Slashdot Mirror
FSF Criticises Ubuntu For Dropping Grub 2 For Secure Boot
sfcrazy writes "The Free Software Foundation (FSF) has published a whitepaper suggesting how free operating systems can deal with UEFI secure boot. In the whitepaper, the foundation has criticized the approach Canonical/Ubuntu has taken to deal with the problem. The paper reads: 'It is not too late to change. We urge Ubuntu and Canonical to reverse this decision, and we offer our help in working through any licensing concerns. We also hope that Ubuntu, like Fedora, will actively support users generating and using their own signing keys to run and share any versions of the software, and not require users to install a key from Canonical to get the full benefit of their operating system.'"
hack the secure boot BIOS
Citizen, you have advocated criminal violation of the Digital Millennium Copyright Act. Please place your hands in the yellow circles and await a police action.
What political party do you join when you don't like Bible-thumpers *or* hippies?
I'd say the ultimate solution is for every linux fan to stop recommending computers with locked BIOSs, push hardware with coreboot, and to ignore distros which aren't playing ball. Cracking it is the pragmatic solution.
Go ask Novell how well chasing that Microsoft interoperability trains works.
not as much, but still (for planning to use the MS key). It's a very bad position we (Free Software) are in with Restricted/Secure boot. I think it's time the Linux friendly vendors really get behind CoreBoot [http://www.coreboot.org/Welcome_to_coreboot] and let us be truly independent.
As it is setup right now:
Binaries can only be signed with one key. If you use Microsoft's key, you can't use your own.
Not all vendors may support letting users add their own keys. (and even if they do it certainly complicates a fresh install).
ARM will be completely locked down if vendors want MS to run on it.
If you use the Microsoft key, they can revoke your access (they likely need cause, but still)
Sadly I think this may well be true in the future if hacking your own PC is treated by Microsoft the same way that modchipping your PS is treated by Sony
Linux users in general are just Unix posers. If you aren't running HPUX on a home Itanium server, then you're just using watered down bullshit.
Also, my dick is bigger than yours.
I realise it must have been a great trauma to you to have RMS jump through your window wielding a katana and forcing you to install gNewsense GNU/Linux, but seeking counselling is a better solution than going on about it on Slashdot.
Wait, that did not happen? Oh, you were confusing 'criticizing' with something else; and implying that the FSF have no right to express their criticisms. Hmmm. Seems like a prime example of the pot calling the kettle black, don't you think so yourself?
"I know I will be modded down for this": where's the option '-1, Asking for it'?
You can now, yes. But remember the big push for Secure Boot is from Microsoft. A company with a long history of using every dirty and underhanded trick in the book, including a few of their own invention. I do not trust them: Today they only make it enabled by default, but in a few more years they may take away the capability to disable it entirely.
So far there's no indication that you need to hack anything. Microsoft requires that PC's sold as certified for for Windows 8 allow you to enter custom mode and load your own certs. The reason Linux Distros are going the routes they are, using a Microsoft Signed boot loader, is that they want something that will be bootable on any machine out there with out having to enter the bios. While your typical users here on slashdot probably doesn't have any problems entering their bios and adjusting Bios settings for many other users is something they've never done and it's going to be extremely specific to that mfgs implementation on that particular hardware so no general set of instructions is possible.
Linux is mainstream everywhere except the desktop, and I heard the desktop is dead anyway.
Linux has gone mainstream... Just not on the desktop. Where is remains a distant 3rd behind Windows and OS/X.
With Android, Linux is quite popular with mobile. Linux is also strong on the server side too.
Linux never made it to the desktop, because there were too many drivers to support. When you luck out and get a System that is well supported by Linux... Linux rocked on that system. However if you try to put Linux on a poorly supported system, it usually sucked, and felt like a cheap OS.
If Microsoft make "Windows 9" a Linux Distribution with a Windows themed UI. It would probably be just like Vista, many people complaining about hardware compatibility, systems crashing all the time (due to improper drivers)
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
This is the start of a sea change in who controls our computers. Yes, for now you can turn it off (oh, sorry, unless you're using an ARM system), but this is just the first step. They can't go the entire way all at once. They've tried before, and learned they have to go one step at a time. Each step doesn't seem so bad, until finally, all the cards fall into place.
Already most of our mobile devices no longer belong to us, unless you manage to defeat the device's security that is meant as security against YOU, the owner of the device. Bought anything with iOS, or about 95% of the Android devices? Or WP7? Sorry, someone else owns it even after you purchased it. That's the world that many powers like Microsoft and many governments desire for the whitebox PC. A locked down device that obeys other masters, only booting "trusted" OSs that let those masters have the final say over what your computer does. Because a world where a billion individuals had control over their own computers could not be allowed to persist. It threatens too many corporations and governments.
Of course, people will buy these increasingly locked down PCs just like they are falling all over themselves to buy tablets, so this world WILL come to pass. All we can do is figure out how to deal with it.
for someone to hack the secure boot BIOS
So it's come to the point of having to attack our own computers just to run the software we want? The fact that we have to resort to these measure is a sign of just how bad things have gotten.
provide an easy way for users to reflash theirs from Windows or whatever OS is preinstalled
So to run free software, I have to first agree to yet another license for proprietary software? That is a step backwards if I have ever seen one.
No doubt this will prevent windows being reinstalled but unless you want a dual boot machine I doubt this matters much
There are lots of people who want or need dual boot. I would guess that a substantial fraction, maybe even a majority, of GNU/Linux users have dual boot. People should be free to use their computers the way they want, which includes the freedom to dual boot.
Palm trees and 8
Canonical is making the right choice for their users.
Funny how when I was growing up, free/libre software meant that the users did not have to rely on companies like Canonical to make their choices for them.
Palm trees and 8
OS/X? Finally, the successor to OS/2 the market has been waiting for!
They can call it WARP 10!
they may take away the capability to disable it entirely
They already are taking it away on ARM based systems. "On an ARM system, it is forbidden to enable Custom Mode. ... Disabling Secure MUST NOT be possible on ARM systems" (page 122 of Windows Hardware Certification Requirements)
Sadly I think this may well be true in the future if hacking your own PC is treated by Microsoft the same way that modchipping your PS is treated by Sony
I haven't really been paying attention to what Sony has been doing (don't own a PS3), but I wonder if Sony really cares about modchipping itself, or if they just want to keep modded consoles off of PSN?
The latter seems reasonable to me... If you want to mod the console, fine. Just don't expect to be allowed to play in the sandbox with all of the unmodded consoles. You know if they let modded consoles on that games would be flooded by griefers and other annoying breeds of adolescent (chronological or mental).
Not picking a fight, just wondering if I'm missing something...
A host is a host from coast to coast...
Unless it's down, or slow, or fails to POST!
Also, my dick is bigger than yours.
That is probably the most common logical phallusy.
SJW n. One who posts facts.
Intel knows where they can make money from GNU/Linux: servers. That is not the target of this restricted boot system, and even if these restrictions come to servers, nobody will complain -- professional IT workers can put a $99 signing key purchase on their budget and continue to deploy whatever they want. Desktop GNU/Linux is not going to make Intel all that much money, and they know it -- Windows and Mac OS X are where all the desktop money is.
Intel and everyone else knows that restricted boot environments for personal computers (desktops and laptops) will be hugely profitable. Entertainment companies love it -- they can deploy a new kind of DRM that won't be defeated for years (see: PS3). Software companies love it, because they can stop people from applying cracks to evade DRM. ISPs love it because they can better lock-down their networks if they can control the computers that can be connected to those networks. The potential for money-making deals is HUGE, and Intel knows that when their chips are the center of these profitable systems, they make lots of money.
At the end of the day, Intel could not care less about hackers or computing freedom; they exist to make money, and there is no money to be made in allowing desktop and laptop users to have freedom.
Palm trees and 8
No, they're concerned that Ubuntu is giving up a GPL bootloader because they're choosing to adopt Microsoft's secure-boot solution, which effectively puts all such systems under Microsoft's control and makes it infinitely harder for "unapproved" software to run on the systems (which, if Microsoft's attitude is any indication, would include virtually all Free Software.)
So my computer belongs to Microsoft? Dell? Asus?
Perhaps you missed the bit where ALL systems with the Windows 8 logo were going to be forced into this locked state by default. It's not just a corporate security feature, it's being rammed down ALL of our throats.
Actually no.
The linux kernel is the choice of most of the embedded community (which Google Android is part of) and has garnered its mainstream acceptance in this market since the kernel was first introduced. Google picked the Linux kernel to host the Android OS not only because it was free, but because the Linux kernel was already prevalent in the embedded market and was compatible with the ARM processor. Android OS may have increased the number of units sold with the Linux kernel installed, but it DID NOT make Linux mainstream in the embedded market.
Android didn't even make Linux mainstream to the general public. The consumer has no direct contact with the kernel, nor is Linux mentioned in any marketing done by Google to the general public. In this case, the linux kernel is just a part of a much bigger OS being installed on a mobile phone. I think when most people think of Linux they think of the Linux kernel with the Posix compliant runtime environment. Android does not fit this definition.
Nitpicks aside... Linux only has mainstream acceptance in the embedded and server market. People purposely choose a Linux OS to run on a server. People do NOT choose a Linux OS to run their phone (well not a lot of them), they instead choose Android OS which Google spent large amounts of money to market it. My point being that in order to be considered "mainstream" the community at large would consider picking your product directly versus as an internal part of a much more popular product.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
You DO know that the first amendment doesn't apply to private organizations, right?
To ensure perfect aim, shoot first and call whatever you hit the target
^ Please see the above wall of text for an example of the type of user who finds Linux usable on the desktop.
There's no -1 for "I don't get it."
Well if you are worried then the answer is simple, support AMD who has switched to Coreboot instead of UEFI as the replacement for BIOS. Since I doubt VERY seriously MSFT would have the brass balls to try to ban AMD systems from running Win 8 (and most likely risking another antitrust investigation) they will have to allow AMD systems to use Coreboot which means if you don't like it? The source is right there, help yourself and flash away.
But whether FSF likes it or not MSFT seems bound and determined to get rid of Windows piracy not with the carrot but with the stick, since its common knowledge that Win 7 is completely cracked wide open thanks to bootloaders that even allow the machines to get all updates without so much as a WGA warning so like it or not MSFT is gonna push this. At least AMD is supporting an open tech that you can flash yourself, although you always have the option of just turning the damned thing off and not using Secureboot.
Personally while i think offering Win HP for $50 and the Family Pack for $100 (which there is one of the family packs being offered right now on deals.woot for $95 and free shipping, its on page 4 i believe) to end piracy ultimately its their OS and they can be as tarded as they want with it. I think everyone is getting their panties in a wad over nothing myself, the amount of backlash I've seen at the shop over Win 8 is 10 times worse than Vista so I have a feeling its gonna be the new MS Bob and the OEMs are gonna be killing secureboot and shipping Win 7 as fast as they can get them out the door. Don't forget Vista had crazy anti-piracy shit in it too and it BOMBED like Michael Richards at an NAACP fundraiser so I really think we don't have anything to worry about here.
ACs don't waste your time replying, your posts are never seen by me.
Platform fragmentation that keeps developers and publishers away, tons of UI/UX rough edges, very powerful customization that is never backed by some serious graphical utility just configuration files so that newcomers can get scarred of screwing up (or screwing up again and again), cool technologies and flashy features that changes the environment every Thursday or so, being pushed before stabilizing core software, plethora the apps each written in a dozen programming languages, widget set, frameworks, dozens of libraries to parse command-line parameters or whatnot, lack of proper contingencies when screwing up (especially when dealing with xorg)
I still love the platform even if it's all over the place. Linux isn't popular because one of it's strengths, diversity, is being prioritized more than anything. Many people can't see that scratching an itch in three different places has no chance of 100% effectiveness.
uhm...
The biggest is the fragmentation, of well, everything. The UI is different for every distro, every version, and every update
Only someone who hasn't done years of work on Microsoft systems could seriously claim this as a drawback for Linux. How many different GUI toolkits in its various OS versions is Microsoft up to now? 4? 5? It probably depends on how you count...
Microsoft has been a hard-driver behind ALL of this.
And you'll find that promoters have way, way more say than most Contributors, once you get inside these groups.
Generally they're all assholes when it comes to restricting users. Microsoft just happens to be an 800lb gorilla.
Indeed, a chain secured by a lock you won't have the key to.
FOSS is explicitly being excluded in these situations. All of these "solutions" require some 3rd party to be trusted and for the entire platform to be geared to work AGAINST the user, who is treated like the enemy rather than the party to be protected.
Of course not, but that would imply that 'trusted computing' put the user in a 'trusted position.' The vast majority of current applications do not. The user is completely untrusted and given a little sandbox to piddle around in.
Or the fact that a FOSS solution that is trusted is pretty much 100% antithetical to the concept behind FOSS, especially when you've effectively TiVOized everything by locking it up and not giving the user the key.