Slashdot Mirror
Microsoft Taking Aggressive Steps Against Linux On ARM
New submitter Microlith writes "Microsoft has updated their WHQL certification requirements for Windows 8, and placed specific restrictions on ARM platforms that will make it impossible to install non-Microsoft operating systems on ARM devices, and make it impossible to turn off or customize such security. Choice quotes from the certification include from page 116, section 20: 'On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enabled' — which prevents users from customizing their security, and in section 21: 'Disabling Secure MUST NOT be possible on ARM systems' to prevent you from booting any other OSes."
As much as i hate to say it, time to get the Feds involved, again.
Forget piddly sanctions, or even a "breakup". Shut them down once and for all.
---- Booth was a patriot ----
Don't you mean iOS? My mac isn't locked down in the least, and in fact is more open than windows.
---- Booth was a patriot ----
The trick to being a good shill is to not have your diatribe prewritten to post as soon as the story goes from red to green.
It's a little too blatant otherwise.
MS is fine with all those junk-grade tablets, just that they don't want something like the N900 to pop up. They were able to kill that by all-but acquiring Nokia and making sure Elop would kill the N9.
So take your "not target market" or "find a device that suits you" complaints and stuff them, tyvm.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
And why not bitch at Apple for locking down OS X and iPhone's too?
But... WE DO BITCH AT APPLE FOR LOCKING DOWN OS X AND IPHONE TOO.
I don't understand if you're a troll, a shill, or simply an idiot. Microsoft is imposing this overly restrictive and anti-competitive measures on ARM hardware, in order for it to have WHQL certification, and you pretend to believe it is to stop malware? Really?
Seems these criminals have forgotten the last lesson in not behaving anti-competitively already. Time to fine them a few billions to make them remember.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Sir, you are either paid propagandist, or you have no idea what you are talking about.
The security we (Linux users) always wanted was supposed to be on software level, not on hardware level.
Doing anything like this on hardware level is definately anti-competitive.
A reason not to buy Windows 8? How about the fact that Win 7 is just now picking up real steam, works great and doesn't need an Ubuntu-style Metro layer over the top of it to make it an excellent OS?
Microsoft's OS's have minimal market share on ARM-based device.
So now it will have a monopoly on all ARM-based devices marketed as capable of running Windows 8. Or does that mean that the "universal computer" is not universal anymore, and you will have to buy a MS-ARM machine to run Windows and a Linux-ARM to run Andoid?
Ezekiel 23:20
This is a rather pathetic attempt at misdirection. Of course the strategy is to claim this is about malware. But guess what, when you look under the hood you find that it is not. There is absolutely no reason to block the installation of another OS, except direct anti-competitiveness. If it was just to prevent the user from easily open their system, there would be other options.
Your argument that there are other ARM devices is also completely bogus, and so obviously I am not even going to explain.
You are a Microsoft shill, nothing else.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
...something about leveraging a monopoly to take over another sector...
He is a shill. Despicable. Just look at the posting time of the article and his comment. This was obviously pre-written.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
OS X doesn't stop you installing other operating systems. OS X even comes with a tool that will resize your existing partition, provide space for another OS, and Apple computers have a graphical boot menu out of the box for selecting the OS to boot.
I'm not sure about iOS devices. The older iPods didn't actively stop you from installing other operating systems (they just didn't support it, which is fair enough). If the new iPods / iPhones do lock the bootloader and prevent you from installing something else, then that would be something worth complaining about, although there are enough other reasons for wanting to avoid Apple's locked-down consumer product lines that it's probably quite low on the list.
I am TheRaven on Soylent News
Leveraging your monopoly in one area to attempt to dominate another much? This is an attempt by Microsoft to use the power they have over hardware manufacturers and computer distributors via their Desktop PC monopoly to force out the current players in the Tablet market. Abuse of a monopoly position pure and simple.
Making it impossible to dual-boot your ARM device. Security for the boot sector is one thing, making it impossible to install another OS by choice is something else.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
I never planned on buying Windows 8, but I was interested in some of the hardware designed for Windows 8, because it is likely to be a bit more standardised in terms of core hardware than the wide range of generic ARM stuff, so it would be more interesting for running other operating systems. If hardware makers disable the ability to run other operating systems, that makes their devices less interesting to me. Fortunately, there will almost certainly be 100 chinese ODMs who don't bother to lock down their products for every big brand maker that does.
I am TheRaven on Soylent News
News about Microsoft can get conflicting, on one day you get a massive push for right stuff like open source and other good practices, and then you get stuff like this that sounds like the Microsoft of old.
I am wondering, how many divisions exist within Microsoft? I mean divisions capable of giving such conflictive news. I can't help but feel a part (probably formed of younger staff or management) is trying to do the right thing while other part (probably formed of old-school people from the times of anti-trust) is adhering to their old self. If this were to be the case, I hope the former ends up having more control of the company, really. I kinda hate to have to hate Microsoft at this point.
The fact that you think that disabling "custom boot" on ARM makes Windows more secure is yet another indication that there is really no understanding of security in the Windows world. And Linux users haven't been "asking for" Microsoft to do anything; we don't really care. We just keep pointing out that Microsoft doesn't seem to understand security.
Yes, the fact that Microsoft's operating systems are such a failure on ARM: Microsoft is in effect subsidizing hardware in order to give their operating system a chance in the market on ARM; without such subsidies, they wouldn't have a chance. But it is just those subsidies that make the hardware attractive for Linux. In contrast, iPhone and iPod are unattractive targets for alternative operating systems because iOS is successful and Apple charges a premium for their devices.
Locking down the boot loader in that way doesn't improve security and only has one conceivable purpose: to keep out other operating systems, and it is a necesssary part of an attempt by Microsoft to gain market share for their otherwise unattractive operating systems by subsidizing the hardware.
Microsoft managed to escape being dismembered by having politicians do what they wanted,
The legal process needs revisiting. The same sort of charges can be brought. Perhaps, if found guilty, this time it could be concluded properly with the criminal being punished and prevented from committing the same crimes yet again.
I'll see your Constitution and raise you a Queen.
This does not make the devices secure. Stop repeating that nonsense. Then, from your ID I deduce you are related to the shill.
Go away, you are not welcome here.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Tablet makers offer ARM tablets without WHQL Certification preloaded with Linux or Android.
I mean they don't need to install Windows 8 on the things when there's perfectly good alternatives around, and it seems like adhering to a document more than 150 pages long is a time wasting PITA when you can simply go to a competitor and be done with it.
If it would have had been only a security feature, there would be an SD-card in the device storing encryption keys for approved OS software manufactures. The SD-card could in this case be made read only and if the user wants to disable any tampering, he could glue it in the slot. A user could add additional approved keys (even his own keys) by placing the card with write enabled in another machine.
In this case, it would have only been about security. As it stands now the MS rules is to lock out competitors from the market.
"Civis Europaeus sum!"
That worked for them with netbooks.
You are forgetting one of the 10 commandments of propaganda: If you repeat it enough times, people will believe it is true.
And, as a bonus, you'll slowly drive anyone that actually has some grasp of the truth slowly bat-shit crazy thanks to the gas lighting effect; which makes them, and therefor their position, unattractive.
Any sufficiently advanced influence is indistinguishable from control.
Rubbish.
If it was about preventing malware on ARM it would allow installation of any operating system [i]except[/i] windows.
Boot-loader protection and forbidding the device owner to disable said protection and booting another OS are quite obviously two very different things.
You really need to brush up on your skills, for a professional liar, you are pathetic.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
That's because Apple is a hardware company foremost. It works the other way with them. They don't want you installing their software on other hardware and work to prevent it. Microsoft is being forced into attacking linux on ARM in this way because they can't really compete against them any other way on that platform and they are desperate not to start losing market share even if they maintain their monopoly on pc architecture. MS knows that once linux really starts to take hold anywhere at all they are in danger everywhere.
The boot sector can be locked down by allowing the user to add keys manually. There is no need at all to tie it to a specific OS. Rather obvious and already in the spec.
Go away, nobody believes you.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
True but to be fair Apple did this because when OSX first came out, it wasn't nearly as popular as it is now and there were a lot of windows only apps people wanted to run. That's the same reason they invested in boot camp - to make the transition from windows to OSX easier. If OSX had the lead market share like Windows does now, I'm not so sure Apple would be as accommodating. Just look at how locked down the iPhone is w/respect to having to get all your media through iTunes.
Are you really that naive? Boot-sector viruses are not that common. If you have a reasonable secure OS you can just prevent the virus access to it. There is absolutely no reason to prevent booting of another OS, requiring the user to add another key manually is quite enough. And all this is quite clear and known to MS.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
If the new iPods / iPhones do lock the bootloader and prevent you from installing something else, then that would be something worth complaining about
They do. As do many (probably even the majority) of Android devices. And Symbian devices. And bloody well anything that runs on ARM! The number of locked ARM devices vastly outnumbers the number that are unlocked, or even have the ability to be officially unlocked. Should unlocked ARM devices be the norm? Yes. Is Microsoft's position the norm among every device and OS manufacturer? Also yes.
Also interesting to note is that the updated document specifically requires that UEFI Secure Boot settings can be modified by the end user, contrary to previous hooh-hah.
No antivirus can do anything about it, and even if you re-install your OS, the malware gets re-installed too!
Last I used an MS-OS (DOS) bootsectorvirus was common, and so was antivirus that could handle that. What have happende? Have MS locked down the bootsector so only viruses can modify it and not the anti-virus or the OS? In that case this is an exelent example why this will NOT work....
>> if you buy a Windows device
What is a windows device exactly? Microsoft marketing dept have invented this concept that Windows is somehow hardware. Its not. Windows is an OS. No more.
I buy computers (not Windows devices, or apple devices). I need them to do the things I want. Its my property. I can and should be able to do what I like with it.
I've been using Windows for a long time. I do not like Windows. Other's agree with me, people who use Windows do not like Windows. People who use Windows like the software they run on Windows.
Microsoft thinks that people LOVE Windows. That's why they created Windows CE, and that was a massive failure. People want to run their x86 software on the computer, and last time I checked Windows 8 ARM can not run x86 software, so your software collection is junk all of a sudden.
If you give most people a choice between Linux vs Windows, they will choose Windows. If you give them a choice between Windows that wont run their apps, and Linux that wont run their apps but at least already has a large library of software, then they will Choose Linux.
It does not make sense. You can always allow the user to add another key, and you can give clear warning when they do. Preventing the user from adding another key is not a security feature. Period.
But I guess you are paid to post this nonsense here.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Microsoft will get dragged through the courts for anti-competitive behaviour once again. You'd think they'd have learnt their lesson from the whole IE bundling thing that cost them very serious money.
Even if the US gov is corrupt enough to let this slide, there's no way Microsoft will get away with this in the EU or anywhere else.
Bullshit. When OS X first came out, it only ran on PowerPC. It came with OpenFirmware, and which provided a graphical multiboot bootloader. When it was ported to Intel, Boot Camp was a separate download, now it's integrated.
I am TheRaven on Soylent News
There are plenty of phone/tablet devices with measures to explicitly prevent other OSes from being put in place. Telling is that the 'OS' in PC world is considered software and in the phone/tablet world they have sucessfully got people calling it 'firmware'. This market is trying to blur the division between the platform and the OS to significant success. Every 'OS' vendor is expected to compete by getting a partner to release hardware around the OS. That means less room for startups or grass-roots OS creation, only certain Android hardware devices are a viable target.
That market is a plethora of monolithic devices with no configurability in hardware or software. This is a huge step back from the state of x86 systems where so much is socketed and mixing and matching is possible by the consumer thanks to rigorous standards in place to make it all possible. The 'primary' targeted OS runs as well as the primary OS on any of these devices, and while an alternative OS may fail to integrate properly with the device (Linux-Vendor ACPI was a sore spot for eternity, better now), the user can make the tradeoffs if they choose.
XML is like violence. If it doesn't solve the problem, use more.
You are forgetting one of the 10 commandments of propaganda. If you repeat it enough times, people will believe it is true.
It's good thing, then, that you are repeating this to him.
Ezekiel 23:20
Oh gee, like the BIOS option that has been available for DECADES?
Seriously, do you really think that real IT professionals will buy into the whole BS about allegedly "improving security" when in many cases remote security on Microsoft's platforms has actually decreased over the years?
Incorrect. Look at measures on products like the Chromebook for example. I'd love to see how you bypass a user-configurable HARDWARE jumper/switch.
Lies, lies, lies. MS are always full of lies.
This has nothing to do with preventing the user from adding another OS key to their device. That is the thinly-veiled anti-competitive truth behind this. Also note that on x86, the user _is_ allowed to add another OS key. How is that?
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
That's not fixing the problem, that's fixing the symptom.
Fixing the problem: Determine how it's subverting the master boot record and FIX that.
Fixing the symptom: Lock down the master boot record to prevent writing, including installing other OSes.
There are two types of people in the world: Those who crave closure
http://www.apple.com/opensource/
Here's the source code to all the open source software in MacOSX, along with any patches they did to the source.
http://opensource.apple.com/release/mac-os-x-107/
Here the sources for a bunch of the core system components, including the kernel.
Where's the source code for the Windows 7 kernel again?
My Other Computer Is A Data General Nova III.
Well, it worked for his first shill post in the other MS story, it was basically first post and still at +4, it was added up pretty instantly so I assume they also have a bunch of shill accounts to mod it up.
Live today, because you never know what tomorrow brings
Wrong question. The right question is why does MS want this to be posted.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
If user can disable it, then computer program can too
No, it can't Users can physically manipulate the device and do whatever they want - use a different firmware boot oprion inaccessible after the boot, swap PROM chips in sockets, etc., whereas computer programs can (in this context) only rewrite non-volatile memories, and even then, only those that the OS (running in a privileged mode) allows them to overwrite. If the previous sentence isn't true, then the OS is buggy by definition and has to be replaced. No change to the HW or firmware is necessary.
Ezekiel 23:20
If you can force people to buy something they don't want more money to you. I bought a laptop two years ago and half of the HDD was locked for Windows I did not want Windows (even though I had to pay for it) I phoned the manufacture and said I wanted access to my HDD they said we don't support installing other OS. I told them to fuck off and replaced the HDD. Last laptop acer will ever sell me.
Plain and simple, bullshit. It's a smoke screen. When malware manages to infect boot sector or equivalent, the attack comes from within the OS. Microsoft has every capability of treating writes to the boot area and EFI configuration as special and performing their own security checks to prevent 'unauthorized' writes to that area (going even beyond their permissions to also require signed code). It still regretably break things like Ubuntu's in-windows installer, but I would accept that wasn't their goal and I think the tradeoff is more defensible. Malware because the computer boots off removeable media 'accidentally' is pretty unlikely in EFI case (where OS forces the firmware to skip all that and go straight to boot loader unless user takes action). Attacks where someone maliciously mangles a system they have complete control of is not even a blip on the radar of malware (it may happen, but certainly nothing worth breaking an entire industry over). Incidentally, 'boot sector' type infections are relatively rare in the scheme of MS malware, most malware doesn't bother to infect the boot area, and still they are all over MS platforms.
Also keep in mind, MS is the *only* party who gets to control those keys. The users are not allowed to add new trusted keys. The hardware vendors are not allowed to put another vendor's keys instead of Microsoft's. The vendor *must* use MS key or no one's at all, they are forbidden from using the facility to the benefit of someone like Red Hat for example. The vendor gets in trouble with MS if they use the facility in a way that would prevent MS code from running. How the *hell* is that possibly considered right in the context of 'just improving their security'?
XML is like violence. If it doesn't solve the problem, use more.
Ah, the argumentation flowchart is revealed:
1. This is necessary for security
--> direct lie
2. MS does not have a monopoly on ARM
--> not relevant
3. Everybody else is doing it.
--> not relevant and not true
What next? MS really should have paid for some professionals here, not you clowns.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
That's just it shill-boy.
They're not "simply going to another market".
They're adding stipulations to their credentialing process that REQUIRE hardware vendors to essentially lock out all forms of user choice for alternate OSes on their platform.
So if WidgetCo wants to sell their ARM-Widget 6000 with Windows on there, they have to lock the platform to the point where you CAN'T load the ARM-Widget 6000 with Android or another OS.
Essentially they're forcing hardware vendors to make an irrevocable choice about which market they're going to service instead of allowing them to service any/all of them.
That's quite clearly abuse.
Chas - The one, the only.
THANK GOD!!!
Considering your astroturf account is only 140 users ahead of OP astroturf account, I dont trust what you have to say either.
Be gone astroturfers.
Last I checked, Google didn't produce any Android devices (yet).
Google didn't demand to lock the bootloader as a part of Android branding certification as well, which is why there's plenty of unlocked Android devices available.
Please shill harder.
Ok, ya, its innocent. I have this bridge to sell you too.
Oh, and personally, no i don't boot with a windows CD to fix my computers, regardless of what OS they might be running at the time.
---- Booth was a patriot ----
I too am struck by the timing of the initial post, and the similarity of your id to that party's id... it does indeed suggest you're engaged in paid astroturfing for Microsoft.
The response to your 'question': Google doesn't lock down their devices; they leave that choice entirely to the manufacturers, some of whom choose to lock down, others who choose not to (e.g. Samsung, and Google itself).
If Google had as long and detailed a history of being as anti-competetive as Microsoft, they'd garner just as much hate as Microsoft. But Google is much better than Microsoft, both in this case and in longterm overall behavior.
Slashdot, can we have a system where people can be tagged as shills, not just per-comment but as a lingering account attribute?
- First they ignore you, then they laugh at you, then ???, then profit.
Also interesting to note is that the updated document specifically requires that UEFI Secure Boot settings can be modified by the end user, contrary to previous hooh-hah.
What updated document? This is the text:
MANDATORY: Enable/Disable Secure Boot.
On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of Pkpriv. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure MUST NOT be possible on ARM systems.
Nothing else applies to ARM system. It. Must. Not. Be. Possible. Ever. In any way.
Live today, because you never know what tomorrow brings
Oh, and about how it's different from Apple: Apple's locking down their own devices to install their own OS, MS is demanding for others to lock down their devices to install MS's OS.
a) His points are wrong, and rather obviously so, see rest of thread
b) He (and you) are obviously paid by MS to spread this FUD here
c) You are doing this so incompetently, even a young child can see it
d) After your purpose has been revealed, you keep at it, confirming the suspicion
Despicable and pathetic. Is MS to stingy to pay for good liars?
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
His premise is entirely wrong. There are a number of ways to ensure the security of the boot sector from the software layer, locking it to one OS doesn't increase security beyond the fact that only one OS's flaws will be exploitable.
It's really a ridiculous attempt at justifying locking in a subset of arm chips to MS only.
Reboot from an external disk (i.e. USB stick) and run your antivirus from there. In this day and age of advanced malware, it's probably a good idea to do that every so often anyways.
Ignorance and prejudice and fear
Walk hand in hand
If the only choices are Apple and Microsoft.
They do. As do many (probably even the majority) of Android devices. And Symbian devices. And bloody well anything that runs on ARM! The number of locked ARM devices vastly outnumbers the number that are unlocked, or even have the ability to be officially unlocked. Should unlocked ARM devices be the norm? Yes. Is Microsoft's position the norm among every device and OS manufacturer? Also yes.
Number one Android devices manufacturer is Samsung, which didn't ever bother to lock their bootloaders. Quite the opposite, they contribute to CyanogenMod and ever hired its top developer. Maybe it's one of the reasons they are number one?
If MS wants to have built giant cell phones with really happy software locked onto it let them. It will be jailbroken in fractions of a second. Or I can strip it down and run a virtual machine. MS cannot lock the machine down enough to prevent it. They are not that good.
Microsoft may have screwed the pouch here. Every time I get a horribly fucked up windows box to fix the procedure is quite simple. Puppy Linux grab all the important files and run an anti-virus scan on those files then re-install the OS and what ever programs they need. How would I do this to an arm based windows machine?
as anyone who has actually tried to build that pile of ass knows, the apple 'open source' project is complete horse shit. they use an incredibly obfuscated build system that makes it impossible for anyone except Apple to actually compile their projects.
that is why there are no open source operating systems based off the Darwin Kernel, except for the highly alpha-level PureDarwin , and the completely abandoned OpenDarwin -- here we are ten years after OsX, and PureDarwin only recently announced "The dawn of network and audio support" in their OS.
GNU Hurd and Haiku are both farther along the way to being usable Operating Systems than any open system based on Darwin.
Your argument is bogus. We are talking UEFI here. Why would something be acceptable or even desired on x86, yet on ARM it suddenly is necessary to do the same thing differently? Right, for business reasons, i.e. locking out the competition! And that is exactly what MS is trying to do here. Again.
Face it, you prepared "argumentation" strategy for spinning this is not working.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Nonsense. Rather obviously so.
Seems "everybody else is doing it" is really the last stance in your astroturfing strategy. This does not invalidate that MS is doing something blatantly anti-competitive here with zero technical reasons and zero security benefit. Allowing the user to add OS keys to the device they own and paid for is not a security risk, just a business risk. And that is why MS does not want that and pays you clowns to try to spin it differently.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Just in your small mind. I guess you were part of the team that created this pathetic strategy after all.
If Ubuntu did that, they would be receiving the same flak you now do, rather obviously. But they are neither stupid nor greedy enough to go that way, unlike you MS folks.
Also note that you now admit that it is about locking the device to MS, while you denied that earlier.
You are new to this, aren't you? Advice: At least use different IDs to make it not that blatantly obvious.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
http://it.slashdot.org/story/12/01/13/1953230/microsoft-trustworthy-computing-turns-10
There's probably more, but I only went looking in his recent history. So this isn't his only post dropped at the moment an article goes live. Sure smells like astroturf to me. And you can't use the "subscriber preview" argument, either, since there's no "*" after his username.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Firstly, yes, we would bitch at them. Just because you have double standards for your preferred OS doesn't mean everyone else does.
if they were using grub2 as a bootloader, it would also be against the license - GPL3 forbids you to Tivoize.
Processors at the time didn't have code verification baked in ... we are about at the point where RMS's dystopian vision of the future can become reality, blackbox hardware systems running code only allowed by certain corporations for now and in the not so distant future government could demand all software to be signed by them with hardware capable of running unsigned code outlawed.
Nonsense. Initially UEFI has control. If UEFI locks down the hardware before it relinquishes control, no other software can disable anything only UEFI can disable. As long as UEFI has control, no malcode can be active and all interaction is ensured to come from a physically present user. If that user, despite warnings, tells the UEFI instance to add a key for a different OS, that is not a security risk at all, that is what the user wants to do on a device he paid for. Sure, you can install malware that way, but only intentionally.
Face it, there is zero reason for this except to prevent competition.Your arguments are bogus and display a fundamental lack of understanding. I almost feel sorry for you and can only advise you to get a job that comes at least with some reasons for self-respect. This one clearly does not.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The licensing agreement itself *is* the proof, right there in black and white. A company has three choices here:
1) Ship their ARM products locked to Windows and be allowed to put the pretty, shiny windows logo on their box and WHQL logo on the system., tell other OS's to take a hike
2) Ship their ARM products without the magical logo on the box, but include windows anyway. Not sure what the legal ramifications are to this, but I'm sure there are some serious financial incentives they'll miss out.
3) Create a forked product line. One would be MagicTablet5000-W with the windows lock-down in place and the MagicTable5000-F (for freedom!) without it. Support problems and brand dilution come to mind for that product.
There is, simply, no valid technological reason for this requirement for ARM and not for x86. And as far as I can determine, there isn't anything like this kind of lockdown on any Android licenses. The Telcos are forcing manufacturers to lock the hardware in the phone markets but that's a different issue entirely.
Scott
Install an OS that isn't compatible with those viruses?
MS classifies those as "malware" and rightfully wants to lock their devices against it. (Yes, it clearly is not your device anymore with these measures in place...)
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
They'll never have a complete monopoly, despite their best efforts. There will always be vendors like Genesi who sell ARM-based products without an operating system, and who don't care whether it works with Windows, as long as Linux works.
No, I don't work for Genesi. My closest affiliation to them is that they have provided some free hardware to the lead developper of my favourite distro, so that he could tweak the installer so it would work on their stuff. That said, I am considering buying one of their nettops for use as an HTPC, if it has decent video playback capabilities.
That said, it does depend on context, and in which situations they're trying to lock down. If they want to lock down a phone, I don't really care. While I appreciate that some folks want to root their phones and install extra stuff, I have yet to encounter a need to do that on my own phone. It's moot, because I wouldn't buy an MS phone anyway. If, on the other hand, they want to lock down an ARM-based PC like that, and prevent people from installing the OS of their choice on the hardware that they have bought, I have a problem. Even if I wanted to stick to Windows on my computer (I don't, except my gaming machine... every other computer I own, including my main system, runs Linux), I think it's really bad juju for them to prevent people from having the choice on a platform like that.
MS knows that once linux really starts to take hold anywhere at all they are in danger everywhere.
I'm not so sure, the majority of Linux geeks have windows installed aswell. I reckon the real way to success would be to embrace linux, hell they should provide there own version and make dual booting easy. Then majority of people will use windows most of the time, but the semi geeks won't feel too trapped and the hardcores still get exposer. If MS wants market share silly lock downs won't get them there, making a compelling new device with the great functions and features will; something like installing the kinect inside a phone maybe.
Rocket Surgeon.
Well it's good to know I don't have to every consider buying a Microsoft device. If I hate it or want to get more life out of it later, I can't install anything else on it, so it's not even a remote possibility. That's nice of them, it makes my purchasing decisions that much easier, I can just write them off entirely.
your comment is good, however the bit where I think you're wrong is that running office app on a tablet or ARM hardware is hardly a monopole lever. the real future is running office though th web browser, running apps is obsolete. already I am only using outlook web access to check mail, on my android phone or my iPad, and soon office 365 will come around in the corp I work for. we're all running chrome with sharepoint and OWA already. even if couldn't do that, there are hundreds of apps that can edit word documents (and outlook shows them to you in html)I don't see the problem you are seeing. also, the business who would buy a tablet to run office is hardly the whole tablet market. this thinking should have made the blackberry playbook a runaway success.
Don't be naive. Even MS is not that incompetent. They know what they are doing here.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Micorosft is finaly realising their dream of creating a TCPA compilant plataform, iOS and Android aren't getting any more open and the smartphone market is finaly big. Everything is good now for somebody to pull a "PC" on phones.
Create an extensible standard for ARM (we are near there already), sell a basic machine folowing that standard, then, sell extended versions. Make sure to publish the drivers with your Linux kernel (get them in the main tree if possible), and laugh while developers adopt your architecture.
Once you have the developers, getting users is just a matter of time. Be sure to use your first mover advantage wisely, and sell the company before the market get completely comodityzed.
Rethinking email
IIS has an 18% market share and something like 90% of successful breakins to web servers are done against IIS servers. Roughly 80% of the webserver market is running linux.
When's the last time you saw google get hacked? They run a custom OS built on top of linux. Facebook runs linux on their servers. All of the top supercomputers in the world run linux, 80% of the top 500 run linux. I don't remember the last time anyone ever said a supercomputer was hacked, do you?
If you want to point out these rootkits and exploits, feel free to show me them. I would be amazed that any major exploit for a linux OS would not have been patched quickly.
The only real way of breaking into a linux system that I know of is to have physical access to the computer or to have a bad sysadmin.
There is a big difference between having a secure platform and a locked down platform...
You can make the process of unlocking complex so that only technically oriented people will do it, and ensure that it includes enough warnings to discourage casual users...
An automated piece of malware couldn't unlock such a system unless it had a bug, and any system can have bugs...
You can easily make the unlocking process require physical access and/or a physical connection to another device.
A social engineering attack is highly unlikely to guide users through a complex procedure either...
The Google Nexus phones, and phones from vendors such as HTC have the right idea... They are locked by default, but can be unlocked by users who are capable of following the procedure.
Most users never will, but for those of us who want to an option is available for us. Also when these devices become old and unsupported, they can be reinstalled with new open source software and continue to be useful devices.
Hardware which is completely locked is destined to become landfill as soon as the software vendor drops support, and how soon that happens depends on all kinds of factors... If windows/arm isn't very successful, MS could drop support for it entirely in a year or two (just like they did for windows/mips and windows/ppc, anyone remember those?) and then you'd be left with a useless lump with hardly any apps and an os that will never be updated or have any security fixes.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Linux is already taking hold in pretty much every market except desktops...
Servers
Phones (Android, also WebOS/Meego)
HPC (see the top500 list)
Embedded devices like routers, set top boxes, televisions, voip phones etc...
Many people these days have more linux devices in their house than they do windows, and don't even realise it.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I really hate to side with the Mac user, but he's right... his Mac *is* far more open than Windows, and has *far* more support from Apple in installing an alternative OS than Microsoft ever gives.
That, however, is because Apple is a hardware vendor, and they throw the OS in on the side. Microsoft is an OS vendor. It's not in Microsoft's interest to allow you to install something different, but it *is* in Apple's interest to give you that option.
iOS != OSX. They have a similar core, and come from the same people, but they serve entirely different purposes.
even Android manufacturers lock down their devices with similar technologies because it makes the devices secure. Why is[SIC] Microsoft allowed to do the same
That's the difference right there. Phone manufacturers lock down their devices. Android doesn't require it. Microsoft is dictating to the manufacturer that they must lock it down. They probably would anyway, so I don't why Microsoft feels compelled to tell them what to do. Hopefully, they will just backlash and not bother with MS.
/. bitches about Windows security and then when MS does something they bitch about that. No Linux fan ever said MS should lock down hardware, they say MS should control what the software that runs under MS OS should be able to do, not lock down the hardware. A shill is not to be taken at face value.
And it's not a valid comment. The OP posits that
I don't think they fear Linux geeks. I think they are terminally afraid average people could realize how bad and how far behind Windows actually is in comparison to the alternatives.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
i cant think of a better example of how corporations are castrating consumer alternatives. this needs to end.
Join the Slashcott! Feb 10 thru Feb 17!
I'm not so sure, the majority of Linux geeks have windows installed aswell.
Not true. Most have moved to basements to completely avoid having windows at home.
As much as I applaud their production of mostly unencrypted devices I suspect it has little to do with their market share. It probably has more to do with the fact that they are a leading manufacturer of most of the expensive components of mobile phones. Which is because they made real commitments to R&D decades ago.
Of course the two may very well be related. Unlike some US companies that are led by lawyer, marketers or economists, they still seem to have an engineering tradition.
grape - the GNU free, open source rape
But if someone says 12 is 6 of one and a half a dozen of the other does it make it wrong if you don't like the company?
Lets be honest and cut the bullshit folks, we're all geeks and adults, yes? There are TWO VERY LEGITIMATE REASONS for doing this that even the blind would be able to see. 1.- After seeing how badly Google has been getting pwned with Android malware the LAST thing MSFT wants is to be the easily pwned OS in this new market, and 2.- the REAL reason I'm willing to bet my last buck they are doing this....ready? PIRACY. Not only is MSFT Windows most likely the most highly pirated software on the entire planet but we've already seen pirated phone apps all over the web. by locking down their OS and hardware this gives them a better platform for those that want to sell phone apps, think X360. yes we all know there are pirate X360s out there but it means you have to have two systems, the cracked and the legit and most folks simply aren't gonna go through that much bullshit. I'm sure MSFT will have special keys which will be tied to the OS and hardware so that those selling apps on windows market know they aren't gonna get pirated without them doing some serious hardware hacking which the vast majority won't do for fear of bricking.
Finally the most important thing which will probably piss off the fanbois but seriously, who gives a flying fuck? Its not like MSFT is gonna sell jack shit when it comes to Windows 8 on ARM anyway because the whole damned selling point of Windows is WINDOWS PROGRAMS which are all x86. Has everyone forgotten WinNT on Alpha and MIPS? Remember how quick and how hard that shit bombed? Why would you want Windows if you can't run Windows programs? Its not like you can just recompile those 300,000+ programs for Windows to run on ARM now can you? Apple can change arches because the programs people buy Apple devices for, your iMovie and iDVD and Garageband and iTunes are all written by guess who? The ONLY thing MSFT has besides the OS is Office, big whoop. Everything else is by some third party and most won't bother because there are literally a billion Windows boxes they can sell for that run x86 and they don't have to change a line of code, so why waste the money on a niche platform MSFT has already struck out on not once, not twice, but THREE times now, first WinMo then Kin followed by WinPhone...see a pattern?
Personally they can have it written that you can't use Win 8 for ARM unless you watch Ballmer do his monkey dance for all that its gonna matter, its gonna bomb, YOU know it, I know it, hell everybody knows it! Everyone will stick with iShiny and those cute little dancing droids. There is ONE nice thing though, after this shit bombs we'll be getting Win 8 pads at Touchpad prices and if you end up with a $500 winPad for the firesale prices the touchpad went for are you REALLY gonna give a shit what it runs?
ACs don't waste your time replying, your posts are never seen by me.
And why not bitch at Apple for locking down OS X and iPhone's too?
But... WE DO BITCH AT APPLE FOR LOCKING DOWN OS X AND IPHONE TOO.
I do this every day, and twice on weekends.
Posted from my Droid.
Locking it to one OS gauarantees that, when an exploit is found it can not be fixed by any means but through that OS. Relying on Microsoft to have secure software and offer fast and relyable fixes has been proven to be contrary to reality on more than one occasion.
Having to work for a living is the root of all evil.
Microsoft doesn't have monopoly on ARM-based devices. On top of that, even Android[...]
YOU DON'T GET IT!!! We're not talking about PHONES here, but about real computers, with UEFI instead of the BIOS!
What they do is not secret: http://waggeneredstrom.com/about/approach
Monitoring conversations, including those that take place with social media, is part of our daily routine; our products can be used as early warning systems, helping clients with rapid response and crisis management.
Microsoft are No 3 on their client list
http://waggeneredstrom.com/clients
DavidSell ByOhTek antitithenai, Bonch, Dtech and others are psuedonyms/sockpuppets used by the team to "guide" discussions.
Uhhh...maybe because businesses would have a royal stinking shitfit if they couldn't use those software assurance licenses they paid out the ass for? Hell I had a couple of business that up until recently were using Win2K and just now migrated those last machines and there are still a LOT of companies running XP thanks to legacy software. Can you imagine the screaming shitfits if they bought new hardware and found they couldn't run older versions of Windows? With ARM MSFT doesn't have to support FOUR different OSes (XP/Vista/7/8) so they don't have to leave such an obvious hole open. BTW did you know the bootloader is how Windows 7 is pirated? it fakes an OEM boot signature and it even passes WGA. Hell the thing is easier to snatch than XP, it don't even need a key thanks to the cracked bootloader!
But in the end frankly it just doesn't matter, except to laugh as the "ZOMFG M$!" trolls wet themselves, because if MSFT manages to even reach 4% when it comes to Win 8 on ARM I'll die of shock. Its just stupid, pointless, and a complete waste of time and resources because without the third party apps that are all written for x86 who the fuck is gonna pay the extra cost of the Windows license? this is just another chapter in the continuing saga that is Steve "OMG I want to be Apple so bad!" Ballmer's totally horrid leadership at MSFT. I mean look at his track record folks, rushing X360 out with a fatal flaw which cost billions, Zune, killing the successful playsforsure and pissing off all those that had signed on by replacing it with the Zune market, All the money they blew on WinMo, Kin, and now WinPhone 7, and now this, screwing with Windows in the vain hope that users will buy something just because it says Windows even though it won't run WINDOWS PROGRAMS. I swear if I didn't know better I'd think the guy was trying to torpedo the company on purpose, hell maybe he's shorting the stock, who knows. I'm willing to bet my last buck though that Win 8 will make Vista look like Win95 and i'll get to spend a year wiping it for 7 just like i did Vista for XP.
ACs don't waste your time replying, your posts are never seen by me.
Intel's new Medfield Atom will run Android phones and tablets, Tizen devices, Win 8 tablets and (if MSFT get's their head screwed on correctly) Win Phone. Since the underlying firmeware environment in the medfield platforms is driven by Intel's reference design, MSFT will not be able to dictate whether other OSes can boot any more than they can in the rest of the x86 world. (Assuming OEMs will be smart enough to let customers control UEFI authentication)
That's NOT the point. The point is the UEFI specs should have IMPOSED to OEM makers that the users can enter the bootloader signature if they feel like it. Now, Microsoft forbids it, in the name of security. So the flowchart is more:
1. It can be done in an open way and still be an improvement in terms of security, without even needing features to disable bootloader signature checking.
2. Is MS abusing his business power here, by compromising the UEFI specs which are already broken in many ways, and not followed by OEMs.
3. OEMs will most likely follow MS "recommendations", because they do want the stupid "Windows 8 ready" logo.
4. Somebody has to stand (the EFF? the FSF?) and make this kind of anti-competition behavior stop.
If you didn't get it, the bootloader, in a fully encrypted HDD, is the only piece of software that can be hijacked. WE DO need the bootloader signature checks if we want to have a fully secured system. But of course, not this way. In a way were we can manually enter ANY signature by ourselves if we want to.
a) OP's points are still wrong. You don't need to lock the hardware to one OS in order to prevent malware. Car analogy? No problem: It's like saying that the tire rims must be welded onto the wheels in order to prevent tire slashing. The OS (tires) can still be compromised no matter what you do to the underlying hardware, so the whole argument becomes one great big false premise.
b) there's no way to tell for certain, but it does happen a lot: http://waggeneredstrom.com/clients
c) Dude did do it incompetently. He's not a subscriber, yet there's a whole novella waiting mere moments after the story is posted publicly. His posting history also shows an incredibly strong pro-Microsoft bias, even to the point of nonsense at times.
d) see c)
As for the rest? Certainly you don't need WHQL certification to run drivers on Windows - but Joe Public will see a buttload of bells and alarms warning him if he tries to install it.
There are no major security reasons for doing it - period. Once someone has physical access, it's game-over anyway - no matter how hard you think you can lock it down.
HTH a little. /P
Quo usque tandem abutere, Nimbus, patientia nostra?
Let's say I encrypt all my linux partitions, then somebody sneaks into my laptop, replaces the bootloader by something he created (or that his best buddy gave to him), which prints the exact same things as I'm used to on the screen, but instead of asking me the passphrase for my dm-crypt partitions, it's just a keylogger thing... I'd have no way to see the difference ... UNLESS there's UEFI, which would see that the bootloader has been replaced. Please don't tell that bootloader signing isn't important, that's simply not truth.
They probably hope to increase their stock market value by copying Apple's lock down on their devices.
Next you will get an Microsoft Appstore and a Microsoft VM, but you will have to pay Microsoft money to run linux on that VM.
Ah yes, and development tools will be forbidden, unless you pay for a developer license from Microsoft.
All in the name of security, while viruses and trojans will just install themselves in userspace as normal apps, or might even hack into the OS irreversibly through bugs.
Hey don't blame me, IANAB
Couple 'o Points:
1.- After seeing how badly Google has been getting pwned with Android malware the LAST thing MSFT wants is to be the easily pwned OS in this new market, and 2.- the REAL reason I'm willing to bet my last buck they are doing this....ready? PIRACY.
1. Android's malware woes weren't all (or even mostly) tied to the boot sector, so this makes no sense.
2. Err, how on Earth is locking the boot sector going to stop piracy? I may be missing something here, but seriously? Not seeing it.
As for the rest, I largely agree, except for one bit:
There is ONE nice thing though, after this shit bombs we'll be getting Win 8 pads at Touchpad prices and if you end up with a $500 winPad for the firesale prices the touchpad went for are you REALLY gonna give a shit what it runs?
The fact that Android on the HP TouchPad was hurriedly pushed out and then widely broadcast says otherwise. The reason? An unsupported OS/arch means no new applications, no updates for existing ones (after awhile), and you;re basically stuck with something that becomes obsolete faster. Seems like a total waste of hardware after awhile.
Quo usque tandem abutere, Nimbus, patientia nostra?
you doubt they subsidize the device? Doubt no more since it's well known that while Microsoft will charge licensing fees for their software, they also sign _marketing_ agreements which funnel money back to the vendor. Getting netbooks away from Linux when they first appeared cost Microsoft lots of money as they pulled Windows XP from retirement, licensed it very cheaply( down in the range of what they license Windows CE for ~$15 ) and then turned around and provided lots of money back via the marketing programs. When Windows 7 was release, Steve Ballmer even told guests at their shareholders meeting that they would not be licensing Windows 7 as they did Windows XP and would not name that mistake again. or to that effect.
There are also bits of evidence that when companies, big ones, start looking into migrating to Linux software there is a fund Microsoft sales people can pull from to greatly reduce or even eliminate the cost of the Microsoft software to keep them on Windows, etc. There were some European stories where this kind of back funding was exposed. There was a cheap laptop program in Europe which was getting Linux preloaded as requested by the orgs CTO but Microsoft went over his head and got Windows preloaded which forced the CTO to redirect the delivery to a 3rd party to reimage the device with Linux. There was also the cheap Laptop program for Thaiwan which had Dell or HP preloading Linux and the devices were selling so fast the company ran out of inventory and the other (HP or Dell) was asked to come in and supply devices. In popped Microsoft and surprise surprise all of a sudden there was a switch to Windows and even including MS Office all for $15 but we didn't hear about the backroom marketing or "services" funding they used to make the switch a money making proposal for the vendor and an expense for Microsoft. All to keep Linux off devices.
So, they have been doing this kind of thing for decades. Any time you hear someone say Microsoft is friendly to Linux or open source it is 100% bull and 100% marketing drivel. The Windows OS is what they making all of their income from and protecting that is a standard business practice. Spending millions protecting that is nothing relative to the billions per quarter in profits they make from it.
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
Its not like MSFT is gonna sell jack shit when it comes to Windows 8 on ARM anyway because the whole damned selling point of Windows is WINDOWS PROGRAMS which are all x86. Has everyone forgotten WinNT on Alpha and MIPS? Remember how quick and how hard that shit bombed? Why would you want Windows if you can't run Windows programs?
Ahhhh, but you forget... Windows isn't about programs anymore, it's about apps. And all the hot developer action on Windows these days involves building apps for the Metro UI -- which, not coincidentally, is the Windows Phone and Windows 8 ARM UI. It's even the Xbox UI now. A Windows 8 ARM tablet isn't going to resemble a Windows PC as much as it's going to resemble an iPad that runs a Microsoft OS. The bonus is that you'll be able to take the same programs you run on your Windows 8 tablet and run them in the Metro Start screen on your Windows 8 PC.
I know, it doesn't sound particularly appealing to me, either, but that's how it is.
Breakfast served all day!
The right question is why Microsoft is interested in Adjustable Rate Mortgages in the first place.
http://www.geoffreylandis.com
that's why I say we start calling Windows Phone 7,8,etc devices Windows Phone phones. The name, Windows Phone, is a dumb play on the iPhone name and this technique goes back decades. For instance, IBM had a web browser on OS/2 in the 90s called IBM Web Explorer and later Microsoft licensed Spyglasses Mosaic and labels it Microsoft Internet Explorer.
They probably wanted to call it the new UI over Windows CE the WinPhone but no doubt it was more important to try and specifically tie it to MS Windows and they'd already used Windows Mobile for a name. Windows Phone phone
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
So... what stops WidgetCo from selling a cheaper version of the hardware sans Windows, unlocked?
The fact that people don't want to have to buy and carry two portable devices: one to run only applications designed for Windows and one to run only applications designed for Linux. Furthermore, they don't want to have to subscribe to a separate cellular data plan for each device, especially in areas where only CDMA2000 carriers that don't use CSIM offer reliable service.
Is MS to stingy to pay for good liars?
Apparently not: David Sell, Senior Software Engineer, Microsoft.
Not that I'm saying he's a good liar. Or is he a bad truth-teller? I'm confused now - which is the more litigious or offensive? Anyway, it's a heck of a coincidence. So don't buy a Windows phone if you want to fuck about with it. Or buy one because it's a challenge. Choices, choices...
One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors - Plato
How is that any more worrisome then congress straight up saying the gov can spy on citizens with impunity using private corporations and no one will be held accountable for it.
Good-bye
If it's not possible to customize the secure boot keys, or even deactivate the checks, does that mean that win 9, when it comes out, wont be installable ? Or does this mean that never, ever, Microsoft will change its boot loader? To me, that seems to be the former. Because seeing the way UEFI is designed, there's enough space for huge boot loaders, meaning that probably, we'll see vendors putting lots of stuffs in it (eg, the times of the 473 bytes of the MBR are FINALLY fading away). So I don't see how a vendor wouldn't want to update the boot loader when a new version of the OS comes out.
Anyway, if I'm right or not, it doesn't mater. Both ways, if OEMs are respecting Microsoft specs, this also means that anytime, MS can decide that the new version of their OS will be incompatible with the hardware you bought, simply by changing/adding one byte in the boot loader file. If that proves to be right, then OEM makers will be very happy to respect specs that will push their customers to buy a new version of their hardware each time they will want to use the new version of the MS operating system.
That's were the customer normally stands up and boycotts both the software and hardware product for more sustainable alternatives. At some point, it will show, and even the wider general public will get what's happening (yes I know, I'm dreaming here...).
I am one of those dual booting geeks that you speak of. I can tell you that I spend a very, very limited amount of time on windows. Usually to play a game or to set up some device with windows only device setup. The reality is that for me, and a lot of people (not everyone) windows is an environment that forces it's users to follow a paradigm that may or may not fit anyone's personal needs. My wife is still not sure about moving to windows 7 because the library file system thing is confusing to her, and she doesn't want to deal with it. Our home server and home security, media centre and desktop systems are all Linux. She uses all of them and has no problem understanding how they work. She has remote access to all that from her laptop or her cell phone. If something doesn't make sense to her, I change it until she likes it. That's Linux.
Now after having said all of that, I want to say. I don't work in software, or IT. I can code in bash, python, javascript, (html, css.. is that really coding?). I have met quite a few teenage kids that can do much of that. People like me are not really that much of an exception any more. People who can install and customise Linux, whether it be Ubuntu or Android are even less of an exception. Apple and MS pander to people who don't want to, or cannot understand the system they use beyond the interface. Those people are getting fewer and fewer.
MS has a reason be afraid. Android is creating a whole new segment of super users, that (even if they don't know it) are learning Linux.
once more into the breach
What's preventing us from writing a secondary boot loader that gets invoked by the digitally signed windows 8 one, a.k.a. chainloading? Instead of booting some Windows kernel, that W8 bootloader will simply boot something that *looks* like a W8 kernel. And even if that primary boot loader checks the signature of that W8 kernel, since that kernel binary will always be the same, how long until we create a hash collision to satisfy that requirement? All in all, I don't see a big problem here, should M$ really tried to play evil once again.
cpghost at Cordula's Web.
Anyone who makes this argument must have been asleep in the 90s. It was only by a thin margin that general computing survived - we could easily have had only Microsoft as our PC vendor (for desktops and laptops, anyway) had they been a little more clever. Even today there are only a handful of small companies that will sell you a pre-built computer without a Windows license attached - Dell's [pathetic] Linux offerings aside. Any computer you bought, even custom, you would have had to get a Microsoft Windows license with. You can thank the Free Software movement for preventing that - for inspiring NeXTSTEP (Mac OS X), for making Linux a viable desktop choice in the professional and academic arenas, and for ensuring IIS didn't dominate servers. (There were other factors of course, but IMO the FOSS movement was most influential.) The Edmund Burke quote, "The only thing necessary for evil to triumph is for good men to do nothing," fits here I think. It's essentially the same as saying "if you don't like the Democrat, vote for the Republican." They're all on the same side. Unfortunately no one has come up with a viable solution to that problem yet.
Everything is hackable. Hardware is the new frontier.
There will be so much interest in Microsoft's private keys that they will be the prime target. They will need to have different keys for all devices just to maintain moderate security and that won't stop hardware hacking.
Let me repeat, the only way to defeat crackers is monetize the industry and give them a big cut of the action. Crackers against crackers. They design the system and if it's cracked their percentage goes to paying off the cracker. You end up with DRM companies trying to crack each others systems.
Really? If they can be caught spamming some 100-reader blog in India nobody ever heard of, slashdot should be a no brainer.
Help stamp out iliturcy.
Apart from the fact that Microsoft isn't restricting the secure boot loader for Intel Windows 8 machines, but *is* for ARM equivalents (no logic to that and also blows any security reasons out of the water), there is the question as to what happens if the end-user wants to either repair the OS via a boot disk or upgrade to Windows 9.
I'm presuming that no-one other than Microsoft can make a ARM bootable CD image for ARM Windows 8 machines any more (so no more live ARM GParted etc.). My guess is that OEMs will have to provide a boot disk (or some burnable .iso file equivalent) to repair ARM Windows 8 should it fail to boot (that's something that - ironically - has gone out of fashion with most OEMs now for Intel Windows machines).
Also, will the secure boot keys for ARM Windows 9 or later be identical to the keys for ARM Windows 8 (or will MS insist on keys for 8, 9, 10 and 11 are included in all ARM Windows 8 machines?). If they're not, then no-one can boot an upgrade disc any more (i.e. upgrades would have to be done via a booted Windows 8 machine only). Even worse, no-one would be able to install a fresh retail copy of Windows 9 on an ARM Windows 8 machine either (or will it be signed with the Windows 8 key to confuse matters?). I do suspect that MS will just have one key to cover all the Windows stuff (Windows 8, Windows 9 etc and maybe the same for both Intel and ARM), otherwise it could get very messy as new releases come out.
This move by Microsoft will, I suspect, hurt them more than help them - I will never buy a machine that can only run Windows (which is the worst of all mainstream OS'es, IMHO of course) and I will actively dissuade anyone else from doing so.
The fact of the matter is that we are approaching the end of the Personal computing era where you have to have a "PC" in your home to do computing. In the future, most people will have devices like tablets, smartphones and dumb terminals which connect to the "cloud" to run the more CPU intensive applications. You will still be able to buy a PC/Server for your home to run your own private "cloud" but you will still probably connect to even your local cloud through a portable device or TV rather than sitting at the "console" of your computer.
Most people do not code so they really don't give a rat's arse about open source. They might download "free" software that happens to be GPL'ed but they really don't care about the license as long at the software is "free" as in "beer".
You will still see developers, video editors and gfx artists owning computers but the vast majority of people will play games, manage their photos, music and other files online.
Even in business, nobody will "need" a desktop and will be able to use a dumb terminal connected to a private corporate cloud running citrix xen desktop or something similar. Heck, even a developer of desktop/server software can use a citrix instance to do software development. My development box at work was a VMWare server instance until recently when the server farm died.
Jesus was a compassionate social conservative who called individuals to sin no more.
I have heard an alternate theory - one that I quite like (but it remains to be seen whether it'll play out).
Subsidies.
Seriously, Microsoft is all-but unknown in the mobile phone & tablet marketplace - and the total failure of anyone to produce a tablet comparable in build quality and specs to the iPad for a significantly cheaper price - puts Microsoft at a severe disadvantage. They get involved with some cheap nasty Chinese OEM, they wind up with their product being synonymous with cheap nasty tablets. They get involved with someone like Samsung, the product works out at exactly the same price as an iPad or a top Android tablet but without the benefit of a large app store or a brand that's well respected in that marketplace. By subsidising the tablets, Microsoft could make a dent in the market - but they don't want to do that and have a bunch of instructions show up on the Internet a week later for "How to turn your Samsung Galaxy Tab 10W (RRP: £299) into an Android tablet (RRP: £399)".
You missed the part where they demand to disable adding other keys/turning off secure boot by user - and they're only demanding it for ARM, x86 is free to have it. That's what's the article talking about, not the secure boot itself.
You don't need to lock the hardware to one OS in order to prevent malware
Yes, actually you pretty much do
That doesn't change the fact that doing so makes the device more secure.
Limiting secure boot to single certificate and single OS does not add any more security. If secure boot storage is not available after passing control to verified boot loader - which is pretty much a requirement for it to be secure - it doesn't matter how many keys are in there. Disallowing manual disable - note that it is also something not available to any software after secure boot finished its job - also doesn't make device more secure.
Do try harder.
Microsoft Don't seem to:
For those who have just arrived on planet Earth: Microsoft are making more money from being a patent troll selling Android licenses than they ever were from they're own windows 7 phone OS.
Microsoft don't own ARM so what difference does it make that they are locking down their own bootloader?
Does it really matter? Why buy a windows phone if all you want to do is hack it, there are plenty of other phones that are hackable if that's what you want to do.
What's the big deal here?
What.
Check it - secure boot assures that bootloader(s) are not tampered with in the first place regardless of how many keys are in there, as long as only user with direct access to hardware can change them.
If you're gonna call the user an "attack vendor" outside of users-are-stupid joke - well...
And if you're gonna argue "someone can replace your HDD with a tampered version while you're not looking" - a) secure boot key storage shall be password protected, b) access to hardware gives a lot of easier opportunities, like hardware keylogger stuck directly into kb port, so secure boot doesn't protect from "hacker with access to your PC" vector, whether it has one hard coded key or a thousand.
I mean, it was only what, last month, that MS was reassuring folks that nothing in Windows 8 would preclude other OS's from being installed, period (assuming the OEM's didn't force the issue).
Now - not so much.
Wonder how long we have till MS makes it even harder on regular x86...
Check your premises.
True, but the only thing holding me on Microsoft personally is OneNote. There just isn't a decent open source equivalent.
When our name is on the back of your car, we're behind you all the way!
Clearly you no longer 'own' hardware or software anymore. You're renting it or licensing your use of it or whatever legal fiction they call it today. In either case, with rental the firm or person you rent it from now has substantially greater responsibilities to maintain that which is rented, Moreover substantial liabilities transfer to the firm or individual you rent from as a result.
Microsoft are so desperate to contain the widespread adoption of GNU/Linux on non-x86 platforms they have to now resort to OS lockout. Instead of competing fairly by actually developing good software Microsoft would rather choose the path of least effort - and greater hostility Same old. Same new. Microsoft will never change unless the toothless tigers in government decide to break up this behemoth of a company.