Announcement

Collapse
No announcement yet.

Linux Group Files Complaint With EU Over SecureBoot

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Originally posted by frign View Post
    Given the condition you are _not_ on ARM.
    Read up the facts and don't be a sheep of the system!

    SecureBoot is stealing the users' freedom and should be abandoned asap; the excuse it has been introduced for is a shame to all computer users and the loose conditions for x86_64 are only there to abandon initial criticism.
    The restrictive situation with ARM is where the true problem is, and in the meantime ALL vendors should allow users to add their own keys on their x86_64 UEFI based boards.

    Comment


    • Originally posted by dee. View Post
      Following the Bieber analogy:

      All the CD's being sold are Bieber CD's. Some pirate radios play other music but you have to know how to find them, tune on to the right channel and record the music yourself in order to play it on a CD. But wait! No one sells empty CD's. (For the purpose of the analogy, let's assume all CD's are rewritable). So the only way to get other music is to buy a Justin Bieber CD, and record other music on top of it.

      There are some specialist stores that sell empty CD's, but they are actually more expensive than Bieber CD's. And they are few and far between. So most people just end up buying Bieber CD's and recording over them.

      But not so fast! Suddenly Bieber's recording label decides that the next CD they release needs to have a mechanism that makes it really hard to record over the CD's. They devise some kind of DRM scheme, and leverage the CD-player manufacturers that their players must implement this DRM that prevents recording on top of Bieber CD's. They justify this as protecting the consumer's CD player from malicious music. Music aficionados know how to circumvent the DRM, but it is way too difficult to the layman.

      At the same time, there are a couple of small bands - one is called Frank & The Flying Fedoras, and another is some kind of ethnic world music, sounds kind of African - who collaborate with Bieber's recording label to get their songs released in such a format that they can be recorded on the Bieber CD's. Now you can easily listen to Frank & The Flying Fedoras by inserting your Bieber CD, tuning in to the right station and pressing rec, but if you try to listen to any other music, you have to circumvent the DRM. Also, Frank & The Flying Fedoras can only be listened to with certain volume & EQ settings. If you want to change the settings, you again have to circumvent the DRM.

      The end result is that Bieber keeps getting richer and more obnoxious, and everyone is sick of him, but most just sort of grudgingly accept that if they want to listen to music, they have to tolerate him. Meanwhile the underground music scene is divided. Some people are really pissed at Frank and the other bands for going along with this idiocy, while others defend Frank and say he's doing good work making music more accessible - it's just a fact of life that you have to work with Bieber, they say; no one likes it, but what can you do, let's be realists here, they say.
      It's funny how you forgot to mention:
      • People have usable alternatives to this Bieber CD (you say that no one else sells empty CDs, but there are open ARM boards)
      • No one is pointing a gun at the people who buy the Bieber CD
      • People can do whatever once inside Windows (your example mentions "certain volume & EQ settings")
      • People should be blamed by their own stupidity
      • The fair solution to the problem; how would you implement a secure-boot-alike technology

      It's like blaming intel because the CPU you just bought doesn't fit your AMD motherboard. The user is expected to know the basics of what they're doing!
      Apple locks their devices and no one complains. Suddenly MS does the same to theirs and it's the end of the world!

      Don't like secure boot lock? Don't buy Windows ARM devices! What kind of lack of options are you talking about!? There's Android! There'll be Sailfish, and Firefox OS, Ubuntu devices. Just don't buy locked devices, Microsoft of otherwise. They need us much more than we need them. THEY should bend to our desires, not us to theirs!

      Information is key, and social networks are all the rage nowadays! If you feel like spending time on this issue, please DO something instead of talking about it on phoronix where everyone is already aware and against forcing secure boot. Remember SOPA? Make a pretty video explaining (no bias) why ARM and SB is currently VERY BAD for everyone, and why people should care. Your time will be much better spent there!

      Comment


      • It's funny how you forgot to mention:

        People have usable alternatives to this Bieber CD (you say that no one else sells empty CDs, but there are open ARM boards)
        No one is pointing a gun at the people who buy the Bieber CD
        People can do whatever once inside Windows (your example mentions "certain volume & EQ settings")
        People should be blamed by their own stupidity
        The fair solution to the problem; how would you implement a secure-boot-alike technology
        I didn't forget to mention anything -

        1. I don't really care about Microsoft's ARM devices (ie. Surface RT), they're really crappy anyway. At this point ARM devices == mostly phones & tablets, and people who buy those mostly consider them (and use them as) devices, not computers. ARM is not an issue as there are alternatives in the ARM world.

        Secure boot on x86 is a much worse issue. When it comes to x86 it is exactly as I said - 90% of x86 CD's are Bieber CD's, some specialists sell empty x86 CD's but they are often more expensive than equal length Bieber CD's.

        2. That's a stupid libertard argument. Things can be wrong even if physical coercion isn't involved

        3. Firstly, The part in analogy about volume & EQ did not even refer to windows, perhaps you didn't understand it very well. Secondly, people CAN'T do whatever once inside windows - windows is a restricted system, it doesn't let you do what you want to do if it's against microsoft's wishes.

        4. That's also a stupid and kind of heartless argument. Some people are not as skilled with computers - that doesn't mean they are stupid. And even if there are stupid people, it's still not ethical to abuse the stupidity or lack of knowledge of people.

        5. I wouldn't. SB is pointless. Any system that depends on a top-down model of trust is flawed. The user should be the only source of trust on their computer. SB would work if it A) ONLY accepted user-created certificates and B) was ALWAYS opt-in, ie. it would be disabled by default, so that regular people - who don't really care about the extra security - wouldn't have to deal with it.

        Comment


        • Originally posted by mjg59 View Post
          That's not how asymmetric cryptography works. The signing key never leaves Red Hat.
          Doesn't matter. With enough time and processing power it can be done.
          Also, and much easier, Linux Foundation will provide a general bootloader with a kernel which in turn will be responsible to boot the various, numerous distros around. All that a hacker has to do is to use that.

          There's no way Microsoft will be able to ban and create new keys at the same pace as they're exploited.

          SecureBoot, is not secure!!!
          SecureBoot, is not secure!!!
          SecureBoot, is not secure!!!

          Comment


          • Originally posted by mdias View Post
            It's funny how you forgot to mention:
            • People have usable alternatives to this Bieber CD (you say that no one else sells empty CDs, but there are open ARM boards)
            • No one is pointing a gun at the people who buy the Bieber CD
            • People can do whatever once inside Windows (your example mentions "certain volume & EQ settings")
            • People should be blamed by their own stupidity
            • The fair solution to the problem; how would you implement a secure-boot-alike technology

            It's like blaming intel because the CPU you just bought doesn't fit your AMD motherboard. The user is expected to know the basics of what they're doing!
            Apple locks their devices and no one complains. Suddenly MS does the same to theirs and it's the end of the world!

            Don't like secure boot lock? Don't buy Windows ARM devices! What kind of lack of options are you talking about!? There's Android! There'll be Sailfish, and Firefox OS, Ubuntu devices. Just don't buy locked devices, Microsoft of otherwise. They need us much more than we need them. THEY should bend to our desires, not us to theirs!

            Information is key, and social networks are all the rage nowadays! If you feel like spending time on this issue, please DO something instead of talking about it on phoronix where everyone is already aware and against forcing secure boot. Remember SOPA? Make a pretty video explaining (no bias) why ARM and SB is currently VERY BAD for everyone, and why people should care. Your time will be much better spent there!
            • ALL boards should be open. You pay for it. You own it.
            • If you only can buy locked. It's pointing a gun
            • People can do whatever once inside windows. But shouldn't be forced to buy it. That's the point here.
            • Ignorance is different from stupidity. And everyone should be presented with a choice. Otherwise it's just evil.

            Intel CPUs and AMD CPUs run the exact same software. You don't have to buy a different processor in order to run a certain software (unless the problem is speed or architecture).

            Comment


            • Originally posted by dee. View Post
              I didn't forget to mention anything -

              1. I don't really care about Microsoft's ARM devices (ie. Surface RT), they're really crappy anyway. At this point ARM devices == mostly phones & tablets, and people who buy those mostly consider them (and use them as) devices, not computers. ARM is not an issue as there are alternatives in the ARM world.

              Secure boot on x86 is a much worse issue. When it comes to x86 it is exactly as I said - 90% of x86 CD's are Bieber CD's, some specialists sell empty x86 CD's but they are often more expensive than equal length Bieber CD's.
              Really!? x86, the platform where OEMs are advised to give the users the choice to disable it and configure it is the worst issue!?

              Originally posted by dee. View Post
              2. That's a stupid libertard argument. Things can be wrong even if physical coercion isn't involved
              It's not a stupid argument. MS doesn't force you in ANY way. Users buy it because their greedyness and/or ignorance is superior to their ethical values. See any similary here with MS behaviour? I do...

              Originally posted by dee. View Post
              3. Firstly, The part in analogy about volume & EQ did not even refer to windows, perhaps you didn't understand it very well. Secondly, people CAN'T do whatever once inside windows - windows is a restricted system, it doesn't let you do what you want to do if it's against microsoft's wishes.
              Sorry, you will need to be a little more specific here. What exacly can't you do on your Windows OS that it actively doesn't let you?

              Originally posted by dee. View Post
              4. That's also a stupid and kind of heartless argument. Some people are not as skilled with computers - that doesn't mean they are stupid. And even if there are stupid people, it's still not ethical to abuse the stupidity or lack of knowledge of people.
              Ok, poor choice of words on my part. But the argument still remains: would you blame nature for it's lack of ethical values if a journalist gets too close to a croc and gets eaten?
              I do appreciate noble attitude from companies, and they get my support for that. However, nowhere is written that a company must have ethical values. People must fight for the law to forbid it, not a company...
              Real life example: only very recently cosmetics that are tested on animals were banned in Europe. Why? Because people fought the SYSTEM (not specific companies) to implement a law that forbids it!

              People's lack of knowledge is abused every day. I'm really sorry for those who are abused because they had no opportunity to know better, but the people we're talking about!? If instead of only watching garbage on TV, those hours were spent learning, they would know better

              Originally posted by dee. View Post
              5. I wouldn't. SB is pointless. Any system that depends on a top-down model of trust is flawed. The user should be the only source of trust on their computer. SB would work if it A) ONLY accepted user-created certificates and B) was ALWAYS opt-in, ie. it would be disabled by default, so that regular people - who don't really care about the extra security - wouldn't have to deal with it.
              Go complain to your OEM provider, apparently you have a useless SB implementation.
              I can fully configure which keys are accepted on my systems, or disable it. I don't mean to call you stupid, but if you bought a PC that doesn't have the option to configure that, and kept it anyway, it was a very stupid choice.

              Saying that you wouldn't implement a specific technology, that CAN benefit the user, just because others might implement it wrong doesn't sound like a credible thing to do either.

              Comment


              • Originally posted by nomadewolf View Post
                Doesn't matter. With enough time and processing power it can be done.
                Humm... If you mean that the system you're trying to crack will still be usefull some millions of years in the future, then sure! You WILL crack it... one day...

                Please read on cryptography before posting stuff about it. It's not as easy as it sounds, and not always breakable (in a non-bruteforce way). Brute forcing WILL break it, but not in a useful timeframe, unless you're VEEEEEEERY lucky (turns out that one of the initial iterations is the right one).

                There has been systems encrypted with TrueCrypt that neither the FBI or CIA have been able to crack.

                Comment


                • Originally posted by mdias View Post
                  Humm... If you mean that the system you're trying to crack will still be usefull some millions of years in the future, then sure! You WILL crack it... one day...

                  Please read on cryptography before posting stuff about it. It's not as easy as it sounds, and not always breakable (in a non-bruteforce way). Brute forcing WILL break it, but not in a useful timeframe, unless you're VEEEEEEERY lucky (turns out that one of the initial iterations is the right one).

                  There has been systems encrypted with TrueCrypt that neither the FBI or CIA have been able to crack.
                  I doubt it'll get brute forced. More likely there will be something that got overlooked that allows some kind of access that wasnt anticipated. That is how most hacks work. Some undocumented behavior is identified and exploited.
                  Last edited by duby229; 03-28-2013, 10:22 AM.

                  Comment


                  • Originally posted by mdias View Post
                    Really!? x86, the platform where OEMs are advised to give the users the choice to disable it and configure it is the worst issue!?
                    Yes. OEM's are coerced into implementing secure boot in order to sell win8 machines. Secure boot makes it difficult for average users to change their OS. It's possible to do it if you know what you're doing, but way too difficult for the average user. This makes it harder to try alternate operating systems.

                    It's not a stupid argument. MS doesn't force you in ANY way. Users buy it because their greedyness and/or ignorance is superior to their ethical values. See any similary here with MS behaviour? I do...
                    It is a stupid argument. Just because you're not physically coerced to do something doesn't mean you're not forced. Just because you're not forced to do something doesn't mean it isn't wrong. Users are forced to buy hardware with "secure" boot because there is no realistic choice - if you're buying new x86 hardware, 99% of cases it either comes with "Secure" Boot, and hardware that doesn't have "secure" boot is more expensive.

                    Sorry, you will need to be a little more specific here. What exacly can't you do on your Windows OS that it actively doesn't let you?
                    You can't break microsoft's DRM. You can't modify your system to do what you want.

                    Ok, poor choice of words on my part. But the argument still remains: would you blame nature for it's lack of ethical values if a journalist gets too close to a croc and gets eaten?
                    Corporations are not the same thing as nature. Corporations are ran by people who can make choices. Those people are responsible for their actions, and by extension, so are corporations - if corporations act criminally, they can be held accountable in a court of law. Nature cannot be blamed because it's not a sentient entity, you cannot hold nature responsible for anything - if a crocodile eats you, you (or your relatives) can't take nature to court for allowing a crocodile to eat you.

                    In other words, comparing corporations (or people) to nature is stupid.

                    I do appreciate noble attitude from companies, and they get my support for that. However, nowhere is written that a company must have ethical values. People must fight for the law to forbid it, not a company...
                    Real life example: only very recently cosmetics that are tested on animals were banned in Europe. Why? Because people fought the SYSTEM (not specific companies) to implement a law that forbids it!
                    And that's what people are doing now. Even the title of this thread says it clearly - people are filing a complaint with EU over "secure" boot.

                    People's lack of knowledge is abused every day. I'm really sorry for those who are abused because they had no opportunity to know better, but the people we're talking about!? If instead of only watching garbage on TV, those hours were spent learning, they would know better
                    So? Perpetuating a wrong does not make it right.

                    Any system should be designed in such a way that user's freedom is the default assumption, and any feature that takes away from user's freedom needs to be opt-in, not opt-out like in "secure" boot.

                    Go complain to your OEM provider, apparently you have a useless SB implementation.
                    I can fully configure which keys are accepted on my systems, or disable it. I don't mean to call you stupid, but if you bought a PC that doesn't have the option to configure that, and kept it anyway, it was a very stupid choice.
                    I don't have any hardware that uses "secure" boot and I don't intend getting any. What does your response have to do with what I said? I said a decent, functional SB implementation should ONLY accept user-created keys, and should always be opt-in. There is no such SB implementation on the market.

                    Saying that you wouldn't implement a specific technology, that CAN benefit the user, just because others might implement it wrong doesn't sound like a credible thing to do either.
                    "Secure" boot, as it is currently implemented, does NOT benefit the average user. Average users are not knowledgeable enough to create and use their own keys with the current SB implementations, so they default to using MS's flawed top-down trust model. This is unacceptable. No one should place their trust in MS.

                    Comment


                    • Originally posted by dee. View Post
                      Yes. OEM's are coerced into implementing secure boot in order to sell win8 machines. Secure boot makes it difficult for average users to change their OS. It's possible to do it if you know what you're doing, but way too difficult for the average user. This makes it harder to try alternate operating systems.



                      It is a stupid argument. Just because you're not physically coerced to do something doesn't mean you're not forced. Just because you're not forced to do something doesn't mean it isn't wrong. Users are forced to buy hardware with "secure" boot because there is no realistic choice - if you're buying new x86 hardware, 99% of cases it either comes with "Secure" Boot, and hardware that doesn't have "secure" boot is more expensive.



                      You can't break microsoft's DRM. You can't modify your system to do what you want.



                      Corporations are not the same thing as nature. Corporations are ran by people who can make choices. Those people are responsible for their actions, and by extension, so are corporations - if corporations act criminally, they can be held accountable in a court of law. Nature cannot be blamed because it's not a sentient entity, you cannot hold nature responsible for anything - if a crocodile eats you, you (or your relatives) can't take nature to court for allowing a crocodile to eat you.

                      In other words, comparing corporations (or people) to nature is stupid.



                      And that's what people are doing now. Even the title of this thread says it clearly - people are filing a complaint with EU over "secure" boot.



                      So? Perpetuating a wrong does not make it right.

                      Any system should be designed in such a way that user's freedom is the default assumption, and any feature that takes away from user's freedom needs to be opt-in, not opt-out like in "secure" boot.



                      I don't have any hardware that uses "secure" boot and I don't intend getting any. What does your response have to do with what I said? I said a decent, functional SB implementation should ONLY accept user-created keys, and should always be opt-in. There is no such SB implementation on the market.



                      "Secure" boot, as it is currently implemented, does NOT benefit the average user. Average users are not knowledgeable enough to create and use their own keys with the current SB implementations, so they default to using MS's flawed top-down trust model. This is unacceptable. No one should place their trust in MS.
                      Long story short: you are just against it because MS is the key signing authority.

                      If it was the Linux Foundation being the key signing authority and using SB to restrict MS you'd be busy boasting about the benefits of SB as though it was the best thing to exist.

                      Comment


                      • Originally posted by dee. View Post
                        Yes. OEM's are coerced into implementing secure boot in order to sell win8 machines. Secure boot makes it difficult for average users to change their OS. It's possible to do it if you know what you're doing, but way too difficult for the average user. This makes it harder to try alternate operating systems.
                        Well, it's not hard to disable SB. It's in the manual too.
                        Plus, I don't see the average user wanting to try a different OS. And if he does, he'll probably try ubuntu, and it will probably boot without problems. Distos can also give instructions on how to disable SB.

                        Originally posted by dee. View Post
                        It is a stupid argument. Just because you're not physically coerced to do something doesn't mean you're not forced. Just because you're not forced to do something doesn't mean it isn't wrong. Users are forced to buy hardware with "secure" boot because there is no realistic choice - if you're buying new x86 hardware, 99% of cases it either comes with "Secure" Boot, and hardware that doesn't have "secure" boot is more expensive.
                        Well, if you mean the price with Windows included, then yes, it might be more expensive. But then again, there's plenty of stuff that is cheaper when bought together with something else.
                        If you find a OEM shipping without the ability to disable SB, take your PC back and choose one that doesn't. If everyone had this attitude, this problem would vanish. Don't blame Microsoft for trying to make money with or without ethics.

                        Originally posted by dee. View Post
                        You can't break microsoft's DRM. You can't modify your system to do what you want.
                        You can't break DRM in any other OS either as much as you can't in Windows. You can't modify photoshop, premiere, final cut, call of duty, macos, symbian os, and many more either! Guess what; people have been complaining a lot about not being able to influence Gnome development either! You also can't modify the license of GPL source code either, unless you're the owner.

                        Originally posted by dee. View Post
                        Corporations are not the same thing as nature. Corporations are ran by people who can make choices. Those people are responsible for their actions, and by extension, so are corporations - if corporations act criminally, they can be held accountable in a court of law. Nature cannot be blamed because it's not a sentient entity, you cannot hold nature responsible for anything - if a crocodile eats you, you (or your relatives) can't take nature to court for allowing a crocodile to eat you.

                        In other words, comparing corporations (or people) to nature is stupid.
                        Corporations are ran by people who make choices, and those choices are conditioned by something: the law. In this specific case, Microsoft is not breaking any law.

                        Comparing people to nature is as stupid as comparing crocodiles to nature: it isn't stupid!
                        People are part of nature, and as such they will try to walk over the others to get what they want. Now, we're rational people and we've established systems to regulate what people do. And if someone does something wrong while still being able to fulfill the system's requirements, it's the system that must be corrected, not the people.

                        Originally posted by dee. View Post
                        And that's what people are doing now. Even the title of this thread says it clearly - people are filing a complaint with EU over "secure" boot.
                        Ok, now let's read a little more than just the title: "The Hispalinux Spanish Linux association has filed a complaint against Microsoft with the European Union over the UEFI SecureBoot. "
                        Please remember that you're reading a news website. Titles are rarely the entire truth.


                        Originally posted by dee. View Post
                        So? Perpetuating a wrong does not make it right.

                        Any system should be designed in such a way that user's freedom is the default assumption, and any feature that takes away from user's freedom needs to be opt-in, not opt-out like in "secure" boot.
                        I fully agree with you here. And fighting Microsoft will help how exactly? Even if the complain is accepted and Microsoft loses in court, it will only solve the problem until someone else does the same. What you just said here should be a law, not a fight against Microsoft.



                        Originally posted by dee. View Post
                        I don't have any hardware that uses "secure" boot and I don't intend getting any. What does your response have to do with what I said? I said a decent, functional SB implementation should ONLY accept user-created keys, and should always be opt-in. There is no such SB implementation on the market.

                        "Secure" boot, as it is currently implemented, does NOT benefit the average user. Average users are not knowledgeable enough to create and use their own keys with the current SB implementations, so they default to using MS's flawed top-down trust model. This is unacceptable. No one should place their trust in MS.
                        You're contradicting yourself. First you say that no default keys should be provided, then you say it's too difficult for the average user to add/remove keys. The default keys are provided for convenience. You may delete them if you wish.

                        I agree that the system may not be the easiest thing on earth, but I don't know how they could do it better... If you do, please say so.

                        Comment


                        • Originally posted by Sonadow View Post
                          Long story short: you are just against it because MS is the key signing authority.

                          If it was the Linux Foundation being the key signing authority and using SB to restrict MS you'd be busy boasting about the benefits of SB as though it was the best thing to exist.
                          Long story even shorter: You're not able to argue honestly, so you come up with this intellectually dishonest strawman fantasy that you're using to discredit the opposition.


                          #1 - you make unfounded assertions about the reasons of my objections against SB - ignoring any of the valid reasons for objecting it that I have presented in this thread.

                          #2 - you attempt to portray my objection of SB as some kind of irrational crusade against microsoft, despite not having any evidence or basis for such characterization.

                          #3 - you make further assumptions about a totally irrelevant hypothetical scenario and my behaviour in said scenario.


                          In other words, all your claims are entirely baseless and unfounded, yet you attempt to imply that it is me who is acting irrationally. If you have any valid counterarguments against my actual points, present them - otherwise, shut the fuck up and stop wasting my (and everyone else's) time.

                          Comment


                          • Originally posted by dee. View Post
                            Long story even shorter: You're not able to argue honestly, so you come up with this intellectually dishonest strawman fantasy that you're using to discredit the opposition.


                            #1 - you make unfounded assertions about the reasons of my objections against SB - ignoring any of the valid reasons for objecting it that I have presented in this thread.

                            #2 - you attempt to portray my objection of SB as some kind of irrational crusade against microsoft, despite not having any evidence or basis for such characterization.

                            #3 - you make further assumptions about a totally irrelevant hypothetical scenario and my behaviour in said scenario.


                            In other words, all your claims are entirely baseless and unfounded, yet you attempt to imply that it is me who is acting irrationally. If you have any valid counterarguments against my actual points, present them - otherwise, shut the fuck up and stop wasting my (and everyone else's) time.
                            I don't even need to do that because you are the one who has proven himself to be too obstinate to listen to logic. Every single last allegation or claim you cooked up in the previous pages have been soundly and utterly debunked by Matthew himself, the writer of the shim loader that is being used by Ubuntu, OpenSUSE and Fedora to boot Linux with SB enabled.

                            You made wild allegations about Microsoft distributing keys when Microsoft NEVER distributes keys.

                            You conveniently ignored the fact that users CAN and HAVE the ability to enroll their own user-generated keys into the UEFI key lists. Mathhew and Bottomley have ALREADY published extensive information on this in their blogs.

                            You conveniently ignored the fact that abused keys can be shut down by Microsoft, OpenSUSE, Fedora, Ubuntu since they are within the circle of trust with regards to signing., and also ignored Matthew's report that SB keys are NOT obsfucated, just plain RSA keys.

                            You made a wild claim that Verisign is in Microsoft's pocket when their only job is to validate the requester's identity, NOT to sign the keys.

                            You made a wild claim that Microsoft is against signing FOSS binaries just because they refuse to sign GPLv3-licensed binaries when they have clearly demonstrated that they are perfectly fine with signing GPLv2 binaries. You conveniently ignored the facts once again that Microsoft is simply adverse to GPLv3. Matthew himself pointed out this fact explicitely.

                            You made a ridiculous claim of fact that anybody can grab hold of Red Hat's and the LF's keys when those keys are not even distributed, period. All that is distributed is a signed binary, NOT the signing key.

                            Every last word I have discussed in this topic can be backed up by Bottomley, Matthew AND Microsoft, the first 2 of which are authorities on this whole hoo-ha with SB support for Linux. YOU, on the other hand, have nothing to back your claims other than the tired 'Microsoft-has-screwed-people-over-before-so-they-will-do-it-again-with-SB' paranoia.

                            You have proven that you have no qualms about lying your way through when the black-and-white facts have already been thrown against your face just to justify your crusade against Microsoft and you still can accuse me of spouting nonsense when I call your bluff. Who's the one making up points and spreading FUD now?

                            EDIT: Congratulations, you are the second person to have actually succeeded in making me lose my cool over a single forum post. Achievement unlocked.
                            Last edited by Sonadow; 03-28-2013, 02:05 PM.

                            Comment


                            • I'm not a hacker but from the informations here I think about the following:

                              1) Write some malicious software which simply modifies the hosts file so the address for microsofts update server points to another (your own / a compromised) one.
                              2) Wait for windows to start the next automated update.
                              3) Now do a man-in-the-middle attack and when it goes to updating UEFI keys tell the microsoft key has been compromised and must be replaced. Give your own key (signed with the tools some guys use (someone in this thread wrote about it) or pay $99).
                              4) While doing the regular update also give a compromised update for the MBR (or whatever UEFI boots from) signed with the key from 3).

                              What would stop a hacker from doing this to compromise your "secure" boot?

                              Comment


                              • Originally posted by mdias View Post
                                Well, it's not hard to disable SB. It's in the manual too.
                                Plus, I don't see the average user wanting to try a different OS. And if he does, he'll probably try ubuntu, and it will probably boot without problems. Distos can also give instructions on how to disable SB.
                                It's not hard to disable SB for someone like you or me. It is hard for the average wanker. The guy who runs distrowatch recently did a report about a computer that had SB - a HP computer, so a well known brand even. It was difficult to even get to the UEFI settings - there's no instructions during the boot sequence on getting to the settings, no information in the manual, he was forced to guess his way there. Even most BIOSes let you know during boot sequence which key to press to access settings. With this UEFI, nothing.

                                Next thing, when you go to UEFI to disable secure boot, you get a warning in cat-sized blinking red letters warning you about potentially dooming all mankind to oblivion if you disable secure boot - but hey, it's your choice. When the average wanker sees something like this, they panic and forget all about it. Don't tell me that you believe for a second this isn't by design.

                                It isn't any better that people can try Ubuntu but not other distros. This just creates a competitive advantage for Ubuntu against other distros. Distros that don't want any part in sucking microsoft dick are at an instant disadvantage. So it's just another vector for microsoft exerting control over the linux world.

                                Well, if you mean the price with Windows included, then yes, it might be more expensive. But then again, there's plenty of stuff that is cheaper when bought together with something else.
                                If you find a OEM shipping without the ability to disable SB, take your PC back and choose one that doesn't. If everyone had this attitude, this problem would vanish. Don't blame Microsoft for trying to make money with or without ethics.
                                Yes I blame microsoft. Why are we treating unethical behaviour by corporations as a given? Since when did it become so inevitable that corporations misbehave that we just take it for granted, shrug and move on our way? Luckily there are people who aren't so complacent with "the way things just are" and are trying to do something about it.

                                And it isn't about the ability to disable it. I mean that's not enough. We need to demand it to be opt-in and not tied in to one corporations trust model - when that corporation has all the incentive to abuse that position of power for their own gain. It's like appointing the fox to guard the chicken coop.

                                You can't break DRM in any other OS either as much as you can't in Windows. You can't modify photoshop, premiere, final cut, call of duty, macos, symbian os, and many more either! Guess what; people have been complaining a lot about not being able to influence Gnome development either! You also can't modify the license of GPL source code either, unless you're the owner.
                                That's irrelevant. Why should I be able to modify the license of GPL software, or why would I ever want to? It's a total non-issue. I can fork a GPL software and make whatever modifications I want. The GPL simply protects it from being closed down. GNOME is actually a great example. People complain about GNOME development, but they don't have to just complain, and some don't - some of them have forked GNOME to make it the way they want. And that's great and it's allowed.

                                Windows has DRM coded right into the OS. You can't modify the behaviour of windows - you can't even change such basic things as the desktop environment. It's a totally closed system.

                                Corporations are ran by people who make choices, and those choices are conditioned by something: the law. In this specific case, Microsoft is not breaking any law.
                                You're an expert on law, I take it? You're intimately familiar with laws both international and all the particular jurisdictions microsoft operates in? Or what exactly do you base this assertion on? Microsoft has been known to break laws plenty of times in the past, and has been held accountable for it before. This is just one more case to add to that list.

                                Just because you want to think some thing should be legal, doesn't mean it is.

                                Comparing people to nature is as stupid as comparing crocodiles to nature: it isn't stupid!
                                People are part of nature, and as such they will try to walk over the others to get what they want. Now, we're rational people and we've established systems to regulate what people do. And if someone does something wrong while still being able to fulfill the system's requirements, it's the system that must be corrected, not the people.
                                Yes it is stupid. You can hold people accountable for their actions. You cannot hold nature accountable for what wild animals, plants or such do. Haven't you ever read Moby dick?

                                Ok, now let's read a little more than just the title: "The Hispalinux Spanish Linux association has filed a complaint against Microsoft with the European Union over the UEFI SecureBoot. "
                                Please remember that you're reading a news website. Titles are rarely the entire truth.
                                Yes, and? That's exactly what they should do. Microsoft must be held accountable for its actions. Microsoft is responsible for "secure" boot and holds control over it.

                                I fully agree with you here. And fighting Microsoft will help how exactly? Even if the complain is accepted and Microsoft loses in court, it will only solve the problem until someone else does the same. What you just said here should be a law, not a fight against Microsoft.
                                The existence of a ultimate cause does not preclude addressing the proximate cause.

                                In this case, the ultimate cause is that the law allows this kind of locking of hardware. The proximate cause is microsoft. We can address the proximate cause, the more immediate issue, now. That's a good first step. If we succeed it will be easier to address the ultimate cause.

                                You're contradicting yourself. First you say that no default keys should be provided, then you say it's too difficult for the average user to add/remove keys. The default keys are provided for convenience. You may delete them if you wish.
                                I'm contradicting nothing. I specified two points - 1, no default keys, only accept user-generated keys, and 2, the feature is opt-in, ie. disabled by default. The average user wouldn't need to worry about it since the feature would be opt-in. Only the ones who care about and need the extra security can implement the function.

                                For that matter, the signing process and the registering of the generated keys could easily be automated to the point that the user would just need to follow a few simple wizards - since UEFI can be accessed from inside the OS, this can all be done in the OS, with an easy GUI. But this would make way too much sense and it would give the user too much control - so, not suitable for microsoft.

                                I agree that the system may not be the easiest thing on earth, but I don't know how they could do it better... If you do, please say so.
                                I already did, many times now.


                                See, the whole "secure" boot thing is just microsoft wanting to get users used to microsoft controlling their hardware. Look up "trusted computing" and "palladium", then you will understand what is behind all this. Microsoft is the main driver behind "trusted computing" - they want absolute control over your hardware. It's just that there'd be a backlash if they tried implementing it all at once, so they ostentatiously put it on hold, and instead are going with the approach of getting users used to it little by little. It's the recipe for building a controlled society: if you implement big brother-style monitoring and control all at once, people will rebel, but nibble away people's freedoms a bit at a time, and no one will notice - each step seems too small to protest about, until the end result is that we've all lost all our freedoms.

                                Comment

                                Working...
                                X