Slashdot Mirror
FSF Criticises Ubuntu For Dropping Grub 2 For Secure Boot
sfcrazy writes "The Free Software Foundation (FSF) has published a whitepaper suggesting how free operating systems can deal with UEFI secure boot. In the whitepaper, the foundation has criticized the approach Canonical/Ubuntu has taken to deal with the problem. The paper reads: 'It is not too late to change. We urge Ubuntu and Canonical to reverse this decision, and we offer our help in working through any licensing concerns. We also hope that Ubuntu, like Fedora, will actively support users generating and using their own signing keys to run and share any versions of the software, and not require users to install a key from Canonical to get the full benefit of their operating system.'"
... for someone to hack the secure boot BIOS and provide an easy way for users to reflash theirs from Windows or whatever OS is preinstalled on the machine when bought new. No doubt this will prevent windows being reinstalled but unless you want a dual boot machine I doubt this matters much.
On a related note, how will this affect linux being booted from within windows (if anyone still uses that approach)?
I would like to refer every single person who henceforth asks the question "Why hasn't Linux ever gone mainstream?" to the parent post.
What political party do you join when you don't like Bible-thumpers *or* hippies?
I believe Torvalds said that he likes Ubuntu (although he prefers Fedora for work purposes), as did ESR.
This is my signature. There are many like it, but this one is mine.
Go ask Novell how well chasing that Microsoft interoperability trains works.
not as much, but still (for planning to use the MS key). It's a very bad position we (Free Software) are in with Restricted/Secure boot. I think it's time the Linux friendly vendors really get behind CoreBoot [http://www.coreboot.org/Welcome_to_coreboot] and let us be truly independent.
As it is setup right now:
Binaries can only be signed with one key. If you use Microsoft's key, you can't use your own.
Not all vendors may support letting users add their own keys. (and even if they do it certainly complicates a fresh install).
ARM will be completely locked down if vendors want MS to run on it.
If you use the Microsoft key, they can revoke your access (they likely need cause, but still)
Linux users in general are just Unix posers. If you aren't running HPUX on a home Itanium server, then you're just using watered down bullshit.
Also, my dick is bigger than yours.
I realise it must have been a great trauma to you to have RMS jump through your window wielding a katana and forcing you to install gNewsense GNU/Linux, but seeking counselling is a better solution than going on about it on Slashdot.
Wait, that did not happen? Oh, you were confusing 'criticizing' with something else; and implying that the FSF have no right to express their criticisms. Hmmm. Seems like a prime example of the pot calling the kettle black, don't you think so yourself?
"I know I will be modded down for this": where's the option '-1, Asking for it'?
Microsoft is being reprehensible as usual. Hardware vendors have always been cowed by them - now Ubuntu is following their lead.
I switched from SuSe to Ubuntu, now it looks like I'll switch to Fedora. At lease Linux, from the source, remains free of the the manipulations of the monopolists.
Linux will never go mainstream because there are trolls on the internet? Gosh.
"If you aren't running HPUX on a home Itanium server, then you're just using watered down bullshit."
Please stop insulting Larry Ellison. He owns an Hawaiian Island, you don't.
"National Security is the chief cause of national insecurity." - Celine's First Law
Linux is mainstream everywhere except the desktop, and I heard the desktop is dead anyway.
Ubuntu/Canonical has been the worst type of Karma whores since the beginning. They built a following by pimping the philosophy of freedom, only to abandon these ideals once the foundation was set. They have enouraged people to accept non-free video and wireless drivers, while companies like RedHat have tried to work with Vendors and educate folks about why this is a bad thing. Now with their app store with non-free projects; they've even undone this feat with kneeling towards Redmond (secureboot). I know not all Linux users care about freedom, but it is sad how even prominent linux users feel like they've accomplished something by getting their local school or whatever to use Ubuntu. People may complain about the free software philosophy all they want, but soon if Ubuntu continues, its going to be a much lesser degree of the early iterations of Windows with lots of propreitary-ness with bits and pieces of freedom (Windows started out using some BSD code). tl:dr Shuttleworth and Canonical are hypocrites and karmawhores.
Linux has gone mainstream... Just not on the desktop. Where is remains a distant 3rd behind Windows and OS/X.
With Android, Linux is quite popular with mobile. Linux is also strong on the server side too.
Linux never made it to the desktop, because there were too many drivers to support. When you luck out and get a System that is well supported by Linux... Linux rocked on that system. However if you try to put Linux on a poorly supported system, it usually sucked, and felt like a cheap OS.
If Microsoft make "Windows 9" a Linux Distribution with a Windows themed UI. It would probably be just like Vista, many people complaining about hardware compatibility, systems crashing all the time (due to improper drivers)
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
This is the start of a sea change in who controls our computers. Yes, for now you can turn it off (oh, sorry, unless you're using an ARM system), but this is just the first step. They can't go the entire way all at once. They've tried before, and learned they have to go one step at a time. Each step doesn't seem so bad, until finally, all the cards fall into place.
Already most of our mobile devices no longer belong to us, unless you manage to defeat the device's security that is meant as security against YOU, the owner of the device. Bought anything with iOS, or about 95% of the Android devices? Or WP7? Sorry, someone else owns it even after you purchased it. That's the world that many powers like Microsoft and many governments desire for the whitebox PC. A locked down device that obeys other masters, only booting "trusted" OSs that let those masters have the final say over what your computer does. Because a world where a billion individuals had control over their own computers could not be allowed to persist. It threatens too many corporations and governments.
Of course, people will buy these increasingly locked down PCs just like they are falling all over themselves to buy tablets, so this world WILL come to pass. All we can do is figure out how to deal with it.
Except of course that urging isn't dictating.
And why would you expect an advocacy group to not advocate in the first place?
And my dick is bigger then your dick.
Good for you. At least you have one thing going for you, since you appear to be semi-literate.
Whoa easy killer, I didnt know they personally came in and saved you and your family from terrorist mere moments before being shot in the head. I just think its funny that a group that advocates software freedom always gets their panties in a big ole wad when someone does something they didnt like. Fuck them its none of their concern what Ubunutu uses as a bootloader, thats (gasp) freedom.
Have anyone read the FULL FSF papper before posting the same "WinxLinxMacOS" or the "DRM FLAME" on this topic?
Novell made a killing and and was an industry powerhouse for decades. Much of their wealth came from making the Microsoft environment easier to use.
Also many of Microsoft's biggest competitors started of by being compatible with Microsoft. Google providing Exchange protocol services, Office file format compatibility, same with Apple, OpenOffice, etc. And that hasn't worked out too bad for them.
[Disclaimer: I’m always posting anonymously, since I consider the /. moderation system fundamentally broken.]
I assume you mean that the moderation system results in you getting modded down constantly. Try making a post that makes your point without being condescending and repeatedly insulting others. You might find you don't get modded down nearly as often. Unless your post is completely nonsense. Those get modded down for good reason - and that's a sign of an effective system.
Itanium ? That sell-out of a processor ? PA-RISC foreva' !!! No-one will prevent me from booting anything i want on that platform ... :-)
1% APY, No fees, Online Bank https://captl1.co/2uIErYq Don't let your $$$ sit in a no-interest acct.
Canonical is making the right choice for their users.
Funny how when I was growing up, free/libre software meant that the users did not have to rely on companies like Canonical to make their choices for them.
Palm trees and 8
My big concern is corporate computers. If your company is issuing you a computer, and they don't realize that some engineers want to run Linux, they may not let you install new keys or disable the secure boot. This is where it's a good idea to have one vendor using the Microsoft key, and other vendors using their own keys (and hopefully getting major PC sellers to include those keys). That way we at least have one solution that will work even on a locked-down system.
I think Red Hat's strategy is to be the Linux distribution that will work without having to mess with any secure boot issues, which is why they're going to use the Microsoft key.
OS/X? Finally, the successor to OS/2 the market has been waiting for!
They can call it WARP 10!
Syslinux FTW!
Hell, even this is an oversized bloated bootloader if all you need to do is always boot ONE system and leave it running until the cleaning crew takes your power outlet. GRUB1 was horrible thought at least it was reasonably well documented, eventually. GRUB2 was worse, and depricated GRUB1 even before they had the equivalent docs out. And LILO is not even in the running. There are a couple micro boot loaders around that work on PCs, and those would be good.
Sure, there are some people around that want dual boot or more (I've built a machine with 36 OSes on it ... yup, you can do more partitions in GPT ... so I know what that's like). Those people might need GRUB2. But I still did the 36 OS box with Syslinux (all OSes wear Linux ... no Redmond garbage here).
A shim should be a basic and simple as possible. GRUB just isn't even close.
now we need to go OSS in diesel cars
I refute your argument by identifying it as the "one true Scotsman" fallacy.
FC Closer
I don't understand how Intel supports this. They have pumped a lot of money and support into Linux in the past. Why would they now produce products that freeze it out?
Is there any way to get editors who know enough English to at least filter out sentences like:
It's not like it would have been hard to change it to:
BLOCKQUOTE>The Free Software Foundation (FSF) has published a whitepaper recommending ways for free operating systems to deal with UEFI secure boot.
And yes, I know that being a grammar nazi is unfashionable. But illiteracy really does work to convince people you have nothing to say worth reading...
"I do not agree with what you say, but I will defend to the death your right to say it"
they may take away the capability to disable it entirely
They already are taking it away on ARM based systems. "On an ARM system, it is forbidden to enable Custom Mode. ... Disabling Secure MUST NOT be possible on ARM systems" (page 122 of Windows Hardware Certification Requirements)
or lobby groups with an agenda
You seem to be errantly conflating "true geek" with "anal self-important elitist prick".
Many geeks use Ubuntu as there are various places where it is the right tool (or at least one of the appropriate options) for the job.
I spend an awful lot of time fixing Ubuntu to think of it as "watered down" linux.
Is getting a -1 moderation really going to kill someone?
Don't know something? Look it up. Still don't know? Then ask.
Slaps AC with a cold wet trout of sarcasm.
Also, my dick is bigger than yours.
That is probably the most common logical phallusy.
SJW n. One who posts facts.
Agreed. While I think this issue certainly warrants discussion, the whole article comes off as childish with quips like this: "we view Windows itself as malware and want to keep it away from our machines." They seem like they are making a big deal out of this thing just to sound holier than thou. Their ideal situation, where users can install their own certificates or choose to disable secure boot, is exactly what is mandated by Microsoft (for x86 at least). They even mention this in the article. The only problem they seem to have is with some nebulous "barrier to installation" caused by having to manually do one of those two things before you can install another operating system. It is 100% completely impossible to have secure boot without SOME additional effort on the users part when installing another bootloader or OS because that is entirely the point (to prevent malware silently subverting the boot process). The article is chocked full of complaints with no tangible solutions.
Actually, from reading the story, it appears that the FSF is feeling hurt because Ubuntu is switching to another open source bootloader that doesn't use the GPL.
Ubuntu has no control over hardware manufacturers putting in a secured BIOS, so Ubuntu decided to take the route of compatibility: Ubuntu signed with Microsoft's key. Ubuntu has their own key as well.
Just as software developers have the right to NOT open source their code, companies have the right to secure their computers. This step allows Ubuntu to run on those secured computers.
Although it was obvious the FSF would take this position, as it should, isn't it strategically wise to have multiple solutions for users to load a (mostly) free software OS on hardware with UEFI? For similar reasons, I think it's good to have Android devices running ClockworkMod so that they may boot CyanogenMod/Replicant. I understand that we (free software advocates) should always be encouraging consumers to make smart choices and purchase devices that will run free software (and a complete free software stack, when that's possible).
However, free software would become an "oasis in a desert", rather than a large and thriving ecosystem, if binary blobs, non-free drivers, non-free BIOS's, firmware hacks, etc. weren't around. It would become increasingly difficult to bring in more users. Those who have developed free software implementations to replace proprietary ones originate from all over the free software spectrum, so the pool of developers would also shrink.
I think you always want both: the hardcores who will run free software and free software only, and those who will make compromises on devices until (if/when) stable free software is developed for those devices. The FSFE's advice on installing CyanogenMod seems like a sensible approach that takes this into consideration. Likewise, why not help someone install as much free software as possible on a device with a non-free BIOS/bootloader?
It seems to me that UEFI will die a quick death if we A) fight very vocally against it, B) convince powerful corporations and governments that it's bad for them, C) ignore it where/when we can, and D) help others to circumvent it when necessary. It doesn't seem much different than the DRM problem in that way.
I would be very happy with Canonical's UEFI strategy if the following from this past /. comment can be done:
- Canonical will get efilinux signed with microsoft keys. So GRUB2 has to be made bootable from efillinux (efilinux is rather primitive, it just loads a kernel from a set collection of blocks from the device and run it. It shouldn't be too much difficult to have efilinux load and execute a GRUB2's "stage 1.5" or "stage 2"). Thus efilinux is the part that needs to be signed with microsoft's key (and efilinux's license makes it possible. Although that also means that you won't be able to hack it).
...
- GRUB2 can load coreboot (an opensource firmware) payloads, so it could also load SeaBIOS (a legacy BIOS implementation as a coreboot payload). - GRUB2 can also load windows XP's boot loader. So if any of the above is possible (either chainloading efilinux to grub2, or signing grub2 in a gplv3 compatible way). That means that grub2 could be used to boot windows XP on secure-boot hardware. (with seabios providing the legacy bios compatibility, and windows XP's ntldfr being loaded from grub2).
That unfortunately-complex method of chaining together multiple bootloaders seems to allow for any OS, even legacy ones, to boot (or at least attempt to boot) on UEFI hardware. Such a door might be closed if Canonical decides it won't play ball with Microsoft, and that seems like a door worth having open. However, I welcome any rebuttals...I don't know nearly enough about the issue.
Geeks like to think that they can ignore politics, you can leave politics alone, but politics won't leave you alone.-rms
Intel knows where they can make money from GNU/Linux: servers. That is not the target of this restricted boot system, and even if these restrictions come to servers, nobody will complain -- professional IT workers can put a $99 signing key purchase on their budget and continue to deploy whatever they want. Desktop GNU/Linux is not going to make Intel all that much money, and they know it -- Windows and Mac OS X are where all the desktop money is.
Intel and everyone else knows that restricted boot environments for personal computers (desktops and laptops) will be hugely profitable. Entertainment companies love it -- they can deploy a new kind of DRM that won't be defeated for years (see: PS3). Software companies love it, because they can stop people from applying cracks to evade DRM. ISPs love it because they can better lock-down their networks if they can control the computers that can be connected to those networks. The potential for money-making deals is HUGE, and Intel knows that when their chips are the center of these profitable systems, they make lots of money.
At the end of the day, Intel could not care less about hackers or computing freedom; they exist to make money, and there is no money to be made in allowing desktop and laptop users to have freedom.
Palm trees and 8
I realise it must have been a great trauma to you to have RMS jump through your window wielding a katana
Hey now, he only does that for defending himself against ninjas, and defending you against RIAA goons.
I am officially gone from
is that game sales subsidize console sales.
The FSF: we don't like how Ubuntu uses UEFI instead of Grub 2. We think this is bad for these reasons . . .
You: "Sure does like to dictate what people use, kinda funny that way"
I believe you did confuse "criticize" with "dictate" or accused the FSF of doing something it did not do. Unless "criticize" and "dictate" changed meaning in the English language recently.
Well, there's spam egg sausage and spam, that's not got much spam in it.
You don't have to have all of GRUB. And since GRUB is modular these days, the parts you're not using aren't even loaded. Disk space is cheap, but you can always delete the modules you don't have room for in space-limited environments.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
No, they're concerned that Ubuntu is giving up a GPL bootloader because they're choosing to adopt Microsoft's secure-boot solution, which effectively puts all such systems under Microsoft's control and makes it infinitely harder for "unapproved" software to run on the systems (which, if Microsoft's attitude is any indication, would include virtually all Free Software.)
So my computer belongs to Microsoft? Dell? Asus?
Perhaps you missed the bit where ALL systems with the Windows 8 logo were going to be forced into this locked state by default. It's not just a corporate security feature, it's being rammed down ALL of our throats.
Yeah, they're only concerned that these corporations will leverage their power ("freedom") to deny you the same. They'll be free to ensure you aren't.
Drivers are only a part of the problem. The biggest is the fragmentation, of well, everything. The UI is different for every distro, every version, and every update. The configuration files are different for every distro, version and update. Besides a few very well known apps, compatibility of binaries and apps are a real crap-shoot.
Linux will become mainstream the second that the number of CSE graduates outnumbers any other major in society.
Think about it another way -- there are probably more copies of "Windows 7 for dummies" sold then there are installs of Linux being used as a desktop. With configurability, comes the loss of the mainstream. And plus, most UI/UX/usability in most Linux based apps don't follow the KISS method...
The problem, again, is not UEFI but secure boot. The two are not inextricably linked.
You'll have an uphill battle. Apple is transparently convincing people that DRM is good.
Can't happen. If any point has a flaw then the key gets revoked. From the UEFI platform down to the kernel needs to be "trusted" to betray the user, and the kernel must be secured against local exploits that allow bypassing of the chain.
Nae true Scotsman uses proprietary software!
Half-joking, but I wonder if contracting out a community-speced and community-funded motherboard would be possible. It might be worthwhile if for no other reason than to possibly catch MS leaning on contract manufacturers from even considering fabbing a motherboard outside of their control.
If secureboot gets the boot (har har), Im hoping extlinux is here to stay. After working with syslinux et al for some time, Ive grown to love their flexibility and simplicity.
At least for this round, FSF is saying that Fedora is using Grub 2 and Ubuntu is not. Both will be able to do 'SecureBoot' without divulging private keys, even though the former is using a GPLv3 bootloader. In a hypothetical where someone ships Red Hat Enterprise Linux on a system, they say the onus is on the hardware/firmware vendor and *not* Red Hat to facilitate the load. For that reason, Canonical also would not be forced to release keys, just that Canonical preloaded systems must include a contingency for disabling or user loaded keys.
I could see a scenario where this could be weird:
-Vendor ships an ostensibly Windows-only tablet, without option to replace keys or disable signing in firmware (I know, MS currently doesn't allow, but this is hypothetical)
-Fedora can still be installed, the boot loader they ship is signed.
-User has no signing key that would permit them to load without the approval of MS, and whatever costs are associated with that.
I presume from the writing that this is considered outside the scope of the anti-tivoization clause of GPLv3, which I now understand to specifically apply to preloaded GPLv3 software, and the software provider has no obligation to divulge signing secrets they use to work on the hardware vendor product. If all of x86 ecosystem one day was entirely MS signed and never pre-loaded Linux, would that prevent end-user freedom (a sort of holistic tivoization of an entire platform)?
XML is like violence. If it doesn't solve the problem, use more.
I just think its funny that a group that advocates software freedom always gets their panties in a big ole wad when someone does something they didnt like.
This is entirely consistent with their stated goals and views. They're trying to secure software freedom to benefit users, not to benefit Ubuntu.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
That's odd, FSF doesn't seem to be complaining that Canonical is making choices, it seems to be complaining that they made the "wrong" choice. You don't have to rely on Canonical unless you want to use their product, which is essentially what choosing software is, you use someone's software (maybe your own) over someone else's because of the choices they made.
I honestly don't understand how you have a problem with the concept of distros deciding to do certain things certain ways? Did you write your own package manager and kernel? In which case why are you using Ubuntu anyway? Why are you even using Linux, they've made all sorts of choices for you.
Actually no.
The linux kernel is the choice of most of the embedded community (which Google Android is part of) and has garnered its mainstream acceptance in this market since the kernel was first introduced. Google picked the Linux kernel to host the Android OS not only because it was free, but because the Linux kernel was already prevalent in the embedded market and was compatible with the ARM processor. Android OS may have increased the number of units sold with the Linux kernel installed, but it DID NOT make Linux mainstream in the embedded market.
Android didn't even make Linux mainstream to the general public. The consumer has no direct contact with the kernel, nor is Linux mentioned in any marketing done by Google to the general public. In this case, the linux kernel is just a part of a much bigger OS being installed on a mobile phone. I think when most people think of Linux they think of the Linux kernel with the Posix compliant runtime environment. Android does not fit this definition.
Nitpicks aside... Linux only has mainstream acceptance in the embedded and server market. People purposely choose a Linux OS to run on a server. People do NOT choose a Linux OS to run their phone (well not a lot of them), they instead choose Android OS which Google spent large amounts of money to market it. My point being that in order to be considered "mainstream" the community at large would consider picking your product directly versus as an internal part of a much more popular product.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
Grub2?!? What happened to LILO?
Meega Nala Kweesta THAT'S what happened to LILO.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
You DO know that the first amendment doesn't apply to private organizations, right?
To ensure perfect aim, shoot first and call whatever you hit the target
I'm a linux fan, and I build a LOT of custom systems for people (and sell them for a living).
So pissing me off costs a manufacturer a few hundred sales a year.
SO lets multiply that by a few thousand "linux fans" who are also responsible for corporate purchases, hardware sales at local shops, etc.
It adds up.
Let's have a look at the numbers:
In terms of annual sales figures, ASUS emerged as the highest grossing motherboard vendor with 21.6 million units sales in calendar year 2010, followed by Gigabyte with 18 million units.
ASRock Third Largest Motherboard Vendor
ASRock sold eight million motherboards in 2011, compared with ECS and MSI who sold seven million apiece.
ASRock
It is a good bet, I think, that corporate buyers will be looking for a board that does support Secure Boot.
I've been uswing Linux for ten years, exclusively for maybe seven. I 'm not a programmer, but I'm comfortable at the command line, and I even released my own live CD, a modified version of Slax. So I'm competant, but I also have limitations. I like to keep a debian-based distro on one machine, and slackware based distro on the other, and among debian-based distros, ubuntu is the one that works, within my limitations, with my hardware. Again and again. I used to hate Ubuntu, because I had cut my teeth on Debian, and I didn't know enough to negotiate the ways in which Ubuntu was different, but as a long-time Debian fanboy, I now love Ubuntu for having the vision to bet on debian as the template for mainstream Linux success, at a time when everybody was raving about Fedora. This is what I discovered by luck, as a newbie who installed Debian Sarge, and what I'd been telling everybody. Nobody believed me because Debian still had the reputation of being for geeks. I was lucky enough to come along at the birth of the new installer for Debain. Installing Woody, the previous version, was a long ordeal, with about 50 impenetrable questions I had to bluff through. Sarge was easy to install, and it came with an automatic connection to a ridiculous amount of software, and finding and installing software (and its dependancies) was the problem for a newbie. I saw the opportunity, and so did Shuttleworth. Ubuntu proved me wrong, and then it proved me right. It's still Debian at the core, the powerful system that used to be strictly for geeks.
'nuff said.
If Canonical doesn't care about users, why is Ubuntu is the only Linux distribution to win a measurable share of the mass-market desktop?
Come on, are you serious? I can take a lot of criticism about the FSF: they're too radical, their software takes forever to be released, their beards are out of fashion... but one thing I don't think you can seriously debate: they are on our side. They are here to help us, they are the good guys.
You don't have to rely on Canonical unless you want to use their product, which is essentially what choosing software is, you use someone's software (maybe your own) over someone else's because of the choices they made.
Sure, that's the way things work right now. When UEFI restrictions come into play, things start to work differently. I can choose not to use Ubuntu and Fedora, and then what? I get stuck jumping through hoops just to install anything else -- and while I have the technical expertise and patience needed to do so, it is still annoying, and for some people it is either too annoying or too difficult to do.
That is the choice this situation forces you into: either you accept the code written by Fedora or Ubuntu, or you have to work hard to get something else up and running / pay for the right to do so. You are not able to simply reject those distros whose choices you disagree with; you must decide if those accepting those choices would be as bad as trying to get something else to work. A few months ago, I stopped using Fedora because of a disagreement I had with their choices (completely unrelated to the boot process); now I have to reevaluate that, because getting the distros I like to run on the next laptop I buy might require more of a time commitment than I can make.
I honestly don't understand how you have a problem with the concept of distros deciding to do certain things certain ways? Did you write your own package manager and kernel? In which case why are you using Ubuntu anyway? Why are you even using Linux, they've made all sorts of choices for you.
I am free to accept or reject the choices that other people made. I can always fork a project if I do not like the direction it is taking. Except, of course, if I need a digital signature from the project in order to run my fork on my own computer / if I have to get some company's permission (i.e. by paying a fee).
It is not about other people making decisions; it is about my freedom to accept those decisions. Maybe I like everything in Ubuntu, except for the bootloader -- maybe I really want to run grub2. Now I am stuck jumping through all sorts of hoops to get that to work -- either buying a key and agreeing to contracts, or putting the system in custom mode and instructing anyone who wants to use my code to do the same. Forking a distro in this model sounds like a giant pain, with extra hurdles and hoops that just push people to use the handful of distros that can pay to play.
Palm trees and 8
chaining Can't happen
This is the part where things seem very muddy. RH/Fedora seem to be along this line of thinking by pushing things down even to the module signing bit. However I wonder if even that is sufficient, what's to stop a rootkit from using KVM to start over again and ultimately land in the Windows environment with a 'fake' secure boot indication?
Canonical seems to be assuming they can boot unsigned kernel or at least a kernel that loads unsigned modules. Are they mistaken, will MS have Canonical keys revoked should they push a UEFI boot loader that can execute EFI binaries without verifying signatures?
What is materially different between the bootloader chaining and having a Linux system do KVM? Is it just matter of complexity of constructing a rootkit giving some subjective comfort? Is it some specific display behaviors on boot that would be obvious to the *user* that something is not acting the way they would expect it to? If the former, that seems pretty weak and useless as a strategy. If the latter, that would make sense and in which case chaining all-day long would be acceptable, so long as the entry point made some very visible indication of its existtance (e.g. a splash screen with the vendor logo on it for a second).
XML is like violence. If it doesn't solve the problem, use more.
^ Please see the above wall of text for an example of the type of user who finds Linux usable on the desktop.
There's no -1 for "I don't get it."
But the configuration and operation of GRUB is a total bitch. I could not even find a document to describe the config file. And NO ... I do NOT configure things by running programs. I have more involved setups that just running programs cannot figure out. For example MY installer scripts need to generate the config files, NOT run some program that can't run in that minimalist installer environment.
Syslinux fits like a glove. GRUB is like trying to wrap a coat around your hand to keep it warm.
now we need to go OSS in diesel cars
Good for you. At least you have one thing going for you, since you appear to be semi-literate.
Why yes. As a matter of fact, I AM semi-literate. Thank you for noticing.
Linux has gone mainstream on the Mobile devices... GNU/Linux hasn't.
Linux is the kernel.
GNU/Linux, Android are the Operating Systems that use the kernel.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Not immediately. At first it was a bit of a challenge.
Yeah, it's like last week old. Bah obsolete... Instead of just reinventing the lower half of the wheel, we should also reinvent the axle. I mean, what could be more important for the community than this? I don't think there's anything with bigger priority than being modern, sleek and trendy. Everyone else's doing it so we should bet our money and time in it, right? Right? ... Guys?
uhm...
The FSF: we don't like how Ubuntu uses UEFI instead of Grub 2. We think this is bad for these reasons . . .
You: "Sure does like to dictate what people use, kinda funny that way"
I believe you did confuse "criticize" with "dictate" or accused the FSF of doing something it did not do. Unless "criticize" and "dictate" changed meaning in the English language recently.
Everybody wants to dictate, criticize is really all there is.
but by law you can hack a phone for any software and any network.
So that may just have to come to pc's as well.
You mean WARP TIGER, WARP SEA LION or TURBO JAGUAR... People will really be engaged with the experience
uhm...
but anti trust comes into view with signed code?
Who controls the singing?
Who controls the app store?
What about banning apps based on content (not code)?
What about free OS (you can't go MS only)
What about older software and older hardware?
Except it isn' 'Microsoft's secure-boot solution', it is the Trusted Computing Groups secure-boot solution. Microsoft is a 'promote'r of TCG, but so is AMD, Intel, Cisco, IBM, HP, Fujitsu, Juniper, Infineon, Wave, and Lenovo. Move down into the 'Contributor' category and you add dozens more companies, including Red Hat, Accenture, AMI, Dell, Freescale, Toyota, Hitachi, General Dynamics, Sony, Seagate, Western Digital, etc.
Surely you don't think that all those companies are interested in Trusted Computing just because Microsoft is insisting on it, do you? They are interested because either they or their customers have real world problems with sensitive data leakage, regulatory compliance, etc.
Secure boot is just one little link in the chain of Trusted Computing. It is the first test that FOSS is facing with regard to the upcoming changes in computing. There will be many more to follow. If FOSS wants to remain relevant in the coming age where owners demand tighter control over their data they are going to have to figure out how to adapt.
Now, there is nothing that is incompatible with the ideas of 'open source' and the ideas of 'trusted computing'. Trusted computing does not require closed source or secrecy (except of course for signing keys). There is absolutely no technical reason that Red Hat, or SuSe, or Ubuntu, can't provide a 100% FOSS solution that is trusted. The only thing that could hold them back is putting ideology first.
Platform fragmentation that keeps developers and publishers away, tons of UI/UX rough edges, very powerful customization that is never backed by some serious graphical utility just configuration files so that newcomers can get scarred of screwing up (or screwing up again and again), cool technologies and flashy features that changes the environment every Thursday or so, being pushed before stabilizing core software, plethora the apps each written in a dozen programming languages, widget set, frameworks, dozens of libraries to parse command-line parameters or whatnot, lack of proper contingencies when screwing up (especially when dealing with xorg)
I still love the platform even if it's all over the place. Linux isn't popular because one of it's strengths, diversity, is being prioritized more than anything. Many people can't see that scratching an itch in three different places has no chance of 100% effectiveness.
uhm...
See, this is why the corporate overloads invented the term "Reasonable And Non-Discriminatory" (RAND). It is an antitrust violation if your competitors have no way to install their software; it is not a violation if you provide a "RAND" path to do so, like charging $100 for a signing key. Even more so when you can provide real justification for the system -- which in this case is "security from malware!" and in a few years "security from pirates!"
Palm trees and 8
You and your silly Itanium. IRIX on MIPS is the way! (Much nicer then Solaris on SPARC too...)
I'm starting to think GNU is the problem with "GNU/Linux" these days.
No but it does apply to the government that also enforces the DMCA.
The thing is based on the concept of trust. There are two different users of the 'trust' in a system like this.
The first user of 'trust' is the owner of the machine trusting that his software has not been modified. UEFI/SecureBoot helps with this by making sure that the thing being booted has been properly signed by someone you trust. It can further help out by stopping the boot process and alerting the user when the thing being booted differs from the last thing that was booted. So, even if you trust Canonical, if someone managed to slip a Canonical-signed boot loader on your system you can still be alerted to the change.
However, the trust that you can have that your software was not modified extends only so far as the trust is unbroken. If you install a signed bootloader that will run unsigned or invalid kernels then your trust stops at the bootloader, and you can't trust anything it loads.
The second user of 'trust' is people who have data you want to access. In that case, they can request that you system attest as to the state of the software on it. If any of the software is untrusted (by the owner of the data), they can refuse to serve the data.
People have suggested that the second case is easily worked around by installing a hypervisor and using it to boot a modified system, skipping/faking out the secure boot step. However, that fails because the remote attestation relies on data that has been correctly 'sealed' by a piece of hardware (the TPM) which itself is using a trusted key. If the UEFI/bootloader/kernel/modules/apps etc don't correctly verify the signatures of things they load, and report that status to the TPM, the correct attestation will not be received.
From what you wrote, it appears that Red Hat wants to be considered 'trusted' by owners of data, and Canonical just wants to provide a method around Secure Boot without worrying about establishing trust.
um this is the first time I have spoken out about the FSF you chickenshit
but when it's the only app store then the issue is not so doesn't apply.
It will be like small town cable and phone only offering some channels and finding away to lock out satellite tv and other cable system in that town.
Engaged Emu?
$2000?? some server are desktop like at price as low as $300
http://www.tigerdirect.com/applications/Category/guidedSearch.asp?CatId=30&sel=Detail%3B112_727_9505_9505
http://www.tigerdirect.com/applications/Category/guidedSearch.asp?CatId=30&sel=Detail%3B112_727_8915_8915
intel will have to look out for AMD as they can say RUN Linux on a AMD system with NO $99 signing key needed.
My impression was that TPM's relationship to SecureBoot was, well, non-existant. That discussions of TPM data sealing and SecureBoot are necessarily compeletly separate as neither infrastructure currently says much about the other...
XML is like violence. If it doesn't solve the problem, use more.
Torvalds' "fuck you" to nVidia kinda sums the whole thing up.
/* No Comment */
The correct name is, "WARP WALRUS"
/* No Comment */
My initial response was : "who cares, as long as it's fun" .
And Linux is fun .
There's no "Java" part in the OS (the part that actually runs on the machine).
Android has Dalvik, which is a very different VM with a different bytecode. The only Java part runs in the developer's desktop.
Dilbert RSS feed
The biggest is the fragmentation, of well, everything. The UI is different for every distro, every version, and every update
Only someone who hasn't done years of work on Microsoft systems could seriously claim this as a drawback for Linux. How many different GUI toolkits in its various OS versions is Microsoft up to now? 4? 5? It probably depends on how you count...
Whoa easy killer, I didnt know they personally came in and saved you and your family from terrorist mere moments before being shot in the head. I just think its funny that a group that advocates software freedom always gets their panties in a big ole wad when someone does something they didnt like. Fuck them its none of their concern what Ubunutu uses as a bootloader, thats (gasp) freedom.
Freedom for whom?
That's really the question you have to ask, because anytime that you work to guarantee freedom for one group, you are restricting the freedom of another. For example, guaranteeing freedom of speech in the first amendment restricts the legislative freedom of the US government and prevents them from passing certain hate speech laws.
The FSF doesn't hide the fact they are for freedom for the users. In order to guarantee this freedom, they aim to restrict the freedom of developers, distributors, and, in some cases, hardware manufacturers. I agree with them. I think the freedom of the people is more important than the freedom of governments and the freedom of the users is more important than the freedoms of the developers. If the developer doesn't want other people to use his product in ways that were not intended by him, he is 100% free to do that: By not selling or otherwise distributing said product.
Microsoft has been a hard-driver behind ALL of this.
And you'll find that promoters have way, way more say than most Contributors, once you get inside these groups.
Generally they're all assholes when it comes to restricting users. Microsoft just happens to be an 800lb gorilla.
Indeed, a chain secured by a lock you won't have the key to.
FOSS is explicitly being excluded in these situations. All of these "solutions" require some 3rd party to be trusted and for the entire platform to be geared to work AGAINST the user, who is treated like the enemy rather than the party to be protected.
Of course not, but that would imply that 'trusted computing' put the user in a 'trusted position.' The vast majority of current applications do not. The user is completely untrusted and given a little sandbox to piddle around in.
Or the fact that a FOSS solution that is trusted is pretty much 100% antithetical to the concept behind FOSS, especially when you've effectively TiVOized everything by locking it up and not giving the user the key.
Linux has gone mainstream... Just not on the desktop. Where is remains a distant 3rd behind Windows and OS/X...
Linux never made it to the desktop, because
What is ironic is that most people (not companies or their employees, but private individuals) that personally use Linux use it for a desktop.
The Admin and the Engineer
Not in Canada. As of this week, if there is even the slightest trace of a digital lock that protects ANY copyrighted information your phone, it is not illegal to root it. EVEN if you have a full legal right to do access the data (or you plan to remove the data).
"If you aren't running HPUX on a home Itanium server, then you're just using watered down bullshit.
Also, my dick is bigger than yours."
This thread is useless without screenshots and pics.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
I hear this often, which leads me to believe that I and nearly all my *nix buddies are the luckiest people alive. I have installed various flavors of Linux on well over 1000 different machines over the years with no problems that couldn't be solved fairly quickly via an internet search (which would suck if it was the NIC driver not working...). Many of those times it was because the current version of Windows available at the time literally WOULD NOT install correctly, so I would test with Linux to verify problematic hardware. The times when it wasn't catastrophic hardware failure, I never had any showstopping problems.
Who buys these mythical machines that completely fail to run Linux? I will trade you your machine for one of my (many) boxes that has never successfully installed Windows, but runs Linux like a dream :)
You're just jealous because he got Dragon NaturallySpeaking to work in wine.
I could be wrong but I don't think it works on modern hard drives. I'm pretty sure it's a matter of capacity. Larger drives for whatever reason don't like LILO very much, or it doesn't like them. Someone else would need to explain the details. GRUB has been standard for yeeeeaaaars, though. Since the last time I used Linux, which is not recent.
The problem is they have a definition of free that sounds awfully restrictive to a lot of people.
Yeah, and the abolitionists' definition of "freedom" sounded awfully restrictive to a lot of slaveholders.
But if you pay the Osgeld, you'll never get rid of the Os.
Not Mordor, but Mount St. Helens (about 100 miles from Redmond). Don't know if it gets hot enough to melt the ring.
I think you are a bit optimistic with the "no issues" but things have gotten a lot better since I started using Linux with Ubuntu 7.04. Every laptop I have installed on has had some minor issue at least. It is not an issue anymore now that we have the BumbleBee project but before that you didn't really have any choices for Optimus enabled laptops. With that said, the main reason you won't see GNU/Linux take off on the desktop is because companies like Dell, HP, ASUS, and Lenovo are not pushing Linux machines. Most people will not go out of the way to install a new OS on their machine even if that new OS is just an upgrade to Windows. I think we are more likely to see some sort of Android/Linux take over the home desktop market as the lines between mobile and PC get more blurred. Also Google didn't choose Linux just because it was free they choose it because it is a very good kernel. What else would they have chosen?
"Don't Panic!"
It used to be a lot worse. These days (> 2003) the problems seem to be getting better, and now it's usually a case of unsupported graphics cards meaning slow unaccelerated graphics, or unsupported wifi chipsets for a while until they're reverse engineered.
Tools like ndiswrapper helped along the way, and now that the buying decisions are being noticed, we're getting better help... But we've left many completely unsupported network cards, usb devices, webcams, and bluetooth devices, and graphics cards in our wake. (Some will eventually be supported, when someone with enough time to waste reverse engineers something, or when some vendor donates some code to, or drops some binary blob on, the community - but many will not...)
"Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
You've almost created a toungue twister. Try this, "Where's the warped walrus pit?" Say that lots of times fast. (Hint: Fernando was found in a Cambodian drainpipe)
There's a new Windows OS every 2-5 years, each with relatively minor changes from the older version.
In comparison, there are dozens of active concurrent Linux distros all releasing new versions with often jarring UI differences (hello, Unity!).
Windows is usually very conservative and stable in its UI design.
While they have some similar goals, TPM and UEFI are different things. Almost all PC hardware in existance now is already capable of remote attestation since TPM modules have been around for years now. You can even set up a linux OS so that it can only mount an encrypted volume if it was booted via the trusted path - if you boot from a CD and chroot to the root volume it won't be able to mount the encrypted volume. Ditto if you change the bootloader or kernel. Google for trusted grub sometime.
this. i can't understand why people modded this as flamebait. grub 1 was good, nobody needed a dumbed down grub2, fucking up compatibility and removing features.
Wealth is the gift that keeps on giving.
While you have a point ( not complete, but still a point ) for the binary issue, the rest is IMHO wrong.
People do not seems to have a problem with having a different UI for every other consumer products, like a VCR, DVD player, Set top box. In fact, even in windows world, every scanner maker, or digital camera vendor bundle different software, wanting to add value and feature. Do people leave Windows and consumers electronics because of that ?
Not at all. But maybe that's because few people see this, because people cannot afford having 5 new differents digital camera in a month, and then complain on internet about it ( so everybody start to think that must be true, even if that's not that rational ), while that's the case for linux distributions.
One of the real problem is that software are changing too much for mainstream, so there is no time to have a industry around it to address the need of people who are not in the arm race. On the other hand, there is distribution like RHEL Desktop, SLES, etc that provides binary compatibility, long term support ( aroung 10 year for RHEL ) and are fucking cheaper than windows + associated software, but no one talk of them because "OMG, I need the new firefox 45 and latest version of everything". Some users do not care about that ( and i think most do not care about that, that's why after all Firefox try to make people use the latest version, because that's not compeling by itself for most users ). See how many people are still happy with windows xp.
On the other hand, if you take the free software movement as what it is, ie a offsrping of academic research trying to improve knowledge by sharing, the fast path of innovation is good, and so changing too much just mean doing more research, and that's the goal.
Maybe the issue is just misplaced expectations.
you don't. that's what's scary.
Wealth is the gift that keeps on giving.
Please proofread your posts.
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
You forgot to take a stab at Metro.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
No it wouldn't. Despite what that egotistical twat Stallman would have you believe, having one or two applications developed by you on the system does not give you some god-given right to have your name prepended (not even appended, prepended) onto the product name. Otherwise, every PC you buy from Dell would be running BonziBuddy/Norton/Windows. Personally, I don't even subscribe to the belief that Linux should be called GNU/Linux.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Wrong. Fedora has an ever bigger share.
and has made an even bigger commitment to support Secure Boot.
It will get cracked/leaked, whatever.
trust me, somewhere, someone will find a mole to get into some deep dark whole to spill the secrets/keys, like bluray.
even if it is the secret service from china to spite/destabalize the wests security.
if its got 500 million in sales a year, it will get hacked in 1 day, just for the glory to say, 'eat shit fuckers'
Liberty freedom are no1, not dicks in suits.
you can boot of the network too dude.
if they left floppy boot on, open the pc and plug in a floppy drive if you can.
if no one is watching, pull the hardrive out and access it from your laptop's sata->usb cable, replace the 'recovery partition' with a linux installer.
Then boot to recover windows, which will install linux.
Liberty freedom are no1, not dicks in suits.
dual boot? I just run ESXi, and have 5-20 vms running of my choosing.
Direct Metal booting is so yesterday, in the future with 1ns flash ram, computers will NEVER reboot, unless theres an ESXi update.
Your VMs can reboot if needed, but else can run forever, even if all power is off, the future ram will have instant on-resume-mode.
Liberty freedom are no1, not dicks in suits.
I think you just named Ubuntu 15.10...
End of line..
The last I knew getting a key will cost $99 for UEFI secure boot. I absolutely refuse to buy anything related to this whole problem, so my first step will be to disable UEFI secure boot and not even worry about it. I will probably use the Fedora or Ubuntu supplied key if I install GNU/Linux on other PCs that might be dual booting for other people, but disabling this technology seems like the best way to me to avoid all of these problems. If users want to buy a key feel free, but why would you want to? I understand that FSF wants to totally eliminate proprietary software, but I don't know how they can in this case. It's unfortunate that this even happened. This is one more reason I refuse to use Microsoft software, just too invasive.
They aren't. http://distrowatch.com/table.php?distribution=mint
Windows assumes you are an idiot...Linux demands proof.
Who cares what toreballs says.
People who like to see a "fuck you !" said on camera by the interviewee.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
The FSF: we don't like how Ubuntu uses UEFI instead of Grub 2. We think this is bad for these reasons . . .
They don't like Ubuntu's *switch from Grub2 to efilinux* (in the wake of UEFI).
It comes from a problem with licensing.
The GPL license are made to allow each and every end user of some GPLed code to get/study/modify/hack/replace said code.
So if your Linux installation use a GPLed bootloader to load, you should be able to patch your very own custom version of said bootloader (to add support for whatever shit you want).
The GPLv3 was written to avoid "tivoization", situation where the code providers litteraly play by the rules of GPLv2 (make the source-code available for download on the website), but in practice don't follow the spirit of GPL and prevent the replacement of some firmware, because the device only boots signed code, and without the signing keys, there's no way to create a replacement which will be accepted by the device. You can get and study the code (from the website), you can eventually play a little bit around (on your PC or with an emulator) but you can't really modify and replace the copy on the device.
Grub2 happens to use GPLv3 license.
Canonical (and Fedoras)'s interpretation of the license:
- out-of-the-box, a lot of windows machine are able only to boot code signed by microsoft, because that's the only key loaded into them and because they are in secure-boot mode by default.
- to get a linux bootloader able to boot straight on such a machine (without requiring the user to play around with the BIOS), we need to provide at least one boot-loader signed with microsoft's key.
- signing GPLv3 code means that we must provide some way for the end users to replace said bootloader (like publishing the keys or something similar).
- on the other hand, microsoft explicitely forbids publishing their keys, etc.
- so no way to use GPLv3 code while still letting users replace the signed module.
- let's move to some more liberally signed code: let's switch from grub2 to efilinux and get efilinux microsoft-approved.
- microsoft signs the code, efilinux is booted, and then can chain load to anything we want. (eventually chain to grub2 too, because efilinux is seriously lacking in the "networking and other boot alternatives" department.)
Note that this (including the "chain efilinux to grub2") works not only on x86 hardware (which is mandated by microsoft to include non-secure boot), but also on ARM hardware (the Windows RT license require the device to be in full locked mode, only).
So if you want to get Ubuntu running on a microsoft surface, this works too.
In addition to that, Canonical plans to offer its own signing infrastructure, in a much more open-source friendly way. They'll petition manufacturer to include Canonical's key next to microsoft's key into the keychain on the TPM chip. So such machines can boot not only Windows 8, but can also boot anything signed by Canonical.
FSF criticism:
- it's sad that canonical drops support for Grub2 after so many release supporting it. (It's a piece of code that the FSF likes~)
- there are alternative way to use Grub2 with secure boot which are GPLv3 compliant in FSF's mind:
- get a Grub2 bootloader stage1 (the "efi executable" part) signed by microsoft.
- have regular users boot using grub2
- using a nice userfirendly GUI application, offer the possibility to upload new additioinnal keys into the TPM's keychain: the end user's key, canonical's key, or the key of any other opensource friendly signing infrastructure...
- a user wishing to modifiy/hack/replace grub2 can now do it, simply using the new key to get the custom grub2 booted instead of the key from microsoft.
- in that way the ability of users to hack/replace isn't prevented, even if it requires playing a bit around with the keychain on the TPM chip.
Note that I'm really not sure if it could work on ARM hardware. Windows RT's license explicitely requires that the device must be locked, and I don't know if adding new key into the keychain is among the stuff authorized by them. (Maybe it's not possible to load canonical's key into Microsoft Surface's TPM keymanager).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Binaries can only be signed with one key. If you use Microsoft's key, you can't use your own.
Well technically, you could provide several different binaries each signed with a different key. At worst you can always put a different bootloader on each CD.
The problem is that currently, there is only one key that you are guaranteed to find on almost every single UEFI system out-there: Microsoft's.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Why CoreBoot?
Because CoreBoot is a firmware, designed to initialise your hardware.
It exists already now, it's supported on several mainboards, and has some big name backing (AMD decided to support them actively, and starting from their next hardware iteration, CoreBoot will be their main focus for a firmware to boot their platforms).
It's a piece of binary code that you can flash to your motherboard.
What's wrong with stuff like OpenFirmware ?
OpenFirmware is a standard regarding how to handle booting, option roms, etc. all this in a clean and cross-platform way. It's not an actual firmware.
Supporting openfirmware means that a hardware manufacturer has to write their own openfirmware implementation (although it's not that complicated, when compared to monstruosities like UEFI) or port one of the existing one (which most of them target non-x86 platforms. So not much to leverage beside the Forth virtual machine)
In fact, coreboot *can* use openfirmware as an optional payload. Meaning that you can put support for that standard on coreboot, and then plug some hardware using openfirmware (like a PCI card from a PowerPC Mac) and have its option rom interpreted on coreboot (well, technically, on the Forth virtual machine running in the openfirmware payload in coreboot) and get the hardware initialized by coreboot.
Coreboot supports also other payloads: It can use SeaBIOS to provide a legacy BIOS interface (to boot a DOS or an older Windows). It can use TianoCore to provide UEFI standard compliance. It can also straight chain to Grub2 and use that as a boot menu. Etc.
So coreboot is a piece of code that current hardware manufacturer can already grab, which is very likely to support the hardware with which they want to build a motherboard (specially if they use latest generation of chips from AMD), and gives a lot of choice as to what standard to expose.
The best part is that coreboot is opensource. So if you, the end user, aren't happy with your firmware, you can still roll your own. (So if you like openfirmware that much, and have bought a motherboard running already on coreboot (or at least supported by coreboot), just roll your own coreboot+openfirmware)
There's no reason to ask HW manufacturers to adopt some completely new firmware stack when there are already-working ones which are more than "open" enough.
Also BTW: I'm under the impression that CoreBoot+openfirmware is currently the only openfirmware available stack for x86 hardware. Am I right ? Or are there other implementation of this standard on x86?
The only real problem here is with this new Secure Boot add-on, but there is no reason to throw the baby out with the bathwater. OpenFirmware / EFI can replace BIOS just fine and not have any restrictions. They already exist and manufacturers already know how to use them.
The problem is that Windows 8 license for x86 requires that the firmware be UEFI compliant, and has SecureBoot enabled by default (but asks for the option to disable it, or add new keys to the TPM chip).
And Windows RT license is even worse: Windows RT can only be shipper on tablets and netbooks where UEFI *IS LOCKED* in Secureboot mode.
So from now on, you now that the market will be flooded with motherboard and device which run on a UEFI compliant firmware, with UEFI in Secureboot mode, and only Microsoft's key in the TPM chip.
If you buy such a board, but that the board supports coreboot (because, for example, it's an AMD board, and runs coreboot+tiano core to provide the UEFI compliance), can just say "fuck it" to the whole story and flash instead a BIOS with coreboot + something saner.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Linux on the desktop has always tended to be for people who think....and they are a niche market in any walk of life. Your post implicitly acknowledges that in implying that these concerns are esoteric and irrelevant....when they are actually quite important. But most people not knowing what is important is nothing new. Linux now on the phones and every other thing because the thinkers helped shape the environment. Google's "Do No Evil" played a big part in that....preserving the freedom of users by default - whether thye know it or not.
Only boring people are ever bored.
Wow, can't believe I missed that one!
s/not illegal/illegal/ :(
Indeed, but Osgeld writes like FSF had done something really nasty that forces others to use something they would not want to, or forced their rules for others to follow. I don't get it either.
In capitalist USA corporations control the government.