Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

OpenBSD's De Raadt Slams Red Hat, Canonical Over 'Secure' Boot

timothy posted about 2 years ago | from the so-you're-not-a-fan-then dept.

Microsoft 391

An anonymous reader writes "OpenBSD founder Theo de Raadt has slammed Red Hat and Canonical for the way they have reacted to Microsoft's introduction of 'secure' boot along with Windows 8, describing both companies as wanting to be the new Microsoft."

Sorry! There are no comments related to the filter you selected.

A bit over the top (5, Insightful)

jmorris42 (1458) | about 2 years ago | (#40784437)

We have been hearing various people who should know better that "Redhat is the next MIcrosoft" and variations on that theme now for at least a decade. Guess Ubuntu should take it as a sign that they have 'made it' that the same is now being said of them.

Not saying I agree with either of their solution to the Kobayashi Maru (otherwise known as Secure Boot) problem, but calling them 'traitors' is a bit much. Especially since I can't rightly say I have a better plan and neither does Mr. deRaadt.

Re:A bit over the top (0)

Open Source Fellatio (2694195) | about 2 years ago | (#40784451)

I completely agree. Talk about secury booty, am I right?

Re:A bit over the top (5, Insightful)

Hatta (162192) | about 2 years ago | (#40784519)

Especially since I can't rightly say I have a better plan and neither does Mr. deRaadt.

The better plan is to sue Microsoft for abuse of their monopoly.

Re:A bit over the top (5, Insightful)

jmorris42 (1458) | about 2 years ago | (#40784603)

> The better plan is to sue Microsoft for abuse of their monopoly.

The old consent decree is long since expired. Good luck starting up a new round of lawsuits, Microsoft discovered lobbists after the last round so the DOJ isn't going to be bothering them again. So your plan is do nothing for years while a court case winds its way through the system and more then likely ends up going nowhere. Boy I'd love to take that plan to the stockholders meeting.

Re:A bit over the top (4, Insightful)

drinkypoo (153816) | about 2 years ago | (#40784687)

The better plan is to sue Microsoft for abuse of their monopoly.

You mean, so that they can be found guilty again and let go without so much as a hand-slap again? Yes, that would be a wonderfully immense waste of taxpayer dollars.

Re:A bit over the top (-1, Flamebait)

pixelpusher220 (529617) | about 2 years ago | (#40784853)

let go without so much as a hand-slap again

Yet another FU from GWBush :(

They were convicted and would have faced serious penalties, except for Bush and Co's decision to not punish them.

Re:A bit over the top (0)

cpu6502 (1960974) | about 2 years ago | (#40784997)

>>>>>let go without so much as a hand-slap again
>>
>>Yet another FU from GWBush :(

Great. Another one of the "Blame bush not obama" crowd. George duh Bush was even president yet when the Federal Court of Appeals overturned the original "breakup" decision in 2000. Mr. Clinton was still president. Maybe you should reword your sentence:
"Yet another FU from WJClinton :("

Re:A bit over the top (2, Informative)

pixelpusher220 (529617) | about 2 years ago | (#40785387)

Might want to check your history:

MS trial [wikipedia.org]

The DOJ announced on September 6, 2001 that it was no longer seeking to break up Microsoft and would instead seek a lesser antitrust penalty. Microsoft decided to draft a settlement proposal allowing PC manufacturers to adopt non-Microsoft software.

Who was president in Sept 2001 again?

Re:A bit over the top (3)

cpu6502 (1960974) | about 2 years ago | (#40785469)

Actually the announcement came from a federal court of appeals in late 2000. QUOTE: "The D.C. Circuit Court of Appeals overturned Judge Jackson's rulings against Microsoft. This was partly because the Appellate court had adopted a "drastically altered scope of liability" under which the Remedies could be taken......" In other words they decided not to breakup the company.

Late 2000..... before President Shrub arrived on the scene. But hey! Why let "facts" get in the way of good-ole FOX or NBC style distorted reporting?

Nonsense. (0)

Anonymous Coward | more than 2 years ago | (#40785765)

It isn't a fact if all I have is your word. It is just some anonymous (what is your name and address?) bozo's opinion on the internet.

Re:A bit over the top (3, Interesting)

drinkypoo (153816) | more than 2 years ago | (#40785891)

Who? [bbc.co.uk] What? [theregister.co.uk]

Re:A bit over the top (4, Informative)

Baloroth (2370816) | about 2 years ago | (#40785475)

Of course, the DOJ decision was after this little tidbit:

The D.C. Circuit Court of Appeals overturned Judge Jackson's [original judge who issued the breakup order] rulings against Microsoft. This was partly because the Appellate court had adopted a "drastically altered scope of liability" under which the Remedies could be taken, and also partly due to the embargoed interviews Judge Jackson had given to the news media while he was still hearing the case, in violation of the Code of Conduct for US Judges.[17] Judge Jackson did not attend the D.C. Circuit Court of Appeals hearing, in which the appeals court judges accused him of unethical conduct and determined he should have recused himself from the case.

(bracketed bit inserted by me)

Re:A bit over the top (0)

vux984 (928602) | about 2 years ago | (#40784765)

The better plan is to sue Microsoft for abuse of their monopoly.

Assuming its established that they still have a monopoly.
How exactly are they abusing it?

Re:A bit over the top (3, Interesting)

cpu6502 (1960974) | about 2 years ago | (#40784835)

Desktop and laptop PCs are still 88% dominated by the Microsoft OS. Requiring other OS makers to buy a license from Microsoft is very clear evidence of using their monopoly power to stifle competition. Opera won their lawsuit in the EU with lesser charges. (MS didn't block Opera... just made it difficult to compete against the free OS-embedded IE.) In this case MS is actively blocking Chrome, Ubuntu, Kolibri and other OSes.

I guess I just found another reason to buy a Win7 PC instead of the Win8 version with blockeboot.

Re:A bit over the top (1)

pixelpusher220 (529617) | about 2 years ago | (#40784883)

I guess I just found another reason to buy a Win7 PC instead of the Win8 version with blockeboot.

On this at least, we fully agree :)

Any idea how Win7 will be treated by UEFI should we want to install it onto 'newer' hardware in the future?

Re:A bit over the top (0)

Anonymous Coward | about 2 years ago | (#40784983)

Any idea how Win7 will be treated by UEFI should we want to install it onto 'newer' hardware in the future?

Yes: not at all.

Re:A bit over the top (1)

cpu6502 (1960974) | about 2 years ago | (#40785131)

>>>Any idea how Win7 will be treated by UEFI should we want to install it onto 'newer' hardware in the future?

Disable the SecureBoot and install Win7 normally. The only problem I worry is that Win7 might not have the necessary modem, printer, wifi, etc drivers for newer i9 or i11 computers?

Re:A bit over the top (5, Insightful)

AdamWill (604569) | about 2 years ago | (#40785221)

"Requiring other OS makers to buy a license from Microsoft is very clear evidence of using their monopoly power to stifle competition"

It certainly would be. The only problem is that they're not doing that at all.

The industry as a whole agreed to ratify the basic Secure Boot mechanism as part of the UEFI standard. Secure Boot as described in the UEFI standard does not say anything at all about who should sign code and issue keys and any of that stuff. All it does is say 'here is a mechanism called Secure Boot by which the system firmware can maintain a list of keys and refuse to run code which is not signed by one of those keys'.

So once that's in the UEFI standard, we have a world where there is this thing called Secure Boot which operating system developers and hardware vendors can *choose* to implement. Or not. The UEFI standard says nothing about whether it ought to be used, what keys ought to be included, or anything like that.

So Microsoft, as an operating system vendor, decides they want to use this Secure Boot thing. They're going to sign their operating system, and require vendors who want to pre-load that operating system on their systems to ship Microsoft's key. So that their operating system will run. This is what the Microsoft Windows 8 certification requirements for x86 state: you have to turn Secure Boot on by default and include our key.

What the certification requirements explicitly do _not_ state is this: 'you can't include any other keys'. They definitely don't say that. They just say 'you have to include Microsoft's key'. There's no restriction at all on shipping any number of other keys. Additionally, the certification requirements explicitly require that the user be able to enrol their own keys, and also disable Secure Boot if they so desire.

So...Microsoft's requirements for OEMs are that they enable Secure Boot by default (but allow it to be disabled) and ship Microsoft's key (but they can also happily ship any number of other keys, if they choose).

It's logically impossible to construe this as "Requiring other OS makers to buy a license from Microsoft". It doesn't do that, at all. Other OS makers can have their OS signed by themselves or anyone else they like, and ask hardware manufacturers to ship that key. Microsoft does nothing to prevent this. Or they can choose not to sign their OS at all, and ask users to disable Secure Boot. Microsoft does nothing to prevent this. Or they can _choose_ to have Microsoft sign their OS so it'll work without them needing to get any other key loaded into firmware; Microsoft didn't _have_ to provide public signing services, but they are doing so to avoid a PR shitstorm. If Microsoft really wanted to be evil, why would it provide public signing services at all? Wouldn't it be more effective just to say 'no, we won't do that'?

I find it highly unlikely that you could build a convincing case of monopoly abuse over Secure Boot for x86, when the actual facts of the matter are taken into account. They just don't support the accusation strongly enough. If Microsoft could be shown to be exerting pressure to prevent alternative signing groups from existing or getting their keys loaded onto hardware, then maybe...but AFAIK no-one has shown such.

(disclaimers: I am not a lawyer and this is not legal advice or a legal opinion. Furthermore, though I work for Red Hat, I am not directly involved in any RH evaluation of this issue, I am not involved in RH legal in any way, and this is entirely a personal opinion and not in any way representative of Red Hat. It is not Red Hat's official position on the issue of the legality or otherwise of Microsoft's actions. I specifically leave open the possibility that Red Hat as an entity might take a completely opposite view of the case.)

Re:A bit over the top (0, Flamebait)

Anonymous Coward | about 2 years ago | (#40785431)

Quit confusing the issue with facts. This is Slashdot, damn it!

Re:A bit over the top (0)

Anonymous Coward | about 2 years ago | (#40785461)

What about ARM?

Windows RT requires secureboot does it not? Its not optional, that means I'm going to have trouble say dual booting Debian arm, and Windows RT on the same device if I ever wanted right?

Re:A bit over the top (3, Interesting)

vux984 (928602) | more than 2 years ago | (#40785933)

What about ARM?

What about it?

Microsoft doesn't have a monopoly in ARM devices (tablets and smartphones). Their competitors in Apple and even many Androids have restricted boot to their signed binaries.

We all agree that its not the situation we want, and we all agree we should demand the right to the keys to our devices (which we currently have on x86).

But it is absurd to suggest Microsoft is abusing its monopoly position in the ARM device market.

Re:A bit over the top (0)

Darby (84953) | more than 2 years ago | (#40786071)

But it is absurd to suggest Microsoft is abusing its monopoly position in the ARM device market.

But it's a simple point of fact to state that it is using a monopoly position in one area of a market to abuse another. Seriously, either think before posting or troll harder next time.

Re:A bit over the top (1)

Sir_Sri (199544) | more than 2 years ago | (#40786105)

And that supposes you could claim ARM as a separate market from x86. MS could probably pretty easily argue that there is a tablet market, and that they have offerings in that market where you have to use restricted boot, and some where you don't. At that point you'd have to show they are intentionally making it hard to get the ARM only version, which if they have any brains (and they might not) they won't.

Re:A bit over the top (0, Troll)

Teresita (982888) | more than 2 years ago | (#40786035)

Microsoft has never been happy about sharing a HD with another OS. Even now, if you have a Linux desktop and you want to dual-boot with Windows, you have to clear Linux off first, install Windows, then resize the NTFS partition, re-install Linux, and use Grub for the boot menu. Windows arrogantly assumes it's the only OS on the HD, even this late in the game. If Win8 locks down the x86 in the future, you won't even have this option.

Re:A bit over the top (2)

AdamWill (604569) | more than 2 years ago | (#40786073)

Yeah, that's why I limited my post specifically to x86. The ARM requirements are much stricter: Secure Boot must be enabled and must not be disable-able, and the user must not be able to enrol their own keys. I don't believe the requirements reject the possibility of other keys being preloaded, but in practice I doubt we'll see that.

As other responders have pointed out, though, there's a different problem with alleging monopoly abuse when it comes to Windows RT / ARM, which is that Microsoft doesn't have any kind of monopoly on any kind of ARM client device. It doesn't have a tablet or phone monopoly. Consumer ARM devices are often sold heavily locked down; Microsoft isn't doing anything new there. (Most Android phones / tablets, and all Apple ones, are locked down in similar fashion).

Re:A bit over the top (0)

Anonymous Coward | about 2 years ago | (#40785479)

Can you remove keys that other people have signed and enrolled?

Re:A bit over the top (1)

AdamWill (604569) | more than 2 years ago | (#40786079)

Yes. Either the UEFI spec or the Microsoft requirements (I forget which) state that if the user removes all keys, the machine should go to 'secure boot disabled' state. So if the specs are actually followed, you should be able to remove the Microsoft key from any hardware you buy and that will automatically kick the system into 'secure boot disabled' state. Or you could just disable it directly.

Re:A bit over the top (0, Troll)

cpu6502 (1960974) | more than 2 years ago | (#40785527)

That's a nice 3-page essay (double-space I presume), but it doesn't change the fact Canonical and Redhat were forced to buy a license *from Microsoft* or else their OSes would not run.

That is called restraint-of-trade and it is VERY clearly a violation of the Sherman Antitrust Act. As I stated MS already got in trouble with the EU merely for giving-away Explorer for free & thereby gaining an unfair advantage over Opera/Google/other browsers..... now they are actively blocking other OSes from Opera/Google/other OSes from running (unless they beg MS for a license). I expect the EU to slap them down again.

Problem si that peope like YOU seem to think corproatuions never od anything wrong, even when a company like Ford designs Pintos with faulty gas tanks that blowup. Or when Toyota builds engines that die after only 25,000 miles & refuse to fix the engine under warranty. "Oh that's okay... it's a free market. I love the megacorps". You Corporate loving sellout.

Re:A bit over the top (1)

Nethead (1563) | more than 2 years ago | (#40785691)

It wasn't the gas tanks that were bad on the Pintos, it was bolts behind the tank that were too long. Ford recalled and fixed them. I know, I had a '74 Pinto that was recalled back in the day, with mag wheels!

What Ford didn't/couldn't fix was the horrid way the car shook between 64 and 72MPH. They didn't have to fix that because the national speed limit was 55MPH.

Re:A bit over the top (0)

Anonymous Coward | more than 2 years ago | (#40785699)

fact Canonical and Redhat were forced to buy a license *from Microsoft* or else their OSes would not run.

Bullshit. No one forced them to do any such thing. They could have easily provided their own signing key to OEMs.

Re:A bit over the top (5, Informative)

vux984 (928602) | more than 2 years ago | (#40785881)

), but it doesn't change the fact Canonical and Redhat were forced to buy a license *from Microsoft* or else their OSes would not run.

That is not true.

Their OSes will run just fine provided any of the following are done:

a) the user logs into UEFI and disables secure boot

b) the user logs into UEFI and installs a distro key

c) the user logs into UEFI and installs their own key and signs the distro themselves.

d) the distro provider works with the manufacturer to have their key pre-loaded the same as microsofts.

Microsoft (currently) does prevent or even hinder any one of those alternatives on x86.

Canonical and Red Hat noted that a & b require at least a nomimal effort by the end user. (c requires a fair bit of effort for the end user) And that d required a substantial effort on their part.

So they chose "e) sign our distros with the MS key" that Microsoft already took the effort to have preloaded so that our users don't need to take the nominal step of disabling secure boot or of installing their own keys.

"That is called restraint-of-trade and it is VERY clearly a violation of the Sherman Antitrust "...

No its not.

"now they are actively blocking other OSes from Opera/Google/other OSes from running (unless they beg MS for a license)"

You don't need a license from microsoft. The end user can disable secure boot. The end user can install their own keys. The distro can approach the hardware manufacturer and have their own keys preloaded along side microsofts.

Microsoft isn't preventing anyone from doing anything, and you do not need to interact with microsoft at all to install other OSes.

Please COMPREHEND the above before replying or commenting on the subject further.

Re:A bit over the top (1)

Taco Cowboy (5327) | more than 2 years ago | (#40785947)

You said this:
 
 

Microsoft (currently) does prevent or even hinder any one of those alternatives on x86

 
Then you turned around and said this:
 
 

Microsoft isn't preventing anyone from doing anything, and you do not need to interact with microsoft at all to install other OSes.

 
Please elucidate what are you trying to get at
 
Thanks !

Re:A bit over the top (1)

bill_mcgonigle (4333) | more than 2 years ago | (#40786087)

the fact Canonical and Redhat were forced to buy a license *from Microsoft* or else their OSes would not run

So the fact that they chose to pay Microsoft $80 rather than establish vendor relationships with every motherboard and BIOS manufacturer (as Microsoft did) creates a situation of force?

"Oh that's okay... it's a free market. I love the megacorps". You Corporate loving sellout.

ah, this was just an excuse to lash out at somebody, wasn't it?

Re:A bit over the top (4, Informative)

cpu6502 (1960974) | more than 2 years ago | (#40785697)

Now here's an essay for you to read..... written by the Free Software Foundation:
(snip)

In theory, there should be no problem. In practice, the situation is more complicated. As currently proposed, Secure Boot impedes free software adoption. It is already bad enough that nearly all computers sold come with Microsoft Windows pre-installed. In order to convince users to try free software, we must convince them to remove the operating system that came on their computers (or to divide their hard drives and make room for a new system, perceptually risking their data in the process).

With Secure Boot, new free software users must take an additional step to install free software operating systems. Because these operating systems do not have keys stored in every computer's firmware by default like Microsoft does, users will have to disable Secure Boot before booting the new system's installer. Proprietary software companies may present this requirement under the guise of "disable security on your computer," which will mislead new users into thinking free software is insecure.

Without a doubt, this is an obstacle we don't need right now, and it is highly questionable that the security gains realized from Secure Boot outweigh the difficulties it will cause in practice for users trying to actually provide for their own security by escaping Microsoft Windows.

It's also a problem because the Windows 8 Logo program currently mandates Restricted Boot on all ARM systems, which includes popular computer types like tablets and phones. It says that users must not be able to disable the boot restrictions or use their own signing keys. In addition to being unacceptable in its own right, this requirement was a reversal from Microsoft's initial public position, which claimed that the Windows 8 program would not block other operating systems from being installed. With this deception, Microsoft has demonstrated that they can't be trusted. While we are interpreting their current guidelines, we must keep in mind that they could change their mind again in the future and expand the ARM restrictions to more kinds of systems.

The best way out of all of this (other than having all computers come pre-installed with free software) would be for free software operating systems to also be installable by default on any computer, without needing to disable Secure Boot. In the last few weeks, we've seen two major GNU/Linux distributions, Fedora and Ubuntu, sketch out two different paths in an attempt to achieve this goal.

Fedora's approach

There is much to like about Fedora's thinking, as explained by Matthew Garrett......... Unfortunately, while it is compliant with the license of GRUB 2 and any other GPLv3-covered software, we see two serious problems with the Microsoft program approach.

1) Users wishing to run in a Secure Boot environment will have to trust Microsoft in order to boot official Fedora. The Secure Boot signing format currently allows only one signature on a binary -- so Fedora's shim bootloader can be signed only by the Microsoft-vouched key. If a user removes Microsoft's key, official Fedora will no longer boot, as long as Secure Boot is on.

2) We reject the recommendation that others join the Microsoft developer program. In addition to the $99 expense being a barrier for many people around the world, the process for joining this program is objectionable. A nonexhaustive list of the problems includes: restrictive terms in multiple of the half-dozen contracts that must be signed, a forced commitment "to receive targeted advertisements and periodic member email messages from Microsoft," and a requirement to provide notarized proof of government-issued identification and a credit card.

Ubuntu's approach

Their approach has the same issue as Fedora's official method. Users have to trust Microsoft in order to boot official Ubuntu CDs. Their certification program amplifies this problem, because it means no one can sell certified Ubuntu machines without trusting Microsoft.

As with Fedora, on a system with Secure Boot properly implemented, Ubuntu users will be able to add their own keys, or Ubuntu's key.

Our main concern with the Ubuntu plan is that because they are afraid of falling out of compliance with GPLv3, they plan to drop GRUB 2 on Secure Boot systems, in favor of another bootloader with a different license that lacks GPLv3's protections for user freedom. Their stated concern is that someone might ship an Ubuntu Certified machine with Restricted Boot (where the user cannot disable it). In order to comply with GPLv3, Ubuntu thinks it would then have to divulge its private key so that users could sign and install modified software on the restricted system.

This fear is unfounded and based on a misunderstanding of GPLv3. We have not been able to come up with any scenario where Ubuntu would be forced to divulge a private signing key because a third-party computer manufacturer or distributor shipped Ubuntu on a Restricted Boot machine. In such situations, the computer distributor -- not Canonical or Ubuntu -- would be the one responsible for providing the information necessary for users to run modified versions of the software.

Furthermore, addressing the threat of Restricted Boot by weakening the license of the bootloader is backwards. With a weaker license, companies will now have a form of advance permission to obstruct the user's ability to run modified software. Rather than work to make sure this situation does not happen -- for example by enforcing the proper Secure Boot implementation they say they "strongly support in [their] own firmware guidelines" -- Ubuntu has chosen a path which explicitly allows Restricted Boot.

Conclusion and recommendations

What we've offered here is our position based on the details published by all parties involved so far -- we will continue to assess the situation as these plans are actually put into practice, or changes are announced.

Our focus is to evaluate proposed solutions to the issues posed by Secure Boot on the basis of how well they protect user freedom, to recommend the solutions that do the best job of that, and to stop attempts to turn Secure Boot into Restricted Boot.

The best solution currently available for operating system distributions includes:

1) fully supporting user-generated keys, including providing tools and full documentation for booting and installing both modified and official versions of the distribution using this method;

2) using a GPLv3-covered bootloader to help protect users against the dangers of Restricted Boot;

3) avoiding requiring or encouraging users to trust Microsoft or any company which makes proprietary software; and

4) joining the FSF and the broader free software movement in pressuring computer distributors to facilitate easy and independent installation of free software operating systems on any computer.

We will do what we can to help all free software operating system distributions follow this path, and we will work on a political level to reduce the practical difficulties that adhering to these principles might pose for expedient installation of free software. The FSF does want everyone to be able to easily install a free operating system -- our ultimate goal is for everyone to do so, and the experience of trying out free software is a powerful way to communicate the importance of free software ideals to new people. But we cannot in the name of expediency or simplicity accept systems that direct users to put their trust in entities whose goal it is to extinguish free software. If that's the tradeoff, we better just turn Secure Boot off.

Please support the FSF's work in this area by joining as a member or making a one-time donation.

Re:A bit over the top (1)

vux984 (928602) | more than 2 years ago | (#40785975)

And if you read that document the FSF advocates options b) and c) in my previous post. (installing their own keys, signing their own code). This is something users are free to do without having to trust in microsoft nor interact with microsoft, nor "beg" for licenses from microsoft.

In other words, the FSF, unlike you, recognizes that users can install other OSes without Microsoft.

Re:A bit over the top (1)

Anonymous Coward | more than 2 years ago | (#40786037)

I guess I just found another reason to buy a Win7 PC instead of the Win8 version with blockeboot.

That'll show Microsoft.

Re:A bit over the top (0)

Anonymous Coward | about 2 years ago | (#40784909)

That they have the power to force this down everyone's throat is pretty much all the evidence needed to understand that they still have a monopoly. So it isn't an assumption.

The abuse is that they are forcing this down everyone's throat.

If that's not clear enough, bear in mind that the "this" referred to above is an overreaching anticompetitive measure.

A bit over the facts. (0)

Anonymous Coward | about 2 years ago | (#40784823)

The better plan is to sue Microsoft for abuse of their monopoly

It's only a better plan if one can demonstrate the facts support it.

Re:A bit over the top (1)

Mad Merlin (837387) | about 2 years ago | (#40784855)

Especially since I can't rightly say I have a better plan and neither does Mr. deRaadt.

The better plan is to sue Microsoft for abuse of their monopoly.

Perfect, then we can wait a decade for the case to go anywhere, only to have it thrown out in the end and all computers made within the past decade remain unusable.

Re:A bit over the top (4, Insightful)

UnknownSoldier (67820) | about 2 years ago | (#40784537)

> but calling them 'traitors' is a bit much.

Not really. They valued convenience over freedom. That is the antithesis of GPL / BSD. Once you start compromising your values for freedom it becomes easier to justify the convenience.

To paraphrase Ben Franklin: "Those Who Sacrifice Liberty For Security Deserve Neither"

At some point this short-sightedness will come back to haunt them.

Re:A bit over the top (2, Informative)

Anonymous Coward | about 2 years ago | (#40784613)

I think in this case, the additional words are important:

"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."

I give up liberties all the time, for various reasons.

Re:A bit over the top (0)

Anonymous Coward | about 2 years ago | (#40784837)

Dying for a cause is very noble and all, but in the end, you're still dead.

Re:A bit over the top (2)

UnknownSoldier (67820) | about 2 years ago | (#40785075)

Do you want to tell that to all the people that died for WW1 or WW2 ?

It is unfortunate that people have to die, but sometimes that is the only way to get others to listen -- that certain concepts, such as freedom are MORE important then one man's life.

Re:A bit over the top (0)

Anonymous Coward | about 2 years ago | (#40785363)

Already done, in the movie Patton:

I want you to remember that no bastard ever won a war by dying for his country. He won it by making the other poor, dumb bastard die for his country.

Re:A bit over the top (0)

Anonymous Coward | about 2 years ago | (#40785375)

The Charge of the Light Brigade is a far more apt comparison. Men died while accomplishing exactly nothing because they blindly followed stupid orders. Your suggestion is that non-Windows OSes should fade from existence (accomplishing nothing in the process) rather than fight and live on. That's a terrible plan.

Re:A bit over the top (0)

Anonymous Coward | about 2 years ago | (#40785215)

And when you die (whether for a cause or not), you're still dead.

Re:A bit over the top (1)

elashish14 (1302231) | more than 2 years ago | (#40786089)

Guess Ubuntu should take it as a sign that they have 'made it' that the same is now being said of them.

Maybe we should hold off on that until they turn a profit....

Expected (3, Informative)

Daniel_Staal (609844) | about 2 years ago | (#40784465)

I love OpenBSD, and run it on my firewall at home, but anyone who's followed De Raadt over the years has to be 100% expecting this.

Including the over-the-top language.

Re:Expected (2, Insightful)

masternerdguy (2468142) | about 2 years ago | (#40784585)

So he's pretty much your Richard Stallman?

Re:Expected (0)

Anonymous Coward | about 2 years ago | (#40784895)

He's more like their ESR.

Re:Expected (2)

Anubis350 (772791) | about 2 years ago | (#40785145)

I'm pretty sure Richard Stallman is *everyone's* Richard Stallman, and one is enough :-p

Re:Expected (2, Interesting)

Anonymous Coward | more than 2 years ago | (#40785525)

I've posted exactly one thing on the OpenBSD mailing list (I forget what... something technical and innocuous anyway) and I've been flamed by Theo De Raadt. I think you could make money selling T-shirts that said, "I've been flamed by The De Raadt". I've got a lot of respect for what he's accomplished, but flaming seems to be his customary mode of interaction.

I've also, on occasion, had the opportunity to interact with RMS via email. He has always been extremely generous with his time, gracious and polite, even when he disagreed with me. The guy takes a lot of heat for having strong views, but he genuinely seems like a really nice guy.

Really, I can't imagine two people who are more different in character.

Re:Expected (0)

Anonymous Coward | more than 2 years ago | (#40785771)

when was the last time RMS wrote any code? I mean they have very different primary functions, RMS is a PR guy and spokesman.

Re:Expected (-1)

Anonymous Coward | about 2 years ago | (#40784833)

While de Raadt has had some unfortunate declarations, such as telling one developer his newborn child was a disgrace to humanity, he's spot on in this case.
Especially regarding Canonical. They are actively trying to become the new Microsoft.
Steam, their cloud services, their secret deals with hardware developers, their crappy UI. Not that I think they will succeed but the idea is there.

Why I Left OpenBSD (0, Informative)

Anonymous Coward | more than 2 years ago | (#40785553)

I was a long-time OpenBSD user since the 3.1 days, and cut my teeth on Unix development there. I was attracted by its focus on security and conscientious coding practices. I was happy through the early 4.x days, but the more I got involved in developing for OpenBSD the more I was dissuaded from doing so.

Part of the issue was this focus on security. After I began to use OpenBSD at home and at work in earnest, I realized that it was limited in hardware support compared to other operating systems. I purchased a new workstation and portable within a year of each other, and both times came to some unhappy realizations about OpenBSD support.

I began to seriously look at Linux and FreeBSD at this point, knowing hardware support was much more robust. (I had also looked at NetBSD, but even though it booted on nearly everything, driver support was anemic.) I started to dual-boot FreeBSD on my workstation, and spent more and more time there. But it wasn't only hardware support that pushed me away from OpenBSD.

The FreeBSD development model is, to say the least, more sensible. Like I said, the more I got involved with OpenBSD development the more I was turned away, and that was mostly due to the project leader's attitude. During the run-up to OpenBSD 4.2, Theo de Raadt had been in a couple highly-publicized arguments with Linux developers, rubbing a ton of people the wrong way.

What many don't understand is that this was not an isolated incident. Try being an OpenBSD developer! These kind of scathing verbal assaults happened all of the time on the mailing lists. I was—and still am, actually—unsure whether Theo doesn't give a shit due to some philosophical stance, or can't help it due to something like Asperger syndrome. In either case, he typically drags anyone he disagrees with over the coals, all while telling them to stop taking it personally.

I wish Theo had taken some of his own advice. I believe he has hurt the OpenBSD platform more than he has helped it, and I also firmly believe that hardware support in OpenBSD sucks not because of code auditing practices or security focus, but because Theo has either scared or purposefully chased away developers.

Long-time OpenBSD developers might migrate to FreeBSD or Darwin; newbies might try for Linux instead. Those who taste the de Raadt wrath, however, always run in the end. A friend of mine once incurred his ire by asking the wrong question at the wrong time, and Theo de Raadt hacked his router and remotely remapped his keyboard!

This is abuse, plain and simple, and Theo's relationship with his developers is abusive. I feel bad for anyone who has to engage him in real life, and fear something Reiser-like happening in the future. This controlling, manipulative attitude coupled with periodic violent outbursts indicates a deep-seated mental health issue that has gone unchecked for far too long. If you are an OpenBSD developer, watch your back!

After all this mess, I switched to FreeBSD 7.2 and never looked back. I upgraded to FreeBSD 7.3 and started using FreeBSD 8 as soon as it was in pre-release, and I am eagerly working on FreeBSD 8.1. I feel spoiled now, too, because of the throng of developers devoted to professionally working the FreeBSD platform into something spectacular instead of naggling over trivial matters or admonishing one another.

The thriving FreeBSD ecosystem contrasts sharply with the Jonestown-like atmosphere of OpenBSD. There is also the fact that no one person looms so largely over any other; ego is checked at the door in FreeBSD since the goal is to make a great operating system, not lord over others like David Koresh and a harem of 14-year-old girls.

Feel free to disagree with me or point out counter-examples; I would love to read them now that I have left OpenBSD. I will always have a soft spot in my heart for the little secure operating system even though it leaves me with chills. I sometimes fondly load www.openbsd.org and read the latest release notes and smile wistfully.

It's okay to smile, now that I'm free from OpenBSD.

Re:Why I Left OpenBSD (1)

Anonymous Coward | more than 2 years ago | (#40785655)

It is official; Netcraft now confirms: *BSD is dying
One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming close on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.

You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.

FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.

Let's keep to the facts and look at the numbers.

OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a cockeyed miracle could save *BSD from its fate at this point in time. For all practical purposes, *BSD is dead.

Fact: *BSD is dying

Illogical ad hominem attack != valid debate (0, Interesting)

Anonymous Coward | more than 2 years ago | (#40785833)

I feel bad for anyone who has to engage him in real life, and fear something Reiser-like happening in the future. This controlling, manipulative attitude coupled with periodic violent outbursts indicates a deep-seated mental health issue that has gone unchecked for far too long. If you are an OpenBSD developer, watch your back!

So it's better to do PROZAC till you uncork\go postal! Quit trying to play psychiatric science professional - you're not qualified to do so for one thing. Your other example of him allegedly taking over the router of a naysayer made me laugh actually. Why?? First it's unsubstantiated anecdotal b.s. until you supply a citation and proof backing it. Secondly, I also suspect the person it happened to may have had it coming for one (probably a flamer who thought himself untouchable online and quite possibly started with DeRaadt). So, if it happened at all that is, it also shows he wasn't very technically competent from a security standpoint either or it would not have happened to him.

Lastly, as far as verbal assaults - your current blatantly illogical attempt at discrediting a guy based on anecdotal unsubstantiated statements and ad hominem attacks from yourself don't go very far here either. Especially since I doubt you've done 1/10th of what DeRaadt has in the science of computing. I wager I am so right here you won't be able to show you've done more than he has of good repute.

Nobody can tell me that people like yourself, that act the meek worm online with innuendo and implications with no backing is now playing psychiatric pro (which you clearly are not) is not the worst offender of all via implication and innuendo possible.

Get over yourself Mr. Shrink. You aren't one.

Re:Why I Left OpenBSD (3, Informative)

Anonymous Coward | more than 2 years ago | (#40786061)

http://www.trollaxor.com/2010/06/why-i-left-openbsd.html
Copy and paste from this retard.

1 thing I admire about him (4, Insightful)

Anonymous Coward | about 2 years ago | (#40785151)

He has courage. You have to admire him for being so forthright, right or wrong. It takes balls to act as he does in today's "politically correct society" (what a bunch of hooey) - which in my opinion, is just being as honest as he can despite profanities and what-not.

I state that, because there's truly only 1 thing I personally respect in debates: When people are shown incorrect with facts versus their points. Undeniable reputably backed hard facts that are on the subject at hand, only.

Otherwise, things like ad hominem attacks are nothing but rubbish crap, period.

Thus, when Mr. DeRaadt's undeniably shown to be full of utter crap on statements he's made (we all make mistakes mind you) and moreso, consistently? Then his detractors have actually made a solid point.

When Mr. DeRaadt hasn't been utterly disproven beyond a doubt on his ideas, despite his "let it all hang out" attitude (which to a degree I respect a great deal for the reasons stated above but admittedly, other times not), he has made HIS point, disproving his detractors.

It's as simple as that.

In other words, what I have noted is that when the media or other groups attack a person on illogical grounds, ala ad hominem attacks? They fear them (and often for quite selfish and often nefarious reasons that aren't for the good of others, only themselves. Just an observation from over 1/2 a century of my life now.)

From the article: (3, Insightful)

Fwipp (1473271) | about 2 years ago | (#40784469)

Responding to a query from iTWire about what OpenBSD, widely recognised as the most security-conscious UNIX, would be doing to cope with "secure" boot, De Raadt said: "We have no plans. I don't know what we'll do. We'll watch the disaster and hope that someone with enough power sees sense."

Is not wanting to "be the new Microsoft" worth being unprepared for a "disaster?"

Re:From the article: (0)

Anonymous Coward | about 2 years ago | (#40784861)

This. It is pretty funny. Two companies set up perfectly reasonable methods to get their binaries signed (something the rest of the Linux distros should be doing anyway - with ALL of their binaries) and Theo "the Flame" goes all Theo on them about it. But his plan is to beg users to turn off secure boot and make their machines more vulnerable to root kits. Way to go Theo. As usual, you rock man.

Re:From the article: (1)

nukenerd (172703) | about 2 years ago | (#40785077)

He is not "begging user to turn off secure boot", because, and this is the point, we will not be able to, the way things are going.

As for leaving me "vulnerable to a root kit", I will deal with that my own way, not Microsoft's way, thanks very much. Microsoft's way would be like leaving your house security in the hands of crooks.

Re:From the article: (2)

socceroos (1374367) | about 2 years ago | (#40785397)

Mark my words. Anyone who wants to get in to your SecureBoot enabled device will (read: governments now, crackers later). This is an abuse of monopoly and an attempt to seize more control of the user's device.

Re:From the article: (1)

Omnifarious (11933) | about 2 years ago | (#40784877)

That's my take on things. Secure boot, at this moment is 'do a deal with the devil or give up on being on those systems'.

I have no idea how Microsoft ended up being in the position to dictate this state of affairs, and hardware manufacturers should be ashamed of themselves. The law should be that you have the keys to your own hardware.

Maybe someone will sue over it and reverse it that way.

But I don't think of RedHat or Canonical as doing something evil over this, just trying to survive.

Re:From the article: (0)

Anonymous Coward | more than 2 years ago | (#40786029)

"But I don't think of RedHat or Canonical as doing something evil over this, just trying to survive."

They both have money to fight this. And should. But arent.

IIRC - Theo (3, Interesting)

Gunfighter (1944) | about 2 years ago | (#40784517)

Isn't Mr. De Raadt known for being a bit... shall we say, "pointed" on these sorts of things?

Re:IIRC - Theo (1)

wmbetts (1306001) | about 2 years ago | (#40784599)

That's a nice way to put it.

Re:IIRC - Theo (1)

Anonymous Coward | about 2 years ago | (#40784745)

Isn't Mr. De Raadt known for being a bit... shall we say, "pointed" on these sorts of things?

In the sense that a wild, angered porcupine is "pointed", yes.

Re:IIRC - Theo (0)

Anonymous Coward | about 2 years ago | (#40784949)

Lame. Theo is known for throwing a fit with the NetBSD crowd years ago. Since then I haven't seen him at fault for anything, any other software project owner wouldn't take liberty with. For example whining about feature requests on the mailing lists, expecting what amounts to free paid support from the mailing lists, or going into a long tirade about how horrible OBSD is because you haven't figured out how to configure it, etc. In this respect a discussion with theo isn't much different than anyone else, ballmer, linus, stallman, everyone gets pointed when you tell them their system sucks and they should do such and such instead. The difference is that you could be talking to Theo by the end of the week, maybe he'd explain in a quick drop in, why you had trouble with something, not necessarily to guide you through the minutia of the system, but to make a statement of fact about his engineering project. If you are talking to him next month or whining about how he's a big monster because he explained a peculiarity to you and you thought that peculiarity was stupid and he thought you weren't really being constructive, well, that's up to you.

Re:IIRC - Theo (0)

Anonymous Coward | about 2 years ago | (#40785413)

There's a reason why the OpenBSD logo is a pufferfish.

So what's the plan, Theo? (3, Interesting)

Chemisor (97276) | about 2 years ago | (#40784597)

Ok, Theo, let's hear your solution then. I, for one, would really love the ability to secure boot a Linux system, knowing that every component is still exactly as it was when I last checked it and nobody has sneakily installed malware that secretly emails spam to all my friends and my financial details to carding sites. Trusted hardware root and signed executables are good things. So tell us then how we are supposed to get them? You obviously do not believe that we should be using Microsoft's key to sign the bootloader. What should we use? Keep in mind that while you have no difficulty installing your own keys in the BIOS, to a typical user (you know, those poor shmucks who get infected most often) that's deep voodoo. Also keep in mind that while Microsoft has the pull to get its key loaded by default into all the TPM chips manufactured, Ubuntu does not. Neither does BSD.

Re:So what's the plan, Theo? (2, Insightful)

ceoyoyo (59147) | about 2 years ago | (#40784723)

The BIOS key comes printed in the manual. As a user, if you install the OS, you have to type that number in. Users who cannot enter numbers from a manual when prompted don't generally install OSes.

Re:So what's the plan, Theo? (0)

Anonymous Coward | about 2 years ago | (#40784923)

You just won secure boot ... or something.

Re:So what's the plan, Theo? (2)

snikulin (889460) | about 2 years ago | (#40784933)

A manual could get lost. What's about printing the key on M/B itself, like they do it with MAC ID? It better be some kind of bar code (RSA-4096 wold be tough to type in). Or (and?) BIOS/EFI could have a dedicated page where it shows the whole key in a hand-help scanner friendly format. But in this case the snapshot could leak to the internets.

Re:So what's the plan, Theo? (-1)

Anonymous Coward | about 2 years ago | (#40785057)

Supposed "IT professionals" on /. cry a lake of tears when asked to provide proof of licensing when the BSA comes a-knocking because "waah waah that's just too hard *sniffle*". And you're expecting ordinary end-users to keep track of a manual (basically the equivalent of kryptonite to normal people) or other slip of paper? LOL

Volume manufacturing? (1)

dutchwhizzman (817898) | about 2 years ago | (#40785091)

I wouldn't be surprised if the mass production of pre-installed systems will be helped with some sort of system that installs "enterprise/OEM" keys into the OS or the BIOS so fully automated installs can take place.

Now where have we seen this done before and what happened because of it?. I doubt this whole "secure boot" thing will last very long before software pirates will have found a way around it again. Once that happens, so will the malware authors and the wohle exercise will be useless again, just like all the other copy protection and anti malware schemes implemented by MicroSoft in their desktop operating systems.

Re:Volume manufacturing? (1)

Antique Geekmeister (740220) | more than 2 years ago | (#40785863)

Virtualization works very well against it.

Re:So what's the plan, Theo? (1)

nukenerd (172703) | about 2 years ago | (#40785127)

The BIOS key comes printed in the manual.

Not if the manual is as crappy as some that I have seen. And when you buy a PC from the high street, there is no guarantee that you will be forwarded the motherboard manual.

Re:So what's the plan, Theo? (1)

ceoyoyo (59147) | about 2 years ago | (#40785257)

If the key required to install ANY operating system is in the manual, you'll be given the manual. Or print it on the motherboard itself as someone else suggested.

Re:So what's the plan, Theo? (0)

Anonymous Coward | about 2 years ago | (#40784741)

Microsoft's keys will not be available to third parties on the ARM architecture. Only thing to do is wait for someone to bypass/hack/root the hardware.

External intermediate nonce & public key & (4, Informative)

tlambert (566799) | about 2 years ago | (#40785137)

You ship the TPM with a per-TPM public key in it, and a USB dongle with a certificate on it signed with the per-TPM secret key for the per-TPM public key, and then you require the presence of the dongle to intermediate the installation of the OS of your choice onto the machine. You allow installation of other public keys signed with the private key, and you have another public key and separate private key to permit per-device self-signing of whatever code you want, but only on a per-device basis.

Then you have your BIOS/EFI/UEFI/Coreboot/u-boot refuse to do anything other than go into "install mode" if the dongle is inserted so that the dongle will be removed after installation for normal operation so that it can't be abused by malware.

After that, all vendors are responsible for securing their own OS past the point of it being loaded into memory.

Re:So what's the plan, Theo? (1)

Anonymous Coward | about 2 years ago | (#40785293)

I, for one, would really love the ability to secure boot a Linux system, knowing that every component is still exactly as it was when I last checked it and nobody has sneakily installed malware that secretly emails spam to all my friends and my financial details to carding sites.

Has this ever been an issue with you on Linux? If secure boot does not allow you to run Python, a lot of scripts won't run. If it does allow you to run Python, a malicious Python script might still get you.

There's nothing wrong in running a company (0)

Anonymous Coward | about 2 years ago | (#40784639)

And there is nothing wrong in being listed at the nasdaq (unless you are facebbok inc ...).
And there is nothing wrong in making money and contribute back to the linux kernel.
Also canonical never made secret in being a wannabe apple, not exactly microsoft...

Re:There's nothing wrong in running a company (1)

Anonymous Coward | about 2 years ago | (#40785369)

Also canonical never made secret in being a wannabe apple, not exactly microsoft...

Strange: I'm running Ubuntu (Xubuntu actually), but not on Canonical hardware.

This stinks! (3, Interesting)

deltaromeo (821761) | about 2 years ago | (#40784661)

This whole Microsoft / Secure Boot situation is outrageous, it should never be allowed to be implemented, linux distro's should not be having to get anything signed by Microsoft. Hopefully some judge someday will see sense and kill it and also force Microsoft to carry positive mentions of other OS's in their advertisements in a similar fashion as the Apple / Samsung tablet ruling.

Canonical deserves it (0)

Anonymous Coward | about 2 years ago | (#40784703)

I used to like Ubuntu.

But no, change for change's sake is good. Let's ditch Gnome, its too old. Let's change the entire interface to be more like Win7, that's what people know. Let's bury stuff in endless menus and instead of making it functional lets make it PRETTY.

Canonical sucks and deserves every bit of criticism leveled at them. Ubuntu is dead, maybe Mint won't make the same mistakes.

Re:Canonical deserves it (1)

Desler (1608317) | about 2 years ago | (#40784717)

Let's change the entire interface to be more like Win7

Since when did Windows 7 have overlay scroll bars, global menus, and the title bar buttons on the left?

Re:Canonical deserves it (1)

oakgrove (845019) | about 2 years ago | (#40785241)

You're replying to a not so cleverly disguised false flag waving anti-Linux troll. Just thought you'd like to know.

Coreboot (0)

Anonymous Coward | about 2 years ago | (#40785013)

What we really need is at least one of the motherboard manufacturers to get onboard with Coreboot. There's quite a bit of new work being done. It's just a matter of getting the low-level documentation and time. There's only so much that can be done on an amateur basis. It's costly to buy motherboards just to port Coreboot.

Like RMS, Theo De Raadt is right when everyone (5, Interesting)

RLiegh (247921) | about 2 years ago | (#40785021)

else is wrong.

Sadly, MS has the power to take control of our computers away from us --and with secureboot they're doing exactly that. This is a direct attack on personal computing and the freedoms of the end-user to control the software on their computer.

RMS and Theo De Raadt are both right on this --but neither one of them has the influence needed to avert this attack, so it doesn't matter.

The era of personal, general-purpose computing is over.

Re:Like RMS, Theo De Raadt is right when everyone (1)

Anonymous Coward | about 2 years ago | (#40785143)

But the fact that some geniuses were laughed at does not imply that all who are laughed at are geniuses. They laughed at Columbus, they laughed at Fulton, they laughed at the Wright Brothers. But they also laughed at Bozo the Clown.

The world over is glad that the era of personal, general-purpose computing is over, because it has enabled the some of the fastest, innovative computing services we have ever seen.

Re:Like RMS, Theo De Raadt is right when everyone (1)

Anonymous Coward | about 2 years ago | (#40785163)

Spot on.

The only two Free distros/OSs that do have the influence have both acquiesced. He is right to call them out.

Re:Like RMS, Theo De Raadt is right when everyone (0)

Anonymous Coward | more than 2 years ago | (#40785781)

Directly from the article and from Microsoft as well:

"There will be a mechanism to turn off this method of booting on x86 hardware."

Don't like secure boot? Turn it off.

is installing Linux on Apple hardware a solution? (0)

Anonymous Coward | about 2 years ago | (#40785047)

It is possible that Apple will soon hop on the secure boot bandwagon, but until then, buying Apple hardware to run Linux seems to be something of a solution, despite being an expensive one.

Re:is installing Linux on Apple hardware a solutio (1)

greg1104 (461138) | about 2 years ago | (#40785361)

Given that Apple is actively adding Secure Boot Chain [crn.com] to their own devices, I wouldn't place a bet on them as the safe hardware platform here. Normally I buy used Lenovo laptops to put Linux on them. If Microsoft's Secure Boot starts to be more of an issue, I'd probabaly switch to a Linux hardware rebranding company like Emperor Linux [emperorlinux.com] to make sure I didn't end up with a problem system.

Microsoft Certification and BIOS (1)

RudyHartmann (1032120) | about 2 years ago | (#40785317)

From what I understand, Windows 8 will run on most contemporary hardware. I installed it on a 3.8GHz P4 system and it ran fine. But it looks like if you want Microsoft Certification, then you need a BIOS that contains the UEFI code. But what if a manufacturer doesn't care about Microsoft Certification and elects to install Windows 8 on a PC with a UEFI BIOS? Then Linux or other operating systems should have no problems dual booting with Windows 8. I conclude that market conditions may cause some PC OEM's to eschew this BIOS extension altogether. Especially if it annoys their potential customer base.

Re:Microsoft Certification and BIOS (1)

RudyHartmann (1032120) | about 2 years ago | (#40785399)

From what I understand, Windows 8 will run on most contemporary hardware. I installed it on a 3.8GHz P4 system and it ran fine. But it looks like if you want Microsoft Certification, then you need a BIOS that contains the UEFI code. But what if a manufacturer doesn't care about Microsoft Certification and elects to install Windows 8 on a PC with a UEFI BIOS? Then Linux or other operating systems should have no problems dual booting with Windows 8. I conclude that market conditions may cause some PC OEM's to eschew this BIOS extension altogether. Especially if it annoys their potential customer base.

Darn, I meant "But what if a manufacturer doesn't care about Microsoft Certification and elects to install Windows 8 on a PC without a UEFI BIOS? " Then they will be able to dual boot Windows 8 without Microsoft issuing a UEFI license.

Losing Influence (3, Informative)

wzinc (612701) | about 2 years ago | (#40785427)

Microsoft is quickly losing influence; I don't think their secure boot stuff is going to be that big of a deal. I would say they have a chance with Windows Server, but 2012 has Metro, so I think they'll be declining on all sides now. They don't seem to care about what people actually want; they just want to push some new thing.

Personally, I never liked Windows, but with Metro even on Server, I'll be seriously pushing Linux at work.

Theo ranting, film at 11 (5, Interesting)

Anonymous Coward | more than 2 years ago | (#40785709)

Theo, ranting, is why he got kicked off the NetBSD project. Theo, ranting, is why OpenBSD's drivers for Broadcom chipsets stink. (Look up how the original author tried to resolve the licensing problems of sticking his GPL drivers in an OpenBSD kernel and was ignored, then screamed at by Theo for making the issue public.) Theo, ranting, is why OpenBSD doesn't properly handle booting from software RAID. Theo, ranting, is why the OpenBSD installer works like the UNIX crap I learned to loath back in 1985 and can't store the state of what you've already selected or go back, you just have to start over from scratch. Theo, ranting, is why OpenSSH has no built-in support for chroot cages. Theo, ranting, is why OpenBSD has no virtualization server capability. Theo, ranting, is why OpenSSH still stores both host keys and by default, user private keys in clear text with no expiration, and has no plans to fix this. Theo, ranting, is why the "compatiblity chart" is a list of chipsets that don't match the actual chipsets published by the manufacturer, and usually are from chipsets at least 4 years old.

Theo, ranting, usually means you're doing something right for your actual client base rather than for his ivory tower. There's a reason OpenBSD is used only by fanboys who run it on "hobby" systems and don't get any work done. And yes, I've dealt with the crap for years: I *wrote* the first SunOS ports of SSH-1, SSH-2, and OpenSSH. (Theo's fan club did not write SSH: they ported Tatu's previously GPL work into OpenSSH, and screwed up the license. Surprisingly little of the actual codebase is due to OpenBSD hosted development.)

I don't get it (2)

future assassin (639396) | more than 2 years ago | (#40785749)

whats to stop manufacturers from not including secure boot in their hardware. No way there isn't a big market for some Chinese manufacturer to jump onto this and have the Linux world use their hardware.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?