We have a huge malware problem and these folks are worried that there's one more setting that a user might need to change before installing Linux? You know, apart from changing the boot order of the devices, partitioning the hard disk, installing into the right partitions, configuring dual boot etc. ?
>This is most easy from Germany, where we have a law that allows us to send back any mail order, internet order or things that had been sold at the door or on phone within 14 days, and charge our money back. So my suggesting is doing this at the moment the first computers ship that are locked to boot only Microsoft systems. Order them, unpack them, ruin the paper and cardboards, and send them back with a note: Can not install Linux.
>The same can be done by people who have an American Express credit card, within 30 days worldwide, I think.
Please think twice before doing that, this will just make the OEMs think that a section of Linux users are mean and just too costly to support. I prefer that some other way of indicating support for Linux is used, like buying hardware with preinstalled Linux.
>It also won't help much if major distributions like Ubuntu or RedHat get a signed key into the boot loader, because UEFI will prevent any normal Linux system programmer from installing his own self compiled operating system.
Huh what? Doesn't Microsoft mandate(to the extent they can, because of antitrust laws) that secure boot be able to be turned off and users be able to add their own keys? Or is the author talking about the slippery slope of the mysterious future?
this is exactly the problem, Microsoft is completely free to change this requirement at any time, also consider the fact they never mandated it previously, until there was a massive outcry.
Another problem is early indications are that disabling secure boot on many of these machines involves re-flashing the firmware entirely, with a ton of steps, and a lot of room for "buggy" behaviour
Compare something like CableCard https://en.wikipedia.org/wiki/CableCARD, where before the FCC mandated that all receivers must use it, people with HD TIVOs would regularly go through dozens of cards because they stopped working randomly, a complete coincidence of course...
I think its atrocious that Microsoft has turned a supposedly open standard (UEFI) into a standard that gives them complete control of modern PCs.
Its easy to obscure the real issue with discussions about rootkits and security, but these infact have nothing to do with how the exact specifics of this particular technology are implemented, and the problems that result.
This a classic example of the syllogistic fallacy (we must do something -> this is something -> we must do this). These issues need to be separated.
The real question is, why should this obvious conflict of interest even be allowed to exist.
> that secure boot be able to be turned off and users be able to add their own keys?
On x86, but not on ARM. And that's quite possibly more important, because ARM platforms are likely porting targets for things like Android that "regular users" might actually want.
There's something to be said here for consumer choice. Why go out of your way to prevent me running something that I'm willing to put effort into running?
After all, it's my goddamn tablet that I'm buying.
The mandatory ability to add keys or disable Secure boot is also quite likely just as secure, except that you still own your device.
I'd even be happy if it was a hidden switch like on the first Chromebooks.
Without Linus tinkering on his own machine back in the '90s, we may have never had Android today. We may have never had OS X on x86 if the random apple employee hadn't decided to try to do it one day.
I support the ability to make, modify, and create. Having good products is important, but let's not sacrifice too much.
Cars still have hoods, even the fanciest ones. Let's not put locks on the computer equivalent.
Then campaign for unlocking the bootloader on the iPad, which is the largest selling "ARM platform" by a huge margin. Interesting that no one seems to care about that.
I would applaud the same campaign against Motorola/Google.
They publish the Linux kernel for their Android phones, complying to GPL. But the lock the boot loader, preventing everybody to install its own kernel.
If having an unlocked bootloader is important to you, stop buying locked phones. It really is that simple. The Galaxy Nexus is $350 unsubsidized on the Play Store[1], and is completely unlocked (okay, I admit, you have to run fastboot oem unlock).
Because they are a huge bureaucracy, they are looking for solutions through control.
This is understandable. That's what bureaucracies do. It won't work, of course.
The problem is that Microsoft's huge security debt (by analogy to technical debt) has historically been paid by its customers. The real reason that your bank is running Windows XP SP4 with IE7 (the new browser, they just got it last month) is because their IT folks are paying down Microsoft's debt. If Microsoft Office file formats didn't contain executable code (historical legacy: debt) and the OS didn't inconsistently confuse file extensions with file formats (historical reasons: debt) and email didn't default to HTML (so you can get a pretty blue underlined Comic Sans signature line) piped through 90% of a full browser (historical reasons: debt), then half of their problems would go away.
The other half are deeper and more systematically rooted in their architecture decisions. Still, it's Microsoft being Microsoft. Their products carry hidden costs, just like light bulbs that become toxic waste. The consumer pays the price, one way or another.
I would also imagine that intentionally ordering something you don’t intend to keep is illegal (though that’s obviously not really enforceable) and to me very clearly morally questionable.
The law exists to protect consumers. I think abusing it to further political goals is just a bad idea.
These days linux distros like Ubuntu are incredibly easy to install, and most computers are already setup to boot from the cdrom first. The problem is this setting has the ability to be worded in a way that would scare most users, so it is unlikely many new users will want to enable it.
Part of the UEFI standard allows a "Do you trust this program?" popup for untrusted media when secure boot is enabled, which would make a lot more sense in this context. If your windows image is modified, it would essentially brick the computer otherwise. A popup would still scare users enough to get their computer looked at (if they didn't know enough themselves), or to be able to say "yes I trust this" if it is a linux system or a different setup (like windows 7, for example).
Why does Microsoft get to use UEFI and others do not? If it is such a valuable tool in fighting malware, why is the only certain option "Microsoft or turned off"?
Surely, if UEFI is indeed the remedy people claim, then having it on as many computers as possible would be a good thing. That you can turn it off is only a surrogate for having an actual workable solution that gives fair access to computer hardware to different operating systems.
>This is most easy from Germany, where we have a law that allows us to send back any mail order, internet order or things that had been sold at the door or on phone within 14 days, and charge our money back. So my suggesting is doing this at the moment the first computers ship that are locked to boot only Microsoft systems. Order them, unpack them, ruin the paper and cardboards, and send them back with a note: Can not install Linux.
>The same can be done by people who have an American Express credit card, within 30 days worldwide, I think.
Please think twice before doing that, this will just make the OEMs think that a section of Linux users are mean and just too costly to support. I prefer that some other way of indicating support for Linux is used, like buying hardware with preinstalled Linux.
>It also won't help much if major distributions like Ubuntu or RedHat get a signed key into the boot loader, because UEFI will prevent any normal Linux system programmer from installing his own self compiled operating system.
Huh what? Doesn't Microsoft mandate(to the extent they can, because of antitrust laws) that secure boot be able to be turned off and users be able to add their own keys? Or is the author talking about the slippery slope of the mysterious future?