things above, DOES MAKE ME LAUGH! Simply as it proves my point, that you are indeed, a "ne'er-do-well" is all & one that tries to 'cut me down' & yet hasn't done better himself no less!)

APK

P.S.=> DATA FOR #2 above regarding real world security breaches happening RECENTLY on Linux bearing machines:

IF Linux = secure, as is often said here on this site, explain this (recent verifiable data on Linux security breaches)

KERNEL.ORG COMPROMISED: (very, Very, VERY BAD - this is the sourcecode repository for Linux!)

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

---

Linux's showing in CA's breached recently too? Also very, Very, VERY BAD - this is SSL security oriented:

http://upt

Re:Easy list for you now, you'll evade it

[tragedy]

1) Why do I need to? I still don't understand how we reached the point where I have to jump through that hoop for you. It's ridiculous.

2) I've said it before and I'll say it again, no OS and no security setup is invincible. I never made any claims about the security superiority of Linux over Windows (except to note that security was not historically a high priority for Microsoft in its mainstream Operating Systems). You seem to be projecting arguments you've had with other people onto me.

3) Never been banned from any online forum, sorry. I'm not always prepared to hand out my real name because there are a lot of kooks out there. As for you not hiding behind assumed guises. HA! You've already done it several times in this thread. You're crazy if you think that people can't see through it when you post and pretend to be some other person defending you. Cybordeath was obviously you, for example. When you post short answers without your usual structure, it's a little harder to spot you right away, even when you keep it short, but it's obviously you in this post. Where you stalked me to another thread to post an anonymous, venomous reply to one of my posts. Sad.

4) To be very clear. You did not think of it first, no need to trust me on this. You would have to be grade A, certifiably insane to think that you were the first person to think of such an obvious idea, unless you're really a lot, lot older than I thought. When the feature first appeared in Microsoft SQL Server is not the benchmark for when the idea was first developed.

5) You certainly strongly implied that you planned to sue. You definitely said you'd bring lawyers into it. I've seen e-mail exchanges with you people have put online where you pull the same kind of nonsense.

Just "face the music" in the link

http://slashdot.org/comments.pl?sid=2506468&cid=38045106

APK

P.S.=> More evasions galore will be forthcoming from "tragedy" (alias Mr. "ne'er-do-well", who sees fit to cut down others or TRY to with zero results, and yet who's never done better than those he attempts to cut down)... apk

Re:Just "face the music" in the link

[tragedy]

Uh, yeah. But you're still not addressing the fact that, in the great-grandparent post, you're either pretending to be someone else, or you're talking about yourself in the third person and referring to yourself as more than one person.

Face the music in the link inside (pretty simple)

http://slashdot.org/comments.pl?sid=2506468&cid=38045106

APK

P.S.=> Yes, as per usual? I predict that MORE "evasions galore" will be forthcoming from "tragedy" (alias Mr. "ne'er-do-well", who sees fit to try to "cut down others" & yet, he hasn't done better himself... lol, pitiful!) ... apk

Re:Face the music in the link inside (pretty simpl

[tragedy]

What's the point of this link? If it's to try to focus the thread that you've split back into one thread, then I applaud you for that.

Watching U "run" from it's the point!

Run more, & avoid "facing the music" there -> http://slashdot.org/comments.pl?sid=2506468&cid=38045106

APK

P.S.=> NOW - After the names you tossed my way in this exchange, & what-not like your trying to cut down some things I listed that I have done in the computer sciences, a SMALL ONLY VERY PARTIAL FRACTIONAL LIST mind you, Plus more reprehensible behaviors of yours in other of your illogical off topic adhominem attack based posts to myself?

Yes, I am rather enjoying seeing you RUN LIKE A WHIPPED DOG FROM THAT LINK ABOVE, & LIKE A DOG WITH HIS TAIL BETWEEN HIS LEGS... lmao!

... apk

Re:Watching U "run" from it's the point!

[tragedy]

Uh yeah. More APK crazy. Seriously, you had the right idea trying to at least refocus the thread. Don't reply to this message. For the sake of coherency I'll try not to reply to any reply to this one and only reply to the current two main branches of this tree.

Re:Watching U "run" from it's the point!

What was *crazy* funny here was watching U be shotdown here http://slashdot.org/comments.pl?sid=2506468&cid=38045106 Seeing you run from it is priceless indeed. Your evasions are weak, you haven't done a damned thing worth noting in computers whatsoever, and you have the nerve to troll and attempt to birsmirch the rep of those who have when you're a piss pot with no pot to piss in? What a joke you are, I am laughing and have been since the other thread of yours I ran into this from from another section of slashdot forums.

Re:Watching U "run" from it's the point!

See Tom Cruise telling you what you need here from :19 onward hahaha http://www.youtube.com/watch?feature=player_detailpage&v=tAFJUcLaYSg#t=22s "medication, whoooo" ahahahaha.

Re:Watching U "run" from it's the point!

[tragedy]

Ok. So you've posted the same copy and pasted reply here, here, here, here, here and here. Both to threads you've been signing in as APK, and those where you were pretending to be some random AC with a grudge against me and a massive admiration for you and sympathy for your goals. Thankfully, this seems to cap off this mess. I'm posting this reply (also copy and pasted) to each of those posts to focus things again. Just in case you feel you need to post again, no need to carry on each of these frayed ends, just reply to this post.

Seeing you run YET AGAIN? Priceless, lol!

http://slashdot.org/comments.pl?sid=2506468&cid=38045106

APK

P.S.=> Your evasions only strengthen my case that you're a "ne'er-do-well" who shot his mouth off @ myself, in off topic adhominem attacks here repeatedly, had your sources "shot down in flames" (CA & arstechnica + Thor Schmuck etc.) with facts, and yet you saw fit to try to "cut down" a small partial list only of some decent things I did in the Comp. Sci. arena over time, when you cannot produce a better list thereof from publications, commercial software code to your name (or even freeware/shareware), and tech trade shows also that I had done, numerous times, & I truly suspect before you were out of DIAPERS... you have SOME nerve!

Watching you run from that link above now is payment enough & priceless - it deals in our topic (security) and takes care of what I just said too, because you avoid THAT like the plague... especially question #1!

... apk

Re:Seeing you run YET AGAIN? Priceless, lol!

[tragedy]

Errr, yeah, I'm running from the post in that link. Got it. I mean, I replied to it late last night in this post, but that doesn't mean anything. I'm just running. Uh huh. Just like my so called "sources" were "shot down in flames". Riiight. Since my sources are pretty much every forum you've ever posted to, they wouldn't be discredited just by a few rebuttals from you, even if those rebuttals were rational rather than being based on pure crazy.

Also, once again, if I was in diapers while you were out achieving adult accomplishments, then you realize that what you're doing is equivalent to mocking a baby for not being able to do the things an adult can. I can picture you doing that, actually. You, standing there, yelling at a baby in crib that he's not as good as you and that you've shot all his arguments down in flames and demanding that he show a list of publications that he's been mentioned in. You really do strike me as being possibly that crazy.

Re:Seeing you run YET AGAIN? Priceless, lol!

Sounds like you stalk apk. Do you have a PHD in psychiatry? Calling others crazy without that and a license to practice it along with a formal examination administered in a professional environment is libel you know. Please take your meds as you were advised to do numerous times. Thank you. Seeing as you were blown away in the end here was priceless as was stated also http://slashdot.org/comments.pl?sid=2506468&cid=38047836 I also thought you said you were older than apk a couple posts back. Make up your mind or at least find it because you are outside your mind imo.

Re:Seeing you run YET AGAIN? Priceless, lol!

[tragedy]

No stalking, although I did do some information gathering once we were already deep into our discussion and it became very clear there was something very wrong with him. Stalking him would be looking around for other places he's posted, then posting anonymously to rant about goings on in the original thread. Like you're doing.

Calling APK crazy is not libel, it's an opinion. A very, very well founded opinion. Also, psychiatrists have an MD, not a PHD.

Me being older than APK (you) was a typo, I started typing that you were older than me, but then I inverted the sentence to say instead, that I was younger than you, but I accidentally left the word older. I explained this in this post, which you didn't reply to. That's actually pretty bizarre for you.

Quit "projecting" there Capt. Paranoia, lol!

Take your meds "CaPTaiN-PaRaNoiA"

(I saw that somebody called you paranoid in another post of yours via your post history today & it truly made me laugh)

LMAO, especially how you're accusing myself of being others who are busting on you and your contradictions, especially about LONG posts of yours & how you "recorded" our post times here http://slashdot.org/comments.pl?sid=2517968&cid=38045988 but noted them in that thread, completely NOT related to this one!

Yes, it is TRULY hilarious!

Plus - your "projecting" on things you obviously do DO yourself? Please... dead give away that, accusing myself of doing what you must do yourself!

* Clue/New NEWS/NewsFlash - not everyone posting here on /. is myself you know!

SEEING YOU RUN LIKE A WHIPPED DOG WITH HIS TAIL BETWEEN HIS LEGS FROM THIS POSTS' QUESTIONS THOUGH?

http://slashdot.org/comments.pl?sid=2506468&cid=38045106

* Priceless - Absolutely priceless, lol... & especially after all of your NUMEROUS off-topic illogical adhominem attacks you directed MY WAY here in this very exchange...

APK

P.S.=> Your evasions of the questions in the link above? WELL... that only strengthens my case that you're a "ne'er-do-well" who shot his mouth off @ myself, in off topic adhominem attacks here repeatedly, had your sources "shot down in flames" (CA & arstechnica + Thor Schmuck etc.) with facts, and yet you saw fit to try to "cut down" a small partial list only of some decent things I did in the Comp. Sci. arena over time, when you cannot produce a better list thereof from publications, commercial software code to your name (or even freeware/shareware), and tech trade shows also that I had done, numerous times, & I truly suspect before you were out of DIAPERS... you have SOME nerve!

Watching you run from that link above now is payment enough & priceless - it deals in our topic (security) and takes care of what I just said too, because you avoid THAT like the plague... especially question #1!

... apk

Re:Quit "projecting" there Capt. Paranoia, lol!

[tragedy]

Take your meds "CaPTaiN-PaRaNoiA"

(I saw that somebody called you paranoid in another post of yours via your post history today & it truly made me laugh)

Uh, yeah. That was you Alexander. Watching you pretend it wasn't is hilarious.

LMAO, especially how you're accusing myself of being others who are busting on you and your contradictions, especially about LONG posts of yours & how you "recorded" our post times here http://slashdot.org/comments.pl?sid=2517968&cid=38045988 but noted them in that thread, completely NOT related to this one!

Yeah. Not related. Except that the AC posting there was obviously you, and amazingly posted at the exact same times you were on Slashdot replying to me. You're deranged if you think you're not completely obvious when you do that.

Yes, it is TRULY hilarious!

Plus - your "projecting" on things you obviously do DO yourself? Please... dead give away that, accusing myself of doing what you must do yourself!

I post under a psuedonym partly because there are crazies out there like you that I wouldn't want to give my real name to, but I have principles which you seem to lack. I don't post as multiple people to support myself. How do I "obviously" do it myself? Is this just some sort of ridiculous schoolyard rules along the lines of "he who smelt it dealt it"?

* Clue/New NEWS/NewsFlash - not everyone posting here on /. is myself you know!

Of course. It's just the ones that are obviously you that are you. I mean, it's not as if you haven't, in this thread, posted a few unsigned AC comments pretending to be a third party, then switched back to replying as you. Moron.

SEEING YOU RUN LIKE A WHIPPED DOG WITH HIS TAIL BETWEEN HIS LEGS FROM THIS POSTS' QUESTIONS THOUGH?

http://slashdot.org/comments.pl?sid=2506468&cid=38045106

* Priceless - Absolutely priceless, lol... & especially after all of your NUMEROUS off-topic illogical adhominem attacks you directed MY WAY here in this very exchange...

Riiight. Because I didn't reply to that here, you buffoon.

Re:Quit "projecting" there Capt. Paranoia, lol!

Rinse lather and repeat http://slashdot.org/comments.pl?sid=2506468&cid=38047610

Re:Quit "projecting" there Capt. Paranoia, lol!

[tragedy]

I'm not clear on this one since you didn't sign it. Is this you pretending to not be you, yet posting a circular link back to the grandparent post, or did you just forget to sign?

Rebuttals time (you're shot down again)

To #1 question, which you finally have "answered" (not, just more evasive doubletalk on your part)?

"1) Why do I need to? I still don't understand how we reached the point where I have to jump through that hoop for you. It's ridiculous." - by tragedy (27079) on Monday November 14, @01:24AM (#38045756)

Because you saw fit to try to "cut me down" & with off topic illogical name tossing attacks and FALSE STATEMENTS about myself I disproved with actual links & documented evidences (regarding arstechnica, Computer Associates & Thor Schmuck & more).

So, I merely challenged YOU to show me you have done more, better, & earlier than I have from a small partial list of mine & YOU CANNOT (I could put out FAR more that did well over time in computing)...

That's why!

---

"2) I've said it before and I'll say it again, no OS and no security setup is invincible. I never made any claims about the security superiority of Linux over Windows (except to note that security was not historically a high priority for Microsoft in its mainstream Operating Systems). You seem to be projecting arguments you've had with other people onto me." - by tragedy (27079) on Monday November 14, @01:24AM (#38045756)

Linux certainly hasn't shown itself to be, for CA's (SSL security related & this is about security), KERNEL.ORG (the worst perhaps, because WHO KNOWS what was really done to the Linux core sourcecode itself), MySQL.org is also "icing on the cake" as it runs Linux too & was breached as well (part of the LAMP stack no less & who KNOWS what was done to its source also) etc./et al, as well as Linux.com too no less!

That's VERY funny & yes, indicative of REAL WORLD EXAMPLES of Linux security failings... ANDROID totally makes that worse for "penguins" too, bigtime!

---

"3) Never been banned from any online forum, sorry. I'm not always prepared to hand out my real name because there are a lot of kooks out there." - by tragedy (27079) on Monday November 14, @01:24AM (#38045756)

Right... don't bullshit us, ok?

---

"As for you not hiding behind assumed guises. HA! You've already done it several times in this thread." - by tragedy (27079) on Monday November 14, @01:24AM (#38045756)

Uhm, lol - Have you taken your meds for paranoia this a.m.? Please do... because I am NOT the only person who posts on /., & quit projecting your OWN "Modus Operandi" already, lol!

---

"You're crazy if you think that people can't see through it when you post and pretend to be some other person defending you." - by tragedy (27079) on Monday November 14, @01:24AM (#38045756)

You keep using "crazy/insane" etc./et al - you can stop projecting now, & please - see the bolded statement of mine above, lol, ok? Thank you.

Before you call others insane/crazy etc. online? Be aware that without a formal examination in a professional environs done by a PhD in Psychiatric sciences with a license to practice, you are indeed, libeling myself... & you say you have NEVER BEEN BANNED? Somehow, based on your reprehensible behavior, I doubt that.

---

"Cybordeath was obviously you, for example. " - by tragedy (27079) on Monday November 14, @01:24AM (#38045756)

Again, do you have PROOF of that? Again, more folks than myself post on forums, and see the above (about your meds please, thanks, lol).

---

"When you post short answers without your usual structure, it's a little harder to spot you right away, even when you keep it short, but it's obviously you in this post. Where you stalked me to another thread to post an anonymous, venomous reply to one of my posts. Sad." - by tragedy (27079) on Monday November 14, @01:24AM (#38045756)

Re:Rebuttals time (you're shot down again)

[tragedy]

1) I saw fit to say that a post of you looked like an automatically generated troll. Then, when you made it clear you were actually a human, I responded to the three links you were posting at the time which you challenged anyone to show were incorrect. I showed that all of the security exploits in those posts were fixed. Mostly long, long ago. I never challenged you to put up your resume or claimed that mine was somehow superior. That's just your personal fetish. You must have an extreme inferiority complex to need to overcompensate so much.

2) Blah, blah. Same old, same old. Ridiculous claim that compromise of the kernel.org website might have compromised the kernel source itself as if it's not possible to check.

3) I simply haven't been banned from any web-based forums, moderated Usenet newsgroups, etc.That sort of thing generally only happens to a small minority of people. Perhaps I'm just not as adventurous as you. I'm certainly not as prolific a poster as you.

As for you not having posted pretending to be someone else on this thread, what about this post where you pretend to be some third party who's just a really big fan of APK or something. I reply to say that it's you, then you reply, still pretending not to be you, then I reply again, then you reply again, but this time you sign as yourself. Duh. Pretty obvious.

"You're crazy if you think that people can't see through it when you post and pretend to be some other person defending you." - by tragedy (27079) on Monday November 14, @01:24AM (#38045756)

You keep using "crazy/insane" etc./et al - you can stop projecting now, & please - see the bolded statement of mine above, lol, ok? Thank you.

Before you call others insane/crazy etc. online? Be aware that without a formal examination in a professional environs done by a PhD in Psychiatric sciences with a license to practice, you are indeed, libeling myself... & you say you have NEVER BEEN BANNED? Somehow, based on your reprehensible behavior, I doubt that.

---

Psychiatrists are MDs, psychologists are the ones with PHDs. As for libel, expressing an opinion that someone is crazy isn't libel, especially with a conditional such as "if you think that". Not that I don't think you have a psychological disorder. At the very least you seem to have some sort of Narcissistic Personality Disorder.

"Cybordeath was obviously you, for example. " - by tragedy (27079) on Monday November 14, @01:24AM (#38045756)

Again, do you have PROOF of that? Again, more folks than myself post on forums, and see the above (about your meds please, thanks, lol).

---

Proof? The language, form and content of Cybordeath's posts compared to yours is pretty good proof. Answer this: why would Cybordeath sign up right after you were banned to defend you and vilify your enemies and carry on your feuds? What possible motivation would someone who isn't you have to be so obsessed with you and your activities on that forum to the exclusion of all else? Everyone knew it was you. You can't pretend your way out of it.

4)

"4) To be very clear. You did not think of it first, no need to trust me on this." - by tragedy (27079) on Monday November 14, @01:24AM (#38045756)

Did I say I did? However, I have to say I haven't seen it done before myself because ramdisk/ramdrive software for Windows wasn't around that would do UNLIMITED SIZED ramdisks before the EEC Systems SuperDisk-NT came about... at least not afaik, but later others did come out (but lacked data mirroring back to state keeping files on HDD etc.)

I suppose YOU did though... right?

Tom Cruise tells you what YOU NEED, lol

See :19 on the YouTube player here http://www.youtube.com/watch?feature=player_detailpage&v=tAFJUcLaYSg#t=22s hahaha "Medication woohooo"

Re:Tom Cruise tells you what YOU NEED, lol

[tragedy]

Ok. So you've posted the same copy and pasted reply here, here, here, here, here and here. Both to threads you've been signing in as APK, and those where you were pretending to be some random AC with a grudge against me and a massive admiration for you and sympathy for your goals. Thankfully, this seems to cap off this mess. I'm posting this reply (also copy and pasted) to each of those posts to focus things again. Just in case you feel you need to post again, no need to carry on each of these frayed ends, just reply to this post.

Tom Cruise tells U what U need

See :19 on the YouTube player here http://www.youtube.com/watch?feature=player_detailpage&v=tAFJUcLaYSg#t=22s hahaha "Medication woohooo" hahahahaha

Re:Tom Cruise tells U what U need

[tragedy]

Ok. So you've posted the same copy and pasted reply here, here, here, here, here and here. Both to threads you've been signing in as APK, and those where you were pretending to be some random AC with a grudge against me and a massive admiration for you and sympathy for your goals. Thankfully, this seems to cap off this mess. I'm posting this reply (also copy and pasted) to each of those posts to focus things again. Just in case you feel you need to post again, no need to carry on each of these frayed ends, just reply to this post.

Tom Cruise says what U need

See :19 on the YouTube player here http://www.youtube.com/watch?feature=player_detailpage&v=tAFJUcLaYSg#t=22s hahaha "Medication woohooo" hahahahaha

Re:Tom Cruise says what U need

[tragedy]

Ok. So you've posted the same copy and pasted reply here, here, here, here, here and here. Both to threads you've been signing in as APK, and those where you were pretending to be some random AC with a grudge against me and a massive admiration for you and sympathy for your goals. Thankfully, this seems to cap off this mess. I'm posting this reply (also copy and pasted) to each of those posts to focus things again. Just in case you feel you need to post again, no need to carry on each of these frayed ends, just reply to this post.