Ubuntu Will Soon Ship On 5% of New PCs

An anonymous reader writes with an excerpt from Phoronix: "Chris Kenyon, the VP of sales and business development for Canonical, just spoke this afternoon at the Ubuntu 12.10 Developer Summit about what Canonical does with OEMs and ODMs. He also tossed out some rather interesting numbers about the adoption of Ubuntu Linux. Namely, Ubuntu will ship on 5% of worldwide PC sales with a number of 18 million units annually."

Finally

[Nerdfest]

All i can say is "about time". It's nice to see this happening just before the UEFI change-over as well to help ensure than Microsoft doesn't lock out other OS options, or at least there's a token commercial opposition. I'm not a fan of Canonical's Unity desktop, but I know some people are, and it definitely looks (and acts) better than 'Metro''. Overall, Canonical's timing could have been a bit better, but it could have been worse. Just before the change-over to a questionable version of Windows, and after a couple of fairly major OS X scares is a decent time to get some advertising in place.

Re:Finally

[Missing.Matter]

It's nice to see this happening just before the UEFI change-over as well to help ensure than Microsoft doesn't lock out other OS options,

Why so worried about this? Microsoft's own hardware certification process requires this is not the case on x86 systems. Page 116:

MANDATORY: On non-ARM systems, the platform MUST implement the ability for a physically present user to select between two Secure Boot modes in firmware setup: "Custom" and "Standard". Custom Mode allows for more flexibility as specified in the following:

a) It shall be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK.
b) If the user ends up deleting the PK then, upon exiting the Custom Mode firmware setup, the system will be operating in Setup Mode with Secure Boot turned off.
c) The firmware setup shall indicate if Secure Boot is turned on, and if it is operated in Standard or Custom Mode. The firmware setup must provide an option to return from Custom to Standard Mode which restores the factory defaults.

Re:Finally

[shutdown+-p+now]

Providing the signing key that's used for Windows would completely defeat the purpose of secure boot as anti-malware tool, since any malware could then be signed with it and work out of the box.

Instead, the way it works is that you generate your own key, sign your bootloader with that, and add it to the signature database - this was covered by this item in GP's post:

It shall be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK.

Re:Finally

[rtfa-troll]

They lock it on ARM for the same reason Google does it with ChromeOS, because if you can just bypass the boot security on a mobile device ALL security is as easy to bypass as "Hey want a free copy of "Plants VS Zombie" well just run this!" which then installs itself into the boot and ur pwned.

What's interesting about the Microsoft associates on this site is how ignorant they are about computing, even their own operating systems.

There's this principle of having different execution contexts which is implemented (among other places) in the NT kernel at the heart of Windows operating systems. This is just as applicable in a mobile environment under ARM as anywhere else. You can mark one context as "administrator" which has access to the boot loader and another context as "user" which doesn't. This means that even if the user runs the "Plants VS Zombie" trojan it will not be able to take over the system, just the single user account. You can then provide a simple "restore to defaults" function which restores the user's account or even you can provide a proper anti-virus solution which runs in the administrator context but cleans up the user's context. This allows us to set up concept known as "defence in depth" where there is more than one layer of security protecting your system and you can even opt out of certain security features that aren't suitable for your application without compromising your overall security.

The great thing about using multiple execution contexts is this is that it can even be layered over a secure boot mechanism which is part of why Google ChromeOS is able to have a secure boot mechanism and still allow you to take total control of your system safely. Some systems like Red Hat Enterprise Linux and Fedora even provide multiple security contexts within one user context through advanced mechanisms like SELinux. For normal users this works out of the box, but if you want to achieve special effects there can be some considerable time investment. I'd advise you to install a new version of Fedora and spend the next ten years or so building custom secure execution environments so that you can keep yourself entertained for life.

Re:Finally

The problem is, Microsoft and much of the rest of the computer industry see it the other way around: The PC x86 platform is open because of the "mistake" IBM made in 1981, and MS and rest will do their best to avoid that "mistake" to their bottom line again (or so their short-term thinking goes). The tradition of interchangeable extension cards, CPUs, RAM, etc. is the exception. Look pretty much anywhere else, and it's "not invented here", and competing standards all over. The phone industry couldn't even agree on a common charger plug before it was mandated upon them by EU law.

So what does the future look like? Well, no need to look through a crystal ball, just look out the window: Patent lawsuits over mundane stuff like slide-to-unlock and rounded corners. Google buying a complete company (Motorola), not because they want to sell phones, but because of the "patent war chest". Full break-down in innovation: Just go to any smart phone section in your local mall today, and it's a long row of almost identical devices. Slabs with ever bigger touch screens, which are less hackable than any IBM PC ever was.

Back to the BIOS lock-down issue, it is not unreasonable to expect that the IBM PC platform will diminish over time. Laptops are already outselling desktops, and phones are shipping in similar numbers. It might not be ARM which takes over everything, but x86 will surely fade at some point. And when that day arrives, MS and the rest will say: "Well, it's not x86, so we can screw you over any way we like".

As for the apologetic losers around here, who defend these practises, and toss away our freedom like it was leftover food; most of them are shills, astroturfers, or employees of said companies already. They will keep their cosy jobs and wonder what the big freedom fuss was about.

Re:Finally

[rtfa-troll]

What is sad is how little you seem to know about ARM which has no ASLR except in ICS and it has been found wanting

• ARM is a processor architecture (well, really an ISA, but let's not confuse the beginners here).

• ICS is an operating system version.

• There is no ICS version of ARM.

• ASLR has often been found wanting. It is not a primary security layer, just a backup defence when the other layers fail.
• none of these facts are even relevant to the discussion.

so YES YOU CAN screw the boot sector by simply writing to the correct memory address (which since we are talking hundreds of thousands of identical handsets isn't hard)

The thing you want to look up is memory protection. This is before we even start discussing the .NET runtime which is what should be providing the protection against hostile code running in user owned memory space on a Microsoft environment, which is what we were discussing.

I will now just quote part of your post, putting beside each other two different things you said:

the engineers at Google they are idiots since they are doing the EXACT SAME THING as MSFT? [.....]The ONLY difference between MSFT's version and Google's is that Google has a "dev mode" that will cripple the security

Ah yes, the engineers at Google are doing the "EXACT" same thing except it's different. Yes. Not "a very similar thing". Not even "the same thing" but "the exact same thing". But different. I think I have a tip for you from a real actor.

But hey, what can one expect with troll in their name except trolling.

Given the quality and hilarity of your post; I guess I should take it up full time and not just when people fail to read the article. I thought you guys were professionals.

The best part...

[TWX]

...isn't that a preconfigured OS is installed on the computer. It's that a computer is sold with all of its hardware functional in Linux, so when one buys one of these, one can wipe the vanilla install off, if one chooses, and install one's own favorite distribution and know everything will work.

The other obvious benefit is no Microsoft tax. Even if Ubuntu gets some money, as opposed to the OS being truly fiscally free, at least that money goes to an entity that has a vested interest in improving Linux.

What happens if I don't want to pay the Ubuntu tax

Can I get my money back if I install another better operating system such as Windows 7?

Content?

[clinko]

This is the whole article without side-notes, Braced comments and not in the summary:

- Eight to ten million units shipped last year world-wide.
- Canonical will be opening their first Beijing office this year.
- Last year Ubuntu shipped on 7.5 billion dollars worth of hardware.

Re:This Gamemakerlessness is an eyesore!

Please click on the flag in the lower right of parent comment and report abuse.

Re:Very Sad

[Tarlus]

Yes, it is a shame that Ubuntu users are locked into Unity with absolutely no way around it.

Oh, wait...

i bet what they dont mention is

[FudRucker]

ubuntu is only pre-installed on low end PCs in places like Brazil & Mexico, China and other places where the cost of the PC is whittled down so bare-bones low that even OEM MS_Windows installs are cost prohibitive, but you can count on pirated copies being printed up on CDr sold out of disposable alleyway shacks

Comment removed

[account_deleted]

Comment removed based on user account deletion

Works great actually

[Sycraft-fu]

If you want to mess with your UI on Windows, there's all kinds of stuff to do it. MS has some limited tools and customizations but they really aren't in to that thing. The biggest purveyor of such things is probably Stardock. They have a massive set of tools to customize the looks of Windows in all kinds of ways, including very radical changes. They've been doing it for years and so are quite good at it. You can buy a whole suit of stuff or get produces one by one to customize what you like.

Also you can simple replace explorer as the shell. Windows doesn't mandate its use, it is just what is included, what is default. Another popular one is BB4Win, which is a windows manager inspired by Blackbox (different codebase though). It sees use on systems where people want somethign different, but also sometimes on Windows PE boot systems to keep memory usage down since it is less heavy hitting than explorer.

So in the future, perhaps less snark if you've not actually tried what you speak of. That Windows doesn't ship with 5 window managers, 20 media players, and so on does not mean that it only supports one thing. It is quite extensible, it just have a very well defined and enriched standard set of tools.

Linux is nothing but a kernel, all the rest is up to the person who decides to package it up, as such there are no mandated standards, just ad hoc ones and often many of them. It is a minimal OS definition, the rest is up for grabs.

Windows is an enriched OS definition. It includes a whole lot of stuff with it. It does not exclude you from adding your own, it just mandates that it comes with a bunch of things. Explorer, IE, WDM, DirectX, RDP, etc, etc are all part of the definition that is "Windows". It comes with all of it, however it is not less modular for it. You can add BB4Win, Firefox, ASIO, OpenGL, VNC and so on and they will all work fine, you can use them in addition to or in place of their various included components.