Page 12 of 22 FirstFirst ... 21011121314 ... LastLast
Results 111 to 120 of 216

Thread: Linux Group Files Complaint With EU Over SecureBoot

  1. #111
    Join Date
    Nov 2007
    Posts
    1,353

    Default

    To be fair I have to admit that I am biased. So please don't make a judgement based on what you've read me say. Try it for yourself and see what you think. Personally I think it is a pain in the ass that is designed as a restriction mechanism. Sure it can be subverted but the vast majority of people won't.

    It is called "Secureboot" But it doesnt do jack shit for security. It should be called "Restrictboot" because that's what it does.

  2. #112
    Join Date
    Apr 2011
    Posts
    113

    Default

    Quote Originally Posted by duby229 View Post
    But it doesnt do jack shit for security.
    Untrue. It protects against subversion of the early boot process, which would otherwise be undetectable by any anti-malware code. It may not add any security that *you* care about, but it's simply a lie to say it adds no security.

  3. #113
    Join Date
    Nov 2007
    Posts
    1,353

    Default

    So what prevents a malware author from using an existing key? (Or having a list of known keys for that matter)

  4. #114
    Join Date
    Mar 2013
    Posts
    63

    Default

    Quote Originally Posted by Sonadow View Post
    So you say. Then show me a proper ARM-based notebook or notebook suitable for actually doing real work (like compiling code or running CAD) and not just being a toy project that is being sold in huge numbers right now, and I don't mean the Raspberry Pi or the Arduino or the made-in-china netbooks that ship with a 700MHz processor running Android.

    Talk about breaking lock-in on ARM when it gets that anticipated 50% marketshare. And while you are at it, tell ARM to release their GPU driver code as well. Can't do that, can you?
    1. There are ARM-based cromebooks, which can be used for light work: no CAD but you can use them as developer platform for ARM devices.
    2. AMD has already announced their next server technology will be using ARM.
    3. Parallella project is developing an ARM-powered desktop supercomputer.
    4. In my country the famous Mont-Blanc Project will use the same ARM CPU as the above cited Chromebook for building the fastest supercomputer ever. They wait about 10 times more performance than TITAN supercomputer using the same 9 MW. Is this serious enough for you "doing real work"?

  5. #115
    Join Date
    Oct 2012
    Location
    Cologne, Germany
    Posts
    303

    Lightbulb The plan.

    Quote Originally Posted by mjg59 View Post
    Untrue. It protects against subversion of the early boot process, which would otherwise be undetectable by any anti-malware code. It may not add any security that *you* care about, but it's simply a lie to say it adds no security.
    Ok, so then ask yourself this very important question: Unless you directly access the hardware, when are those attacks possible? I give you the answer: Through the operating system.

    If we think further, which company sells the most successful OS of all time _and_ proposed the SecureBoot standard as a standard way of certification for their OS? You are right, it's Microsoft.

    What this leads to is the thought: Why force the hardware-vendors to implement a "security"-mechanism when the actual problem is the OS it is bound to? Isn't it Microsoft which should fundamentally change the security-model of their still-based-on-NT-OS to fullfil contemporary security-demands?

    For me, the case is clear. Microsoft attempts to kill two birds, or rather, two penguins, with one stone:
    1) Advertising a feigned security-mechanism to whitewash their OS in regards to ongoing criticism on their security
    2) Making it relatively extremely hard for the average Joe to try out other operating systems on given certified hardware
    3) Forcing hardware-vendors to either adapt to the unfair licensing model or be left in the dust with non-OEM versions, which is expensive, falsely stating to promote a section of the UEFI-standard

    In this perspective, this plan is actually quite smart and I am looking forward to this case being solved in the interest of the users and not in the interest of one company.
    Last edited by frign; 03-27-2013 at 03:47 PM.

  6. #116
    Join Date
    Mar 2013
    Posts
    63

    Default

    Quote Originally Posted by curaga View Post
    I suppose the Bieber analogy would go more like this: all CDs for sale are Bieber CDs, and all they play on radio is Bieber. Only some small pirate radio and people exchanging cassettes continue to resist, but you will have a hard time finding them, if you can find any near you at all.

    You still know there is some other music, but you cannot get it even with money.
    Very interesting! I think a better analogy would be that of a store full of Bieber certified CD-players which were locked to play only Bieber CDs which a false excuse of "it is a security issue".

  7. #117
    Join Date
    Mar 2013
    Posts
    63

    Default

    Quote Originally Posted by brosis View Post
    Incorrect fallacy.
    The truth for OEM is: "You can agree, or you will die. Nobody is taking that choice from you."

    1) Certification means - accept ALL Microsoft requirements.
    Those who accept certification - get discount OEM OS price.
    Those who do not accept certification - get regular OS price.

    2) Regular OS price is much higher than discount OS price.

    3) 90% of PC come with windows preinstalled.
    95% of hardware vendors have special agreements to priority support microsoft.
    90% of the large software vendors write software for windows or using windows technology.
    90% of userbase is used to windows.

    4) 1+2+3 = if you disagree, your same solution is much pricer thanks to OS price and you are guaranteed out of the market.


    ---
    This is why Linux is not successful on desktop.

    If Linux would have 50% of desktop marketshare, this loop will not work.
    MS would not be able to push own standards from above.
    MS certification would be optional and hardly anyone would accept it. Because its essentially damaging customers and not improving their experience.

    But this cycle is very hard to break and requires major players to disagree with MS.

    Google, Valve - it all started recently, and this is why MS is pushing hard to make new users switch or try other OS EXTREMELY uncomfortable, and up to warranty invalidating(!).

    The habit (used to) approach is not enough anymore, so they invented the cycle agreements (partnerships) with hardware, software and OEM vendors. Those who disagree will be punished monetary.
    But due to recent actions of major software vendors and some softening of OEM vendors, they decided to make it a requirement to glue the OS to PC and make it extremely difficult to ditch.

    If this step is not so successful, they will modify the EULA or require additional condition to OEM EULA via Certification requirement, that those using any other OS than MS will loose warranty.
    Mark my words.
    I think you misinterpreted me, because I was trying to say that Microsoft recent move has nothing to see with security issues but is a unfair attack to competitors such as linux.

    I agree with almost all what you say except the part saying that OEMs had not other option. They have and this is why Dell and HP are selling computers with linux pre-installed. This is why there exist OEMs who only install linux in their computers.

    Regarding the mayority of OEMs vendors who signed exclusivity with Microsoft, they are now suffering from that bad move. I know here a well-known store that sells all the computers with linux, but cannot sell the larger computer stock with Windows 8. They are losing money now and crying...

  8. #118
    Join Date
    Mar 2013
    Posts
    41

    Default

    SecureBoot is good for:
    -Easier to program
    -Seamless boot experience
    -Better BIOS (you know what i mean) interfaces
    -4GB+ Hard Drives
    -Conveniently lock Linux away and call it a 'BUG' (it already happened)

    SecureBoot is not a method to improve security!!! This was already proven!!!

    Windows shoudln't even be able to sold together with computers (it's illegal, by the way). At most, and i strongly emphasize the at most Windows could come pre-installed and those who so choose would be able to buy a Key and activate it.

    AT MOST

  9. #119
    Join Date
    Jan 2013
    Posts
    1,359

    Default

    Following the Bieber analogy:

    All the CD's being sold are Bieber CD's. Some pirate radios play other music but you have to know how to find them, tune on to the right channel and record the music yourself in order to play it on a CD. But wait! No one sells empty CD's. (For the purpose of the analogy, let's assume all CD's are rewritable). So the only way to get other music is to buy a Justin Bieber CD, and record other music on top of it.

    There are some specialist stores that sell empty CD's, but they are actually more expensive than Bieber CD's. And they are few and far between. So most people just end up buying Bieber CD's and recording over them.

    But not so fast! Suddenly Bieber's recording label decides that the next CD they release needs to have a mechanism that makes it really hard to record over the CD's. They devise some kind of DRM scheme, and leverage the CD-player manufacturers that their players must implement this DRM that prevents recording on top of Bieber CD's. They justify this as protecting the consumer's CD player from malicious music. Music aficionados know how to circumvent the DRM, but it is way too difficult to the layman.

    At the same time, there are a couple of small bands - one is called Frank & The Flying Fedoras, and another is some kind of ethnic world music, sounds kind of African - who collaborate with Bieber's recording label to get their songs released in such a format that they can be recorded on the Bieber CD's. Now you can easily listen to Frank & The Flying Fedoras by inserting your Bieber CD, tuning in to the right station and pressing rec, but if you try to listen to any other music, you have to circumvent the DRM. Also, Frank & The Flying Fedoras can only be listened to with certain volume & EQ settings. If you want to change the settings, you again have to circumvent the DRM.

    The end result is that Bieber keeps getting richer and more obnoxious, and everyone is sick of him, but most just sort of grudgingly accept that if they want to listen to music, they have to tolerate him. Meanwhile the underground music scene is divided. Some people are really pissed at Frank and the other bands for going along with this idiocy, while others defend Frank and say he's doing good work making music more accessible - it's just a fact of life that you have to work with Bieber, they say; no one likes it, but what can you do, let's be realists here, they say.

  10. #120
    Join Date
    Mar 2013
    Posts
    41

    Default

    Quote Originally Posted by dee. View Post
    Following the Bieber analogy:

    All the CD's being sold are Bieber CD's. Some pirate radios play other music but you have to know how to find them, tune on to the right channel and record the music yourself in order to play it on a CD. But wait! No one sells empty CD's. (For the purpose of the analogy, let's assume all CD's are rewritable). So the only way to get other music is to buy a Justin Bieber CD, and record other music on top of it.

    There are some specialist stores that sell empty CD's, but they are actually more expensive than Bieber CD's. And they are few and far between. So most people just end up buying Bieber CD's and recording over them.

    But not so fast! Suddenly Bieber's recording label decides that the next CD they release needs to have a mechanism that makes it really hard to record over the CD's. They devise some kind of DRM scheme, and leverage the CD-player manufacturers that their players must implement this DRM that prevents recording on top of Bieber CD's. They justify this as protecting the consumer's CD player from malicious music. Music aficionados know how to circumvent the DRM, but it is way too difficult to the layman.

    At the same time, there are a couple of small bands - one is called Frank & The Flying Fedoras, and another is some kind of ethnic world music, sounds kind of African - who collaborate with Bieber's recording label to get their songs released in such a format that they can be recorded on the Bieber CD's. Now you can easily listen to Frank & The Flying Fedoras by inserting your Bieber CD, tuning in to the right station and pressing rec, but if you try to listen to any other music, you have to circumvent the DRM. Also, Frank & The Flying Fedoras can only be listened to with certain volume & EQ settings. If you want to change the settings, you again have to circumvent the DRM.

    The end result is that Bieber keeps getting richer and more obnoxious, and everyone is sick of him, but most just sort of grudgingly accept that if they want to listen to music, they have to tolerate him. Meanwhile the underground music scene is divided. Some people are really pissed at Frank and the other bands for going along with this idiocy, while others defend Frank and say he's doing good work making music more accessible - it's just a fact of life that you have to work with Bieber, they say; no one likes it, but what can you do, let's be realists here, they say.
    DAT
    Nice analogy

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •