Slashdot Mirror
Red Hat Will Pay Microsoft To Get Past UEFI Restrictions
ToriaUru writes "Fedora is going to pay Microsoft to let them distribute a PC operating system. Microsoft is about to move from effectively owning the PC hardware platform to literally owning it. Once Windows 8 is released, hardware manufacturers will be forced to ship machines that refuse to run any software that is not explicitly approved by Microsoft — and that includes competing operating systems like Linux. Technically Fedora didn't have to go down this path. But, as this article explains, they are between a rock and a hard place: if they didn't pay Microsoft to let them onto the PC platform, they would have to explain to their potential users how to mess with firmware settings just to install the OS. How long before circumventing the secure boot mechanism is considered a DMCA violation and a felony?" Note that the author says this is likely, but that the entire plan is not yet "set in stone."
Need I say more?
Well your honor, i bough this Item from company X and their Partner company Y won't let me do XX to My property, and XX is perfectly legal.
Wow M$ though that one through...
Lawsuit in 3...2....1..
-------
1. Enjoy your job
2. Make lots of money
3. Work within the law
Choose any two.
How can this be legal and not an abuse of their monopoly power?
Aside from the fact you can turn it off ( for now ) it still sounds like a clear case of abuse to me and someone should be talking to an attorney about this.
---- Booth was a patriot ----
...is about the only thing that might turn me into an Apple user.
RTFA. Then comment.
... how the FUCK this passes the slightest hint of anti-trust scrutiny?
I don't understand how Microsoft is as fault here. Isn't it the hardware manufacturers that are locking out everyone but Microsoft? Shouldn't the hw people be the ones to make the platform open?
You have to do it MS's way or they won't let you sell hardware with Windows on it. MS controls the certificates used in the secure UEFI boot process. You either do it MS's way or you do it your own way ... without any MS products to pre-install.
MS is probably strongarming them.
I am pretty sure that if a hardware manufacturer like Dell locks out Linux operating systems that quite a number of large institutions like Universities will refuse to buy from them. I am not 100% sure because there are a lot of unis with microsoft-centric IT departments. Institutions with hard sciences depend quite heavily on different flavors of Unix and Linux to get work done.
Anyway... this is a disgrace and it's bound to blow up in quite a number of people's faces.
...they would have to explain to their potential users how to mess with firmware settings just to install the OS. How long before circumventing the secure boot mechanism is considered a DMCA violation and a felony?"
The only real option here is to ignore the law, as many of us here do now. The United States, and much of the western world, has become so enamored with short-term profit gain, that they're sacrificing the technological progress of all of humanity. The only rational course of action is to ignore them until another group or organization either through economic, political, or military means, remediates the problem.
Yes, I am suggesting that copyright law could eventually become an issue which countries go to war over. No, I don't think it's that crazy: Governments are already engaging in mass electronic attacks of their enemies. It's only a matter of time before things get physical. UEFI could be perceived as a threat to national security: It's giving one corporation carte blanche access to hardware owned by other governments. Redmond, WA may soon be ringed with missiles and armed guards to keep out other governments when they find out their hardware has been taken over by a foreign power. This is just how the world seems to be evolving... there's too much at stake now.
#fuckbeta #iamslashdot #dicemustdie
If I had points, I'd mod you up. Your insight is boundless.
Red Hat is willing to pay to be licensed to be able to run on the new hardware. They are going out of their way so you can run Fedora on the new hardware. And you want to ditch them because of it? Remind me never to buy you a beer.
They're doing the same with IE, so they get to deal with two antitrust cases.
This has nothing to do with PCs. Nothing. Not one thing.
This is all in reference to UEFI on ARM tablets that Microsoft has partnered up with OEMs to produce to their specs SPECIFICALLY FOR: Windows 8.
Nothing has changed here, nearly all ARM systems are locked down today by OEMs.
Do any of you expect Microsoft to produce one that isn't (zune: locked down xbox: locked down)?
Wait - Is this article saying they paid a whole $99 bucks to get their bootloader signed?
Microsoft doesn't have the right to "license" hard ware. It's not their hardware, it's not even their design.
This is Microsoft forcing vendors in the corner with their O.S. once again. This is non-competitive behavior once again.
If they have such a great O.S. there is no need for locking out others. It's weak and it's sick.
Good thing Microsoft's way includes a required option in the UEFI setup to turn off secure boot. This whole story is horribly misleading.
I was at 2 major industry tech conferences last month.
In every keynote and all-hands session, Apple hardware was center and present. Nothing special was made of this - just every damn computer used to demo solutions or held by a GM, VP or C-Level was a MacBook. Desktops were non-existant. Every time an iPad could be used, it was. There were a couple of minor Android appearances - demonstrating multi-platform support, or what not.
There were a few odds: The HP guys had their own gear, and the IBMers had Lenovos. Some brilliant man from SAP was sadly dragging a 'book of non-descript, perhaps Dell sourced, black plastic...
Overwhelmingly, if you wanted to look like you knew why-the-fuck you ought to be on stage, in front of 8,000 people, you went Mac.
"Flyin' in just a sweet place,
Never been known to fail..."
What the sensationalist headline and summary forgot to mention is that RedHat is paying a whopping $99 to Microsoft.
What is more worrisome and more headline worthy is that Microsoft has now become the de facto gatekeeper of your computer BIOS. Without their signature you operating system will not run.
/greger
You are correct, but MS is using its dominance to control hardware vendors. A 'licensed' secure boot certificate - licensed from MS - is what will allow Fedora to boot using the secure UEFI boot mechanism.
Red Hat Linux started on x86; it was never "only available for the DEC Alpha" (it didn't get ported to Alpha for several years).
They are doing this so that Fedora can be installed without end users having to disable Secure Boot in their UEFI firmware settings. If you want to disable Secure Boot, Fedora will run equally well. Fedora is also going to have signing tools, so you put your own key in the firmware and then sign your own loader and kernel (giving you more control, not less). If you switch to another distribution or OS that doesn't have a signed boot-loader, you'll also have to disable Secure Boot.
This "feature" exists because malware that affects the boot loader and kernel is a real and growing problem, and there isn't really any other technical means to block it. Setting up an independent CA to sign keys for loaders and then trying to get vendors to include the CA key would be highly expensive and would still result in Fedora having a key that you don't have. As long as Microsoft will sign things cheap, it is much better to go that route (if they were to stop signing, then this would obviously change).
The alternative is to tell users that want to run Fedora to not buy hardware that has the Secure Boot functionality, but that is going to become scarce once Windows 8 ships. Here in the real world, I'd like to continue running Fedora on new hardware.
I'm just wondering why Fedora doesn't include a small boot ISO that starts up, presents a simple menu, and takes the pain of unlocking the UEFI chip out of the equation.
I agree perfectly that they shouldn't have to do that, but the tech is certainly there, and most folks are sufficiently apt enough to do it (see also jailbreaking phones, etc).
Quo usque tandem abutere, Nimbus, patientia nostra?
Microsoft will be offering signing services through their sysdev portal. It's not entirely free (there's a one-off $99 fee to gain access), but it's cheaper than any realistic alternative would have been. It ensures compatibility with as wide a range of hardware as possible and it avoids Fedora having any special privileges over other Linux distributions. If there are better options then we haven't found them. So, in all probability, this is the approach we'll take. Our first stage bootloader will be signed with a Microsoft key.
Good thing Microsoft's way includes a required option in the UEFI setup to turn off secure boot. This whole story is horribly misleading.
So they must turn off secure booting in order to run another operating system. The DMCA implications aside, I'm not sure which is worse for the consumer: a 'secure boot' of Windows or a 'non-secure' boot of any other operating system?
Could somebody, who is hopefully familiar with corporate law, explain how this could possible hold up in court against an antitrust complaint?
Either give it away or get top dollar, but never sell yourself cheap.
I was wondering that myself? This may start to become just like the CPU Serial Number fiasco with the Pentium III that was envisioned again by MSFT. So, fundamentally I think that market pressure like back in the 90s will take care of this dumb situation.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
I'm going to go ahead and guess the computer you are using now boots through BIOS. The non-secure UEFI is practically the same as BIOS (doesn't require a signed boot loader). We dealt with it for a couple decades now, it can't be that bad.
Entry no. 3, in between all the banks, content owners, universities and trail lawyers.
Maw! Fire up the karma burner!
No, it's not antitrust. You can get a phone or an apple device. Of course, those devices will also only let you run things the company wants you to run (with the exception of Android). Microsoft isn't doing anything evil here. They're simply moving from the high ground to the low ground, because that's what Apple already did.
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
Why can't I just be in control of my own damn property without being at the mercy of manufacturers?
That's entirely off-topic. Did you even TFA?
My Heart Is A Flower
When you want to run Windows, turn the thing on. When you want to run a different OS, turn it off.
Not that I think that this is remotely a good thing, but really... we've seen this coming for something on the order of a decade or more now. Is anybody surprised?
File under 'M' for 'Manic ranting'
>>>I think it's time to consider a new distro, if this is how Red Hat/Fedora want to work
But the other distros won't work.
Did you not RTFS?
Also I don't recall Red Hat ever saying their were "free as in liberty" software. It's always been a non-free system.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
There's plenty of fault to go around. MS is strong-arming the HW guys and the hw guys aren't even demanding lube. Meanwhile, the DOJ should be standing in the corner twirling a pair of handcuffs rather than sucking at Ballmer's ass.
Well, time to check Red Hat off my list of distros. Any company willing to pay essentially blackmail money does not deserve my business.
For those mystified by the comment subject
The PC industry turning into a closed platform environment would make me turn to building my computer from the ground up. From the COMPONENT LEVEL!
I boot through EFI, which isn't this new fangled 'secure' UEFI ... and yes, it's secure enough. My comment was targeted at the marketing mindset that MS will be pushing to try to convince non-Windows users that without MS's blessing your OS is no longer 'secure'.
So they must turn off secure booting in order to run another operating system.
From TFA:
While Microsoft have modified their original position and all x86 Windows machines will be required to have a firmware option to disable this or to permit users to enrol their own keys
If they know what they're doing they're ok. Fedora is doing this for the rest of their users.
I'd blame the drama over this just on the article, but the summary's definitely got some FUD to it as well. For x86 systems, all you need to do is turn off the feature. And that's if you insist on running unsigned software - it's not like there isn't an open and inexpensive process to get signed.
And this is different from Apple _____?
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
So, just as the subject asks, is this going to affect pc builders in anyway? For instance, I haven't purchased a pre-built computer in almost a decade, aside from laptops. I assume this means that if companies want to sell items that want to be able to run windows 8, they'll have to support this policy.
Might be time to purchase a stockpile of parts just to weather the storm.
I don't think Microsoft will actually be able to do what the article is worried about - and it probably requires a history lesson on how the PC (and PC "clones") came about in the first place to fully explain "why" - but I'll just point everyone at Triumph of the Nerds
and does anyone remember IBM's "microchannel"?
the lesson from Microchannel was that people don't HAVE to pay you royalties just because you are the industry leader and come up with something new - they can form a gang of nine and do it another way...
this sounds a lot like Microsoft saying "pay us and get in the box" - I don't think they have that kind of power (and if you were working on PC's in the mid-late 90's you probably saw IBM PS/2's getting sold by the skid to be melted down for the gold in the connectors MCA used)
Shelley's "Ozymandias" is probably relevant ("My name is Microsoft, king of software/Look on my operating systems, ye competitiors, and despair") :-)
It ain't what they call you. It's what you answer to. http://mylyceum.us/
what about loading windows 7 on new systems MS trying to lock that out will be very bad for enterprise.
Most places have just / still are rolling out windows 7 so no way they will go to windows 8 this year. Also windows 8 needs to have the old start menu come back as well app side loading at least let enterprise have then own IN HOUSE apps that don't need to go though a store to be loaded.
If they know what they're doing they're ok. Fedora is doing this for the rest of their users.
Though most Linux users will be brave enough to do this for themselves, those who are on the fence or who want to try something besides Windows may not be willing to futz with the UEFI (formerly known as BIOS) boot config.
Good thing Microsoft's way includes a required option in the UEFI setup to turn off secure boot. This whole story is horribly misleading.
G'uhgh.... once again geeks confusing a technical capability with a real-world practicality. Turning off secure boot sounds bad and raises the barrier to entry for non-Microsoft OS'es. It also complicates the newbie install experience, which is something that Ubuntu, Debian, and many others have worked for years to simplify. And now they are using their monopoly position to extort tribute from a competitor.
-1, Too Many Layers Of Abstraction
Red Hat != Fedora . Close, but they have been growing apart since Fedora 12/RHEL 5
sudo make me a sandwich
"Secure" is simply a euphemism, and a laughable one at that, for "Microsoft."
A system in custom mode should allow you to delete all existing keys and replace them with your own. After that it's just a matter of re-signing the Fedora bootloader (like I said, we'll be providing tools and documentation for that) and you'll have a computer that will boot Fedora but which will refuse to boot any Microsoft code.
Believe that I will use this to render any Linux computers I set up in the future to be "unbootable" via any MS operating system. Seriously, there is nothing worse than going through a ton of trouble setting up a great Linux computer for someone who loves it and then their punk nephew blasts all of your work away with a pirated windows copy.
Non-secure is the same as what we have now, but it isn't all that great.
I'd love to be able to tell my computer to only boot an OS that I assign, so that I know that it can't get corrupted by viruses/etc. I could boot from a signed rescue disk if something goes wrong.
The problem is that the standard won't give the consumer choice over which OSes are trusted. The choices will be MS, or no secure boot at all.
A whole $99 one time. Ain't that a bitch.
http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement
Pointless? No more pointless than bitching on Slashdot, I guess.
Do what thou wilt shall be the whole of the Law
They are going out of their way so you can run Fedora on the new hardware. And you want to ditch them because of it? Remind me never to buy you a beer.
They went out of their way to avoid exploiting Red Hat's privileged position with OEMS to gain an advantage over other Linux distros:
We explored the possibility of producing a Fedora key and encouraging hardware vendors to incorporate it, but turned it down for a couple of reasons. First, while we had a surprisingly positive response from the vendors, there was no realistic chance that we could get all of them to carry it. That would mean going back to the bad old days of scouring compatibility lists before buying hardware, and that's fundamentally user-hostile. Secondly, it would put Fedora in a privileged position. As one of the larger distributions, we have more opportunity to talk to hardware manufacturers than most distributions do. Systems with a Fedora key would boot Fedora fine, but would they boot Mandriva? Arch? Mint? Mepis? Adopting a distribution-specific key and encouraging hardware companies to adopt it would have been hostile to other distributions. We want to compete on merit, not because we have better links to OEMs.
Implementing UEFI Secure Boot in Fedora
I think the whole point of UEFI security to to prevent software from doing just that. You HAVE to go into the BIOS (or the UEFI environment, more technically) to make changes like that.
What you've just said is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent response were you even close to anything that could be considered a rational thought. Everyone in this room is now dumber for having listened to it. I award you no points, and may God have mercy on your soul.
Where does this leave people who want Ubuntu? Or Debian? Or even Slackware?
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
rather than sucking at Ballmer's ass.
I'm not sure I can tell which end that is anymore...
This is nonsense, the editorial on this article is gibberish.
First, secure boot is a legitimate concern. If you can guarantee a specific boot loader, you have a trust base to build a more secure system.
Second, you can install any OS you want. Just turn off secure boot, it's perfectly valid to do so. Just understand that now your boot foundations are untrusted, just like they are now on almost all PCs.
And what kind of person is going to install Fedora but can't be bothered how to boot into their BIOS and click "Yes, allow me to install other operating systems [X]"? Generally you can even install your keys, just like you can with SSL certs that you might trust.
Finally, Microsoft is doing Fedora a _favor_ here. Fedora is, as actual author indicated, totally free to get their own keys added. Microsoft isn't the problem here, but as usual the breathless, bloviating editorial text tries to make them out to be.
Complacency here starts us down a very nasty rabbit hole.
TFA states as much, since the author admits there is no plan as to how Fedora will be bootable on Win8 certified ARM hardware except to "pray somebody makes non-Win8 certified ARM hardware".
Do what thou wilt shall be the whole of the Law
Exactly, why don't the virus makers just add a friendly cookie monster eating their data while they unlock your GPT?
sarcasm-on
You dam geeks with wires really think your pc is your property? pc manufactures build it, we write the software. All you do is pay for it. That makes it more ours than yours. You geeks simply can't be trusted to do things in ways that ensure our profits, so we will do it for you.
now shut up and go back to playing with your wires... Leave the big decisions to us..
sarcasm-off
they must be smoking the same waky-tabaky that Comrade Obama is smoking, that has him asserting that he's spent less than any president in modern history, or somesuch bat-s**t insane claim like that..
Off-topic, but that's a matter of easily-verified fact. Government spending is lower than is has been in the last five administrations. If you disagree with policy or actions, go right ahead, that's the point of democracy, but waving that off as "bat-s**t insane" is simply denial.
The day I go to buy a machine and find that I'm locked out of putting MY CHOICE of OS on it, is the day I get PISSED!!!
Too pissed to go into "BIOS" and turn off the secure boot feature? Because that's all you need to do.
With a MASSIVE anti-trust Lawsuit...
But why? StrongARM processors are SOOO last decade. Besides, Windows 8 for ARM probably won't run on anything earlier than ARMv7 architecture.
I think your troll detector needs new batteries. :)
Do what thou wilt shall be the whole of the Law
Because MS isn't fucking doing anything. You can still install whatever OS you want on your PC, Fedora can still get their own keys added by hardware vendors. Microsoft is being nice enough to help Fedora out. This is all much ado about nothing by people who don't have the foggiest idea of what's going on but see "M$" and instantly go full retard.
One should avoid going full retard at all costs.
Interesting then that Microsoft provide a way for others to sign their software... which is what Fedora is doing.
Exactly - by paying Microsoft for that right. Isn't that what this whole thread has been about?
It's one-off fee for a commercial company. Get over it.
The real story here, though, is that they're actually taking a real stab at doing signing right and requiring a chain of trust. They're also doing it in a very cooperative open source way.
This is an excellent step for the assurances of trusted computing for their users!
Once again the Lemmings engage in the usual fear mongering and anti-intellectual rhetoric. The bar really isn't that high here. Anyone with a little gumption can manage to put a LiveCD into their system and boot it.
This pointless bit of security theater just adds a little more scaremongering on top of your usual level of scaremongering.
A Pirate and a Puritan look the same on a balance sheet.
You don't know what you're talking about, but thanks for broadcasting such so I know to ignore your bloviating in the future. Neither MS nor Redhat/Fedora is doing anything even remotely wrong here.
Clueless neckbeard dweeb:
OMG Fedora is paying MS $99 to have a nicer user experience to save their users 30 seconds of going in and disabling secure boot or manually installing Fedora keys!?!! OMG, I IZ BREATHLESS AND ENRAGED!!!
Fucking neckbeards. Ironically they have a reputation for being good in IT/software but at least 50% of them are semi computer-illiterate dim bulbs.
They probably have no real choice; if they locked out everyone else they would essentially be monopolizing the PC market and I don't think they want to go through that court circus again.
Pain is merely failure leaving the body
That's entirely off-topic. Did you even TFA?
Maybe his DNS server is from North Carolina or similar and it's resolving Slashdot.org to RandomBibleVerseToday.com.
Faster! Faster! Faster would be better!
Yes, if you pay enough you can get a key. Microsoft is following in Apple's evil footstep by requiring developer registration and, I assume software distribution only through valid Microsoft channels. Do you like any software that you didn't pay for? Well, you'd better find a substitute. Microsoft is tired of FOSS and legacy software cutting into their profits.
Support SETI@home
Why is it then that Mint works with everything on my 2011 Mac Mini. Wifi, everything OOTB.
My MBP (2008 17in) Runs CentOS. The only thing I had to fiddle with was the Wifi but that is normal as there are no proprietary blobs shipped with the OS.
I have to say that in my experience Apple H/W is a lot more Linux friendly than some of the H/W sold by the likes of Dell and HP. THe only other H/W I would recommend for running Linux on OOTB is Lenovo.
It also won't run your existing software or any other software that Microsoft didn't sign. Welcome to the iPC.
Support SETI@home
This is nonsense, the editorial on this article is gibberish.
First, secure boot is a legitimate concern. If you can guarantee a specific boot loader, you have a trust base to build a more secure system.
Second, you can install any OS you want. Just turn off secure boot, it's perfectly valid to do so. Just understand that now your boot foundations are untrusted, just like they are now on almost all PCs.
And what kind of person is going to install Fedora but can't be bothered how to boot into their BIOS and click "Yes, allow me to install other operating systems [X]"? Generally you can even install your keys, just like you can with SSL certs that you might trust.
Finally, Microsoft is doing Fedora a _favor_ here. Fedora is, as actual author indicated, totally free to get their own keys added. Microsoft isn't the problem here, but as usual the breathless, bloviating editorial text tries to make them out to be.
Um.... that's as it should be.
If you're running something at the OS level unintentionally that can be really fucking bad for your computer can't it? If you want to install linux this isn't a particularly difficult problem to solve.
The vast vast vast vast majority of users have no idea what the hell is going on on their computers. But they're on the network with the rest of us. Should we take away anti lock brakes because professional drivers can use regular brakes better than anti lock brakes? I think not. There is a way to circumvent UEFI if you definitely know you want to. If you don't know you want to, you don't want to, and should be protected from some malicious application doing it for you.
The vast majority of consumers aren't going to run, or want to run anything on this particular computer they are buying other than windows. I know that's not a popular concept around here, but it's reality. Making it easier for them to be more secure significantly trumps the relatively minor inconvenience suffered by people who know stuff about computers having to use that knowledge and their ability to read.
I assume that like it will be an annual fee with a sliding scale based upon net worth and how much Microsoft likes you. Plus a per unit charge. And your software will need to be distributed through Microsoft's distribution channels which won't be built for OS installation.
Support SETI@home
Hey hey hey - easy there with the linux-slaggin buddy. You're on slashdot now.
If you have to alert people that your doing it; you probably arenâ(TM)t doing it right.
For me, UEFI is not a problem, because I'll just continue to do what I've been doing for almost two decades: building my own servers and workstations from individual components.
On the other hand, if at some point in the future a client asks me to migrate all of their existing workstations and servers from Windows to Linux, then UEFI may make that difficult. For that matter, it may also become difficult to install Linux on the average laptop.
Will the the EU stand idly by (as I'm sure Uncle Sam will), or will it stand up for consumers everywhere before it's too late?
It's worth noting that in this case, "enough" is a $99 one time fee. I seriously doubt they will be breaking Red Hats bank any time soon.
It seems logical from one point of view.
RH should have at least tried some lawsuits first.
Buddying up to MS never ends well.
They should have used that position to advocate for a neutral key issuer.
If Fedora yields on this, I'd go to another distribution. Paying $99 to Microsoft for the "right" to install the OS of my choice on my own hardware is making Microsoft $99 richer off the efforts of the volunteers who brought Linux and Fedora to us, and it makes my Free-gratis OS effectively cost $99, no longer free.
I'd rather go back to the time of compatibility lists and give my money to those companies that support my needs than give it to those Microsoft-bought hardware manufacturers.
Say NO to Microsoft Danegeld
You think they won't stop signing at some point or delay signing?
You really think MS will do this out of the goodness of their hearts?
Here in the real world we should let the SSL CAs run this. Since they already are running a similar program.
On the other hand, the Common Joe (that can't handle messing with the UEFI) shouldn't install anything in his computer at first place.
The problem here is that the average knowledge level of the computer users are dropping meteor style: fast and speculatively. This kind of user should not be expected to be able to install a Operating System - not mention trying to install a O.S. on hostile environment (i.e., a Windows computer - I don't have to mention all the little artificial problems MS caused in the past and still causes nowadays - my Win7 box committed suicide last time I installed Linux).
You can't expect to dumb down everything.
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
Which is part of the goal. Raise the bar, make it harder to migrate away from the platform. I suspect we'll see zero real security improvements on Microsoft's end as a result of this but lots of complaints and comments on various Linux forums asking why they can't boot their Linux USB key or ISO.
I suspect that Microsoft doesn't care much about linux one way or the other; if users want to tweak a BIOS option and run linux it won't bother them.
However, I wonder if Microsoft is looking at the far more lucrative fact that those with Windows 7 and Vista licenses will be forced to buy a new Windows 8 license or else run an "insecure" setup. It gets rid of a problem that they've had for years where users upgrade their hardware and keep their old OS around.
Seems like a massive money spinner in the medium term for them.
Once Windows 8 is released, hardware manufacturers will be forced to ship machines that refuse to run any software that is not explicitly approved by Microsoft — and that includes competing operating systems like Linux.
Really? Even hardware manufacturers like, say, Apple? Even for hardware that doesn't use UEFI? Or does that sentence really mean that consumers will have the option to purchase machines that are locked down to the OS bundled on them?
This train of thought seems to make a whole bunch of leaps of faith to come to dire conclusions. I can't really see people running racks of servers with OSes on the hypervisor binding all EFI loaders to Windows 8.
I think the real story here is that "Common discount consumer-grade desktop PCs will be locked to the bundled OEM OS, unless third party access is granted a la MS/Red Hat."
In other words, it's not really that big of a story, and will be excellent news for potential bootkit victims everywhere (at home and in an office deployment).
According to TFA, the money actually goes to Verisign, not Microsoft.
Im curious, but can you point me to any meteors that have fallen speculatively?
You have to do it MS's way or they won't let you sell hardware with Windows on it.
OEM's can sell Windows 8 without secure boot. They can't put the sticker on the box that says "Windows 8 certified" without secure boot.
... was the only thing important in the minds of their respective owners.
Snobism abounds.
Have a nice day yourself.
...except on ARM, where they require that there be no way to disable secure boot.
Want to run Linux on that shiny ARM Win 8 tablet? Tough luck.
Also, what's to stop them from changing their minds a few years later require the same for PC hardware when Win 9 comes around?
I have more of a problem with MS being in charge of all this, than with the basic idea by itself. It's very much a case of the fox guarding the henhouse.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
It'll be a real bitch when MS "accidentally" revokes your key. Oops! Sorry about that!
The best part is that the revocation will probably only happen to newly manufactured motherboards, so you might not even know about it until one random day you start hearing about people unable to install your OS in their new PC.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
RTFA. One time fee. The money doesn't even go to Microsoft, it goes to Verisign.
The amount doesn't matter. If someone wouldn't let you into your car unless you paid them a dollar, it would be the same thing as if they forced you to pay 99 dollars. It's still immoral to lock someone out of something they own. It's also still immoral to lock out one particular brand of gasoline.
Does this mean that if I want to dual boot my machine with Windows and another OS, I need re-enable Secure Boot in the UEFI options every time I boot into Windows and disable Secure Boot every time I boot into the other OS? What a pain in the ass that would be if that's the case.
Actually (if you read the article) M$ does not get any of that $99. The fee goes to Verisoft. Microsoft is acting as the gatekeeper for the signup process.
Now I will be VERY pissed if I buy a new motherboard to build my own computer and it won't boot Linux unless I have to buy a key for $99. In such a case I would return the MB as being defective. I hope Asus and other MB makers will give me a choice of bios options when I buy a new MB.
I'd get right on that, but I'm too busy with this Gibson that needs hacking...
My sig can beat up your sig.
That's a serious problem. The requirement of explaining to people running all kinds of different hardware with all kinds of different UEFI setup screens is adding a massive hurdle to Linux adoption.
My CompSci teacher in high school routinely set up Linux dual-boots on the basic Windows machines so he could actually teach his class. Of course he routinely butted heads with the district's asinine IT department. The BIOSes on the school machines are always password locked and they head administrator refused to give him access. If those machines were replaced with systems running UEFI secure boot, I can guarantee he wouldn't be able to run Linux anymore. He wouldn't even be able to boot the systems every morning with a LiveCD like he did for an entire year when he was forbidden to install anything to the hard drives.
I'm just analytical and hyper-observant.
It's a bias, I admit.
"Flyin' in just a sweet place,
Never been known to fail..."
What are we waiting for? They should have been broken up when they were found guilty of monopolistic practices the first time.
Let's get this done. No fucking around the edges.
The UEFI spec (which Microsoft has a HUGE hand in writing these days) explicitly denies the ability to automatically install keys. They could have made it possible to do so, say by requiring it happen from read-only media, but they didn't.
It's left vague enough that it's virtually guaranteed to be an enormous pain in the ass to enable secure boot for any platform not explicitly blessed by Microsoft.
Microsoft probably told the OEMs that either they played ball Microsoft's way and locked down the motherboard, or they didn't get to preinstall Windows at all.
If you've sold the laptop, or given it away as a gift or a donation, by what right do you have to limit what the recipient can do with it?
It always takes longer than you expect, even when you take into account Hofstadter's Law. --Hofstadter's Law
You have to do it MS's way or they won't let you sell hardware with Windows on it.
OEM's can sell Windows 8 without secure boot. They can't put the sticker on the box that says "Windows 8 certified" without secure boot.
Do you honestly think that retail outlets will even consider selling computers without those stickers?
GENERATION 24: The first time you see this, copy it into your sig on any forum and add 1 to the generation. Social exper
I still say this has never been about making Windows safer, but it's been about killing it's biggest threat once and for all...That biggest threat being Linux. I've said for years there would eventually be 3 OS's running on 3 different sets of hardware...As of Windows8,that will come true. I've used Linux for eight years and Microsoft can kiss my ass.
Yeah, like that diner at the beginning of "The Untouchables" was free not to acquire the protection services offered by that gentleman.
There are two companies called Verisign. The one that's a certificate authority is owned by Symantec now.
The money goes to Verisign, not Microsoft. Did you read TFA?
wow, RedHat pays $99 to Verisign for a code-signing cert and gets Microsoft to give it to their OEM logo hardware partners?
it's the end of the freaking planet people.
run for the molehills.
I came to the same conclusion as you at "Comrade Obama".
Jesus H. Christ.
I don't really see the problem here because market forces will open an opportunity for a hardware manufacturer to specialize in creating solutions for operating systems other than Windows. Besides, I'll bet you might still be able to turn UEFI Secureboot off and just use the regular BIOS. It means you won't be able to run Windows, but who cares.
This exactly is my concern. Why? ARM brings a lot to the table, so if MS can lock ARM devices to being Windows only, they will have gained immensely:
1: ARM based servers are being worked on. For tasks like DNS, DHCP, and other fairly static items, they are hard to beat. In general, ARM CPUs use significantly less power than x86, so the amount of MIPS per watt can be a game changer, especially when businesses are under constant attack about having eco-friendly data centers.
2: ARM based desktops for businesses will be a useful market. Because of the non-x86 architecture, games and "unauthorized" software won't work. However, Office and Outlook will. This will be a major boon for low level IT desktop support. I can see this selling like hotcakes in the enterprise because it keeps support costs down, guarantees a Windows foothold, and helps ensure that only authorized stuff will run. A new architecture means that virus and malware writers are sent to the drawing board as well.
You'll never hack it, I have a skateboard and a Da Vinci sketch on my wall.
To buy Microsoft stock for my retirement plan...
Website Just Down For Me? Find out
Secure booting -- provides no added benefit and is therefore totally useless (except as a tool of extortion). All we need is partition write locking on OS install. When was the last time you actually heard of malware that touched the bootloading process, anyway?
Which name will predominate?
I think we just go with KINdows, for now.
"Flyin' in just a sweet place,
Never been known to fail..."
I meant even MS should have to go get their software signed by a neutral party. I read the article, it did not mention Red Hat even suggesting this, nor did it seem as though they even considered legal action to make that happen.
Does the signing use a public key for UEFI to verify the signature? Does anyone know the key so people can get crackin? Sure it's probably a large key beyond current methods to crack, but it makes research in such areas feel more relevant with a specific target you can talk about. Theoretically with algorithm X is would take 169 years to break the MS UEFI key using 50000 CPUs. Using Y it only take 165 years...
I'm sorry but its FUD. The simple fact is all X86 machines are required to allow bypassing secure boot which is as simple as flipping a single setting in BIOS, that's it, that's all. No harder than telling a PC to choose CD as first boot (which one is gonna have to do to install an OS anyway) so this is just FUD. Are they SERIOUSLY saying Fedora users wouldn't have enough common sense to flip a single switch in UEFI? Really? because i find that pretty much impossible to believe. This IS Fedora we are talking about here, an OS so bleeding edge its CDs have stigmata and not the kind of thing Joe Dumbass would be trying for shits and giggles. They even admit in the very first paragraph that ALL X86 are required to allow the simple bypass of secure boot!
So I'm sorry but FUD is FUD and this is FUD. there is no way in hell someone that is intelligent enough to 1.-Know what Fedora is, 2.-Knows how to download and burn an ISO will be 3.-Too stupid to push Del at boot and choose "Turn off Secure Boot" which is only being turned on by default because rootkits are still a serious problem. Isn't it the Linux community that is always bitching about windows security? why aren't you cheering that they are doing something about it?
Surely to God the geeks here are seriously fucking dumb enough to believe that a person who would know what Linux is and download and burn an ISO would be too fucking retarded to flip a setting in UEFI, surely not. Hell if they are THAT fucking stupid how would they be expected to even run Linux? Especially a bleeding edge alpha distro like Fedora where being able to do forum lookups and Google their way past problems and do bug reports is the order of the day? There is simply no way in hell to have a user smart enough to do that but too retarded to flip a switch, no fucking way. Its FUD, pure and simple FUD.
ACs don't waste your time replying, your posts are never seen by me.
Unless all the installed operating systems are signed, you may have to revert to "custom mode" ie, non-secure boot.
Of course, there may be features of Windows that don't work without secure boot, like media playback in full HD, etc.
Says user "0123456" who couldn't slide all the way to seven. Not even "0123456etc". From the later username it would be right and proper to dish this kind of abuse.
I was about nine years old when I saw my first picture of Beautiful Asian Rice Terraces. I went "wow, it's amazing how anyone ever thought of that". And now those clever slopes rule the world.
Has Linux sudenly been infected by rootkits? Did I miss a memo? the point of secure booting is to block rootkits, most Linux bugs i've seen are Java based or get in through PEBKAC so there really isn't a point in secure boot for Linux. Sure it might make a bullet point for workstations but workstations ain't running Fedora so the whole thing doesn't make any sense.
ACs don't waste your time replying, your posts are never seen by me.
This reminds me of when everyone fumed that Dick Cheney was running the world. Dick Cheney couldn't do anything that George Bush didn't sign off on.
Microsoft can't do anything the hardware manufacturers don't sign off on. Microsoft doesn't run the world. If they have some hair-brained idea that gets enshrined in hardware, don't blame Microsoft... blame the hardware people. Don't buy their crap! There are many different processors and platforms that run modern operating systems. Tell Blizzard to port Diablo and Wow over, then wave farewell to Microsoft.
I didn't know Microsoft has the authority to revoke Verisign certificates, that's pretty surprising OH WAIT SOMEONE DIDN'T RTFA. Tool.
As long as the purchaser or recipient understands the limitation before buying or accepting the gift, there's nothing wrong with selling or giving the modified device.
If he misrepresented the device as being in "like new" condition, that would be different.
While I use a PC at work, since I joined the smart-phone and tablet era my PC at home has been virtually untouched. That doesn't help the many distributions of Linux...but nor does it help Microsoft (in my case Google/Android is getting my eyeballs).
The analogy in my subject RE Fox is simply that Fox News is the #1 watch (cable) news channel and with several shows constantly ranking highest viewership.
However... Cable usage in general is going down. So while Fox continues to grow and dominate, it is with an aging population and on a (slowly) dieing platform. Eventually Fox may be able to claim 90% viewership, but if there are only a couple thousand viewers to begin with it really won't matter.
MS has dominated the PC world for 25+ years, and this new "protection" will all but solidify that. But again... having 90% of the market won't matter if there are only few consumers remaining.
-CF
The same right that MS, Apple, and the various Android vendors have to lock the hardware that they rent^H^H^H^H sell/give away/barter or what have you. Oh, that's right, I forgot, they're multi-national mega-corps thereby they have intrinsic rights that me as a mere citizen don't have.
So, because they are evil fucks who don't care about their customer's, you think it's justified for you to do the same?
Yea, that's logical... if you're a sociopath.
Have you considered fucking off and dying perchance?
Oh, you are a sociopath...
Figures.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Actually, I suspect the LiveCD is likely what this is meant to shut down. The little progress that other desktop OSes have made in the IBM PC compatible market in the past few years has been due to Joe Blows tossing a live CD in. Heck, I give them to friends and family for when their Windows installation gets trashed by the latest and greatest Rapeware. There's no way I am being a writer and phone support for my own version of The Idiot's Guide to Playing with FireX4aBIOS Settings.
That, and I can imagine DRM refusing to authenticate on a system with the secure boot setting disabled. We are the enemy, after all.
Any sufficiently advanced influence is indistinguishable from control.
Microsoft is tired of FOSS and legacy software cutting into their profits.
The last I heard, FOSS users (I'm one) are a mere blip compared to the installed base of commercial offerings. They're not forgoing much by us not coming over to the dark side. I'd say MS ought to be a lot more resentful of the vast number of NT, XP and Vista users who've so far refused to upgrade.
Please, don't add to the FUD. There's enough of it out there already. I think UEFI stinks and I'm sorry Fedora thinks they need to accomodate it, but as long as I can turn it off as easily as going into the BIOS, I'll be satisfied.
On the other hand, if UEFI can do something to make up for all the horrible things MS's lousy security model have enabled over the years (malware, botnets, ...), it could be a good thing.
"Tongue tied and twisted, just an Earth bound misfit
Oh Lord, paranoia the destroya...Riddle me this SETIguy...WTF would be the POINT of secure boot if you just handed it out to anybody? After all if they just handed it out because it was Fedora they could get sued for showing favoritism when "Bob's distro" came along and they wouldn't hand THEM the keys. What Fedora is paying for is the whole song and dance of being checked for key security compliance and as a barrier to entry, otherwise any malware writer could just start his own distro and demand a key thus making the whole damned thing pointless.
The fact you got modded insightful for a conspiracy theory just shows how damned batshit the FOSSie mods are here on /., sometimes the groupthink here is as thick as the smell of feet in a lockerroom and anything that says "MSFT is evil and burns babies ZOMFG!" is assured to get a +5 even with zero proof.
As a final note before i move away from the batshit crazy fest I'd just point out that bypassing UEFI secure boot is as simple as pressing a button and that you will have to go in there anyway if you are installing an OS because OEM machines generally aren't set to boot from CD out of the factory. Considering the ability to bypass secure boot is MANDATORY and part of the spec this whole thing is just an exercise in FUD and crazy. Anybody that would give a shit about secure boot sure as hell isn't gonna be running a test bed alpha distro like Fedora, they would be running a workstation OS like Red Hat if they wanted Linux. Hell there isn't even a point in having fedora secure boot, because you are gonna be doing enough work on it that you won't be keeping a stock install anyway. hell that is the whole damned point of Fedora, to let the beta testers work out the bugs before they can get into RHEL. So this whole argument is stupid, pointless, and FUD. I'm outta here.
ACs don't waste your time replying, your posts are never seen by me.
Is it going to kill all the dinosaurs? Is it not going to kill all the dinosaurs? Difficult to tell at the mo$%^,,,l.@@
no carrier
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
You have a point. But, as a Linux admin, this is something I'm glad about if it gets into RHEL. Why? All my hardware is installed automatically, via PXE boot, which is a single keypress on boot. Having to change a BIOS setting would be really irritating. It's not the end of the world. It's not complex. It's just irritating and time consuming.
So I'm sorry but FUD is FUD and this is FUD
No, this is a classic slippery slope. In the UEFI version that supports Windows 9, only secure boot is supported. You can't turn it off, but you can still enter a key manually when installing an Untrusted Non-Microsoft OS (UNMOS). The key is 256 characters long, and looks like a ROT13-encoded Perl script.
The version that supports Windows 10 also supports secure boot only, and still requires key entry. This time, though, UNMOSes are now called IOSes (Insecure Operating Systems.) They will run under a Microsoft-supplied hypervisor that includes mandatory hardware packet filtering.
And wait'll you see the third-party OS support strategy for PCs approved for Windows 11, code-named "Overton." The plan for Overton is that third-party OSes called PDOSes, or Potentially Defective Operating Systems, can still be run, but not on your local hardware. They will run only on cloud-hosted secure platforms over VNC.
All of this will happen because someone noticed that people will cheerfully bend over and accept restrictions in each generation that would not have been tolerated in the previous one. Evidence of this claim? Look at the history of Trusted Computing. Starting with the innocent-sounding idea of TPMs with unique CPU ID stamps, which were fought heroically by users until the next season of American Idol came on and everybody kinda forgot about it, the people behind the curtain have gotten everything they wanted over time. All they had to do was demand a little more "compromise" than they could get at any one stage of development.
In short, everything old is new again. We are all IBM customers now.
The problem here is that the average knowledge level of the computer users are dropping meteor style: fast and speculatively.
... can you point me to any meteors that have fallen speculatively?
Maybe the ones that graze the atmosphere and bounce off?
Perhaps he meant "spectacularly." Damned autocomplete.
"Tongue tied and twisted, just an Earth bound misfit
I can see that there will be a flurry of unencumbered Free/Open Source BIOS/firware software being developed.
Perhaps for large corporate deployments, the manufacturer could be persuaded to to the BIOS configuration for you, or be paid to install something like OpenBIOS?
If I'd been 10 years younger I'd have been all indignant and worried, but these things have a habit of sorting themselves out.
Stick Men
Good question. Why is Microsoft doing just that?
No, but what about all the smaller distros? Hell, what about the poor suckers running LFS?!?
The whole POINT of secure boot is so you CAN'T just put a live-cd in a boot off of it, you need to disable secure boot or sign the bootloader first!
Don't forget that Windows is going to be written so it will only boot if SecureBoot is enabled (to preven man-in-the-middle), which means if you dual-boot with an unsigned linux OS (LFS, etc most definitely won't be signed) or need to use a live-cd as a rescue disk, you need to enable/disable secure boot EVERY FUCKING TIME you switch OS's. No thank you!
No, I really don't think they'll stop for PCs. It makes it easier for them to get vendors to agree to the Secure Boot requirement to begin with. I don't believe they could really get HP and Dell to ship computers that were unable to run anything other than Windows 8.
Even if they do, we're no worse off than we would be if Fedora didn't get a key signed (telling users how to disable Secure Boot or trying to get vendors to include a Red Hat key in the UEFI firmware).
Yes, if you pay enough you can get a key. Microsoft is following in Apple's evil footstep by requiring developer registration and, I assume software distribution only through valid Microsoft channels.
Apple can do what they want with their own hardware, just like any hardware vendor. It's when a convicted monopolist is strong-arming the majority of hardware vendors to make it difficult to use any other OS that we should be concerned.
The only thing worse than a Democrat is a Republican.
G'uhgh.... once again geeks confusing a technical capability with a real-world practicality
And once again, geeks not realizing anyone but geeks install and use operating systems other than the one that came with their hardware.
I'm more than willing to consider (and help out) anyone who tries at least a geek-in-training. Generally, they're more likely to ask someone to do it for them, or teach them how. Either's fine by me.
"Tongue tied and twisted, just an Earth bound misfit
How long before circumventing the secure boot mechanism is considered a DMCA violation and a felony?
The answer to that is never. Using the installed configuration tools to turn off a security feature is in no way "circumventing" anything. By that logic, turning off the windows firewall so one can use another firewall would also be "circumventing". To fall under "circumventing" external software or unconventional editing (such as using a third party bit editor to change non-volatile RAM) would need to happen.
Stop with the sensationalism. The issue is that Red Hat has two choices; pay for certification or describe how to turn off the security feature. From a sales point of view it is better if the user does not have to do anything to their BIOS settings to install an OS. On the other hand it is a good Idea to make it difficult to unknowingly install a hacked version of an operating system.
We have discussed this issue before and it is not a "big bad Microsoft blocking Linux" issue. Microsoft is trying to make their installs safer.
Please, for the love of CowBoy Neal, MOD PARENT UP
One voice of reason in a sea of insanity that is "discussion"...
"UNIX is very simple, it just needs a genius to understand its simplicity." -Dennis Ritchie
*Whoosh*
StrongARM...it was a DEC built ARM cpu...parent made a joke about strongarming...haha funny?
ARMv7 is currently the most advanced ARM architecture on the market. I don't know how a CPU architecture can be fat or memory hungry.
Maybe they did advocate, and maybe no neutral key issuer was present ? The article say this would be expensive ( like running a certified CA, with audit, stuff like that ), and they surely advocated. Doesn't mean they managed to do it however.
And so far, that's a proposal, nothing more. If accepted, this would be done quite fast, but the best way is to find a better idea.
Gee, I wonder why are you posting this anonimously.
We did. No-one wanted to be one. It would be a thankless task which involved a large degree of legal liability and no profit. There are not exactly organizations lining up to do the job.
You mean like it would have been with the current "password protected BIOS" ( already there since years ) + "disable boot on cd" ( on bios since years ) + lock on the hardware ? ( cause i do not know for your high school, but where I studied, there was people stealing memory from the labs , so lock preventing case opening were added ).
What I do see this doing is killing dual boot options. It would be a PITA to have to go into BIOS every time I wanted to switch to the other OS. I also see it killing other virtualization environments for the same reason. I.E. You possibly could run a virtualized Linux in Windows but the reverse wouldn't be true. I think that is the real thing MS wants to destroy. The ability to virtualize their OS.
Well, enough of this tinfoil hat stuff. We will see what they come out and how much hot water they get into with antitrust first.
This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
Erm...except it does. Try reading the article, not the badly misleading summary. SecureBoot allows the user to add new keys as trusted keys. It will be perfectly possible to generate your own key, add it to your UEFI firmware, sign your OS bootloader with that key, and ditch the Microsoft key, if you don't want to boot Windows. pjones is in fact already working on tools to help you do this.
Redhat forking over cash is yet another path stone along the way.
Whenever a trust anchor grows so large its value approaches priceless or becomes ubiquitous to the world then you might as well just toss it overboard. Do yourself a favor and just assume it is no longer worth trusting cause it aint.
Someone blesses an exploitable kernel loader just once and all the effort wasted on security gets flushed down the toilet. Clever key management is not going to be able to save you.
What they should have done is what no committee is capable of doing -- provide a good enough but not perfect solution requiring a leap of faith during initial install or some kind of configuration (RS6000 configuration key) button the user must press when installing a new operating system to establish an initial trust relationship.
In a way I'm glad Microsoft is choosing UEFI to protect boot phase of their propritary (ARM) hardware as platform documentation is avaliable and common boot environment will make it easier to both expliot and reap the benefits post expliot.
Oh, of course, but having to enable/disable secure boot (which Windows won't boot without) each time you switch OS's (on a dual-boot setup) is going to be a royal PAIN IN THE ASS. Also note that less-technical distros (arch, debian, Mint, and probably even Ubuntu) will be affected by this.
http://mjg59.dreamwidth.org/12368.html
"The $99 goes to Verisign, not Microsoft"
There were locks on the cases and the BIOS was secured but CD booting was not disabled.
because this does nothing to improve windows security. the purpose is to be a barrier to entry (installation) for non-microsoft operating systems. it doesn't have to be 100% effective, it just has to make it more difficult for non-experts to try out linux (or freebsd or whatever) or to use special-purpose linux-based boot CDs like clonezilla or gparted.
Also, there's no guarantee at all that disabling will be "as simple as flipping a single setting in BIOS". on some machines, it might be. on others, it won't.
Once Windows 8 is released, hardware manufacturers will be forced to ship machines that refuse to run any software that is not explicitly approved by Microsoft — and that includes competing operating systems like Linux.
FUD FUD FUD. Also: Bullshit. You will **ALWAYS** be able to install another OS onto your system. Just toggle off the hardware certification in the BIOS. Don't you just love it when people hate FUD when it's against something they like, but go ahead and use it themselves when it's against the "enemy". Microsoft requiring it's hardware manufacture to use the verified boot feature that has been baked into the UEFI standard for **YEARS** now is not the same as banning OSes. It's designed to block malware from affecting the boot path. You are correct; Microsoft completely blocking other OSes would be essentially illegal. That's why it **isn't** happening.
Also, I think it's freaking hilarious that the article says the Fedora feels it's forced to pay because "they would have to explain to their potential users how to mess with firmware settings just to install the OS". Let me get that straight: You're worried that your LINUX customer won't know how to change a setting in the BIOS? To install an OS that nearly requires a near expert level computer knowledge to use?
Okay, let's pretend that these computer neophyte Linux users exist. Hardware manufacturers could always just install a physical switch that Google uses on **ALL** Chromebooks. Flip the switch, and the verified boot is disabled. Then these neophyte Linux users can continue on to install the OS they won't know how to use.
Except TFA says it's a one-off $99 fee. And the money goes to Verisign, not even Microsoft. How is your crazy ranting rated +4 Insightful?
You don't need Linux to teach Computer Science. You don't even need a computer to teach computer science.
Fedora can boot using secure UEFI boot with their own certificate out of the box, if they can get all the OEMs to add it. They've tried to do that, and found out that it's too much headache for them, simply because there are so many companies to go to. Hence why they went and bought, effectively, the right to sign their own bootloader with MS key, which is obviously going to be supported by most OEMs out there. They didn't have to do that, though, and they didn't have to go to MS at all, though it would have probably cost them more money due to sheer time spend arranging everything in the end.
"Once Windows 8 is released, hardware manufacturers will be forced to ship machines that refuse to run any software that is not explicitly approved by Microsoft"
Well, a job well done, the lawyers have won yet again and in the process forced up the cost of Open Source through the cost of legalistic nonsense such as 'compliance`.
AccountKiller
Want to run Linux on that shiny ARM Win 8 tablet? Tough luck.
If you want to run Linux on a tablet, why don't you just buy one of the hundreds of ARM android tablets out there and run Linux on that?
According to the article they'll be paying Verisign.
MS will do this because no-one wants to be responsible for a decision that will lead to another 2.5 billion dollar fine in EU.
Well the virtualization licences are a whole other ballgame anyway.
We'll have to see how it's implemented to know for sure what is, and isn't killed. It's possible the virtualization software itself can get all the permissions it needs to behave properly. If that wasn't the case I would think VMWare would have had a very public fit by now.
That's a silly excuse. The main issue is that this secureEFI requirement is cumbersome and will create problems for some people.
"Microsoft will be offering signing services through their sysdev portal. It's not entirely free (there's a one-off $99 fee to gain access .. In fact, chances are that everything will carry the Microsoft key."
It's always what Microsoft wanted, complete control over the Desktop PC. The lawyers have won yet again and in the process forced up the cost of Open Source through the cost of legalistic nonsense such as 'compliance`.
AccountKiller
Congratulations, you are now a 'grown up'.
Sigh.
All we're saying is that it was considered a Pretty Good Thing when the mainframe era was brought down by the PC. Now, people like you are standing around cheering while the monster reassembles itself.
People older than you remember the way IBM dominated both the hardware and software sectors for many years. They held their customers hostage in every sense but the literal one. They used every technical and legal tool available to suppress third-party innovation. Eventually, people like Ross Perot, Jobs and Wozniak, and finally Bill Gates barged into the room and threw their proverbial hammers at the screen.
Fast forward to 2012. Steve Ballmer is pulling underhanded, abusive shit that would have earned him a fistbump from T. J. Watson. The rebels who once sponsored the '1984' commercial are now working feverishly to put the pieces of the telescreen back together... only this time, they're using Gorilla Glass.
Some of us are old enough to understand that this is not how things were supposed to go. If you're not so old or wise, that's fine... but by calling people who disagree with you "children," your post only shows your own lack of awareness and conscience.
Uhhh...where have you been friend? All AMD machines are coming with Coreboot now, which is a open EFI style BIOS that you can download and modify to your heart's content.
So if UEFI truly bothers you simply buy AMD, which lets be honest the average user won't notice the difference between a Liano and a Sandy bridge anyway, they simply don't stress either one. I've been building AMD exclusively for the past two years and not a single complaint, not one.
If you are running Linux you'd be better off with AMD anyway, as they have opened the specs on all their hardware and even paid for devs to help the open driver guys get up to parity so if you truly want to support FOSS and care about UEFI you can just support AMD and Coreboot. It seems like a simple and easy way to vote with your wallet to me.
ACs don't waste your time replying, your posts are never seen by me.
And as I replied o another poster AMD has decided to go with Coreboot and has been using it since brazos so there is NO slippery slop here. if you don't like the Wintel UEFI you can buy AMD and use Coreboot which supports the 4 freedoms so if it doesn't do what you want you can simply download the source and reflash the chip.
I SERIOUSLY doubt MSFT is gonna risk another antitrust by blocking AMD systems from running Win 9, don't you? So this is simply a case of voting with your wallet, don't like UEFI and Secureboot? Buy AMD and go Coreboot. Its REALLY that simple. I've been building AMD exclusively for a couple of years now and I can tell you X86 is so overpowered that there isn't hardly any job a normal user can come up with that is gonna stress even a low end AMD dual and since they've opened their specs Linux users would be wise to support them anyway.
So no slope friend, just good old fashioned FUD, just not being cranked out by MSFT for once.
ACs don't waste your time replying, your posts are never seen by me.
But they're not paying Microsoft, they're paying $99 to Verisign for a certificate. It's just like getting an SSL cert, it's a non-story.
Not Microsoft. It was even highlighted in the article. Sheesh!
What's your point? It's not his hardware, it belongs to the school district. Him not being able to run alternative operating systems on someone else's hardware is not a problem. In fact, if they don't want to let him run Linux on their hardware that is their right and he should be disciplined for ignoring them. He can bring in his own hardware if he wants to run programs the owners of the hardware don't want.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Sort of like Apple?
(Alternate title giving some more details; "Microsoft" abbreviated as "Msft" to make the title fit given /.'s apparent title-length restrictions.)
Read TFA before commenting.
A key signed by Symantec/Verisign works too. They just didn't want to do that.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
So, it is OK for Apple to do it, because its a 'better' system, but when Microsoft does it, it should be illegal? Apple fannatics lack any sense.
To exactly match what Apple are currently doing, Microsoft would have to refuse to give out signatures for Windows 8 ARM tablets (as, without jailbreaking, I don't think you can run your choice of OS on iOS machines) and not do any secure-boot stuff on Windows 8 x86 machines (as Macs don't do secure boot by default).
Blaming your teacher's woes on Microsoft rather than the school's IT policy is pretty silly as well.
This "feature" exists because malware that affects the boot loader and kernel is a real and growing problem, and there isn't really any other technical means to block it.
You just lack imagination.
An operating system, once booted, should be able to protect the UEFI boot partition from unauthorized modifications just fine. Let Microsoft implement whatever signing mechanisms they wish.
Booting from removable media on the other hand, can be secured simply by requiring an explicit action to boot them. BIOS systems already can optionally do this.
Simply mandate explicit boot into removable media, and the malware will have no attack vectors aside from the installed OS or infected installation media, neither of which should present a problem for Microsoft.
Oh, of course, but having to enable/disable secure boot (which Windows won't boot without) each time you switch OS's (on a dual-boot setup) is going to be a royal PAIN IN THE ASS. Also note that less-technical distros (arch, debian, Mint, and probably even Ubuntu) will be affected by this.
The people distributing Arch can sign their releases for $99. The people distributing Debian can sign their releases for $99. Etc, etc. It's a trivial cost for any of the distributions you named to follow in Fedora's footsteps.
On a completely unrelated note... wouldn't it be awesome to see RMS' reaction if all the major GNU/Linux distributions were signed by Microsoft?
-1 Uncomfortable Truth
The key is 256 characters long, and looks like a ROT13-encoded Perl scrip
Oh, so it's just a regular sentence? That doesn't seem so bad...
There will be an EFI/bios option to turn this off. if you think microsoft would EVER get away with this in the post-antitrust over IE days, you're kidding yourself.
It might be turned on BY DEFAULT, but this is "secure by default" behaviour and should be the way it is.
If you want to run unsigned code, so be it. If redhat or another vendor want to get their code signed so be it. This is a lot of hot air over nothing.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
At least with an SSL certificate they're verifying "Yep, Public key hash 01234567890ABCDEF (as opposed to a malicious party) is indeed used by bank.example.com". What's the excuse for signing software?
Wonder what the public key field is for?
What happens when you get this on your screen ................. its not a matter of if its a matter of when. Stallman doesnt look so crazy anymore!
If no one else were willing to do it, your comp sci teacher could pick the flavour of LiveCD he likes, pay Verisign $99 to have it signed and be able to do just as he was before. And, he could throw it up on a torrent site and anyone else who downloaded it would be able to boot off it in secure mode. In fact, if you were a serious malware writer, you could probably bypass this obstacle by having your malware signed with a fake identity. All they're really doing through this process is attaching a name to a hunk of code.
-1 Uncomfortable Truth
Where did I say that the vendors had the right to do it either?
It always takes longer than you expect, even when you take into account Hofstadter's Law. --Hofstadter's Law
Uh, define ``hard to find''. Will vendors now make the means of accessing the firmware become something akin to playing Myst? Will the UEFI options be hidden to all who do not press F8 during some narrow and undocumented window? Will the options be worded so cryptically that end-users won't be able to decipher the settings?
I'm having trouble envisioning where all this difficulty is going to be encountered. I only see dual-booters as the ones having this trouble and, yeah, it would sucketh mightily to have to tweak firmware settings every time you wanted to boot to the other OS. Perhaps I don't see the problem since none of the systems I use are dual-booting. Most have ever even had Windows installed on them and, if they did, the Windows disks were reformatted long ago (i.e., 5+ years ago). Dual-booting is a kludge that I don't find necessary any more. Maybe I'm just lucky.
What's the Vegas line on when there will be a call by the more fanatical Linux proponents to shun Fedora like there has been for SuSE?
CUR ALLOC 20195.....5804M
Microsoft looks, acts, and thinks like a monopoly. Having dealt with fairly senior Microsoft execs and techies personally, I can testify that as far as I could tell, they just "don't get" the idea of open platforms. Open means you cooked up something with a few preselected other vendors, in secrecy, and then released it, probably with onerous conditions and encumbrances.
It isn't... yet. It'll be a race to the bottom with these two companies... and they're taking the x86 platform with them for the bumpy ride.
Apple does it on their own hardware (Apple is going to turn their Mac platform into an iPad sooner rather than later), Microsoft wants to do it on all hardware. Apple has an App Store... Microsoft wants an App Store. (Metro Apps only available through their App store... go figure.) Apple is closing their open OS. Microsoft is plugging leaks in their old OS and attempting to sidestep the openness of x86 to get a boatload of otherwise nice people (but clueless) to buy into their schtick. Letting their colossal foot in the door is a huge mistake. People harping about the "but you can turn it off" forget the tenacity and vast cash reserves of Apple AND Microsoft. They don't have to win on merits.. they'll starve competition out. Why? Because they can....
It's the Stay-Puft Marshmallow Man.
now put that in a quote and give credit where credit is due, you DRUNK!
"That's right...I said it."
you appear to live in some fantasy world where there is this thing called 'government regulation of big business'. in case you haven't been paying attention, every politician higher than dog catcher has made a career of doing this over the past 30 years.
Windows Store has some dedicated language in the license so as to explicitly enable FOSS apps (yes, including GPL)
You realise anti-trust is a competition issue and that in this situation they aren't doing anything anti-competitive at all?
GGP was talking about the terminology. Windows with be "secure" and Linux will be "non-secure". Do you think the pointy-heads will know the difference? It's a MS marketingdroid's dream.
Science is all about firing a drunk pig out of a cannon just to see what happens.
They are going out of their way so you can run Fedora on the new hardware. And you want to ditch them because of it? Remind me never to buy you a beer.
I really love club dresses ,
When a user buys a blank PC and tries to load linux and it fails and they return the hardware.. who pays?
Microsoft because they locked other operating systems out?
Hell look at the posts after you and you'll LYAO, they've full on jumped from "MSFT will make Linux a felony ZOMFG!" right into "MSFT is gonna move the OS into the cloud and you'll get arrested if you don't pay your $699 license fee ZOMFG!" full on batshit.
Ya wanna know what the REALLY sad part is to me? Most of the normal folks like me that were using Linux in 05 and 06 have frankly moved away simply BECAUSE of all the batshit. Its like being a normal person around total weirdos, its just creepy. Hell I know every time I had a problem and went to the forums I always got works for me and Ur a M$ Ninja!
I don't know what happened because i swear it did NOT used to be like this. Guys used to actually care about problems and wanted Linux to get better, and would bitch when things were broken or got worse. Now i swear its like a damned religion, where ALL comments that aren't simply praise of "the one true god" causes the nutters to come down like flies on shit, and all the FOSS posts or articles, hell even articles that don't have a damned thing to do with FOSS, end up with nothing but conspiracy theories and pointless "just use Linux!" posts. No wonder so many look at FOSSies like this. Hell I'm starting to wonder if that isn't an accurate description myself.
ACs don't waste your time replying, your posts are never seen by me.
People older than you remember the way IBM
How old do you have to be? I'm 53 next week, I was also an IBM contractor for a few years in the 90's, and guess what, I've even done some work on IBM mainframes. I agree people should be wary of vendor lock in, particularly with IT infrastructure but I'm highly skeptical of claims that this is an anti-competitive move. Now to the actual point of my post, hyperbolic speculation about what could happen just makes the person who posted it look like a fool when everything is still humming along a decade or so later. Every one of those foolish reactions is a paraphrase of one or more posts in this thread, many which are rated +5 insightful. I think they are silly and childish now, if you can't see that now come back and review their dire predictions in 2020.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
As stated below, we meant to type spectacularly. :-)
But let's bite the bait and play little with my foolish:
http://www.huffingtonpost.com/2012/05/29/asteroid-near-misses-earth-space-rocks_n_1553252.html
http://neo.jpl.nasa.gov/news/news174.html
http://www.sciencedaily.com/releases/2012/03/120315225625.htm
http://news.discovery.com/space/asteroid-impact-hazard-2040-120228.html :-)
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
I'd still bet that the EU Commission will slap Microsoft hard over this unless getting your OS signed is trivial and similar to FRAND rules.
For example Microsoft forbids vendors to offer the ability to disable secure boot in ARM devices, that is very clearly a monopoly abuse by EU standards.
IANAL
Sounds like Microsoft is begging the EU Commission to slap them with another multibillion euro fine and then some.
The fact that you think every competitor to windows having to pay them $99 just to have the PRIVILEGE of being installed on YOUR hardware is "trivial" frightens me somewhat. The fact that you probably aren't alone frightens me a great deal.
...That's UEFI, short for
User comma End: Fucked comma Intentionally?
I see even classic Slashdot is now pretty much unusable on dial up anymore.
I'm pretty sure that MS forcing HW-makers to block other OSses is illegal, so I do hope the EU commison which also forced MS to 'remove' IE and Mediaplayer will step in to make sure this isn't going to happen.. Also I just hope one other big linux company will go to court because of this..
The fact that you think every competitor to windows having to pay them $99 just to have the PRIVILEGE of being installed on YOUR hardware is "trivial" frightens me somewhat. The fact that you probably aren't alone frightens me a great deal.
Yeah, frightening. I think it's trivial for a business that wants to use SSL encryption to pay for an SSL certificate too.
-1 Uncomfortable Truth
I'm pretty sure the way it works is that you would be doing that once, at the time you install your OS (or your Linux-based Dom0 or whatever virtualizer your're using).
That in itself is somewhat anti-competitive, and I think some people are concerned about that, but to techies it's just not a big deal. Their ARM stance is much more evil, and of course people are going to be suspicious that MS will try to bring their ARM evil to x86 on the next iteration, so 5-10 years from now they might really try to make it so that you're not allowed to run non-MS OSes.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
In all honesty, give us any UEFI-signed Linux kernel, and yes, Linux will be infected by rootkits (or rather "kernelspacekits"). It will be done on purpose, by the people who own the machines upon which Linux is installed, so that they can maintain their systems.
A UEFI-signed Linux kernel, like any other Linux kernel will start to become obsolete within a week or two, because Linux is without a doubt that fastest-improving and best-maintained OS in the history of computing, whether you think it's a good OS or not. (That's a fact, Jack. Sorry FreeBSD fans. I'm not dissing your OS, just saying you're not the mainstreamiest of the Free OSes and you don't have a Red Hat or Canonical or IBM paying its employees to work on your project full time.) Part of why you use Linux, is that you want to take advantage of the awesome maintenance that popular Free Software projects get, and Linux happens to be one of the most popular and well-funded ones. So you probably are going to sometimes want to install kernel updates.
Your UEFI-signed-for-$99 kernel will be that kernel's bootloader, and the loading will be accomplished via some exploit, possibly a deliberately-created one for that very purpose.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
My solution is better. My solution will allow you to to load Linux via secure boot, and effortlessly update grub or the kernel from your distribution, no matter which distribution that is (it doesn't have to be Red Hat) -- or you can compile the kernel or grub yourself, if you like, and it'll still get signed. My solution works for everyone. Just make me responsible for the root signing key and I will solve all the problems to almost everyone's satisfaction.
For maximum security, though, I do still need offsite backup volunteers. Wanna be one?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
That's a tough question. At first we all assume that the stickers must be pretty important, but my guess (pre-looking-at-evidence) is that most retail sellers would in fact be willing to do just that, since users never asked for those stickers in the first place; they're ads.
(What forces, other than MS's insistence, have created the need for these stickers? Have retailers, in fact, pressured OEMs for them?)
I know they're not retail outlets (exactly not what you asked about, I realize) but I can't help but notice that when you try to search for computers at newegg, MS certification isn't one of the search options. Even trivia such as 3.1GHz vs 3.3GHz CPU clockspeeds seems to be more important. (?!) At least among mail order customers, we have evidence that there exists no market force which favors certification.
At this point, yeah, I think I can honestly say that retail outlets will sell computers without those strickers. Sure, I could be wrong, but all intuition and evidence points me that way.
I wonder if I ought to visit a retail outlet and peel the stickers off all their computers. Then monitor how it effects the sales at that particular outlet. That would be a good experiment..
That would probably make for good website poll, alas at sites other than slashdot: "do you look for a MS certification sticker prior to buying a computer?"
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Why would you assume that? It's good to be critical of Microsoft, but you're just pulling ideas out of your ass.
--
That's a tough question. At first we all assume that the stickers must be pretty important, but my guess (pre-looking-at-evidence) is that most retail sellers would in fact be willing to do just that, since users never asked for those stickers in the first place; they're ads.
I wouldn't be so sure about that. When Windows 8 comes out 'Windows 8 certified' will be all over the adverts and retailers such as PC World and Comet will be expected to say things like "this computer is better than that one because it is Windows 8 certified".
The heart of the issue is: "expected by who?" Evidence (it was lame but at least I cited something; what have you got?) suggests it's not the people who buy the computers.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Remember, the average /. user != the average consumer who doesn't know any better.
GENERATION 24: The first time you see this, copy it into your sig on any forum and add 1 to the generation. Social exper
So, this is the end of multi boot menus that include Windows 8, I guess?
I envision a box with two separate physical boot devices: one with a Windows 8 signed bootloader, and one with a bootloader that lets me choose another OS to boot. The second one may or may not be signed with the Windows 8 key. In any case, Red Hat's won't be able to chainload Windows 8, because only the first stage will be signed with the Windows 8 key.
Did I miss anything?
A republic cannot succeed till it contains a certain body of men imbued with the principles of justice and honour.
I've been running AMD processors since 1999 when I bought a K6-2/400. I'm currently on a Phenom II X4 940 BE at 3.0GHz. I keep my Athlon XP 2000+ (1.67GHz) as a secondary machine and print server.
AMD stuff rules. Over the years, I've bought and used intel and AMD for work. The intel stuff isn't that bad nowadays, but the AMD stuff is better for me.
My current motherboard is an ASUS M4A77D which is probably a little over 18 months old (I'm getting too old to remember these things precisely) buy it doesn't have CoreBoot AFAIK. It has a conventional PeeCee BIOS.
I have a lot of old UltraSPARC boxes lying around and, of course, they have Open Firmware which means a FORTH system :-)
It would be really cool if mainstream motherboards came with it. UEFI from intel looks like yet another case of intel NIH sour grapes. They could easily have brought out an implementation of Open Firmware. In fact, they could have "leveraged" the open source implementation (OpenBIOS).
I suppose it better serves their (intel's) business needs to have a proprietary non-standard locked-down firmware implementation of their own.
I once did OS development on a storage appliance that used CoreBoot (then LinuxBIOS) to load Linux directly off of a raw flash disk. I modified it to use a bootloader called FILO so that the kernel could be on an ext2 filesystem, and you could choose from various configurations and root partition images.
A few years ago it struck me that it should be possible to implement a simple GUI or menu system in Open Firmware to hide the command line and I thought it would be a cool hack for a laugh, but I think someone beat me to it by several years...
Stick Men
What, the summary doesn't scare you?
It depresses me.
Congratulations, you are now a 'grown up'.
I'm very old all of a sudden.
Over the years, I have been very lucky to learn and work in environments where I have acquired knowledge through curiosity that helps me to have a certain degree of personal freedom over these fascist corporate restrictions.
I'm a pretty darn good C coder, I know a bit of assembly, I've worked on everything from web GUIs down to protected-mode boot loaders and I'm reasonably good with vi/vim.
I was fortunate to cut my teeth on an 8-bit Z80 micro in the early 80s.
I'm not scared of DRM, I'm not scared of flashing BIOS chips, I'm not scared of setting dip switches and jumpers, I can use a disassembler and know how to decipher hex. You won't find Windows on any of my computers.
I'm quietly confident nowadays that the various Free and Open Source movements have sufficient momentum and influence that despite what the most evil and absurd business interests try to do to deny our freedoms, for the sufficiently savvy and motivated, we will almost always be able to do what we want to.
Eternal vigilance is important, and we must keep out-innovating them. We must make sure that our politicians don't pass laws that let the greedy take our rights away.
These silly companies that try to lock us out often end up hurting themselves more. When you start treating your customers with contempt, as cattle to be corralled, milked and exploited, and incapable of independent thought, they leave.
Microsoft is getting increasingly desperate. I've been working as a Software Engineer now for over a decade and I haven't written a single line of code for, or sold a single product that runs Windows. It's all been Unix (Solaris) and Linux.
Google is the new Microsoft. Android is the new Windows.
Stick Men
Well, I doubt that MS won't let windows run unsigned software. They might very well not let it install unsigned drivers or something like that, and they might very well implement Palladium/etc.
So, if you put your computer in unsecure mode then Windows will refuse to play HD video or whatever. If you put it in secure mode then it will refuse to install uncertified drivers/etc, and the computer could perform remote attestation that you have a clean chain from bootloader to video card for playing back DRM'ed content. Of course, somebody will still find a bug in a driver, and these days it is actually practical to capture raw DVI/HDMI video as well (something that wasn't practical back when all this stuff was dreamed up, and HDMI hadn't been cracked in practice back then). This is all silly since you can always just record the display output, and at high resolution under optimum capture conditions an analog recording can be pretty-darn good. After all, the light reflecting off the actor's faces was analog in the first place (assuming the entire movie isn't CGI).
My board is an AM3 that is about 4 months old and it don't have it either, they didn't start on the desktop until Liano. I haven't had the chance to put one together yet (still scoring good deals on AM3 and AM3+ so I've been using those instead) but from what I understand the FM1s are already using it, as is later E series chips. I have one of the first Brazos E350 and Asus used EFI and NOT UEFI so it has none of the locks like secureboot. Its quite possible some of the OEMs might just go that way instead as the only advantage UEFI over EFI is secureboot which I'm sure will just cause more support calls so I can see many just using EFI.
But according to AMD's press releases they are committed to CoreBoot and all chips going forward will be built with Coreboot. as another said one COULD tie Coreboot into UEFI but from what I've seen its gonna be a very basic EFI that works as a BIOS (So they can support larger HDDs) which quickly hands off to Coreboot which takes care of the rest. what really pisses me off is Asus offers Expressgate with their machines but frankly its become so crippled its not worth messing with if you aren't a 14 year old girl. its pretty much designed around FB and chat now and it doesn't even have Skype anymore, and no easy way to add any apps to it. That is a shame as having an OS that boots in 6 seconds and gives me full Wifi is nice, but without being able to even add support for any video other than Flash it just too crippled to make a difference.
So as long as AMD is going with Coreboot there is nothing wintel can do, not unless they want to risk another antitrust. But you are right that AMD rules, I have been selling AMDs exclusively for 2 years with nothing but happy customers and I eat my own dog food, me and my boys are rocking two hexacores and a quad and they do anything we can think up and are crazy fast. I even sold my full size for a EEE E350 netbook and having a machine that plays 720P for 6 hours on a charge or does basic office work for 7 is damned nice.
If your board supports it might want to look into snatching a Thuban while they are cheap, I went from a 925 to a 1035T and I can tell you that Turbocore kicks ass and take names. If you watch their email fliers Tiger has been selling Thuban for as low as $100 which is damned cheap for a 6 core. I paired mine with a $30 Hyper N520 cooler and it runs around 95f idle and barely reaches 122 under load, just a great chip. Oh and 1 final note, if you don't know about them Starmicro sells chips for all the older sockets cheap, its a great way to max out that older AMD PC.
ACs don't waste your time replying, your posts are never seen by me.
The way I am reading how it works is that without it on programs won't run in Win8. If that is the case, then you would have to turn it on every time you went into Windows and turn it off when you switched OS. Am I wrong on that?
This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
Red Hat is willing to pay to be licensed to be able to run on the new hardware. They are going out of their way so you can run Fedora on the new hardware. And you want to ditch them because of it? Remind me never to buy you a beer.
I think it sets a really bad precedence, to be perfectly honest, and I don't like it a bit.
As for the beer, don't lose sleep over it: I don't drink.
When politicians are involved, everyone loses.
How does this make you mad at RHEL/Fedora and not Microsoft?
I've been planning to avoid MS Win8 from the beginning. If I wanted a tablet, i'd have one by now. If I have new hardware, I'll put the OS I want on it, and if I can't then I won't buy it. It's that simple.
This whole thing makes me pissed at RH/Fedora because they're effectively letting MS think they can turn this into a "win/win" situation: MS either makes money selling half-assed operating systems that hardware is locked into using or MS makes money by licensing access to that hardware.
Screw them, screw the hardware.
When politicians are involved, everyone loses.
How is this move by Redhat in concept any different from what Novell did? I still think that Microsoft is the agressor/enemy, not either RH nor Novell (nor SUSE)...
I don't use SuSE, either. I wasn't happy with the way that Novell bought DR-DOS and basically laid there like a dead fish.
When politicians are involved, everyone loses.
Do you honestly think that retail outlets will even consider selling computers without those stickers?
It's possible. I honestly don't think that the retail outlets will care. I think it would be the OEM's who care more. Sloppy had some good points, but I also think it will depend on if there's a seperate Windows 8 Logo program in addition to the Windows 8 Certified program.
It probably also depends on the percentage of the market who bought an early netbook and returned it (or stopped using it) because it wasn't Windows. That group of people will probably be looking explicitly for a Windows logo. The other factor would be how often the following conversation would occur:
Salesman: Here's a nice Windows 8 computer, and here's a nice one that Windows 8 certified.
Customer: What's the difference?
Salesman: The Windows 8 certified has UEFI secure boot.
Customer: What's that mean?
Salesman: It protects against rootkits.
Customer: I've heard about rootkits, I want to be protected against them; I'll get the certified computer.
Now you can argue that rootkits will get around UEFI secure boot, and they very well may at some point. But I still imagine that until it's well known that they do, that'll be the conversation that may take place at a point of sale. If that conversation doesn't happen (perhaps on newegg or amazon) and OEM's find certification to be a costly burden to bare, I can see them considering making non-certified computers.
I think that is the real thing MS wants to destroy. The ability to virtualize their OS.
I think so too. Restricting Linux as a dual boot OS is nice but the ability for Microsoft to get back control over their own OS regarding what hardware it is run on is the most important thing for them. Heck, with virtualisation you can upgrade your hardware and run pretty much any version of Windows you want without upgrading it right now.
....with Microsoft locking things down, if Apple wants superiority. Now is the time to allow installation on non-Apple hardware (without having to Hack'in'tosh things together).
Windows8 is a kind of terrible of Vista proportions.
Windows is the last of the OS's not to use a Unix'esque kernel
8 will be the last nail in the coffin, Microsoft has truly lost their way.
There are 2 groups of people you can make fun of on the Internet without fear of attack. The illiterate, and the Amish.
!It looks like I am not the only one who sees a giant red flag here: Microsoft is knowingly and deliberately squeezing or freezing out all OS competition with the pressure it is putting on software companies. This is probably a monopoly violation. The first economic region to deal with this will be Europe and the EU, but even the completely corrupt US governmental system will be forced to recognize what is going on and deal with it. Nice try, Balmer and Gates!