Linked by Elv13 on Sun 17th Jun 2012 10:35 UTC
"The UEFI secure boot mechanism has been the source of a great deal of concern in the free software community, and for good reason: it could easily be a mechanism by which we lose control over our own systems. Recently, Red Hat's Matthew Garrett described how the Fedora distribution planned to handle secure boot in the Fedora 18 release. That posting has inspired a great deal of concern and criticism, though, arguably, about the wrong things."
Thread beginning with comment 522492
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
RE: About time for more secure OS's
by the_trapper on Sun 17th Jun 2012 16:37
in reply to "About time for more secure OS's"
Member since:2005-07-07
This isn't about getting things for free, or about making Windows more secure, it's about Microsoft making yet another anti-competitive move. Look at their entire history and if you honestly think that this is all about computer bootloader security, I've got a bridge to sell you. Bootsector viruses are almost a non-issue today. Maybe back in the sneaker-net days of the late eighties and early nineties where floppy-disk boot sector viruses were a huge problem, something like this would've been very helpful. However, today, if you encounter a virus that can attach itself to your boot process, it can also attach itself to other software much higher up the stack with just as much utility to an attacker.
What makes more sense to you, that they are locking the bootloaders to protect against an almost non-existent security threat, or that they are finally so terrified of competition with Linux and Android that they are trying to lock them out?
RE[2]: About time for more secure OS's
by ephracis on Sun 17th Jun 2012 20:56
in reply to "RE: About time for more secure OS's"
Member since:2007-09-23
RE[2]: About time for more secure OS's
by lucas_maximus on Sun 17th Jun 2012 21:33
in reply to "RE: About time for more secure OS's"
Member since:2009-08-18
RE: About time for more secure OS's
by justsayin on Mon 18th Jun 2012 01:16
in reply to "About time for more secure OS's"
Member since:2012-06-18
The free community doesn't always need to get what they want for free. MS and other companies do pay real people to have real jobs and have real lives. For years everyone has claimed that MS get more secure. When they do it they get hammered. If opensourced people want to they can re-write an openbios and one could load it.
The solution is to fix it not to cry about it. An openbios that can be locked is a solution.
The real solution is what DEC used to have. A write protect switch on the drive. We never had any issue with them as long as no one pressed that button.
The solution is to fix it not to cry about it. An openbios that can be locked is a solution.
The real solution is what DEC used to have. A write protect switch on the drive. We never had any issue with them as long as no one pressed that button.
I registered an account just to reply to your comment. The "Free" in "Free Software" stands for "Freedom", not price. It's not about getting what we want or don't want without paying any money. It's about not enjoying freedoms over the computing device we own.
You should take a look at https://www.fsf.org/campaigns/secure-boot-vs-restricted-boot to see why there's this campaign from the free software community against secure boot.
RE[2]: About time for more secure OS's
by lucas_maximus on Mon 18th Jun 2012 12:53
in reply to "RE: About time for more secure OS's"
Member since:2009-08-18
RE[2]: About time for more secure OS's
by jefro on Mon 18th Jun 2012 17:04
in reply to "RE: About time for more secure OS's"
Member since:2007-04-13
Why can't anyone fix an issue? Instead it is easier to cry foul.
"
The solution is to fix it not to cry about it. An openbios that can be locked is a solution.
"
So get off your silly notions about what free is and either pay to get a fix or have someone or yourself fix the issue.
The issue is around us every day. Only task a 9 year old to know about rootkits, virus's and malware. Every major OS company knows how dangerous the whole issue it. They can't simply not rely on software to fix the problem. We as in both MS and other OS users need to have more secure systems.
There is NO FREEDOM while under the threat of hackers. That is not free to me at all. My credit, my personal medical history, my entire life now resides on computers that are subject to attack. Sure if you are a 24 YO that doesn't have any money or job you many not care but I do.
Get secure to quit talking.
RE: About time for more secure OS's
by WereCatf on Mon 18th Jun 2012 02:04
in reply to "About time for more secure OS's"
Member since:2006-02-15
The free community doesn't always need to get what they want for free. MS and other companies do pay real people to have real jobs and have real lives. For years everyone has claimed that MS get more secure. When they do it they get hammered. If opensourced people want to they can re-write an openbios and one could load it.
Way to misunderstand everything. I wonder which rock you've been living under.
You see, SecureBoot is controlled by a single entity with absolute power over it, there is no standardized way of creating keys when needed and no design committee to oversee its development. Since it is controlled by a single entity Microsoft can simply refuse to accept requests for keys on a whim. This is a clearly anti-competitive move designed to make using non-Windows operating systems much more difficult.
There is nothing wrong per se in trying to protect a system against boot sector viruses, but it should be made in such a way that there is a documented path for creating new keys via some form of a standards body consisting of multiple entities, and there should similarly be a clearly documented standardized way of disabling SecureBoot. Why a standards body then, you ask? Well, so that multiple entities can strutinize the proposals, to point out flaws and possible improvements that a single entity managing it would possibly miss, and to ensure cross-platform compatibility and end-user benefit.
The solution is to fix it not to cry about it. An openbios that can be locked is a solution.
No, it is not. You cannot e.g. expect IT personnel to install Openbios on every single device they may have to fix.
The real solution is what DEC used to have. A write protect switch on the drive. We never had any issue with them as long as no one pressed that button.
How would that protect against boot-sector viruses? If the write switch is off then it protects against no viruses, and if it is on the whole disk can only be used for reading stuff, ie. it would be inherently useless, ergo everyone would just keep it switched off -> no protection.
RE: About time for more secure OS's
by quackalist on Mon 18th Jun 2012 02:25
in reply to "About time for more secure OS's"
Member since:2007-08-27
RE: About time for more secure OS's
by Soulbender on Mon 18th Jun 2012 03:31
in reply to "About time for more secure OS's"
Member since:2005-08-18
Except secure boot doesn't solve any real security problem. It's obviously just a move by MS to stifle current and future competition.
MS and other companies do pay real people to have real jobs and have real lives.
WHY WON"T SOMEONE THINK OF THE CHILDREN...errr...JOBS?!?!
Edited 2012-06-18 03:31 UTC
RE: About time for more secure OS's
by gilboa on Mon 18th Jun 2012 10:16
in reply to "About time for more secure OS's"
Member since:2005-07-06
MS and other companies do pay real people to have real jobs and have real lives.
I wonder if I should tag this comment:
-1 irrelevant.
-1 incorrect.
-1 troll.
What the **** does a locked boot loader with no user-controlled off switch (E.g. on ARM) have to do with MS' paying real money to their employees?
Newsflash! There are number [1] of [2] multi-billion [3] companies [4] that use / contribute to [5] open [6] source [7], and Gee, they, too, have real employees earning real paychecks.
(And trust me, this list is *very* partial)
- Gilboa
[1] http://finance.yahoo.com/q?s=ibm&ql=1
[2] http://finance.yahoo.com/q?s=GOOG
[3] http://finance.yahoo.com/q?s=INTC
[4] http://finance.yahoo.com/q?s=ORCL
[5] http://finance.yahoo.com/q?s=SSNLF
[6] http://finance.yahoo.com/q?s=VMW
[7] http://finance.yahoo.com/q?s=RHT&ql=0
Edited 2012-06-18 10:20 UTC
Features
Linked by Thom Holwerda on 05/24/13 17:26 UTC
So, the Xbox One disaster continues. Microsoft's policy for dealing with the used games market has reportedly leaked - and it's a clear and direct attack to destroy the used games market. Prices for used games will be set at the retail value of a new game, and retailers have to hook into Microsoft's computer systems and comply with Microsoft's terms and conditions.
Linked by Thom Holwerda on 05/21/13 21:38 UTC
At an event earlier today, Microsoft unveiled the next Xbox - the third model, but confusingly named Xbox One. The big focus was TV, integrated Kinect, and all the other stuff we all expected to be forced down our throats. I think it took them 25 minutes to actually come to what should be the core of the story: gaming. Nothing groundbreaking in the gaming department, except for how Microsoft intends to handle the used games market and borrowing games from friends: pay up, buddy!
Linked by Thom Holwerda on 05/20/13 11:29 UTC
The day has finally come! Jolla has finally announced the launch device for its Sailfish operating system - and by god this is a looker. It's decidedly different from other phones out there, but it has good specifications and carries a relatively reasonably price tag - EUR 399, and it's up for pre-order today, shipping in the fourth quarter of this year.
Linked by Thom Holwerda on 05/18/13 21:33 UTC
Why does Google get so much credit in the technology industry? Why, despite the company's many obvious failings, do many geeks and enthusiasts still hold a somewhat positive view on the all-knowing technology giant? A specific talk at Google I/O this week provides the answer.
Linked by David Adams on 05/16/13 4:23 UTC
OSNews is a sponsor of this year's O'Reilly OSCON in Portland, Oregon, USA. A lucky OSNews reader will win a free three-day pass, including two tutorials days. To win the pass, post a comment on this story saying something about Open Source Software or OSCON. We'll pick a winner at random next week. If you don't have an OSNews account, you may email us your entry. Part of the conference is the 9th annual Open Source Awards, and today the 16th is the deadline for nominations. If you'd like to nominate an outstanding open source contributor, do it here. Read on for more information about OSCON. Update: The 20% discount code for OSNews readers is "OSN."
Linked by Thom Holwerda on 05/11/13 21:41 UTC
"Windows is indeed slower than other operating systems in many scenarios, and the gap is worsening." That's one way to start an insider explanation of why Windows' performance isn't up to snuff. Written by someone who actually contributes code to the Windows NT kernel, the comment on Hacker News, later deleted but reposted with permission on Marc Bevand's blog, paints a very dreary picture of the state of Windows development. The root issue? Think of how Linux is developed, and you'll know the answer.
Linked by Thom Holwerda on 05/08/13 14:22 UTC
This is one of those news items that's fun to write, fun to read, fun to comment on, and where no one will be able to say anything unkind. It's all just one big ball of awesome fluffiness. TuneTracker, the BeOS radio automation software, has just released something very special: TuneTracker System 5, the first version designed entirely and specifically for Haiku. In fact, it actually includes Haiku in the software package. Better yet, TuneTracker also unveiled several system-in-a-box products - which have Haiku and TuneTracker pre-installed.
Linked by Thom Holwerda on 05/02/13 15:28 UTC
Exactly twenty years ago, a document was published that played a huge role in establishing the web as we know it today. Twenty years later, and this simple and straightforward document is proof of an irrefutable fact: while closed technologies can change markets, open technologies can change the world.
Linked by Thom Holwerda on 04/29/13 21:06 UTC
Oh multitasking. That staple of computing that got thrown out the window with many modern smartphones. We got some rudimentary thing in its place - but even as multitasking on phone and tablets improves, its user-visible side remains cumbersome. Windows 8 has a neat implementation, and now it's time Android follows in it footsteps.
Linked by Thom Holwerda on 04/24/13 22:24 UTC
They're here! Whether that excites you or not remains to be seen, but the Galaxy S4, which will most likely become the best selling Android smartphone of the year by a huge margin, has been reviewed by all the major sites, and there's lots of interesting conclusions in there - although I think most of you will get the gist.More Features »
Sponsored Links
Member since:
2007-04-13
The free community doesn't always need to get what they want for free. MS and other companies do pay real people to have real jobs and have real lives. For years everyone has claimed that MS get more secure. When they do it they get hammered. If opensourced people want to they can re-write an openbios and one could load it.
The solution is to fix it not to cry about it. An openbios that can be locked is a solution.
The real solution is what DEC used to have. A write protect switch on the drive. We never had any issue with them as long as no one pressed that button.