Red Hat Will Pay Microsoft To Get Past UEFI Restrictions

ToriaUru writes "Fedora is going to pay Microsoft to let them distribute a PC operating system. Microsoft is about to move from effectively owning the PC hardware platform to literally owning it. Once Windows 8 is released, hardware manufacturers will be forced to ship machines that refuse to run any software that is not explicitly approved by Microsoft — and that includes competing operating systems like Linux. Technically Fedora didn't have to go down this path. But, as this article explains, they are between a rock and a hard place: if they didn't pay Microsoft to let them onto the PC platform, they would have to explain to their potential users how to mess with firmware settings just to install the OS. How long before circumventing the secure boot mechanism is considered a DMCA violation and a felony?" Note that the author says this is likely, but that the entire plan is not yet "set in stone."

Microsoft Pledges to Sell More Macs for Apple

[Jeremiah+Cornelius]

I was at 2 major industry tech conferences last month.

In every keynote and all-hands session, Apple hardware was center and present. Nothing special was made of this - just every damn computer used to demo solutions or held by a GM, VP or C-Level was a MacBook. Desktops were non-existant. Every time an iPad could be used, it was. There were a couple of minor Android appearances - demonstrating multi-platform support, or what not.

There were a few odds: The HP guys had their own gear, and the IBMers had Lenovos. Some brilliant man from SAP was sadly dragging a 'book of non-descript, perhaps Dell sourced, black plastic...

Overwhelmingly, if you wanted to look like you knew why-the-fuck you ought to be on stage, in front of 8,000 people, you went Mac.

Re:Microsoft Pledges to Sell More Macs for Apple

Maybe in a perfect world, but in the enterprise, Apple is an obstacle and something to have to work around, rather than work with:

1: Can Apple get me product announcement roadmaps so I can time IT budgets to when models are released? Nope, Apple doesn't do that. IBM, HP, Oracle, and even Dell do, as long as you sign their NDA.

2: Can Apple get me flexible hardware and software GPOs? Windows's main thing is that I can manage all the thousands of users from relatively few boxes. There are very few tools for this on Mac, and they are department level, not enterprise grade.

3: Can I get TPM chips on the laptops to ensure protection of data? Nope. FileVault 2 is decent, but can be gotten around with a modified bootsector that would set aside the drive's encryption key. TPM chips stop that cold.

4: Can I get Macs without cameras due to policies? Sure, if I want Mac Minis.

5: Can Apple give me a 24/7/365 service time with a 4 hour tech on site? In the past yes, but with the death of the XServe, the best I can do is call and wait a day for a tech to wander out.

Sorry, Apple isn't enterprise grade. They know this too -- they are making their living by being a "toymaker" and selling to the consumer. I'd love it Apple could get some inroads into the enterprise, but right now, they are not interested in that market.

Re:Microsoft Pledges to Sell More Macs for Apple

[abigor]

I can say firsthand that Macs have made serious inroads at Cisco, not just for mgmt but for programmers as well.

$99

[Greger47]

What the sensationalist headline and summary forgot to mention is that RedHat is paying a whopping $99 to Microsoft.

What is more worrisome and more headline worthy is that Microsoft has now become the de facto gatekeeper of your computer BIOS. Without their signature you operating system will not run.

/greger

Re:If microsoft controls the 'keys'

[Penguinisto]

Maybe that's why Microsoft was so eager to drop in that 'no class action' thing into their EULA.

Re:Why not hardware manufacturers?

[Microlith]

The UEFI spec (which Microsoft has a HUGE hand in writing these days) explicitly denies the ability to automatically install keys. They could have made it possible to do so, say by requiring it happen from read-only media, but they didn't.

It's left vague enough that it's virtually guaranteed to be an enormous pain in the ass to enable secure boot for any platform not explicitly blessed by Microsoft.

Re:Why not hardware manufacturers?

[Man+On+Pink+Corner]

So I'm sorry but FUD is FUD and this is FUD

No, this is a classic slippery slope. In the UEFI version that supports Windows 9, only secure boot is supported. You can't turn it off, but you can still enter a key manually when installing an Untrusted Non-Microsoft OS (UNMOS). The key is 256 characters long, and looks like a ROT13-encoded Perl script.

The version that supports Windows 10 also supports secure boot only, and still requires key entry. This time, though, UNMOSes are now called IOSes (Insecure Operating Systems.) They will run under a Microsoft-supplied hypervisor that includes mandatory hardware packet filtering.

And wait'll you see the third-party OS support strategy for PCs approved for Windows 11, code-named "Overton." The plan for Overton is that third-party OSes called PDOSes, or Potentially Defective Operating Systems, can still be run, but not on your local hardware. They will run only on cloud-hosted secure platforms over VNC.

All of this will happen because someone noticed that people will cheerfully bend over and accept restrictions in each generation that would not have been tolerated in the previous one. Evidence of this claim? Look at the history of Trusted Computing. Starting with the innocent-sounding idea of TPMs with unique CPU ID stamps, which were fought heroically by users until the next season of American Idol came on and everybody kinda forgot about it, the people behind the curtain have gotten everything they wanted over time. All they had to do was demand a little more "compromise" than they could get at any one stage of development.

In short, everything old is new again. We are all IBM customers now.