Originally posted by frign
View Post
Announcement
Collapse
No announcement yet.
Linux Group Files Complaint With EU Over SecureBoot
Collapse
X
-
Originally posted by dee. View PostFollowing the Bieber analogy:
All the CD's being sold are Bieber CD's. Some pirate radios play other music but you have to know how to find them, tune on to the right channel and record the music yourself in order to play it on a CD. But wait! No one sells empty CD's. (For the purpose of the analogy, let's assume all CD's are rewritable). So the only way to get other music is to buy a Justin Bieber CD, and record other music on top of it.
There are some specialist stores that sell empty CD's, but they are actually more expensive than Bieber CD's. And they are few and far between. So most people just end up buying Bieber CD's and recording over them.
But not so fast! Suddenly Bieber's recording label decides that the next CD they release needs to have a mechanism that makes it really hard to record over the CD's. They devise some kind of DRM scheme, and leverage the CD-player manufacturers that their players must implement this DRM that prevents recording on top of Bieber CD's. They justify this as protecting the consumer's CD player from malicious music. Music aficionados know how to circumvent the DRM, but it is way too difficult to the layman.
At the same time, there are a couple of small bands - one is called Frank & The Flying Fedoras, and another is some kind of ethnic world music, sounds kind of African - who collaborate with Bieber's recording label to get their songs released in such a format that they can be recorded on the Bieber CD's. Now you can easily listen to Frank & The Flying Fedoras by inserting your Bieber CD, tuning in to the right station and pressing rec, but if you try to listen to any other music, you have to circumvent the DRM. Also, Frank & The Flying Fedoras can only be listened to with certain volume & EQ settings. If you want to change the settings, you again have to circumvent the DRM.
The end result is that Bieber keeps getting richer and more obnoxious, and everyone is sick of him, but most just sort of grudgingly accept that if they want to listen to music, they have to tolerate him. Meanwhile the underground music scene is divided. Some people are really pissed at Frank and the other bands for going along with this idiocy, while others defend Frank and say he's doing good work making music more accessible - it's just a fact of life that you have to work with Bieber, they say; no one likes it, but what can you do, let's be realists here, they say.- People have usable alternatives to this Bieber CD (you say that no one else sells empty CDs, but there are open ARM boards)
- No one is pointing a gun at the people who buy the Bieber CD
- People can do whatever once inside Windows (your example mentions "certain volume & EQ settings")
- People should be blamed by their own stupidity
- The fair solution to the problem; how would you implement a secure-boot-alike technology
It's like blaming intel because the CPU you just bought doesn't fit your AMD motherboard. The user is expected to know the basics of what they're doing!
Apple locks their devices and no one complains. Suddenly MS does the same to theirs and it's the end of the world!
Don't like secure boot lock? Don't buy Windows ARM devices! What kind of lack of options are you talking about!? There's Android! There'll be Sailfish, and Firefox OS, Ubuntu devices. Just don't buy locked devices, Microsoft of otherwise. They need us much more than we need them. THEY should bend to our desires, not us to theirs!
Information is key, and social networks are all the rage nowadays! If you feel like spending time on this issue, please DO something instead of talking about it on phoronix where everyone is already aware and against forcing secure boot. Remember SOPA? Make a pretty video explaining (no bias) why ARM and SB is currently VERY BAD for everyone, and why people should care. Your time will be much better spent there!
Comment
-
It's funny how you forgot to mention:
People have usable alternatives to this Bieber CD (you say that no one else sells empty CDs, but there are open ARM boards)
No one is pointing a gun at the people who buy the Bieber CD
People can do whatever once inside Windows (your example mentions "certain volume & EQ settings")
People should be blamed by their own stupidity
The fair solution to the problem; how would you implement a secure-boot-alike technology
1. I don't really care about Microsoft's ARM devices (ie. Surface RT), they're really crappy anyway. At this point ARM devices == mostly phones & tablets, and people who buy those mostly consider them (and use them as) devices, not computers. ARM is not an issue as there are alternatives in the ARM world.
Secure boot on x86 is a much worse issue. When it comes to x86 it is exactly as I said - 90% of x86 CD's are Bieber CD's, some specialists sell empty x86 CD's but they are often more expensive than equal length Bieber CD's.
2. That's a stupid libertard argument. Things can be wrong even if physical coercion isn't involved
3. Firstly, The part in analogy about volume & EQ did not even refer to windows, perhaps you didn't understand it very well. Secondly, people CAN'T do whatever once inside windows - windows is a restricted system, it doesn't let you do what you want to do if it's against microsoft's wishes.
4. That's also a stupid and kind of heartless argument. Some people are not as skilled with computers - that doesn't mean they are stupid. And even if there are stupid people, it's still not ethical to abuse the stupidity or lack of knowledge of people.
5. I wouldn't. SB is pointless. Any system that depends on a top-down model of trust is flawed. The user should be the only source of trust on their computer. SB would work if it A) ONLY accepted user-created certificates and B) was ALWAYS opt-in, ie. it would be disabled by default, so that regular people - who don't really care about the extra security - wouldn't have to deal with it.
Comment
-
Originally posted by mjg59 View PostThat's not how asymmetric cryptography works. The signing key never leaves Red Hat.
Also, and much easier, Linux Foundation will provide a general bootloader with a kernel which in turn will be responsible to boot the various, numerous distros around. All that a hacker has to do is to use that.
There's no way Microsoft will be able to ban and create new keys at the same pace as they're exploited.
SecureBoot, is not secure!!!
SecureBoot, is not secure!!!
SecureBoot, is not secure!!!
Comment
-
Originally posted by mdias View PostIt's funny how you forgot to mention:- People have usable alternatives to this Bieber CD (you say that no one else sells empty CDs, but there are open ARM boards)
- No one is pointing a gun at the people who buy the Bieber CD
- People can do whatever once inside Windows (your example mentions "certain volume & EQ settings")
- People should be blamed by their own stupidity
- The fair solution to the problem; how would you implement a secure-boot-alike technology
It's like blaming intel because the CPU you just bought doesn't fit your AMD motherboard. The user is expected to know the basics of what they're doing!
Apple locks their devices and no one complains. Suddenly MS does the same to theirs and it's the end of the world!
Don't like secure boot lock? Don't buy Windows ARM devices! What kind of lack of options are you talking about!? There's Android! There'll be Sailfish, and Firefox OS, Ubuntu devices. Just don't buy locked devices, Microsoft of otherwise. They need us much more than we need them. THEY should bend to our desires, not us to theirs!
Information is key, and social networks are all the rage nowadays! If you feel like spending time on this issue, please DO something instead of talking about it on phoronix where everyone is already aware and against forcing secure boot. Remember SOPA? Make a pretty video explaining (no bias) why ARM and SB is currently VERY BAD for everyone, and why people should care. Your time will be much better spent there!- ALL boards should be open. You pay for it. You own it.
- If you only can buy locked. It's pointing a gun
- People can do whatever once inside windows. But shouldn't be forced to buy it. That's the point here.
- Ignorance is different from stupidity. And everyone should be presented with a choice. Otherwise it's just evil.
Intel CPUs and AMD CPUs run the exact same software. You don't have to buy a different processor in order to run a certain software (unless the problem is speed or architecture).
Comment
-
Originally posted by dee. View PostI didn't forget to mention anything -
1. I don't really care about Microsoft's ARM devices (ie. Surface RT), they're really crappy anyway. At this point ARM devices == mostly phones & tablets, and people who buy those mostly consider them (and use them as) devices, not computers. ARM is not an issue as there are alternatives in the ARM world.
Secure boot on x86 is a much worse issue. When it comes to x86 it is exactly as I said - 90% of x86 CD's are Bieber CD's, some specialists sell empty x86 CD's but they are often more expensive than equal length Bieber CD's.
Originally posted by dee. View Post2. That's a stupid libertard argument. Things can be wrong even if physical coercion isn't involved
Originally posted by dee. View Post3. Firstly, The part in analogy about volume & EQ did not even refer to windows, perhaps you didn't understand it very well. Secondly, people CAN'T do whatever once inside windows - windows is a restricted system, it doesn't let you do what you want to do if it's against microsoft's wishes.
Originally posted by dee. View Post4. That's also a stupid and kind of heartless argument. Some people are not as skilled with computers - that doesn't mean they are stupid. And even if there are stupid people, it's still not ethical to abuse the stupidity or lack of knowledge of people.
I do appreciate noble attitude from companies, and they get my support for that. However, nowhere is written that a company must have ethical values. People must fight for the law to forbid it, not a company...
Real life example: only very recently cosmetics that are tested on animals were banned in Europe. Why? Because people fought the SYSTEM (not specific companies) to implement a law that forbids it!
People's lack of knowledge is abused every day. I'm really sorry for those who are abused because they had no opportunity to know better, but the people we're talking about!? If instead of only watching garbage on TV, those hours were spent learning, they would know better
Originally posted by dee. View Post5. I wouldn't. SB is pointless. Any system that depends on a top-down model of trust is flawed. The user should be the only source of trust on their computer. SB would work if it A) ONLY accepted user-created certificates and B) was ALWAYS opt-in, ie. it would be disabled by default, so that regular people - who don't really care about the extra security - wouldn't have to deal with it.
I can fully configure which keys are accepted on my systems, or disable it. I don't mean to call you stupid, but if you bought a PC that doesn't have the option to configure that, and kept it anyway, it was a very stupid choice.
Saying that you wouldn't implement a specific technology, that CAN benefit the user, just because others might implement it wrong doesn't sound like a credible thing to do either.
Comment
-
Originally posted by nomadewolf View PostDoesn't matter. With enough time and processing power it can be done.
Please read on cryptography before posting stuff about it. It's not as easy as it sounds, and not always breakable (in a non-bruteforce way). Brute forcing WILL break it, but not in a useful timeframe, unless you're VEEEEEEERY lucky (turns out that one of the initial iterations is the right one).
There has been systems encrypted with TrueCrypt that neither the FBI or CIA have been able to crack.
Comment
-
Originally posted by mdias View PostHumm... If you mean that the system you're trying to crack will still be usefull some millions of years in the future, then sure! You WILL crack it... one day...
Please read on cryptography before posting stuff about it. It's not as easy as it sounds, and not always breakable (in a non-bruteforce way). Brute forcing WILL break it, but not in a useful timeframe, unless you're VEEEEEEERY lucky (turns out that one of the initial iterations is the right one).
There has been systems encrypted with TrueCrypt that neither the FBI or CIA have been able to crack.Last edited by duby229; 28 March 2013, 10:22 AM.
Comment
-
Originally posted by mdias View PostReally!? x86, the platform where OEMs are advised to give the users the choice to disable it and configure it is the worst issue!?
It's not a stupid argument. MS doesn't force you in ANY way. Users buy it because their greedyness and/or ignorance is superior to their ethical values. See any similary here with MS behaviour? I do...
Sorry, you will need to be a little more specific here. What exacly can't you do on your Windows OS that it actively doesn't let you?
Ok, poor choice of words on my part. But the argument still remains: would you blame nature for it's lack of ethical values if a journalist gets too close to a croc and gets eaten?
In other words, comparing corporations (or people) to nature is stupid.
I do appreciate noble attitude from companies, and they get my support for that. However, nowhere is written that a company must have ethical values. People must fight for the law to forbid it, not a company...
Real life example: only very recently cosmetics that are tested on animals were banned in Europe. Why? Because people fought the SYSTEM (not specific companies) to implement a law that forbids it!
People's lack of knowledge is abused every day. I'm really sorry for those who are abused because they had no opportunity to know better, but the people we're talking about!? If instead of only watching garbage on TV, those hours were spent learning, they would know better
Any system should be designed in such a way that user's freedom is the default assumption, and any feature that takes away from user's freedom needs to be opt-in, not opt-out like in "secure" boot.
Go complain to your OEM provider, apparently you have a useless SB implementation.
I can fully configure which keys are accepted on my systems, or disable it. I don't mean to call you stupid, but if you bought a PC that doesn't have the option to configure that, and kept it anyway, it was a very stupid choice.
Saying that you wouldn't implement a specific technology, that CAN benefit the user, just because others might implement it wrong doesn't sound like a credible thing to do either.
Comment
-
Originally posted by dee. View PostYes. OEM's are coerced into implementing secure boot in order to sell win8 machines. Secure boot makes it difficult for average users to change their OS. It's possible to do it if you know what you're doing, but way too difficult for the average user. This makes it harder to try alternate operating systems.
It is a stupid argument. Just because you're not physically coerced to do something doesn't mean you're not forced. Just because you're not forced to do something doesn't mean it isn't wrong. Users are forced to buy hardware with "secure" boot because there is no realistic choice - if you're buying new x86 hardware, 99% of cases it either comes with "Secure" Boot, and hardware that doesn't have "secure" boot is more expensive.
You can't break microsoft's DRM. You can't modify your system to do what you want.
Corporations are not the same thing as nature. Corporations are ran by people who can make choices. Those people are responsible for their actions, and by extension, so are corporations - if corporations act criminally, they can be held accountable in a court of law. Nature cannot be blamed because it's not a sentient entity, you cannot hold nature responsible for anything - if a crocodile eats you, you (or your relatives) can't take nature to court for allowing a crocodile to eat you.
In other words, comparing corporations (or people) to nature is stupid.
And that's what people are doing now. Even the title of this thread says it clearly - people are filing a complaint with EU over "secure" boot.
So? Perpetuating a wrong does not make it right.
Any system should be designed in such a way that user's freedom is the default assumption, and any feature that takes away from user's freedom needs to be opt-in, not opt-out like in "secure" boot.
I don't have any hardware that uses "secure" boot and I don't intend getting any. What does your response have to do with what I said? I said a decent, functional SB implementation should ONLY accept user-created keys, and should always be opt-in. There is no such SB implementation on the market.
"Secure" boot, as it is currently implemented, does NOT benefit the average user. Average users are not knowledgeable enough to create and use their own keys with the current SB implementations, so they default to using MS's flawed top-down trust model. This is unacceptable. No one should place their trust in MS.
If it was the Linux Foundation being the key signing authority and using SB to restrict MS you'd be busy boasting about the benefits of SB as though it was the best thing to exist.
Comment
Comment