"But doesn't only Microsoft have the private keys used for secureboot?"
Not in the sense you think it does, no. When people say this, what they mean is 'Microsoft is the only company that has decided to act as a CA for Secure Boot and ask hardware vendors to ship its keys in their firmware implementations'. Anyone else could choose to try and do this as well; no-one else has. Secure Boot per se is simply a definition of a system by which a firmware can use public key-based cryptography to validate a boot chain. It does not say anything at all about who should issue keys or which particular keys any given firmware implementation should trust.
Note, neither of these has really broken the SB security model itself; they're just attacks against poor implementations of it, which isn't terribly surprising. Firmware, in general, is really fucking terrible code; it's not a surprise at all that some vendors have managed to fuck up their SB implementations.
Why is there no "this is completely factually incorrect" mod tool? Seems like an oversight.
UEFI is a firmware standard. It was deployed in the real world in production systems for years before anyone started drafting Secure Boot. Secure Boot is one part of the UEFI standard, but UEFI is complete without it, and indeed SB was only added in UEFI 1.2.
If you want to talk about SB, talk about SB. Don't confuse it with UEFI per se.
I don't think the price points have much to do with it, it's just a typical crowdfunding curve: you get most of your money early. That just happens to line up with when they made lower prices available. If they'd just picked one price point and stuck to it you'd see much the same curve, it's the curve almost all crowdfunding projects follow.
They don't have prototype phones. They have 3D printed prototype *cases*. If you look carefully at any of the software demo videos, the phone being used is a Nexus.
"But Canonical is not unknown, nor is it going anywhere."...but neither does it have any experience at all of hardware production. Trying to jump straight to building a top-end superphone based on crowdfunding is a big leap.
Have you taken a close look at what they actually have right now? Some shiny renders, very rough 3D printed prototypes of the case, a spec sheet, and some extremely unfinished software. That's it. Are you really confident they'll deliver a top-end phone in less than a year?
"Its the same boring shit about how eve's terrible servers can't handle all the buffered state updates and slows to a crawl"
Or to see the half-full glass, it's a story about how EVE is the only MMO game that really even attempts to let stuff happen on this kind of scale; it's the only major single-server MMO, i.e., the only one that doesn't just cheat by only having as many people on any given 'instance' of the game as their server code can handle.
Re:You know what's better than fake worlds?
on
Epic Online Space Battle
·
· Score: 4, Insightful
Real world is noticeably lacking in large-scale space battles (at least, to the best of our knowledge). Swings, roundabouts...
Also worth noting the article's "England's highest civil court" probably misleads U.S. readers a bit. You could strictly say it's true, or at least that it's one of the three highest civil courts in England. But cases can usually be appealed from the High Court to the Court of Appeal, and then to the Supreme Court of the UK (formerly a committee of the House of Lords took that role), and then possibly to the EU (seems likely to be at least a possibility in this case). The implication that judgements the High Court makes are essentially final is misleading.
+1, take out a subscription today. Worth being aware that its coverage of the U.K. news is from a specific perspective - it's pretty much the house paper of the centre-left Labour party - but its international analysis is second to none.
Well, the way to screw up giant robots beating up giant monsters is to not have enough robot-on-monster action, instead choosing to focus on tedious character development and Australians being macho at each other.
There's still just about enough robot-on-monster action to make it worth ten bucks, but it's a close call...
Also, if you account for *international* revenue, After Earth has comfortably made back its budget, and Pacific Rim is close. The article seems to place rather too much emphasis on North American box office. (I mean, c'mon, Pacific Rim is screamingly obviously built for international consumption: having a large chunk of the movie shot in Hong Kong? Prominently featuring Russian, Australian and most obviously Chinese giant-robots, with lots of heroic moments for each? Hard to find a more textbook example of the Hollywood strategy of the last decade, make damn sure you can sell your movie everywhere, _especially_ China).
"Canonical has kicked off a crowdfunding campaign to raise $32 million in 30 days to make its own smartphone, called Ubuntu Edge, that can also hook up to a monitor and be used as a PC."
Or, alternatively, some other shit:
"Specifications are subject to change."
So, you know, you could really wind up with anything. The campaign keeps talking about a prototype device, but unless I'm missing it, none of the videos actually shows a working phone - the brief plug-in desktop demo in the 'introducing the hardware' video is using a Nexus of some kind, I think.
So what they apparently have is some bits of code, some shiny renders, and an entirely notional spec sheet.
Well, I'd rather say it varies hugely from place to place, police force to police force (particularly local force vs. RCMP), and whether you're white (as is often the case in other countries too).
"I'll play devils advocate for a moment. In part, the cops have attained these capabilities because of the increased capabilities of organized crime and street-level criminals. Something of an arms race going on."
That point was dealt with in the original article; briefly, but then, it's only a newspaper article. The author quoted some statistics that indicate the vast majority of violent crimes are committed with small weapons, not high-powered military stuff. And in any case, one of the main thrusts of the article is that SWAT teams are being used to deal with _completely non-violent_ (alleged) offenders.
"The irony here is that Mir, which is is seen as a huge competitor to Wayland, could end up helping Wayland enourmously since Canonical doesn't seem to be afraid to pick up a phone and call people at AMD/Nvidia to talk about updating the drivers."
Well, no, Canonical is not afraid to print loud press releases about how they're talking to AMD/NVIDIA, couched as confusingly as possible to make it sound like AMD/NVIDIA are already confirmed riders on the Mir train. It's a publicity exercise. I'm sure the Wayland developers are in touch with AMD/NVIDIA as well, they just aren't as cynical as Canonical about trumpeting it loudly in press releases.
Slashdot Mirror
"But doesn't only Microsoft have the private keys used for secureboot?"
Not in the sense you think it does, no. When people say this, what they mean is 'Microsoft is the only company that has decided to act as a CA for Secure Boot and ask hardware vendors to ship its keys in their firmware implementations'. Anyone else could choose to try and do this as well; no-one else has. Secure Boot per se is simply a definition of a system by which a firmware can use public key-based cryptography to validate a boot chain. It does not say anything at all about who should issue keys or which particular keys any given firmware implementation should trust.
Then set up another CA. Microsoft isn't stopping anyone from doing it.
Note, neither of these has really broken the SB security model itself; they're just attacks against poor implementations of it, which isn't terribly surprising. Firmware, in general, is really fucking terrible code; it's not a surprise at all that some vendors have managed to fuck up their SB implementations.
Why is there no "this is completely factually incorrect" mod tool? Seems like an oversight.
UEFI is a firmware standard. It was deployed in the real world in production systems for years before anyone started drafting Secure Boot. Secure Boot is one part of the UEFI standard, but UEFI is complete without it, and indeed SB was only added in UEFI 1.2.
If you want to talk about SB, talk about SB. Don't confuse it with UEFI per se.
They just set up several increasing price points for the phone and limited the quantities: the earlier you got in, the less you had to pay.
I don't think the price points have much to do with it, it's just a typical crowdfunding curve: you get most of your money early. That just happens to line up with when they made lower prices available. If they'd just picked one price point and stuck to it you'd see much the same curve, it's the curve almost all crowdfunding projects follow.
If you want to make a statement why not just go buy a Geeksphone?
Costs a lot less, and you can get it right now.
They don't have prototype phones. They have 3D printed prototype *cases*. If you look carefully at any of the software demo videos, the phone being used is a Nexus.
"But Canonical is not unknown, nor is it going anywhere." ...but neither does it have any experience at all of hardware production. Trying to jump straight to building a top-end superphone based on crowdfunding is a big leap.
Have you taken a close look at what they actually have right now? Some shiny renders, very rough 3D printed prototypes of the case, a spec sheet, and some extremely unfinished software. That's it. Are you really confident they'll deliver a top-end phone in less than a year?
"Its the same boring shit about how eve's terrible servers can't handle all the buffered state updates and slows to a crawl"
Or to see the half-full glass, it's a story about how EVE is the only MMO game that really even attempts to let stuff happen on this kind of scale; it's the only major single-server MMO, i.e., the only one that doesn't just cheat by only having as many people on any given 'instance' of the game as their server code can handle.
Real world is noticeably lacking in large-scale space battles (at least, to the best of our knowledge). Swings, roundabouts...
Because he's responding to someone else who brought up the completely irrelevant comparison in the first place.
Also worth noting the article's "England's highest civil court" probably misleads U.S. readers a bit. You could strictly say it's true, or at least that it's one of the three highest civil courts in England. But cases can usually be appealed from the High Court to the Court of Appeal, and then to the Supreme Court of the UK (formerly a committee of the House of Lords took that role), and then possibly to the EU (seems likely to be at least a possibility in this case). The implication that judgements the High Court makes are essentially final is misleading.
"This raises some serious issues for this being used for terrorist purposes."
Also, much more importantly, I can see the lightbulbs going off in the scriptwriting room for the Die Hard series from here.
+1, take out a subscription today. Worth being aware that its coverage of the U.K. news is from a specific perspective - it's pretty much the house paper of the centre-left Labour party - but its international analysis is second to none.
If you knew anything about Matt, you'd know describing him as a 'businessman' is pretty absurd.
http://mattdm.org/
I was actually laughing out loud in the theatre at that one. And I wasn't the only one.
Well, the way to screw up giant robots beating up giant monsters is to not have enough robot-on-monster action, instead choosing to focus on tedious character development and Australians being macho at each other.
There's still just about enough robot-on-monster action to make it worth ten bucks, but it's a close call...
Also, if you account for *international* revenue, After Earth has comfortably made back its budget, and Pacific Rim is close. The article seems to place rather too much emphasis on North American box office. (I mean, c'mon, Pacific Rim is screamingly obviously built for international consumption: having a large chunk of the movie shot in Hong Kong? Prominently featuring Russian, Australian and most obviously Chinese giant-robots, with lots of heroic moments for each? Hard to find a more textbook example of the Hollywood strategy of the last decade, make damn sure you can sell your movie everywhere, _especially_ China).
"Canonical has kicked off a crowdfunding campaign to raise $32 million in 30 days to make its own smartphone, called Ubuntu Edge, that can also hook up to a monitor and be used as a PC."
Or, alternatively, some other shit:
"Specifications are subject to change."
So, you know, you could really wind up with anything. The campaign keeps talking about a prototype device, but unless I'm missing it, none of the videos actually shows a working phone - the brief plug-in desktop demo in the 'introducing the hardware' video is using a Nexus of some kind, I think.
So what they apparently have is some bits of code, some shiny renders, and an entirely notional spec sheet.
Well, I'd rather say it varies hugely from place to place, police force to police force (particularly local force vs. RCMP), and whether you're white (as is often the case in other countries too).
"I'll play devils advocate for a moment. In part, the cops have attained these capabilities because of the increased capabilities of organized crime and street-level criminals. Something of an arms race going on."
That point was dealt with in the original article; briefly, but then, it's only a newspaper article. The author quoted some statistics that indicate the vast majority of violent crimes are committed with small weapons, not high-powered military stuff. And in any case, one of the main thrusts of the article is that SWAT teams are being used to deal with _completely non-violent_ (alleged) offenders.
"Because it is the same approach and Mir is further along. Wayland isn't at the benchmarking phase yet they are still getting stuff to work at all."
Um. No. Phoronix benchmarked XMir. XWayland, which is precisely the same thing for Wayland, has existed in usable form for months or years.
GTK+ and Qt already have Wayland compositors, AIUI.
"The irony here is that Mir, which is is seen as a huge competitor to Wayland, could end up helping Wayland enourmously since Canonical doesn't seem to be afraid to pick up a phone and call people at AMD/Nvidia to talk about updating the drivers."
Well, no, Canonical is not afraid to print loud press releases about how they're talking to AMD/NVIDIA, couched as confusingly as possible to make it sound like AMD/NVIDIA are already confirmed riders on the Mir train. It's a publicity exercise. I'm sure the Wayland developers are in touch with AMD/NVIDIA as well, they just aren't as cynical as Canonical about trumpeting it loudly in press releases.