I know you want to be like x86 != ARM, which is fair, but UEFI == UEFI
It would be great if you could just uncheck a checkbox at boot time, but this standard was made so that you can remove that checkbox and still claim standards compliance. That's the rub.
You're not forced to install antivirus programs nor is there a scheme to prevent you from removing them.
I'm not speculating about "people," I'm talking about the "people" accused of turning their brains off when Secure Boot gets brought up. These are the same people who don't like the locked bootloaders on the iPad and especially on Android phones and tablets.
What *is* the same between the Surface Pro and the Surface (RT), is that UEFI and Secure Boot are being used.
Back to the original topic, this is why people do not want Secure Boot. Here is a company taking the standard and doing *exactly* what people were afraid the company would do with it. It's no longer "speculation."
Do Google Play downloads go over SSL? Does Google Play fail to work if the SSL verification fails against the installed CAs? Does that Raspberry Pi have its SSL cert installed on the phone?
It's not that easy...
(...or maybe it is, I'm assuming Google wasn't stupid when it comes to the first two questions.)
Why do the OEMs get to add keys? Why can't I load the key myself from UEFI or another side channel?
This is why secure boot triggers "do not want." Motherboard manufacturers are trying to wedge themselves in as gatekeepers where they were previously not.
The iPhone does not show up as a SBP2 device on the USB bus, so therefore Windows cannot format it and will not ask to format it. In fact, if you hook it up to Windows 7, it loads a Microsoft driver that exposes a DCIM folder for you to peruse as a normal disk. On Windows XP, it shows up as a "Scanner or Camera" device, again, without having iTunes installed.
The unencrypted stream is decompressed. Recompressing it creates fidelity loss and takes up more CPU time/power making it undesirable. Possible, but undesirable. It's like a theatre cam recording.
Breaking DRM by poking through assembler is hard work for no pay in your spare time. I would be not be surprised if *nobody* has built a Netflix streamripper plugin for Firefox. The guy breaking iTunes encryption has basically given up the cat and mouse game due to time.
The JavaScript solution makes it super convenient to make a streamripper and install it as a no-native-code addon. It is the opposite of what you argue it is. I get that the binary blob introduces an attack vector, but your solution is not acceptable (to DRM proponents).
You can't do it in javascript, because the point is not to keep the stream safe in transport. The point is to keep the keys away from the user, and it's way easier to do that with a binary because the tools to reverse it are more complicated. Hence the black box.
Life is an intelligence test. There aren't rails over every ravine, every tiger put in a cage, every sharp stick taped off with a warning label. But don't worry, eventually the safety regulators will get to everything.
There is a point where more safety regulations do more harm than good. This is that point. They add cost, weight, manufacturing time, and catch dust to lessen equipment lifespan. There is already a fan guard on the computer, it's called the case.
The fans are INSIDE the case, safe from fingers. If you're going to pull the case apart while it's running, then that's no different than willfully disregarding any other safety warning or operating anything else improperly,be it a razor or a chainsaw. The CASE is the safety guard.
By the logic of the EU, people are smart enough to handle cut throat razors properly as to not slice their neck open, but too stupid to know that they should not open a computer while it is running and stick their hand next to spinning fans and get their knuckles nicked.
The evolution of razors gives people a choice in the level of skill required to properly operate the razor. For the computer, just turn it off to increase the safety while working on it! More than likely you _have_ to do that anyway.
It's not better, it's either middling or worse. It causes the machines to not last as long and adds costs to protect against a situation where you would have to go out of your way to hurt yourself in.
Balancing utility against safety, you say? You mean, how you can easily stick your hand into the blade of an operating chainsaw, or stick your hand into a blade of a plastic fan? Yet somehow we can trust people to not do one of these where the danger is constantly present, but it's far too dangerous to rely on them to not do the other where it is an abnormal situation.
The "experts" that write the standards are just looking to keep their jobs. If you fix everything that's broken, then just go and break stuff so you can fix it.
You can misuse the chainsaw during NORMAL operation with all the fancy safety features and still hurt yourself.
You can also misuse the current incarnation of the Mac Pro during ABNORMAL operation (aka with the side door off) and maybe nick some dead skin off (the fans typically spin slower than a normal computer).
Putting the guards on it reduces the lifespan by trapping dust, making it not last as long and be less of a premium product. It doesn't matter if this is an "premium priced" Apple or a $400 Dell, the rule is stupid, as in the people it is "protecting" lack intelligence or common sense.
The rotating blade of a chainsaw is an operator accessible area. I guess we need a protector over the entire thing while it's running, cause somebody could touch it.
The rare case that the chainsaw blade breaks could damage stuff, so best cover it in a screen to protect whatever and whoever.
This world is dangerous, and exercising reasonable precaution, like shutting the machine down, should be expected. If they DON'T do it, then they should run the risk, or mitigate it themselves.
If you've ever *looked* in a Mac Pro case, there are no wires hanging out or even remotely in danger of getting caught in the fan, due to being secured.
The directive is idiotic. It drives up the cost and decreases the lifespan (catches dust) to protect absolute morons that would disassemble their computer WHILE IT IS RUNNING.
Slashdot Mirror
I know you want to be like x86 != ARM, which is fair, but UEFI == UEFI
It would be great if you could just uncheck a checkbox at boot time, but this standard was made so that you can remove that checkbox and still claim standards compliance. That's the rub.
You're not forced to install antivirus programs nor is there a scheme to prevent you from removing them.
I'm not speculating about "people," I'm talking about the "people" accused of turning their brains off when Secure Boot gets brought up. These are the same people who don't like the locked bootloaders on the iPad and especially on Android phones and tablets.
What *is* the same between the Surface Pro and the Surface (RT), is that UEFI and Secure Boot are being used.
Back to the original topic, this is why people do not want Secure Boot. Here is a company taking the standard and doing *exactly* what people were afraid the company would do with it. It's no longer "speculation."
Sure... for x86 machines. I assume you mean
http://technet.microsoft.com/en-us/windows/dn168167.aspx
where they have four requirements, one of which is "They must allow the user to completely disable Secure Boot."
Now, for the Win RT version of Surface
http://support.microsoft.com/kb/2800988
"If the computer is running Windows RT, Secure Boot cannot be disabled."
Hmmmmmmmmmmmmmm
Except the OEM can prevent this from being an option for you.
Do Google Play downloads go over SSL? Does Google Play fail to work if the SSL verification fails against the installed CAs? Does that Raspberry Pi have its SSL cert installed on the phone?
It's not that easy...
(...or maybe it is, I'm assuming Google wasn't stupid when it comes to the first two questions.)
Why do the OEMs get to add keys? Why can't I load the key myself from UEFI or another side channel?
This is why secure boot triggers "do not want." Motherboard manufacturers are trying to wedge themselves in as gatekeepers where they were previously not.
Yes, I mean UMS.
The iPhone does not show up as a SBP2 device on the USB bus, so therefore Windows cannot format it and will not ask to format it. In fact, if you hook it up to Windows 7, it loads a Microsoft driver that exposes a DCIM folder for you to peruse as a normal disk. On Windows XP, it shows up as a "Scanner or Camera" device, again, without having iTunes installed.
iTunes may suck, but don't make shit up.
Ugh, phones? I wish I could call that a "computer."
I hope you're not referring to the Pixel, because you're off by over $1,000 on the price.
The unencrypted stream is decompressed. Recompressing it creates fidelity loss and takes up more CPU time/power making it undesirable. Possible, but undesirable. It's like a theatre cam recording.
Breaking DRM by poking through assembler is hard work for no pay in your spare time. I would be not be surprised if *nobody* has built a Netflix streamripper plugin for Firefox. The guy breaking iTunes encryption has basically given up the cat and mouse game due to time.
The JavaScript solution makes it super convenient to make a streamripper and install it as a no-native-code addon. It is the opposite of what you argue it is. I get that the binary blob introduces an attack vector, but your solution is not acceptable (to DRM proponents).
You can't do it in javascript, because the point is not to keep the stream safe in transport. The point is to keep the keys away from the user, and it's way easier to do that with a binary because the tools to reverse it are more complicated. Hence the black box.
Yeah, so... there was no app store requiring Apple approval in the "iOS 1.x days" That's the Jailbreak App Only era.
Go watch Strange Days (1995)
Life is an intelligence test. There aren't rails over every ravine, every tiger put in a cage, every sharp stick taped off with a warning label. But don't worry, eventually the safety regulators will get to everything.
There is a point where more safety regulations do more harm than good. This is that point. They add cost, weight, manufacturing time, and catch dust to lessen equipment lifespan. There is already a fan guard on the computer, it's called the case.
The fans are INSIDE the case, safe from fingers. If you're going to pull the case apart while it's running, then that's no different than willfully disregarding any other safety warning or operating anything else improperly,be it a razor or a chainsaw. The CASE is the safety guard.
By the logic of the EU, people are smart enough to handle cut throat razors properly as to not slice their neck open, but too stupid to know that they should not open a computer while it is running and stick their hand next to spinning fans and get their knuckles nicked.
The evolution of razors gives people a choice in the level of skill required to properly operate the razor. For the computer, just turn it off to increase the safety while working on it! More than likely you _have_ to do that anyway.
The difference here, is that it's not illegal to sell "cut throat" razors.
As long as we're clear that you have no right to it in the first place, sure.
Yes, because we still sell razor blades with the same expectation, just like we expect people to shut the computer down before working on it.
It's not better, it's either middling or worse. It causes the machines to not last as long and adds costs to protect against a situation where you would have to go out of your way to hurt yourself in.
Balancing utility against safety, you say? You mean, how you can easily stick your hand into the blade of an operating chainsaw, or stick your hand into a blade of a plastic fan? Yet somehow we can trust people to not do one of these where the danger is constantly present, but it's far too dangerous to rely on them to not do the other where it is an abnormal situation.
The "experts" that write the standards are just looking to keep their jobs. If you fix everything that's broken, then just go and break stuff so you can fix it.
You can misuse the chainsaw during NORMAL operation with all the fancy safety features and still hurt yourself.
You can also misuse the current incarnation of the Mac Pro during ABNORMAL operation (aka with the side door off) and maybe nick some dead skin off (the fans typically spin slower than a normal computer).
Putting the guards on it reduces the lifespan by trapping dust, making it not last as long and be less of a premium product. It doesn't matter if this is an "premium priced" Apple or a $400 Dell, the rule is stupid, as in the people it is "protecting" lack intelligence or common sense.
The rotating blade of a chainsaw is an operator accessible area. I guess we need a protector over the entire thing while it's running, cause somebody could touch it.
The rare case that the chainsaw blade breaks could damage stuff, so best cover it in a screen to protect whatever and whoever.
This world is dangerous, and exercising reasonable precaution, like shutting the machine down, should be expected. If they DON'T do it, then they should run the risk, or mitigate it themselves.
If you've ever *looked* in a Mac Pro case, there are no wires hanging out or even remotely in danger of getting caught in the fan, due to being secured.
The directive is idiotic. It drives up the cost and decreases the lifespan (catches dust) to protect absolute morons that would disassemble their computer WHILE IT IS RUNNING.