Slashdot Mirror
Richard Stallman Speaks About UEFI
An anonymous reader writes "Despite weaknesses in the Linux-hostile 'secure boot' mechanism, both Fedora and Ubuntu decided to facilitate it, by essentially adopting two different approaches. Richard Stallman has finally spoken out on this subject. He notes that 'if the user doesn't control the keys, then it's a kind of shackle, and that would be true no matter what system it is.' He says, 'Microsoft demands that ARM computers sold for Windows 8 be set up so that the user cannot change the keys; in other words, turn it into restricted boot.' Stallman adds that 'this is not a security feature. This is abuse of the users. I think it ought to be illegal.'"
Richard's story, The Right To Read, has already sort of predicted this move.
Despite what people say about Restricted Boot, it opens up the world of computers to a whole new set of attacks... by megacorporations like Microsoft.
Don't like it? Go into your BIOS and turn it off. The specification mandates that it have a disable option. How hard is it to disable? Take a look at this image: http://imgur.com/QW1Pp
Can we stop using this old folksy saying now? It just isn't true.
-1 overrated isn't the same thing as "I disagree".
I'd be quite surprised to see one. The only API that Microsoft allows third-party developers to use on Windows RT is WinRT (well, and web apps of course). Although it is possible to write native apps using WinRT, the dev tools make it very easy to compile those apps for multiple architectures (ARM for Windows RT, x86 and x64 for "normal" Win8). So, unless somebody intentionally limits their market share to Windows RT only, for absolutely no benefit to themselves, I really don't expect to see Windows RT-exclusive apps at all.
Besides, most people will probably write WinRT (Metro-style) apps using a managed language, like C# or Javascript. That gets you compatibility with both Win8 and Windows RT without even the trivial hassle of recompiling.
There's no place I could be, since I've found Serenity...
Does anyone actually support this move by Microsoft?
The way I see it, if this were about the user, they would allow the user to change the key to whatever the user wants. Then you can sign your own OS.
We've known for a long time that Microsoft wants to lock other OSes out of the hardware.
"First they came for the slanderers and i said nothing."
It is even worse than that - if it is wont be possible to change the certificate on a machine and that certificate get compromized, then it means there is no security anymore neither... The device is now junk after maybe one month of owning it. You need a new device regardless. And dont tell me you have not heard of the certificates for BlueRay and so on being compromised...
BluRay players have a private key to decrypt that can be compromised. Secure Boot only has a public key to verify so it can't be compromised, there's no secret.
The alternative - Microsoft can remotely update the certificate, but that also mean any remote attacker who break the key can change it...
No. If Microsoft was to be hacked and their signing key compromised - a pretty heavy feat of hacking in itself, they'd pull out their root key and revoke that key then create and sign a new signing key. This is PKI 101, you always have a root key for situations like this. Of course if their root key was compromised they're fucked, but that one is deep in a vault deep in the bowels of Microsoft and the only place it'd come out would be in a secure facility to sign a new signing key.
Live today, because you never know what tomorrow brings
Don't like it? Go into your BIOS and turn it off. The specification mandates that it have a disable option..
No, no the specification does NOT mandate that it have a disable option. The specification simply does not prohibit providing such an option (for the moment at least). The motherboard manufacturer and/or BIOS makers are completely free to not provide a disable option if they so desire.
Whether the (lack of) option becomes common or not is another thing entirely, of course.
No-one wants to pay the Apple tax so they can run Linux on an iPad. Windows tablets would be the cheap end of the market where installing another OS is a sane option... except Microsoft are prohibiting that.
Except that Android tablets are the cheap end of the market (well, some of them are), and already ARE Linux.
Just because one is paranoid does not mean that nobody is out to get you. Paranoia is a logical reaction when somebody or something *is* out to get you. Considering that the natural progression of government is to expand in size, scope, and power while individual liberty shrinks, OP's reaction is not unreasonable.
"Guard with jealous attention the public liberty. Suspect everyone who approaches that jewel." - Patrick Henry
"The Price of Liberty is Eternal Vigilance." - Thomas Jefferson
"The course of history shows that as a government grows, liberty decreases." - Thomas Jefferson
"There is danger from all men. The only maxim of a free government ought to be to trust no man living with power to endanger the public liberty." - John Adams
I would rather err on the side of caution.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
I don't believe that ripping your own BRD is illegal, this is well-established practice and nobody can seriously complain about it.
Anyway, if you are on OSX, there is no other way than ripping the BRD if you want to watch them.
I don't believe you've met the DMCA. Ripping a DVD or BluRay is illegal.
The word "PC" comes from "IBM PC compatible"
No it doesn't, it is an abbreviation for the term "Personal Computer". It was in use before there even was an IBM PC.
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe