Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ubuntu Can't Trust FSF's Secure Boot Solution

Soulskill posted more than 2 years ago | from the dem's-fightin'-woids dept.

Ubuntu 377

sfcrazy writes "The Free Software Foundation recently published a whitepaper criticizing Ubuntu's move to drop Grub 2 in order to support Microsoft's UEFI Secure Boot. The FSF also recommended that Ubuntu should reconsider their decision. Ubuntu's charismatic chief, Mark Shuttleworth, has responded to the situation during an interview, and explained the reason they won't change their stand on dropping Grub 2 from Ubuntu. Shuttleworth said, 'The SFLC advice to us was that the FSF could require key disclosure if some OEM screwed up. As nice as it is that someone at the FSF says they would not, we have to plan for a world where leaders change and institutional priorities change. The FSF wrote a licence that would give them the rights to take specific actions, and it's hard for them to argue they never would!'"

cancel ×

377 comments

Sorry! There are no comments related to the filter you selected.

Ubuntu understands users (-1, Troll)

Serious Sandwich (2678177) | more than 2 years ago | (#40564735)

While FSF just tries to fight their ideological war, Ubuntu takes less hard road and understands why Microsoft needs to employ secure boot. Good for them, and better for Linux.

Re:Ubuntu understands users (4, Insightful)

0123456 (636235) | more than 2 years ago | (#40564759)

Until Windows 9 requires that Secure Boot can't be turned off and you can't install new keys if you want to ship with a 'Windows compatible' sticker.

FSF may be fruitcakes at times, but on this they're correct. 'Secure Boot' should have been named 'Windows lockin'.

Re:Ubuntu understands users (-1, Troll)

Serious Sandwich (2678177) | more than 2 years ago | (#40564815)

Secure Boot is very much required security feature. It will lock out malware that hides rootkits in boot sector. That's a very good thing. It's also optional, so you can always install Linux. Hell, both Linux and OS X do this already.

Mandatory Warning. (5, Informative)

Anonymous Coward | more than 2 years ago | (#40564875)

Serious Sandwich, aka Bonch, Sharklaser, Tech* etc is one of a number of sockpuppet accounts established and maintained by Burson Marsteller on behalf of Microsoft.

Their presence in this discussion means comments and moderation will be slanted to emphasize their client's viewpoint.

Treat all commenters in this discussion with suspicion and derision. Do not post or reply to posts yourself.

Re:Mandatory Warning. (-1, Offtopic)

Anonymous Coward | more than 2 years ago | (#40564953)

Your comment, while interesting, is difficult to verify objectively, and would be more credible had you not posted anonymously.

I am posting anonymously because my comment is logically self-evident, and I am moderating in this discussion.

Re:Mandatory Warning. (1, Offtopic)

rickb928 (945187) | more than 2 years ago | (#40565217)

"and I am moderating in this discussion"

Oh, so you're circumventing the system.

Another reason to crush ACs and cast them out. Posting as AC to be able to moderate your comments is pus. May you burn.

SECURE BOOT IS A FRAUD (4, Insightful)

Jeremiah Cornelius (137) | more than 2 years ago | (#40565411)

Ask yourself, what percentage of a system's time and lifecycle are spent in boot? What percentage of the binary runtime image is loaded in this process?

"Secure boot" is FAKE SECURITY whose ACTUAL risk is GREATER than its SUPPOSED benefit. Lock boot images, and the real security problems for persisting on a host and hiding activity will only move to the next rung on this ladder.

The only thing "Secured" is vendor lock-in.

Sure, you can detect a compromised kernel at boottime. That is a FRACTIONAL coutermeasure, to actual risk. EVERY driver and ring-0 loadable module needs also to be signed. It's bullsht, in the real computing world - unless you have an XBox or iPad model.

Re:Mandatory Warning. (-1)

Anonymous Coward | more than 2 years ago | (#40565335)

I am posting anonymously because my comment is logically self-evident, and I am moderating in this discussion.

"I have MY reasons, and they're valid. You, on the other hand, pffft. You couldn't have your own reasons and without knowing them I already know they are invalid."

Parent post is twitter (0)

Anonymous Coward | more than 2 years ago | (#40565029)

AKA Drinkypoo, erris, mactrope, etc. on behalf of the communist website Techrights AKA Boycott Novell.

Re:Mandatory Warning. (1)

Richard_at_work (517087) | more than 2 years ago | (#40565077)

Do you offer any proof of your claims? Or are we just going on accusations these days?

Re:Mandatory Warning. (0)

Anonymous Coward | more than 2 years ago | (#40565175)

Why because he says something you dont like? Not for nothing having dealt with enough friends who did have rootkits in their boot sector I can see a real need for it as a security feature. And like he pointed out Apple has been doing this for years now and I have no problems booting to Ubuntu or Windows 7

Re:Mandatory Warning. (2)

rickb928 (945187) | more than 2 years ago | (#40565199)

"Treat all commenters in this discussion with suspicion and derision."

Suspicion is the norm around here. Derision is the default action of many/most.

I can't hardly tell the difference between the misinformed, ignorant, or paid/unpaid shills. So I end up considering the content of comments. Radical and time consuming, but hey, what else do I have to do?

Re:Mandatory Warning. (4, Informative)

Anonymous Coward | more than 2 years ago | (#40565243)

Well, whoever he is he's factually wrong.

UEFI booting has absolutely nothing to do with boot sectors. Secure boot is part of (A superset of?) UEFI booting. A system doing a UEFI neither needs, looks for, nor cares about the boot sector.

Boot sectors are part of the old, old, old legacy boot method where you had to chain larger and larger bits of code to jump the CPU in to its newer, more powerful modes. More or less, the sytem starts in a mode so dumb it can only run a few bytes of code. It can't read or interperate filesystems. It cant jump in to a modern 32 or 64bit kernel I can't do anything but read very simple code from a fixed location. This location is the boot sector, and it's always sector 0. This code calls a larger boot loader, then a larger one, then eventually reaches a point where it can start up a modern operating system.

UEFI is actually a tiny OS that can read partitions/filesystems directly and can call a modern UEFI compatable boot loader directly. Now, not to say you can't subvert your modern UEFI bootloader. (Thats what secure boot is all about) But it certianly has nothing to do with boot sectors.

Re:Mandatory Warning. (1)

jockm (233372) | more than 2 years ago | (#40565403)

Proof? It is hard to take this claim seriously when you provide no proof and post as an AC. I am not saying you aren't right, I am just saying that you are making an assertion with no way to know who you are or verify what you are saying...

Re:Ubuntu understands users (0)

Anonymous Coward | more than 2 years ago | (#40564879)

Required by whom? Vendors or YOU?

Keep secure keys at the OWNER level, and that owner is NOT Microsoft, if is YOU. Maybe you forgotten yoru place and became a mushroom.

Re:Ubuntu understands users (3, Informative)

Jean Taureau (2195790) | more than 2 years ago | (#40564943)

It's also optional

Unless you're on ARM, in which case it won't be, so no, it's not always optional.

Re:Ubuntu understands users (0)

Anonymous Coward | more than 2 years ago | (#40565121)

Whether Secure Boot is optional or not doesn't really matter. What matters is who can set the keys that the BIOS will use to check the boot loader. If you can't turn Secure Boot off and there is no way to change keys or add keys, then there's reason to complain. Otherwise there is not. If the first iteration of Secure Boot allows you to run your own software, then it's not a hostile feature. If a board doesn't allow you to change the keys, now or in the future, THEN don't buy that (and do complain to the manufacturer). If used right, Secure Boot can be beneficial. Let's not throw the baby out with the bathwater, mkay?

Re:Ubuntu understands users (0)

Anonymous Coward | more than 2 years ago | (#40564983)

I can only think of one modern OS family that regularly gets viruses/malware that hide in the boot sector. Care to name the OS I'm thinking of? Hint: Starts with "W".

Bonus points if you can think of the historical and no longer published OS that got viruses in its boot sector. Hint: It is made by the same company as the above OS.

Re:Ubuntu understands users (5, Interesting)

jmorris42 (1458) | more than 2 years ago | (#40564987)

> Secure Boot is very much required security feature. It will lock out malware that hides rootkits in boot sector. That's a very good thing.

Somebody with more crypto knowhow, please put me some knowledge on here. Because I'm not seeing it that way. Secure boot will work wonders to ensure Hollywierd and Microsoft that their hardware isn't doing something nasty like letting the guy who put money on the counter and thinks they own it (how funny!) run something of their choosing. What I don't see is how it really protects the user from malware.

The security only runs one way. Once somebody can subvert the boot process in any way (and show me ONE device that hasn't been rooted) all malware need do is what it has always been doing. Take over the boot. Then IT checks the sig on Windows and tells it that "I'm the bootloader, you can trust me." and there isn't a 100% sure way to verify backwards. We all know most vendors will still be flashing the BIOS/UEFI from Windows because anything else will be too much hassle for the end users. They will pretty much have to do it to get key revocation lists. Oh yea they talk now about secure pathways through secured supervisor modes but we know that if it is running Windows nothing on that CPU is really and truly secure. And wait until the motherboard makers start encheapening the system. Remember when a physical write protect jumper was standard to protect flash BIOS? And a ROM portion with an emergency rescue reflash util? When was the last time you saw any of those protective measures on sonsumer equipment?

> It's also optional, so you can always install Linux.

On x86, for now.

Re:Ubuntu understands users (0)

Anonymous Coward | more than 2 years ago | (#40565211)

In fact, the security on Texas Instrument's ARM CPUs (very popular in tablets) hasn't been broken. The Playbook tablet from RIM hasn't been broken yet. The B&N tablet, also based on TI's CPU, did had its bootloader cracked, but that was due to badly written bootloader (implementation), not a fault in the secure hardware. So there are ways to secure the hardware and boot process that are basically unbreakable.

The point is, it isn't really secure if *YOU* don't hold the keys. What corporation or government to you want to trust with your private data? Your habits and whereabouts? Your most private thoughts? Probably best if the owner of the device owns the keys to the device. But I think there are major forces out there that don't want that to happen.

Re:Ubuntu understands users (1, Informative)

KingMotley (944240) | more than 2 years ago | (#40565279)

The security only runs one way. Once somebody can subvert the boot process in any way (and show me ONE device that hasn't been rooted) all malware need do is what it has always been doing. Take over the boot.

That is correct. Which is why the UEFI/BIOS needs to be able to be secure. It does this in a number of ways, one of which is secure boot, which verifies the executable that it passes control to after initialization is one that has been untampered with. This prevents any malware from trying to infect the system that can get control before the OS itself does.

Then IT checks the sig on Windows and tells it that "I'm the bootloader, you can trust me." and there isn't a 100% sure way to verify backwards.

You have the process backwards. UEFI/BIOS doesn't tell the bootloader that it can trust the UEFI/BIOS. The UEFI/BIOS checks and verifies the boot loader to make sure it's untampered with before handing off control to it. The trust the other way is implied/assumed.

We all know most vendors will still be flashing the BIOS/UEFI from Windows because anything else will be too much hassle for the end users.

It's pretty easy for UEFI makers to include the process to update itself within itself. If you don't have the know how to boot to your UEFI menu, then you really shouldn't be updating your UEFI/BIOS anyway. Really, it's not that difficult. Most are graphical, and pretty simple.

They will pretty much have to do it to get key revocation lists. Oh yea they talk now about secure pathways through secured supervisor modes but we know that if it is running Windows nothing on that CPU is really and truly secure.

I'm not sure why they would need a revocation list. There is a handful of keys and they won't ever be revoked. You can add keys (or remove them I suppose), but the list of signatures of untampered boot loaders shouldn't need to ever be revoked. Even in the case that such a process does need to be put into place, that would either have to be done through the UEFI/BIOS subsystem itself, or verified by the UEFI/BIOS system before commiting it.

And wait until the motherboard makers start encheapening the system. Remember when a physical write protect jumper was standard to protect flash BIOS? And a ROM portion with an emergency rescue reflash util? When was the last time you saw any of those protective measures on sonsumer equipment?

And you get what you pay for sometimes. Nothing stopping $.02 manufacturers from shipping UEFI/BIOSes preinfected either. Just because a solution doesn't solve the entire worlds problems shouldn't mean you don't implement it. This is a solution to one problem that simply put, can't be solved any other way. It's a good solution, but it doesn't turn smog infested, violence prone, poor cities into gleaming bastions of godlyness either.

Re:Ubuntu understands users (1)

TheGratefulNet (143330) | more than 2 years ago | (#40565401)

fwiw, just last week I bought an intel n2800 mobo and it allowed bios flash 'f7' from a regular fat formated usb drive. not even bootable! pure fat16 blank non-system usb drive, copy the .BIO file there, hit f7 and do an upgrade. worked fine.

this was not a secure system but requiring windows for upgrades of bios is not the norm anymore. I've seen quite a few 'boot from cdrom' style bios upgrades, too. and on the cdrom? syslinux! ;)

Re:Ubuntu understands users (5, Insightful)

Anonymous Coward | more than 2 years ago | (#40565031)

Everyone knows the Free Software Foundation cannot be trusted, but Microsoft can.

I just got back from vacation...did the universe invert while I was away?

Re:Ubuntu understands users (2)

jawtheshark (198669) | more than 2 years ago | (#40564787)

Ubuntu [..] understands why Microsoft needs to employ secure boot

I don't understand why Microsoft requires secure boot. Care to explain?

I mean the boot sector "virus"/"malware" thing is highly overrated. I've never seen one in the wild. The situation as is was just fine.

Re:Ubuntu understands users (5, Insightful)

SuricouRaven (1897204) | more than 2 years ago | (#40564825)

Because:
1. Once the technology is deployed, it requires only altering one line of a contract to kill linux on the desktop.
2. Because being able to ensure the OS hasn't been tampered with by the hardware owner is vital for any attempt to make effective DRM schemes.

Re:Ubuntu understands users (1)

jawtheshark (198669) | more than 2 years ago | (#40564863)

I mean reasons that benefit the user... I thought I made clear that I understood the nefarious uses.

Re:Ubuntu understands users (4, Insightful)

betterunixthanunix (980855) | more than 2 years ago | (#40564971)

I mean reasons that benefit the user

That never enters the picture; users, in this model, are nothing more than an exploitable resource, a source of revenue for the corporate overlords.

Re:Ubuntu understands users (1)

jawtheshark (198669) | more than 2 years ago | (#40565099)

Worst thing is that with the current userbase, who is mostly ignorant, they might get what they want.

Re:Ubuntu understands users (1)

Marillion (33728) | more than 2 years ago | (#40565127)

So true. After all, drug dealers and computer companies both refer to their customer base as "Users."

Re:Ubuntu understands users (1)

residieu (577863) | more than 2 years ago | (#40565089)

You asked why Microsoft requires secure boot, not why Microsoft's users require it.

Re:Ubuntu understands users (1)

jawtheshark (198669) | more than 2 years ago | (#40565123)

Good point... Guess, the tone of my post didn't come over well...

Re:Ubuntu understands users (5, Insightful)

Anonymous Coward | more than 2 years ago | (#40565363)

If I don't have the keys to my computer, it's not mine.
RMS's The Right to Read [gnu.org] looks less and less paranoid all the time.

Re:Ubuntu understands users (4, Interesting)

betterunixthanunix (980855) | more than 2 years ago | (#40564955)

I don't understand why Microsoft requires secure boot. Care to explain?

Here is but one example: the market for video games is billions of dollars, and while a lot of that money is in consoles and phones, there is still plenty in PC games. The problem is that on my PC, I can modify the game in arbitrary ways -- I can remove a license check, I can cheat (BIG problem in MMOs), etc. The reason I can do this is that the OS has no good way to stop me -- even if Windows tried to prevent me from running unsigned code, I can run a program before Windows even boots up to get around that restriction.

Thus restricted boot environments become a necessity for Microsoft to turn Windows into a DRM-friendly platform. DRM on PCs is not dead, it was just on vacation while the big players worked on a way to sneak in restricted boot environments. No more grabbing secret keys out of running processes, no more replacing WoW DLLs to cheat, no more patching software to evade license checks. That's why Microsoft requires this.

That is also why we need to fight back against this.

Re:Ubuntu understands users (1)

jawtheshark (198669) | more than 2 years ago | (#40564991)

As I said to the other person telling me similar things. I assumed that I was clear that I understood the nefarious uses. So, what's in for the users? I can tell you: nothing...

In a sense, my question required no answer... I know the answers already.

Re:Ubuntu understands users (1)

phantomfive (622387) | more than 2 years ago | (#40565337)

So, what's in for the users?

Same thing you get on iOS, and some Android devices.....a walled garden. Unfortunately, some people prefer that. It makes me sad.

Re:Ubuntu understands users (1)

Baloroth (2370816) | more than 2 years ago | (#40565063)

Thus restricted boot environments become a necessity for Microsoft to turn Windows into a DRM-friendly platform. DRM on PCs is not dead, it was just on vacation while the big players worked on a way to sneak in restricted boot environments. No more grabbing secret keys out of running processes, no more replacing WoW DLLs to cheat, no more patching software to evade license checks. That's why Microsoft requires this.

That is also why we need to fight back against this.

And why I am hoping Steam's Linux initiative is both more than a rumor, and successful. Even if they don't get AAA titles, indie games can still appear on Linux, and the big game studios seem to have forgotten one little thing: they were once small studios, making what are now considered indie games. And that was considered the golden age of gaming.

Oh, and even DRM from boot will never work, not completely. Just ask Sony or MS how well that turned out, and they controlled every aspect of the hardware and software.

Re:Ubuntu understands users (2)

betterunixthanunix (980855) | more than 2 years ago | (#40565167)

Just ask Sony or MS how well that turned out

Keep in mind that it took four years to break the PS3 DRM, and even now the majority of PS3 owners are not in a position to jailbreak their devices.

Re:Ubuntu understands users (4, Interesting)

spire3661 (1038968) | more than 2 years ago | (#40565347)

Most of the people in the scene will tell you that the PS3 wasnt cracked for 4 years because the truly skilled people that crack this stuff were being hands off about it. Once Sony went into full on evil mode, all bets were off.

Re:Ubuntu understands users (1)

blue_teeth (83171) | more than 2 years ago | (#40565257)

Does this mean, it is good time to buy and stock non-UEFI mainboards?

Re:Ubuntu understands users (1, Informative)

recoiledsnake (879048) | more than 2 years ago | (#40565349)

> Restricted boot environments are about DRM, not about securing the system from malware

Really? Here are some references about boot malware which UEFI secure boot can prevent.

http://www.chmag.in/article/sep2011/rootkits-are-back-boot-infection [chmag.in]

http://www.theregister.co.uk/2010/11/16/tdl_rootkit_does_64_bit_windows/ [theregister.co.uk]

http://www.computerworld.com/s/article/9217953/Rootkit_infection_requires_Windows_reinstall_says_Microsoft [computerworld.com]

TDL4 is the most recent high tech and widely spread member of the TDSS family rootkit, targeting x64 operating systems too such as Windows Vista and Windows 7. One of the most striking features of TDL4 is that it is able to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and 7) and perform kernel-mode hooks with kernel-mode patch protection policy enabled.

When the driver is loaded into kernel-mode address space it overwrites the MBR (Master Boot Record) of the disk by sending SRB (SCSI Request Block) packets directly to the miniport device object, then it initializes its hidden file system. The bootkit’s modules are written into the hidden file system from the dropper.

The TDL4 bootkit controls two areas of the hard drive one is the MBR and other is the hidden file system created at the time of malware deployment. When any application reads the MBR, the bootkit changes data and returns the contents of the clean MBR i.e. prior to the infection, and also it takes care of Infected MBR by protecting it from overwriting.

The hidden file system with the malicious components also gets protected by the bootkit. So if any application is making an attempt to read sectors of the hard disk where the hidden file system is stored, It will return zeroed buffer instead of the original data.

The bootkit contains code that performs additional checks to prevent the malware from the cleanup. At every start of the system TDL4 bootkit driver gets loaded and initialized properly by performing tasks as follows: Reads the contents of the boot sector, compares it with the infected image stored in hidden file system, if it finds any difference between these two images it rewrites the infected image to the boot sector. Sets the DriverObject field of the miniport device object to point to the bootkit’s driver object and also hooks the DriverStartIo field of the miniport’s driver object. If kernel debugging is enabled then this TDL4 does not install any of it’s components.

TDL4 Rootkit hooks the ATAPI driver i.e. standard windows miniport drivers like atapi.sys. It keeps Device Object at lowest in the device stack, which makes a lot harder to dump TDL4 files.

All these striking features have made TDL4 most notorious Windows rootkit and it is also very important to mention that the key to its success is the boot sector infection. ....

The original MBR and driver component are stored in encrypted form using the same encryption. Driver component hooks ATAPI's DriverStartIo routine where it monitors for write operations. In case of write operation targeted at the MBR sector, it is changed to read operation. This way it is trying to bypass repair operation by Security Products.

Atleast you'd have some credibility left if you had said that the restrictions could be about DRM also.

I do not want to choose between Fedora and Ubuntu; I want to use whatever distro I fancy, and I want to be able to switch distros without jumping through hoops (yes, there are hoops to jump through now; this move by Canonical does nothing to advance any solution to that problem).

Moving one slider is jumping through hoops?

http://www.windowsfordevices.com/images/stories/samsung_secureboot.jpg [windowsfordevices.com]

Adding your own keys is jumping through hoops? Why should hundreds of millions of people's security be put at risk because you are lazy to move one slider while moving between multiple distros?

Re:Ubuntu understands users (1)

wmspider (1333299) | more than 2 years ago | (#40565391)

I haven't looked up how exactly the signing mechanism works, so please correct me if i'm wrong.
Since you can install your own certificates on your local machine, couldn't you also alter Windows and resign it with your local keys, thus defeating the DRM "feature" of UEFI Secure Boot?

Re:Ubuntu understands users (1, Interesting)

KingMotley (944240) | more than 2 years ago | (#40565435)

I don't understand why Microsoft requires secure boot. Care to explain?

Because, it is fairly easy -- especially with so much open source software out there -- to create malware that gets control of the system before the OS does. This malware will then hide itself, using hardware, to intercept any attempt to find it and virtualize the checks to fail. Simply, once in place, it is in control of your system, and the OS (or any anti-virus, etc) software from even being able to tell it is on your system at all. Basically, in the first moments you turn on your computer, you've lost the battle, and there is nothing any software can do to remove the malware, or even detect it is even on the system at all. Please note, this isn't just a Microsoft problem, you can have linux, unix, or OS/X, etc all rootkitted as well. It's just many linux folks don't understand the problem, don't care, and like spreading FUD because it hasn't affected them YET.

I mean the boot sector "virus"/"malware" thing is highly overrated. I've never seen one in the wild. The situation as is was just fine.

I've seen many. In fact, it's pervasive enough that sony created one for it's own gain -- http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal [wikipedia.org]

Re:Ubuntu understands users (1)

Anonymous Coward | more than 2 years ago | (#40564797)

Why microsoft needs to employ secure boot...

Why microsoft needs to employ a microsoft controlled boot loader - tftfy.

I don't trust Microsoft to do anything that isn't directly tied to increasing their profits - that includes forcing a boot loader that can later turn-off any operating system they don't like or want on *their hardware* - and trust me folks, with their boot-loader on the box, they will claim it is theirs, not yours.

You will have to *PAY* microsoft a licensing fee to run something other than windows - just wait and watch - you know it's coming.

The only safe PC is a PC free of anything Microsoft (and Apple)

Re:Ubuntu understands users (-1, Troll)

Serious Sandwich (2678177) | more than 2 years ago | (#40564837)

Why microsoft needs to employ a microsoft controlled boot loader - tftfy.

Windows (7, Vista, XP and so on) bootloader is already Microsoft "controlled".

Astroturf. (0)

Anonymous Coward | more than 2 years ago | (#40564859)

Wow. Who knew Canonical had astroturfers? Either that or apologists.

First five posts on this article were all "FSF sucks, Ubuntu knows our Hearts! 3".

Re:Ubuntu understands users (4, Insightful)

betterunixthanunix (980855) | more than 2 years ago | (#40564869)

While FSF just tries to fight their ideological war, Ubuntu takes less hard road and understands why Microsoft needs to employ secure boot. Good for them, and better for Linux.

How is this good for users? Restricted boot environments are about DRM, not about securing the system from malware. Canonical does not care about whether or not people can use the computers they own in the manner they wish to use them, so how is that a good thing?

I do not want to choose between Fedora and Ubuntu; I want to use whatever distro I fancy, and I want to be able to switch distros without jumping through hoops (yes, there are hoops to jump through now; this move by Canonical does nothing to advance any solution to that problem).

Re:Ubuntu understands users (0)

rickb928 (945187) | more than 2 years ago | (#40565287)

"I want to be able to switch distros without jumping through hoops (yes, there are hoops to jump through now; this move by Canonical does nothing to advance any solution to that problem)."

So you want what you what you not only do not have now, but somehow manage without.

So you want Grand Unification between distributions. Oh my. I doubt we could even get decent migration tools between the major distros, 'major'
defined as the ones you and I use. :)

Re:Ubuntu understands users (1)

betterunixthanunix (980855) | more than 2 years ago | (#40565321)

So you want what you what you not only do not have now, but somehow manage without.

The point is that we do have a real problem with GNU/Linux: switching distros is difficult and requires a lot of work, and sometimes you do not get what you wanted at the end. That is a problem that we should be working to solve or at least mitigate. This nonsense with signed bootloaders on personal computers is a step in the complete opposite direction.

Ubuntu sure as hell does NOT understand users (-1)

Anonymous Coward | more than 2 years ago | (#40564911)

There have been a whole bunch of bugs filed against a "feature" of the new Ubuntu UI, which Ubuntu refuses to fix. I was considering writing a patch myself but then decided to just go with a different distro. I'm just about to evaluate the available new choices.

If one enlarges any one window so that it is more then I think 80% of the total size of the screen, from then on all new windows from that same application appear maximized. The even cover up the menu bar on the top and the dock on the left.

What that means to me is that I cannot use most of the screen on my laptop, because after that any new windows will obscure all the other windows that I wanted to be able to view in the background.

Michael David Crawford [dulcineatech.com] , who can't be bothered to recover his password.

Re:Ubuntu understands users (2)

Hatta (162192) | more than 2 years ago | (#40564915)

Microsoft "needs" to employ secure boot in order to gain an advantage over smaller competitors who can't push OEMs into providing their signing key by default. Nothing more, nothing less. Any other justifications offered are smokescreens, and you are a naive fool if you believe them.

Re:Ubuntu understands users (1)

jellomizer (103300) | more than 2 years ago | (#40565131)

Ideology wars, are based on Sliding Scale Arguments. If you take your oppositions ideology side to the extremism imagine how bad it could be.
People who are Pro-Life: Go If we let any of these laws get passed we will finally reach a situation where we can kill child under 21 because before that they are not fully developed yet.
People who are Pro-Choice: Go if we let any of these laws get passed we will revert back a century and loose a hundred years of Women's rights, where the woman would be the slave to the men.

The Republicans say the Democrats will lead the US into Communism.
The Democrats say the Republicans will lead the US into Anarchy or a Military Dictatorship.

We have been hearing about technologies that Microsoft has released that could be used to kill Linux for almost 2 decades now. Reality is if Microsoft Cramps down too much people just don't buy them and the product flops. If Microsoft plays fair, the product usually get used.
 

Re:Ubuntu understands users (2)

spire3661 (1038968) | more than 2 years ago | (#40565373)

"If Microsoft plays fair" Does not compute.

Re:Ubuntu understands users (0)

Anonymous Coward | more than 2 years ago | (#40565277)

No one needs secure boot. We've lived without it for a long time, and that isn't even how most people get infected.

They expect OEMs to lock machines down? (5, Insightful)

makomk (752139) | more than 2 years ago | (#40564741)

The SFLC advice to us was that the FSF could require key disclosure if some OEM screwed up.

So in other words they're anticipating not only that OEMs are going to accidentally or intentionally ship machines running Ubuntu that are locked down so that you cannot boot your own kernels on them but also that they won't be able to convince the OEMs to fix their broken BIOSes to allow users to run their own code. By not using GRUB2 they ensure that said OEMs would have no legal obligations to allow you to run the code you wanted on the PC you'd just bought.

Not quite: They want to still work in a screwup... (2, Insightful)

nweaver (113078) | more than 2 years ago | (#40564925)

The expect that an OEM may screw up. In that case, their current solution will still allow users to run their own code except for the bootloader itself.

But if they used a GPLv3 bootloader, they have received advice that they might have to reveal the key when the OEM screws up, because that would be necessary for someone to provide their own bootloader.

Far better to not chance it and just avoid the GPLv3 for something that actually has a free license, rather than the significant impositions that GPLv3 attempts to impose in the name of the FSF's particular vision of "freedom".

Re:Not quite: They want to still work in a screwup (4, Insightful)

betterunixthanunix (980855) | more than 2 years ago | (#40565011)

The expect that an OEM may screw up. In that case, their current solution will still allow users to run their own code except for the bootloader itself.

In other words, what we had with OtherOS on the PS3.

But if they used a GPLv3 bootloader, they have received advice that they might have to reveal the key when the OEM screws up, because that would be necessary for someone to provide their own bootloader.

How is that a bad thing? This is not a key that is used to protect military secrets, it's a key that serves exactly one purpose: to prevent people from running modified software.

Far better to not chance it and just avoid the GPLv3 for something that actually has a free license, rather than the significant impositions that GPLv3 attempts to impose in the name of the FSF's particular vision of "freedom".

Your freedom to throw punches ends where my face begins. My freedom to install software on my computer is not less important than some OEM's freedom to restrict what software runs on their products.

Re:Not quite: They want to still work in a screwup (3, Insightful)

nweaver (113078) | more than 2 years ago | (#40565155)

How is revealing the key bad?

Well, how about that it would be revoked! Having the key would allow one to subvert Secure Boot on windows systems, so you can bet dollars-to-doughnuts that if Canonical had to release its key, Microsoft would revoke Canonical's key.

Re:Not quite: They want to still work in a screwup (4, Insightful)

betterunixthanunix (980855) | more than 2 years ago | (#40565269)

That's the point of GPLv3: if these OEMs want to screw things up, then they have to deal with not getting to run GPLv3 software. If Canonical wants to make these "certified" hardware systems, then they should do one of the following:
  1. Require that all certified systems ship with custom mode enabled by default, or that they ship without any restricted boot environment
  2. Produce a separate key for every OEM, so that if one OEM screws up, they lose their Ubuntu certification without affecting other OEMs.

Otherwise, they are just legitimizing an attack on user freedoms, despite being the maintainers of the most popular GNU/Linux distribution out there (and despite the fact that those very freedoms are what enabled their entire operation).

Which would be a greater attack on user freedom? (4, Interesting)

nweaver (113078) | more than 2 years ago | (#40565329)

Which is a greater attack on user freedom?

a) Not being able to change the bootloader?

b) Not being able to install on new systems without changing EFI settings because the signing key got revoked?

Canonical chose "A". Fedora chose A, too, btw, because they didn't sign grub, but built a "pre-bootloader-bootloader" to load Grub.

Re:Which would be a greater attack on user freedom (5, Insightful)

betterunixthanunix (980855) | more than 2 years ago | (#40565419)

Except that Canonical is in a position to demand that EFI boot restrictions be disabled by default. That does not seem to have entered the picture, because they do not care about user freedom. I disagree equally with Fedora's approach, because I personally switched away from Fedora when I disagreed with some changes they made, and this boot restriction system will make that harder to do.

Now is the time to fight back, not compromise. Bootloader restrictions are a direct attack on free software and user freedom, and the response by Canonical and the Fedora project has been to just lie down and accept that attack.

Re:Not quite: They want to still work in a screwup (4, Insightful)

0123456 (636235) | more than 2 years ago | (#40565033)

Far better to not chance it and just avoid the GPLv3 for something that actually has a free license, rather than the significant impositions that GPLv3 attempts to impose in the name of the FSF's particular vision of "freedom".

The "freedom" to actually be able to run the software you want on the computer you bought? You're right, they suck.

Re:They expect OEMs to lock machines down? (-1)

Anonymous Coward | more than 2 years ago | (#40565019)

Exactly, and frankly, it is the only viable option open to Ubuntu given the increasingly draconian GPL license. A mistake is simply too costly given the manner and spirit of GPL. I find it laughable that the FSF folk become increasingly militant about trying to force everyone's hard work to be put out into the world for free and then they complain when organizations drop packages because GPL represents too much risk. Perhaps the FSF should learn from this and lighten up on the whole "all code must be given away" thing?

I know that GPL has hurt the adoption of a great deal of code because it is unusable in many business situations (my company uses a lot of open source work and we specifically never use anything that is under GPL). I also know that if I were to write an Open Source package which I wanted to have widely used, I would never license it under GPL (LGPL or BSD would make the package much more widely used). If I wanted to make money from my OpenSource I would maybe release a restricted version of it as LGPL and then a full featured using a commercial license (with no source code for the commercial version).

GPL really just doesn't work, and the Ubuntu case is just one example of why,

Re:They expect OEMs to lock machines down? (1)

UnknownSoldier (67820) | more than 2 years ago | (#40565259)

> Perhaps the FSF should learn from this and lighten up on the whole "all code must be given away" thing?

Once you start compromising on your morals it is a slippery slope to "Convenience Morality"

Re:They expect OEMs to lock machines down? (0)

Anonymous Coward | more than 2 years ago | (#40565331)

GPL really just doesn't work, and the Ubuntu case is just one example of why,

When I look around at all the great GPL software packages and the advances that the GPL license (and free, open software) has brought about, I have to wonder who you are shilling for. For sure the GPL was a game-changer and anyone who says "it doesn't work" must be getting paid to say that.

Re:They expect OEMs to lock machines down? (5, Interesting)

jmorris42 (1458) | more than 2 years ago | (#40565145)

It gets better. Ubuntu is assuming this lockdown will be happening with OEMs they have a contractual relationship with.

Think about it. I put out Unknown Hacker Linux with a boot loader signed by me. I publish it on my website somewhere. Evil Bit Computers downloads it and installs my public key into the firmware of machines that they then sell to the public in a totally locked state. A buyer of one of those machines decides they want to wipe the preload and install Windows 8. They go Evil Bit and demand they keys per the GPL3 and get an Evil Laugh(TM). Then they come to me and demand the signing key and I tell them, I feel your pain but I'm sorry I can't do that because it would compromise every machine installed with packages signed by that key. And they couldn't do a darned thing to me legally because I have no relationship to Evil Bit Computers. If push came to shove Evil Bit could be required to issue new firmware allowing rekeying or they could be barred from distribution of GPL3 software. But I'd never see the inside of the courthouse.

And now you know why I have never considered Ubuntu. Never could say why, but they have always given off a 'wrong' vibe. Best explanation would be the short story _Young Zaphod Plays It Safe._ Just an undefined unease with em.

Why are we allowing these "people" to do this? (4, Insightful)

mcgrew (92797) | more than 2 years ago | (#40565251)

Intel had the bright idea back in the nineties and it was soundly rejected; Intel got a lot of bad publicity and backed off. Then MS came up with "Palladium" [theinquirer.net] ten years ago and it, too, was soundly rejected and MS got yet another black eye.

WTF, people?? FIGHT THIS MADNESS!! This is yet another round of MS's war against all other OSes. This is MS wanting to control YOUR computer. This has no upsides whatever, and is all bad.

Gees, ten years isn't that long, have you folks forgotten already?

Re:Why are we allowing these "people" to do this? (5, Insightful)

bill_mcgonigle (4333) | more than 2 years ago | (#40565377)

Gees, ten years isn't that long, have you folks forgotten already?

Two weeks after 9/11 the USAPATRIOT Act was highly controversial, despite the recent attack, and had sunset provisions.

Ten years later, it's renewed without any real debate.

"Keep us safe from the terr^H^H^H^H rootkits". In both cases the power-hungry gladly assume additional control and remove freedoms.

Re:They expect OEMs to lock machines down? (0)

Anonymous Coward | more than 2 years ago | (#40565417)

Some OEM's ARE already locked down. Case in point, some Dell PC's I've run across WILL NOT allow you to run both onboard video, and the slot Video card. On other Dells where I've needed to use both onboard and card, moving the card to the last PCIe slot, if available, and settings bios to use onboard allowed Windows to utilize both.

Of course, this is a non-issue w/ non-OEM custom PC's. When I first ran across that, I knew it was only a taste of things to come. And now they are at locking out OS', err excuse me, deciding which OS' are ok to install.

Since when did owning a computer turn into licensing a computer?

Ubuntu is doing the right thing (1)

detain (687995) | more than 2 years ago | (#40564773)

Not having a newer grub might suck in some regards but it appears as though they are looking out for our best interest here. If the only thing keeping this secure is a companies 'promise' they wont ever take action, then I'd have to agree with Ubuntu.

Re:Ubuntu is doing the right thing (5, Insightful)

betterunixthanunix (980855) | more than 2 years ago | (#40565039)

If the only thing keeping this secure

Secure from what? The goal is not to secure you from a bootloader virus; I doubt that was discussed for more than five minutes while this system was being designed. The goal is to secure DRM systems from you, the user, because of what happened with DVDs and deCSS, what happens with software cracking tools, etc. The goal is to turn PCs into iPads.

This is a trap, designed to rob you of the freedom you have right now, which as it so happens is the freedom that PCs were meant to provide in the first place.

Re:Ubuntu is doing the right thing (2)

PhilHibbs (4537) | more than 2 years ago | (#40565061)

Let me get this straight. They are saying that an OEM's actions might mean that the GPL could be used to force Canonical to release something?

I release some Code A under the GPL (which works fine on its own) and some Code B under a proprietary licence, and a third party links A to B and releases it, that in no way compels me to release my proprietary code B! This is an analogy, not an attempt to explain exactly what is happening, but I think it's apt.

Re:Ubuntu is doing the right thing (1)

VGPowerlord (621254) | more than 2 years ago | (#40565379)

I release some Code A under the GPL (which works fine on its own) and some Code B under a proprietary licence, and a third party links A to B and releases it, that in no way compels me to release my proprietary code B! This is an analogy, not an attempt to explain exactly what is happening, but I think it's apt.

Oh no, it's far worse than that, you'd be required to turn over the signing key that you use to cryptographically sign all your proprietary code.

Good riddance (5, Funny)

Hatta (162192) | more than 2 years ago | (#40564795)

Grub2 is an epic piece of shit anyway.

Re:Good riddance (2)

jmorris42 (1458) | more than 2 years ago | (#40565221)

> Grub2 is an epic piece of shit anyway.

Not exactly. It is epic. In that it is trying to live up to the "Grand" in its name. But it has to be admitted that it is in one important way inferior to GRUB 1. The big advantage of GRUB over LILO was that you didn't have to worry about an unbootable machine if you changed anything and forgot to 'rerun lilo'. GRUB2 brings those bad days back with it's mammoth configuration file spread into shards in /etc/ to make it possible for scripts to manipilate it in a sane way.

Grub bugs (3, Interesting)

Twinbee (767046) | more than 2 years ago | (#40564821)

I know this is offtopic, but just a quick request to the powers that be. I tried installing Ubuntu a while back, and 'Grub' not only made Ubuntu boot by defaut, but also wouldn't allow any easy way for to change that to Windows. In addition to that, uninstalling Grub proved to be very cumbersome.

I'm sure many would be far less patient than me, so it may help perceptions of Linux/Ubuntu if some of the basics were in place.

Re:Grub bugs (2)

dkleinsc (563838) | more than 2 years ago | (#40564923)

At least Linux Mint's installer, and I think Ubuntu's as well, figure out that Windows is already on your system during the install process, and set up Grub so you can easily just choose "Windows" when the computer is booting up.

In other words, the "powers that be" know about the problem, and have a pretty good solution in place right now.

Re:Grub bugs (3, Insightful)

CanHasDIY (1672858) | more than 2 years ago | (#40564945)

The worst part (of Grub2, IMO) is, you can't even make configuration changes without blindingly painful, self-inflicted dental surgery, [linuxers.org] or installing a separate, non-default GUI package (startup-config-manager or some such shit) to your Ubuntu box.


I miss my grub.conf and menu.lst!

Re:Grub bugs (1)

Anonymous Coward | more than 2 years ago | (#40565053)

People believe TFM too much on this.

Yes, it says you cannot edit the auto-generated config, and that bad things will happen if you do.

Go ahead, edit the goddamn config, and make a backup, and never run the automated config generator again. And if it somehow does get run, perhaps as part of some software update, just mutter imprecations into your beard while you copy the backup into place, then go on with life.

It works just fine, if you refuse to believe people who say you must not touch config files.

Re:Grub bugs (1)

nedlohs (1335013) | more than 2 years ago | (#40565361)

On noes! Instead of editing /boot/grub/grub.cfg I edit /etc/grub.d/X. The world is ending I say!

Of course you could just edit the file anyway and not run the generator script ever again, but that would be too complicated I guess....

Re:Grub bugs (0)

Anonymous Coward | more than 2 years ago | (#40565073)

Oh, hell, yes. There was a time in the mid 90s where Windows people would install Linux on a separate partition, for fun. Then they tried to get rid of it further down the line and oh fuck, I'm never doing this again. Linux on the desktop might be twice as far along if GRUB hadn't been such a piece of utter shit.

Re:Grub bugs (2)

Knuckles (8964) | more than 2 years ago | (#40565317)

Oh, hell, yes. There was a time in the mid 90s where Windows people would install Linux on a separate partition, for fun. Then they tried to get rid of it further down the line and oh fuck, I'm never doing this again. Linux on the desktop might be twice as far along if GRUB hadn't been such a piece of utter shit.

Grub in the mid-nineties? I don't think so.

I Call Bullshit. (5, Insightful)

darkonc (47285) | more than 2 years ago | (#40564889)

Canonical can't be held responsible for somebody else's screw-up. If Canonical distributes GRUB consistent with the GPL3, then there responsibility is done. If somebody else screws up by distributing GRUB in a non-conformant way, then all they can do is ask canonical to distribute their private key to get the manufacturer's bacon out of the fire. Canonical would then be free to laugh at them.

It seems to me that Canonical is missing the bigger piece -- which is that the vibrancy of Ubuntu depends on the wider vibrancy of Linux. If Ubuntu jumps into Microsoft's lifeboat and leaves the rest of the GNU/Linux community to sink or swim, Canonical is ultimately slitting their own throat slowly.

Trusting Microsoft over the FSF seems foolhardy at best.

Except that OEMs are cannonical's partners... (2)

nweaver (113078) | more than 2 years ago | (#40564961)

Part of the vision is that you should buy a Ubuntu system, right? In this case, Canonical is working with the OEMs to produce a certified system.

Thus if one of the OEMs screws up, Canonical does have a relationship with the product, as provider of the software, and may, under the GPLv3's "anti-TiVoization" clause, have to provide the signing key.

This is "Better to avoid the problem altogether"

Re:Except that OEMs are cannonical's partners... (1)

robmv (855035) | more than 2 years ago | (#40565159)

It is simple, add to their legal binding document/contract that the OEM must not ship machines with locked keys and if that happens by accident the OEM must provide an updated firmware

Re:Except that OEMs are cannonical's partners... (1)

betterunixthanunix (980855) | more than 2 years ago | (#40565385)

Part of the vision is that you should buy a Ubuntu system, right? In this case, Canonical is working with the OEMs to produce a certified system.

The vision is that you can buy a system that does not impose restrictions on what software you can run. The point of the GPLv3 is to advance that goal. Having Ubuntu but being unable to run a custom bootloader is not part of the vision.

This is "Better to avoid the problem altogether"

There is another option: require that any bootloader restrictions be disabled by default. If a user wants the restrictions to be enabled, nothing should stop them; but if the restrictions are enabled by default, an OEM may very well ship a system that does stop users from disabling those restrictions (otherwise, what's the point?).

Go complain to Microsoft if they try to make dual booting hard on such systems.

Re:I Call Bullshit. (0)

Anonymous Coward | more than 2 years ago | (#40564989)

Not really. Microsoft can be trusted to behave like the behemoth it is. They are very consistent. The FSF, however, is a small organization that changes dramaticly with leadership changes. They're stuck between Big Evil and Holy Shit Radicals. It's not a good place, and in their position close to the real world, they've made a reasonable decision. I don't like on religious grounds, but then again, Free Software is a religion.

Get rid of secure boot (0, Interesting)

Anonymous Coward | more than 2 years ago | (#40564919)

If I can't boot linux on a motherboard, I return the motherboard. Its an anti-trust issue. A single motherboard can kill some village idiot outfit like mickeysoft. The FSF is correct. Grub2 is brand new, and works perfectly. Shills and luddites who argue otherwise are brainless pieces of shit. Microsoft needs to die anyway.

Shuttleworth isn't being entirely candid (4, Informative)

Todd Knarr (15451) | more than 2 years ago | (#40564965)

I'm sure the SFLC did tell him that a mistake by an OEM could force disclosure of the signing key. But notice he doesn't say explicitly that they told him it could force disclosure of Canonical's signing key. That's because I'm pretty sure they didn't tell him that. Think about it. The logic here is that an action that breaches the GPLv3 by a downstream distributor (the OEM) could force the upstream to correct the breach. Now, suppose I put that in the context of code: I distribute a GPLv3'd piece of software, you receive it from me, modify it and distribute the modified version. If Shuttleworth's argument is correct, then I am in breach of the GPLv3 because I'm not distributing the source code to your modifications as required by the GPLv3. But that's obvious nonsense, since I'm only required to distribute the source code to the software I'm distributing and I'm not distributing your modifications at all. Only you're doing that, and the only way you can pass your obligations back to me is if you're me in the legal sense (ie. a wholly-owned subsidiary company or a division of my company) or if I've signed a contract with you to take on those obligations for you.

So I suspect that while Canonical would be required to distribute any tools needed to create signed bootloaders and the keys needed for the BIOS to boot them, unless they're distributing the actual hardware it'd be on the OEM (who selected the hardware) to take any steps necessary to comply with the GPLv3 as regards the hardware (ie. either choose a BIOS that allowed keys to be enrolled or Secure Boot to be disabled, or distribute their own signing keys). Of course that could place the OEMs in a bind: if they used Canonical's signed binaries and keys then the OEM would be obliged to provide the signing key, but Canonical is not obliged to provide it to them. Which I think is exactly the situation the FSF desires: OEMs placed in a position where to use a very desirable bit of software in their equipment requires selecting a BIOS that permits user control over the Secure Boot process and keys.

Re:Shuttleworth isn't being entirely candid (1)

rudy_wayne (414635) | more than 2 years ago | (#40565101)

When Monty Widenius sold MySQL to Sun nobody worried. What could possibly go wrong?

  Mark Shuttle worth is absolutely correct when he says "we have to plan for a world where leaders change and institutional priorities change."

Re:Shuttleworth isn't being entirely candid (0)

Anonymous Coward | more than 2 years ago | (#40565273)

So rather than working with institutions that presently have good priorities, we're going to work with institutions that have bad priorities, because fuck it everyone's going to try to fuck us over eventually.

Not quite the flaw you make it sound like, Mark... (5, Insightful)

pla (258480) | more than 2 years ago | (#40565041)

The SFLC advice to us was that the FSF could require key disclosure if some OEM screwed up.

Yes! Yes, they could - Because it would mean that the OEM had "accidentally" taken away the user's right to do whatever the fuck they want with hardware bought and paid for by that user. And I have no problem with requiring key disclosure in that situation.

Look, Shuttles, we get the idea that you want every bit as much control over Ubuntu as Microsoft has over Windows, and UEFI has the potential to finally fulfill your little wet dream there. You seem to have overestimated your importance in the Linux world, however - If you won't honor the spirit of "free" software, we'll simply use a distro that does.

Re:Not quite the flaw you make it sound like, Mark (2)

nweaver (113078) | more than 2 years ago | (#40565281)

Except that key disclosure would cause a lot of harm.

Canonical's solution still allows you to run all your own code except the bootloader in this case. Since the bootloader itself is not locked down, you can boot anything from the bootloader.

But if they had to disclose the key, then this means Microsoft has to revoke Canonical's key, because that key would allow subverting Window's secure boot model, and now it can't be used to install without requiring user EFI reconfiguration on any PC that includes Canonical's key in its revocation list.

Re:Not quite the flaw you make it sound like, Mark (0)

Anonymous Coward | more than 2 years ago | (#40565409)

But if they had to disclose the key, then this means Microsoft has to revoke Canonical's key, because that key would allow subverting Window's secure boot model, and now it can't be used to install without requiring user EFI reconfiguration on any PC that includes Canonical's key in its revocation list.

Then maybe Microsoft shouldn't have picked such a fscked-up security model.

Why did you go with Linux? (4, Insightful)

ackthpt (218170) | more than 2 years ago | (#40565083)

I chose it because I could see the sources, update as I see fit, build as I see fit and be able to do a build without clobbering all my installed software.

So why would I suddenly want to chose a closed source Microsoft solution? This is the company, whose practices since 1995 are the major reason why we have malware, viruses and worms.

Such great vision from the start, nobody would even think to remotely try to control your computer, right?

As a mainframe admin I was charged with keeping sneaky bastages out all the time, why didn't Microsoft believe this sort of thing could happen on a PC? To this day they still have gaping holes in security and their transparency is a thing of fantasy.

But Microsoft isn't changing position? (5, Insightful)

CanEHdian (1098955) | more than 2 years ago | (#40565111)

As nice as it is that someone at the FSF says they would not, we have to plan for a world where leaders change and institutional priorities change

As nice as it is that someone at Microsoft says they will sell $99 keys, we have to plan for a world where leaders change and institutional priorities change

Don't forget the big picture (1)

it5complicated (1951824) | more than 2 years ago | (#40565183)

Go the Mozilla way: Make deals with Google so you can build an open web. Don't listen to the voices from the cobwebs that speak a lot but don't deliver a usable product. Freedom is good only if it allows me to swim in it.

UbuntWHO? (0)

Anonymous Coward | more than 2 years ago | (#40565227)

Screw you Ubuntu. Screw you Shuttleworth. Screw you Canonical.
You exploit the hell out of Debian and free software in general, and what do you give back?

Speaking of leaders changing, when is Shuttleworth's time going to be over so that some sense and honour can be brought into THAT organization?

they promise (0)

v1 (525388) | more than 2 years ago | (#40565265)

The FSF wrote a licence that would give them the rights to take specific actions, and it's hard for them to argue they never would!'"

Couldn't agree more. "We insist you write us a blank check, just in case we need it. We won't abuse it. We promise!"

No. Blank checks get abuse, pretty much always. It's difficult to find examples of where abusable rights were given and then later did not go on to get abused at least once. (and sometimes as a matter of policy) It's also sadly entertaining to watch how they tend to fight you when you try to add in anti-abuse clauses, things that make you go "hmmmmm...."

Good call, Shuttleworth. Stand your ground.

Antitrust authoritities? (2)

ThePhilips (752041) | more than 2 years ago | (#40565319)

Anybody heard any reaction from the antitrust authorities?

US would probably remain mum, but I do not think EU would accept the OEM lockdown by convicted monopolist that readily.

Yes, there are security concerns, but they are negligible compared to the power grab by the convicted monopolist.

An impossible solution (1)

rickb928 (945187) | more than 2 years ago | (#40565381)

I wopiudl be interested in the naive idea that users shouidl be able to turn secure boot on and off. So if it's off, no Windows but other OSes could boot. On, and Windows would boot, but other OSes may or may not.

Then, if I choose to NOT use Windows, I'm in a much simpler reality.

Of course, I'm certain this cannot work. Darn.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>