Novice users get no additional protection unless the OS refuses to execute user mode binaries and scripts that aren't digitally signed, which is not the case in Windows 8.
I know, what I don't understand is the additional security that comes from a protection scheme that is useful if and only if my machine has already been compromised and therefore I no longer have nothing more to lose. If a hacker has gained access to my system to the point of being able to write to the boot sector, then he can as well install a root certificate marking him as a trusted authority for signing device drivers.
I understand Microsoft's reasoning for having a secure bootloader (helps protect against rootkits)
There's a thing I do not understand. If I've broken the security of a running OS image so deeply that I can write to the boot sector of the machine and install my own boot loader, how will "secure boot" make my life harder? I've already gained full access to the machine, so I can start logging keystrokes, encrypting hard drive sectors, acquiring passwords, sending all personal files to somewhere in Siberia... I can also put an exe in some autoexecutable position to run the exploit I've used to take control of the machine every time it reboots.
Who's "we"? I understand that the DRM folks might raise their eyebrows (and with no reason, since rooting an Android device doesn't defeat its DRM schemes, but that's another question). But why shoud "we" care?
Capitalism is today what it has always been, only that now certain countries are starting to experience how it feels when you're not at the top of the food chain.
About 1-2: it's true, but at least where I live, games are so expensive that even if you got your console bricked, its price would be repaid by pirating four or five games.
3: that would apply to an open console, too. You'll need some kind of account to play online games and it probably won't be usable by two consoles at the same time.
News from the world: all commercial, closed, heavily secured, drm-laden game consoles currently available on the market have already been deeply pirated, and therefore users already don't "need" to pay for a game.
Until just 3 centuries ago, the British (not some primitive tribe) used to occasionally disembowel people alive only because they happened to profess the wrong variant of Christianity, let alone a different religion.
In 2012, the must-have feature for smartphones is an amount of CPU cores twice as big as the one of the previous generation.
In 2013, the new cool thing to have will be a 64-bit processor! Like in the good old times of the console wars.
Seriously though, in the near future the amount of available address space to be shared between userspace, kernel, GPU etc. might start to become too tight in 32 bits even for smartphones, at least the biggest ones.
Since internet is a fruit of public research, if people with his ideas were to decide, then there would be no "internet" at all. We would be using some ATM-based network, developed by telephone operators, charging you depending on who you contact, where he is, what network operator he's using, the service you want to use, the quality of service you require, and the time you spend using it.
Which, besides being bad for end users, in the long term would have prevented much of the private economy that today is revolving around the internet from taking off.
The common perception among Slashdotters is that while Bill Gates may cause us some professional difficulties, he makes up for it with an exemplary philanthropic record.
What? Does the average slashdotter really think that? Oh well, at least make that "Slashdotters \ { me }", since I'm deeply convinced that who's born square can't die round.
Which complies with self-regulatory bodies and commits to strong codes of conduct.
Where did I say that what they're doing is illegal? They're taking advantage of piracy without breaking the law, as Megaupload did (they, too, removed pirated content upon request). Snake oil vendors and tarot readers don't break any law, either, but I wouldn't judge them as "committed to strong codes of conduct".
That's not hypocritical.
Making profits off piracy while at the same time proposing measures against people doing the same thing is not hypocrisy? To me it is.
- First, this move reeks of hypocrisy from Google's side. YouTube, for example, hosts gigabytes and gigabytes of copyrights violations that - I have no proof but I'm strongly convinced - make up a large part of its traffic and therefore of its income. They get away with it by deleting copyrighted content if and when it's spotted by its owner, but when legislators start talking about measures that would effectively stop their exploitation of piracy, like forcing them to review videos before making them visible, they adduce "technical problems" preventing them to comply.
Let it be clear, I'm all for loosening copyright protection and favourable to the free exchange of information; I just can't stand double-facedness.
- Second, but most important, I find it extremely creepy for a private company that knows everything about every individual on the planet to start playing the role of the law enforcer. This brings us closer to the dystopian realities described by science fiction writers (and feared by Cassandras such as RMS). We've already seen digital death penalty without due process being applied against selected baddies in the recent years, the next step is to extend its applicability to all individuals of the free world.
Moreover, support for a.out is still there in the kernel. Assuming that you can find some a.out binaries today, and have a reason to run one of them on a contemporary system, you can still do it by having an old libc around. Different versions of libc can coexist on the same system.
So, one of the things that has changed in this latest release is that only the ELF binary format is supported. What does this actually mean though?
That you can no longer run Linux executables based on the a.out format. The a.out format was phased out in 1996.
but does anyone still use those?
No, nobody does.
Is this particularly a problem, perhaps for embedded *nix? (I.e. is ELF bigger or worse in resource terms compared to the other two formats?)
No, because people stopped using the a.out format to store Linux executables long before Linux started appearing on embedded devices. On a side note, many MCUs use ELF as their preferred executable format, so I don't think there's a "size" problem with it.
As far as I can tell from reading Wikipedia, ELF is much the better format generally, but is it worse in some situations?
No, that's why nobody has used it since 1997. Even if it was competitive with ELF, and it isn't, maintaining two different binary formats to contain the executables of the same OS would be overkill - especially almost 20 years after the first format has been deprecated.
Actually, did GLIBC support MS Windows PE format before now (a modified form of COFF)? Or what about the Mac Mach-O format?
GCC can build different file formats, is that also going to change?
Glibc is only for running Linux or Hurd (I think) executables. These OSes only use ELF. Glibc never ran on Windows or Mac. GCC is a completely separate project, and of course it supports generating executables for Windows, hence it will target PE/COFF of course on those OSes. There is no relationship with Glibc.
One step at a time, people will get used to that kind of tracking and will find it normal.
Compare the reaction that people had when stuff like Bonzi Buddy peeked at their web history in the 90s, to the one they have today when Google (or Facebook, or whoever else...) track every trackable aspect of their everyday life.
The right thing to do, would be to send UEFI and ACPI into the hell where they belong (2.045 pages for loading a fucking boot loader into RAM and jumping into it), and switch the PC architecture into using something more human, say, a kind of Open Firmware. For security, the firmware should pop up an alert telling the user that their boot loader has changed, asking him if he agrees with the operation. Which is the same security model that Windows has at runtime. Which is where the end user will catch 99.99999% of malware, since boot viruses in practice don't exist.
But no, instead they'll institute this ludicrous dance of keys which will impair the end user's boot experience (which is what UEFI should really be all about) without adding a gram of security (loadable modules at runtime = zero advantage from using "secure" boot).
Languages also die because of imposition from the ruling elites. The natural tendence is for people to create new languages (see the diversification of Latin into the roman empire, or that of Arabic after the islamic expansion, to a lesser extent even the british / american English diversification), not to get rid of them.
Without arriving to genocides, what often happens is that the ruling class decides that it's not efficient for each culture to speak its own language, often more for political reasons than for reasons of convenience, and works proactively to kill the local languages by measures such as only teaching the official language in schools, broadcasting it on television, force its use for interaction with the authorities, deprecating it culturally etc.
To me, if Google would spend money of their own to counter the effect of practices like these, it would be a nice thing. Unfortunately, I agree with you that they might not have much real effect because culture is something "living", and reviving it after it has been killed is impossible.
What? Latin and Greek never were the two "common tongues" of Europe. They have been languages of the ruling elite, in different places and different times, and therefore they were used as a lingua franca, but then each region or even each town had its own local language or dialect that was used by common people. That's still true even today in some places, although the television is inexorably working to level the field.
They care enough to write a NVidia driver of their own, NVidia's disinterest notwithstanding. That is, they care more than NVidia themselves, who can't be bothered to write a proper driver beyond a shim around their Windows one, with the result that they provide no solution for their customers having Optimus-capable chips.
Mac OS is open source, didn't you know? Its drivers aren't, and in fact Mac OS' driver coverage is very poor. Apple's previous attempt at a closed source OS failed (copland).
Windows is on its way out, now that more and more people are buying Android-based tablets or smartphones instead of a PC, and it is my opinion that the Metro cure won't do anything to change that. A 60% share of that market is made up of Linux devices. So you think that "it's not NVIDIA's job to cater to the 60% of mobile device users that have chosen to use Linux". Oh well, talk about delusion.
Slashdot Mirror
Novice users get no additional protection unless the OS refuses to execute user mode binaries and scripts that aren't digitally signed, which is not the case in Windows 8.
I know, what I don't understand is the additional security that comes from a protection scheme that is useful if and only if my machine has already been compromised and therefore I no longer have nothing more to lose. If a hacker has gained access to my system to the point of being able to write to the boot sector, then he can as well install a root certificate marking him as a trusted authority for signing device drivers.
I understand Microsoft's reasoning for having a secure bootloader (helps protect against rootkits)
There's a thing I do not understand. If I've broken the security of a running OS image so deeply that I can write to the boot sector of the machine and install my own boot loader, how will "secure boot" make my life harder? I've already gained full access to the machine, so I can start logging keystrokes, encrypting hard drive sectors, acquiring passwords, sending all personal files to somewhere in Siberia... I can also put an exe in some autoexecutable position to run the exploit I've used to take control of the machine every time it reboots.
Who's "we"? I understand that the DRM folks might raise their eyebrows (and with no reason, since rooting an Android device doesn't defeat its DRM schemes, but that's another question). But why shoud "we" care?
Capitalism is today what it has always been, only that now certain countries are starting to experience how it feels when you're not at the top of the food chain.
About 1-2: it's true, but at least where I live, games are so expensive that even if you got your console bricked, its price would be repaid by pirating four or five games.
3: that would apply to an open console, too. You'll need some kind of account to play online games and it probably won't be usable by two consoles at the same time.
News from the world: all commercial, closed, heavily secured, drm-laden game consoles currently available on the market have already been deeply pirated, and therefore users already don't "need" to pay for a game.
Until just 3 centuries ago, the British (not some primitive tribe) used to occasionally disembowel people alive only because they happened to profess the wrong variant of Christianity, let alone a different religion.
In 2013, the new cool thing to have will be a 64-bit processor! Like in the good old times of the console wars.
Seriously though, in the near future the amount of available address space to be shared between userspace, kernel, GPU etc. might start to become too tight in 32 bits even for smartphones, at least the biggest ones.
HTC did let me unlock the bootloader of my android device. It's not an end-user-friendly procedure though.
Which, besides being bad for end users, in the long term would have prevented much of the private economy that today is revolving around the internet from taking off.
What? Does the average slashdotter really think that? Oh well, at least make that "Slashdotters \ { me }", since I'm deeply convinced that who's born square can't die round.
Which complies with self-regulatory bodies and commits to strong codes of conduct.
Where did I say that what they're doing is illegal? They're taking advantage of piracy without breaking the law, as Megaupload did (they, too, removed pirated content upon request).
Snake oil vendors and tarot readers don't break any law, either, but I wouldn't judge them as "committed to strong codes of conduct".
That's not hypocritical.
Making profits off piracy while at the same time proposing measures against people doing the same thing is not hypocrisy? To me it is.
- First, this move reeks of hypocrisy from Google's side. YouTube, for example, hosts gigabytes and gigabytes of copyrights violations that - I have no proof but I'm strongly convinced - make up a large part of its traffic and therefore of its income. They get away with it by deleting copyrighted content if and when it's spotted by its owner, but when legislators start talking about measures that would effectively stop their exploitation of piracy, like forcing them to review videos before making them visible, they adduce "technical problems" preventing them to comply.
Let it be clear, I'm all for loosening copyright protection and favourable to the free exchange of information; I just can't stand double-facedness.
- Second, but most important, I find it extremely creepy for a private company that knows everything about every individual on the planet to start playing the role of the law enforcer. This brings us closer to the dystopian realities described by science fiction writers (and feared by Cassandras such as RMS). We've already seen digital death penalty without due process being applied against selected baddies in the recent years, the next step is to extend its applicability to all individuals of the free world.
Yes.
Moreover, support for a.out is still there in the kernel. Assuming that you can find some a.out binaries today, and have a reason to run one of them on a contemporary system, you can still do it by having an old libc around. Different versions of libc can coexist on the same system.
So, one of the things that has changed in this latest release is that only the ELF binary format is supported. What does this actually mean though?
That you can no longer run Linux executables based on the a.out format. The a.out format was phased out in 1996.
but does anyone still use those?
No, nobody does.
Is this particularly a problem, perhaps for embedded *nix? (I.e. is ELF bigger or worse in resource terms compared to the other two formats?)
No, because people stopped using the a.out format to store Linux executables long before Linux started appearing on embedded devices. On a side note, many MCUs use ELF as their preferred executable format, so I don't think there's a "size" problem with it.
As far as I can tell from reading Wikipedia, ELF is much the better format generally, but is it worse in some situations?
No, that's why nobody has used it since 1997. Even if it was competitive with ELF, and it isn't, maintaining two different binary formats to contain the executables of the same OS would be overkill - especially almost 20 years after the first format has been deprecated.
Actually, did GLIBC support MS Windows PE format before now (a modified form of COFF)? Or what about the Mac Mach-O format?
GCC can build different file formats, is that also going to change?
Glibc is only for running Linux or Hurd (I think) executables. These OSes only use ELF. Glibc never ran on Windows or Mac. GCC is a completely separate project, and of course it supports generating executables for Windows, hence it will target PE/COFF of course on those OSes. There is no relationship with Glibc.
Time to start tossing iPad crates into the Boston harbour.
Compare the reaction that people had when stuff like Bonzi Buddy peeked at their web history in the 90s, to the one they have today when Google (or Facebook, or whoever else...) track every trackable aspect of their everyday life.
But no, instead they'll institute this ludicrous dance of keys which will impair the end user's boot experience (which is what UEFI should really be all about) without adding a gram of security (loadable modules at runtime = zero advantage from using "secure" boot).
Without arriving to genocides, what often happens is that the ruling class decides that it's not efficient for each culture to speak its own language, often more for political reasons than for reasons of convenience, and works proactively to kill the local languages by measures such as only teaching the official language in schools, broadcasting it on television, force its use for interaction with the authorities, deprecating it culturally etc.
To me, if Google would spend money of their own to counter the effect of practices like these, it would be a nice thing. Unfortunately, I agree with you that they might not have much real effect because culture is something "living", and reviving it after it has been killed is impossible.
What? Latin and Greek never were the two "common tongues" of Europe. They have been languages of the ruling elite, in different places and different times, and therefore they were used as a lingua franca, but then each region or even each town had its own local language or dialect that was used by common people. That's still true even today in some places, although the television is inexorably working to level the field.
They care enough to write a NVidia driver of their own, NVidia's disinterest notwithstanding. That is, they care more than NVidia themselves, who can't be bothered to write a proper driver beyond a shim around their Windows one, with the result that they provide no solution for their customers having Optimus-capable chips.
There was no /g ;)
Windows is on its way out, now that more and more people are buying Android-based tablets or smartphones instead of a PC, and it is my opinion that the Metro cure won't do anything to change that. A 60% share of that market is made up of Linux devices. So you think that "it's not NVIDIA's job to cater to the 60% of mobile device users that have chosen to use Linux". Oh well, talk about delusion.