Slashdot Mirror
UEFI Secure Boot and Linux: Where Things Stand
itwbennett writes "Assuming that Microsoft doesn't choose to implement Secure Boot in the ways that the Linux Foundation says would work with Linux, there 'will be no easy way to run Linux on Windows 8 PCs,' writes Steven Vaughan-Nichols. Instead, we're faced with three different, highly imperfect approaches: Approach #1: Create UEFI Secure Boot keys for your particular distribution, like Canonical is doing with Ubuntu. Approach #2: work with Microsoft's key signing service to create a Windows 8 system compatible UEFI secure boot key, like Red Hat is doing with Fedora."
itwbennet finishes with: "Approach #3: Use open hardware with open source software, an approach favored by ZaReason CEO Cathy Malmrose." When you can't even use a GPLv3 licensed bootloader to boot your system, you might have a problem. Why is everyone so quick to accept the corpse of TCPA in new clothes?
Just wait for a while. System admins will find it very difficult to install Enterprise Licensed Windows licenses. MS will be forced to cave in, and provide easy mechanisms to do that for early adapters. Just use whatever technique the local PC vendor guy recommends.
If you keep throwing chairs, one day you'll break windows....
Nonsense. People care so long as there is money to be made.
In this case, there isn't much to be made. MS & Canonical have written off the desktop market, and who knows what Apple will be doing next. As such, the lockdowns will continue while the tech sector undergoes decay, up until someone has a brilliant idea that forces the various players to reassess. Since many of them have consulted their crystal balls which say tablets and cell phones are the way of the future, this change is highly unlikely.
I am John Hurt.
There are a lot of people who care. Unfortunately there are not enough people making purchasing decisions based on that.
Modify ntldr to boot to grub automatically and and remove all unnecessary windows components
Lawsuit?
i prefer option 3 too, but...
microsoft wont go out of business but they could very easily marginalize themselves to the point that they are no longer the 800 pound gorilla of the desktop PC market, and more than likely Apple and Linux will grab more userbase, i prefer old school distros like debian & slackware so apple wont be getting any of my money
Politics is Treachery, Religion is Brainwashing
It seems like the obvious way to block this type of stuff is to pass legislation requiring government agencies to only purchase PCs that are free from such encumbrances. The state and taxpayers benefit from keeping their OS options open on new computer hardware and more importantly they represent a large enough percent of total sales to actually get a proper response from manufacturers.
Approach #4: ignore UEFI Secure Boot. It's a blunt solution to an obscure problem. More importantly, it's such a huge pain in the ass, not just for Linux but for ALL system integrators, that anyone actually preventing the user from disabling Secure Boot will end up limiting their own marketability. Two things will happen:
1. It will be relegated to tiny niches where security trumps usability
2. It will be cracked
This is not an either/or. Both things will happen. This whole fiasco is nothing but a huge waste of time for everyone involved.
-Billco, Fnarg.com
(Too many #4 here already, so I'll skip the numbering)
What about clustering all Linux enthusiasts' computers together and cracking Microsoft's signing key, SETI-style? I'm not sure about the mathematics there (taking longer than the galaxy will exist, etc.), but maybe it's possible. Or maybe somebody made a mistake and the key is much weaker than it is thought at the moment (see PS3).
Disable secure boot.
From http://msdn.microsoft.com/en-US/library/windows/hardware/jj128256:
"Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv. A Windows Server may also disable Secure Boot remotely using a strongly authenticated (preferably public-key based) out-of-band management connection, such as to a baseboard management controller or service processor. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure Boot must not be possible on ARM systems."
They made disabling secure boot required for the Windows logo on x86 (while probably worried about the threat of an antitrust investigation).
They don't try to make better products, they just try to kill the competition. I see ads for their crap with cool songs, a lizard, and neat apps everywhere but the actual thing doesn't work. Even they can't work it right, as shown by several demos they have done. They seem to recognize it but instead of dealing with it, they just try to eliminate everyone else. Linux has a MUCH better programming environment than anything Microsoft can offer. Even its overall usability (I use Ubuntu) is more intuitive. So Microsoft tries this shit. It's not secure and it's not user-friendly. It's just meant to make Linux harder to install. And I can't support a company that takes this approach. Fuck them. It's a good thing their company is dying. Hopefully more OEMs see this and start offering Linux PC's, but I kind of doubt it.
> Why is everyone so quick to accept the corpse of TCPA in new clothes?
Only softies and people who don't know any better do. Pointing at Apple and saying they lock their phones and tablets too ignores the fact that what they do is also wrong. It's like Timmy beating up Bobby on the playground, and when you beat up Bobby, you point at Timmy and say "well, he was doing it too!"
The rest of us want to punch people in the face for even suggesting TCPA 2.0
--
BMO
- Buy computer
- Disable Safe boot ( http://www.howtogeek.com/116569/htg-explains-how-windows-8s-secure-boot-feature-works-what-it-means-for-linux/ )
- Install whatever you like and not worry about certificates or exaggerations of doom
We already have hacked BIOSes for far more irrelevant reasons than this. I expect it to become a common thing to just wipe secure boot from the system entirely if this is a problem.
Great Intellect...
1. It will be relegated to tiny niches where security trumps usability
God forbid in this day of malware, server breaches, and root kits, someone should be triumphing that over usability.
People are going to use Windows 8?
I thought this would only be a problem for people who are afraid to muck around in their bios. The situation is that even tech-savy users can't turn this shit off?
Free the Quark 3 from asymptotic confinement! Bring your charm! Don't get down! All colours and flavours welcome!
um, grub is a bootloader not an operating system, and windows 8 is a operating system (the operating part is disputable) not a bootloader. the windows bootloader can't boot any operating systems other than other versions of windows. your comment does not make any since.
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
The problem is the whole "Desktop PC" market is becoming marginalized. Mobile devices are where a majority of computing dollars are going (in the consumer world).
Computers used to be huge and had a whole room dedicated to merely running them. Desktops revolutionized that, but the computer still lived in a specific room and you had to go to that room to do your computing (office or wherever).
The whole idea of going to a specific room to do your computer is going away; at least for average people. Microsoft will be marginalized if it tries to stay in that market, regardless of what it does there.
As an anecdote, my best friend and I both bought the same model of laptop computer a few years ago. I finally had to buy a new one and asked her if she wanted me to try to upgrade her old one (I'm much more of a power-user than she is). She said "sure", but that it really didn't matter that much because she doesn't use her computer much any more because she does everything on her phone now.
I love Linux and have been using it for years, but grabbing up more userbase in the desktop market won't account for much.
: : : : : :
Approach #1B:
Instead of limiting it to your distro, let ALL distros share a central Secure Boot key infrastructure. Set up an open foundation to manage it.
Mobile devices are where a majority of computing dollars are going (in the consumer world).
I think it may be where it's going soon in the corporate world too, especially with BYOD. If so, Ubuntu may be on to something with their Ububtu for Android kit.
It lets you run your phone/tablet as a portable device, then as a full desktop OS once it's docked with a monitor, mouse and other external peripherals. In the video, they're even showing it running Citrix for some legacy applications.
http://www.ubuntu.com/devices/android
http://en.wikipedia.org/wiki/Ubuntu_for_Android
http://www.youtube.com/watch?v=wzc0uMXGFBY
"I've got more toys than Teruhisa Kitahara."
How about manufactures do what chromebooks do and have a switch that flips between secure boot & standard, best of both worlds..
He may be referring to loadlin, a very old 'bootloader' that booted Linux from within Windows, effectively using it as a bootloader. However, it only ran on the Dos based Windows, not the NT based versions.
The average user thinks the damn PC can only do what they double click on the desktop and has to call tech support when they put the printer on a different USB port. It's not that it's unusable. It's that typically you need someone from IT to get the damn thing into a state where all they have to do is click the icon. With most Windows boxes, they get the PC pre-imaged with all the apps and drivers they want installed and are lost if it's anything otherwise.
Now, for intermediate users, yeah, linux sucks. I just worked for two hours trying to connect to a frigging router because the static IP configuration is so goddamn fragmented in Linux Mint. Is it really so hard to create a xwindows bin that edits /etc/network/interfaces and re-runs init.d/network restart after a change is confirmed? I would just vi the conf in bash, but when I did the thing started pulling a static IP network config from somewhere else, then something kept deleting routes. The supplied GUI apps, don't even show the current configuration, much less any new ones entered. WTF?
If this is not an example of Microsoft's monopolistic practices i don't know what is.
Seems to me that this is a very serious violation of the spirit of the antitrust rulings when MS killed netscape. Why aren't our consumer protection agencies stepping in to forbid MS from doing this?
The MS specs require any MS-certified firmware to allow the user to load their own keys. So, if you want to install linux, just generate your own keypair, use it to sign any OSes you want to boot, and install it as a trusted key in your firmware.
Viola, you can still use secure boot, and you can boot whatever you want, and as a bonus not even MS can install something on your hard drive and have it be bootable.
Or you can just disable secure boot.
Distros should just make it easy for users to sign their bootloaders. This should be easy for distros that have the user manually install grub/etc. Or the distro could just supply a pre-signed bootloader and a key for the user to load into their firmware.
tell that to all those people using android phones and nook e-readers
my nook tablet isn't fragmented, it's in one piece and it runs all kinds of android stuff just fine despite being a mongrel oddity with zero market share
ubuntu is way easier to install and set up than windows
the only reason windows is "easy" is because it's already installed when you bought the computer
Both my wife and my sister have very nice laptops ca. 2009-2010. I used to do an ongoing and significant amount of Windows tech support for both of them.
Nothing in about 2 years. What they have in common: both have iPhones.
I don't live with my sister, so I don't know whether this is absolutely true in her case, but my wife hasn't even opened her laptop in months. I regularly see her using her iPhone for web browsing, Facebook, email, etc. (As in, for several hours a day.) And I have recently done iPhone-related tech support for both (sister: how to upgrade iOS 4 -> iOS 5 to install an app that she needed; wife: replace an iPhone battery that she basically wore out).
I do know that my sister is active on Facebook and she does communicate with me via email, so I'm making the assumption that she and my wife followed basically the same path: get an iPhone and never really use the computer again.
STOP . AMERICA . NOW
If you purchase something purely based on price you are one stupid user. Freedom matters and just because the majority don't understand the issue doesn't mean it doesn't mean the lack of freedom isn't harming them.
The lack of freedom causes so many problems. It prevents competition, it prevents compatibility, it prevents upgradability, it makes common applications obsensely and abusively exspensive.
Now I'm not saying you shouldn't pay the developers. You should contribute. For most people payment is how one contributes. While selling free software may not work terribly well for developers due to the lack of understanding of what free software is and is not contributory models work fairly well if done right. So do agrements between companies supporting free software like ThinkPenguin and Trisquel. Or Google and distributions/web applications. There are other agrements as well. Such as CDs and merchandise. All of these have value and can and do fund free software development.
Did you hear Oracle's latest pronouncement that they really don't care about x86 at all, they are much more interested in SPARC?
Maybe this is because they know that Microsoft is making it hard for Solaris to run on x86 also.
If they abandon the platform and move exclusively to SPARC then they don't have to worry about Microsoft any more.
Windows 8 gives the distinct impression that the desktop is just not so important to Microsoft any more
and yet they double down on their paranoia about competition on the desktop!
Really! They could care less about the desktop and they don't want anyone else to be there either! So weird.
Forgotten in all of this is that there is no actual value added for the user in all this.
When it's all said and done, from the user's point of view, it's a step backward in usability and utility without providing ANY extra security for the user's data.
Think about it: for an actual boot-sector virus to work, it have to break into your computer already. Well since it's already broken in, why does it need the boot sector? It can just break back in using the same mechanism it used in the first place. Secure boot gets you no extra security.
Notice that Windows had to mandate this, is there any clamor from the user base for computers that are more difficult to use?
If I use Macs and Linux servers... Should I care?
Windows 8 is not going enterprise and OEM's need to not lock out XP / Windows 7 as they will lose the enterprise market if they do so.
the MB makers likely will not want to go windows 8 only.
also Enterprise use lot's of differnt pre boot tools.
Any where from 3rd party disk encryption tools to NON MS deploying tools.
I am very close to buying a laptop from a company that manufactures laptops designed to run linux. Either ZaReason or System76. I am currently using an early 2007 Macbook Pro, which has been a fairly nice machine. However I don't like the way consumer computing is going, and I feel the need to stand up for my right to run a Turing complete computing device. And $800 or so for a laptop isn't too much for me to plop down.
This and no other is the root from which a tyrant springs; when first he appears as a protector - Plato (423 to 327 BC)
I got money burning in my pocket for a laptop/motherboard with out secure boot. I this means my i7 system is the last system I buy so be it. I don't play games so I'm ok with old hardware for getting online. Hell I still use PS 7.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
In many cases they only contributed because the GPL bit them in the ass.
If they voluntarily complied it would mean more.
I've installed Ubuntu and Mint for a variety of end users -- from football jocks to the elderly to the moderately PC-illiterate. The only time any of them ran into an issue was when they wanted to run Windows software, and even then, I was able to give them a Linux equivalent, and they were fine.
So anyone who says Linux is not "average user" ready, you're just plain wrong. My tech support record flies in the face of that.
There are a few things people forget when they compare sales numbers of desktops vs mobile devices.
A) Most houses have 1 or 2 desktops (shared by the family), but most people have their own smartphone or laptop (since they take it with them to work/school/etc).
B) Desktops tend not to be replaced as often, partially due to them being more powerful/dollar in the first place, and partly because they are SO MUCH easier to upgrade.
C) Desktops cost a LOT less (unless you get a screaming gaming rig) than any other computing device out there, so comparing the *amount* people spend on desktops vs mobiles is pointless.
D) A lot of people that build gaming machines (and even some that don't), build there computers 1 piece at a time, and thus don't get counted as "PC Sales", almost NOBODY does this with laptops, cellphones or tablets.
Mobile devices may be on the rise, but I doubt desktops will dissapear any time soon, at least not until they stop being half the price of a less powerfull laptop!
Unrelated Note: Why won't slashdot's comment boxes resize horizontally in Firefox?
This only works on x86. You forgot about ARM.
now we need to go OSS in diesel cars
Your regular non-tech consumer doesn't give a shit about secure boot or even the shortcomings of the OS that developers like too pick apart when trying to prove their point that MS sucks.. Consumers want a PC to work out of the box that can run their existing apps. A vast majority of large businesses have no intention of making a wholesale change from Windows to another OS in the application space because they have too much time and money invested in their custom business applications that would need to be changed to work in another OS environment. Changing to another OS would require all their developers, system admins, and users to be retrained. And even if their program some how operated the same I have worked with several medium and large businesses who were talked into going to another OS only to find out that their existing development staff and users lacked the skill set to support such a drastic change. I had several request to re-architect applications I built that targeted the Windows environment which I did Ior 6 clients and 5 of them came back and asked me for the Windows applications. And while everyone seems to want to vilify Microsoft for the secure boot or othe control mechanisms what is thier opinion on the locked down Apple platform?. And please forget about things such as Wine, Mono, or any other applications that will allow Windows programs to almost work properly. User retraining would also have to be factored in when moving to another OS platform. None of these type of systems provide total functionality available in Windows. Individuals and small companies with limited custom application libraries can pull off the change in OS but they are in the minority. And while MS may be curently playing catchup in the phone and pad platforms they are making headway but it will not show up overnight. They are a large company with an large user base and it is hard for a company of that size to change directions on a whim. Apple almost folded as a company back in the early 90's they could not take advantage of commodity hardware which resulted in their products being more expensive than the Windows products. They lost the business sector with this strategy and practically handed MS the business orientated market. This in turn meant that the business users learned how to use Windows and they purchased Windows for personal us because that was what they were familiar with. Regardless of what I wrote here I am not some MS shill. I consider my technology agnostic and choose the technology that best fits the situation but from a career perspective someone with experience with Windows will not have a hard time finding employment. Just checkout the biggest tech job sites and compare the number of Windows development job opportunities against the opportunities offered up for non-MS solutions. If you are a professional developer or administrator making a decent living trumps any technology evangelism.
My understanding is that they want Linux running within Windows, not so much the other way around.
http://www.microsoft.com/en-us/server-cloud/hyper-v-server/default.aspx
... in some country. Then there will be ARM devices around that can boot whatever you want. Said country will get rich re-exporting more useful hardware back to the world.
now we need to go OSS in diesel cars
Long ago, towards the end of the last century, desktop computers were BYOD and Visicalc was the killer app. That was the extinction event of the dinosaurs. Now, with new smaller BYODs, the desktop computer is precariously balanced on the edge of its extinction event.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Your version of real work is different from mine. I use programs like Autocad, Solidworks, and Altium to do my job and they all run without issue on Windows XP or 7. Yeah windows is a different environment and you're not willing to admit that.
Only the State obtains its revenue by coercion. - Murray Rothbard
Will the ARM machines have a "Disable Secure Boot" setting?
Hey, speaking of Apple, weren't they the ones that locked everyone's OSes out of their hardware and locked their hardware out of everyone else's OSes for like a decade? They're still around and nobody seemed to have a problem with them doing that, which pisses me off.
Why do you want to buy a Windows Logo ARM system to not run Windows?
All of this is just Windows Logo requirements. Buy the non-Windows ARM hardware.
Hack the firmware. Do what you want with the system. Microsoft isn't going to send the Sony-hit-squad after you if you take WindowsRT off your tablet. They just won't let the vendor ship it that way with Windows Logo.
And who is producing non-Windows ARM hardware?
Also, I have bought x86 and x64 hardware with Windows Logoes on it (I'm on such a laptop right now), so why wouldn't I do it with ARM?
Avoid buying anything that has Windows installed on it. I already do that for aesthetic reasons; now that it's not just a matter of reformatting I have even more reason to.
has to call tech support when they put the printer on a different USB port.
In my experience with XP, changing USB ports often means reinstalling the driver (or at least pointing Windows to where you already installed it). Printer drivers are horrible; I'm pretty sure most of the developers ride the short bus to work.
Ever install Vista or Win7?
Yes. I bought this laptop I'm using a couple of months ago. It dual-boots Win7 and openSUSE 12.1, both of which I installed myself.
Boot the disk, answer a couple of questions, the installer does the rest...
First question: Does it have all your device drivers?
essentially imaging the system to a clean install for a computer that doesn't have Windows installed.
With none of those applications you go on about.
Linux in orders of magnitude more difficult to install...
With apologies to any equines who may be in the audience, that's complete and utter horseshit. To quote your own fine self, installing a modern Linux distro is a case of "Boot the disk, answer a couple of questions, the installer does the rest".
...not to mention all the 0.x unfinished apps for supposed Windows app substitutes.
What Windows apps? You mean the apps *for* Windows that don't actually *come* with Windows that you have to find (and possibly *buy*) and install separately? As opposed to the hundreds (thousands?) of perfectly usable apps available in any halfway respectable Linux distro that you can load as part of the OS installation?
BTW, the installation of Windows 7 Pro and about a dozen applications which had to be obtained and installed separately (following the OS installation) took almost exactly *twice* as long as as the openSUSE installation, which provided *everything* I need for both personal and work use with just 2 exceptions--Skype, and a proprietary app we use at work.
Oh, and let's not forget cost: the Windows 7 Pro OEM DVD (English) ran me about 1350 SEK (call it US$200); the blank CD on which I burned the Linux network installer was about a dollar and a half (~10 SEK).
TL;DR: Windows took twice as much time to install, cost me 200 times as much money, and provided about 10% of the software.
So... You are badly misinformed, deluded, or just plain lying. I'd say it's a bit of all 3.
What is it with you guys, anyway, that you find Linux so threatening that you have to resort to spewing garbage like this about it?
Il n'y a pas de Planet B.
Very good question, probably not for Mac servers as they are made by Apple, but surely some generic servers would be effected? (posting to undo moderation)
null
You can either use the gnome/KDE settings or /etc/network/interfaces if you use both it tends to stuff up your system, also the network init.d script is obsolete and it says so when you run it.
null
Why does this piss you off? And is it the locking out of other OS's from Apple's hardware, or the fact that no one seemed to care, that's upset you?
When Apple licensed the Mac OS back in the 90's it hurt what little business Apple did have. Apple is, and has always been, a system provider, meaning hardware+software. While selling the Mac OS to run on non-Mac hardware has been tossed around for years, it will never happen since Apple wouldn't sell enough copies to stay in business by selling hardware that can be replaced with a cheap PC.
If you want to run a non-Apple OS on a Mac, that's been possible since 2006.
Nitewing '98
Everything works...in theory.
One feature I can think of off the top of my head is the search functionality of Vita and 7. This is a massive timesaver, especially compared to the painfully slow, limited one in XP. Finding a file/program/email in 20 seconds rather than 10 minutes is a big productivity boost.
This is a question of trust. Remember how Intel released in one of their Pentium line of processors that deliberately leaked the processor ID. Oh sure, you could switch it off in the BIOS, but users DIDN'T trust that, and sales did not go well until the next processor.
Now you're willing to trust Microsoft with an "off switch" to their competition killing lock-out "secure boot" loader. More fool you.
And where are the alternate BIOS manufactureres? About time to shove Phoenix and the rest up their secure behinds.
Take Nobody's Word For It.
You make some good points. However consider your "retraining" statement, then look at Windows 8 vs Windows XP. I work at a Fortune 100, and they still deploy new machines downgraded to Windows XP. They're just starting to use Windows 7 and that's because it breaks a lot of things to make that change. Moving from XP to 7, and from Office 2003 to Office 2010 requires massive retraining - so Microsoft no longer has an advantage in saying "you won't have to retrain".
The funny thing about Apple having lost the business sector, it's edging its way back in. In half the meetings I go, people are asking how they can see this or that on their iPads. Our IT department has no choice but to support it.
One strategy to overcome the problem of investment in custom applications is virtualization. WINE may suck for a lot of apps, but full virtualziation works great and many "old school" apps can be delivered via citrix. Once you do that, then everyone with their shiny new ipads can still run all the old software they had before. In fact I manage an app that's delivered this way. As long as they have an OS that the citrix client runs on, then they can use the app I manage (Access 2007 on SQL 2008).
So while more and more of the business users are using iPads or whatevers, more and more apps are being run through systems like citrix or being refactored as web apps.
Now, as a "hacker" I generally like desktops because of all the things you can do with them. But even so, my last 3 "computers" have been laptops/netbooks. But then what do you call the NAS I installed? It runs Linux (or BSD) and is essentially a special-purpose computer. And the media device for getting Netflix and streaming media off my NAS is is just another special-purpose computer. As I'm starting a graduate science program, I am already thinking about how my next "large computer" will be something I will build myself and install in the garage - and I'll access it remotely with my laptop, netbook, or even phone.
The desktop will still be around for a while, but it's a market that will continue to decline. For their computing needs people (and businesses) will be turning more and more to mobile devices and purpose-built computers. Businesses will also have server class machines.
Think about what most people do on computers and there's no longer a need to be chained to a desk in the back room to do those things.
Microsoft will be around even longer than the desktop and you'll still have a job. Indeed while I don't agree with their past business practices I still use some of their products. In fact I have Windows XP running in a virtual computer as I type, so that I can run Office 2007 to do the things that require that. It doesn't even matter what my host OS (it happens to be Linux) because those kinds of details will be come less and less relevant.
However it seems clear to me the that the desktop as a common way of doing computing, is on the way out. It had a good run. I just hope kids in 10 years have a way to experiment with building and modifying their own computing power like I did.
No they weren't. Stop talking utter rubbish.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
there is a small 64k static ram and 64k rom built into the cpu chip which also houses the tpm. the core accesses onchip rom and ram on an onchip data bus, none of the activity on the built-in rom and ram are signalled on any chip external lines. At reset the rom is mapped to x'4..0000'-x'4000...ffff', the ram is mapped to x'4100..0000'-x'4100..ffff' and the cpu begins to execute at location x'4000..0000'. The code in the rom expects a 8m flash to be present on the external data bus at x'5000..0000'-x'5000-3fffff' external memory.
There is an internal onchip flash called the security configuration flash. this flash contains the cpu serial number and a cpu specific symmetric key KCPU,a bit -a 32 bit checksumSVALID, a fuse bit SPERSONALIZE, a symmetric key KJTAG and a bit SMODE and a Public Key SEXTROM. If SPERSONALIZE=1, proprietary JTAG commands allow loading of the secure configuration flash. The on chip rom verifies the checksum of the secure flash area. if the checksum is incorrect the rom code halts. The secure flash can still be loaded through secure JTAG provided SPERSONALIZE still =1. If not the chip is now junk.
if the secure flash area verifies the onchip rom then uses the KCPU key to verify authenticity to the tpm and the tpm verifies its authenticity to the onchip rom code using KCPU. The tpm is on the cpu chip reachable through onchip cpu address bus. its registers are mapped to x'ffffffff00000000'-x'fffffffff000000ff'. it can access the cpu static ram and uses a mailbox scheme to retrieve and return cmd operands. the login consists of a symmetric challenge response using the cpu key. This cpu key is also programmed into the tpm at personalization time via secure JTAG. The secure JTAG cmds to program the tpm tap use a symmetric key KFACTORY to authenticate that was burned onto the tpm at the factory. this key is specific to a certain chip batch only.
if login to the tpm failed and SMODE=1 the onchip boot rom halts.
If SMODE=1 the code in the boot rom now inspects the first 32 bits of the external flash at x'5000..0000' to find an offset to the signature area on the extrom. then a MD5 hash sum is calculated over x'5000-0004'-begin of signature. then the MD5 hash is compared with the mD5 hash in thr signature area. if the hashes do not match the onchip tom halts. if the hash compare then the hash public key signature is verified with the public key SEXTROM. if the signature is incorrect then the on chip rom code halts.
if the signature is correct the extrom code initializes the external memory sdram controller, does other chipset inits and then branches to a firmware environment.
this can be UEFI. the Firmware environment FE if configured to enforce can verify the signature of the first boot loader code it loads over multiple paths, such as disk, usb or network. the external code loaded must be signed by an approved key stored in the verified tpm. If the signature is incorrect FE will not branch to its entry code. if it is correct FE turns control over to the external code while providing API facilities for callbacks from that code. This code will now load the operating system kernel into memory along with other binary objects it might require and verify the public key signature of these components. if one of the signatures is incorrect the code will return control back to the FE. if it is correct, the FE branches to the kernel and the kernel initializes. fE notifies the kernel over parameters that it is in enforcing mode. if the kernel loads additional binaries it chcks the signature of these components with a public key that is compiled into the kernel. if a component has an incorrect signature it is not loaded. Application images are also verified using public keys by the kernel proor to execution.
the dram interface on the cpu chip encrypts and decrypts 64 bit 32 bit 16 and 8 bit accesses to the dram with a symmetric key KMEM when reading or writing to the external dram. KMEM is random and cleared on reset on all components. This key KMEM is also known to other truste
Mod parent up. Of /course/ Desktop sales are on the decline - a P4 is "usable" still, and a C2D is a perfectly good main system.
With computers lasting for a number of years, and there being no reason to upgrade...
Of course, mobile devices may be on the rise, but it's sort of a "comlimentary" device, not a replacement. Sure, some can use it to fully replace their desktop, but those are the people who could be switched to a shiny Linux distro as well.
It seems like the obvious way to block this type of stuff is to pass legislation requiring government agencies to only purchase PCs that are free from such encumbrances.
Unfortunately, in this climate of Democracy to the highest bidder, Microsoft can still buy the best lobbyists/politicians compared to any other OS vendor.
So if any law gets created/passed, I would expect it to favor the false god of "security" instead of openness.
Looking for a job?
Want your resume written professionally?
DON'T USE TUNAREZ!!!
haha. Apple has made that frivolous. What jury (be it a judge or real jury) would find Microsoft has a monopoly these days? Apple keeps reminding us how they are the number one now.
Oh and btw, doesn't Apple also restrict what boots and how? to make sure you ONLY buy Apple hardware? Yep, MS keeps 90% of the market, can and WILL dictate to the OEMs how to build their machines, and there is nothing anyone can do about it, thanks to Apple's efforts.
And top it off, MS is getting more into the hardware market, and controlling the software sales channels, they want to be just like Apple. I can't wait to see how it comes out. My guess is both MS and Apple will end up being losers, and guess what, linux will still be a loser also. Something new will come along, dictated by ATT and the Olympic comittee, and the 99% will still be whining about how the 1% controls everything. Nothing will change.
slashdot troll = you make a compelling argument I do not like the implications of.
Long ago, towards the end of the last century, desktop computers were BYOD
No they weren't. Stop talking utter rubbish.
I presume then that you weren't there at the time? Desktop computers when they first appeared were indeed a kind of BYOD, although obviously people didn't actually carry them around with them. What did happen though was individual departments/individuals made a business case to buy their own PCs, and then suddenly could do what they wanted, rather than what the high priests of the computer room told them they could do. It led to chaos in many cases, but it also greatly empowered end users (and stripped the high priests of much of their power). Obviously there was then a follow on as all the PCs were brought under computer control, but to deny that PCs were BYOD is just silly.
No it isn't. In all my time I never saw such a thing. Either there was an IT department that set up the PCs with what passed for lockdown in Windows 3.11 for Workgroups, or everything ran on an NT 4 Terminal Server.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
TL;DR: Windows took twice as much time to install, cost me 200 times as much money, and provided about 10% of the software.
I always get modded as troll here, but understand that experience with Linux really, really varies. I will avoid discussion about cost/software, but Linux may easily fail to install depending on your hardware
Last time I needed to install Linux on a desktop, it took 3 different distros (settling on OpenSUSE, actually), before I could get it to work. The first two distros hit a wall somewhere along the install process and could not be finished.
And, according to my research, default installation of OpenSUSE (with whatever window manager system that is included) cannot properly support two-monitor desktop (at least that's how far I got trying to get 2 monitors to work so far - it doesn't work and I have seen many others complain about it)
Linux can be surprisingly frustrating.
iOS and Android devices have been around forever. I don't think you can even buy Windows ARM hardware yet.
Besides, why would you purposefully seek out a Windows sticker if you don't want Windows? I bet you'd flip your shit if your Cheerios box had Cheerios in it.
DATABASE WOW WOW
Which proves you weren't there at the time, youngster, since the phenomenon took place *before* Win 3.11.
I witnessed (and did) some of it at the very end of it. For example, in 1986 my on, personal C64 was the first computer that ever was inside my school.
Then in 1988 it was the first computer ever in the company I started my apprenticeship, where I took it to draw electrical circuit diagrams in a more productive way than with copier / pencil / tip-ex.
At the start of the 1990 it was basically over in any companies I worked for.
Just because you're too young to remember it doesn't mean it didn't happen young padawan. We're talking about a time long before anything like NT4 (or even any kind of NT) existed.
Typically the PCs in question ran DOS, with first Visicalc and then Lotus 1-2-3 as the killer app which had to run (which, incidentally, is what tied the market in to MS-DOS).
I saw the same thing with departments buying their own equipment, both in a 100k+ employee corporation and in university departments. The timeframe would have been approximately 1985-1995.
Yet while tablets, smartphones etc have made the actual computing devices smaller, monitors for desktop computers have got bigger. Systems such as the Commodore PET and the original MAC had very small screens. Not too long ago, 14" or 15" monitors were standard, now 20+" are common.
Approach 4: Lobby for manufacturers to include the capability - wether software or hardware (jumpers man, they are good for everything :) - of disabling secure boot if the user wants to. Actually approaches 1 & 2 re crazy stupid, Approach 3 is unrealistic, so the above Approach 4 should be the one and only. We'd all be better off this way I tell ya.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
Microsofts sole goal is "A PC in every house, running Windows." Their tactics match their Nazi goal. How's that for FUD? Fuck you.
I see this as a method of protest that will send a clear message to the PC makers and Microsoft:
1. Buy a new Windows 8 laptop from a reseller who doesn't charge a restocking fee.
2. Open the box (at least). If you feel like it, try installing X flavor of Linux (except Ubuntu, apparently).
3. Return it the next day. Reason for return: can't install X flavor of Linux. If the customer service person happens to be savvy enough to say "You just need to disable Secure Boot", say you bought the laptop because it included that feature, because you heard it improved security. If you have to disable it, you no longer want it, and you'll keep using your old laptop.
If enough manufacturers are seeing this reason for return and losing money because of it, you can be sure they'll start bitching to Microsoft.
www.gaiageek.com
I run multiple virtual machines with multple OS's. Windows and *Nix variants. How is this going to work (or not work) with secure boot?
I'm using a System 76 laptop for about 4 months now. I like the choices of hardware options. Here's the downsides. I had a rocky ordering experience: Billing address and shipping addresses were different and 'broke' their system so it took a phone call to fix the problem. Then I had to reinstall the operating system to fine tune Ubuntu; Not a biggie since I normally make my own install on any new box. Since then it runs like a clock. Laptop (Lemur is the model) is light, fast, has a nice touch...everything I wanted and no MS TAX. check them out at https://www.system76.com/ Maybe if there's more demand for open hardware...more people will build it.
That's not paranoia, that's literacy plus attention span. Also, you're mistaking stupidity for manlyness. But hey, make the best of what you got, right? Right.
Microsoft doesn't have access to politicians from all governments, do they? That isn't just a rhetorical question. I really want to know.
I figure that if at least a few small governments could PCs that are free from such encumbrances, then it will still help the worldwide community.
testing out my trending skills
Well first off most people capable of a server install will be capable of disabling UEFI or self signing so my inclination is no. Right now this is mainly being pushed as a desktop feature. On the other hand once implemented there is no reason that it couldn't be a server feature. Servers are always going to be more diverse hardware and server installs always more complex so people who make server class hardware are likely to offer better instructions for over riding.
I honestly think the Linux desktop people are too worried here.
Linux is completely unusable to the average computer user, so I dont think there is much loss here. Suffering from the same fragmentation as Android and lack of support for so many software companies. No one wants to find stupid workaround back-ass-wards ways to just get they're damn computer working.
Feeding the troll, I know, but still.
Last week I attempted to rescue my friend’s laptop. Some sort of low-end Lenovo. Not even a factory reset made it recognize its own battery, play sound without distortion, or work without staggering for 20 seconds every few minutes. She needs Windows for work, so she set off to buy a new laptop.
I loaded Bodhi Linux on the faulty laptop just to see if the problem was in Windows and related software, or if it was in fact in hardware (as the laptop had worked normally prior to the instant where all of the above problems occurred). Lo and behold, everything works in Linux. And even though Enlightenment is not the most user-friendly of desktop environments, she took to it immediately. She’s amazed with its looks, its speed, and its reliability. And it is now her secondary machine, and not a paperweight.
There are a few details that could and should be polished, but unless you need Windows-specific software, you’ll do just fine with Linux.
Ignore this signature. By order.
I've got nothing? You mean like the thing that you didn't address, but keep throwing fits about, "A PC in every home, running Windows?" You're like a little kid who thinks it cannot be seen because it has the eyes covered -- just because you are unable or unwilling to, you know, catch up, doesn't mean I don't know what I know.
It just means it's STILL waiting there to be addressed by you, if you could just stop crying for a second :D
First off Apple's share of the desktop market in the USA is 8-12% which is about where it was when Microsoft was considered a monopoly. Microsoft's defense at this point might be the existence of a tablet market where they have no presence. But even if one does include tablets Windows still far outsells iOS and OSX combined. Apple targets profitable customers not marketshare.
As for Apple restricting boot. No they don't. In fact they produce and support a multi-platform bootloader for their computers: http://www.apple.com/support/bootcamp/
They also work with parallels and VMware to help people load virtual images of windows.
Apple doesn't mind in the slightest if you buy their hardware and then run someone else's OS on it.
On their iOS devices, iTunes allows you to put any BIOS image in you want.
I agree with your analogy but your history is a bit screwed up.
Visicalc was popular with the late 70s era machines, CP/M and AppleDOS. It had made it over to PC's (PCDOS later MSDOS) but was underpowered. In 1983 Lotus came out with Lotus 1-2-3 and took the spreadsheet market. Lotus had banked heavily on DOS32 (running DOS apps in 32 bit mode) being the dominant speadsheet and had treated their Windows product as secondary. So during the transition to Windows Lotus fell behind Excel though their suite, the AmiPro suite, was excellent by the later Windows 3.1 days. Excel also beat Lotus on price.
While PCs had come into mid and large business in limited capacity the switch for the average corporate worker happened during the Windows for Workgroups days. By that point there was no visicalc at all.
The interesting part of this question is that Windows 7 runs just fine on a Mac, but I don't see Apple climbing in bed with Microsoft to put someone else's security on the Mac boot loader. So will Macs be able to boot Windows 8?
E pluribus unum
GP, johnw, is absolutely right.
In the times of WoW and before it generally wasn't an IT department that set them up. IT controlled the mainframe or the mini. They didn't have responsibility for other office equipment like typewriters or photocopiers. PCs were classified with other office equipment when they first showed up for most companies. IT started getting involved once people realized that PCs were fundamentally different than terminals in that the corporate data was on them and functionality was migrating off the mainframes entirely.
It comes down to what you want to measure:
1) Total size of the market. In which case most of those factors are irrelevant. As an aside the average phone lasts 11.5 months. What drives the difference in replacement cycle is much higher breakage for smartphones.
2) Size of the software market.
3) Relative rate of growth of the different markets.
4) Time spent using the device.
5) % of the population that owns or regularly uses a device.
As for gaming rigs, they aren't enough of a market at this point to be a huge influence. In a few years they may be.
I can tell you exactly why, and it's two reasons:
1. There's been a steady appliance-ification of computers for years now.
2. Consumers just don't care enough to take proper care of their own computers.
Both MacOS and Windows are getting more locked down, to reduce the possible attack surface. Recent examples are Gatekeeper on OSX and now the this secure boot mechanism on Windows 8. This will just continue for one simple reason: It must.
As much as I hate this sort of thing, I just can't see an alternative. At this point it's unquestionably clear that average joe computer user cannot/will not practise safe hex, so the only other option is to take control away from them.
I am personally very tired of seeing million strong botnets surfacing every few months, filling my inbox with spam and doing other unscrupulous things. All because people can't be bothered to use that modicum of critical thinking skills necessary to avoid trouble.
As long as it's possible to manually disable the locks they put in, for those of us who know what we're doing, I support this endeavour. If that option ever goes away... I'll reconsider my position then. (And for the nitpickers, I'm not counting tablets in this. They are appliances that happen to have computer-like qualities.)
My own parents barely know how to press the power button on their computers, but I've at least taught them to be paranoid, and if they see something they consider suspicious, they call me.
3rd post, and you still only moan about strawmen. What a fascinating surprise!
You simply ignore this:
They do. There's your "evidence" - it involves homework, sure. So? Do the homework. And you know what, "nazi" is simply shorter than "totalitarian", and that in turn is from THEIR internal memos and public statements, it's not an exaggeration at all.
If you had the capacity or the will to get the point, you already would have. But you'd play with strawmen. Which, incidentally, doesn't insult me at all, it's just boring.
I meant the "fuck you", and why not. If that pisses you off so much, what the fuck, did we meet? If not, what is it to you? Can you not accept having met with disapproval from a perfect stranger, that you have to project and flaunder about with unintentional irony such as "whatever makes you feel better"? This is just sad, and it's not even about Microsoft, more about the kind of dumb fucking person who would stand up for them.
As for "who started the insults":
just another paranoid, scaremongering tactic being employed by the Linux fanboys.
I'm none of the above, yet I am literate and have an attention span and whatnot. You're either a shill or a useful idiot -- so you preemptively insult anyone, and that is where you're stuck at. Bluffs and barking. Pitiful.
Thanks for the demonstration though, keep it up. Lest we forget.
I hope you see the connection between still being on XP and Apple being in 1/2 the meetings. What's happened is IT is refusing to upgrade in a timely manner so end users are upgrading themselves.
However it seems clear to me the that the desktop as a common way of doing computing, is on the way out. It had a good run. I just hope kids in 10 years have a way to experiment with building and modifying their own computing power like I did.
No they won't. The golden age of kids modifying the computers was the late 70s when they were hobbyist systems. Even Linux today is too complex for kids to change. The computer languages for systems are less fun, though web languages and scripting languages work well.
Apple doesn't lock other OSes from Apple hardware. They in fact write a multi OS bootloader (Bootcamp) and give it away free to make it easy for people to install other OSes. They work with VMWare and Parallels for people who want to run OSes in VMs.
None of what you are saying is true.
The issue why UEFI dies will be the same as with most DRM scams, sorry, schemes: maintenance. It only needs to get in the way once or twice in $BIG_CORPORATION and you'll see the hardware fly out of the boardroom window.
UEFI is again an approach to help one organisation solve a problem it only has itself.
What happened to DRM protection of documents (which I saw so enthusiastically presented by Microsoft to some military clients)? Gone. *WAY* too hard to implement versus a raft of other container based methods which were not only simpler to set up, but also easier to audit and to understand for decision makers.
So, as per topic, I'm not worried. Time is your best friend here - just let it fail, and fail again. And bring every failure loudly in the news. Eventually this will be as distant a problem as the Clipper chip..
Insert
I'm sorry, I meant mostly the United States. We unfortunately have too much Democracy to the highest bidder.
Actually in Europe, the EU courts are more likely than the US to actually stop an a potential problem like this secure bootloader.
Looking for a job?
Want your resume written professionally?
DON'T USE TUNAREZ!!!
DOS32 came out in the mid 90s. In the 80s, PCs were 16 bit. And they remained 16 bit until the mid 90s, because the OS was 16-bit and ran 286, 386 and 486 chips in 16-bit mode. I don't recall a single 32-bit desktop in the 80s. And I was using Lots 1-2-3 in the mid 80s.
Work like no one is watching. Dance like you've never been hurt. Make love like you don't need the money.
Windows 8 can boot just fine without UEFI secure mode, it's the UEFI secure mode itself that prevents stuff from booting, not the OS (Although it may also have its own internal checks for the "chain of trust" for various reasons).
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
AC is right. They want both ways. But obviously their hypervisor only runs with Linux. Its VMWare or Xen or... that handle it if you are running Linux as the dominant system.
Now of course their real favorite is Windows underneath running Windows images.
Lotus started playing around with expanded memory with 1-2-3 version 2.0 which ran on the XT. When the 286s came out with the capability for using expanded memory to emulate extended memory (cheaper hardware, better performance) this became popular. At the time of Windows 3.0 Lotus was focused on extending their DOS product. As far as when you could run 32 bit DOS apps, I can find the hard dates. But I was using DOS32 around Nov 88. DOS5 supported all sorts of 32 bit extensions and that was June '89. DRDOS was earlier had all sorts of additional support for DOS32 was May '88. So I think we are talking 87-89 not mid 90s.
I don't know what you mean by DOS32 in the mid 1990s unless you mean the NT version that was emulated.
I found a lower bound. March 13, 1988 there is an article in the NYTimes about the upcoming Lotus 1-2-3 3.0. So at this point we are down to somewhere between March and May of 1988 when DOS32 came into use.
I remember expanded memory, but that was released in the late 1980s. And the expanded vs extended memory battle and the himem rubbish was early 90s. You couldn't expand XT memory past 1MB. Well, there were add-on cards etc but they were rubbish and hardly mainstream. The 286 was the first PC with more than 1MB of RAM, and you needed MS-DOS 4 to use expanded or extended memory. Or at least you did with clones.
MS-DOS 5.0 was released in 1991. DOS32 was released in 1996. Were you really using them 2+ years before their commercial release?
Work like no one is watching. Dance like you've never been hurt. Make love like you don't need the money.
Home computer sales were a bubble. People bought them for the internet, and once you have one most people don't need another for years. Now everyone who wanted one has one. But desktop computers aren't likely to go away in the office.
Free Martian Whores!
Long ago, towards the end of the last century, desktop computers were BYOD and Visicalc was the killer app.
Visicalc died a quarter century ago.
the desktop computer is precariously balanced on the edge of its extinction event
Office workers need big screens and good keyboards. The desktop's death has been greatly exaggerated; it's not going away any time soon. You sound like one of those guys in the '90s who said desktops would be the death of mainframes. Guess what? They're still for sale and used by the same companies who have always had them.
Free Martian Whores!
Long ago, towards the end of the last century, desktop computers were BYOD and Visicalc was the killer app.
Visicalc ran under CP/M. IBM was the reason for MS's dominance, because "nobody ever got fired for buying IBM." Lotus ran on Macs as well as IBMs.
Free Martian Whores!
IBM was the reason for MS's dominance, because "nobody ever got fired for buying IBM"
Doesn't follow at all. You'll notice I said "MS-DOS" and not "MS". There was a choice of three different operating systems to run on the IBM PC at launch, so you could have run any of them and still been buying IBM. What gave MS-DOS the edge was that early adopters wanted to run Lotus 1-2-3. MS-DOS was so badly written that Lotus had to work around it, particularly for driving the screen, which led to the position that it was difficult to use anything else.
You are getting confused here.
XT: expanded memory. This was a card. These sorts of cards existed for CP/M systems. You didn't need DOS 4 the applications were responsible for mapping the card's memory into memory. The first standardized card, that is card with OS support for expanded memory was April 1985.
286: extended memory. You could run in 286 mode and use up to 16 megs. Also DOS would allow 286 mode programs. But you could also use extended memory in place of expanded. http://en.wikipedia.org/wiki/Qemm. This worked fine on DOS 3.31 and possibly earlier versions. I know Microsoft introduced their own EMS drivers with DOS 4.01 but I didn't use those so I have no idea how they worked.
DOS Protected Mode Interface. the 0.9 version was included in DOS from 1990 on (and of course you could get it via. FidoNET or other BBSes) and heavily used prior. This standardized Protected mode programs but Lotus didn't follow the standards.
The later version that was used inside Windows 3.0 made this even more popular, though it was a DOS function.
DRDOS 5 and MSDOS5 -- allowed real mode DOS applications to load some drivers into hi memory area using a virtualized memory map. Really really cool, really really useful. Nothing to do with protected mode and 32 bit DOS apps.
DOS32 I'm not sure what you mean by this. I think we are using the word to mean two different things since what I'm talking about would have been pointless by 1996.
Mod parent up!
I install a new GNU/Linux every week in virtualbox or on physical systems. The fully installed system, containing office suit and everything, is usually up and going in 15-30 minutes. The other week my brother asked me to reinstall his win7 machines. Having loaded the OEM images (which took hours), the install itself took around 45 min - 1 hour.
I slipped my brother a Ubuntu 12.04 disk I had laying around. In case of trouble, boot that baby up and rid yourself of a world of hurt.
Personally, I use #! Linux, OpenSUSE 12.1, Fedora 17 and Salix OS; whereas my GF can't be pried away from her Ubuntu laptop. I've started showing OpenSUSE to clients, and they say: "I really don't care as long as it lets me do what I want." Apart from CAD users, everyone has been satisfied with a Linux install feat. LibreOffice.
Defining Statistics and Social Research
> I don't recall a single 32-bit desktop in the 80s.
All of the MC68000 based machines were 32 bit.
Intel lagged behind other vendors in this respect and their parts were cheaper as a result. That's why the 8088 was in the first PC. DOS was designed that original IBM PC and the OS inherited some of the limitations of the hardware.
That hampered MS-DOS and Windows despite Intel gear catching up to the Motorola stuff.
The resulting hacks and manual memory management still had to be used on MS-DOS into the mid 90s when Win95 took over.
A Pirate and a Puritan look the same on a balance sheet.
This arrangement lasted into the NT era. First real IT job I ever had was in a huge corp which managed PCs on the department level. You could walk around and see one group of people on DOS/Novell, the next group on Macs, the next running X11 Unix apps on Windows, and even some NT 3.5 and Citrix. Total chaos.
Of course, the whole reason I was there was to assist with the IT standardization effort.
Business. Numbers. Money. People. Computer World.
> weren't they the ones that locked everyone's OSes out of their hardware
Nope. Linux has been able to run on every 32-bit microprocessor architecture Apple has ever had. I have one x86Mac still running Ubuntu myself.
A Pirate and a Puritan look the same on a balance sheet.
Clued in enough and motivated enough to want to set a machine to a static IP yet too stupid and too lazy to figure out how to do this in whatever OS they happen to have?
That's a nice paradox.
Most people just get intimitdated with the idea of creating a network share using the explorer gui in XP or Win7. Never mind anything really interesting.
A Pirate and a Puritan look the same on a balance sheet.
>>>Desktop computers when they first appeared were indeed a kind of BYOD, although obviously people didn't actually carry them around with them.
Well then it's not really "your" device is it? In the 80s (not end of the century as you first falsely-claimed), the PCs were purchased-and-owned by the company. Just like typewriters & telephones were purchased-and-owned by the company.
And yes I remember that time. Secretaries, accountants, engineers didn't go out, buy Wangs or Apples or PCs, and then carry them in via their car. The office bought and supplied and owned them. So it was NOT bring "your" own device.
You are providing false history.
And insulting people who disagree.
Troll.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
> Ever install Vista or Win7?
Yes I have. Tracking down drivers is a royal pain in the ass.
There is also no mechanism to re-install my apps either.
You have picked the wrong forum to try and bullshit people.
A Pirate and a Puritan look the same on a balance sheet.
It's almost as if some of us right here in this very forum have stated for years that each PC is it's own unique snowflake being a random collection of spare parts.
A Pirate and a Puritan look the same on a balance sheet.
Large to medium size companies using the Windows platform are notoriously slow in approving system wide platform changes. OS changes are the worst. A diligent company will insist on testing all of their existing apps under the new OS but if you have a lot of apps this takes a considerable amount of time and money and you usually end up creating something that has no more functionality than the system it is replacing. Executive types who authorize these big changes are scared to death of being blamed when stuff stops working, budget bloat, and moving time lines. The main point is that a well administered windows platform (Linux as well) works just fine. However, companies using the MS ecosystem have spent tons of money and time over the years to build their systems. They also need an overwhelming reason to scrap that work for something else and licensing fees are not enough to force the issue. I architect and develop applications for both the MS and the Linux platforms and if the MS developers adhere to some basic coding standards, design patterns, and beat practices it beats Linux hands down. Linux developer support tends to be piecemeal and all the different flavors complicate matters even more. People can despise MS for all sorts of reasons but their developer support and development tool sets are really good. This helps them attract developers which in turn means the developers build their applications on the MS platform which then translates into more sales for the MS OS and other products. The original VB might have been technically inferior but from a business point of view but it was a brilliant way to increase OS an OS product sales. It opened up the development space for novice and even experienced developers unable handle C++ or any other low level programing language.
I remember building desktop apps and COM/DCOM objects in C++ where you had to code your own dialogs using the prepacked class libraries provided in Borland C++ or MS C++. And before that it command line vi for Unix development without a developer UI in sight. I constantly run across developers today that could not even attempt that type of programming. Now you just drag controls around, set properties, and code the event handlers and let the underlying run time take care of the details.
Its a forum post not a fucking published thesis so deal with it or don't bother reading it. Form over content is always the refuge of nitpicking complainers who would rather complain about formatting than address the actual content of the post.
I don't seek out Windows stickers, but a large amount of hardware in stores has it. I prefer not to order hardware.
I get what you're saying now, but it doesn't quite gel with what you said before:
MS-DOS 5 came out in 1991, not in 1989. And it was 32 bit like I'm 7 feet tall. (i.e. not quite.) The only 32-bit DOSes I ever saw was Novell's, after they bought DR-DOS, and while that was a 32-bit operating system we crippled it by running windows 3.0 and 3.1 on it. It had a protected mode and could cope with a network stack, and that was 1991, maybe 1990. But everything ran in 16-bit mode on top of it because it ran in Windows, and that was 16-bit. Oh, and DOS32, which came out around the time of Windows 95, mid-90s, but wasn't much use by then. It was actually called DOS32. It wasn't an MS product.
If Lotus bet the farm on 32-bit apps, they did it in the 1990s. There was no PC in the 1980s that ran a 32-bit operating system.
Work like no one is watching. Dance like you've never been hurt. Make love like you don't need the money.
Well then it's not really "your" device is it? In the 80s (not end of the century as you first falsely-claimed),
Please learn to read the thread - I made no claim about any centuries.
the PCs were purchased-and-owned by the company. Just like typewriters & telephones were purchased-and-owned by the company.
And yes I remember that time. Secretaries, accountants, engineers didn't go out, buy Wangs or Apples or PCs, and then carry them in via their car. The office bought and supplied and owned them. So it was NOT bring "your" own device.
Clearly you don't remember it that well. People really did go out and buy such things and bring them in in their cars. And even if your contention were correct (as it was in some cases), it was still very much a case of BYOD.
You may be surprised to learn that many of today's "your own" devices are bought and paid for by employers - just the same as last time round.
Whether the item is actually the property of the company or the personal property of the individual isn't really relevant. In both cases, the individual suddenly has ownership of the device (in the sense of control). Hence the wisdom in noticing the similarity.
Gratuitous and silly insults snipped.
I don't recall a single 32-bit desktop in the 80s
Clearly you were not in the UK. Acorn's line of desktop computers from the Archimedes in 1987 onwards were 32-bit, with ARM CPUs.
I am TheRaven on Soylent News
I am quite confident that someone somewhere on this planet will find a way around UEFI make machines rootable in any case. Hopefully.
But still: while I understand the financial/business implications I do not understand why RedHat and Ubuntu caved in so easily and are playing the evil game together with MS instead of being vocal on the real issues behind UEFI, namely; that it doesn't make the machines "secure" regarding malware but rather "secure" against "tampering" by the machines' owners!
Linux cannot wait for a decade (or how long did those MS monopoly trials go last time?). This time MS may succeed in strangling the competition for good; they have probably found the only way you can fight an open source OS: by locking down the hardware against it.
I like my spaghetti with source.
please ... know anything about court? Apple and Microsoft are in the computer business. Microsoft WAS a monopoly that used its market position to ... well hell, I lived through those times and I never saw anything they did any worse than anyone else, but they got convicted of it anyhow. Then along comes Apple. Locks up their software to only run on their hardware, locks up their software so that it can only be sold if Apple makes a profit on it. Creatively herds the ignorant into generating the most profit from less than a 10% market share in the PC market, while locking up the obviously emerging PC replacement market, the tablet. Can you name one thing that Microsoft does that hurts the market more than Apple?
Microsoft could be found guilty of bad Balmer, that's about it. Apple brought on this locked tight reality, get used to it. While Apple may not be a convicted monopoly, I'm pretty sure it is now recognized as currently the world's most evil company.
slashdot troll = you make a compelling argument I do not like the implications of.
I still use vi type Unix tools for most of my programming. I agree with you on Visual Basic it was brilliant. It was a massive failure on Microsoft's part not to transition Visual Basic to Visual Basic .NET more smoothly. C# is brilliant far better than the Java it is designed to replace. The .NET compiler is the most sophisticated compiler I know of. F# is a fascinating project in bring Objective Camel to .NET and allowing it to use a standard IDE. LINQ is mainstreaming a huge innovation. I really wish that Microsoft still saw themselves as a languages company they were huge innovators. They should be out in front in offering exciting languages and IDEs for mobile and tablets. So no argument on any of your assessment of Microsoft's tools.
That being said I think "I architect and develop applications for both the MS and the Linux platforms and if the MS developers adhere to some basic coding standards, design patterns, and beat practices it beats Linux hands down." I don't think that's true at all. Microsoft has nice tools for developers. Unix is an operating system whose architecture from top to bottom is to make development comfortable. An OS written by developers for developers. Just thinking about power of the /proc filesystem for doing status monitoring. Hands down it is easier to develop for Unixes than for Windows, it isn't remotely close. It can't be Windows is organized for end user computing not for developers.
I'll give you a simple example that bit me hard. Try and get Windows to send a specific set of bits out of the ethernet cable. In other-words a program that generates a binary objects and sends it to the ethernet card unmodified. Mind you I'm not saying write a program that will create an TCP packet with an arbitrary data blob, I'm saying I want control of the entire packet. To do that in Windows you actually have to write your own driver and you can't do it with the standard driver for that card in place. To do it in Unix if the data was in file X "cat X > /dev/en0". Every single time I've tried to write software for Windows I get bit by developer hostile it really is. So no, I don't think it is accurate to say that Windows is a developer platform. It is rather hard to program for Windows, but Microsoft provides excellent tools to support you in writing productivity software. If you rewrote your comments above to "productivity software" sure I'd agree. But software in general, no.
-----
Now I agree that OS shifts are a disastrous money sink for most companies. But Windows 7 does offer a virtualized Windows XP. This is not a hard transition if they manage things well. This is doable and they certainly should not be allowing things to get to the point where desktop transitions are this traumatic. That is a failure of corporate America and corporate IT.
the windows bootloader can't boot any operating systems other than other versions of windows.
This is technically true, but not practically true.
On my laptop here, I have Fedora as one of my choices in the Windows boot loader.
It chain loads grub, much as grub would have chain loaded the Windows boot loader. Not much difference there, really.
The benefits of using the Windows boot loader as the primary are that certain Windows tools won't complain about the MBR being wrong, and I can reinstall Windows without blowing away the Linux boot loader.
I agree the operating systems wren't 32-bit. That didn't stop applications from being 32-bit. The 32-bit app through itself into a 32 bit mode and then passed control back to DOS in real mode to handle OS functionality. That in fact was how Windows worked. You didn't need 32 bit OSes to run 32 bit apps because everything was single tasking. DOS / Microsoft released a special always on app for printing, so the print spooler could operate in real mode while the rest of the system was in 32 bit mode.
As far as running 32 bit mode and Windows you used Desqview for that. You loaded DOS with QEMM. Then you ran DESQView which was your multitasker / task-switcher and could run 32 bit software. Inside of Desqview you ran Windows 3.0 or 3.1.
Anyway Windows was not 16 bit after Windows 286 (windows 2.0) There were 4 modes on the 386 / Windows-386 (Windows 2.1)
real mode
protected mode (16 bit)
32 bit mode (386 enhanced)
virtual real mode (multiple real modes, multi tasking real mode applications). ( http://en.wikipedia.org/wiki/Virtual_8086_mode ).
I understand you never ran DOS apps that used more that 640k other than windows itself. But think about how Windows itself worked. Lotus 1-2-3 could do the same thing.
First off, learn manners.
Now for lurkers:
start iTunes on your Mac and hold home- and on/off-button on the iphone. connect mac and iphone and keep holding the buttons on the iphone.
the iphone boots in restore-mode, itunes opens up the restore dialog. release the two buttos on the iphone.
hold option-key on the mac and then press "restore" in iTunes. Dialog pops up asking for the firmware to use then point to the new file and you are set.
_________
And of course Apple lets you install apps on iOS without their approval. They don't let you distribute them widely without their approval. But you can install anything you want using iTunes.
The point is that there is nothing that will be preventing you from doing whatever you want to the hardware you bought: hack it, wipe it, blend it, nobody will stop you. What you are actually complaining about is that the hardware you bought isn't exactly the hardware you want. But, it's a lot harder to blame other people for the poor purchasing decision you made.
If you don't know where you are going, you will wind up somewhere else.
Right, the 68000 was 32-bit internal, 16-bit to the bus, if I recall from my Atari ST. One even had a choice of operating systems and programming languages - you could boot an OS off floppy, bypassing the ROM OS. The 68k offered a fairly congenial environment for lots of stuff.
Ok, just looked it up - http://en.wikipedia.org/wiki/Motorola_68000 introduced in late '79.
If enough manufacturers are seeing this reason for return and losing money because of it, you can be sure they'll start charging restock fees.
FTFY.
If you don't know where you are going, you will wind up somewhere else.
I primarily develop in the .NET environment however my projects need to be able to interface with hardware such as PLC's, PBXs, and control systems requiring OS level functionality.
Hell, I have a dual AthlonMP rig (got it when I graduated high school... about ten years ago) that I just popped a sata card into and a pair of new disks to breathe a few more months life into it as a media and backup server. XBMC's a bit slow (but that's the Radeon 9100's fault, heh) but otherwise... and I used that as my daily workstation (driving a nice 1920x1200 monitor and doing some heavy SBCL hacking) until a couple of years ago. Basically Firefox needing a gig of ram to display "Hello World" is what drove me into using my laptop more...
The limiting factor for using perfectly adequate old hardware now are those pesky acronyms: PATA, PCI, AGP, DDR{266,333} ...
HAL 7000, fewer features than the HAL 9000, but just as homicidal!
First question: Does it have all your device drivers?
Actually yes, it most likely will. Most importantly, it will generally have enough to fire up networking, and then it'll automatically download the rest of them via Windows Update. I've been running Win7 for three years, on a PC I've assembled myself the way I want (and upgraded a couple times since then), and the only driver I had to manually install in all that time was the one for a wireless printer.
OK for a PBX I'd assume you would be getting the advantages of Unixes. It is really difficult to use non IP communication protocols on Windows.
Now, it is right time to dump Microsoft.
All that work sounds exactly like what UEFI is going to do to install linux on x86.
Sigh. He said the end of last century, which is the 90s. If he'd actually said "in the 80s", then I would have agreed.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Something like that. Yeah. But Linux people will get the hang of that pretty quickly.
Regarding #1, I think that carriers giving you a free (price built into your plan) phone every 2 years has more to do with it than phones "breaking".
Absolutely the large subsidy definitely helps. Americans are completely unaware how much they are spending on phones. But breakage matters. If it were just subsidy \we'd expect a number around 24 mo not 11.5 mo.
Or is Microsoft so stupid as to prevent Win8 from installing in virtual machines. If so, what's the point of Microsoft contributing copious amounts of code to the Linux kernel?
Anon because I'm too lazy to log in.
They want to control the environment that Windows runs in and better control when you have to upgrade. They do not want you upgrading your hardware and continuing to run the same version of Windows you do now as many people are doing with VMware and Linux as the hypervisor. Microsoft have always been mighty uncomfortable with virtualisation.
I don't know Windows as far as firmware. But I don't see anything about iTunes phoning home for Windows (though the procedure is somewhat different).
Actually the problem is real. And I'm not talking about MS, but BIOS (should I say firmware) vendors. I played with my Thinkpad Edge E120, and I found a problem: after installing Windows 8 (consumer preview...as I remember), I could no longer change the boot order from the setup screen. One-time boot choice does work, but I could not change the order for permanent usage.
Also, as soon as I changed the order from linux, Win8 refused to load (even after returning the order to the original one).
My thinkpad has no mention of disabling secure-boot. I don't even know if returning to BIOS-style booting would allow me to change the order.
I've got nothing against secure-boot, but easy methods of self-signing need to be provided. The secure-boot should be "binaries that I trust", not "binaries that MS trusts". The latter is fine for most end-users, but those who do know what they do....should not be locked by vendors.
So I would say boicott vendors to support secure-boot better.
PS: no I don't know the API details. I did see articles stating bad reference implementation of UEFI. And I mean really bad (as in inability to follow the specification 100% to boot something).
PPS: while this post may seem to be defending MS, I can guarantee that I want to dispose of it in my daily use. I even went so far as to virtualize a Win7 enviroment specifically for gaming (with AMD 5850 that is...... thank you Xen comunity + Intel VT-d).
It's not really a subsidy when your subsidizing yourself...
Why not? In a democracy subsidies are things the people do to themselves (collectively) to change behavior. This is just an example where they are doing it to themselves in some sense individually. The same behavior change is occurring.
And before you object this is different note two things:
a) The price of your plan doesn't change based on the cost of the subsidy. The person with a 32g iPhone 4s getting a $18 / mo subsidy pays the same rate as the person with a free Android getting a $12 / mo subsidy.
b) The price of your plan doesn't change even when the two years is up, i.e. the subsidy goes to $0.
c) The cash value of early termination frequently doesn't track the subsidy all that well. For example with Verizon the initial cash termination fee is $350 even though often Verizon is into your phone for more than that, conversely in the last two months it is $110 and then $0 and that $110 drop is usually more than the entire bill for that month.
9) lose the grub boot menu that allows you to dual boot
10) think about the hassle of replacing the MBR every time you want to boot a different OS and give up in disgust.
Actually, that's kind of the trick that lets Microsoft treat ARM differently. Despite the major competition (Apple) not being on x86 PCs at the time Microsoft was judged to be a monopoly, the judge limited all or most of the restrictions on Microsoft to x86 PCs. So they have to play "nice" on the x86 market. That means still supporting the PC as something more or less open (sure, locked-down UEFI BIOS by default, but they _allow_ OEMs to offer a disable function).
On ARM, it's a different story. The OS only goes to the OEM, not to the end user. Period. No way to disable secure boot. Hidden APIs out the wazoo (everyone but Microsoft is required to only use WinRT API calls on ARM; Microsoft gets to use all of Win32 as well). Bundled web browser (IE) with no possible replacement (3rd party web browsers are either built on top of IE components, or they don't fully function -- you can't write a working Javascript JIT, apparently, in WinRT-only). And it's anyone guess if any Windows RT/Windows 8 Phone devices will be upgradeable to Windows 9... probably not, based on recent historical behavior.
All of this happens just dandy without even considering Apple. Now, of course, even without considering Apple, Microsoft may still be seen as abusing monopoly powers. They got called on the web browser thing -- the crime of using monopoly powers in one market (x86 PCs) to conquer another (web browsers), but it was only after-the-fact... they had all but killed Netscape before anything was done about it. I assume they're looking at that same issue being alive as they take on the ARM/mobile market.
Of course, it might well be reasonable to believe that there's no important distinction between "x86" and "ARM" as far as markets are considered.... particularly since ARM netbooks and maybe even desktops are pretty inevitable, in time (which may be "right this moment", though not yet on a meaningful scale). But THAT would more than likely end Microsoft's judgement as a monopoly, given Apple's strong presence on the tablet and both Google and Apple on the smartphone. So that's not a risk to MS in pushing the full evil lever as they move into mobile (ok, move again into mobile, but this time they're serious about it, not just trying to kill off guys like Palm).
They're also doing the full Apple on software sales for ARM -- you can only buy ARM software through the Don't-Call-Me-Zune store. True of desktop Windows RT apps, too, but the "legacy" stuff (eg, the only actual reason for using Windows) remains as before, direct sales, developer/retailer to user.
It would be awfully nice for Linux to jump on this power grab. But the problem is simple... there is no "Linux", in the way there's an Apple, a Microsoft, an Amazon, a Google, etc. You need someone like Google to actually establish a common Linux platform... which, of course, they have: Android, the world's most popular Linux Distro. Google might stand a chance pushing for the desktop/laptop, but it's not clear they'd see any reason to do that. The TPTB in Linux are too established in their various distro wars, rallying against close source, or whatever, to ever establish a unified front that's attractive to Windows/Apple/Android scale application development.
-Dave Haynie
You can hurt the market all you want, as long as you're small enough to not to any serious damage. Apple at 10% (US.... 5% globally) certainly isn't large enough to cause industry-wide problems, at least in the PC market. They have a large but not commanding piece of the smartphone market, and a very large piece of the "big smartphone without a voice modem" market... if that's really a different thing, the tablet.
They don't have a recognized monopoly on anything, so they run under a different set of rules. Doesn't mean they never will be judged a monopoly, but it does take awhile for legal watchdogs to recognize the emergence of new markets. And some wisdom to decide if they're actually the same, or different, markets. Does the use of an ARM processor versus an x86 really make the iPad NOT a personal computer, but something totally different? If so, maybe Apple's closer to a monopoly than they were, but still not large enough to have full on monopoly powers. If ARM vs. x86 doesn't matter, then Apple's only managed to perhaps un-monopoly Microsoft.
And of course, that's precisely what Microsoft is banking on, in the ARM market. They're very aware that the various restrictions and monopoly pronouncements all mention "x86".... that's how the judges ruled it. So they have the "be evil" lever set to Apple mode, and beyond, when it comes to ARM products. And it's hard to imagine they won't get away with it.... though there's that whole issue of actually selling any they still have to deal with.
-Dave Haynie