Slashdot Mirror
Microsoft Taking Aggressive Steps Against Linux On ARM
New submitter Microlith writes "Microsoft has updated their WHQL certification requirements for Windows 8, and placed specific restrictions on ARM platforms that will make it impossible to install non-Microsoft operating systems on ARM devices, and make it impossible to turn off or customize such security. Choice quotes from the certification include from page 116, section 20: 'On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enabled' — which prevents users from customizing their security, and in section 21: 'Disabling Secure MUST NOT be possible on ARM systems' to prevent you from booting any other OSes."
As much as i hate to say it, time to get the Feds involved, again.
Forget piddly sanctions, or even a "breakup". Shut them down once and for all.
---- Booth was a patriot ----
Don't you mean iOS? My mac isn't locked down in the least, and in fact is more open than windows.
---- Booth was a patriot ----
If there was anything that could be clearly labelled as anti-competitive and monopolistic in nature, this is it.
Good luck to them (haha, I kid).
The trick to being a good shill is to not have your diatribe prewritten to post as soon as the story goes from red to green.
It's a little too blatant otherwise.
MS is fine with all those junk-grade tablets, just that they don't want something like the N900 to pop up. They were able to kill that by all-but acquiring Nokia and making sure Elop would kill the N9.
So take your "not target market" or "find a device that suits you" complaints and stuff them, tyvm.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
And why not bitch at Apple for locking down OS X and iPhone's too?
But... WE DO BITCH AT APPLE FOR LOCKING DOWN OS X AND IPHONE TOO.
I don't understand if you're a troll, a shill, or simply an idiot. Microsoft is imposing this overly restrictive and anti-competitive measures on ARM hardware, in order for it to have WHQL certification, and you pretend to believe it is to stop malware? Really?
Seems these criminals have forgotten the last lesson in not behaving anti-competitively already. Time to fine them a few billions to make them remember.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Sir, you are either paid propagandist, or you have no idea what you are talking about.
The security we (Linux users) always wanted was supposed to be on software level, not on hardware level.
Doing anything like this on hardware level is definately anti-competitive.
A reason not to buy Windows 8? How about the fact that Win 7 is just now picking up real steam, works great and doesn't need an Ubuntu-style Metro layer over the top of it to make it an excellent OS?
In the time from when this is posted to when you replied there is no way you read the article. Thanks for that. You never planned on buying Windows 8 in the first place. You just want to make this look like the reason why. That makes you an astroturfer.
Microsoft's OS's have minimal market share on ARM-based device.
So now it will have a monopoly on all ARM-based devices marketed as capable of running Windows 8. Or does that mean that the "universal computer" is not universal anymore, and you will have to buy a MS-ARM machine to run Windows and a Linux-ARM to run Andoid?
Ezekiel 23:20
This is a rather pathetic attempt at misdirection. Of course the strategy is to claim this is about malware. But guess what, when you look under the hood you find that it is not. There is absolutely no reason to block the installation of another OS, except direct anti-competitiveness. If it was just to prevent the user from easily open their system, there would be other options.
Your argument that there are other ARM devices is also completely bogus, and so obviously I am not even going to explain.
You are a Microsoft shill, nothing else.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Dude, the article's not even a page long, and you seem to assume that I've never heard of UEFI, Windows 8, or a mobile device. Why not just make a coherent argument in the first place, instead of making groundless supposition?
...something about leveraging a monopoly to take over another sector...
He is a shill. Despicable. Just look at the posting time of the article and his comment. This was obviously pre-written.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
OS X doesn't stop you installing other operating systems. OS X even comes with a tool that will resize your existing partition, provide space for another OS, and Apple computers have a graphical boot menu out of the box for selecting the OS to boot.
I'm not sure about iOS devices. The older iPods didn't actively stop you from installing other operating systems (they just didn't support it, which is fair enough). If the new iPods / iPhones do lock the bootloader and prevent you from installing something else, then that would be something worth complaining about, although there are enough other reasons for wanting to avoid Apple's locked-down consumer product lines that it's probably quite low on the list.
I am TheRaven on Soylent News
Leveraging your monopoly in one area to attempt to dominate another much? This is an attempt by Microsoft to use the power they have over hardware manufacturers and computer distributors via their Desktop PC monopoly to force out the current players in the Tablet market. Abuse of a monopoly position pure and simple.
Making it impossible to dual-boot your ARM device. Security for the boot sector is one thing, making it impossible to install another OS by choice is something else.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Do you have any proof that they have abused that position with hardware manufacturers? Simply by going to another market is not leveraging monopoly.
I never planned on buying Windows 8, but I was interested in some of the hardware designed for Windows 8, because it is likely to be a bit more standardised in terms of core hardware than the wide range of generic ARM stuff, so it would be more interesting for running other operating systems. If hardware makers disable the ability to run other operating systems, that makes their devices less interesting to me. Fortunately, there will almost certainly be 100 chinese ODMs who don't bother to lock down their products for every big brand maker that does.
I am TheRaven on Soylent News
News about Microsoft can get conflicting, on one day you get a massive push for right stuff like open source and other good practices, and then you get stuff like this that sounds like the Microsoft of old.
I am wondering, how many divisions exist within Microsoft? I mean divisions capable of giving such conflictive news. I can't help but feel a part (probably formed of younger staff or management) is trying to do the right thing while other part (probably formed of old-school people from the times of anti-trust) is adhering to their old self. If this were to be the case, I hope the former ends up having more control of the company, really. I kinda hate to have to hate Microsoft at this point.
The fact that you think that disabling "custom boot" on ARM makes Windows more secure is yet another indication that there is really no understanding of security in the Windows world. And Linux users haven't been "asking for" Microsoft to do anything; we don't really care. We just keep pointing out that Microsoft doesn't seem to understand security.
Yes, the fact that Microsoft's operating systems are such a failure on ARM: Microsoft is in effect subsidizing hardware in order to give their operating system a chance in the market on ARM; without such subsidies, they wouldn't have a chance. But it is just those subsidies that make the hardware attractive for Linux. In contrast, iPhone and iPod are unattractive targets for alternative operating systems because iOS is successful and Apple charges a premium for their devices.
Locking down the boot loader in that way doesn't improve security and only has one conceivable purpose: to keep out other operating systems, and it is a necesssary part of an attempt by Microsoft to gain market share for their otherwise unattractive operating systems by subsidizing the hardware.
On one level you can hardly blame them - if you buy a Windows device, on what basis should you expect it to run something else. But on another level, why should they care if someone does? I doubt they subsidize the devices, and I'm certain that they or the manufacturer could put whatever legalese they liked on use of the device to refuse to replace them if they were bricked through unauthorised use.
Microsoft managed to escape being dismembered by having politicians do what they wanted,
The legal process needs revisiting. The same sort of charges can be brought. Perhaps, if found guilty, this time it could be concluded properly with the criminal being punished and prevented from committing the same crimes yet again.
I'll see your Constitution and raise you a Queen.
No, the blocking down of install of others OS's is what is misdirection. There are many boot sector viruses in the wild and Microsoft has had tough time removing them. This is why bootloader needs to be protected. How many users will this affect on ARM-based devices. I would say pretty much no one, or 0.0001%. Most users don't even have ARM-based devices, and if they have, it is much more likely to be one that comes with Linux or Android.
What about thinking before opening your mouth in the future? And why not bitch at Apple for locking down OS X and iPhone's too?
Have you met /.?
This does not make the devices secure. Stop repeating that nonsense. Then, from your ID I deduce you are related to the shill.
Go away, you are not welcome here.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
On the surface, yes this is MSFT being douches. But they do have sound reasoning if you hear it out. MSFT is sick and tired of being thought of a virus/malware ridding os. They are being aggressive. By locking down the EFI (new bios) that will prevent boot sector viruses. This is going to be the same for x86. There is a easy work around. DONT BUY A PRE-BUILT COMPUTER. I am avid Linux and Windows user. Try looking at it from their perspective and be a little more objective.
Tablet makers offer ARM tablets without WHQL Certification preloaded with Linux or Android.
I mean they don't need to install Windows 8 on the things when there's perfectly good alternatives around, and it seems like adhering to a document more than 150 pages long is a time wasting PITA when you can simply go to a competitor and be done with it.
If it would have had been only a security feature, there would be an SD-card in the device storing encryption keys for approved OS software manufactures. The SD-card could in this case be made read only and if the user wants to disable any tampering, he could glue it in the slot. A user could add additional approved keys (even his own keys) by placing the card with write enabled in another machine.
In this case, it would have only been about security. As it stands now the MS rules is to lock out competitors from the market.
"Civis Europaeus sum!"
That worked for them with netbooks.
There are many viruses in the wild that rewrite boot sector to hide and reinstall themselves even after OS re-install. How would you combat these if you can't lock down your boot sector?
They are going to that other market with an explicitly anti-competitive strategy. Quite obvious. The thin veneer of lies used by you (and others with IDs suspiciously close to yours) cannot cover that.
Go away MS shill.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Not buying your fud. Bye now.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
You are forgetting one of the 10 commandments of propaganda: If you repeat it enough times, people will believe it is true.
And, as a bonus, you'll slowly drive anyone that actually has some grasp of the truth slowly bat-shit crazy thanks to the gas lighting effect; which makes them, and therefor their position, unattractive.
Any sufficiently advanced influence is indistinguishable from control.
Just take a look at this goon's entire posting history.
MOSAID
. Pretty interesting how they *really* didn't want to answer the letters rogatory (international subpoenas).
But, you've already exposed your position, so that's useful.
.
C|N>K
Rubbish.
If it was about preventing malware on ARM it would allow installation of any operating system [i]except[/i] windows.
Keep in mind that Microsoft is probably trying to get a monopoly with these measures.
Boot-loader protection and forbidding the device owner to disable said protection and booting another OS are quite obviously two very different things.
You really need to brush up on your skills, for a professional liar, you are pathetic.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
That's because Apple is a hardware company foremost. It works the other way with them. They don't want you installing their software on other hardware and work to prevent it. Microsoft is being forced into attacking linux on ARM in this way because they can't really compete against them any other way on that platform and they are desperate not to start losing market share even if they maintain their monopoly on pc architecture. MS knows that once linux really starts to take hold anywhere at all they are in danger everywhere.
This is a rather pathetic attempt at misdirection. Of course the strategy is to claim this is about malware. But guess what, when you look under the hood you find that it is not. There is absolutely no reason to block the installation of another OS, except direct anti-competitiveness. If it was just to prevent the user from easily open their system, there would be other options.
In a perfect world, you would be able to run Windows without problems, and malware infected Windows wouldn't run. You would also be able to run for example Redhat Linux without problems, if Redhat bothered to handle the details with the device manufacturer. You would also be able to run any OS if you explicitly override your protection. Which in case of anything that looks like Windows would be stupid (anything that looks like Windows but isn't would be malware with 99% certainty), and in case of a Linux distribution you would take your chances, same as you do now.
So yes, the intent can only be anti-competitive. If or when Microsoft has so much market power that I can buy ARM computers running Windows but no ARM computers running anything else, then it would be illegal.
The boot sector can be locked down by allowing the user to add keys manually. There is no need at all to tie it to a specific OS. Rather obvious and already in the spec.
Go away, nobody believes you.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Providing a switch that is off by default is not allowed. That would not impact security if it was allowed.
True but to be fair Apple did this because when OSX first came out, it wasn't nearly as popular as it is now and there were a lot of windows only apps people wanted to run. That's the same reason they invested in boot camp - to make the transition from windows to OSX easier. If OSX had the lead market share like Windows does now, I'm not so sure Apple would be as accommodating. Just look at how locked down the iPhone is w/respect to having to get all your media through iTunes.
And look at the IDs of the first poster and antitithenai (2552442). About 150 difference. These are PR whores that will do anything for a buck.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
They're trying to enforce a monopoly. If ARM know what's good for them, then they'll make it possible for other OS's to use them, otherwise ... well, just look how well (or bad) Windows does in the phone market.
HTC and Sumsung, the two largest Android phone makers, both provide official methods to unlock the boot loader. Other manufacturers who lock and don't provide a simple way to unlock rightly tend to be criticised for it. I don't see why Microsoft should escape criticism either.
Is it too obvious to say:
Fix how it bypassed the mandatory kernel-mode driver signing requirements of 64-bit editions of Windows 7?
There are two types of people in the world: Those who crave closure
Such a feature can secure any operating system and would be under user's control.
Microsoft requires instead that their OS be the only one allowed on certified hardware platforms and take away any control from the user.
Install an OS that isn't compatible with those viruses?
There are two types of people in the world: Those who crave closure
The parent does bring up one valid point though: the tiny marketshare MS has in this market, and the plethora of devices out there for us to pick from makes Windows devices being locked down mostly irrelevant. I don't know how much MS intends to subsidize their devices, if that's even going to happen at all, but that doesn't seem like something sustainable and something that's going to last for a long time.
I do fear a (perhaps unrealistic) future where MS manages to use their Linux patent-suite to coerce manufacturers to increasingly make Windows-based products and we'll be in a situation where our choices aren't as big as they are now. I'd like to still be able to pick decent hardware and have the freedom to install what I want.
Until recently it seemed like the popular Android devices were also doomed to remain locked and be dependant on various hacks and exploits to be able to install custom ROMs, but I'm glad some manufacturers finally opened those up, I hope this is a trend that continues.
There, fixed the title for you. This is a security feature. The funny thing is that this is exactly what Linux users have been asking for. They have been bitching about bad security of Windows, and now that Microsoft takes good and required steps to improve it, they start bitching how the security features lock out Linux. What about thinking before opening your mouth in the future? And why not bitch at Apple for locking down OS X and iPhone's too?
Users want "security features" that protect them from evil, not "security features" that protect evil from them.
Microsoft is scared that the shiny hardware that is required to run Windows will be bought and used to run (faster) with another OS. This has very little to do with protecting Users against anything but a lot to do with limiting user's options.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
The market for ARM based general purpose computers is quite small right now. Microsoft, being an 800 pound gorilla, could put some momentum behind it. Their influence on OEMs is likely a decent factor in why it's hard to find such a machine in the first place, given that ARM machines can't run Windows, and MS isn't too fond of a 'PC' that can't run Windows.
This is my signature. There are many like it, but this one is mine.
If the new iPods / iPhones do lock the bootloader and prevent you from installing something else, then that would be something worth complaining about
They do. As do many (probably even the majority) of Android devices. And Symbian devices. And bloody well anything that runs on ARM! The number of locked ARM devices vastly outnumbers the number that are unlocked, or even have the ability to be officially unlocked. Should unlocked ARM devices be the norm? Yes. Is Microsoft's position the norm among every device and OS manufacturer? Also yes.
Also interesting to note is that the updated document specifically requires that UEFI Secure Boot settings can be modified by the end user, contrary to previous hooh-hah.
Umm... Microsoft doesn't have any marketshare in ARM tablets because the only version of Windows that supports ARM hasn't been released yet!
No antivirus can do anything about it, and even if you re-install your OS, the malware gets re-installed too!
Last I used an MS-OS (DOS) bootsectorvirus was common, and so was antivirus that could handle that. What have happende? Have MS locked down the bootsector so only viruses can modify it and not the anti-virus or the OS? In that case this is an exelent example why this will NOT work....
I've been using Windows for a long time. I do not like Windows. Other's agree with me, people who use Windows do not like Windows. People who use Windows like the software they run on Windows.
Microsoft thinks that people LOVE Windows. That's why they created Windows CE, and that was a massive failure. People want to run their x86 software on the computer, and last time I checked Windows 8 ARM can not run x86 software, so your software collection is junk all of a sudden.
If you give most people a choice between Linux vs Windows, they will choose Windows. If you give them a choice between Windows that wont run their apps, and Linux that wont run their apps but at least already has a large library of software, then they will Choose Linux.
How is this a security feature? Boot sector locking has been an option on x86 devices for decades, with the option of override from CMOS Setup Utility. None of those protections actually worked back then and they still won't today....
It does not make sense. You can always allow the user to add another key, and you can give clear warning when they do. Preventing the user from adding another key is not a security feature. Period.
But I guess you are paid to post this nonsense here.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
If you were to *competently* wipe your disk (overwrite the whole device with 0's for instance) after infection and *then* reinstall the OS from known clean installation media, it would be just as gone as any other malware. No anticompetitive freedom-limiting MS crap required as it can be done for free with one of the many free software rescue media readily available online. Computers are complex devices. If you insist on using them: learn how they actually work, it'll save you from a lot of hassle down the line.
No, they are not the same thing, not by a long shot.
But nice try.
---- Booth was a patriot ----
Microsoft will get dragged through the courts for anti-competitive behaviour once again. You'd think they'd have learnt their lesson from the whole IE bundling thing that cost them very serious money.
Even if the US gov is corrupt enough to let this slide, there's no way Microsoft will get away with this in the EU or anywhere else.
This option was available for decades as a feature of BIOSes only editable from the CMOS Setup menu. It is not a security feature, it does nothing to really protect against malware.
Also, if you reinstall your OS, the boot sector is overwritten, as the partitioning/formatting stage overwrites all the data there....
Bullshit. When OS X first came out, it only ran on PowerPC. It came with OpenFirmware, and which provided a graphical multiboot bootloader. When it was ported to Intel, Boot Camp was a separate download, now it's integrated.
I am TheRaven on Soylent News
It's an issue of consumer freedom to do with their devices as they see fit.
It's a problem. Period.
There are plenty of phone/tablet devices with measures to explicitly prevent other OSes from being put in place. Telling is that the 'OS' in PC world is considered software and in the phone/tablet world they have sucessfully got people calling it 'firmware'. This market is trying to blur the division between the platform and the OS to significant success. Every 'OS' vendor is expected to compete by getting a partner to release hardware around the OS. That means less room for startups or grass-roots OS creation, only certain Android hardware devices are a viable target.
That market is a plethora of monolithic devices with no configurability in hardware or software. This is a huge step back from the state of x86 systems where so much is socketed and mixing and matching is possible by the consumer thanks to rigorous standards in place to make it all possible. The 'primary' targeted OS runs as well as the primary OS on any of these devices, and while an alternative OS may fail to integrate properly with the device (Linux-Vendor ACPI was a sore spot for eternity, better now), the user can make the tradeoffs if they choose.
XML is like violence. If it doesn't solve the problem, use more.
You are forgetting one of the 10 commandments of propaganda. If you repeat it enough times, people will believe it is true.
It's good thing, then, that you are repeating this to him.
Ezekiel 23:20
Oh gee, like the BIOS option that has been available for DECADES?
Seriously, do you really think that real IT professionals will buy into the whole BS about allegedly "improving security" when in many cases remote security on Microsoft's platforms has actually decreased over the years?
This could be an innocent move. Microsoft does not want you booting any other OS that could circumvent Windows security.
I mean, isn't this how we all fix our Windows machines now, namely booting a live CD and then mounting the NTFS drive so we can fix it directly?
For Microsoft to claim these devices are secure (an impossible boast, yet one business and government want to hear) they need to close this loophole.
Futurist Traditionalism
Incorrect. Look at measures on products like the Chromebook for example. I'd love to see how you bypass a user-configurable HARDWARE jumper/switch.
Lies, lies, lies. MS are always full of lies.
This has nothing to do with preventing the user from adding another OS key to their device. That is the thinly-veiled anti-competitive truth behind this. Also note that on x86, the user _is_ allowed to add another OS key. How is that?
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
BIOS'es from years ago already have an MBR protection flag. I can turn that off when I install my own OS, turn it back on for day-to-day work. MS intends to take my control of this flag away from me. Not only for ARM, mind you, but also through UEFI SecureBoot on normal PC's. Boot sector infections can be wiped clean in minutes if you know your stuff, which you should if you intend to deal effectively with a malware infection in the first place.
That's not fixing the problem, that's fixing the symptom.
Fixing the problem: Determine how it's subverting the master boot record and FIX that.
Fixing the symptom: Lock down the master boot record to prevent writing, including installing other OSes.
There are two types of people in the world: Those who crave closure
And fuck MS have not used MS since Win 98. Win is stupid and so are the users if it was not for games and stupid people there is no reason for MS.
No, still works as expected. The posting you replied to is by somebody clueless or paid to say what he said.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
How easy would it be for EU to forbid Windows? Would it be a long process or just a quick decision?
Rewriting the boot sector is quite enough. Any decent partitioning utility does that .Nothing else besides the boot sector gets executed by the BIOS.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
You have been able to do this for decades through the BIOS... MS could have and should have rallied for OEMs to use this valuable *user-configurable* feature by default on PCs they ship. Why didn't they? Because it hindered upgrading from one MS OS to the next ;-)
There is no BIOS on these devices. UEFI replaces it.
http://www.apple.com/opensource/
Here's the source code to all the open source software in MacOSX, along with any patches they did to the source.
http://opensource.apple.com/release/mac-os-x-107/
Here the sources for a bunch of the core system components, including the kernel.
Where's the source code for the Windows 7 kernel again?
My Other Computer Is A Data General Nova III.
Well, it worked for his first shill post in the other MS story, it was basically first post and still at +4, it was added up pretty instantly so I assume they also have a bunch of shill accounts to mod it up.
Live today, because you never know what tomorrow brings
Wrong question. The right question is why does MS want this to be posted.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
If user can disable it, then computer program can too
No, it can't Users can physically manipulate the device and do whatever they want - use a different firmware boot oprion inaccessible after the boot, swap PROM chips in sockets, etc., whereas computer programs can (in this context) only rewrite non-volatile memories, and even then, only those that the OS (running in a privileged mode) allows them to overwrite. If the previous sentence isn't true, then the OS is buggy by definition and has to be replaced. No change to the HW or firmware is necessary.
Ezekiel 23:20
That is clearly what is going on here. But I have to say it is incompetently done. Typical MS quality level, no surprise.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
There is no BIOS on these devices.
"Custom mode" is already "locked down": operating systems can't just install something, the user actually needs to confirm.
I don't know how this works specifically with UEFI, but I would imagine the OS puts the new boot sector in some special area on disk, and then on the next boot, the firmware puts up a big, scary looking screen that gives you a warning about viruses and asks you whether to install the new boot sector or ignore it, with "ignore" being the obvious default. Optionally, add the ability to have signed and unsigned changes.
It's only a matter of time.
Microsoft, Apple... they really are not that different. Both would fuck the world in the ass with a plunger if it meant a 2% bump in stock price.
Both treat their customers like cattle in a pen, walking them toward the slaughterhouse chute.
You are welcome on my lawn.
I have windows 7 and personally I still much prefer Linux. Mint to be exact (since Ubuntu sold the farm with unity).
The only reason I keep Windows around is for gaming, as most games aren't available as Linux versions. If they were windows would go away from my PC entirely. To do anything serious its a no-brainer to use Linux as Its a way more powerful tool.
There is no BIOS on these devices. UEFI replaces it.
Still the same thing, something you can only change from inside UEFI is the same as something you can only change from inside the BIOS. Stop trolling and go away.
Live today, because you never know what tomorrow brings
Plain and simple, bullshit. It's a smoke screen. When malware manages to infect boot sector or equivalent, the attack comes from within the OS. Microsoft has every capability of treating writes to the boot area and EFI configuration as special and performing their own security checks to prevent 'unauthorized' writes to that area (going even beyond their permissions to also require signed code). It still regretably break things like Ubuntu's in-windows installer, but I would accept that wasn't their goal and I think the tradeoff is more defensible. Malware because the computer boots off removeable media 'accidentally' is pretty unlikely in EFI case (where OS forces the firmware to skip all that and go straight to boot loader unless user takes action). Attacks where someone maliciously mangles a system they have complete control of is not even a blip on the radar of malware (it may happen, but certainly nothing worth breaking an entire industry over). Incidentally, 'boot sector' type infections are relatively rare in the scheme of MS malware, most malware doesn't bother to infect the boot area, and still they are all over MS platforms.
Also keep in mind, MS is the *only* party who gets to control those keys. The users are not allowed to add new trusted keys. The hardware vendors are not allowed to put another vendor's keys instead of Microsoft's. The vendor *must* use MS key or no one's at all, they are forbidden from using the facility to the benefit of someone like Red Hat for example. The vendor gets in trouble with MS if they use the facility in a way that would prevent MS code from running. How the *hell* is that possibly considered right in the context of 'just improving their security'?
XML is like violence. If it doesn't solve the problem, use more.
Ah, the argumentation flowchart is revealed:
1. This is necessary for security
--> direct lie
2. MS does not have a monopoly on ARM
--> not relevant
3. Everybody else is doing it.
--> not relevant and not true
What next? MS really should have paid for some professionals here, not you clowns.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
This is what I'm thinking. ARM isn't owned by any one entity. They can make companies like HP, Acer, and others use specific ARM chips for the items they sell with Windows 8, but they won't be able to make HTC use these special ARM chips for their Android phones. There will still be plenty of ARM chips floating around and being manufactured without this new functionality. It's more like if you want to run Windows 8, you'll have to buy a Win-ARM device, but there will be plenty of plain old ARM devices out there.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
That's just it shill-boy.
They're not "simply going to another market".
They're adding stipulations to their credentialing process that REQUIRE hardware vendors to essentially lock out all forms of user choice for alternate OSes on their platform.
So if WidgetCo wants to sell their ARM-Widget 6000 with Windows on there, they have to lock the platform to the point where you CAN'T load the ARM-Widget 6000 with Android or another OS.
Essentially they're forcing hardware vendors to make an irrevocable choice about which market they're going to service instead of allowing them to service any/all of them.
That's quite clearly abuse.
Chas - The one, the only.
THANK GOD!!!
So you are going to make your own chips and boards? get real, even when you thin you are 'building' a computer you aren't. by a long shot. You are just assembling one, which will come with all these 'security' measures enabled on the board.
Sure, today you can choose less restrictive boards, but that wont last forever.
---- Booth was a patriot ----
Considering your astroturf account is only 140 users ahead of OP astroturf account, I dont trust what you have to say either.
Be gone astroturfers.
Last I checked, Google didn't produce any Android devices (yet).
Google didn't demand to lock the bootloader as a part of Android branding certification as well, which is why there's plenty of unlocked Android devices available.
Please shill harder.
Windows CE/Embedded CE/EC was released 16 years ago. I know that Microsoft want us to believe it never existed...
I too am struck by the timing of the initial post, and the similarity of your id to that party's id... it does indeed suggest you're engaged in paid astroturfing for Microsoft.
The response to your 'question': Google doesn't lock down their devices; they leave that choice entirely to the manufacturers, some of whom choose to lock down, others who choose not to (e.g. Samsung, and Google itself).
If Google had as long and detailed a history of being as anti-competetive as Microsoft, they'd garner just as much hate as Microsoft. But Google is much better than Microsoft, both in this case and in longterm overall behavior.
Slashdot, can we have a system where people can be tagged as shills, not just per-comment but as a lingering account attribute?
- First they ignore you, then they laugh at you, then ???, then profit.
Also interesting to note is that the updated document specifically requires that UEFI Secure Boot settings can be modified by the end user, contrary to previous hooh-hah.
What updated document? This is the text:
MANDATORY: Enable/Disable Secure Boot.
On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of Pkpriv. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure MUST NOT be possible on ARM systems.
Nothing else applies to ARM system. It. Must. Not. Be. Possible. Ever. In any way.
Live today, because you never know what tomorrow brings
Oh, and about how it's different from Apple: Apple's locking down their own devices to install their own OS, MS is demanding for others to lock down their devices to install MS's OS.
No,it's not. It's blocking the problem; fixing the symptom. And if that happens to block out competition? Whoops!
There are two types of people in the world: Those who crave closure
a) His points are wrong, and rather obviously so, see rest of thread
b) He (and you) are obviously paid by MS to spread this FUD here
c) You are doing this so incompetently, even a young child can see it
d) After your purpose has been revealed, you keep at it, confirming the suspicion
Despicable and pathetic. Is MS to stingy to pay for good liars?
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
His premise is entirely wrong. There are a number of ways to ensure the security of the boot sector from the software layer, locking it to one OS doesn't increase security beyond the fact that only one OS's flaws will be exploitable.
It's really a ridiculous attempt at justifying locking in a subset of arm chips to MS only.
Pull the aluminum foil a little tighter, man. I think I saw a black helicopter.
The soylentnews experiment has been a dismal failure.
Well, yes. Unless they are completely incompetent (always a possibility with MS people), they will have these. Seems to me they are waiting a bit now and then will mod the original Troll (currently at -1) back up.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Reboot from an external disk (i.e. USB stick) and run your antivirus from there. In this day and age of advanced malware, it's probably a good idea to do that every so often anyways.
Ignorance and prejudice and fear
Walk hand in hand
If the only choices are Apple and Microsoft.
Not to mention register an account with the sole purpose of astroturfing for Microsoft in a single discussion.
They do. As do many (probably even the majority) of Android devices. And Symbian devices. And bloody well anything that runs on ARM! The number of locked ARM devices vastly outnumbers the number that are unlocked, or even have the ability to be officially unlocked. Should unlocked ARM devices be the norm? Yes. Is Microsoft's position the norm among every device and OS manufacturer? Also yes.
Number one Android devices manufacturer is Samsung, which didn't ever bother to lock their bootloaders. Quite the opposite, they contribute to CyanogenMod and ever hired its top developer. Maybe it's one of the reasons they are number one?
U modded up to +5 via alternate registered account's despicable. It's obvious you did that. His words are truthful and no mod up of your crap and downmodding his post's truths changes truth.
Is it me, or is it a little narrow-minded to think someone who disagrees with one is paid to do so? That's a little childish, to just reject others arguments because you don't want to believe that someone doesn't genuinely not share your viewpoint. Some people ate really passionate about the products they support, it doesn't mean every person going around making ridiculous claims is paid by someone to do it. For the records, I don't see how this practice is any different from other ARM device lockdowns, at least the mainstream consumer ones.
If MS wants to have built giant cell phones with really happy software locked onto it let them. It will be jailbroken in fractions of a second. Or I can strip it down and run a virtual machine. MS cannot lock the machine down enough to prevent it. They are not that good.
TDSSKiller will remove it.
Microsoft may have screwed the pouch here. Every time I get a horribly fucked up windows box to fix the procedure is quite simple. Puppy Linux grab all the important files and run an anti-virus scan on those files then re-install the OS and what ever programs they need. How would I do this to an arm based windows machine?
as anyone who has actually tried to build that pile of ass knows, the apple 'open source' project is complete horse shit. they use an incredibly obfuscated build system that makes it impossible for anyone except Apple to actually compile their projects.
that is why there are no open source operating systems based off the Darwin Kernel, except for the highly alpha-level PureDarwin , and the completely abandoned OpenDarwin -- here we are ten years after OsX, and PureDarwin only recently announced "The dawn of network and audio support" in their OS.
GNU Hurd and Haiku are both farther along the way to being usable Operating Systems than any open system based on Darwin.
Your argument is bogus. We are talking UEFI here. Why would something be acceptable or even desired on x86, yet on ARM it suddenly is necessary to do the same thing differently? Right, for business reasons, i.e. locking out the competition! And that is exactly what MS is trying to do here. Again.
Face it, you prepared "argumentation" strategy for spinning this is not working.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Nonsense. Rather obviously so.
Seems "everybody else is doing it" is really the last stance in your astroturfing strategy. This does not invalidate that MS is doing something blatantly anti-competitive here with zero technical reasons and zero security benefit. Allowing the user to add OS keys to the device they own and paid for is not a security risk, just a business risk. And that is why MS does not want that and pays you clowns to try to spin it differently.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Now you are making us paranoid. If one guy is making a living by spamming us with a certain viewpoint then are there others making a living backing him up?
Just in your small mind. I guess you were part of the team that created this pathetic strategy after all.
If Ubuntu did that, they would be receiving the same flak you now do, rather obviously. But they are neither stupid nor greedy enough to go that way, unlike you MS folks.
Also note that you now admit that it is about locking the device to MS, while you denied that earlier.
You are new to this, aren't you? Advice: At least use different IDs to make it not that blatantly obvious.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
..in essence, is that if you have a windows-powered arm device, such as a phone, a tablet or a smartbook, you won't be able to dual-boot linux on it. And that was possible to do before?
Apple has "Mac vs PC", Microsoft has "Laptop Hunters", Linux has recession
Tsk tsk, now you're just lashing out. Apart from the post being correct when you read the comment history, you should be well aware that its also the popular opinion here.
Dogpiling on an obvious shill is incredibly common, ending up at +5 for it was a given outcome.
Cheers
http://it.slashdot.org/story/12/01/13/1953230/microsoft-trustworthy-computing-turns-10
There's probably more, but I only went looking in his recent history. So this isn't his only post dropped at the moment an article goes live. Sure smells like astroturf to me. And you can't use the "subscriber preview" argument, either, since there's no "*" after his username.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
They have been allowed to fail as a business choice. For instance the fairly old WinCE thin client behind me worked OK but MS never bothered to commit much to the platform after that, so now they have nothing that can sell there on it's own merits.
The tactic of the post up above is showing the sort of depths they are sinking to so they can try to sell something with little merit of it's own. MS are still a hell of a lot less evil than Cisco (dragging a guy out of a courtroom in full contempt of court) or Adobe (getting a guy locked up for talking about their cereal box codewheel "encryption") but the post up above is as tasteless, obvious and out of place as a flasher in a nunnery.
Of course there is a BIOS on these. It is not a PC BIOS, and it is typically called "firmware loader", but the principle is the same, namely it loads a boot-block from storage and executes it in. This then proceeds to load the OS in the typical scenario.
Incidentally, with all your whining about "this is necessary to protect the boot sector", what do you think loads the boot sector and executes the boot code in it? Magic? Or at the very least, if you are nit-picking, _you_ started calling it a "boot sector" and that is rather closely tied to call the initial loader in ROM a "BIOS". Not that it does matter, you obviously have no clue about technology and are just (and a bit desperately by now is my impression) copying things from a "fact sheet".
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
which I think should only ever be done in the case of monopolies, which doesn't really apply to Microsoft in the mobile marketspace
The monopoly that makes Microsoft dangerous is not hardware-related, not even Windows-related - it is MS Office and Exchange/Outlook. Even many OS X users are dependent on these and its one of the biggest practical obstacles to "Linux on the desktop". Anybody using mobile technology in an office environment is likely to be dependent on their ability to reliably create and open Office documents with full fidelity.
There seems to be fairly healthy competition (mutual assured patent destruction permitting) in the consumer tablet/smartphone market - but the corporate side of this business is only just getting started (with demand driven by consumer products) and if MS could offer "real" Office/Outlook on a half-credible mobile platform that would be seen by many corporates as an end-of-argument advantage.
What should have happened in previous anti-monopoly actions was the separation of MS's operating system and applications businesses. Anything else (fines, browser ballots, arguments over bundling) is pointless.
If Apple ever get to a monopoly position then maybe they'll need similar attention (e.g. hiving off iTunes.App Store from Apple) but at the moment they're driving innovation (NB: "innovation" includes getting other people's ideas to market).
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
BIOS is the name of a role, UEFI is the name of a concrete actor. This can be called an "UEFI BIOS", for short "UEFI". It can also be called a "boot sector loader" or "initial firmware loader".
Not that it matters at all. Your argumentation strategy crumbles. The incompetent will always focus in irrelevant details when the discussion has passed them by.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Firstly, yes, we would bitch at them. Just because you have double standards for your preferred OS doesn't mean everyone else does.
if they were using grub2 as a bootloader, it would also be against the license - GPL3 forbids you to Tivoize.
Don't they ever get tired of this shit? I mean you'd think one day they'd wake up and say "Hey guys, you know what? Let's just try to actually compete fairly." I mean I'm sure that even the people ordering this basically know it's wrong. They are consumers too, and they have to realize it's anti-consumer. Even worse are the engineers that actually implement this stuff. You couldn't pay me enough to flush my self-respect in the toilet.
How is this any more secure than simply demanding a physical write protection jumper?
What utter, utter bollocks.
You do know that wearing your ignorance on your sleeve is not a requirement of posting on Slashdot?
Okay, so now that it's settled that your argument is bogus, you choose instead to call your opponent a hypocrite due to some fictitious and unlikely bullshit. You're not very nice.
not a troll. locking down arm tablel and other iPad-like products, especially from rootkits or boot virus, has no effect whatsoever on android. maybe they're doing the lock down for better drm as well. in any case, just like you can buy the same htc phone in windows or android versions, I doubt this will limit choice from anyone who wants to run android.
By single opinion? Narrowminded.
By repeated pattern of 2.5m range UIDs posting lengthy comments in the first minutes of article's life (despite not being marked as subscriber), turning any topic into Google-hate/MS-love and getting repeatedly upmodded from -1, Troll to +5, Insightful despite posting factually wrong comments? Sure.
It's pretty funny how twisty they can get, actually, like first comment in the article on dealing with bosses "Geeks despise sales and marketing because they lack communication skills [snip] and that's why Linux and Google suck" or in an article on how publishers are wrong to push design work on programmers "Linux geeks still use command line, bleh [snip] Ribbon interface is great step forward".
Here, check them out. This is just latest batch of them, I'll omit 4 or 5 earlier accounts.
Processors at the time didn't have code verification baked in ... we are about at the point where RMS's dystopian vision of the future can become reality, blackbox hardware systems running code only allowed by certain corporations for now and in the not so distant future government could demand all software to be signed by them with hardware capable of running unsigned code outlawed.
Nonsense. Initially UEFI has control. If UEFI locks down the hardware before it relinquishes control, no other software can disable anything only UEFI can disable. As long as UEFI has control, no malcode can be active and all interaction is ensured to come from a physically present user. If that user, despite warnings, tells the UEFI instance to add a key for a different OS, that is not a security risk at all, that is what the user wants to do on a device he paid for. Sure, you can install malware that way, but only intentionally.
Face it, there is zero reason for this except to prevent competition.Your arguments are bogus and display a fundamental lack of understanding. I almost feel sorry for you and can only advise you to get a job that comes at least with some reasons for self-respect. This one clearly does not.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The licensing agreement itself *is* the proof, right there in black and white. A company has three choices here:
1) Ship their ARM products locked to Windows and be allowed to put the pretty, shiny windows logo on their box and WHQL logo on the system., tell other OS's to take a hike
2) Ship their ARM products without the magical logo on the box, but include windows anyway. Not sure what the legal ramifications are to this, but I'm sure there are some serious financial incentives they'll miss out.
3) Create a forked product line. One would be MagicTablet5000-W with the windows lock-down in place and the MagicTable5000-F (for freedom!) without it. Support problems and brand dilution come to mind for that product.
There is, simply, no valid technological reason for this requirement for ARM and not for x86. And as far as I can determine, there isn't anything like this kind of lockdown on any Android licenses. The Telcos are forcing manufacturers to lock the hardware in the phone markets but that's a different issue entirely.
Scott
Install an OS that isn't compatible with those viruses?
MS classifies those as "malware" and rightfully wants to lock their devices against it. (Yes, it clearly is not your device anymore with these measures in place...)
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Hehe, indeed.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
If there are so few devices within the set affected by this license, then why would anyone bother writing bootloader viruses for them? You can't have it both ways. There is either a market large enough for the virus writers to bother with, which means there is also a market large enough for this license restriction to be a problem; or there isn't a market large enough for either the virus makers or the users to care. If the latter, then why bother locking it down? If the former, which is the case here, the move is blatantly anti-competitive.
Off to see how much money Microsoft has been donating to the politicians in charge of the oversight committees in the FTC. :)
Scott
They'll never have a complete monopoly, despite their best efforts. There will always be vendors like Genesi who sell ARM-based products without an operating system, and who don't care whether it works with Windows, as long as Linux works.
No, I don't work for Genesi. My closest affiliation to them is that they have provided some free hardware to the lead developper of my favourite distro, so that he could tweak the installer so it would work on their stuff. That said, I am considering buying one of their nettops for use as an HTPC, if it has decent video playback capabilities.
That said, it does depend on context, and in which situations they're trying to lock down. If they want to lock down a phone, I don't really care. While I appreciate that some folks want to root their phones and install extra stuff, I have yet to encounter a need to do that on my own phone. It's moot, because I wouldn't buy an MS phone anyway. If, on the other hand, they want to lock down an ARM-based PC like that, and prevent people from installing the OS of their choice on the hardware that they have bought, I have a problem. Even if I wanted to stick to Windows on my computer (I don't, except my gaming machine... every other computer I own, including my main system, runs Linux), I think it's really bad juju for them to prevent people from having the choice on a platform like that.
MS knows that once linux really starts to take hold anywhere at all they are in danger everywhere.
I'm not so sure, the majority of Linux geeks have windows installed aswell. I reckon the real way to success would be to embrace linux, hell they should provide there own version and make dual booting easy. Then majority of people will use windows most of the time, but the semi geeks won't feel too trapped and the hardcores still get exposer. If MS wants market share silly lock downs won't get them there, making a compelling new device with the great functions and features will; something like installing the kinect inside a phone maybe.
Rocket Surgeon.
actually I'd say it's working great.
all about the branding.
'cert win8' on arm will be like the kiss of death to any manufacturer who chooses to use it.
Well it's good to know I don't have to every consider buying a Microsoft device. If I hate it or want to get more life out of it later, I can't install anything else on it, so it's not even a remote possibility. That's nice of them, it makes my purchasing decisions that much easier, I can just write them off entirely.
Has anyone stopped to think about piracy for a second? The BIOS loaders just about make Win7/Vista/Server2008 anti-piracy a joke. It circumvents it completely.
I figure if this actually does what it sounds, the main aim is to close the door on the bios loaders that prevent any kind of effective copy protection on Windows... If they could do it for x86, they would.
Sendmail is like emacs: A nice operating system, but missing an editor and a MTA.
That having been said, if they're subsidising ARM machines, then that's an illegal cross-market subsidy from their Windows monopoly -- and it clearly has a negative effect on consumer choice (enforced linking of otherwise unrelated products).
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
It's the only way to be sure.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
If user can disable it, then computer program can too. Nevertheless, it isn't even a problem because Linux and Android has majority of market share on ARM-based devices, so just choose them!
Not with a properly written BIOS. A proper BIOS cannot be modified by the operating system at all, and requires you to boot directly in to it. None of its data is stored in OS-accessible address space, and it should turn itself off as soon as it has turned everything over to the OS. Many of them don't work like that, but there's no reason that they couldn't.
If you would prefer not to trust software, you could also use a physical hard switch. Many Chromebook laptops have such a switch... you need to remove the battery and flip the switch in order to unlock the boot sector so that you can install a different OS.
There's ways to make it so a user can disable such a lock without having it possible in software. It's just an engineering question, and one that has been answered several times already.
Like someone else pointed out, this does NOTHING to solve the problem. It only MASKS the real problem. The correct solution is to actually solve the underlying problem. Where are these BIOS hacks coming from to begin with? They aren't coming from the traditional source from the days of MS-DOS.
You're just covering up the real problem and adding some non-competitive nonsense on top.
A Pirate and a Puritan look the same on a balance sheet.
Boot from other device obviously.
New things are always on the horizon
Micorosft is finaly realising their dream of creating a TCPA compilant plataform, iOS and Android aren't getting any more open and the smartphone market is finaly big. Everything is good now for somebody to pull a "PC" on phones.
Create an extensible standard for ARM (we are near there already), sell a basic machine folowing that standard, then, sell extended versions. Make sure to publish the drivers with your Linux kernel (get them in the main tree if possible), and laugh while developers adopt your architecture.
Once you have the developers, getting users is just a matter of time. Be sure to use your first mover advantage wisely, and sell the company before the market get completely comodityzed.
Rethinking email
someone will hack it in 5...4...3...
Secure boot is the first step in loading a trustworthy computing environment. Content and media companies will be more willing to license their content for use on secure Win8 machines because they can be sure that the content can't be easily copied.
Content not available on other devices, or only at higher prices / lower quality, is a killer app for Win8. Another one would be widely available and used IP-based voice/video communication, which Win8 will probably have (based on Skype).
"Slapping people is fun." - Starla Grady
There is a big difference between having a secure platform and a locked down platform...
You can make the process of unlocking complex so that only technically oriented people will do it, and ensure that it includes enough warnings to discourage casual users...
An automated piece of malware couldn't unlock such a system unless it had a bug, and any system can have bugs...
You can easily make the unlocking process require physical access and/or a physical connection to another device.
A social engineering attack is highly unlikely to guide users through a complex procedure either...
The Google Nexus phones, and phones from vendors such as HTC have the right idea... They are locked by default, but can be unlocked by users who are capable of following the procedure.
Most users never will, but for those of us who want to an option is available for us. Also when these devices become old and unsupported, they can be reinstalled with new open source software and continue to be useful devices.
Hardware which is completely locked is destined to become landfill as soon as the software vendor drops support, and how soon that happens depends on all kinds of factors... If windows/arm isn't very successful, MS could drop support for it entirely in a year or two (just like they did for windows/mips and windows/ppc, anyone remember those?) and then you'd be left with a useless lump with hardly any apps and an os that will never be updated or have any security fixes.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
What happens when you try to put a Linux installer in your optical drive and reboot on a Mac versus virtually any PC? Why do they make you download rEfit to install what you want on your own hardware?
I'm amazed that you got modded to 5 on slashdot. I guess even the nerds aren't using Linux anymore.
Linux is already taking hold in pretty much every market except desktops...
Servers
Phones (Android, also WebOS/Meego)
HPC (see the top500 list)
Embedded devices like routers, set top boxes, televisions, voip phones etc...
Many people these days have more linux devices in their house than they do windows, and don't even realise it.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I really hate to side with the Mac user, but he's right... his Mac *is* far more open than Windows, and has *far* more support from Apple in installing an alternative OS than Microsoft ever gives.
That, however, is because Apple is a hardware vendor, and they throw the OS in on the side. Microsoft is an OS vendor. It's not in Microsoft's interest to allow you to install something different, but it *is* in Apple's interest to give you that option.
iOS != OSX. They have a similar core, and come from the same people, but they serve entirely different purposes.
even Android manufacturers lock down their devices with similar technologies because it makes the devices secure. Why is[SIC] Microsoft allowed to do the same
That's the difference right there. Phone manufacturers lock down their devices. Android doesn't require it. Microsoft is dictating to the manufacturer that they must lock it down. They probably would anyway, so I don't why Microsoft feels compelled to tell them what to do. Hopefully, they will just backlash and not bother with MS.
/. bitches about Windows security and then when MS does something they bitch about that. No Linux fan ever said MS should lock down hardware, they say MS should control what the software that runs under MS OS should be able to do, not lock down the hardware. A shill is not to be taken at face value.
And it's not a valid comment. The OP posits that
That, and they have the best display technology in the business. Much like glossy screens sell laptops, amoleds make phones pop compared to old lcd tech.
moox. for a new generation.
I don't think they fear Linux geeks. I think they are terminally afraid average people could realize how bad and how far behind Windows actually is in comparison to the alternatives.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
i cant think of a better example of how corporations are castrating consumer alternatives. this needs to end.
Join the Slashcott! Feb 10 thru Feb 17!
I'm not so sure, the majority of Linux geeks have windows installed aswell.
Not true. Most have moved to basements to completely avoid having windows at home.
As much as I applaud their production of mostly unencrypted devices I suspect it has little to do with their market share. It probably has more to do with the fact that they are a leading manufacturer of most of the expensive components of mobile phones. Which is because they made real commitments to R&D decades ago.
Of course the two may very well be related. Unlike some US companies that are led by lawyer, marketers or economists, they still seem to have an engineering tradition.
grape - the GNU free, open source rape
But if someone says 12 is 6 of one and a half a dozen of the other does it make it wrong if you don't like the company?
Lets be honest and cut the bullshit folks, we're all geeks and adults, yes? There are TWO VERY LEGITIMATE REASONS for doing this that even the blind would be able to see. 1.- After seeing how badly Google has been getting pwned with Android malware the LAST thing MSFT wants is to be the easily pwned OS in this new market, and 2.- the REAL reason I'm willing to bet my last buck they are doing this....ready? PIRACY. Not only is MSFT Windows most likely the most highly pirated software on the entire planet but we've already seen pirated phone apps all over the web. by locking down their OS and hardware this gives them a better platform for those that want to sell phone apps, think X360. yes we all know there are pirate X360s out there but it means you have to have two systems, the cracked and the legit and most folks simply aren't gonna go through that much bullshit. I'm sure MSFT will have special keys which will be tied to the OS and hardware so that those selling apps on windows market know they aren't gonna get pirated without them doing some serious hardware hacking which the vast majority won't do for fear of bricking.
Finally the most important thing which will probably piss off the fanbois but seriously, who gives a flying fuck? Its not like MSFT is gonna sell jack shit when it comes to Windows 8 on ARM anyway because the whole damned selling point of Windows is WINDOWS PROGRAMS which are all x86. Has everyone forgotten WinNT on Alpha and MIPS? Remember how quick and how hard that shit bombed? Why would you want Windows if you can't run Windows programs? Its not like you can just recompile those 300,000+ programs for Windows to run on ARM now can you? Apple can change arches because the programs people buy Apple devices for, your iMovie and iDVD and Garageband and iTunes are all written by guess who? The ONLY thing MSFT has besides the OS is Office, big whoop. Everything else is by some third party and most won't bother because there are literally a billion Windows boxes they can sell for that run x86 and they don't have to change a line of code, so why waste the money on a niche platform MSFT has already struck out on not once, not twice, but THREE times now, first WinMo then Kin followed by WinPhone...see a pattern?
Personally they can have it written that you can't use Win 8 for ARM unless you watch Ballmer do his monkey dance for all that its gonna matter, its gonna bomb, YOU know it, I know it, hell everybody knows it! Everyone will stick with iShiny and those cute little dancing droids. There is ONE nice thing though, after this shit bombs we'll be getting Win 8 pads at Touchpad prices and if you end up with a $500 winPad for the firesale prices the touchpad went for are you REALLY gonna give a shit what it runs?
ACs don't waste your time replying, your posts are never seen by me.
Indeed, modern Linux systems have approximately the same amount of minor annoyances as Windows (not even counting malware). This is a great accomplishment! Windows is only living on inertia and lock-in. (Fedora user here, no native Windows installed, but I have a VM)
I have always been surprised that MS didn't produce its own version of Linux to be honest. It wouldn't cost them anything appreciable to do so and if there were something called "Microsoft Linux" out there, the average user would be liable to accept it - since they already accept any version of Windows (and of course a sizable percentage of computer users don't know what OS they are running or get it confused with their browser etc). They could then bundle it with proprietary software that runs their other software like Office etc. Yeah they will lose some money on OS sales, but if any company can take the hit, MS is high on the list. All they have to do is ensure the proprietary stuff they bundle with it is superior to anything else out there and they can effectively "own" Linux as far as most people are concerned.
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
The funny thing is that this is exactly what Linux users have been asking for.
Yeah, right... We all have been asking not to be able to boot our favorite operating system. Do you have some more jokes of the like?
And why not bitch at Apple for locking down OS X
Not to worry here: we do! I will never buy an Apple product.
The most important thing is - Microsoft's OS's have minimal market share on ARM-based device.
NO! We're talking about laptops/netbooks here, running ARM, not just phones and tablets, and it's about (U)EFI booting. This is something new. How many models exactly have you seen around? When I go to computer shops, I can't see any right now, simply because ... windows 8 with ARM support isn't out yet!
But you know, all this finally, may be a good news. Microsoft has been ignoring, then laughing about Linux. Now it's really clear that they FEAR it, and it shows (this is a good example).
Not only you don't understand even a tiny bit about the topic, but you're also very disrespectful about millions of Linux users. If you don't want to be too stupid on your next post about UEFI, then here's some readings: http://lists.debian.org/debian-devel/2012/01/msg00168.html
I don't see the problem here. If you don't want a Microsoft tablet, don't buy one. Wait for a tablet that will run Linux. Problem solved.
And why not bitch at Apple for locking down OS X and iPhone's too?
But... WE DO BITCH AT APPLE FOR LOCKING DOWN OS X AND IPHONE TOO.
I do this every day, and twice on weekends.
Posted from my Droid.
Locking it to one OS gauarantees that, when an exploit is found it can not be fixed by any means but through that OS. Relying on Microsoft to have secure software and offer fast and relyable fixes has been proven to be contrary to reality on more than one occasion.
Having to work for a living is the root of all evil.
But unlike MS, Apple has its own hardware.
Views expressed do not necessarily reflect those of the author.
Microsoft doesn't have monopoly on ARM-based devices. On top of that, even Android[...]
YOU DON'T GET IT!!! We're not talking about PHONES here, but about real computers, with UEFI instead of the BIOS!
This story has nothing to do with WHQL drivers. What article did you read? This is about Microsoft locking down UEFI on ARM boards (and not in the "soft" way they chose a couple of months ago for x86, when MS spin doctors were trying hard to make us believe that MS were doing that to protect us from malware).
Slashdot, can we have a system where people can be tagged as shills, not just per-comment but as a lingering account attribute?
Think about that for a second. It would be abused in one virtual jiffy. Now, instead of only being able to ignore ACs you could auto downmod anybody who groupthink doesn't like.
You know, you can always just make them a foe.
Faster! Faster! Faster would be better!
What they do is not secret: http://waggeneredstrom.com/about/approach
Monitoring conversations, including those that take place with social media, is part of our daily routine; our products can be used as early warning systems, helping clients with rapid response and crisis management.
Microsoft are No 3 on their client list
http://waggeneredstrom.com/clients
DavidSell ByOhTek antitithenai, Bonch, Dtech and others are psuedonyms/sockpuppets used by the team to "guide" discussions.
Uhhh...maybe because businesses would have a royal stinking shitfit if they couldn't use those software assurance licenses they paid out the ass for? Hell I had a couple of business that up until recently were using Win2K and just now migrated those last machines and there are still a LOT of companies running XP thanks to legacy software. Can you imagine the screaming shitfits if they bought new hardware and found they couldn't run older versions of Windows? With ARM MSFT doesn't have to support FOUR different OSes (XP/Vista/7/8) so they don't have to leave such an obvious hole open. BTW did you know the bootloader is how Windows 7 is pirated? it fakes an OEM boot signature and it even passes WGA. Hell the thing is easier to snatch than XP, it don't even need a key thanks to the cracked bootloader!
But in the end frankly it just doesn't matter, except to laugh as the "ZOMFG M$!" trolls wet themselves, because if MSFT manages to even reach 4% when it comes to Win 8 on ARM I'll die of shock. Its just stupid, pointless, and a complete waste of time and resources because without the third party apps that are all written for x86 who the fuck is gonna pay the extra cost of the Windows license? this is just another chapter in the continuing saga that is Steve "OMG I want to be Apple so bad!" Ballmer's totally horrid leadership at MSFT. I mean look at his track record folks, rushing X360 out with a fatal flaw which cost billions, Zune, killing the successful playsforsure and pissing off all those that had signed on by replacing it with the Zune market, All the money they blew on WinMo, Kin, and now WinPhone 7, and now this, screwing with Windows in the vain hope that users will buy something just because it says Windows even though it won't run WINDOWS PROGRAMS. I swear if I didn't know better I'd think the guy was trying to torpedo the company on purpose, hell maybe he's shorting the stock, who knows. I'm willing to bet my last buck though that Win 8 will make Vista look like Win95 and i'll get to spend a year wiping it for 7 just like i did Vista for XP.
ACs don't waste your time replying, your posts are never seen by me.
I'm not so sure, the majority of Linux geeks have windows installed aswell.
Not usually by choice, it's usually because some proprietary applications or niche hardware are locked in...
If MS provided a version of linux then that would require admitting that linux exists, something they try very hard not to do in front of end users...
They would also have to provide a crippled version, especially on ARM... If they provided a full blown install of debian or ubuntu and encouraged users to try it out then many of those users would never touch the arm version of windows again. As it stands on the arm platform linux has a far better selection of applications than windows does, and it will take a long time to change if ever.
Also if every arm user had a dual boot of linux it would destroy any incentive people had to produce windows/arm software, since all the users could also run the linux version (look what happened to os/2 which had windows compatibility).
What MS should really do is abandon lock-in, embrace open standards and open source... Ditch windows and become an enterprise software vendor / support house, ala oracle... Most businesses don't have sufficiently competent technical staff on hand and will gladly pay for vendor support.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Dont buy a windows tablet and bitch you cant put linux on it, fucking simple right? Much in the same way that you dont buy an iPad if you dont want iOS
But iOS isn'ta terrible OS, and Apple is the manufacturer and their doing it themselves.
Where this is Microsoft forcing it upon the manufacturer.
Intel's new Medfield Atom will run Android phones and tablets, Tizen devices, Win 8 tablets and (if MSFT get's their head screwed on correctly) Win Phone. Since the underlying firmeware environment in the medfield platforms is driven by Intel's reference design, MSFT will not be able to dictate whether other OSes can boot any more than they can in the rest of the x86 world. (Assuming OEMs will be smart enough to let customers control UEFI authentication)
Moreover, there was a time when boot sector viruses were really common, and back then nobody would dream of reinstalling the OS to remove them. People got rid of them by using an antivirus program, just like they would do for any other virus.
That's NOT the point. The point is the UEFI specs should have IMPOSED to OEM makers that the users can enter the bootloader signature if they feel like it. Now, Microsoft forbids it, in the name of security. So the flowchart is more:
1. It can be done in an open way and still be an improvement in terms of security, without even needing features to disable bootloader signature checking.
2. Is MS abusing his business power here, by compromising the UEFI specs which are already broken in many ways, and not followed by OEMs.
3. OEMs will most likely follow MS "recommendations", because they do want the stupid "Windows 8 ready" logo.
4. Somebody has to stand (the EFF? the FSF?) and make this kind of anti-competition behavior stop.
If you didn't get it, the bootloader, in a fully encrypted HDD, is the only piece of software that can be hijacked. WE DO need the bootloader signature checks if we want to have a fully secured system. But of course, not this way. In a way were we can manually enter ANY signature by ourselves if we want to.
I hate Microsoft
Why the fuck are you talking about Android? Have you ever seen an Android device using UEFI?
Who cares if they don't have a monopoly. It's anti-competitive behavior. That's all.
a) OP's points are still wrong. You don't need to lock the hardware to one OS in order to prevent malware. Car analogy? No problem: It's like saying that the tire rims must be welded onto the wheels in order to prevent tire slashing. The OS (tires) can still be compromised no matter what you do to the underlying hardware, so the whole argument becomes one great big false premise.
b) there's no way to tell for certain, but it does happen a lot: http://waggeneredstrom.com/clients
c) Dude did do it incompetently. He's not a subscriber, yet there's a whole novella waiting mere moments after the story is posted publicly. His posting history also shows an incredibly strong pro-Microsoft bias, even to the point of nonsense at times.
d) see c)
As for the rest? Certainly you don't need WHQL certification to run drivers on Windows - but Joe Public will see a buttload of bells and alarms warning him if he tries to install it.
There are no major security reasons for doing it - period. Once someone has physical access, it's game-over anyway - no matter how hard you think you can lock it down.
HTH a little. /P
Quo usque tandem abutere, Nimbus, patientia nostra?
I don't think this is a big deal. Just like you can get SIP adaptors provisioned and locked to a walled garden such as Vonage VOIP boxes, the Android market will still use ARM processors. There are alternatives just as you can buy a PAP2T-NA that is not provisioned where you can use it with any SIP provider that permits BYOD (bring your own device). The Asterisk and other SIP markets is too big to permit a Vonage or Comcast only VIOP phone adapter. Android is way too big to give Microsoft the traction it desires. There will be MS phones and the rest of the market.
If we are lucky, the MS will be broken like many Vonage adapters providing inexpensive hardware.
The truth shall set you free!
Let's say I encrypt all my linux partitions, then somebody sneaks into my laptop, replaces the bootloader by something he created (or that his best buddy gave to him), which prints the exact same things as I'm used to on the screen, but instead of asking me the passphrase for my dm-crypt partitions, it's just a keylogger thing... I'd have no way to see the difference ... UNLESS there's UEFI, which would see that the bootloader has been replaced. Please don't tell that bootloader signing isn't important, that's simply not truth.
You say *MOST* android devices?
I read recently that Samsung account for more than 50% of android devices sold (see http://www.pcworld.com/article/243861/samsung_becomes_biggest_smartphone_vendor_as_androids_market_share_grows.html), that would qualify as "most" on its own... I also read that Samsung don't lock their bootloaders.
Then you have HTC, who provide either unlocked phones or the ability to unlock them...
Sony/Ericsson also provide unlocked phones...
Motorola only lock some of their devices...
Most android devices either ship unlocked, or with an easy and supported (ie not via an exploit) way of unlocking.
Most of the locked arm based devices out there are specific purpose embedded devices.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Linux/Android already have a huge jumpstart in the ARM space, and WHQL certification is about as meaningful as the "nintendo seal of approval" on the 8 bit carts.
This means people won't be running windows on arm platforms designed for linux.
So really the only way this matters is if you think the hardware for windows will be superior to the existing ARM devices, in which case you should be thanking M$ for entering the market place.
They probably hope to increase their stock market value by copying Apple's lock down on their devices.
Next you will get an Microsoft Appstore and a Microsoft VM, but you will have to pay Microsoft money to run linux on that VM.
Ah yes, and development tools will be forbidden, unless you pay for a developer license from Microsoft.
All in the name of security, while viruses and trojans will just install themselves in userspace as normal apps, or might even hack into the OS irreversibly through bugs.
Hey don't blame me, IANAB
It's all well and good talking about different versions of hardware but most people first become aware of alternative OSs when they already own the hardware. If they already have a 'Windows machine' then they will be blocked from installing Linux or any other operating system and they aren't likely to buy into something they don't know about when they buy new hardware. I am a die hard Linux user but would never have become one had I not been able to run a kjve distro,and install it on my existing machine
You suck at detecting saempersons. You can check the posting histories easy, and still you miss so large.
bonch/OverlyCriticalGuy is one thing, seems like simply pro-Apple/anti-Google/anti-GPL troll-nut.
ByOhTek is another, and it's just like his opinion, man, not something paid for.
DavidSell/antithenai/DCTech/SharkLaser/InterestingFella/InsightIn140Bytes/CmdrPony is pro-MS/anti-Google , completely different and most probably paid for. At least, I hope he gets paid, because showing such mindless tenacity on your own expense would be just scary.
Unless I'm mistaken, the 64-bit OSes will not load unsigned drivers.
I'm going with the fact that they explicitly disable options and their past history, and go with anticompetitive.
And they can sell PCs with and without Windows. Doesn't mean it's likely to happen. And I'm sure Microsoft will tighten the screws to make sure it does not.
Couple 'o Points:
1.- After seeing how badly Google has been getting pwned with Android malware the LAST thing MSFT wants is to be the easily pwned OS in this new market, and 2.- the REAL reason I'm willing to bet my last buck they are doing this....ready? PIRACY.
1. Android's malware woes weren't all (or even mostly) tied to the boot sector, so this makes no sense.
2. Err, how on Earth is locking the boot sector going to stop piracy? I may be missing something here, but seriously? Not seeing it.
As for the rest, I largely agree, except for one bit:
There is ONE nice thing though, after this shit bombs we'll be getting Win 8 pads at Touchpad prices and if you end up with a $500 winPad for the firesale prices the touchpad went for are you REALLY gonna give a shit what it runs?
The fact that Android on the HP TouchPad was hurriedly pushed out and then widely broadcast says otherwise. The reason? An unsupported OS/arch means no new applications, no updates for existing ones (after awhile), and you;re basically stuck with something that becomes obsolete faster. Seems like a total waste of hardware after awhile.
Quo usque tandem abutere, Nimbus, patientia nostra?
Did you read TFA? Secure boot is an improvement in terms of security, which for example prevents someone from sneaking into your computer, grabbing the HDD, putting a keylogger on the bootloader, and put back the HDD in place, waiting for you to type your dm-crypt passphrase. With a BIOS password, and a secure boot signature check, that'd be impossible to do.
In a perfect world, you would be able to run Windows without problems [...] You would also be able to run for example Redhat Linux without problems
Let me rephrase: in a normal world where the UEFI specs would written correctly and respected, the user would be able to enter the bootloader signature if he wants to boot something he wants.
Interestingly, the CAs which got breached, disclosed the breach, revoked the malicious certs and recovered were running Linux...
The CA which got breached so thoroughly that their private key was compromised and their certs had to be globally blacklisted, effectively putting them out of business...
http://uptime.netcraft.com/up/graph?site=diginotar.com
Yup, they were running windows.
Seems the CAs which also happened to be running linux were savvy enough to take precautions to protect their private keys... A few malicious certs being generated is bad, but those can be revoked... Losing your private key is catastrophic because whoever stole it can generate as many certs as they want and there's nothing you can do about it.
The DUQU rootkit targets windows systems, why were they using linux systems to distribute and control the malware? Probably because it's more stable and has a more usable command line interface...
How did they get into these linux systems? How many linux systems are administered from windows workstations?
Most windows hacks i've seen were down to security holes in the OS...
Most linux hacks i've seen were down to either gross stupidity (poor passwords etc), or due to passwords being compromised from somewhere else (eg a keylogger on a windows box used to login to the linux box).
Bullshit. Just how easy is it to dual boot a Linux distro on a Mac?
It's quite difficult to design a system for adding keys manually.
Is this a joke? COME ON, it's not!!!
MS could argue that an attacker with physical access to the device would have a much easier time installing some snooper tool to pick up the encryption keys
That's exactly what UEFI secure boots prevent! If there wasn't that issue, then we wouldn't need secure boot, especially on the Linux platforms.
Anbody tried one of the eBay N900's from Hong Kong?
/TIN_FOIL_HAT
The price sure is nice, but I just can't help wondering whether they come with custom Red Army EEPROM.
I'll bet that Microsoft already have realised that and already have a "working" solution (think x86 emulator
Nope.
You're sleeping. I sneak in your room, get your HDD, put it on MY computer, replace your bootloader with one with a key logger, which will later on send your dm-crypt password to me the next time you get online. Then, I put back the HDD on your computer while you're still asleep. A sector locking in the BIOS doesn't prevent THAT. UEFI secure boot does.
Its not like MSFT is gonna sell jack shit when it comes to Windows 8 on ARM anyway because the whole damned selling point of Windows is WINDOWS PROGRAMS which are all x86. Has everyone forgotten WinNT on Alpha and MIPS? Remember how quick and how hard that shit bombed? Why would you want Windows if you can't run Windows programs?
Ahhhh, but you forget... Windows isn't about programs anymore, it's about apps. And all the hot developer action on Windows these days involves building apps for the Metro UI -- which, not coincidentally, is the Windows Phone and Windows 8 ARM UI. It's even the Xbox UI now. A Windows 8 ARM tablet isn't going to resemble a Windows PC as much as it's going to resemble an iPad that runs a Microsoft OS. The bonus is that you'll be able to take the same programs you run on your Windows 8 tablet and run them in the Metro Start screen on your Windows 8 PC.
I know, it doesn't sound particularly appealing to me, either, but that's how it is.
Breakfast served all day!
You're sleeping. I sneak in your room, get your HDD, put it on MY computer, replace your bootloader with one with a key logger, which will later on send your dm-crypt password to me the next time you get online. Then, I put back the HDD on your computer while you're still asleep. A physical jumper doesn't prevent THAT. UEFI secure boot does.
The right question is why Microsoft is interested in Adjustable Rate Mortgages in the first place.
http://www.geoffreylandis.com
I don't get the problem. The article says it is for devices that shipped with WIn 8. iPhone iPad doesn't support installing Linux either. In general people don't change OSs (other than newer versions of the shipped with OS) on phones. Tablets it might be more of a problem but I think the iPad success has steared the idea of a tablet from "little computer" to "device" which isn't tampered with. Don't like it buy a device with linux on it first and than maybe you can install Win 8 on it (they didn't say in the article but I suspect this is a "OEM" rule not going to be prevented by the OS itself).
Everything is good now for somebody to pull a "PC" on phones.
Except for one thing: the United States cell phone market. Major carriers like Verizon Wireless and AT&T subsidize the phones by raising the price for voice and data service, and they don't give any discount on the service if you decline a subsidized phone.
Bullshit. When OS X first came out, it only ran on PowerPC. It came with OpenFirmware, and which provided a graphical multiboot bootloader. When it was ported to Intel, Boot Camp was a separate download, now it's integrated.
I think you missed the point. Try it like this:
True but to be fair Apple did this because when OSX first came out it came with OpenFirmware, but it only ran on PowerPC so it wasn't nearly as popular as it is now because there were a lot of windows only apps people wanted to run. That's the same reason they invested in boot camp - to make the transition from windows to OSX easier. When OS X was first ported to Intel, Boot Camp was a separate download, now it's integrated. If OSX had the lead market share like Windows does now, I'm not so sure Apple would be as accommodating. Just look at how locked down the iPhone is w/respect to having to get all your media through iTunes.
Breakfast served all day!
So... what stops WidgetCo from selling a cheaper version of the hardware sans Windows, unlocked?
The fact that people don't want to have to buy and carry two portable devices: one to run only applications designed for Windows and one to run only applications designed for Linux. Furthermore, they don't want to have to subscribe to a separate cellular data plan for each device, especially in areas where only CDMA2000 carriers that don't use CSIM offer reliable service.
It's more like if you want to run Windows 8, you'll have to buy a Win-ARM device, but there will be plenty of plain old ARM devices out there.
So in other words, people who want to run both applications designed for Windows and applications designed for other operating systems will have to buy and carry two devices and possibly subscribe to two cellular data plans. Why do you think this is acceptable?
Open Firmware is part of the hardware, not part of OS X.
That's like saying that Windows "comes with BIOS".
I'm pretty much decided at this point. Consider: (a) Windows 7 Touch was pretty much a bust, no real reason (despite the marketing) to believe Windows 8 touch features will be any better. (b) Conventional Windows 7 works fine with KVM machines for applications that require Windows, and will probably last me as long as XP did (I'm still doing useful things with XP on several machines, ten years after release.) (c) Even releases usually suck. (d) and now, I learn that if I buy a Windows 8 device, it will forever to the end of time run Windows and there's nothing I can do about it.
So screw it. I'll glance at 9 when it comes out, see if Microsoft has gotten any more sane, but more and more I can do my stuff on Android, and I'm just -) (- this close to switching completely.
If Microsoft thinks they can still throw what's left of their weight around with vendors and hammer in exclusivity, I wish them the best of luck. I choose not to participate.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Really easy, like any other operating system that will run on x86.
The hardware even has a graphical boot selection screen that shows all bootable volumes.
You can triple boot Apple machines with Windows/OS X/Linux with little difficulty - people have been doing it since Boot Camp came out.
On Apple: wrong. It was a huge effort for them. For example Adobe didn't support Intel Macs natively until a year after they came out. Adobe has always been huge on Mac. They avoided the pain by emulation with "universal" binaries. Otherwise you are right 300k+ programs will not be recompiled unless it makes economic sense to the developers. For a starters older apps might not make enough revenue to justify buying a new version of Visual Studio and the effort to migrate to the new OS. Sure a "just compile again" solution might work but I anticipate a lot of pain for anything not trivial.
Windows sales on ARM: not so sure about that. Probably not enough to knock iPad and Android off their respective thrones but they might do reasonably well. Having a plan to support apps across form factors is going to help them. Think phone devs apps also running in metro on other platforms with little to no differences (other than having to be intelligent about sizing things appropriately and adapting the UI interaction model for what each device is capable of).
I realize it isn't the same thing but I've written several xbap apps for windows at work. I ported one of them that was reasonably large for a single developer (~10k lines of code touching 5 databases, several charting functions, about a dozen "tabs" of windows) to standalone app. Took all of half an hour to figure out how to do it and about 10 lines of code. If they can bring that to PC/tablet/phone they might get HUGE developer interest and provide another platform for their existing PC centric customers to sell their apps to.
IIRC, you can self-sign drivers for local installation. Won't work for automatic installs, though.
Well, what if someone just puts the keylogger in your keyboard and not the kernel?
Err, how on Earth is locking the boot sector going to stop piracy? I may be missing something here, but seriously? Not seeing it.
By disallowing tampering with DRM code. It goes like this: UEFI BIOS checks bootloader signature and runs it, bootloader checks kernel signature and runs it, kernel checks drivers' signatures and so on - in other words, every step requires next step to be cryptographically signed.
Forbid unsigned/selfsigned software and you get a nice walled garden (but then, remove signing checks from any level and it crumples)
Do you realize that the issue here isn't about the software, but about the hardware, which will refuse you to choose the OS you want? Also, did you realize that maybe, it's going to be very hard to find a hardware that does what you want (which is, load something else than win8), since most OEM will probably do what MS is telling them?
the point is that windows8 on arm is windows phone.
there, fixed it for you all. that explains the need for a locked bootloader. it's a fucking vm-language fest anyways, fuck it. nobodys going to buy into it bigtime. well, maybe for fucking photoframes.
world was created 5 seconds before this post as it is.
If you want to make a competition on which of Google, Microsoft and Apple is the most open, I wish you good luck with that. I hope that most, like me, will think it's a waste of time, and moves you away from the real issue, which is, most everyone of the above have anti-competition closed behavior.
Is MS to stingy to pay for good liars?
Apparently not: David Sell, Senior Software Engineer, Microsoft.
Not that I'm saying he's a good liar. Or is he a bad truth-teller? I'm confused now - which is the more litigious or offensive? Anyway, it's a heck of a coincidence. So don't buy a Windows phone if you want to fuck about with it. Or buy one because it's a challenge. Choices, choices...
One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors - Plato
It's so cute when people still think Slashdot is relevant enough that anyone would pay people to post here.
We have enough junk products in landfills, disposed of on the side of the road and littering our streams and lakes. PLEASE PLEASE PLEASE make it illegal to produce products that cannot have OS's reloaded or product parts repurposed.
I have a Handspring Visor running a chess game, TI-83 like graphing calculator and periodic table. All useful stuff on hardware people are throwing away....
Last year I saw a ink jet printer sitting a wilderness area lake!! It's got to stop somewhere - make it stop NOW!!!!!!!!!!!!!
Gosh... You're the 2398472 person to write this crap. Do you realize that the issue is about not being able to boot anything else but win8? You wont have the choice to choose even win7!!!
Open Firmware is part of the hardware, not part of OS X.
And this thread is about Microsoft locking down Windows 8 ARM hardware so it can only run one OS.
The important part of the OP's post is that Apple probably wouldn't have been as accommodating with its closed, proprietary hardware if Mac OS X had Windows's market share. As it stands, it's in Apple's best interests to allow people to run Windows on Mac hardware, to encourage them to migrate to Mac OS X. Apple isn't at such a disadvantage with iOS, so look what it does there: iOS devices are completely locked down.
Breakfast served all day!
Actually that's bullshit also, Boot Camp didn't come out until quite some time after OS X moved to Intel. Their EFI implementation didn't include the optional BIOS emulation module. Somebody hacked Windows onto a Mac, and when the genie was out of the bottle then Apple came out with an official solution, Boot Camp. People forget that if Apple had their way, Apple hardware would have been completely locked down too. Initially you couldn't run Windows on it; they disabled features in their firmware (dual monitor support in the iMac); they used to restrict OS X to only use Airport wifi adapters.
hahahaha. Right. Whatever method they use to impose this requirement will break before the OS even hits stores. I assume they mean "legally impossible," because only a complete fool would think their DRM is invincible. Oh wait...
If it's not possible to customize the secure boot keys, or even deactivate the checks, does that mean that win 9, when it comes out, wont be installable ? Or does this mean that never, ever, Microsoft will change its boot loader? To me, that seems to be the former. Because seeing the way UEFI is designed, there's enough space for huge boot loaders, meaning that probably, we'll see vendors putting lots of stuffs in it (eg, the times of the 473 bytes of the MBR are FINALLY fading away). So I don't see how a vendor wouldn't want to update the boot loader when a new version of the OS comes out.
Anyway, if I'm right or not, it doesn't mater. Both ways, if OEMs are respecting Microsoft specs, this also means that anytime, MS can decide that the new version of their OS will be incompatible with the hardware you bought, simply by changing/adding one byte in the boot loader file. If that proves to be right, then OEM makers will be very happy to respect specs that will push their customers to buy a new version of their hardware each time they will want to use the new version of the MS operating system.
That's were the customer normally stands up and boycotts both the software and hardware product for more sustainable alternatives. At some point, it will show, and even the wider general public will get what's happening (yes I know, I'm dreaming here...).
Time to recycle the following (circa 1995, iirc):
Microsoft is not the answer. Microsoft is the question. The answer is "No!"
Maybe Linux users always wanted security to work on the software level. However I work in research on security in military systems, the newer systems are hardware-software codesigns, there is no arbitrary distinction between the two. New malware does take advantage of both hardware and software. And for tight security, hardware support is definitely required.
A more sensible position is that you want systems to be open so that you can determine the level of security you need. We in my neck of the woods have no problem with that and think it is the way it ought to be.
I am one of those dual booting geeks that you speak of. I can tell you that I spend a very, very limited amount of time on windows. Usually to play a game or to set up some device with windows only device setup. The reality is that for me, and a lot of people (not everyone) windows is an environment that forces it's users to follow a paradigm that may or may not fit anyone's personal needs. My wife is still not sure about moving to windows 7 because the library file system thing is confusing to her, and she doesn't want to deal with it. Our home server and home security, media centre and desktop systems are all Linux. She uses all of them and has no problem understanding how they work. She has remote access to all that from her laptop or her cell phone. If something doesn't make sense to her, I change it until she likes it. That's Linux.
Now after having said all of that, I want to say. I don't work in software, or IT. I can code in bash, python, javascript, (html, css.. is that really coding?). I have met quite a few teenage kids that can do much of that. People like me are not really that much of an exception any more. People who can install and customise Linux, whether it be Ubuntu or Android are even less of an exception. Apple and MS pander to people who don't want to, or cannot understand the system they use beyond the interface. Those people are getting fewer and fewer.
MS has a reason be afraid. Android is creating a whole new segment of super users, that (even if they don't know it) are learning Linux.
once more into the breach
Just a thought, but how long would it take before discounted windows 8 phones and tablets started getting snapped up and re-purposed as android devices once they inevitably don't sell as well as MS wants them to.
once more into the breach
The jumper protects new keys from being written to the in-cpu EEPROM, not anything you could remove ... or hell it could disallow booting anything not signed with the original factory private key, so you could always double check.
What's preventing us from writing a secondary boot loader that gets invoked by the digitally signed windows 8 one, a.k.a. chainloading? Instead of booting some Windows kernel, that W8 bootloader will simply boot something that *looks* like a W8 kernel. And even if that primary boot loader checks the signature of that W8 kernel, since that kernel binary will always be the same, how long until we create a hash collision to satisfy that requirement? All in all, I don't see a big problem here, should M$ really tried to play evil once again.
cpghost at Cordula's Web.
Now try installing MacOS on non-Apple hardware and tell me again how open MacOS is.
2 sides of the same evil.
Good-bye
i was responding to the original post by JBMbC, who wrote this:
"Here's the source code to all the open source software in MacOSX, along with any patches they did to the source."
"Here the sources for a bunch of the core system components, including the kernel."
to me, this is very misleading. "a bunch of core system components" -- except for, you know, little stuff like network drivers, graphics drivers, etc.
Oh, they admitted the existence of Linux long ago when they started claiming it infringes their patents.
Err, how on Earth is locking the boot sector going to stop piracy? I may be missing something here, but seriously? Not seeing it.
By disallowing tampering with DRM code. It goes like this: UEFI BIOS checks bootloader signature and runs it, bootloader checks kernel signature and runs it, kernel checks drivers' signatures and so on - in other words, every step requires next step to be cryptographically signed.
Forbid unsigned/selfsigned software and you get a nice walled garden (but then, remove signing checks from any level and it crumples)
Which is great until the hackers realize that the bootloader moves the kernel and ramdisk around before checking the security signature....
They support it so that they can copy anything good they see in it.
Same with me it's not that hard to install another os and customising Linux is also pretty easy these days. My point is rather than lose customers like us completely why not allow us to use it however we want and as little or as much as we want. Microsoft doesn't make that much less money if we only use it occasionally (it would probably result in less sales from the market place, but i'm never going to buy much software any way), and what they lose in additional sales they would make up in word of mouth and market share. I agree about Apple and MS pandering to people and can only see it hurting the companies.
Rocket Surgeon.
"We need corporations and saying anything contradictory to their press releases is insanity." - A complete fucking moron.
On Apple: wrong. It was a huge effort for them. For example Adobe didn't support Intel Macs natively until a year after they came out. Adobe has always been huge on Mac. They avoided the pain by emulation with "universal" binaries.
Presumably you meant by "with Rosetta"; universal (fat) binaries are a mechanism that lets you package native code for multiple platforms in one file, Rosetta is a program that does binary-to-binary translation of 32-bit PowerPC code to 32-bit x86 code. Rosetta is what's used if you don't have native code; universal binaries are what's used if you do.
Maybe the person adding the new key didn't pay for the device. It may have been borrowed by police or black hats for spyware installation, or it may have been outright stolen. Requiring secure boot can protect the legitimate owner of the device in these cases if the owner has taken reasonable steps to prevent access without proper authentication.
Another valid reason for preventing unsanctioned OS's to run on the device is to prevent reverse engineering. This enhances (through obscurity) the security of any secondary encryption or authentication that applications on the device may use.
"Slapping people is fun." - Starla Grady
Everything is hackable. Hardware is the new frontier.
There will be so much interest in Microsoft's private keys that they will be the prime target. They will need to have different keys for all devices just to maintain moderate security and that won't stop hardware hacking.
Let me repeat, the only way to defeat crackers is monetize the industry and give them a big cut of the action. Crackers against crackers. They design the system and if it's cracked their percentage goes to paying off the cracker. You end up with DRM companies trying to crack each others systems.
Now try installing MacOS on non-Apple hardware and tell me again how open MacOS is.
If "he" is realitylimpaired, he didn't tell you how open Mac OS is, so he literally can't "tell [you] again how open MacOS is", he told you how open the Mac is:
As noted by realityimpaired:
and that extends to "it's not in Apple's interest to let you install their OS on somebody else's hardware, but it *is* in Microsoft's interest to let you install their OS on as much hardware as possible".
With physical access a hardware keylogger can be installed, so no, it doesn't improve security.
Really? If they can be caught spamming some 100-reader blog in India nobody ever heard of, slashdot should be a no brainer.
Help stamp out iliturcy.
WTF,Microsoft with another God complex is just going to far!
Intel's new Medfield Atom will run Android phones and tablets, Tizen devices, Win 8 tablets and (if MSFT get's their head screwed on correctly) Win Phone. Since the underlying firmeware environment in the medfield platforms is driven by Intel's reference design, MSFT will not be able to dictate whether other OSes can boot any more than they can in the rest of the x86 world. (Assuming OEMs will be smart enough to let customers control UEFI authentication)
The whole point is that Microsoft is prohibiting customers from controlling UEFI authentication (though for now just on ARM tablets.)
They have more Linux devices in their datacenter than they know about too. It's in almost all firewalls, some storage appliances, and so on.
Help stamp out iliturcy.
What makes you think ubuntu TV is not going to be just as bad ?
I think it is 100%
Very much this. They ruined netbooks, and this is what they get. No wonder we don't want them to get started on phones and tablets. The cure for the fine article: Just Don't Buy It. Ever.
Help stamp out iliturcy.
And that's the reason why custom boot loader installation will be so useful: Microsoft and their partners are going to produce tons of nice hardware with a lousy operating system on it. The hardware is going to be cheap because Microsoft will somehow subsidize it and because it won't sell. And rather than going to the landfill, we'd like to install Android and MeeGo on that hardware.
Every place they get a solid start, they go for monopoly. It's not enough for them to win: everybody else has to lose also. Then they shut down progress and commence rent-seeking. Better to not give them an opening.
Help stamp out iliturcy.
Well you were modded down, but I think you were insightful. The mac dig was probably what did it. If this practice offends you, don't buy the product. That should solve the problem in short order.
Help stamp out iliturcy.
Fascinating. I agree that this guy may also just be incompetent and an MS fanboi. Would explain a lot if people like this are "senior" at MS.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Not really. For that you require disk encryption. Note that disk encryption is not part of the proposal, so anybody that can physically access the storage device can still compromise applications and documents at their leisure including OS parts besides the kernel. That is quite enough to snoop on a user, for example. The described mechanism is only suitable for pure software attacks.
As for security by obscurity: In widely deployed devices that actually has negative security value, as it will motivate quite a few people to try to break it.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Well, there is hope for that happening ;-)
After all by now many, many people are using non-Windows computers daily and depend on them.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Indeed. Your posting also has high entertainment value, made me laugh, thanks! ;-)
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Laugh while developers adopt your architecture. Once you have the developers, getting users is just a matter of time.
See, this is the part that is actually backwards. Users attract developers, not the other way around. It turns out that before someone will spend six months developing a application for your platform they need to be reasonably sure that customers exists who will buy it. Yes, you will get a small subset of developers who make something for themselves and then release it into the wild, but that's never going to be big.
I don't think I can name a single successful platform where the developers and software came first and the users adopted it after.
Windows is famous for having all the users and so any and all software is readily available for windows despite any personal bias on the part of developers. Linux represents a high number of server users and has a massive amount of server and DB software developed for it. Linux has a very small percentage of desktop users and so has Tux Racer, GIMP and eternal complaints about why no one bothers providing proper drivers.
iOS represents the single largest (in $) mobile application platform. It has more developers than it knows what to do with. MeeGo doesn't even chart.
Are you saying these are universal binaries?
- d
* As the OP put it, there are major security reasons to do this, as well as anticompetative[sic*]. Nobody outside of MS can honestly say which is the priority reason.
At the time you made your shill post there were already multiple posts pointing out that you can do this security and still allow boot loader unlocking. In other words; if this was done in a way that allowed unlocking but didn't allow running Windows in normal mode after unlocking, we might not know Microsoft's intentions. We know exactly what Microsoft's intention was when they decided to that there should be no way to unlock the boot loader at all. You knew those posts were there but basically believe that if you repeat the lies often enough the truth will be drowned out.
* an interesting spelling slip; I guess the idea of a new FTC or EU investigation for anticompetitive behaviour really makes the MS people nervous.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
Dont buy a windows tablet and bitch you cant put linux on it, fucking simple right? Much in the same way that you dont buy an iPad if you dont want iOS
Mod parent up. Nobody has a "right" to whatever tablet they personally want. We all have to choose from what the market has to offer. If you don't like the offerings, form your own company and create your dream tablet device.
Jesus was a compassionate social conservative who called individuals to sin no more.
Apart from the fact that Microsoft isn't restricting the secure boot loader for Intel Windows 8 machines, but *is* for ARM equivalents (no logic to that and also blows any security reasons out of the water), there is the question as to what happens if the end-user wants to either repair the OS via a boot disk or upgrade to Windows 9.
I'm presuming that no-one other than Microsoft can make a ARM bootable CD image for ARM Windows 8 machines any more (so no more live ARM GParted etc.). My guess is that OEMs will have to provide a boot disk (or some burnable .iso file equivalent) to repair ARM Windows 8 should it fail to boot (that's something that - ironically - has gone out of fashion with most OEMs now for Intel Windows machines).
Also, will the secure boot keys for ARM Windows 9 or later be identical to the keys for ARM Windows 8 (or will MS insist on keys for 8, 9, 10 and 11 are included in all ARM Windows 8 machines?). If they're not, then no-one can boot an upgrade disc any more (i.e. upgrades would have to be done via a booted Windows 8 machine only). Even worse, no-one would be able to install a fresh retail copy of Windows 9 on an ARM Windows 8 machine either (or will it be signed with the Windows 8 key to confuse matters?). I do suspect that MS will just have one key to cover all the Windows stuff (Windows 8, Windows 9 etc and maybe the same for both Intel and ARM), otherwise it could get very messy as new releases come out.
This move by Microsoft will, I suspect, hurt them more than help them - I will never buy a machine that can only run Windows (which is the worst of all mainstream OS'es, IMHO of course) and I will actively dissuade anyone else from doing so.
GO GO GO!
"Flyin' in just a sweet place,
Never been known to fail..."
The fact of the matter is that we are approaching the end of the Personal computing era where you have to have a "PC" in your home to do computing. In the future, most people will have devices like tablets, smartphones and dumb terminals which connect to the "cloud" to run the more CPU intensive applications. You will still be able to buy a PC/Server for your home to run your own private "cloud" but you will still probably connect to even your local cloud through a portable device or TV rather than sitting at the "console" of your computer.
Most people do not code so they really don't give a rat's arse about open source. They might download "free" software that happens to be GPL'ed but they really don't care about the license as long at the software is "free" as in "beer".
You will still see developers, video editors and gfx artists owning computers but the vast majority of people will play games, manage their photos, music and other files online.
Even in business, nobody will "need" a desktop and will be able to use a dumb terminal connected to a private corporate cloud running citrix xen desktop or something similar. Heck, even a developer of desktop/server software can use a citrix instance to do software development. My development box at work was a VMWare server instance until recently when the server farm died.
Jesus was a compassionate social conservative who called individuals to sin no more.
Simple, Don't buy ARM devices.
On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of Pkpriv.
Your home PC is safe, you'll be free to install whatever other OS. It's no longer at the discretion of OEMs, but a requirement for certification.
but you have to admit it would be entertaining to have a little graphic placed around the user name in the post with small feathers tarred onto to it.
A) Yes, actually you pretty much do. Otherwise, root kits can be installed, completely bypassing any other security on the system. Alternatively, security holes in the other booted software (rootkit, linux, etc) whether intentional or not can access the file system and modify the code as to disable windows security.
You may not like it, but yes, doing this does make the system more secure.
DavidSell, ByOhTek, antitithenai, Bonch, Dtech and others are psuedonyms/sockpuppets used by the Waggener Edstrom rapid response team employed by MS to astroturf discussions in favour of MS and to attack any point of view which isn't favourable to MS and supportive of their interests.
http://waggeneredstrom.com/about/approach
Mod accordingly
The difference is that iPads/iPhones run iOS not OS X. If Apple made a move so that their computers could not install Windows or Linux, there would be a similar outcry. Tablets in the past that ran Windows 7/Vista/XP could dual boot into or be replaced by Linux . But no longer.
Well, there's spam egg sausage and spam, that's not got much spam in it.
How is this different than any android or apple tablet with locked or signed boot loaders?
I have always been surprised that MS didn't produce its own version of Linux to be honest. . . They could then bundle it with proprietary software that runs their other software like Office etc. . .
You mean besides the GPL which would effectively stop MS from doing that. If they bundled Office with MS Linux, they are obligated to release the source code. They can produce proprietary software for Linux but cannot bundle it with their own version.
Well, there's spam egg sausage and spam, that's not got much spam in it.
It is old, but http://www.mslinux.org/
How was Apple's hardware "closed and proprietary"?
They used a custom motherboard/logic board but everything else was standard - PPC chip, standard RAM, standard HD and optical drive, Open Firmware for bootstrap, standard GPU (albeit one that needed a custom ROM to start up with open firmware instead of the more usual BIOS on a PC board).
You are suggesting if Apple were in Microsoft's position they wouldn't have taken any of those steps, but really where would they have gone? Assembling a computer is an exercise in grouping together parts made by other people, and while a totally proprietary system might seem attractive to the company selling it, if it costs more to produce than just building it out of more available parts they they're just shooting themselves in the foot. Perhaps they would, but I don't think it would be quite as easy with a PC compared to a custom built mobile handset.
Trying to imagine what this would be like if Ubuntu was pursuing a similar lockdown strategy is interesting to consider. However... my gut feeling is your conclusion is off r.e. people reacting with "This is a good thing." :-)
Most people wouldn't care one way or the other (and by "care" I mean "understand").
People who do care would see that as a reason to stop using $OS_MAKER, whether that was Apple or Microsoft of Ubuntu, etc.
*shrug* Or maybe that is just me
(posting anonymously to leave mod point alone)
I have heard an alternate theory - one that I quite like (but it remains to be seen whether it'll play out).
Subsidies.
Seriously, Microsoft is all-but unknown in the mobile phone & tablet marketplace - and the total failure of anyone to produce a tablet comparable in build quality and specs to the iPad for a significantly cheaper price - puts Microsoft at a severe disadvantage. They get involved with some cheap nasty Chinese OEM, they wind up with their product being synonymous with cheap nasty tablets. They get involved with someone like Samsung, the product works out at exactly the same price as an iPad or a top Android tablet but without the benefit of a large app store or a brand that's well respected in that marketplace. By subsidising the tablets, Microsoft could make a dent in the market - but they don't want to do that and have a bunch of instructions show up on the Internet a week later for "How to turn your Samsung Galaxy Tab 10W (RRP: £299) into an Android tablet (RRP: £399)".
How nice of MS to fight malware. They even prevent me from tampering with it, of course for my own good, I have to be kept from making a stupid decision (like, say, disabling security, hence I MUST NOT be able to) because only MS knows what's good for me, their paying customer.
Snideness aside. It's one thing to protect users from infections. That's laudable. It's a completely different matter to patronize the user to the point where he is no longer allowed to use the product he paid for the way he wants to. That's despicable. See the difference? The difference is whether you enable your user to fight malware, or to disable him to make his own choices.
That is, in a nutshell, the difference between a feature and this train wreck.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I don't think they fear Linux geeks. I think they are terminally afraid average people could realize how bad and how far behind Windows actually is in comparison to the alternatives.
You keep telling yourself that.
Microsoft is, I concede, many years behind Linux in a number of features. Unfortunately, only about 2% of people on the planet care about 98% of those features.
There are features where Windows is probably 10-15 years ahead of Linux. These are features that 98% of people on the planet do care about.
Ah interesting. I thought "universal binary" was just powerPC that was always emulated on intel, versus intel only not both native versions in one.
You missed the part where they demand to disable adding other keys/turning off secure boot by user - and they're only demanding it for ARM, x86 is free to have it. That's what's the article talking about, not the secure boot itself.
No, I didn't miss it at all. That doesn't change the fact that doing so makes the device more secure.
Apple just locks down their own devices.
Microsoft wants to lock down all of ARM, as well as X86 (UEFI secure boot).
If that were true, then why do they have to go this anticompetitive route? It seems they do not agree with you.
What people want on Windows is not Windows, but the applications. Most of them could (and would) be ported over.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
You don't need to lock the hardware to one OS in order to prevent malware
Yes, actually you pretty much do
That doesn't change the fact that doing so makes the device more secure.
Limiting secure boot to single certificate and single OS does not add any more security. If secure boot storage is not available after passing control to verified boot loader - which is pretty much a requirement for it to be secure - it doesn't matter how many keys are in there. Disallowing manual disable - note that it is also something not available to any software after secure boot finished its job - also doesn't make device more secure.
Do try harder.
I don't run windows 7, so in all honesty, IDGAF.
Oh lookie, it's David Sell:
http://www.linkedin.com/pub/dave-sell/7/52b/b69
I just call it how I see it. Massive downmodding usually means seething, vitriolic rage from basement dwelling nerds who wouldn't know any better otherwise. Oh well, that's /. for ya. Inb4 "I'm gonna cast magic missile".
Asus just bowed to pressure to unlock their bootloaders.. HTC still lock theirs, but their marketshare is taking a nosedive (for many reasons, not just that).
As Phones and Tables look more and more like PCs, more people are making the choice to only buy from manufacturers that let you actually use the device you bought.. as a result the market is becoming more open.
MS want to throw that into reverse and lock everyone else, including their users, out.
>Another valid reason for preventing unsanctioned OS's to run on the device is to prevent reverse engineering.
That is never a valid reason! Are you serious? Preventing the owner of a device, who paid money for it and has exclusive ownership of it, from reverse engineering it is the exact same unethical behavior that we (geeks) have been battling for the past 15 years on every platform from gaming systems to routers to phones. If I buy it, I damn well better not be paying for technological measures that are intended to prevent me from figuring out how it works and doing what I want with it. Hardware is not licensed. It is sold.
I am a geek attorney, but not your geek attorney unless you've already retained me. This is not legal advice.
UEFI secure boot does.
No it doesn't, not on it's own. But it does make it more expensive because you have to replace the tamper proof pieces too. ie: give it a new motherboard with a fake TPM.
TPM is a method of 'amplifying' a small tamper proof device so that the rest of the machine becomes cryptographically tamper proof. But if you need to add the ability to secure the encryption keys for the hard disk part of the dm-crypt key must be stored in the tamper proof device. This key piece MUST be a true random number (a private key) so that it only exists in the original TPM, if the tamper proof device is replaced the key cannot be. That way if the mobo is replaced the HDD won't boot.
This is exactly what Microsoft are not doing, only they can put keys into the TPM.
Anyway, a normal keylogger is a hardware device, not a special boot sector. The modus operandi is: ...
1) Install hardware keylogger to capture password
2) Wait for a reboot
3) Confiscate whole machine and keylogger
4)
5) Prosecute
I would also point out it is the bootloader on x86/x64 that allowed Windows 7 to be pirated trivially thus illustrating that no matter what you have higher in the stack if the bootloader is vulnerable you are fucked. If anyone doesn't believe me just download and try "Windows 7 SP1 all versions pre-activated' off of PTB or the P2P of you choice, on first boot it announces "Applying bootloader hack" and after that the thing even passes WGA! it does this from what i understand by faking an OEM BIOS signature and since they based the signature on one of the biggest OEMs MSFT would have to disable the OEM keys to their entire line thus causing massive shitfits across the board. hell thanks to the bootloader hack Win 7 is easier to pirate than even XP Corp because you don't even need a key, the OEM bootloader hack takes care of that FOR you!
At the end of the day MSFT knows that making it easier for app developers to make profits without worrying about piracy is pretty much the ONLY selling point they have on ARM because otherwise there is no point in going with WinARM when Android has the momentum and Apple has the top end locked up tight. i'm willing to bet my last buck what they are gonna try to do is create "a mobile X360" where you have this huge market where developers can make plenty of money. look at the music games like Rock Band for example, I read not too long ago that more than 80% of the songs downloaded for those games went through the X360 market. That is a hell of a lot of money and after seeing Win 7 get so easily pwned thanks to bootloader hacks you can understand why they wouldn't want that crucial piece of the chain easily bypassed.
ACs don't waste your time replying, your posts are never seen by me.
That's the way it should be - and the way it was before all this "copying is theft" garbage took the fore. If somebody else can do what you do, but better, they deserve the marketshare. If you do something amazingly innovative and new, you get a few years monopoly to reward people for R&D - and then they can copy you.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
Microsoft Don't seem to:
For those who have just arrived on planet Earth: Microsoft are making more money from being a patent troll selling Android licenses than they ever were from they're own windows 7 phone OS.
Microsoft don't own ARM so what difference does it make that they are locking down their own bootloader?
Does it really matter? Why buy a windows phone if all you want to do is hack it, there are plenty of other phones that are hackable if that's what you want to do.
What's the big deal here?
when Microsoft decides to punish everyone from OEMs to retailers for not towing the company line, that is an ideology of 'profits over everything'.
Limiting secure boot to single certificate and single OS does add more security. Secure boot storage is irrelevant if the system has already been compromised. Keeping the boot loader secure is pretty much a requirement for it to be secure -limiting the number of keys in there and not allowing any more to be added limits the number of attack vendors available.
Arguing that opening up a system to more possible attack vectors isn't making it less secure is so obviously silly that I'm not going to continue this conversation with you until you at least study something security related. Learn the basics then come back.
Do try harder -- by learning the basics.
What.
Check it - secure boot assures that bootloader(s) are not tampered with in the first place regardless of how many keys are in there, as long as only user with direct access to hardware can change them.
If you're gonna call the user an "attack vendor" outside of users-are-stupid joke - well...
And if you're gonna argue "someone can replace your HDD with a tampered version while you're not looking" - a) secure boot key storage shall be password protected, b) access to hardware gives a lot of easier opportunities, like hardware keylogger stuck directly into kb port, so secure boot doesn't protect from "hacker with access to your PC" vector, whether it has one hard coded key or a thousand.
Users = carriers. And the service carriers are some of the most corrupt, immoral companies out there. I'd rather take my chances with Android than Verizon/AT&T Linux.
"From the depths of my skeptical and rationalist soul, I ask the Lord to protect me from California touchie-feeliedom."
Are you saying these are universal binaries?
I haven't actually taken a close look at any working Metro apps yet, but as I understand it, you build them with HTML, CSS, JavaScript, XAML, and .Net managed code. I don't think you can compile native x86 binaries and have them run in Metro. So even if they're not strictly universal executables, recompiling Metro apps for the various Microsoft ARM platforms will probably be dead easy, and some of them may indeed run unmodified on Windows 8, Windows 8 ARM, and Windows Phone.
Breakfast served all day!
There, fixed the title for you. This is a security feature.
"While UEFI secure boot is ostensibly about protecting user security, these non-standard restrictions have nothing to do with security. For non-ARM systems, Microsoft requires that Custom Mode be enabled—a perverse demand if Custom Mode is a security threat."
I'm not sure if you're a troll, a shill, or just fucking stupid. Likely all three, rolled into a giant sack of garbage spouting crap.
UEFI does not actually use a boot sector. A system with UEFI that has a disk with GPT partitioning and no legacy BIOS emulation does not have a boot sector at all. There is a ~200MB /efi partition that is formatted somewhat like FAT-32 and contains the UEFI utilities as well as the boot loader. Kind of similar to how grub loads the kernel and initrd from /boot, but in this case, UEFI is actually smart enough to do that without the help of grub.
No, I am arguing that allowing another OS/Boot Loader access to the hardware, even with user consent does make the original OS less secure, which is the whole point.
Are you trying to argue that all methods against securing the entire device chain from boot loader, driver signing, program signing (which isn't going to happen), is completely secure and no current or future holes are going to ever be found that a program not under the control of the secure OS could manipulate to compromise the original OS?
Example, user allows linux to be installed, uses the keys to install it bypassing the secure boot functionality. An exploit against linuxs bootloader is found and used to pre-install a rootkit into the executable chain before it passes control onto windows. Windows is then root-kitted and there is nothing it can do to prevent it.
Or via linux you replace the supposidly secure windows DLL with one that has been compromised and given a signature that appears valid, but wasn't really signed by Microsoft. Again, nothing Microsoft can do to prevent that.
Or.. Nevermind. I've given you two examples already on how such a thing can cause Windows to be "broken" which weren't possible before. By definition, that makes the system less secure. You can argue by how much, but not that it does not.
Example, user allows linux to be installed, uses the keys to install it bypassing the secure boot functionality. An exploit against linuxs bootloader is found and used to pre-install a rootkit into the executable chain before it passes control onto windows. Windows is then shouting loudly that critical files signature doesn't match one stored in secure storage
Or via linux you replace the supposidly secure windows DLL with one that has been compromised with a magical computer able to reverse private key from public key before sun goes boom and given a signature that appears valid, but wasn't really signed by Microsoft. Again, nothing Microsoft can do to prevent that even if there's only one key in the keystore (this example really shows you don't know jack about crypto)
Here, I fixed that for you.
Correction: in the first case it's secure boot initial stage shouting, not even Windows. Windows would shout if you'd replace "supposidly" secure DLL, but didn't get a magical computer to forge a digital signature for you.
Yes! Linux users haven't been bitching about bad security on windows... we've been laughing about it.
soylentnews.org Go there to enjoy the people!
Apple and the "FOSS community" (even the name itself is a shill) don't need to employ companies to shill for them. Its users are dumb enough and brainwashed enough to shill for themselves.
Assuming OEMs will be smart enough to let customers control UEFI authentication
OEMs won't have much choice, actually - the same document that requires ARM Win8-certified devices to disallow disabling "secure mode", also requires non-ARM devices to have a switch to disable it.
LMGTFY: darwin kernel compile
I think he meant the part about non-ARM. If you recall, when Secure Boot was first discussed, there were a lot of complaints about how MS does not require OEMs to provide a switch to disable it, and hence OEMs will not bother to provide such a switch in practice. Now, for x86 at least, this switch is actually required; and for ARM, forbidden.
If anything, it seems to be aimed at clearly separating the market across architecture lines. Not sure what's the point anymore - with Medfield, there really shouldn't be any observable differences between x86 and ARM tablets in near future.
Secure Boot is what locks down the boot sector. That is not the problem. The problem is that it's not possible for the user to disable Secure Boot on ARM (but possible on x86). Note: for user, not malware.
The only reason to restrict any way to disable it is to 1) provide a "secure" platform for content (think unbreakable DRM), and 2) restrict the ability of user to install other software.
Interestingly enough, for non-ARM (i.e. x86) platform, this same WHQL document actually requires that hardware gives the user a way to disable signature checking altogether, and also to edit the list of trusted keys. It's only ARM that's prohibited.
What's the difference between a "phone" and a "real computer"?
See, the problem is that you've lost that round as soon as you've accepted Apple's (and its fanboies) BS redefinition of iPhone and iPad as "entertainment devices" rather than computers. Now everyone can do exactly the same thing. Why is it locked down? why, that's because it's not a general-purpose computer, but an entertainment device! What makes it one? why, the fact that it's locked down!
Anyway, real PCs (meaning Intel) will remain unlocked.
The security we (Linux users) always wanted was supposed to be on software level, not on hardware level.
There's nothing wrong with security on hardware level, to verify the signature of your boot loader to be what you want it to be, and thereby establish a verifiable chain of trust. Linux could use UEFI Secure Boot just the same, and it would actually add a nice protection against rootkits.
Problems begin when it's the device manufacturer who decides what a valid signature is, rather than device user.
DavidSell, ByOhTek, antitithenai, Bonch, Dtech and others are psuedonyms/sockpuppets used by astroturfers, such as Waggener Edstrom rapid response team, employed by MS to astroturf discussions in favour of MS and to attack any point of view which isn't favourable to MS and supportive of their interests.
Mod accordingly
By magical computer I suppose you mean... Being able to overwrite the area of disc that contains revoked crypto certificates, and using a known broken crytpo certificate.. Like what's already happened, but ok, we can call that a magic computer.
See: http://technet.microsoft.com/en-us/security/bulletin/ms01-017
Wow, I didn't even have to come up with a new technique, just rehash an old one.
Where's the source code for the Windows 7 kernel again?
I'm not sure of the licence but they did release the code for their wireless spying programme.
http://archive.msdn.microsoft.com/datacollection/Release/ProjectReleases.aspx?ReleaseId=5671
That's the only code I know of that they've released.
Open Source Tower of Babel Project sounds like the perfect place to get started on the road to anarchy, the only toll road most will soon be able to afford. Join and start your own distinctive dialect today.
And no, it would not be secure boot shouting, secure boot isn't responsible for checking every file for a valid signature, just the first executable. From then on it's the responsibility of that executable to ensure everything is ok.
And really, it's not necessary to try and to insult others when you realize your position is weak. I'm not a crypto expert, I wouldn't even call myself a security expert anymore, but I was in the past, and I know enough to see bad ideas when they come up. You don't need to be a security expert to know that a vault with 1 door is more secure than a vault with one door you control, and another you don't.
Again, what.
The whole point of secure boot is establishing chain of trust, where every next link is verified by previous. Secure boot verifies first executable, first executable verifies its dependencies, one of them is responsible for loading and verifying system DLLs and so on. The only way to compromise any link in the chain without triggering the alarm is either replacing the key in key store - which is only possible for user, or signing the compromised file with the secret part of the key from the store - which would require the aforementioned magic computer.
Not verifying every step or relying on software accessible key storage for certificates already breaks the concept of secure boot.
And no, it's not leaving two doors to a vault, it's leaving two vaults side by side - you might access one vault from another, but you'll leave broken down door or wall in the process.
I mean, it was only what, last month, that MS was reassuring folks that nothing in Windows 8 would preclude other OS's from being installed, period (assuming the OEM's didn't force the issue).
Now - not so much.
Wonder how long we have till MS makes it even harder on regular x86...
Check your premises.
The PC. Also, the Mac. Oh, the mini machines of the time of PDP-10. Also, the huge computers of before that time, they only had developers by then.
Rethinking email
So basically it's OK to be a weenie, as long as you don't have a monopoly in the market where you are being a weenie?
You may be legally correct, but that doesn't mean that someone calling a weenie a weenie isn't just as correct.
-- Terry
That's funny, people seem to love the Mac web though you have to use the command line to unhide certain folders in your home directory and edit plists and file permissions to change simple settings.
Behind in comparison with what alternatives? Linux hardly works correctly as a desktop OS without becoming an OSX or Windows Clone.
Windows is only behind the alternatives when compared to server and cluster OSes.
MS will no be sued or investigated because they don't have a strong position in the tablet or phone market. It would be rather discriminatory given the situation on the devices of many other vendors that have a larger market share.
They're just being MS like they've always have been: You want a sticker saying your hardware can run our software then you must heed to our demands, Intel does the same to pc/laptop manufacturers, they all take the oportunity to be ahead of the competition. Just as any you would do if you found out that OEMs were willing to heed to your will in exchange for having a sticker in any device that runned or used your technology.
In this case there is no obvious reason for an OEM to heed to their demands in the ARM market(there are more well known alternatives in the tablet / phone market), if they do they're either cowards or ignorants.
So hang on a second, how come I can't virtualise mac os x on my windows PC then ?
Where's the source for the OSX kernel?
7 billion people on this planet and you happened to find 2 that have similar names and interests. Or you found some trolls linkedin account. Call me amazed. Oh wait this is slashdot. OMG A$$TRO TURDER M$ $UCKZORRRS LINUX RULESSSSSSSSS!!!111!ELEVEN
-1 overrated isn't the same thing as "I disagree".
I don't think you understand how the GPL works. Linux distros aren't licensed under the GPL, the programs they ship with are (most of them anyways). In fact many distros ship with binary only programs and drivers, even the linux kernel contains binary blob firmware for various devices.
-1 overrated isn't the same thing as "I disagree".
You don't even have to do that for many applications -- I regularly run linux and windows in VMs under OSX, no reboot required.
I've fallen off your lawn, and I can't get up.
Gosh... You're the 2398472 person to write this crap. Do you realize that the issue is about not being able to boot anything else but win8? You wont have the choice to choose even win7!!!
Oh!!! my!!! God!!!
Advice: on VPS providers
another reason to NOT buy windows 8 or Windows 8 hardware. M$ is so greedy, they just want everyone to use Windows period. F*** microsoft, and their monopoly. Ill stick with 7, and ubuntu. so they can shove windows 8 where the sun dont shine.
There's a difference between requiring "Secure on by default" (which almost no one will ever change) and requiring "custom mode to be disabled." I know that you're a pragmatist. Surely you can see the difference.
Put identity in the browser.
This is actually the first thing I thought of when this story surfaced. "MS is known to be paying manufacturers to make WinPhones. They don't want to pay someone to have Linux installed on that later." I'm not sure if that's true, though. MS may also be requiring WinPhones on the line-up as part of the NDAed Android patent agreement they seem to be getting with everyone, too. There's no way to know.
Put identity in the browser.
ARM ultrabook-style computers and desktops are included.
Put identity in the browser.
Linux rootkits are rare enough, Linux rootkits that attack dual-booted windows installations are literally UNHEARD of. That's like breaking into a fully alarmed BMW, hiding in the trunk, then waiting until the car is parked in the garage, sneaking out and then stealing the Honda Civic parked next to it. Sure it could work, but only an idiot would go that route when there are so many obviously easier ways to accomplish the goal. It's about as well thought out as shaggy and scooby jumping out the window, grabbing the key, jumping back in and then onlocking the door to escape the ghost...
Pesky things like sales figures get in the way.
I know nothing about him, but in his defense, I've been reading about this issue for days. There's no reason to do in-depth analysis on the article. Skim and see if it has anything new to say. No? Fine. Post.
Put identity in the browser.
I was one of those happy BeOS users back when.. before they got frozen out.. This seems all to familiar.. Just when I was starting to trust M$ and think that everything they did was based on a fuzzy warm altruistic love of their 'patrons'.....Right...
Fuck off Microsoft!
Umm, I've certainly worked on projects that include Webkit, Webkit2, and CUPS which are of course large projects used by many and where Apple established the community of contributors/collaborators.
This seems misleading. CUPS had an established community long before Apple bought it..
Webkit is based off of KDE's ( yes, from the Linux world) Konqueror browser according to Wikipedia....
I do however remember reports of the arm twisting done to get Apple to live up to the spirit and letter of the open source licenses. Open source saved Apples ass.. before that the cool-aid said you didn't need a multitasking OS!
real PCs (meaning Intel)
Why do you insist with this broken definition? It really doesn't make sense. Would a laptop with let's say an ARM or a Mips CPU would be considered fake or imaginary to you?
Grr, I'm back from years gone, and I see that sill Slashdot decided to nest your comment #38697312 under drinkypoo's #38697710. Hmph.
Copyrights, Patents, Trademarks: temporary loans from the Public Domain, not real property ("intellectual" or otherwise)
Microsoft Taking Aggressive Steps Against Android On ARM.
There I fixed that for you.
Because, 96% of so called “Linux” access awstats reports on my website turn out to be — once you dig deeper — really Android devices. Don't be so vain Linux users, Microsoft would not give a shit about you if it was not for Android.
There are security reasons to require these "features" to be implemented and made available to the user to enable. There are even security reasons to require that they be enabled by default, possibly even requiring the user to click through a dozen or so warning screens or even download special software to disable the "features". There is absolutely no security reason to require the "features" to be made impossible to disable.
Hell, if security is the actual concern here and MS is worried that any mechanism by which the settings can be configured may be attacked through software, dictate that any such configuration be locked by a hardware switch placed in the battery compartment, under the battery or battery cover, allowing the device to boot only into a special mode where the settings can be modified, requiring that the switch be placed back into "safe" mode to boot the OS. In this way, the settings can only be modified when the switch is enabled and, then, only by the user configuration utility, under the user's control, since no other software could run while in that mode.
Damn, it just seems so simple when you look at it from the perspective of USER security, rather than MARKET SHARE security. I can see how that latter perspective may complicate matters a bit; this is why it's obvious that Microsoft's intentions are.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
You don't need to be a security expert to know that a vault with 1 door you control is more secure than a vault with one door you control, and another you don't, while a vault with only one door you don't control is least secure of all.
There, fixed that for you.
These new requirements create a vault, YOUR vault, with a single door, which you do not control. At least if you control the door, you can see what's inside and verify that everything is as it should be. Does that mean that you can also let someone in who you shouldn't? Yes; but, so can whoever's in control of that other door. Thus why it's important to have your own door, to access your own vault, so you can possibly know of the keeper of that other door has done just that.
Ideally, the vault would have only one door and that door would belong to the user. Pretty simple to implement in a very secure manner, see here: http://linux.slashdot.org/comments.pl?sid=2620774&cid=38704664
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Because Apple is a hardware company, not a software company, and they didn't sell you that Windows PC?
this will be hacked in the first day of it's release
Clearly you no longer 'own' hardware or software anymore. You're renting it or licensing your use of it or whatever legal fiction they call it today. In either case, with rental the firm or person you rent it from now has substantially greater responsibilities to maintain that which is rented, Moreover substantial liabilities transfer to the firm or individual you rent from as a result.
While they could care about phones, I agree they care more about tablets and the XBox (the only ray of light in the quiver of tech arrows..). The bottom line is many of the devices with ARM will be subsidized and as Daengbo (and others note), you don't want someone changing the OS on hardware that you subsidized.
They can huff and puff as much as they want but this is about maintaining the monetization ecosystem of subsidized devices, otherwise you could give the user the key(s) to their device(s).
http://www.hawknest.com/
If you own the ARM vendor, then you own the platform and you will control what you allow to be installed.
What a great opportunity for open source, Google, and the many vendors who want the freedom of choice to have an alternative ARM platform.
Leslie Satenstein Montreal Quebec Canada
Rubbish.
If it was about preventing malware on ARM it would allow installation of any operating system [i]except[/i] windows.
well, that's what the locked bootloader is there for - to PREVENT you from running vanilla windows ce, so that you're stuck with metro vm crappapps.
world was created 5 seconds before this post as it is.
Yes, let's add a Shill Factor Mod... that would be reputation capital in action..
http://www.hawknest.com/
The ;) technical reason is in the monetization "stack;" think payola for hardware; if they are going to pay HTC or Samsung or internally Xbox to produce ARM hardware running Win 8, they want to make sure that only Windows 8 will ever run on that hardware.
http://www.hawknest.com/
ARM devices are used in many things that would never/could never use windows from Arduinos to a skillion embedded systems. Requiring all ARM devices to meet any particular criteria of any kind at all is patently absurd. There must be more to this.
You cannot incorporate GPL-covered software in a proprietary system. The goal of the GPL is to grant everyone the freedom to copy, redistribute, understand, and modify a program. If you could incorporate GPL-covered software into a non-free system, it would have the effect of making the GPL-covered software non-free too. . . However, in many cases you can distribute the GPL-covered software alongside your proprietary system. To do this validly, you must make sure that the free and non-free programs communicate at arms length, that they are not combined in a way that would make them effectively a single program.
Yes MS can release proprietary Office for Linux; however it cannot bundle it with MS Linux as the parent has suggested. Knowing MS, the linkage between Office and their version of Linux would be so entrenched as to be inseparable.
Well, there's spam egg sausage and spam, that's not got much spam in it.
It doesn't have to be a linux rootkit, any exploit in linux would do.
Please, tell that to my bank. I want complete access to the vault my money is in.. It'll be more secure that way.
Umm, I've certainly worked on projects that include Webkit, Webkit2, and CUPS which are of course large projects used by many and where Apple established the community of contributors/collaborators.
This seems misleading. CUPS had an established community long before Apple bought it..
True enough, but it was also largely developed by one person, Michael Sweet. Apple helped to bring other contributors on board and get buy in from a lot more companies. Still, you have a point, it as probably not the best example.
Webkit is based off of KDE's ( yes, from the Linux world) Konqueror browser according to Wikipedia....
Webkit was based off of KHTML, which was the engine in Konqueror. At the time, however, only the KDE team worked on it and even Linux developers of note had trouble getting patches in. Apple took all their code, forked it, and contributed a metric crapton of work to make it what we think of today. They also built a series of open collaborations with Google, Nokia, and several other players to make it a project where more than one team could effectively make contributions.
I do however remember reports of the arm twisting done to get Apple to live up to the spirit and letter of the open source licenses.
You were suckered into believing lies and exaggerations. CUPS for example: Apple bought the company and has all the rights to the code. They can close source it anytime they want, but they don't. Most of the major underpinnings of OS X are based on BSD and Apple can close them anytime it wants, but it doesn't.
With the KHTML thing, Apple contributed all their code back at once without copying all the version control messages they used internally (although it was documented code). The KHTML team looked at all the work and were elated by the size of the contribution, but worried about how they would merge it back into Konqueror, given that some of the design choices were not the direction they wanted to go. So they contacted the devs at Apple who sent them all the version control information, access to a mirror of Apple's version control repository, and answered questions about what components did what and how they could chunk up the parts they wanted. You know, they acted like most devs you meet and were good OSS players that want to help out others.
Now if you were on the KHTML forums at the time you saw this saga unfold. If, however, you were just following the news posted here at Slashdot, what you saw was one person from the forums who was not even a contributor complaining loudly and to anyone who would listen about how evil Apple was for "stealing" the code and intentionally trying to delay contributing back (they waited until after their surprise announcement of Safari) and how they intentionally made the code they distributed unreadable. It was complete bullshit, but that is the only thing anyone around here seems to remember because so many people here want to hate Apple and want justification for their feelings, they they don't look into the truth and remember only the bits that confirm their bias.
What happens to hardware after it has been sold has nothing to do with any particular operating system that may have been originally installed.
Tell me honestly that chip, screen or battery maker X could be held liable if I, the end user root my gadget to get Win8 the hell off of it, or may it play with others.
And why do these new requirements not apply to x86? UEFI came from Intel (and HP) in the first place. M$, mighty though they are know two things:
You are focusing on the security of the initial phase of secure boot. If Microsoft lets foreign software run on their hardware, they have no guarantees that that software won't bypass windows own internal security and render it useless while Windows isn't running. For example, replacing windows' security.dll with nothing.dll. Normally windows may not allow such a thing, but if they allow linux to boot, linux may allow it, and the next time windows boots, it'll use nothing.dll instead.
Obviously, this is simplified, but unless Microsoft is expecting to verify the signature of every piece of software on windows (including all 3rd party stuff) you've already lost the battle.
However, in many cases you can distribute the GPL-covered software alongside your proprietary system.
The GPL applies only to software that is licensed under it. It does not creep into third party products which happen to be distributed along side GPL software. This is why Internet Explorer can support PNG images, or game engines can use ogg vorbis, or Ubuntu can include binary only drivers for Nvidia and AMD graphics cards. All they have to do is distribute the GPL covered sources including any modifications they make on request. Distributing source code under other licenses is not required.
Knowing MS, the linkage between Office and their version of Linux would be so entrenched as to be inseparable.
Yes just like how office is so entrenched into windows and OSX that they are inseparable. Right.
-1 overrated isn't the same thing as "I disagree".
You really should have actually read the entire quote before copy pasting it.
However, in many cases you can distribute the GPL-covered software alongside your proprietary system.
Yes MS can release proprietary Office for Linux; however it cannot bundle it with MS Linux as the parent has suggested. Knowing MS, the linkage between Office and their version of Linux would be so entrenched as to be inseparable.
You should read more carefully.
This is why Internet Explorer can support PNG images . .
PNG, vorbis, nVidia, and all your examples are not analogous to the situation described. Remember how Windows cannot function without Internet Explorer (for Windows). Given the history of MS, they would link Office such that MS Linux requires it and vice versa. Such linkage is possible under the GPL; however, it runs afoul of the GPL if MS does not release the source code. MS would never do that.
Yes just like how office is so entrenched into windows and OSX that they are inseparable. Right.
Seeing how MS does not control OS X, they cannot build any links into OS X. If they make their own version of Linux, they can.
Well, there's spam egg sausage and spam, that's not got much spam in it.
At least I won't have to pay the Microsoft extortion tax on devices capable of running Linux. Well, not the hardware tax anyways - the IP tax still applies.
I must be in the minority then, according to you. I had Windows XP Professional installed as a dual-boot setup for maybe six months when I first ran Linux, starting with SuSE and then Zenwalk. Shortly after, I completely nuked my hard drives, re-partitioned and formatted them, and dedicated the drives to Linux--Zenwalk at the time, then later Ubuntu, and now Debian. That was back around... late 2006. Been Windows-free ever since. I have occasionally installed WinXP Pro in a virtual machine to play around with as a "toy" OS mostly for nostalgia purposes, but also to play around with virtualization and to see how some of the unfortunately Windows-only programs I've become fond of over the years have turned out.
I have since lost my copy of Windows XP Professional ("Upgrade" copy) during a move... and guess what? I don't even care. Wine seems to run most programs I would want to run anyway; there are very few that running Windows either in a virtual machine or natively in a dual-boot setup would be optimal. Overall, I don't miss it; just some of the proprietary programs that were developed for it.
As I have previously mentioned. I bought two of the original PS3's because I wanted to experiment with programming the CELL processor. When Sony ultimately locked down their system to the point where you could not boot an alternative OS, the machines ceased to be of any value to me. It was a clear case of me buying hardware for an advertised purpose and having the vendor change the game after the sale. As a result I now boycott Sony (as much as is possible). I am trying to keep the emotional stuff out of it, but at various times I have been really angry about this. There is also the potential for an OEM to sell a machine where the choice between standard and custom mode is in the control of the user, then take back that control when a firmware update comes through that no longer allows the choice. When that happens, poof!! and you cannot access your data any more because the alternative OS won't load and Windows doesn't have the drivers to access the foreign file system. I hope I live long enough to see Microsoft get what they deserve. Calling Balmer Uncle Fester is very humorous, and at least gives me a moment of lightheartedness although the general topic is distasteful.
Ahh, except that it's *their* vault. It's more secure because there is only one door, and they're the ones with access to it.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
I wrote a whole long list of points, then the submission got fucked up, so I'll just summarize.
If they don't verify signatures on every file, what's stopping someone from running 3rd party apps containing malware? Hell, they could autorun, run in the background, and the user will never see them. Sure, antivirus software would be able to catch them, which is the current situation, except for rootkits, which wouldn't be possible until an exploit for secure boot was found. Oh, and one will be found, the hacker community as a whole will see this as a challenge and tackle it head-on, just for fun. So, then, we have added expense for a security measure that is cracked within a week and rendered useless, leaving us right back where we started. The only way to accomplish the type of security some people assume Microsoft is after here is to require every bit of code to be signed, and to verify those signatures every time the code is executed.
Ok, so let's only run signed code. Great.
One of the following happens:
- It gets cracked. All that expense for nothing.
- Microsoft's signing certificate is compromised. All that expense for nothing.
- Cost of certification set low enough to allow for free games and apps, but the vetting process has to be sped up in order to keep up with demand, which allows some malware through. Now that there's an exploit out there, it gets cracked. All that expense for nothing.
- Cost of certification set low enough to allow for free games and apps, but the vetting process required for certification prior to signing creates a huge waitlist, the apps just aren't there because they're all waiting to be certified, and people flee to other platforms which have apps (see WebOS for an example).
- Cost of certification set too high for free games and apps to be feasible. People want their free games and apps, so they go to a platform that has them.
In 3 of the 5 possible scenarios, it gets cracked; Microsoft paid more to implement the "feature", manufacturers paid more to implement the hardware requirements and to license OS containing the "feature", developers paid more to sign their code, end-users paid more for the device and the apps, all for nothing, because it was all rendered worthless when it was cracked. In the other 2, the platform fails because it was unable to provide what end-users wanted.
People don't care about security, nor does this provide any of it. We wouldn't be talking about requiring signed code if people cared about security, because people would take the time to secure their own systems using tools already available. People want their cute shit apps and games, they want them for free, and they want them whether or not they'll send spam to half the world every time they're run, so they'll go to the platform that can give them that. This is not a problem that can be solved by technical means, because any platform which implements those means won't be used by those users. Period.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Given the history of MS, they would link Office such that MS Linux requires it and vice versa.
Nothing but speculation. See here:
Yes just like how office is so entrenched into windows
Notice how office is sold separately from windows.
-1 overrated isn't the same thing as "I disagree".
If they don't verify signatures on every file, what's stopping someone from running 3rd party apps containing malware?
File permissions, OS sandboxing, trapping API calls to specific files/directories, etc etc.
Sure, antivirus software would be able to catch them, which is the current situation, except for rootkits, which wouldn't be possible until an exploit for secure boot was found. Oh, and one will be found, the hacker community as a whole will see this as a challenge and tackle it head-on, just for fun. So, then, we have added expense for a security measure that is cracked within a week and rendered useless, leaving us right back where we started. The only way to accomplish the type of security some people assume Microsoft is after here is to require every bit of code to be signed, and to verify those signatures every time the code is executed.
Do you leave your house unlocked because you know a burglar could simply bust one of your windows? Most people don't. Security is about making it more difficult to do something rather than making it impervious to any and all attacks.
The only way to accomplish the type of security some people assume Microsoft is after here is to require every bit of code to be signed, and to verify those signatures every time the code is executed. Ok, so let's only run signed code. Great.
No, not really, but the important pieces of code do need to be protected. Things like the base OS, and the base OS protects the virus/malware checkers. The virus/malware checkers check everything else. As we've seen, some exploits are able to bypass and/or turn off virus/malware checkers already. In order to protect them, the OS needs to protect them. The OS is protected by the boot loader. The boot loader is protected by secure boot. You can't simply allow other software to run on the machine that doesn't follow that chain and keep the system secure. The other system can't possibly follow the same exact rules in the exact same lock step. It's nearly impossible, and highly unlikely that {alternative OS} would ever implement things like not allowing anyone to write to the C:\Windows directory unless you type in the administator password. So that security mechanism is useless if you allow {alternative OS} to run on the same hardware.
People don't care about security, nor does this provide any of it.
What "people" are you talking about? You? Most people I know don't like it when a piece of malware emails everyone in their contact list about how great viagra is. Nor do they like it when their credit card info is stolen and they spend days cleaning up the mess. Most people lock their houses and cars when they leave. So I would say most people care a LOT about security, they just don't want security that keeps them from doing what they want. You may not think it provides any security, but it does. It's one more layer of security that hackers will need to defeat. Alternatively, there are very few users who would ever want to install an alternative OS on their phones.
I'm not even gonna bother quoting this ignorant tirade.
No, I don't leave my house unlocked because someone could just break a window, because the window still provides some level of entry for breaking in; just because one windows is broken in one house does not mean every window in every house breaks, so there's still a point in locking the door. This is different. Here, once one person has broken secure boot in one place, that same code breaks it everywhere. There is no need to break secure boot on every device you want to get into, like you'd have to do with windows->homes; break it once, get in anywhere, you have a master key now.
And the people I'm talking about are the ones described in the rest of the paragraph you selectively quoted from my post. Most people I know are like most people you know, but most people we know aren't most people. You know why? Because, and this is how society works in case you didn't know, we tend to associate with like-minded people, so it would stand to reason that most people you know would be similar to you. Now, consider the few you know who install every cute screensaver or cursor pack or cutesy little free game they see, then consider how many people they know, who shared these games with them or who they share these games with, then consider the people they know, now you see the majority and it's not most of the people you know. If most people cared about security over functionality, we'd all be using Linux and that's a fact.
Disclaimer: System Administrator on a Win/OSX/Linux mixed network. I love all my children.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
On second thought, after re-reading GP, I will quote.
You can't simply allow other software to run on the machine that doesn't follow that chain and keep the system secure.
That's what I just said. And it will still be cracked.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Microsoft are so desperate to contain the widespread adoption of GNU/Linux on non-x86 platforms they have to now resort to OS lockout. Instead of competing fairly by actually developing good software Microsoft would rather choose the path of least effort - and greater hostility Same old. Same new. Microsoft will never change unless the toothless tigers in government decide to break up this behemoth of a company.
If I read correctly, it says you can't install another OS that isn't signed. So, buy/download a bootloader which is signed or wait a week until EFI secure boot is cracked.
In fact, I'm tempted to consider making a boot loader for ARM linux which I'll get signed somehow. I'm pretty sure that Intel can't say no. I'll release the code under an open source license but I'll charge $2 for the signed version of it.
This just doesn't sounds like an issue to me.
This will tell me very quickly which hardware vendors to AVOID. Any hardware vendors that adhere to this rubbish from Microsloth, should be avoided at all costs and hardware should be purchased from those that are more open. Seriously, is this really necessary to lock down ARM-based machines? It all seems like yet another ploy to try and hold down GNU/Linux from taking over more market share from Windows.
SOPA comes into consideration. Here is how.
If you have a TPM hardware chip in the ARM based hardware, the new bios that will not boot without the TPM validating the signature, or without some of the OPSYS permenantly resident in the NEW BIOS, This was done to protect the operating system, and to eventually protect files from piracy.
New hardware has replaced VGA and dVI with HDMI. A single HDMI cable carries voice and video to the TV or monitor equipped with speakers. There is nothing to stop you from acquiring a HDMI based recorder to make copies of your own files. Will you be allowed to share your file copies? SOPA will in theory make that illegal. SOPA will fail because a) I buy a book, I read it and pass it to a friend, who reads it, and passes it to a friend, etc.
The book does not have a serial number (at least paper based books do not), and therefore SOPA cannot be enforced. I may also photocopy some pages that I need for my purposes.
MS wants encryption to be incorporated into the HDMI Monitors and TVs. Encryption will be in force from the System boot, and will control access all peripherals by communicating to them with encryption (DES) .
Will MS and RIAA and other companies get their way?
My believe is that we, the 99% will loose. We live in an inverted totalitarian state, where the 7-10 companies and finance the government and control we, the 99% have no real say in legislation.
It is a trivially different in Canada, where political contributions have caps on amounts, and must come from individuals party members. Thus the American 99% are really equivalent to the 95% Canadian. Worse, the USA dictates to the Canadians that they must dance to the same rules. How sad..
Leslie Satenstein Montreal Quebec Canada
As I understand it, Apple's EFI implementation is subtly incompatible with the UEFI firmware on PCs.
Then why not include both an Apple EFI boot record and a UEFI boot record?
Also, some Macs use 32-bit EFI whereas others use 64-bit, they're not compatible with each other, and it's not terribly easy to detect which is in use.
Then how does the Mac OS X install disc detect which EFI is in use?
As if we don't have enough problems from the current evil empire...
"When information is power, privacy is freedom" - Jah-Wren Ryel
Linux viruses are rare enough, Linux viruses that attack dual-booted windows installations are literally UNHEARD of. That's like breaking into a fully alarmed BMW, hiding in the trunk, then waiting until the car is parked in the garage, sneaking out and then stealing the Honda Civic parked next to it. Sure it could work, but only an idiot would go that route when there are so many obviously easier ways to accomplish the goal. It's about as well thought out as shaggy and scooby jumping out the window, grabbing the key, jumping back in and then onlocking the door to escape the ghost...
It doesn't have to be a linux rootkit, any exploit in linux would do.
Ok, now that we're done being pedantic, care to try again?
Oh the lolz when they are fined. I do hope this reaches the level of BBC News.
It's always nice to see a Microsoft exec. squirm in a TV news interview. I wonder
what lame excuse they will come up with. Something a vague as:
"We want to keep our users secure and safe"
or even as patronising as:
"User may break something trying to install other operating systems"
Heaven forbid people should be able to do what they want, with what they PAID FOR AND OWN!
Roll on the M$ embarrassment
Nothing but speculation.
This entire thread is speculation about MS Linux and MS Office for Linux which I believe are not real products.
Notice how office is sold separately from windows.
Notice how you can't run Windows without IE and vice versa. You really believe MS now that they are no longer under antitrust scrutiny won't leverage one of their products against their competitors?
Well, there's spam egg sausage and spam, that's not got much spam in it.
You sound like a friend of mine who honestly believes that any Venezuelan citizen who doesn't agree with Hugo Chavez's policies is a paid CIA shill.
*tags you as a shill by using an army of shills*
This won't filter out shills.
It'll just reward those who are quicker with the shotgun.
Bullying vendors into coughing up patent royalties might count.
Just dont use windows from the gate.
I see it as the corp. work OS I dont need it in my home at all.
And really have not sense dr. dos.
I have not used windows regularly sense Redhat 5.
So I know you can do it to.
I dont game.
But I do have a ps2 and 3 for the grand kids.
Baring that nothing that cant and will be hacked.