Slashdot Mirror
Microsoft Taking Aggressive Steps Against Linux On ARM
New submitter Microlith writes "Microsoft has updated their WHQL certification requirements for Windows 8, and placed specific restrictions on ARM platforms that will make it impossible to install non-Microsoft operating systems on ARM devices, and make it impossible to turn off or customize such security. Choice quotes from the certification include from page 116, section 20: 'On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enabled' — which prevents users from customizing their security, and in section 21: 'Disabling Secure MUST NOT be possible on ARM systems' to prevent you from booting any other OSes."
Don't you mean iOS? My mac isn't locked down in the least, and in fact is more open than windows.
---- Booth was a patriot ----
The trick to being a good shill is to not have your diatribe prewritten to post as soon as the story goes from red to green.
It's a little too blatant otherwise.
And why not bitch at Apple for locking down OS X and iPhone's too?
But... WE DO BITCH AT APPLE FOR LOCKING DOWN OS X AND IPHONE TOO.
Seems these criminals have forgotten the last lesson in not behaving anti-competitively already. Time to fine them a few billions to make them remember.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Sir, you are either paid propagandist, or you have no idea what you are talking about.
The security we (Linux users) always wanted was supposed to be on software level, not on hardware level.
Doing anything like this on hardware level is definately anti-competitive.
OS X doesn't stop you installing other operating systems. OS X even comes with a tool that will resize your existing partition, provide space for another OS, and Apple computers have a graphical boot menu out of the box for selecting the OS to boot.
I'm not sure about iOS devices. The older iPods didn't actively stop you from installing other operating systems (they just didn't support it, which is fair enough). If the new iPods / iPhones do lock the bootloader and prevent you from installing something else, then that would be something worth complaining about, although there are enough other reasons for wanting to avoid Apple's locked-down consumer product lines that it's probably quite low on the list.
I am TheRaven on Soylent News
As much as i hate to say it, time to get the Feds involved, again.
Forget piddly sanctions, or even a "breakup". Shut them down once and for all.
If true....
I haven't had a chance to check the story fully yet - I read the MS pdf - but it doesn't actually say those measure will be applied to all devices. Being able to lock it, and locking it by default are not the same thing.
I suspect the story is true, and that MS will pull a security excuse - they've already managed to convince a lot of people that the internet is the OS, and that Google has the monopoly. And I've never seen any changes in the traditional MS approach to doing business - still no set price for their products and underhand incentives (and disincentives). Maybe if they pull the Sony/Apple appliance excuse the regulators (many of whom MS have hired since their last slap on the wrist) will look the other way.
As the Chinese would say "we live in interesting times".
The fact that you think that disabling "custom boot" on ARM makes Windows more secure is yet another indication that there is really no understanding of security in the Windows world. And Linux users haven't been "asking for" Microsoft to do anything; we don't really care. We just keep pointing out that Microsoft doesn't seem to understand security.
Yes, the fact that Microsoft's operating systems are such a failure on ARM: Microsoft is in effect subsidizing hardware in order to give their operating system a chance in the market on ARM; without such subsidies, they wouldn't have a chance. But it is just those subsidies that make the hardware attractive for Linux. In contrast, iPhone and iPod are unattractive targets for alternative operating systems because iOS is successful and Apple charges a premium for their devices.
Locking down the boot loader in that way doesn't improve security and only has one conceivable purpose: to keep out other operating systems, and it is a necesssary part of an attempt by Microsoft to gain market share for their otherwise unattractive operating systems by subsidizing the hardware.
You are forgetting one of the 10 commandments of propaganda: If you repeat it enough times, people will believe it is true.
And, as a bonus, you'll slowly drive anyone that actually has some grasp of the truth slowly bat-shit crazy thanks to the gas lighting effect; which makes them, and therefor their position, unattractive.
Any sufficiently advanced influence is indistinguishable from control.
If the new iPods / iPhones do lock the bootloader and prevent you from installing something else, then that would be something worth complaining about
They do. As do many (probably even the majority) of Android devices. And Symbian devices. And bloody well anything that runs on ARM! The number of locked ARM devices vastly outnumbers the number that are unlocked, or even have the ability to be officially unlocked. Should unlocked ARM devices be the norm? Yes. Is Microsoft's position the norm among every device and OS manufacturer? Also yes.
Also interesting to note is that the updated document specifically requires that UEFI Secure Boot settings can be modified by the end user, contrary to previous hooh-hah.
>> if you buy a Windows device
What is a windows device exactly? Microsoft marketing dept have invented this concept that Windows is somehow hardware. Its not. Windows is an OS. No more.
I buy computers (not Windows devices, or apple devices). I need them to do the things I want. Its my property. I can and should be able to do what I like with it.
They are in despair. They are too late in mobile market. They start to understand that, but they still have this strong hand mentality. They tried it with Windows Mobile - nope, didn't worked. They are tried with lot of different concepts - also wasted. Now the same with ARM notebooks/tablets.
They don't understand that it is too late. People has seen tomorrow without Microsoft. Tablet competition is very strong out there. What is your killer feature? Office? Who needs that? Email, web - it's all there, it's everywhere.
user@ubuntubox:~$ stfu This server is going down for shutdown NOW!
Bullshit. When OS X first came out, it only ran on PowerPC. It came with OpenFirmware, and which provided a graphical multiboot bootloader. When it was ported to Intel, Boot Camp was a separate download, now it's integrated.
I am TheRaven on Soylent News
There are plenty of phone/tablet devices with measures to explicitly prevent other OSes from being put in place. Telling is that the 'OS' in PC world is considered software and in the phone/tablet world they have sucessfully got people calling it 'firmware'. This market is trying to blur the division between the platform and the OS to significant success. Every 'OS' vendor is expected to compete by getting a partner to release hardware around the OS. That means less room for startups or grass-roots OS creation, only certain Android hardware devices are a viable target.
That market is a plethora of monolithic devices with no configurability in hardware or software. This is a huge step back from the state of x86 systems where so much is socketed and mixing and matching is possible by the consumer thanks to rigorous standards in place to make it all possible. The 'primary' targeted OS runs as well as the primary OS on any of these devices, and while an alternative OS may fail to integrate properly with the device (Linux-Vendor ACPI was a sore spot for eternity, better now), the user can make the tradeoffs if they choose.
XML is like violence. If it doesn't solve the problem, use more.
Plain and simple, bullshit. It's a smoke screen. When malware manages to infect boot sector or equivalent, the attack comes from within the OS. Microsoft has every capability of treating writes to the boot area and EFI configuration as special and performing their own security checks to prevent 'unauthorized' writes to that area (going even beyond their permissions to also require signed code). It still regretably break things like Ubuntu's in-windows installer, but I would accept that wasn't their goal and I think the tradeoff is more defensible. Malware because the computer boots off removeable media 'accidentally' is pretty unlikely in EFI case (where OS forces the firmware to skip all that and go straight to boot loader unless user takes action). Attacks where someone maliciously mangles a system they have complete control of is not even a blip on the radar of malware (it may happen, but certainly nothing worth breaking an entire industry over). Incidentally, 'boot sector' type infections are relatively rare in the scheme of MS malware, most malware doesn't bother to infect the boot area, and still they are all over MS platforms.
Also keep in mind, MS is the *only* party who gets to control those keys. The users are not allowed to add new trusted keys. The hardware vendors are not allowed to put another vendor's keys instead of Microsoft's. The vendor *must* use MS key or no one's at all, they are forbidden from using the facility to the benefit of someone like Red Hat for example. The vendor gets in trouble with MS if they use the facility in a way that would prevent MS code from running. How the *hell* is that possibly considered right in the context of 'just improving their security'?
XML is like violence. If it doesn't solve the problem, use more.
Ah, the argumentation flowchart is revealed:
1. This is necessary for security
--> direct lie
2. MS does not have a monopoly on ARM
--> not relevant
3. Everybody else is doing it.
--> not relevant and not true
What next? MS really should have paid for some professionals here, not you clowns.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
That's just it shill-boy.
They're not "simply going to another market".
They're adding stipulations to their credentialing process that REQUIRE hardware vendors to essentially lock out all forms of user choice for alternate OSes on their platform.
So if WidgetCo wants to sell their ARM-Widget 6000 with Windows on there, they have to lock the platform to the point where you CAN'T load the ARM-Widget 6000 with Android or another OS.
Essentially they're forcing hardware vendors to make an irrevocable choice about which market they're going to service instead of allowing them to service any/all of them.
That's quite clearly abuse.
Chas - The one, the only.
THANK GOD!!!
I too am struck by the timing of the initial post, and the similarity of your id to that party's id... it does indeed suggest you're engaged in paid astroturfing for Microsoft.
The response to your 'question': Google doesn't lock down their devices; they leave that choice entirely to the manufacturers, some of whom choose to lock down, others who choose not to (e.g. Samsung, and Google itself).
If Google had as long and detailed a history of being as anti-competetive as Microsoft, they'd garner just as much hate as Microsoft. But Google is much better than Microsoft, both in this case and in longterm overall behavior.
Slashdot, can we have a system where people can be tagged as shills, not just per-comment but as a lingering account attribute?
- First they ignore you, then they laugh at you, then ???, then profit.
Also interesting to note is that the updated document specifically requires that UEFI Secure Boot settings can be modified by the end user, contrary to previous hooh-hah.
What updated document? This is the text:
MANDATORY: Enable/Disable Secure Boot.
On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of Pkpriv. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure MUST NOT be possible on ARM systems.
Nothing else applies to ARM system. It. Must. Not. Be. Possible. Ever. In any way.
Live today, because you never know what tomorrow brings
His premise is entirely wrong. There are a number of ways to ensure the security of the boot sector from the software layer, locking it to one OS doesn't increase security beyond the fact that only one OS's flaws will be exploitable.
It's really a ridiculous attempt at justifying locking in a subset of arm chips to MS only.
They do. As do many (probably even the majority) of Android devices. And Symbian devices. And bloody well anything that runs on ARM! The number of locked ARM devices vastly outnumbers the number that are unlocked, or even have the ability to be officially unlocked. Should unlocked ARM devices be the norm? Yes. Is Microsoft's position the norm among every device and OS manufacturer? Also yes.
Number one Android devices manufacturer is Samsung, which didn't ever bother to lock their bootloaders. Quite the opposite, they contribute to CyanogenMod and ever hired its top developer. Maybe it's one of the reasons they are number one?
Your argument is bogus. We are talking UEFI here. Why would something be acceptable or even desired on x86, yet on ARM it suddenly is necessary to do the same thing differently? Right, for business reasons, i.e. locking out the competition! And that is exactly what MS is trying to do here. Again.
Face it, you prepared "argumentation" strategy for spinning this is not working.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
What they do is not secret: http://waggeneredstrom.com/about/approach
Monitoring conversations, including those that take place with social media, is part of our daily routine; our products can be used as early warning systems, helping clients with rapid response and crisis management.
Microsoft are No 3 on their client list
http://waggeneredstrom.com/clients
DavidSell ByOhTek antitithenai, Bonch, Dtech and others are psuedonyms/sockpuppets used by the team to "guide" discussions.
The right question is why Microsoft is interested in Adjustable Rate Mortgages in the first place.
http://www.geoffreylandis.com