Announcement

Collapse
No announcement yet.

Linux Group Files Complaint With EU Over SecureBoot

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • To be fair I have to admit that I am biased. So please don't make a judgement based on what you've read me say. Try it for yourself and see what you think. Personally I think it is a pain in the ass that is designed as a restriction mechanism. Sure it can be subverted but the vast majority of people won't.

    It is called "Secureboot" But it doesnt do jack shit for security. It should be called "Restrictboot" because that's what it does.

    Comment


    • Originally posted by duby229 View Post
      But it doesnt do jack shit for security.
      Untrue. It protects against subversion of the early boot process, which would otherwise be undetectable by any anti-malware code. It may not add any security that *you* care about, but it's simply a lie to say it adds no security.

      Comment


      • So what prevents a malware author from using an existing key? (Or having a list of known keys for that matter)

        Comment


        • Originally posted by Sonadow View Post
          So you say. Then show me a proper ARM-based notebook or notebook suitable for actually doing real work (like compiling code or running CAD) and not just being a toy project that is being sold in huge numbers right now, and I don't mean the Raspberry Pi or the Arduino or the made-in-china netbooks that ship with a 700MHz processor running Android.

          Talk about breaking lock-in on ARM when it gets that anticipated 50% marketshare. And while you are at it, tell ARM to release their GPU driver code as well. Can't do that, can you?
          1. There are ARM-based cromebooks, which can be used for light work: no CAD but you can use them as developer platform for ARM devices.
          2. AMD has already announced their next server technology will be using ARM.
          3. Parallella project is developing an ARM-powered desktop supercomputer.
          4. In my country the famous Mont-Blanc Project will use the same ARM CPU as the above cited Chromebook for building the fastest supercomputer ever. They wait about 10 times more performance than TITAN supercomputer using the same 9 MW. Is this serious enough for you "doing real work"?

          Comment


          • The plan.

            Originally posted by mjg59 View Post
            Untrue. It protects against subversion of the early boot process, which would otherwise be undetectable by any anti-malware code. It may not add any security that *you* care about, but it's simply a lie to say it adds no security.
            Ok, so then ask yourself this very important question: Unless you directly access the hardware, when are those attacks possible? I give you the answer: Through the operating system.

            If we think further, which company sells the most successful OS of all time _and_ proposed the SecureBoot standard as a standard way of certification for their OS? You are right, it's Microsoft.

            What this leads to is the thought: Why force the hardware-vendors to implement a "security"-mechanism when the actual problem is the OS it is bound to? Isn't it Microsoft which should fundamentally change the security-model of their still-based-on-NT-OS to fullfil contemporary security-demands?

            For me, the case is clear. Microsoft attempts to kill two birds, or rather, two penguins, with one stone:
            1) Advertising a feigned security-mechanism to whitewash their OS in regards to ongoing criticism on their security
            2) Making it relatively extremely hard for the average Joe to try out other operating systems on given certified hardware
            3) Forcing hardware-vendors to either adapt to the unfair licensing model or be left in the dust with non-OEM versions, which is expensive, falsely stating to promote a section of the UEFI-standard

            In this perspective, this plan is actually quite smart and I am looking forward to this case being solved in the interest of the users and not in the interest of one company.
            Last edited by frign; 27 March 2013, 03:47 PM.

            Comment


            • Originally posted by curaga View Post
              I suppose the Bieber analogy would go more like this: all CDs for sale are Bieber CDs, and all they play on radio is Bieber. Only some small pirate radio and people exchanging cassettes continue to resist, but you will have a hard time finding them, if you can find any near you at all.

              You still know there is some other music, but you cannot get it even with money.
              Very interesting! I think a better analogy would be that of a store full of Bieber certified CD-players which were locked to play only Bieber CDs which a false excuse of "it is a security issue".

              Comment


              • Originally posted by brosis View Post
                Incorrect fallacy.
                The truth for OEM is: "You can agree, or you will die. Nobody is taking that choice from you."

                1) Certification means - accept ALL Microsoft requirements.
                Those who accept certification - get discount OEM OS price.
                Those who do not accept certification - get regular OS price.

                2) Regular OS price is much higher than discount OS price.

                3) 90% of PC come with windows preinstalled.
                95% of hardware vendors have special agreements to priority support microsoft.
                90% of the large software vendors write software for windows or using windows technology.
                90% of userbase is used to windows.

                4) 1+2+3 = if you disagree, your same solution is much pricer thanks to OS price and you are guaranteed out of the market.


                ---
                This is why Linux is not successful on desktop.

                If Linux would have 50% of desktop marketshare, this loop will not work.
                MS would not be able to push own standards from above.
                MS certification would be optional and hardly anyone would accept it. Because its essentially damaging customers and not improving their experience.

                But this cycle is very hard to break and requires major players to disagree with MS.

                Google, Valve - it all started recently, and this is why MS is pushing hard to make new users switch or try other OS EXTREMELY uncomfortable, and up to warranty invalidating(!).

                The habit (used to) approach is not enough anymore, so they invented the cycle agreements (partnerships) with hardware, software and OEM vendors. Those who disagree will be punished monetary.
                But due to recent actions of major software vendors and some softening of OEM vendors, they decided to make it a requirement to glue the OS to PC and make it extremely difficult to ditch.

                If this step is not so successful, they will modify the EULA or require additional condition to OEM EULA via Certification requirement, that those using any other OS than MS will loose warranty.
                Mark my words.
                I think you misinterpreted me, because I was trying to say that Microsoft recent move has nothing to see with security issues but is a unfair attack to competitors such as linux.

                I agree with almost all what you say except the part saying that OEMs had not other option. They have and this is why Dell and HP are selling computers with linux pre-installed. This is why there exist OEMs who only install linux in their computers.

                Regarding the mayority of OEMs vendors who signed exclusivity with Microsoft, they are now suffering from that bad move. I know here a well-known store that sells all the computers with linux, but cannot sell the larger computer stock with Windows 8. They are losing money now and crying...

                Comment


                • SecureBoot is good for:
                  -Easier to program
                  -Seamless boot experience
                  -Better BIOS (you know what i mean) interfaces
                  -4GB+ Hard Drives
                  -Conveniently lock Linux away and call it a 'BUG' (it already happened)

                  SecureBoot is not a method to improve security!!! This was already proven!!!

                  Windows shoudln't even be able to sold together with computers (it's illegal, by the way). At most, and i strongly emphasize the at most Windows could come pre-installed and those who so choose would be able to buy a Key and activate it.

                  AT MOST

                  Comment


                  • Following the Bieber analogy:

                    All the CD's being sold are Bieber CD's. Some pirate radios play other music but you have to know how to find them, tune on to the right channel and record the music yourself in order to play it on a CD. But wait! No one sells empty CD's. (For the purpose of the analogy, let's assume all CD's are rewritable). So the only way to get other music is to buy a Justin Bieber CD, and record other music on top of it.

                    There are some specialist stores that sell empty CD's, but they are actually more expensive than Bieber CD's. And they are few and far between. So most people just end up buying Bieber CD's and recording over them.

                    But not so fast! Suddenly Bieber's recording label decides that the next CD they release needs to have a mechanism that makes it really hard to record over the CD's. They devise some kind of DRM scheme, and leverage the CD-player manufacturers that their players must implement this DRM that prevents recording on top of Bieber CD's. They justify this as protecting the consumer's CD player from malicious music. Music aficionados know how to circumvent the DRM, but it is way too difficult to the layman.

                    At the same time, there are a couple of small bands - one is called Frank & The Flying Fedoras, and another is some kind of ethnic world music, sounds kind of African - who collaborate with Bieber's recording label to get their songs released in such a format that they can be recorded on the Bieber CD's. Now you can easily listen to Frank & The Flying Fedoras by inserting your Bieber CD, tuning in to the right station and pressing rec, but if you try to listen to any other music, you have to circumvent the DRM. Also, Frank & The Flying Fedoras can only be listened to with certain volume & EQ settings. If you want to change the settings, you again have to circumvent the DRM.

                    The end result is that Bieber keeps getting richer and more obnoxious, and everyone is sick of him, but most just sort of grudgingly accept that if they want to listen to music, they have to tolerate him. Meanwhile the underground music scene is divided. Some people are really pissed at Frank and the other bands for going along with this idiocy, while others defend Frank and say he's doing good work making music more accessible - it's just a fact of life that you have to work with Bieber, they say; no one likes it, but what can you do, let's be realists here, they say.

                    Comment


                    • Originally posted by dee. View Post
                      Following the Bieber analogy:

                      All the CD's being sold are Bieber CD's. Some pirate radios play other music but you have to know how to find them, tune on to the right channel and record the music yourself in order to play it on a CD. But wait! No one sells empty CD's. (For the purpose of the analogy, let's assume all CD's are rewritable). So the only way to get other music is to buy a Justin Bieber CD, and record other music on top of it.

                      There are some specialist stores that sell empty CD's, but they are actually more expensive than Bieber CD's. And they are few and far between. So most people just end up buying Bieber CD's and recording over them.

                      But not so fast! Suddenly Bieber's recording label decides that the next CD they release needs to have a mechanism that makes it really hard to record over the CD's. They devise some kind of DRM scheme, and leverage the CD-player manufacturers that their players must implement this DRM that prevents recording on top of Bieber CD's. They justify this as protecting the consumer's CD player from malicious music. Music aficionados know how to circumvent the DRM, but it is way too difficult to the layman.

                      At the same time, there are a couple of small bands - one is called Frank & The Flying Fedoras, and another is some kind of ethnic world music, sounds kind of African - who collaborate with Bieber's recording label to get their songs released in such a format that they can be recorded on the Bieber CD's. Now you can easily listen to Frank & The Flying Fedoras by inserting your Bieber CD, tuning in to the right station and pressing rec, but if you try to listen to any other music, you have to circumvent the DRM. Also, Frank & The Flying Fedoras can only be listened to with certain volume & EQ settings. If you want to change the settings, you again have to circumvent the DRM.

                      The end result is that Bieber keeps getting richer and more obnoxious, and everyone is sick of him, but most just sort of grudgingly accept that if they want to listen to music, they have to tolerate him. Meanwhile the underground music scene is divided. Some people are really pissed at Frank and the other bands for going along with this idiocy, while others defend Frank and say he's doing good work making music more accessible - it's just a fact of life that you have to work with Bieber, they say; no one likes it, but what can you do, let's be realists here, they say.
                      DAT
                      Nice analogy

                      Comment

                      Working...
                      X