Submitted by A big issue right now in the world of operating systems – especially Linux – is Microsoft’s requirement that all Windows 8 machines ship with UEFI’s secure boot enabled, with no requirement that OEMs implement it so users can turn it off. This has caused some concern in the Linux world, and considering Microsoft’s past and current business practices and the incompetence of OEMs, that’s not unwarranted. CNet’s Ed Bott decided to pose the issue to OEMs. Dell stated is has plans to include the option to turn secure boot off, while HP was a bit more vague about the issue.
Ed Bott contacted HP and Dell, and while his report is a bit abrasive, the gist of the matter is this. Dell confirmed that they have plans to ship Windows 8 machines with the ability to turn secure boot off in UEFI, while HP had no idea what was going on. BIOS maker AMI, meanwhile, has said it will advise OEMs to not remove the option, but adds that they can’t mandate as such.
A Dell spokesperson told Bott that “Dell has plans to make SecureBoot an enable/disable option in BIOS setup”. Dell plans to move to UEFI with secure boot in the Windows 8 time frame. Unlike how Bott presents it, ‘having plans’ is of course far from a definitive promise – but at least it’s somewhat reassuring.
HP, sadly, was less clear. “HP will continue to offer its customers a choice of operating systems,” HP told Bott, “We are working with industry partners to evaluate the options that will best serve our customers.” Nobody at HP was apparently even aware of the issue, which means this is a general PR statement with zero actual value.
Lastly, BIOS maker AMI stated that it “will advise OEMs to provide a default configuration that allows users to enable/disable secure boot, but it remains the choice of the OEM to do (or not do) so”. This is entirely reasonable – AMI just provides a software package, it doesn’t control what OEMs remove and include.
None of this is the reassuring words Bott makes them out to be. There are no promises, no assurances, nothing. My biggest fear is that like with BIOS today, every computer – even revisions within the same model – will have its own unique UEFI implementation, some of them broken and/or limited, without any means of telling which features are supported and implemented and which aren’t. Heck, I’ve encountered countless BIOS implementations over the years which only allowed you to change the boot drive order, and nothing else.
All in all, this issue is far from over, and what Bott has presented us with so far is by no means the smoking gun. Considering Microsoft’s history of anti-competitive practices, its current patent troll behaviour, and the general incompetence of OEMs, it’s entirely reasonable and smart for us geeks to be on our toes.
What “Other Operating Systems” can HP mean? It ain’t MacOSX.
Basically so far we have a screenshot from Micrsoft with the option actually being shown.
Dell says they are going to support it (because you know they also sell servers and Businesses might want to use Windows 7 instead of Windows 8 on desktops).
AMI are saying “We recommend not being dicks and having the option”.
Also what Manufacturer is their right mind are going to stop you from installing an older version of Windows … they would loose all their Business customers instantly.
Worst comes to worst … I suspect you can reflash with a compatible BIOS/UEFI (whatever you call it) … for that chipset … I have done this before and stopped silly ram limitations etc.
I think Ed Botts comments are completely correct … he has even shown evidence in the article that most of this is FUD (the GRUB not installing stuff). Remember Redhat have as much of an Agenda as any other tech company.
Also Manufacturers aren’t going to do this because the EU would f–k em.
I can understand if you are only talking ARM based devices.
I am waiting for the Zerg Rush!!
Edited 2011-11-03 20:03 UTC
Solaris of course.
Maybe yes … But Oracle has been bashing the shit outta HP recently … I don’t think there is much love there anymore.
Summary:
You believe OEMs and Microsoft on their blue eyes. After years of abuse and patent troll behaviour, smart people don’t.
Love it Thom … don’t actually dispute any of my points but make a blanket statement I am naive.
Honestly OEM aren’t going to give the Win7 market up after most Corps are just moving to it.
Microsoft are bloody benign compared to Mobile phone carriers, estate agents and Fasthosts (f–king evil).
Funnily enough I have never been abused by Microsoft or Bill Gates … At no point have my private parts be stimulated by Microsoft or Bill Gates against my will.
All they have ever done is expected me to pay for something they produce … Greedy f–ks.
Edited 2011-11-03 20:46 UTC
The fact that Microsoft is less evil than others does not make Microsoft benign. Are you really using bening and Microsoft in the same sentence?
Wow, really, that’s all they did? Nothing else?
From me yeah.
Seriously … you must never had worked with an “Digital Agency” …
We recently had a quote for £500 to correct a Switch statement.
expect me to pay for something i do not want (windows)
Don’t pay for it then … Lemur2 is always going on about that System76.
Vote with your wallet … I buy OpenBSD released since I use them … I vote with my wallet to support the project.
Edited 2011-11-03 23:22 UTC
no one sells a pc laptop without windows in sweden
FWIW, in my own country there are a few sources of computers where the OS is not included as part of the price.
Here is an example of a netbook and a low-end desktop:
http://pioneercomputers.com.au/products/configure.asp?c1=3&c2=12&id…
http://pioneercomputers.com.au/products/configure.asp?c1=4&c2=97&id…
The base prices of $349 AUD and $399 AUD do not include any OS except an option for Ubuntu.
Here are the additional costs for various Windows OS versions:
Microsoft Windows XP Professional [+$169] With CD
Microsoft Windows XP Home Edition with Recovery CD [+$39]
Microsoft Windows 7 Home Premium (32/64 Bit) [+$99] With CD
Microsoft Windows 7 Professional (32/64 Bit) [+$169] With CD
Microsoft Windows 7 Ultimate Upgrade/Full Version (64 Bit) [+$199] With CD
Ubuntu comes with an Office suite installed, so to match Ubuntu one would also have to purchase (at least) the following extra item as well:
Microsoft Office 2010 Home & Student [+$154]
So, for any option of Windows XP or Windows 7 the price would almost double, by the time you had purchased necessary software, compared to the Ubuntu option.
As long as Pioneer Computers is prepared to offer machines for sale without unwanted software bundled into the price, they are indeed worth of getting my custom.
For Windows 8 it would appear that Pioneer Computers may not be able to offer their customers the far better Ubuntu deal any longer. If that happens I would feel sorry for Pioneer Computers, but I would no longer buy from them, they would lose me as a customer. I would build up my own systems from piece parts if I have to.
I think it comes down to that you don’t want to pay money for stuff and you are cheap.
Edited 2011-11-04 00:11 UTC
I think it comes down to that you want me to pay money to Microsoft even though I don’t use their stuff.
In what possible universe is it sensible to pay twice as much as one has to, for any reason whatsoever? This question is especially pertinent when the better hardware/software combination is the one that is half the price.
Under what strange morailty is it a bad thing if people collaborate together to make a less expensive alternative available to everybody?
In what possible way is it a good thing for the Australian people, Australian business and the Australian economy to have a half-price alternative option to Microsoft made unavailable to them?
Do you have shares in Microsoft?
Edited 2011-11-04 01:06 UTC
While I wouldn’t disagree that a lack of available computers which come without Windows could be infuriating if you’ll never use it… I very much doubt it’s doubling the cost, especially when you’re talking about products like netbooks.
I would hazard a guess that the prices for Windows you’ve quoted are the price for a single user licence that is way more expensive (and less restrictive) than the bulk OEM licences which are sold with PCs.
However, it’s still a sham.
I only claimed a doubling in cost for low-end machines when one included MS Office to provide the equivalent functionality as offered with Ubuntu.
But it doesn’t occur just for low-end desktop machines:
http://www.theinquirer.net/inquirer/news/2122028/hp-launches-arm-bl…
I would assume there is no Windows option because the servers in question have up to 2,800 processors.
“HP’s Redstone servers pack four ARM-processor laden drawers into just 4U of space. The firm claims a total rack capacity of 2,800 processors. HP claims significant improvements in power usage and server density, though customers will want to see how the ARM-based chips handle their particular workloads before throwing out existing x86 kit.
HP announced that it is working with Linux vendors such as Canonical and Red Hat to provide software support for its developmental server range. Worryingly for Microsoft, Linux might steal a march over its Windows Server operating system in the ARM server market.”
You bet your bottom dollar that Linux might steal a march over Windows Server if people have to factor in the cost of 2,800 Windows Server licenses plus CALs.
The pleasing thing about efforts like this is that there are certainly still machines being made which boot Linux.
http://en.wikipedia.org/wiki/Coreboot
We might even, with a modicum of luck, finally begin to see Linux/ARM offered for desktop, laptop and netbook class machines (not just tablets).
No Wintel there, either.
To me, this would be the ultimate solution to the UEFI secure boot ploy.
Edited 2011-11-04 02:08 UTC
I already told you Lemur …
No I don’t have shares in Microsoft, Steve Ballmer pays me in Hookers and Coke. Me and Bill Gates hang around smoking Cubans in his mansion.
Linus comes round and says “those idiots still believe in this DESKTOP LINUX thing … ” and we all have a good chuckle about it …
http://www.tmrepository.com/trademarks/paidmicrosoftshill
Better software? You honestly think that Linux is better software than Windows? In what world?
There are people that don’t patch their Linux systems because they are afraid it will fall over.
People have problems with it all the time … and I haven’t seen much of an improvement in 10 years … while Windows and OSX have become very nice polished products.
I won’t get onto OSS(4) vs ALSA …
When it doesn’t work.
It also devalues Software Engineering as a profession.
There is also no incentive for Quality and Polish. XFCE can look nice but it looks like the default theme is nicked from Redhat 9 and looks throughly out of date
Also Endless churn of rewriting stuff from “scratch” … it has hurt the reputation of the KDE project and the Gnome Project, … Pulse Audio etc.
http://www.joelonsoftware.com/articles/fog0000000069.html
Releasing stuff when it isn’t ready … and the product is out of beta … i.e. Unity.
I sure do, in many cases. I also think OpenBSD is much superior to Windows.
You don’t need FOSS for this, it’s already done most thoroughly by commercial closed-source developers.
Ever wondered why “enterprisey” become a derogatory term? Sure wasn’t due to FOSS software.
Aka, 95% of commercial software out there. Hype your product, get it out there before it’s finished and then release endless updates (or “point-releases” as some braindead companies call them). This is especially true for games.
No, you don’t need FOSS to devalue the practice of software engineering.
Not saying that all FOSS software is the pinnacle of engineering but blaming it for devaluing software engineering as a profession is wrong.
It depends ultimately on it use, whether it is superior to Windows … as a desktop OS (the context it that we were discussing). You cannot say with a straight face that OpenBSD makes a easy to use desktop system for the likes of the un-washed masses, nor does Linux
Server there is some debate, but I don’t deal with Servers … only the things that run on them.
RMS’s has managed to convince people that hardwork should be given away for free … if that doesn’t devalue Software Engineering I don’t know what does.
OpenBSD, probably not. Linux…that can be debated.
The only server job Windows really does well is Active Directory. Of course, AD is both a blessing and a curse so I guess that’s a double-edged sword of sorts.
(Folks, please don’t argue about Samba. It’s not as good for this, not by a long shot)
FOSS > RMS (Thank God…)
That’s not what you argued anyway, you argued that the quality and polish, or lack thereof, of FOSS projects devalued software engineering.
Edited 2011-11-04 18:50 UTC
Developer stuff is great being given away for nothing … I use it all the time and TBH that IMO is building on the shoulders of Giants.
But commercial software should remain commercial … there is a big different between something like Office and some two bit dev company that rips off its customers (we work with those) and charges £100s for a switch statement.
Windows Server is damn stable these days in the 2000 days yes … it was crap … but the newer Windows 2008 server versions are rock solid … we recently had 6 years uptime on an internal server. Whether one likes to administer it is another thing.
Hi,
This is short-sighted (and I’ve seen it multiple times from multiple people).
In the short term I think you’re right – for desktop/workstation/server (and not for smaller stuff like tablets and notebooks), OEMs will want to support Win7; and other OSs (Linux, Solaris, the three BSDs, etc) will only be screwed on some of the smaller stuff.
In the longer term, OEMs will eventually forget about Win7 (in the same way that no sane OEM cares about Win98 anymore). This is what other OSs (and companies like Redhat, and organisations like FSF and GNU) should be worried about – not the next few years, but the next few decades.
A man jumps off of a 20 storey building. While passing the tenth floor observers hear him say “Going well so far”…
– Brendan
Never bought an Android phone, I see.
Summary:
I am Thom and I cannot make an arguement … classy.
They mean FreeDOS. I’m not joking; it’s a real option. You can configure some machines with either Windows or FreeDOS.
Last time I tried configuring an HP machine with FreeDOS, the configurator wouldn’t let me select the option to add the Windows and Centrino stickers, and apparently, there was a bunch of hardware which relied on those stickers to work because the configurator would tell me to add the stickers before adding the hardware.
It was quite comical. I’m not sure if HP still does that since I have written them off.
this is just another overblown topic purely based on fear and ignorance.
There are things wrong with UEFI and this ain’t one of them.
+1 I would upvote you .. but I can’t.
Also this comment is very interesting
http://www.zdnet.com/tb/1-107846#1_107846_2139335
It seems that once the OS is booted you cannot access UEFI.
I am interested about the negatives of UEFI can you provide me links please … so I can Edify myself?
Edited 2011-11-03 20:10 UTC
I don’t have any links to give you but I’ll tell you what I believe is wrong with UEFI. There was a video presention presented by the Plan9 guy Ron Minnich about CoreBoot which goes in further details.
UEFI itself is a small OS. It has it’s own drivers. Which is duplicate functionality since Windows/MacOS/Linux must also provide the same drivers and functions. There are videos on Youtube where people boot up their PCs to the desktop and simply remove the BIOS chip while everything runs. And nothing crashes.
Security and costs. More code, more complex, more bugs, more space needed. UEFI does more than the current BIOS.
There are no technical reasons why a simple hardware init + payload straight to the OS couldn’t be a replacement for today’s BIOS.
The only reason we still have this excess layer is none other than protecting other people’s IP and profits.
Anyway, I’m pretty sure someone will comment and tell me that I am wrong but those are my reasons about UEFI.
I’m not going to comment on the secureboot stuff because someone with a functioning brain knows there’s no issue here. It’s the usual fodder for the internet drama queens.
As predicted someone is writing to tell that they think you’re wrong, although only on the small matter about removing BIOS chips.
I once had a bad flash and the system wouldn’t boot, however I had a similar board nearby so I could boot to DOS on that, switch the *ROMS over and then force flash the BIOS image which failed previously.
Oh yeah, the point… While I’m not going to argue the merits of UEFI, what you said about removing the BIOS chip doesn’t appear to prove anything as it doesn’t seem any different to what was possible before.
This is a very underblown topic. The proof is the fact that HP has no clue about this issue.
Yes it is based on fear because we all know Microsoft. I’ll leave the ignorance to you.
This is by far the most important issue of UEFI.
Microsoft has no interest in disabling this “feature”. I’d say that Microsoft has a strong interest in locking the users to its own operating system.
The new standard is being made right now. It is extremely important that this standard is made right from the very beginning, before it is implemented. Because after that it will be very hard to change. We can’t wait and see how this UEFI will be. We must act now and make sure it is right.
Translation:
I am going to repeat everything other people have said … and not back it up with anything other than MicroSoft hatred.
Edited 2011-11-03 20:50 UTC
Speaking of standards being made right now, I hope that this proposal to the UEFI standards body will get somewhere.
http://mjg59.dreamwidth.org/6503.html
http://mjg59.dreamwidth.org/7411.html
Thom didn’t cover this in an article … it appears to be from a debian dev (I am going by the favicon, I honestly can’t be arsed to find out, feel free to correct me).
Redhat seems to be perpetuating this fallacy according to Ed Bott and this blog post supports this assertion.
Edited 2011-11-03 20:18 UTC
That post is from Matthew Garrett. Red Hat developer. The main driving force behind the effort you condemn.
Why the f–k the Debian favicon then?
Nevertheless … still proves my overrall point.
Lots of people spreading misinformation from one blog post … like the link says.
Problem? Doesn’t fit in with your Rhetoric?
Edited 2011-11-03 20:49 UTC
That’s a Dreamwidth logo not a Debian one….they spin in different directions.
Thanks for the correction.
A bit confusing though.
I wouldn’t regard CNet commentators as an authority on the matter, if I were you. Having read both Bott’s article and the various discussions he’s talking about, it looks like he’s just heard about some controversy, skimmed a few blog posts, and written up a quick and mostly uninformed article.
That blog post you link to is by Matthew Garrett, who’s probably the most knowledgeable person in the open-source community when it comes to UEFI booting. He’s also the one responsible for most of the noise around “secure boot”, precisely because he’s done his research.
That said, he does stick to the facts, hence the post you linked to, complaining about others spreading misinformation. As far as I can tell, this fuss is because someone else at Redhat had problems with UEFI, and jumped to the conclusion that it was relating to secure boot. Which can’t possibly be the case, as Garrett’s latest post points out… no “secure boot” systems are currently on the market…
The point still stands misinformation is being perpetuated.
Nothing was said about proper solutions though. Disabling secure boot is a dumb workaround, but not really the proper method. Proper method is giving the user a way to manage keys for the UEFI.
http://ozlabs.org/docs/uefi-secure-boot-impact-on-linux.pdf
https://www.linuxfoundation.org/publications/making-uefi-secure-boot…
This guy’s comments from http://www.zdnet.com/blog/bott/leading-pc-makers-confirm-no-windows… are just pathetic.
Edited 2011-11-03 21:09 UTC
shmerl,
“Nothing was said about proper solutions though. Disabling secure boot is a dumb workaround, but not really the proper method. Proper method is giving the user a way to manage keys for the UEFI.”
That’s just it, disabling secure boot should be a *last resort*. The inclusion of security features which users can’t enable for alternative operating systems is anti-competitive and makes them second class operating systems.
This is all the more frustrating because secure boot should have been engineered in a way the benefits the end user rather than restricting us.
Ed Bott doesn’t attempt to make any reasoned arguments and doesn’t even touch upon any of our real concerns (such as dual boot, the accessibility of keys, DRM, etc). He brushes off secure boot criticisms in one fell swoop when he jumps strait to the conclusion that this is a fud campaign in his first line. He hasn’t answered any of our questions, and seems more pissed off that we are asking them than anything else.
Damn it Ed, I look forward to new information on this important issue and all you’ve done is to re-frame the debate at an abstract level without addressing anything at all.
That comment deserves a zillion upvotes.
Mr Bott is pretty good at drumming up the sensationalism and FUD himself.
What movement against Secure Boot? The RH/Canonical/LF campaign is not anti-secure boot. Propaganda? For what? Having a choice? Is that somehow bad?
As for the confirmation by the leading PC makers…
HP’s company line pretty much mean “I dont fscking know, ok? Wait while we figure out what’s best for us”.
That’s hair-splitting. The blog post was made by Mr Sinofsky but the majority of the content written by Mr Mangefeste.
Funny how he takes the MS guys at their word but the LF guys are the devils minions, more or less. Yeah, Corporate propaganda is so much more trustworthy.
From the MS blog:
Funny how Mr Bott does not mention that, eh?
Also from the blog:
Yeah…anything not Windows 8 is old. No propaganda to see here. No sireeeee….
Blah blah blah, yadda yadda yadda. Much fud follows.
At the end of the day, this COULD become a problem so what’s the harm in attacking it now BEFORE it actually becomes one? Sitting on your ass and hoping for the best isn’t the wise choice.
Edited 2011-11-03 21:47 UTC
Angry much.
You are going off on one for the sake of it … TBH I have heard more FUD from the FLOSS community than anyone about Windows 8 ..
But never mind you guys like to raeg about whatever.
As I keep saying OEMs would be mental to stop people booting Widnows 7 since most businesses have only or just started testing for Win7 … and won’t want to move til nearer 2020.
But you know you can keep on reacting on your emotions and talking crap .. since that is largely what most people do here.
And what you’re doing is reasonable, calm, and utterly rational and not at all abrasive, right?
Well I keep on replying will well reasoned arguments but everyone seems to go into “Microsoft is the EVILZ!” mode … and cannot seem to go beyond that.
So after attacking arguing with a logical one must assume the other person has an Agenda, usually pro floss … or trolling … so I attack that … Problem??
OEMS will not stop the installation of Windows 7 for pure business reasons … something which you keep on ignoring .. and I have said in POST 1.
Which is for some odd reason is ignored 😐
Edited 2011-11-03 22:10 UTC
So the proof is just “most probably because of business reasons they wont”? Doesn’t sound assuring enough, since those reasons are not set in stone. While no rule mandates OEMs to give the user an ability to control UEFI keys or disabling it altogether – there is a risk of having a computer which won’t boot what user wants.
RAH RAH RAH RAH …
Windows 7 is supported til 2020 … most large businesses are only just thinking about moving to it and doing testing … the will probably never move to Windows 8 … and move to Windows 9 afterwards … or LCARS for all I know …
But Windows 7 is going to be around for the next good few years as well as Businesses that will use XP forever and ever … will need new hardware and just will make sure it is VMed or on a seperate non-internet enabled network (like much of our clients with Windows 2000).
Edited 2011-11-03 22:20 UTC
XP is still supported, while it’s not uncommon to have laptops that can’t work with XP because manufacturers didn’t care (no drivers), targeting them only for Vista for example. So forget about business reasons, we are talking about having solid standards and rules.
Edited 2011-11-03 22:23 UTC
What do you mean exactly.
My clients only have software that can run On windows 2000 or XP and they won’t retrain their staff .. so what is the answer …
Comon … what is it?
I mean that the argument like “manufacturers will care about supporting both Windows 7 and 8 on each machine” is not true. Practice showed that they didn’t do it with previous versions of Windows, so why suddenly they would do it now.
Edited 2011-11-03 22:40 UTC
LOLWOT …
On Commercial kit … most consumers won’t care. If they really want to run Linux/<Alt OS> they will just buy the kit that can.
Businesses will mandate this … so because most vendors wish to do a little as possible, expect that both commercial and business versions have very similar firmware …
lucas_maximus,
“Well I keep on replying will well reasoned arguments but everyone seems to go into ‘Microsoft is the EVILZ!’ mode … and cannot seem to go beyond that.”
This has absolutely nothing to do with microsoft being evil. I wouldn’t care if microsoft had zero involvement, it’s bad to have a security feature that bans owners from accessing the keys in their own hardware.
Now microsoft may be a primary benefactor and driver, but this criticism against the proposed secure boot spec has nothing to do with being anti-microsoft. It’s about the deteriorating conditions for those of us who believe an open computing future is better than a closed computing future.
There has been numerous evidence given that Secure boot and well reasoned arguments (booting old versions of Windows for business which MS still make money on) …
But you guys keep chanting the same shit again and again and again.
Even people at Microsoft that are actually speak against Microsoft about some stuff (Scott Hanselman) says that Microsoft is too cumbersome and disjointed to actually “be evil” like Darth Vader .. imperial march stuff … but whatever you probably won’t listen.
http://www.hanselman.com/blog/SixMonthsInTheInsideAmIEvilYet.aspx
Edited 2011-11-03 22:40 UTC
lucas_maximus,
“But you guys keep chanting the same shit again and again and again.”
Until our concerns are addressed, I’m afraid your going to have to continue listening this same shit again and again… You haven’t addressed them either by the way, I welcome answers from you or anyone else (although I need official sources in order to take them seriously), but it seems the details are being kept behind closed doors.
These are the same questions you haven’t answered before, but feel free to take a stab at them this time:
Will duel booting be possible without switching bios settings back and forth and without crippling windows?
Will users be able to use system utilities like barepe or utlimate boot cd?
Will owners be able to control the platform keys out of the box?
Will owners be able to get access to keys by contacting manufacturers?
Will manufacturers use shared or individual platform keys? If shared, then how can they transfer control for some machines while maintaining secure ownership of all the others? If individual, then how will they verify the ownership of the person requesting the transfer?
Will independent operating systems (smaller than linux) be able to get their keys signed in practice?
Will owners have the ability to not trust microsoft on their personal system?
How will manufacturers who hold the platform keys verify that independent operating systems (like Neolander’s here) aren’t in fact malware?
If an exploit is found in the installation media for a signed OS, will that key be revoked? If so, how will people reinstall their OS?
How will vendors convey these restrictions at the point of sale?
Will people be entitled to refunds if they find secure boot giving them trouble?
Will the manufacturers continue updating OS keys for older systems after warranties expire?
Can we trust that vendors won’t tighten their grip over secure boot restrictions as time goes by and more and more systems have it installed?
You may find some of these questions irrelevant to you, but they are extremely relevant to anyone who believes in the merits of open computing.
tl;dr;
Read the f–king article.
UEFI doesn’t allow any OS interaction with it. That is the whole idea there isn’t an OS API to interact with it .. which is why it is secure.
There are manufacturers (big ones) that say they aren’t going to be dicks and not give you the option. Even the BIOS guys are saying “We want you do to it not piss people off”. WTF more do you guys want?
You can boot your precious Operating System (I am an OpenBSD/Win 7 user).
GPL is incompatiple with secure boot (thanks to RMS, but BSD is alright).
WTF more do you want?
Edited 2011-11-03 23:58 UTC
lucas_maximus,
“tl;dr;”
“WTF more do you want?”
Honestly, I just want you to stop side stepping the issues and then pretending your right.
Edited 2011-11-04 03:27 UTC
Half of it was an anti-microsoft rant .. so it was tl;dr;
There is not one single thread of evidence that OEMs are going to give you a BIOS option to turn secure boot off.
So far there has been tons of evidence that they will … but people on here will continue to raeg.
Lucas – do you have any evidence that Microsoft will require OEMs to provide a way to boot other operating systems? Any evidence at all?
Do you have any evidence that Microsoft will require OEMs to provide a way to boot other versions of Windows? Would the owners of these computers like the ability to run newer versions? Would they like to be able to run older versions?
I’m not willing to assume good intentions on the part of any company – Microsoft, PC makers, Apple, or Red Hat. Microsoft has not stated in clear language that they want the buyers of PCs to be able to run the operating system of the owner’s choice. Most OEMs haven’t made owner control of systems a matter of policy; the few that have said anything have offered a poor work-around (disabling secure boot) rather than the preferred method of secure booting using owner-provided keys.
Maybe I’m a control freak. When I buy something, I think that means I control it. I don’t like the manufacturer telling me what software I can run after I own it, I don’t like movie makers telling me I’m not allowed to watch a movie I legally purchased in another country. When you sell me something, you shouldn’t control how I use it after you have my money.
I want secure booting. I want to securely boot the operating system of my choice. It can be that way, if we insist on it. Secure booting could also limit your use of your own property. If that happens, it will happen because gullible people counted on good intentions. It will happen because people dismissed the warnings as coming from Microsoft haters and crackpots, instead of taking the time to understand the issue.
I don’t trust Microsoft to protect my interests. I don’t trust HP to protect my interests. I don’t trust ANY company to protect my interests. I need to look out for my interests myself, which is why I urge you to protect your interests. Maybe all of the companies involved will do what I what I want, but it would be foolish to count on it.
Summary of your post
“I think Microsoft is the number of the beast … Bill Gates is Satan”
“There is no proof that something won’t happen … so I consider it a possibility”
However …
The logic you are using is similar to saying “You cannot disprove god .. therefore god exists”.
Do me a favour and get a clue.
Edited 2011-11-05 02:16 UTC
Troll!
“Half of it was an anti-microsoft rant .. so it was tl;dr;”
Wow, you say you didn’t read it, and yet you somehow still claim to know what it said? That’s incredibly ignorant. I challenge you once again to read it and answer the questions without beating around the bush.
“There is not one single thread of evidence that OEMs are going to give you a BIOS option to turn secure boot off.”
Freudian slip?
“So far there has been tons of evidence that they will … but people on here will continue to raeg.”
Maybe. But this rebuttal is a straw man that has nothing to do with the secure boot criticisms I made in this thread.
Edited 2011-11-05 04:04 UTC
That would be good, if true. However, to this point in time, it is just CNet’s Ed Bott saying this, not manufacturers (big ones).
Not a problem anyway, FOSS guys have their own BIOSes.
GRUB is GPL
http://en.wikipedia.org/wiki/GNU_GRUB
… but LILO isn’t
http://en.wikipedia.org/wiki/LILO_%28boot_loader%29
… and Splashtop is proprietary.
http://en.wikipedia.org/wiki/Splashtop
Control over hardware that we purchase. “Sovreignity”, if you will. If the hardware has UEFI with secure boot, then the owner of the hardware (the person who pays for it) should be the one to have control over keys. Not OEMs.
Edited 2011-11-04 03:39 UTC
lemur2,
“Control over hardware that we purchase. ‘Sovreignity’, if you will. If the hardware has UEFI with secure boot, then the owner of the hardware (the person who pays for it) should be the one to have control over keys. Not OEMs.”
Exactly. While many people will not care about keys, what reason is there to deny access to those of us that do? Does anyone have a good reason owners should not be entitled to their own keys?
Just on this topic, I seem to recall that recently a politician in the EU was making noises about wanting to allow people to run only “approved” software on their machines. Approved by whom? With what agenda?
How 1984, hey?
http://en.wikipedia.org/wiki/The_Right_to_Read
http://www.gnu.org/philosophy/right-to-read.html
“It was also possible to bypass the copyright monitors by installing a modified system kernel. Dan would eventually find out about the free kernels, even entire free operating systems, that had existed around the turn of the century. But not only were they illegal, like debuggers—you could not install one if you had one, without knowing your computer’s root password. And neither the FBI nor Microsoft Support would tell you that.”
Prophetic, really.
Edited 2011-11-04 04:41 UTC
lemur2,
I’ve never read CS literature like that before. Not sure if that style could be extended to a whole novel, but I quite enjoyed it. Most popular authors just pretend to be savvy.
Though my view isn’t as extreme as Stallman’s, I am extremely concerned over the moves in industry to curtail open computing by the major corporations. I don’t have high hopes that things will turn out right for consumers if we sit back and let the big corps take their course.
I am on the same page as you here. Spot on. I’m pretty sure also that there are not many people anywhere who would have views as extreme as Stallman’s.
Nevertheless, it is uncanny when you consider that Stallamn’s short story “The Right to Read” was first published in 1997.
It is, as I said, almost a prophecy. A vision of things to come. The only thing Stallman may not have had right is the year … Stallman’s story was set in 2047, not 2011.
http://en.wikipedia.org/wiki/Protect_IP_Act
If one is not vigilant against threats such as these, then one will lose one’s freedom even before anyone becomes aware that anything has happened.
Edited 2011-11-04 05:57 UTC
Hi,
Did you have a look at the proposal made to the UEFI standards body to allow installing new signing keys from live media ? It’s linked to somewhere in the first 30 comments of this article. Although not yet full user control on keys (can users revoke the Microsoft key if they want to ?), it would already be something…
Neolander,
I think there are a number of possible remedies, the Linux Foundation’s suggestion is good but toothless. Prompting the user about new media keys is good for choice, but admittedly somewhat dangerous. Ideally there needs to be a mechanism where a user can easily explicitly define the chain of trust (like going into the BIOS and configuring it), but accidental approval (like a y/n prompt) might be avoided. Of course now that the spec and windows certification requirements are in place, there isn’t much room left for re-engineering.
The only engineering reason not to explicitly put the owner at the top of the secure boot trust model is for DRM. Either the engineers failed to anticipate the user restriction/control issues (in which case they deserve to loose their jobs), or they knew exactly what they were doing (in which case they knowingly committed a huge disservice for the personal computing community).
There is one subtle, but major technical issue with the current spec which means OEMs won’t be able to transfer control over shared OEM platform keys to individual end users even if they wanted to in the future (using the mechanisms in the spec). Resetting the PK requires the a token signed by the old private platform key, however this token would be effective on any system, which means whoever possess this reset token could incorporate it into malware and therefor compromise the secure boot security of every other computer sharing the same platform key. This ultimately means OEMs will not be able to release PKs in the future unless they explicitly engineer some alternate backdoor mechanisms up front.
Hopefully there is enough public criticism to make a difference and force secure boot to be fixed.
No.
No.
So have I. I don’t think most OEM’s will prevent other OS to be installed or, in case of server hardware, even enable secure boot by default. That doesn’t mean this isn’t a potential problem and going off on a rant against RH/C/FSF and the FOSS community, who’s trying to prevent the problem, is just lame.
There is no evidence that there is going to be a problem.
More from that MS blog post:
Sounds like an oxymoron to me. So is the user in control, or OEMs are free to choose how to enable/disable user’s ability to control UEFI? Sounds like the second is more to the point, and “user is in control” is just empty PR talk.
I will keep on arguing the same stuff whatever the evidence presented to me.</sarcasm>
Dell and HP have said they will support disable secure boot. Why don’t you actually like raeg when they like “don’t” do what they say. Since the statements are perfectly clear to me … apparently not Thom … I don’t see what the problem is.
See above. Disabling secure boot is not a proper solution for this problem.
How about you explain, but I doubt you can.
Edited 2011-11-03 22:27 UTC
How about you stop trolling and read the thread carefully?
See: http://www.osnews.com/permalink?495695
Spend some time reading documents linked there, and come back to discuss it after that.
Err trolling apparently is a well reasoned arguement 😐 …
No I am not going to read a thread on OSNews as evidence … since most of it is misinformation from guys likes you.
Links to source material that aren’t from biased sources or GTFO.
Edited 2011-11-03 23:06 UTC
Since you aren’t going to read it – stop asking questions. And discussion is pointless with those who are lazy to research the issue first.
Edited 2011-11-03 23:08 UTC
You copped out!
I asked for Source documentation not something from a Biased source and you couldn’t provide it.
I am not going to read an URL that is actual FUD from some Linux Lover.
Edited 2011-11-03 23:14 UTC
Stop trolling!
Guys, quit it, or I’ll moderate the thread into oblivion.
Coincidentally, I’m playing Oblivion right now.
Trolling … MEEEEEEE .. never 😉
Seriously … do you expect me to believe anything other than the manufacturers and the UEFI specs … and what actually happens.
So far there is evidence to the contary to the beliefs that seem to be popular … yet not anyone can post any credible proof that Linux and Other Operating System can’t boot …
Yet the statements in the original article are quite firm “we will let people boot other shit if they really want with minimal fucking around” … yet people are stilling rageing about it.
It’s so good that you can admit that to yourself.
Very clever mate … Comon … it the usual “We hate Microsoft and there is a massive conspiracy against Linux” …
Edited 2011-11-04 10:31 UTC
So far you are the only one constantly bringing up that conspiracy theory.
It’s all about potential OEM laziness over the implementation of a MS specification that doesn’t consider whether other OSes might be able to boot (and why should they require anything else, they are in the business of selling their own OS).
Would MS love seeing competing operating systems locked out (or at least inconvenienced) out of PCs? Certainly, but that doesn’t make it a conspiracy, they aren’t actively pushing that with SecureBoot.
Seriously, as someone posted above, complaining about RedHat & Co. trying to make sure that OEMs will implement SecureBoot properly so their operating systems will boot with zero problems is lame.
It’s a sensible thing to do, though – the majority would never enable the feature, and it’d be all for nothing.
As long as “enabled by default” doesn’t imply “with no way to disable it”, it’s a perfectly fine choice IMHO.
I’m almost positive of what HP will do.
Business PC’s: You’ll have the option to install alternate OS’s, whether it’s disabling UEFI or by providing keys for other OS’s.
Consumer PC’s: Windows 8 is all you’ll get. DEAL WITH IT! Just like HP refused to provide drivers so consumers could downgrade Vista machines to XP, don’t expect to be able to replace Windows 8 with any other Windows, let alone Linux or other OS’s.
10 years ago PCs were mostly around $1,000.
Today you can get cheaper options, yet people still want them to have all the features of the $1,000 machines.
People, you get what you pay for. Live with it.
If you have to spend $1,000 on a business class PC in order to get decent features, then you aren’t any worse off than you were in the year 2000.
If you buy a $350 PC, it’s going to be locked down, not have an install CD, come with annoying preinstalled software, and in the future probably be locked so you can’t even get rid of the crapware.
In the end of course you can assemble your own machine, getting a motherboard with sane BIOS, and avoiding all this junk. But that’s not the point. The point is a principle of having a choice for the user of any machine, not just the one you assembled on your own. It doesn’t matter whether it costs $350 or $1000. Lower price doesn’t mandate crippling the device in regards of user’s control.
Edited 2011-11-03 22:50 UTC
There is no evidence that “crippling is going to happen” … however you keep on chanting the same stuff like it is fact even though so far there is no evidence to support it except for Microsoft hatred.
Edited 2011-11-03 23:10 UTC
do you have evidence that crippling isn’t going to happen ?
the old if you don’t like microsoft then you are a hater
You argument is similar to …
do you have Evidence that God Doesn’t Exist?
… Is pretty much the same question you are asking.
You are trying to prove something by saying that I can’t disprove it …. doesn’t work like that 😉
Edited 2011-11-03 23:26 UTC
I’ll take that as a no.
Edited 2011-11-06 08:58 UTC
This may come as a shock but a company protecting their interests is more important than your view on principles. Further, the fact that users have a number of options is _exactly_ the point. Nobody is being forced to purchase “Designed for Windows 8” systems, they are willingly choosing to do so. If such a system doesn’t suit their needs, don’t buy the system. The idea is very very very simple yet some act as if merely suggesting it is like ripping their arms and legs off.
This is exactly what I am thinking, except “HP” can be substituted with any OEM. A slight variation on the consumer PC is there will be an “enthusiast” model that costs more, just for the ability to disable SecureBoot, or it will have Windows 8 “The Shiznit” edition to help justify the cost.
i would go back to the store and demand my money back if the laptop i bought is locked into windows 8
Nice approach … for those not familiar with it .. it is called “voting with your wallet”.
lets see all laptops comes with windows 8 no i do not want a crapple craptop so voting with my wallet is impossible if i need a laptop!
System 76, iXsystems, and I expect a few others.
As I said if you are paying for principle expect to pay a bit more … that is how things work normally … it is called economics.
Not available in Sweden + i do not own a credit card
Edited 2011-11-03 23:46 UTC
As long as it is enabled by default it is still bad.
Sure you should be able to turn it on-or-off, I would expect that… not being able to do so sounds like a new monopoly case waiting to happen. Because then basically your not buying the hardware anymore… the vendor just made sure that they retain ownership of the ability to use the device as you see fit.
I’m still wondering how this all works in practice but enabling it by default would create another big hurdle for <quote>normal</quote> people to use a computer.
Now any third-party (that can not get there key in?) must add detailed instructions for the end user on how to use there software. Most likely lots of people are going to fail in this or feel like it’s too difficult.
Different bioses has different interfaces, different places to put this options or just don’t present it at all.
How are normal people going to make sense of this ?
It makes the computer one little step closer to rocket science.
Why? Other than you long reasons that you have made up.
It means trojans won’t be able to install stuff into the BIOS … apparently security is bad.
You are stiling going to be pressing an F<key> at boot an alternative OS … or something similar.
Edited 2011-11-04 00:28 UTC
Secure booting is a good idea, if implemented well. But there is a possibility that poorly conceived implementations could lock us out of our own hardware.
Microsoft has a logo program which provides OEMs with incentive to include secure booting. There’s nothing wrong with that – in isolation. I welcome a world where Windows users are protected from a nasty form of malware. I don’t need to run Windows to benefit from fewer compromised Windows systems; less spam would be nice.
But secure booting does not exist in isolation. It exists in a world where Microsoft has a history of using unscrupulous and often illegal means to suppress competition. This has harmed everyone, including Microsoft, in my opinion. Microsoft has long had the ability to compete on the basis of product quality and value. When they have chosen to twist arms instead, their products have stagnated.
This happens with every company that takes the largest market share. IBM ruled the mainframe world, and that left them vulnerable to minicomputers. It’s easy to overlook future opportunities when you are focused on your present success. DEC did the same thing; they grabbed the commanding share of minicomputers, and they missed workstations and personal computers. IBM was so late to personal computers that they chose to come out with one using off-the-shelf processors and operating systems from third parties, to our great benefit. GM was the largest auto maker, Western Union could deliver messages anywhere quickly, and so on. Success breed complacency, and eventual decline.
OEMs have sufficient reason to ensure that their systems can boot Windows securely. Server makers probably have reason to ensure secure booting of other operating systems. But there isn’t enough incentive to make sure that laptops and desktops boot anything other than Windows, and perhaps even only the version of Windows that shipped with the system. Even Windows users should be concerned, if you want to upgrade in the future.
Microsoft could change their logo program to include a requirement that end users have the ability to install their own boot keys. Windows would stay secure. Most users would ignore this ability.
Microsoft could solve this, but they haven’t. They know that they haven’t specifically required OEMs to deliver Windows-only systems, so they’re off the legal hook. But they haven’t prevented OEMs from delivering Windows-only systems, either, and they don’t seem to be willing to take that simple step.
Microsoft is very, very good at these sorts of games, and they are very good at suckering the gullible into repeating their spin.
Edited 2011-11-04 00:40 UTC
For those that didn’t bother digging through all the links, you can stop blaming Red Hat for some kind of conspiracy. The post from the Red Hat employee about HP and UEFI had nothing to do with this debate. It was simply a posting asking for help with a problem that HP identified as the UEFI. Now maybe it is, and maybe they were wrong. The article never mentions secure boot as indeed the machine in question doesn’t have secure boot. But that doesn’t mean that a problem in the UEFI wasn’t still causing the end user trouble.
Good to see that Mr Bott really did his homework and does not have an agenda at all…<cough>….
As far as we know, Lunix accounts for over 95% of desktop OS installations.
If anyone is in peril, that would be without a doubt, Microsoft.
In a couple of years smartphones will be powerful enough to run as desktops for many users. They really just need an industry standard docking system to provide power, a large monitor, keyboard and mouse.
Goodbye Windows dominance.
UEFI isn’t required to be on by default. It’s simply required to be supported.
#1 Microsoft doesn’t require secure boot to be enabled by default
#2 Microsoft doesn’t require OEMs to not provide a way to disable secure boot
#3 Microsoft is spreading FUD: they don’t want secure boot because they care about user’s security, they want secure boot because they wrongfully think it will stop piracy
#4 Even with secure bot, crackers will find a way to circumvent it, in no more than a few days after Windows 8 release
#5 If OEMs doesn’t implement a way to disable secure boot, it is their fault, not Microsoft’s
I don’t buy hardware from Apple, HP, Dell or whatever. I buy cpu, motherboard, video card, hdd, case, psu and I assemble it myself. I always consider the best bang for the buck and if I assemble a PC myself. I end up with a much better machine for the same amount of money. Even with laptops, I will buy a lowend and tinker with it. Add memory, a better cpu, a larger hdd.
Also, if one of my friends needs a new computer, I will research benchmarks, search for parts and assemble it myself. It takes less than half an hour. And you’ll have the best price/performance ratio.
All linux/BSD users are more technical then plain Os X/Windows users.
If you don’t like Dell, HP or other OEM, you can always do it yourself and vote with your money.
I even recommended that two of the linux staff guys to be fired, at one of my ex-workplaces. They demanded over-expensive HP servers and subscription to Red Hat. I proved to the CEO (he wasn’t a technical guy and the company wasn’t into IT) that we can build ourselves much better servers at a fraction of price and use CentOS, or Scientific Linux, or even FreeBSD. I did win and they got fired.
twitterfire,
“#1 Microsoft doesn’t require secure boot to be enabled by default”
Do you have citation for that? Maybe it’s changed, but this isn’t what’s been reported. Also, we don’t know if windows will run without restrictions if it’s disabled.
http://mjg59.dreamwidth.org/5850.html?thread=142554
“Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled.”
“#2 Microsoft doesn’t require OEMs to not provide a way to disable secure boot”
Ok.
“#3 Microsoft is spreading FUD: they don’t want secure boot because they care about user’s security, they want secure boot because they wrongfully think it will stop piracy”
It’s possible microsoft is using it to sell media companies on DRM.
“#4 Even with secure bot, crackers will find a way to circumvent it, in no more than a few days after Windows 8 release”
The secure boot spec itself won’t be cracked, just individual implementations. And even then secure boot has far fewer attack vectors than a modern multiuser operating system. It won’t necessarily be crackable in software.
I think you agree that secure boot or no, the weakest link in the chain is still windows itself. Secure boot won’t fix any of the OS or application level security problems.
“#5 If OEMs doesn’t implement a way to disable secure boot, it is their fault, not Microsoft’s”
Partly true, but this ignores the potential for dual boot issues, which is entirely in microsoft’s hands now. Also remember that Microsoft had involvement in writing the spec which has no regard for keeping owners in control.
Additionally, many of us are uncomfortable with a security feature which will sometimes be locked to windows, and that will be difficult to impossible for users to enable for independent operating systems. This is apparently the biproduct of either a glaring oversight by an incompetent engineering team, or a hidden corporate agenda.
Edited 2011-11-05 19:59 UTC
If buying a prebuilt system locked to a specific OS is a problem for you, do not buy a prebuilt system locked to a specific OS. You have several alternatives so be smart about your purchase and buy something that suits your needs rather than something that doesn’t and then complain about it.
Rocket science? No. Common sense? Yes, and that’s what people should be spreading right now,… not unjustified fear based on assumptioned about secure boot.
Edited 2011-11-06 03:02 UTC
ilovebeer,
“If buying a prebuilt system locked to a specific OS is a problem for you, do not buy a prebuilt system locked to a specific OS. You have several alternatives so be smart about your purchase and buy something that suits your needs rather than something that doesn’t and then complain about it.”
I’m sure I’ve answered this already, but here we go…
Existing knowledgeable linux users will suffer somewhat due to the worsening availability of equipment that works for us, new or used. Keep in mind many linux users also need to use windows, and we don’t all care to build our own systems. We probably won’t be able to get the scales of economy deals any longer because of these restrictions. I know you don’t care about keeping our supplier options open, but that doesn’t make the point any less valid, fragmentation will hurt us.
A bigger concern, IMO, is that the vendor locks on new windows machines will severely limit alternate OS adoption by newbies. The reasons for this should be obvious. Saying it’s their fault for not knowing any better is ridiculous considering that there was no reason they should have been locked in the first place.
I’ve already pointed out issues with secure boot that affect windows users as well. I appreciate that you don’t care about any of it’s problems, and that’s ok. But that’s not a reason to dismiss the problems for everyone else, we have legitimate reasons to be concerned and seek answers.
1. It’s not Microsoft’s responsibility to cater to Linux users wants.
2. The availability of Linux-compatible hardware is absolutely NOT “worsening.” – whatever that is supposed to mean to begin with. As a matter of fact, the opposite is true… more and more hardware is supported with each iteration of the Linux kernel alone, not to mention out-of-kernel drivers.
3. If you choose not to buy or build a system that suits your needs, it’s your own fault and your own problem. Vendors aren’t to blame, Microsoft isn’t to blame, just you.
4. Nothing you’ve said is based in reality, truth, or fact. In other words, you’re just trying to spread unjustified FUD.
1. There is absolutely nothing wrong or illegal with Microsoft or system vendors protecting their interests.
2. If a user does not consider their needs and research their options, picking one that best suits those needs, then yes it’s absolutely their own fault. What’s ridiculous is that you think users have no personal responsibility.
1. IF reality becomes “Designed for Windows 8” systems are actually locked to only Windows 8, then the only people who should consider buying those systems are people who intend to use Windows 8. If you insist on buying something doesn’t suit your needs, stop the pointless whining and learn to make better decisions.
No matter how hard you try, you simply can not ignore the fact that you have several other options available to you aside of buying “Designed for Windows 8” systems. If the systems turn out not to be suited for your use, DON’T BUY THEM. It’s such a basic and simplistic idea that it shouldn’t even need to be pointed out.
You’re behaving like somebody that buys a circle and complains that it’s not a square. Stupidity and/or ignorance doesn’t magically make your poor decisions someone elses fault.
So your point is that instead of asking OEMs to come up with a sane SecureBoot implementation we should suck it up and beg for the crumbs shopping around for the few non Windows8 hardware that we can find.
Will any OEM be selling PCs and laptops without Windows8 in a couple of years?
Do you actually believe pc hardware is going to magically vanish the moment Windows 8 becomes available? Come on, you can’t be serious.
When did secure boot on “Designed for Windows 8” prebuilt systems suddenly turn into the elimination of nearly anything not being the logo? It didn’t. The fear mongers and your imagination is getting the better of you because there is not a single shred of evidence or proof that what you’ve proposed will actually happen. Fearing the rapture doesn’t make the rapture come true — you should be well aware of by now.
Yes, of course. This is not even in question for those of us who know better than to buy into the baseless imaginary BS that anything non-Windows 8 will soon cease to exist.
Again, this is not about fear mongering, but about saying to OEMs “see, we might have problems if you implemented SecureBoot in a certain way. Could you do it this other way instead?”.
I seriously don’t know why people is making such a huge issue of anyone making that request.
Who has a problem with the request? Nobody that I’ve seen. My problem is with people who are intentionally being misleading, untruthful, or flat out lying seemingly in an attempt to create fear. Then you have the ones who may genuinely have their head in the clouds thinking they have rights that don’t actually exists and all of that.
When did wanting people to be educated and knowledgeable on a topic become a bad thing? I prefer to have discussions based in reality while there are others who obviously prefer fantasy.
ilovebeer,
“1. It’s not Microsoft’s responsibility to cater to Linux users wants.”
Overlooking possible anti-trust violations, you’re absolutely right, however this simply does not dismiss our concerns.
“2. … more and more hardware is supported with each iteration of the Linux kernel alone, not to mention out-of-kernel drivers.”
Out of the box Linux compatibility is a strength… But 1) this isn’t just about linux, 2) how does this justify locking down the keys to favor microsoft?
“3. If you choose not to buy or build a system that suits your needs, it’s your own fault and your own problem. Vendors aren’t to blame, Microsoft isn’t to blame, just you.”
This only holds if the restrictions are made clear at the point of sale. My point about fragmentation of the alternative OS ecosystem still holds. And in any case it still doesn’t justify secure boot being designed to lock out the owner’s control over keys.
“4. Nothing you’ve said is based in reality, truth, or fact. In other words, you’re just trying to spread unjustified FUD.”
I’m asking questions like everyone else because I am concerned about the migration to closed computing. Please quote specifically what you believe to be unjustified FUD. If you don’t have the answers either, then why do you seek to dismiss my questions?
“1. There is absolutely nothing wrong or illegal with Microsoft or system vendors protecting their interests.”
You can say that about any business with questionable ethics, however it doesn’t answer our questions nor does it ameliorate our concerns. Even assuming these restrictions are entirely legal, it does not absolve them of public criticism.
“2. If a user does not consider their needs and research their options, picking one that best suits those needs, then yes it’s absolutely their own fault. What’s ridiculous is that you think users have no personal responsibility.”
Like I said, you can blame the user as much as you like, but you can’t deny that it is anti-competitive and potentially kills off one of the primary modes of adoption for alternate operating systems. Therefor it is a legitimate concern.
“…the fact that you have several other options available to you aside of buying ‘Designed for Windows 8’ systems. If the systems turn out not to be suited for your use, DON’T BUY THEM.”
Again, even if you are right, it doesn’t answer our questions and it doesn’t dismiss our concerns at all. The secure boot spec still deserves criticism for being anti-competitive. As much as you want to see this through microsoft goggles, this is bigger than them. It’s about recognizing that consumers benefit from open computing, and recognizing that incremental attempts to lock us out of our own machines have detrimental cumulative long term consequences, regardless of who instigates it.
Edited 2011-11-06 22:44 UTC
We don’t know what the secure boot facts are yet and therefore no anti-trust issues are in play. Regardless, it’s the OEM who will decide how secure boot behaves, not Microsoft.
This is not fact, it’s baseless speculation. Until the facts are presented, be cautious how much you let your mind wander.
I absolutely believe any such restrictions should be made clear at the point of sale. Regardless, key management restrictions don’t need to be justified. IF it turns out owners won’t have control of this, so what. The user is buying a prebuilt system with a specific design and intent. If that’s not in agreement with the users needs, the user should not buy the system. You can’t escape this simple fact.
I have no problem with people asking questions. However, those questions should at least be based in reality with factual supporting evidence so the questions have some sort of valid basis. To make baseless wild accusations is reckless at best. It serves only to spread fear, not focus on real world world issues.
Again, your questions thus far have had no basis in reality. They’re the product of imagination, nothing more. You can dream up as many nightmare scenarios as you like but you can’t expect anyone to take them seriously if you can’t provide any actual evidence there’s real world concern.
As far as criticism, … Yeah, go for it, no problem there. As long as you understand the difference between an opinion and making baseless accusations.
It is not Microsoft’s job, nor the OEM’s job, to provide Linux migration paths. OEM’s opting to add “Designed for Windows 8” systems to their product offerings does not take away the users ability to purchase or build a non-“Designed for Windows 8” system. Choice has not, is not, and will not be removed from the equation.
Concerns are fine but for them to be taken seriously they should have a basis in reality. Yet again, something your concerns don’t have.
I agree, a secure boot spec should be thoroughly reviewed and criticized. And you should accurately address those who are actually implementing it, which is not Microsoft.
I don’t wear Microsoft google… I simply don’t share your not-based-in-reality paranoia. I focus my attention on fact while you focus your attention on whatever your imagination has conjured up. I want to talk about things that actually exist, and you want to talk about things that don’t exist. The only way we’ll see eye-to-eye is if your fantasy becomes reality, or you just come back to reality.
ilovebeer,
You’re still avoiding all of the questions. You say we shouldn’t speculate over what hasn’t happened yet, but that just reaffirms my point that these things are open questions. Also, regardless of how things play out, it is completely reasonable to criticize the spec today for excluding the owner from the chain of trust.
Even for OEMs that do want to allow owners to have control, there will be no universal mechanism for owners to load platform keys, since it’s absent from the spec. This creates administrative problems for enterprises who prefer to manage their own keys.
On the topic of whether many OEMs will implement owner key controls outside the scope of the spec, that’s undetermined. Sure, we could wait-and-see, and then complain afterwards – but that’s not a favorable outcome. My opinion is that we should try to put public pressure on them right now before they ship.
I’m not avoiding the question, I’m ignoring it because it has absolutely no basis in reality. I see no point in catering to anyones imagination when you can focus on reality and actual facts instead. There are better things to address than far-fetched speculation and/or flat out nonsense.
Of course. I agree as I’ve already told you.
Panic when you have reason to panic. Be fearful when you have a reason to be fearful. But, don’t make that your default position on everything — you’ll only become a paranoid loon.
As far as putting pressure on OEMs, good luck. Not that they care about a handful of people bitching, but if it makes you feel better … sure!
ilovebeer,
“I see no point in catering to anyones imagination when you can focus on reality and actual facts instead. There are better things to address than far-fetched speculation and/or flat out nonsense.”
I asked you to point out specifically what I said that was misleading, and you refused to even do that. I don’t get why you are so motivated to drown out my questions themselves. Are they that inconvenient for your world view?
“Of course. I agree as I’ve already told you.”
Good, finally some agreement.
“Panic when you have reason to panic. Be fearful when you have a reason to be fearful. But, don’t make that your default position on everything — you’ll only become a paranoid loon.”
Is it really that paranoid to believe that many OEMs may implement secure boot *by the spec* without a custom mechanism for owners to control the keys? This is not delusional FUD, it seems quite probable.
“As far as putting pressure on OEMs, good luck. Not that they care about a handful of people bitching, but if it makes you feel better … sure!”
If there’s any chance that this could make the difference between normal dual booting and pain in the ass dual booting, then it’s well worth it in my opinion.
The first one that comes to mind is you claiming people have rights they don’t actually have. This is absolutely misleading. I don’t care to dig through all your posts and note down every single other example as nothing worthwhile will come out of it. You’ll just deny anything I present to you like you have done since post 1.
About your questions being ‘inconvenient to my world view’.. What are you even talking about? Your opinions and fears have absolutely nothing to do with my “world view”. And inconvenient? Come on, ..you can’t possibly believe the nonsense you’re saying.
You’ve made it quite clear that your biggest concern is people won’t be able to buy a “Designed for Windows 8” system and install Linux on it. You’ve expressed this fear repeatedly. And I’ve made it quite clear that if a “Designed for Windows 8” system doesn’t suit your needs, don’t buy it. Buy one of the alternatives that does. Your response to this is to simply ignore the fact the user has options, and further to somehow blame OEMs and Microsoft for a users poor purchase decisions. Totally absurd to say the least.
If that is your view then by all means, act on it. My _only_ problem is that you present dialog based on fear and fantasy rather than fact and reality. It’s easy to stay in the fictitious when fact and reality don’t support any of your claims.
I will say the following yet again and hopefully this time it will stick…
-User options are not going to vanish at the arrival of “Designed for Windows 8” prebuilt systems.
-non-Windows 8 preinstalled systems are not going to vanish at the arrival of “Designed for Windows 8” prebuilt systems.
-Barebones systems are not going to vanish at the arrival of “Designed for Windows 8” prebuilt systems.
-PC parts & components are not going to vanish at the arrival of “Designed for Windows 8” prebuilt systems.
-A users ability to use and/or install Linux is not going to vanish at the arrival of “Designed for Windows 8” prebuilt systems.
If your previous posts are any indication, you’ll likely continue to ignore these facts and be fearful you won’t be able to use a “Designed for Windows 8” prebuilt system in a way other than intended. And of course that fear will continue to be baseless and unjustified.
ilovebeer,
This is pointless, you keep ignoring the contents of my posts and arguing back at straw men. You are the one who is unwilling to recognize the arguments in terms outside of a crude “Window versus Linux” mentality. If you think my concern over secure boot stems from anti-microsoft, pro-linux tendencies, then that’s all in *your* head. I’m concerned about the future of open computing in it’s entirety. I don’t have a hidden agenda, you must have one because it’s not logical to deny people the right to speak about their concerns over the future. I wont waste another post on this thread, you’re talking too loudly to hear what others are saying.
The contents of your posts are neither based on reality nor fact. Wanting to have discussion about the truth rather than whatever you imagination can conjured up is certainly not a bad thing.
You said yourself you are fearful that owners of “Designed for Windows 8” systems won’t be able to install Linux on it. You also went on about how most Linux users are first Windows users and how you’re scared secure boot will prevent Windows users from even trying Linux. This is all stuff you have said in your own posts. And now you’re trying to claim these things are just in my head? Who exactly are you trying to fool here?
I encourage you to voice your concerns and ask only that you do so with some basis in reality or fact. And some how you try to manipulate that into me trying to deny you the right to speak? Are you currently being medicated, drunk, or high? There must be some logical excuse for this nonsense because I would hate to think your sober mind is making all this rubbish up.
Oh I’ve heard enough to realize you choose to remain in the realm of your own imagination rather than reality. As far as you not responding, ….uh huh.
How do you build a laptop ?
…Running a rescue disc/usb key?
Something like this:
Go into BIOS, *disable* Secure Boot, reboot, boot on disc/USB key (do what you have to do) … reboot, go into BIOS, *re-enable* Secure Boot, reboot, boot Windows 8.
I guess it’s not horrible, but it’s hardly elegant.
Any word on being able to add your own authorised boot-sectors to the system?