Linked by Thom Holwerda on Thu 3rd Nov 2011 19:34 UTC, submitted by lucas_maximus
Hardware, Embedded Systems A big issue right now in the world of operating systems - especially Linux - is Microsoft's requirement that all Windows 8 machines ship with UEFI's secure boot enabled, with no requirement that OEMs implement it so users can turn it off. This has caused some concern in the Linux world, and considering Microsoft's past and current business practices and the incompetence of OEMs, that's not unwarranted. CNet's Ed Bott decided to pose the issue to OEMs. Dell stated is has plans to include the option to turn secure boot off, while HP was a bit more vague about the issue.
Order by: Score:
v Err how is this uncertain?
by lucas_maximus on Thu 3rd Nov 2011 19:56 UTC
RE: Err how is this uncertain?
by Macrat on Thu 3rd Nov 2011 20:25 UTC in reply to "Err how is this uncertain?"
Macrat Member since:
2006-03-27

What "Other Operating Systems" can HP mean? It ain't MacOSX.


Solaris of course.

Reply Score: 3

lucas_maximus Member since:
2009-08-18

Maybe yes ... But Oracle has been bashing the shit outta HP recently ... I don't think there is much love there anymore.

Reply Score: 2

RE: Err how is this uncertain?
by Thom_Holwerda on Thu 3rd Nov 2011 20:35 UTC in reply to "Err how is this uncertain?"
Thom_Holwerda Member since:
2005-06-29

Summary:

You believe OEMs and Microsoft on their blue eyes. After years of abuse and patent troll behaviour, smart people don't.

Reply Score: 5

lucas_maximus Member since:
2009-08-18

Love it Thom ... don't actually dispute any of my points but make a blanket statement I am naive.

Honestly OEM aren't going to give the Win7 market up after most Corps are just moving to it.

Microsoft are bloody benign compared to Mobile phone carriers, estate agents and Fasthosts (f--king evil).

Funnily enough I have never been abused by Microsoft or Bill Gates ... At no point have my private parts be stimulated by Microsoft or Bill Gates against my will.

All they have ever done is expected me to pay for something they produce ... Greedy f--ks.

Edited 2011-11-03 20:46 UTC

Reply Score: 2

satan666 Member since:
2008-04-18

Microsoft are bloody benign compared to Mobile phone carriers, estate agents and Fasthosts (f--king evil).

The fact that Microsoft is less evil than others does not make Microsoft benign. Are you really using bening and Microsoft in the same sentence?
All they have ever done is expected me to pay for something they produce

Wow, really, that's all they did? Nothing else?

Reply Score: 7

lucas_maximus Member since:
2009-08-18

From me yeah.

Seriously ... you must never had worked with an "Digital Agency" ...

We recently had a quote for £500 to correct a Switch statement.

Reply Score: 2

Mellin Member since:
2005-07-06

expect me to pay for something i do not want (windows)

Reply Score: 2

lucas_maximus Member since:
2009-08-18

Don't pay for it then ... Lemur2 is always going on about that System76.

Vote with your wallet ... I buy OpenBSD released since I use them ... I vote with my wallet to support the project.

Edited 2011-11-03 23:22 UTC

Reply Score: 2

Mellin Member since:
2005-07-06

no one sells a pc laptop without windows in sweden

Reply Score: 4

lemur2 Member since:
2007-02-17

Don't pay for it then ... Lemur2 is always going on about that System76. Vote with your wallet ... I buy OpenBSD released since I use them ... I vote with my wallet to support the project.


FWIW, in my own country there are a few sources of computers where the OS is not included as part of the price.

Here is an example of a netbook and a low-end desktop:
http://pioneercomputers.com.au/products/configure.asp?c1=3&c2=12&id...

http://pioneercomputers.com.au/products/configure.asp?c1=4&c2=97&id...

The base prices of $349 AUD and $399 AUD do not include any OS except an option for Ubuntu.

Here are the additional costs for various Windows OS versions:
Microsoft Windows XP Professional [+$169] With CD
Microsoft Windows XP Home Edition with Recovery CD [+$39]
Microsoft Windows 7 Home Premium (32/64 Bit) [+$99] With CD
Microsoft Windows 7 Professional (32/64 Bit) [+$169] With CD
Microsoft Windows 7 Ultimate Upgrade/Full Version (64 Bit) [+$199] With CD

Ubuntu comes with an Office suite installed, so to match Ubuntu one would also have to purchase (at least) the following extra item as well:
Microsoft Office 2010 Home & Student [+$154]

So, for any option of Windows XP or Windows 7 the price would almost double, by the time you had purchased necessary software, compared to the Ubuntu option.

As long as Pioneer Computers is prepared to offer machines for sale without unwanted software bundled into the price, they are indeed worth of getting my custom.

For Windows 8 it would appear that Pioneer Computers may not be able to offer their customers the far better Ubuntu deal any longer. If that happens I would feel sorry for Pioneer Computers, but I would no longer buy from them, they would lose me as a customer. I would build up my own systems from piece parts if I have to.

Reply Score: 2

lemur2 Member since:
2007-02-17

I think it comes down to that you don't want to pay money for stuff and you are cheap.


I think it comes down to that you want me to pay money to Microsoft even though I don't use their stuff.

In what possible universe is it sensible to pay twice as much as one has to, for any reason whatsoever? This question is especially pertinent when the better hardware/software combination is the one that is half the price.

Under what strange morailty is it a bad thing if people collaborate together to make a less expensive alternative available to everybody?

In what possible way is it a good thing for the Australian people, Australian business and the Australian economy to have a half-price alternative option to Microsoft made unavailable to them?

Do you have shares in Microsoft?

Edited 2011-11-04 01:06 UTC

Reply Score: 5

Brendan Member since:
2005-11-16

Hi,

Honestly OEM aren't going to give the Win7 market up after most Corps are just moving to it.


This is short-sighted (and I've seen it multiple times from multiple people).

In the short term I think you're right - for desktop/workstation/server (and not for smaller stuff like tablets and notebooks), OEMs will want to support Win7; and other OSs (Linux, Solaris, the three BSDs, etc) will only be screwed on some of the smaller stuff.

In the longer term, OEMs will eventually forget about Win7 (in the same way that no sane OEM cares about Win98 anymore). This is what other OSs (and companies like Redhat, and organisations like FSF and GNU) should be worried about - not the next few years, but the next few decades.

A man jumps off of a 20 storey building. While passing the tenth floor observers hear him say "Going well so far"...

- Brendan

Reply Score: 5

ricegf Member since:
2007-04-25

Never bought an Android phone, I see.

Reply Score: 2

lucas_maximus Member since:
2009-08-18

Summary:

I am Thom and I cannot make an arguement ... classy.

Reply Score: 0

RE: Err how is this uncertain?
by Flatland_Spider on Thu 3rd Nov 2011 22:13 UTC in reply to "Err how is this uncertain?"
Flatland_Spider Member since:
2006-09-01

They mean FreeDOS. I'm not joking; it's a real option. You can configure some machines with either Windows or FreeDOS.

Last time I tried configuring an HP machine with FreeDOS, the configurator wouldn't let me select the option to add the Windows and Centrino stickers, and apparently, there was a bunch of hardware which relied on those stickers to work because the configurator would tell me to add the stickers before adding the hardware.

It was quite comical. I'm not sure if HP still does that since I have written them off.

Reply Score: 6

Just to show
by ronaldst on Thu 3rd Nov 2011 20:05 UTC
ronaldst
Member since:
2005-06-29

this is just another overblown topic purely based on fear and ignorance.

There are things wrong with UEFI and this ain't one of them.

Reply Score: 4

RE: Just to show
by lucas_maximus on Thu 3rd Nov 2011 20:09 UTC in reply to "Just to show"
lucas_maximus Member since:
2009-08-18

+1 I would upvote you .. but I can't.

Also this comment is very interesting

http://www.zdnet.com/tb/1-107846#1_107846_2139335

It seems that once the OS is booted you cannot access UEFI.

I am interested about the negatives of UEFI can you provide me links please ... so I can Edify myself?

Edited 2011-11-03 20:10 UTC

Reply Score: 1

RE[2]: Just to show
by ronaldst on Fri 4th Nov 2011 01:30 UTC in reply to "RE: Just to show"
ronaldst Member since:
2005-06-29

I am interested about the negatives of UEFI can you provide me links please ... so I can Edify myself?

I don't have any links to give you but I'll tell you what I believe is wrong with UEFI. There was a video presention presented by the Plan9 guy Ron Minnich about CoreBoot which goes in further details.

UEFI itself is a small OS. It has it's own drivers. Which is duplicate functionality since Windows/MacOS/Linux must also provide the same drivers and functions. There are videos on Youtube where people boot up their PCs to the desktop and simply remove the BIOS chip while everything runs. And nothing crashes.

Security and costs. More code, more complex, more bugs, more space needed. UEFI does more than the current BIOS.

There are no technical reasons why a simple hardware init + payload straight to the OS couldn't be a replacement for today's BIOS.

The only reason we still have this excess layer is none other than protecting other people's IP and profits.

Anyway, I'm pretty sure someone will comment and tell me that I am wrong but those are my reasons about UEFI.

I'm not going to comment on the secureboot stuff because someone with a functioning brain knows there's no issue here. It's the usual fodder for the internet drama queens.

Reply Score: 3

RE[3]: Just to show
by BushLin on Fri 4th Nov 2011 02:03 UTC in reply to "RE[2]: Just to show"
BushLin Member since:
2011-01-26

As predicted someone is writing to tell that they think you're wrong, although only on the small matter about removing BIOS chips.
I once had a bad flash and the system wouldn't boot, however I had a similar board nearby so I could boot to DOS on that, switch the *ROMS over and then force flash the BIOS image which failed previously.
Oh yeah, the point... While I'm not going to argue the merits of UEFI, what you said about removing the BIOS chip doesn't appear to prove anything as it doesn't seem any different to what was possible before.

Reply Score: 1

RE: Just to show
by satan666 on Thu 3rd Nov 2011 20:47 UTC in reply to "Just to show"
satan666 Member since:
2008-04-18

this is just another overblown topic purely based on fear and ignorance.
There are things wrong with UEFI and this ain't one of them.

This is a very underblown topic. The proof is the fact that HP has no clue about this issue.
Yes it is based on fear because we all know Microsoft. I'll leave the ignorance to you.
This is by far the most important issue of UEFI.
Microsoft has no interest in disabling this "feature". I'd say that Microsoft has a strong interest in locking the users to its own operating system.
The new standard is being made right now. It is extremely important that this standard is made right from the very beginning, before it is implemented. Because after that it will be very hard to change. We can't wait and see how this UEFI will be. We must act now and make sure it is right.

Reply Score: 14

v RE[2]: Just to show
by lucas_maximus on Thu 3rd Nov 2011 20:50 UTC in reply to "RE: Just to show"
RE[2]: Just to show
by Neolander on Thu 3rd Nov 2011 21:01 UTC in reply to "RE: Just to show"
Neolander Member since:
2010-03-08

Speaking of standards being made right now, I hope that this proposal to the UEFI standards body will get somewhere.

http://mjg59.dreamwidth.org/6503.html

Reply Score: 4

UEFI not booting Linux
by lucas_maximus on Thu 3rd Nov 2011 20:16 UTC
lucas_maximus
Member since:
2009-08-18

http://mjg59.dreamwidth.org/7411.html

Thom didn't cover this in an article ... it appears to be from a debian dev (I am going by the favicon, I honestly can't be arsed to find out, feel free to correct me).

Redhat seems to be perpetuating this fallacy according to Ed Bott and this blog post supports this assertion.

Edited 2011-11-03 20:18 UTC

Reply Score: 2

RE: UEFI not booting Linux
by Thom_Holwerda on Thu 3rd Nov 2011 20:34 UTC in reply to "UEFI not booting Linux"
Thom_Holwerda Member since:
2005-06-29

That post is from Matthew Garrett. Red Hat developer. The main driving force behind the effort you condemn.

Reply Score: 3

RE[2]: UEFI not booting Linux
by lucas_maximus on Thu 3rd Nov 2011 20:39 UTC in reply to "RE: UEFI not booting Linux"
lucas_maximus Member since:
2009-08-18

Why the f--k the Debian favicon then?

Nevertheless ... still proves my overrall point.

Lots of people spreading misinformation from one blog post ... like the link says.

Problem? Doesn't fit in with your Rhetoric?

Edited 2011-11-03 20:49 UTC

Reply Score: 2

RE[3]: UEFI not booting Linux
by ctl_alt_del on Thu 3rd Nov 2011 20:50 UTC in reply to "RE[2]: UEFI not booting Linux"
ctl_alt_del Member since:
2006-05-14

That's a Dreamwidth logo not a Debian one....they spin in different directions.

Reply Score: 2

RE[4]: UEFI not booting Linux
by lucas_maximus on Thu 3rd Nov 2011 20:51 UTC in reply to "RE[3]: UEFI not booting Linux"
lucas_maximus Member since:
2009-08-18

Thanks for the correction.

A bit confusing though.

Reply Score: 2

RE: UEFI not booting Linux
by Delgarde on Thu 3rd Nov 2011 21:13 UTC in reply to "UEFI not booting Linux"
Delgarde Member since:
2008-08-19

Redhat seems to be perpetuating this fallacy according to Ed Bott and this blog post supports this assertion.


I wouldn't regard CNet commentators as an authority on the matter, if I were you. Having read both Bott's article and the various discussions he's talking about, it looks like he's just heard about some controversy, skimmed a few blog posts, and written up a quick and mostly uninformed article.

That blog post you link to is by Matthew Garrett, who's probably the most knowledgeable person in the open-source community when it comes to UEFI booting. He's also the one responsible for most of the noise around "secure boot", precisely because he's done his research.

That said, he does stick to the facts, hence the post you linked to, complaining about others spreading misinformation. As far as I can tell, this fuss is because someone else at Redhat had problems with UEFI, and jumped to the conclusion that it was relating to secure boot. Which can't possibly be the case, as Garrett's latest post points out... no "secure boot" systems are currently on the market...

Reply Score: 8

RE[2]: UEFI not booting Linux
by lucas_maximus on Thu 3rd Nov 2011 22:02 UTC in reply to "RE: UEFI not booting Linux"
lucas_maximus Member since:
2009-08-18

The point still stands misinformation is being perpetuated.

Reply Score: 2

Comment by shmerl
by shmerl on Thu 3rd Nov 2011 21:03 UTC
shmerl
Member since:
2010-06-08

Nothing was said about proper solutions though. Disabling secure boot is a dumb workaround, but not really the proper method. Proper method is giving the user a way to manage keys for the UEFI.

http://ozlabs.org/docs/uefi-secure-boot-impact-on-linux.pdf
https://www.linuxfoundation.org/publications/making-uefi-secure-boot...

This guy's comments from http://www.zdnet.com/blog/bott/leading-pc-makers-confirm-no-windows... are just pathetic.

Edited 2011-11-03 21:09 UTC

Reply Score: 8

RE: Comment by shmerl
by Alfman on Thu 3rd Nov 2011 22:10 UTC in reply to "Comment by shmerl"
Alfman Member since:
2011-01-28

shmerl,

"Nothing was said about proper solutions though. Disabling secure boot is a dumb workaround, but not really the proper method. Proper method is giving the user a way to manage keys for the UEFI."

That's just it, disabling secure boot should be a *last resort*. The inclusion of security features which users can't enable for alternative operating systems is anti-competitive and makes them second class operating systems.

This is all the more frustrating because secure boot should have been engineered in a way the benefits the end user rather than restricting us.

Ed Bott doesn't attempt to make any reasoned arguments and doesn't even touch upon any of our real concerns (such as dual boot, the accessibility of keys, DRM, etc). He brushes off secure boot criticisms in one fell swoop when he jumps strait to the conclusion that this is a fud campaign in his first line. He hasn't answered any of our questions, and seems more pissed off that we are asking them than anything else.

Damn it Ed, I look forward to new information on this important issue and all you've done is to re-frame the debate at an abstract level without addressing anything at all.

Reply Score: 6

RE: Comment by shmerl
by f0dder on Fri 4th Nov 2011 00:04 UTC in reply to "Comment by shmerl"
f0dder Member since:
2009-08-05

Nothing was said about proper solutions though. Disabling secure boot is a dumb workaround, but not really the proper method. Proper method is giving the user a way to manage keys for the UEFI.
That comment deserves a zillion upvotes.

Reply Score: 3

Comment by Soulbender
by Soulbender on Thu 3rd Nov 2011 21:46 UTC
Soulbender
Member since:
2005-08-18

Mr Bott is pretty good at drumming up the sensationalism and FUD himself.

In fact, the closer you look at the movement against the Secure Boot feature,the more apparent it becomes that this is about propaganda, not technology.


What movement against Secure Boot? The RH/Canonical/LF campaign is not anti-secure boot. Propaganda? For what? Having a choice? Is that somehow bad?

As for the confirmation by the leading PC makers...
HP's company line pretty much mean "I dont fscking know, ok? Wait while we figure out what's best for us".

First of all, that’s factually in error: the blog post in question was written by Microsoft’s Tony Mangefeste,


That's hair-splitting. The blog post was made by Mr Sinofsky but the majority of the content written by Mr Mangefeste.

Funny how he takes the MS guys at their word but the LF guys are the devils minions, more or less. Yeah, Corporate propaganda is so much more trustworthy.

From the MS blog:
For Windows customers, Microsoft is using the Windows Certification program to ensure that systems shipping with Windows 8 have secure boot enabled by default,


Funny how Mr Bott does not mention that, eh?

Also from the blog:
For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision.


Yeah...anything not Windows 8 is old. No propaganda to see here. No sireeeee....

Blah blah blah, yadda yadda yadda. Much fud follows.

At the end of the day, this COULD become a problem so what's the harm in attacking it now BEFORE it actually becomes one? Sitting on your ass and hoping for the best isn't the wise choice.

Edited 2011-11-03 21:47 UTC

Reply Score: 12

RE: Comment by Soulbender
by lucas_maximus on Thu 3rd Nov 2011 21:58 UTC in reply to "Comment by Soulbender"
lucas_maximus Member since:
2009-08-18

Angry much.

You are going off on one for the sake of it ... TBH I have heard more FUD from the FLOSS community than anyone about Windows 8 ..

But never mind you guys like to raeg about whatever.

As I keep saying OEMs would be mental to stop people booting Widnows 7 since most businesses have only or just started testing for Win7 ... and won't want to move til nearer 2020.

But you know you can keep on reacting on your emotions and talking crap .. since that is largely what most people do here.

Reply Score: 0

RE[2]: Comment by Soulbender
by Thom_Holwerda on Thu 3rd Nov 2011 21:59 UTC in reply to "RE: Comment by Soulbender"
Thom_Holwerda Member since:
2005-06-29

But you know you can keep on reacting on your emotions and talking crap .. since that is largely what most people do here.


And what you're doing is reasonable, calm, and utterly rational and not at all abrasive, right?

Reply Score: 4

RE[3]: Comment by Soulbender
by lucas_maximus on Thu 3rd Nov 2011 22:06 UTC in reply to "RE[2]: Comment by Soulbender"
lucas_maximus Member since:
2009-08-18

And what you're doing is reasonable, calm, and utterly rational and not at all abrasive, right?


Well I keep on replying will well reasoned arguments but everyone seems to go into "Microsoft is the EVILZ!" mode ... and cannot seem to go beyond that.

So after attacking arguing with a logical one must assume the other person has an Agenda, usually pro floss ... or trolling ... so I attack that ... Problem??

OEMS will not stop the installation of Windows 7 for pure business reasons ... something which you keep on ignoring .. and I have said in POST 1.

Which is for some odd reason is ignored :-|

Edited 2011-11-03 22:10 UTC

Reply Score: 2

RE[4]: Comment by Soulbender
by shmerl on Thu 3rd Nov 2011 22:10 UTC in reply to "RE[3]: Comment by Soulbender"
shmerl Member since:
2010-06-08

So the proof is just "most probably because of business reasons they wont"? Doesn't sound assuring enough, since those reasons are not set in stone. While no rule mandates OEMs to give the user an ability to control UEFI keys or disabling it altogether - there is a risk of having a computer which won't boot what user wants.

Reply Score: 3

RE[5]: Comment by Soulbender
by lucas_maximus on Thu 3rd Nov 2011 22:19 UTC in reply to "RE[4]: Comment by Soulbender"
lucas_maximus Member since:
2009-08-18

RAH RAH RAH RAH ...

I have never really worked in IT


Windows 7 is supported til 2020 ... most large businesses are only just thinking about moving to it and doing testing ... the will probably never move to Windows 8 ... and move to Windows 9 afterwards ... or LCARS for all I know ...

But Windows 7 is going to be around for the next good few years as well as Businesses that will use XP forever and ever ... will need new hardware and just will make sure it is VMed or on a seperate non-internet enabled network (like much of our clients with Windows 2000).

Edited 2011-11-03 22:20 UTC

Reply Score: 2

RE[6]: Comment by Soulbender
by shmerl on Thu 3rd Nov 2011 22:22 UTC in reply to "RE[5]: Comment by Soulbender"
shmerl Member since:
2010-06-08

XP is still supported, while it's not uncommon to have laptops that can't work with XP because manufacturers didn't care (no drivers), targeting them only for Vista for example. So forget about business reasons, we are talking about having solid standards and rules.

Edited 2011-11-03 22:23 UTC

Reply Score: 3

RE[7]: Comment by Soulbender
by lucas_maximus on Thu 3rd Nov 2011 22:35 UTC in reply to "RE[6]: Comment by Soulbender"
lucas_maximus Member since:
2009-08-18

What do you mean exactly.

My clients only have software that can run On windows 2000 or XP and they won't retrain their staff .. so what is the answer ...

Comon ... what is it?

Reply Score: 2

RE[4]: Comment by Soulbender
by Alfman on Thu 3rd Nov 2011 22:32 UTC in reply to "RE[3]: Comment by Soulbender"
Alfman Member since:
2011-01-28

lucas_maximus,

"Well I keep on replying will well reasoned arguments but everyone seems to go into 'Microsoft is the EVILZ!' mode ... and cannot seem to go beyond that."

This has absolutely nothing to do with microsoft being evil. I wouldn't care if microsoft had zero involvement, it's bad to have a security feature that bans owners from accessing the keys in their own hardware.

Now microsoft may be a primary benefactor and driver, but this criticism against the proposed secure boot spec has nothing to do with being anti-microsoft. It's about the deteriorating conditions for those of us who believe an open computing future is better than a closed computing future.

Reply Score: 9

RE[5]: Comment by Soulbender
by lucas_maximus on Thu 3rd Nov 2011 22:39 UTC in reply to "RE[4]: Comment by Soulbender"
lucas_maximus Member since:
2009-08-18

There has been numerous evidence given that Secure boot and well reasoned arguments (booting old versions of Windows for business which MS still make money on) ...

But you guys keep chanting the same shit again and again and again.

Even people at Microsoft that are actually speak against Microsoft about some stuff (Scott Hanselman) says that Microsoft is too cumbersome and disjointed to actually "be evil" like Darth Vader .. imperial march stuff ... but whatever you probably won't listen.

http://www.hanselman.com/blog/SixMonthsInTheInsideAmIEvilYet.aspx

Edited 2011-11-03 22:40 UTC

Reply Score: 1

RE[6]: Comment by Soulbender
by Alfman on Thu 3rd Nov 2011 23:38 UTC in reply to "RE[5]: Comment by Soulbender"
Alfman Member since:
2011-01-28

lucas_maximus,

"But you guys keep chanting the same shit again and again and again."

Until our concerns are addressed, I'm afraid your going to have to continue listening this same shit again and again... You haven't addressed them either by the way, I welcome answers from you or anyone else (although I need official sources in order to take them seriously), but it seems the details are being kept behind closed doors.

These are the same questions you haven't answered before, but feel free to take a stab at them this time:

Will duel booting be possible without switching bios settings back and forth and without crippling windows?

Will users be able to use system utilities like barepe or utlimate boot cd?

Will owners be able to control the platform keys out of the box?

Will owners be able to get access to keys by contacting manufacturers?

Will manufacturers use shared or individual platform keys? If shared, then how can they transfer control for some machines while maintaining secure ownership of all the others? If individual, then how will they verify the ownership of the person requesting the transfer?

Will independent operating systems (smaller than linux) be able to get their keys signed in practice?

Will owners have the ability to not trust microsoft on their personal system?

How will manufacturers who hold the platform keys verify that independent operating systems (like Neolander's here) aren't in fact malware?

If an exploit is found in the installation media for a signed OS, will that key be revoked? If so, how will people reinstall their OS?

How will vendors convey these restrictions at the point of sale?

Will people be entitled to refunds if they find secure boot giving them trouble?

Will the manufacturers continue updating OS keys for older systems after warranties expire?

Can we trust that vendors won't tighten their grip over secure boot restrictions as time goes by and more and more systems have it installed?


You may find some of these questions irrelevant to you, but they are extremely relevant to anyone who believes in the merits of open computing.

Reply Score: 8

RE[7]: Comment by Soulbender
by lucas_maximus on Thu 3rd Nov 2011 23:53 UTC in reply to "RE[6]: Comment by Soulbender"
lucas_maximus Member since:
2009-08-18

tl;dr;

Read the f--king article.

UEFI doesn't allow any OS interaction with it. That is the whole idea there isn't an OS API to interact with it .. which is why it is secure.

There are manufacturers (big ones) that say they aren't going to be dicks and not give you the option. Even the BIOS guys are saying "We want you do to it not piss people off". WTF more do you guys want?

You can boot your precious Operating System (I am an OpenBSD/Win 7 user).

GPL is incompatiple with secure boot (thanks to RMS, but BSD is alright).

WTF more do you want?

Edited 2011-11-03 23:58 UTC

Reply Score: 2

RE[7]: Comment by Soulbender
by Neolander on Fri 4th Nov 2011 07:42 UTC in reply to "RE[6]: Comment by Soulbender"
Neolander Member since:
2010-03-08

Hi,

Did you have a look at the proposal made to the UEFI standards body to allow installing new signing keys from live media ? It's linked to somewhere in the first 30 comments of this article. Although not yet full user control on keys (can users revoke the Microsoft key if they want to ?), it would already be something...

Reply Score: 3

RE[2]: Comment by Soulbender
by Soulbender on Fri 4th Nov 2011 02:06 UTC in reply to "RE: Comment by Soulbender"
Soulbender Member since:
2005-08-18

Angry much.

No.

You are going off on one for the sake of it

No.

As I keep saying OEMs would be mental to stop people booting Widnows 7 since most businesses have only or just started testing for Win7


So have I. I don't think most OEM's will prevent other OS to be installed or, in case of server hardware, even enable secure boot by default. That doesn't mean this isn't a potential problem and going off on a rant against RH/C/FSF and the FOSS community, who's trying to prevent the problem, is just lame.

Reply Score: 6

RE[3]: Comment by Soulbender
by lucas_maximus on Sun 6th Nov 2011 14:40 UTC in reply to "RE[2]: Comment by Soulbender"
lucas_maximus Member since:
2009-08-18

So have I. I don't think most OEM's will prevent other OS to be installed or, in case of server hardware, even enable secure boot by default. That doesn't mean this isn't a potential problem and going off on a rant against RH/C/FSF and the FOSS community, who's trying to prevent the problem, is just lame.


There is no evidence that there is going to be a problem.

Reply Score: 1

RE: Comment by Soulbender
by shmerl on Thu 3rd Nov 2011 22:06 UTC in reply to "Comment by Soulbender"
shmerl Member since:
2010-06-08

More from that MS blog post:

At the end of the day, the customer is in control of their PC...


OEMs are free to choose how to enable this support and can further customize the parameters as described above in an effort to deliver unique value propositions to their customers.


Sounds like an oxymoron to me. So is the user in control, or OEMs are free to choose how to enable/disable user's ability to control UEFI? Sounds like the second is more to the point, and "user is in control" is just empty PR talk.

Reply Score: 6

RE[2]: Comment by Soulbender
by lucas_maximus on Thu 3rd Nov 2011 22:23 UTC in reply to "RE: Comment by Soulbender"
lucas_maximus Member since:
2009-08-18

I will keep on arguing the same stuff whatever the evidence presented to me.</sarcasm>

Dell and HP have said they will support disable secure boot. Why don't you actually like raeg when they like "don't" do what they say. Since the statements are perfectly clear to me ... apparently not Thom ... I don't see what the problem is.

Reply Score: 2

RE[3]: Comment by Soulbender
by shmerl on Thu 3rd Nov 2011 22:24 UTC in reply to "RE[2]: Comment by Soulbender"
shmerl Member since:
2010-06-08

See above. Disabling secure boot is not a proper solution for this problem.

Reply Score: 4

RE[4]: Comment by Soulbender
by lucas_maximus on Thu 3rd Nov 2011 22:26 UTC in reply to "RE[3]: Comment by Soulbender"
lucas_maximus Member since:
2009-08-18

How about you explain, but I doubt you can.

Edited 2011-11-03 22:27 UTC

Reply Score: 2

RE[5]: Comment by Soulbender
by shmerl on Thu 3rd Nov 2011 22:43 UTC in reply to "RE[4]: Comment by Soulbender"
shmerl Member since:
2010-06-08

How about you stop trolling and read the thread carefully?

See: http://www.osnews.com/permalink?495695
Spend some time reading documents linked there, and come back to discuss it after that.

Reply Score: 3

v RE[6]: Comment by Soulbender
by lucas_maximus on Thu 3rd Nov 2011 23:02 UTC in reply to "RE[5]: Comment by Soulbender"
RE[7]: Comment by Soulbender
by shmerl on Thu 3rd Nov 2011 23:08 UTC in reply to "RE[6]: Comment by Soulbender"
shmerl Member since:
2010-06-08

Since you aren't going to read it - stop asking questions. And discussion is pointless with those who are lazy to research the issue first.

Edited 2011-11-03 23:08 UTC

Reply Score: 5

RE[3]: Comment by Soulbender
by Soulbender on Fri 4th Nov 2011 01:55 UTC in reply to "RE[2]: Comment by Soulbender"
Soulbender Member since:
2005-08-18

I will keep on arguing the same stuff whatever the evidence presented to me


It's so good that you can admit that to yourself.

Reply Score: 6

v RE[4]: Comment by Soulbender
by lucas_maximus on Fri 4th Nov 2011 10:29 UTC in reply to "RE[3]: Comment by Soulbender"
RE[5]: Comment by Soulbender
by ichi on Fri 4th Nov 2011 11:58 UTC in reply to "RE[4]: Comment by Soulbender"
ichi Member since:
2007-03-06

Very clever mate ... Comon ... it the usual "We hate Microsoft and there is a massive conspiracy against Linux" ...


So far you are the only one constantly bringing up that conspiracy theory.

It's all about potential OEM laziness over the implementation of a MS specification that doesn't consider whether other OSes might be able to boot (and why should they require anything else, they are in the business of selling their own OS).

Would MS love seeing competing operating systems locked out (or at least inconvenienced) out of PCs? Certainly, but that doesn't make it a conspiracy, they aren't actively pushing that with SecureBoot.

Seriously, as someone posted above, complaining about RedHat & Co. trying to make sure that OEMs will implement SecureBoot properly so their operating systems will boot with zero problems is lame.

Reply Score: 6

RE: Comment by Soulbender
by f0dder on Fri 4th Nov 2011 00:08 UTC in reply to "Comment by Soulbender"
f0dder Member since:
2009-08-05

From the MS blog:
"For Windows customers, Microsoft is using the Windows Certification program to ensure that systems shipping with Windows 8 have secure boot enabled by default,


Funny how Mr Bott does not mention that, eh?
"It's a sensible thing to do, though - the majority would never enable the feature, and it'd be all for nothing.

As long as "enabled by default" doesn't imply "with no way to disable it", it's a perfectly fine choice IMHO.

Reply Score: 0

Comment by AnythingButVista
by AnythingButVista on Thu 3rd Nov 2011 22:12 UTC
AnythingButVista
Member since:
2008-08-27

I'm almost positive of what HP will do.

Business PC's: You'll have the option to install alternate OS's, whether it's disabling UEFI or by providing keys for other OS's.

Consumer PC's: Windows 8 is all you'll get. DEAL WITH IT! Just like HP refused to provide drivers so consumers could downgrade Vista machines to XP, don't expect to be able to replace Windows 8 with any other Windows, let alone Linux or other OS's.

Reply Score: 3

RE: Comment by AnythingButVista
by zlynx on Thu 3rd Nov 2011 22:44 UTC in reply to "Comment by AnythingButVista"
zlynx Member since:
2005-07-20

10 years ago PCs were mostly around $1,000.

Today you can get cheaper options, yet people still want them to have all the features of the $1,000 machines.

People, you get what you pay for. Live with it.

If you have to spend $1,000 on a business class PC in order to get decent features, then you aren't any worse off than you were in the year 2000.

If you buy a $350 PC, it's going to be locked down, not have an install CD, come with annoying preinstalled software, and in the future probably be locked so you can't even get rid of the crapware.

Reply Score: 2

RE[2]: Comment by AnythingButVista
by shmerl on Thu 3rd Nov 2011 22:49 UTC in reply to "RE: Comment by AnythingButVista"
shmerl Member since:
2010-06-08

In the end of course you can assemble your own machine, getting a motherboard with sane BIOS, and avoiding all this junk. But that's not the point. The point is a principle of having a choice for the user of any machine, not just the one you assembled on your own. It doesn't matter whether it costs $350 or $1000. Lower price doesn't mandate crippling the device in regards of user's control.

Edited 2011-11-03 22:50 UTC

Reply Score: 3

lucas_maximus Member since:
2009-08-18

There is no evidence that "crippling is going to happen" ... however you keep on chanting the same stuff like it is fact even though so far there is no evidence to support it except for Microsoft hatred.

Edited 2011-11-03 23:10 UTC

Reply Score: 0

Mellin Member since:
2005-07-06

do you have evidence that crippling isn't going to happen ?


the old if you don't like microsoft then you are a hater

Reply Score: 5

lucas_maximus Member since:
2009-08-18

You argument is similar to ...

do you have Evidence that God Doesn't Exist?

... Is pretty much the same question you are asking.

You are trying to prove something by saying that I can't disprove it .... doesn't work like that ;-)

Edited 2011-11-03 23:26 UTC

Reply Score: 1

Mellin Member since:
2005-07-06

I'll take that as a no.

Edited 2011-11-06 08:58 UTC

Reply Score: 3

RE: Comment by AnythingButVista
by Thomas2005 on Fri 4th Nov 2011 16:55 UTC in reply to "Comment by AnythingButVista"
Thomas2005 Member since:
2005-11-07

I'm almost positive of what HP will do.

Business PC's: You'll have the option to install alternate OS's, whether it's disabling UEFI or by providing keys for other OS's.

Consumer PC's: Windows 8 is all you'll get. DEAL WITH IT! Just like HP refused to provide drivers so consumers could downgrade Vista machines to XP, don't expect to be able to replace Windows 8 with any other Windows, let alone Linux or other OS's.

This is exactly what I am thinking, except "HP" can be substituted with any OEM. A slight variation on the consumer PC is there will be an "enthusiast" model that costs more, just for the ability to disable SecureBoot, or it will have Windows 8 "The Shiznit" edition to help justify the cost.

Reply Score: 3

i would
by Mellin on Thu 3rd Nov 2011 23:11 UTC
Mellin
Member since:
2005-07-06

i would go back to the store and demand my money back if the laptop i bought is locked into windows 8

Reply Score: 4

RE: i would
by lucas_maximus on Thu 3rd Nov 2011 23:15 UTC in reply to "i would"
lucas_maximus Member since:
2009-08-18

Nice approach ... for those not familiar with it .. it is called "voting with your wallet".

Reply Score: 3

RE[2]: i would
by Mellin on Thu 3rd Nov 2011 23:20 UTC in reply to "RE: i would"
Mellin Member since:
2005-07-06

lets see all laptops comes with windows 8 no i do not want a crapple craptop so voting with my wallet is impossible if i need a laptop!

Reply Score: 3

RE[3]: i would
by lucas_maximus on Thu 3rd Nov 2011 23:24 UTC in reply to "RE[2]: i would"
lucas_maximus Member since:
2009-08-18

System 76, iXsystems, and I expect a few others.

As I said if you are paying for principle expect to pay a bit more ... that is how things work normally ... it is called economics.

Reply Score: 2

RE[4]: i would
by Mellin on Thu 3rd Nov 2011 23:42 UTC in reply to "RE[3]: i would"
Mellin Member since:
2005-07-06

Not available in Sweden + i do not own a credit card

Edited 2011-11-03 23:46 UTC

Reply Score: 4

werterr
Member since:
2006-10-03

As long as it is enabled by default it is still bad.

Sure you should be able to turn it on-or-off, I would expect that... not being able to do so sounds like a new monopoly case waiting to happen. Because then basically your not buying the hardware anymore... the vendor just made sure that they retain ownership of the ability to use the device as you see fit.

I'm still wondering how this all works in practice but enabling it by default would create another big hurdle for <quote>normal</quote> people to use a computer.

Now any third-party (that can not get there key in?) must add detailed instructions for the end user on how to use there software. Most likely lots of people are going to fail in this or feel like it's too difficult.

Different bioses has different interfaces, different places to put this options or just don't present it at all.

How are normal people going to make sense of this ?

It makes the computer one little step closer to rocket science.

Reply Score: 2

lucas_maximus Member since:
2009-08-18

As long as it is enabled by default it is still bad.


Why? Other than you long reasons that you have made up.
It means trojans won't be able to install stuff into the BIOS ... apparently security is bad.

You are stiling going to be pressing an F<key> at boot an alternative OS ... or something similar.

Edited 2011-11-04 00:28 UTC

Reply Score: 1

Microsoft could solve this, but chose not to
by zztaz on Fri 4th Nov 2011 00:38 UTC
zztaz
Member since:
2006-09-16

Secure booting is a good idea, if implemented well. But there is a possibility that poorly conceived implementations could lock us out of our own hardware.

Microsoft has a logo program which provides OEMs with incentive to include secure booting. There's nothing wrong with that - in isolation. I welcome a world where Windows users are protected from a nasty form of malware. I don't need to run Windows to benefit from fewer compromised Windows systems; less spam would be nice.

But secure booting does not exist in isolation. It exists in a world where Microsoft has a history of using unscrupulous and often illegal means to suppress competition. This has harmed everyone, including Microsoft, in my opinion. Microsoft has long had the ability to compete on the basis of product quality and value. When they have chosen to twist arms instead, their products have stagnated.

This happens with every company that takes the largest market share. IBM ruled the mainframe world, and that left them vulnerable to minicomputers. It's easy to overlook future opportunities when you are focused on your present success. DEC did the same thing; they grabbed the commanding share of minicomputers, and they missed workstations and personal computers. IBM was so late to personal computers that they chose to come out with one using off-the-shelf processors and operating systems from third parties, to our great benefit. GM was the largest auto maker, Western Union could deliver messages anywhere quickly, and so on. Success breed complacency, and eventual decline.

OEMs have sufficient reason to ensure that their systems can boot Windows securely. Server makers probably have reason to ensure secure booting of other operating systems. But there isn't enough incentive to make sure that laptops and desktops boot anything other than Windows, and perhaps even only the version of Windows that shipped with the system. Even Windows users should be concerned, if you want to upgrade in the future.

Microsoft could change their logo program to include a requirement that end users have the ability to install their own boot keys. Windows would stay secure. Most users would ignore this ability.

Microsoft could solve this, but they haven't. They know that they haven't specifically required OEMs to deliver Windows-only systems, so they're off the legal hook. But they haven't prevented OEMs from delivering Windows-only systems, either, and they don't seem to be willing to take that simple step.

Microsoft is very, very good at these sorts of games, and they are very good at suckering the gullible into repeating their spin.

Edited 2011-11-04 00:40 UTC

Reply Score: 4

people need to stop libeling Red Hat
by TechGeek on Fri 4th Nov 2011 01:17 UTC
TechGeek
Member since:
2006-01-14

For those that didn't bother digging through all the links, you can stop blaming Red Hat for some kind of conspiracy. The post from the Red Hat employee about HP and UEFI had nothing to do with this debate. It was simply a posting asking for help with a problem that HP identified as the UEFI. Now maybe it is, and maybe they were wrong. The article never mentions secure boot as indeed the machine in question doesn't have secure boot. But that doesn't mean that a problem in the UEFI wasn't still causing the end user trouble.

Reply Score: 2

Soulbender Member since:
2005-08-18

Good to see that Mr Bott really did his homework and does not have an agenda at all...<cough>....

Reply Score: 2

v It's a non issue
by twitterfire on Fri 4th Nov 2011 17:23 UTC
does it matter?
by unclefester on Fri 4th Nov 2011 22:15 UTC
unclefester
Member since:
2007-01-13

In a couple of years smartphones will be powerful enough to run as desktops for many users. They really just need an industry standard docking system to provide power, a large monitor, keyboard and mouse.

Goodbye Windows dominance.

Reply Score: 5

You're Misinformed, Holwerda
by tomcat on Fri 4th Nov 2011 23:21 UTC
tomcat
Member since:
2006-01-06

UEFI isn't required to be on by default. It's simply required to be supported.

Reply Score: 1

Ok, let's be fair
by twitterfire on Sat 5th Nov 2011 18:58 UTC
twitterfire
Member since:
2008-09-11

#1 Microsoft doesn't require secure boot to be enabled by default
#2 Microsoft doesn't require OEMs to not provide a way to disable secure boot
#3 Microsoft is spreading FUD: they don't want secure boot because they care about user's security, they want secure boot because they wrongfully think it will stop piracy
#4 Even with secure bot, crackers will find a way to circumvent it, in no more than a few days after Windows 8 release
#5 If OEMs doesn't implement a way to disable secure boot, it is their fault, not Microsoft's

I don't buy hardware from Apple, HP, Dell or whatever. I buy cpu, motherboard, video card, hdd, case, psu and I assemble it myself. I always consider the best bang for the buck and if I assemble a PC myself. I end up with a much better machine for the same amount of money. Even with laptops, I will buy a lowend and tinker with it. Add memory, a better cpu, a larger hdd.

Also, if one of my friends needs a new computer, I will research benchmarks, search for parts and assemble it myself. It takes less than half an hour. And you'll have the best price/performance ratio.

All linux/BSD users are more technical then plain Os X/Windows users.

If you don't like Dell, HP or other OEM, you can always do it yourself and vote with your money.

I even recommended that two of the linux staff guys to be fired, at one of my ex-workplaces. They demanded over-expensive HP servers and subscription to Red Hat. I proved to the CEO (he wasn't a technical guy and the company wasn't into IT) that we can build ourselves much better servers at a fraction of price and use CentOS, or Scientific Linux, or even FreeBSD. I did win and they got fired.

Reply Score: 1

RE: Ok, let's be fair
by Alfman on Sat 5th Nov 2011 19:45 UTC in reply to "Ok, let's be fair"
Alfman Member since:
2011-01-28

twitterfire,

"#1 Microsoft doesn't require secure boot to be enabled by default"

Do you have citation for that? Maybe it's changed, but this isn't what's been reported. Also, we don't know if windows will run without restrictions if it's disabled.

http://mjg59.dreamwidth.org/5850.html?thread=142554
"Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled."


"#2 Microsoft doesn't require OEMs to not provide a way to disable secure boot"

Ok.

"#3 Microsoft is spreading FUD: they don't want secure boot because they care about user's security, they want secure boot because they wrongfully think it will stop piracy"

It's possible microsoft is using it to sell media companies on DRM.


"#4 Even with secure bot, crackers will find a way to circumvent it, in no more than a few days after Windows 8 release"

The secure boot spec itself won't be cracked, just individual implementations. And even then secure boot has far fewer attack vectors than a modern multiuser operating system. It won't necessarily be crackable in software.

I think you agree that secure boot or no, the weakest link in the chain is still windows itself. Secure boot won't fix any of the OS or application level security problems.

"#5 If OEMs doesn't implement a way to disable secure boot, it is their fault, not Microsoft's"

Partly true, but this ignores the potential for dual boot issues, which is entirely in microsoft's hands now. Also remember that Microsoft had involvement in writing the spec which has no regard for keeping owners in control.

Additionally, many of us are uncomfortable with a security feature which will sometimes be locked to windows, and that will be difficult to impossible for users to enable for independent operating systems. This is apparently the biproduct of either a glaring oversight by an incompetent engineering team, or a hidden corporate agenda.

Edited 2011-11-05 19:59 UTC

Reply Score: 2

RE[2]: Ok, let's be fair
by ilovebeer on Sun 6th Nov 2011 03:00 UTC in reply to "RE: Ok, let's be fair"
ilovebeer Member since:
2011-08-08

Additionally, many of us are uncomfortable with a security feature which will sometimes be locked to windows, and that will be difficult to impossible for users to enable for independent operating systems.

If buying a prebuilt system locked to a specific OS is a problem for you, do not buy a prebuilt system locked to a specific OS. You have several alternatives so be smart about your purchase and buy something that suits your needs rather than something that doesn't and then complain about it.

Rocket science? No. Common sense? Yes, and that's what people should be spreading right now,... not unjustified fear based on assumptioned about secure boot.

Edited 2011-11-06 03:02 UTC

Reply Score: 0

RE[3]: Ok, let's be fair
by Alfman on Sun 6th Nov 2011 04:41 UTC in reply to "RE[2]: Ok, let's be fair"
Alfman Member since:
2011-01-28

ilovebeer,

"If buying a prebuilt system locked to a specific OS is a problem for you, do not buy a prebuilt system locked to a specific OS. You have several alternatives so be smart about your purchase and buy something that suits your needs rather than something that doesn't and then complain about it."


I'm sure I've answered this already, but here we go...

Existing knowledgeable linux users will suffer somewhat due to the worsening availability of equipment that works for us, new or used. Keep in mind many linux users also need to use windows, and we don't all care to build our own systems. We probably won't be able to get the scales of economy deals any longer because of these restrictions. I know you don't care about keeping our supplier options open, but that doesn't make the point any less valid, fragmentation will hurt us.

A bigger concern, IMO, is that the vendor locks on new windows machines will severely limit alternate OS adoption by newbies. The reasons for this should be obvious. Saying it's their fault for not knowing any better is ridiculous considering that there was no reason they should have been locked in the first place.


I've already pointed out issues with secure boot that affect windows users as well. I appreciate that you don't care about any of it's problems, and that's ok. But that's not a reason to dismiss the problems for everyone else, we have legitimate reasons to be concerned and seek answers.

Reply Score: 3

RE[4]: Ok, let's be fair
by ilovebeer on Sun 6th Nov 2011 14:56 UTC in reply to "RE[3]: Ok, let's be fair"
ilovebeer Member since:
2011-08-08

Existing knowledgeable linux users will suffer somewhat due to the worsening availability of equipment that works for us, new or used. Keep in mind many linux users also need to use windows, and we don't all care to build our own systems. We probably won't be able to get the scales of economy deals any longer because of these restrictions. I know you don't care about keeping our supplier options open, but that doesn't make the point any less valid, fragmentation will hurt us.
1. It's not Microsoft's responsibility to cater to Linux users wants.

2. The availability of Linux-compatible hardware is absolutely NOT "worsening." - whatever that is supposed to mean to begin with. As a matter of fact, the opposite is true... more and more hardware is supported with each iteration of the Linux kernel alone, not to mention out-of-kernel drivers.

3. If you choose not to buy or build a system that suits your needs, it's your own fault and your own problem. Vendors aren't to blame, Microsoft isn't to blame, just you.

4. Nothing you've said is based in reality, truth, or fact. In other words, you're just trying to spread unjustified FUD.

A bigger concern, IMO, is that the vendor locks on new windows machines will severely limit alternate OS adoption by newbies. The reasons for this should be obvious. Saying it's their fault for not knowing any better is ridiculous considering that there was no reason they should have been locked in the first place.
1. There is absolutely nothing wrong or illegal with Microsoft or system vendors protecting their interests.

2. If a user does not consider their needs and research their options, picking one that best suits those needs, then yes it's absolutely their own fault. What's ridiculous is that you think users have no personal responsibility.

I've already pointed out issues with secure boot that affect windows users as well. I appreciate that you don't care about any of it's problems, and that's ok. But that's not a reason to dismiss the problems for everyone else, we have legitimate reasons to be concerned and seek answers.
1. IF reality becomes "Designed for Windows 8" systems are actually locked to only Windows 8, then the only people who should consider buying those systems are people who intend to use Windows 8. If you insist on buying something doesn't suit your needs, stop the pointless whining and learn to make better decisions.

No matter how hard you try, you simply can not ignore the fact that you have several other options available to you aside of buying "Designed for Windows 8" systems. If the systems turn out not to be suited for your use, DON'T BUY THEM. It's such a basic and simplistic idea that it shouldn't even need to be pointed out.

You're behaving like somebody that buys a circle and complains that it's not a square. Stupidity and/or ignorance doesn't magically make your poor decisions someone elses fault.

Reply Score: 0

RE[5]: Ok, let's be fair
by ichi on Sun 6th Nov 2011 18:52 UTC in reply to "RE[4]: Ok, let's be fair"
ichi Member since:
2007-03-06

No matter how hard you try, you simply can not ignore the fact that you have several other options available to you aside of buying "Designed for Windows 8" systems. If the systems turn out not to be suited for your use, DON'T BUY THEM. It's such a basic and simplistic idea that it shouldn't even need to be pointed out.

You're behaving like somebody that buys a circle and complains that it's not a square. Stupidity and/or ignorance doesn't magically make your poor decisions someone elses fault.


So your point is that instead of asking OEMs to come up with a sane SecureBoot implementation we should suck it up and beg for the crumbs shopping around for the few non Windows8 hardware that we can find.

Will any OEM be selling PCs and laptops without Windows8 in a couple of years?

Reply Score: 2

RE[6]: Ok, let's be fair
by ilovebeer on Mon 7th Nov 2011 00:48 UTC in reply to "RE[5]: Ok, let's be fair"
ilovebeer Member since:
2011-08-08

So your point is that instead of asking OEMs to come up with a sane SecureBoot implementation we should suck it up and beg for the crumbs shopping around for the few non Windows8 hardware that we can find.

Do you actually believe pc hardware is going to magically vanish the moment Windows 8 becomes available? Come on, you can't be serious.

When did secure boot on "Designed for Windows 8" prebuilt systems suddenly turn into the elimination of nearly anything not being the logo? It didn't. The fear mongers and your imagination is getting the better of you because there is not a single shred of evidence or proof that what you've proposed will actually happen. Fearing the rapture doesn't make the rapture come true -- you should be well aware of by now.

Will any OEM be selling PCs and laptops without Windows8 in a couple of years?

Yes, of course. This is not even in question for those of us who know better than to buy into the baseless imaginary BS that anything non-Windows 8 will soon cease to exist.

Reply Score: 1

RE[7]: Ok, let's be fair
by ichi on Mon 7th Nov 2011 10:33 UTC in reply to "RE[6]: Ok, let's be fair"
ichi Member since:
2007-03-06

Do you actually believe pc hardware is going to magically vanish the moment Windows 8 becomes available? Come on, you can't be serious.

When did secure boot on "Designed for Windows 8" prebuilt systems suddenly turn into the elimination of nearly anything not being the logo? It didn't. The fear mongers and your imagination is getting the better of you because there is not a single shred of evidence or proof that what you've proposed will actually happen. Fearing the rapture doesn't make the rapture come true -- you should be well aware of by now.

"Will any OEM be selling PCs and laptops without Windows8 in a couple of years?

Yes, of course. This is not even in question for those of us who know better than to buy into the baseless imaginary BS that anything non-Windows 8 will soon cease to exist.
"

Again, this is not about fear mongering, but about saying to OEMs "see, we might have problems if you implemented SecureBoot in a certain way. Could you do it this other way instead?".

I seriously don't know why people is making such a huge issue of anyone making that request.

Reply Score: 2

RE[5]: Ok, let's be fair
by Alfman on Sun 6th Nov 2011 22:32 UTC in reply to "RE[4]: Ok, let's be fair"
Alfman Member since:
2011-01-28

ilovebeer,

"1. It's not Microsoft's responsibility to cater to Linux users wants."

Overlooking possible anti-trust violations, you're absolutely right, however this simply does not dismiss our concerns.

"2. ... more and more hardware is supported with each iteration of the Linux kernel alone, not to mention out-of-kernel drivers."

Out of the box Linux compatibility is a strength... But 1) this isn't just about linux, 2) how does this justify locking down the keys to favor microsoft?


"3. If you choose not to buy or build a system that suits your needs, it's your own fault and your own problem. Vendors aren't to blame, Microsoft isn't to blame, just you."

This only holds if the restrictions are made clear at the point of sale. My point about fragmentation of the alternative OS ecosystem still holds. And in any case it still doesn't justify secure boot being designed to lock out the owner's control over keys.

"4. Nothing you've said is based in reality, truth, or fact. In other words, you're just trying to spread unjustified FUD."

I'm asking questions like everyone else because I am concerned about the migration to closed computing. Please quote specifically what you believe to be unjustified FUD. If you don't have the answers either, then why do you seek to dismiss my questions?

"1. There is absolutely nothing wrong or illegal with Microsoft or system vendors protecting their interests."

You can say that about any business with questionable ethics, however it doesn't answer our questions nor does it ameliorate our concerns. Even assuming these restrictions are entirely legal, it does not absolve them of public criticism.

"2. If a user does not consider their needs and research their options, picking one that best suits those needs, then yes it's absolutely their own fault. What's ridiculous is that you think users have no personal responsibility."

Like I said, you can blame the user as much as you like, but you can't deny that it is anti-competitive and potentially kills off one of the primary modes of adoption for alternate operating systems. Therefor it is a legitimate concern.


"...the fact that you have several other options available to you aside of buying 'Designed for Windows 8' systems. If the systems turn out not to be suited for your use, DON'T BUY THEM."

Again, even if you are right, it doesn't answer our questions and it doesn't dismiss our concerns at all. The secure boot spec still deserves criticism for being anti-competitive. As much as you want to see this through microsoft goggles, this is bigger than them. It's about recognizing that consumers benefit from open computing, and recognizing that incremental attempts to lock us out of our own machines have detrimental cumulative long term consequences, regardless of who instigates it.

Edited 2011-11-06 22:44 UTC

Reply Score: 2

RE[6]: Ok, let's be fair
by ilovebeer on Mon 7th Nov 2011 01:36 UTC in reply to "RE[5]: Ok, let's be fair"
ilovebeer Member since:
2011-08-08

Overlooking possible anti-trust violations, you're absolutely right, however this simply does not dismiss our concerns.

We don't know what the secure boot facts are yet and therefore no anti-trust issues are in play. Regardless, it's the OEM who will decide how secure boot behaves, not Microsoft.

how does this justify locking down the keys to favor microsoft?

This is not fact, it's baseless speculation. Until the facts are presented, be cautious how much you let your mind wander.

This only holds if the restrictions are made clear at the point of sale. My point about fragmentation of the alternative OS ecosystem still holds. And in any case it still doesn't justify secure boot being designed to lock out the owner's control over keys.

I absolutely believe any such restrictions should be made clear at the point of sale. Regardless, key management restrictions don't need to be justified. IF it turns out owners won't have control of this, so what. The user is buying a prebuilt system with a specific design and intent. If that's not in agreement with the users needs, the user should not buy the system. You can't escape this simple fact.

I'm asking questions like everyone else because I am concerned about the migration to closed computing. Please quote specifically what you believe to be unjustified FUD. If you don't have the answers either, then why do you seek to dismiss my questions?

I have no problem with people asking questions. However, those questions should at least be based in reality with factual supporting evidence so the questions have some sort of valid basis. To make baseless wild accusations is reckless at best. It serves only to spread fear, not focus on real world world issues.

You can say that about any business with questionable ethics, however it doesn't answer our questions nor does it ameliorate our concerns. Even assuming these restrictions are entirely legal, it does not absolve them of public criticism.

Again, your questions thus far have had no basis in reality. They're the product of imagination, nothing more. You can dream up as many nightmare scenarios as you like but you can't expect anyone to take them seriously if you can't provide any actual evidence there's real world concern.

As far as criticism, ... Yeah, go for it, no problem there. As long as you understand the difference between an opinion and making baseless accusations.

Like I said, you can blame the user as much as you like, but you can't deny that it is anti-competitive and potentially kills off one of the primary modes of adoption for alternate operating systems. Therefor it is a legitimate concern.

It is not Microsoft's job, nor the OEM's job, to provide Linux migration paths. OEM's opting to add "Designed for Windows 8" systems to their product offerings does not take away the users ability to purchase or build a non-"Designed for Windows 8" system. Choice has not, is not, and will not be removed from the equation.

Again, even if you are right, it doesn't answer our questions and it doesn't dismiss our concerns at all. The secure boot spec still deserves criticism for being anti-competitive. As much as you want to see this through microsoft goggles, this is bigger than them. It's about recognizing that consumers benefit from open computing, and recognizing that incremental attempts to lock us out of our own machines have detrimental cumulative long term consequences, regardless of who instigates it.

Concerns are fine but for them to be taken seriously they should have a basis in reality. Yet again, something your concerns don't have.

I agree, a secure boot spec should be thoroughly reviewed and criticized. And you should accurately address those who are actually implementing it, which is not Microsoft.

I don't wear Microsoft google... I simply don't share your not-based-in-reality paranoia. I focus my attention on fact while you focus your attention on whatever your imagination has conjured up. I want to talk about things that actually exist, and you want to talk about things that don't exist. The only way we'll see eye-to-eye is if your fantasy becomes reality, or you just come back to reality.

Reply Score: 1

RE[7]: Ok, let's be fair
by Alfman on Mon 7th Nov 2011 05:57 UTC in reply to "RE[6]: Ok, let's be fair"
Alfman Member since:
2011-01-28

ilovebeer,

You're still avoiding all of the questions. You say we shouldn't speculate over what hasn't happened yet, but that just reaffirms my point that these things are open questions. Also, regardless of how things play out, it is completely reasonable to criticize the spec today for excluding the owner from the chain of trust.

Even for OEMs that do want to allow owners to have control, there will be no universal mechanism for owners to load platform keys, since it's absent from the spec. This creates administrative problems for enterprises who prefer to manage their own keys.

On the topic of whether many OEMs will implement owner key controls outside the scope of the spec, that's undetermined. Sure, we could wait-and-see, and then complain afterwards - but that's not a favorable outcome. My opinion is that we should try to put public pressure on them right now before they ship.

Reply Score: 2

RE: Ok, let's be fair
by Mellin on Sun 6th Nov 2011 09:02 UTC in reply to "Ok, let's be fair"
Mellin Member since:
2005-07-06

How do you build a laptop ?

Reply Score: 4

How do you go about...
by Dr.Mabuse on Mon 7th Nov 2011 03:24 UTC
Dr.Mabuse
Member since:
2009-05-19

...Running a rescue disc/usb key?

Something like this:

Go into BIOS, *disable* Secure Boot, reboot, boot on disc/USB key (do what you have to do) ... reboot, go into BIOS, *re-enable* Secure Boot, reboot, boot Windows 8.

I guess it's not horrible, but it's hardly elegant.

Any word on being able to add your own authorised boot-sectors to the system?

Reply Score: 1