Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD's De Raadt Slams Red Hat, Canonical Over 'Secure' Boot

Posted by timothy on from the so-you're-not-a-fan-then dept.

An anonymous reader writes "OpenBSD founder Theo de Raadt has slammed Red Hat and Canonical for the way they have reacted to Microsoft's introduction of 'secure' boot along with Windows 8, describing both companies as wanting to be the new Microsoft."

3 of 391 comments (clear)

  1. Like RMS, Theo De Raadt is right when everyone by RLiegh · · Score: 5, Interesting

    else is wrong.

    Sadly, MS has the power to take control of our computers away from us --and with secureboot they're doing exactly that. This is a direct attack on personal computing and the freedoms of the end-user to control the software on their computer.

    RMS and Theo De Raadt are both right on this --but neither one of them has the influence needed to avert this attack, so it doesn't matter.

    The era of personal, general-purpose computing is over.

  2. Theo ranting, film at 11 by Anonymous Coward · · Score: 5, Interesting

    Theo, ranting, is why he got kicked off the NetBSD project. Theo, ranting, is why OpenBSD's drivers for Broadcom chipsets stink. (Look up how the original author tried to resolve the licensing problems of sticking his GPL drivers in an OpenBSD kernel and was ignored, then screamed at by Theo for making the issue public.) Theo, ranting, is why OpenBSD doesn't properly handle booting from software RAID. Theo, ranting, is why the OpenBSD installer works like the UNIX crap I learned to loath back in 1985 and can't store the state of what you've already selected or go back, you just have to start over from scratch. Theo, ranting, is why OpenSSH has no built-in support for chroot cages. Theo, ranting, is why OpenBSD has no virtualization server capability. Theo, ranting, is why OpenSSH still stores both host keys and by default, user private keys in clear text with no expiration, and has no plans to fix this. Theo, ranting, is why the "compatiblity chart" is a list of chipsets that don't match the actual chipsets published by the manufacturer, and usually are from chipsets at least 4 years old.

    Theo, ranting, usually means you're doing something right for your actual client base rather than for his ivory tower. There's a reason OpenBSD is used only by fanboys who run it on "hobby" systems and don't get any work done. And yes, I've dealt with the crap for years: I *wrote* the first SunOS ports of SSH-1, SSH-2, and OpenSSH. (Theo's fan club did not write SSH: they ported Tatu's previously GPL work into OpenSSH, and screwed up the license. Surprisingly little of the actual codebase is due to OpenBSD hosted development.)

  3. Re:A bit over the top by metacell · · Score: 4, Interesting

    It increases the cost of business for Canonical/RedHat to negotiate with all the OEM manufacturers and get them to include their key.

    If you're Microsoft and already have deals with all OEM manufacturers, the cost may be negligible, but if you're Canonical/RedHat and your OS comes pre-installed on less than 1% of desktops, it may not be practically possible.

    This is true for anyone who wants to enter the market for desktop operating systems and potentially compete with Microsoft. In economical terms, the SecureBoot system raises the barrier of entry for the desktop OS market.

    Because of Microsoft's history of anti-competitive behaviour, I'm also worried about what they'll do next. Once they have control over the SecureBoot system, they could work to make it mandatory, citing piracy as reason. They could also pressure the OEM manufacturers, inofficially, to say "no" when a competitor asks them to include their OS keys. They could make it slow and costly for competitors to get new OS versions signed. Smaller Linux versions, without the backing of a corporation, won't be able to afford signing or getting OEM manufacturers to include their keys.

    I don't know what'll happen, but having control over SecureBoot seems like too much power to place in the hands of any company.

    Then there's the risk that the state will abuse the system once it's in place. SecureBoot controls what OS can be run, and the OS can control what software can be run, using a system of checksums and signing keys. In fact, the technology for that is already in place in Windows Vista onwards, but for the moment, you only get a warning when you try to run an unknown executable. If the state decides to outlaw certain software (such as encryption, hacking tools or P2P file sharing programs), SecureBoot combined with Windows enables them to enforce that law. If that ever happens, it'd be very good for Microsoft, since it severely reduces competition in the OS market, and gives even more power to the company who handles the signing of their competitors' OS:es.