The whole "security" model around CAs signing stuff is broken by design. So is "Secure Boot".
At the end of the day the black hats will take over your computer (with a cert from Microsoft) and you will be locked out. At that point your own hardware will "trust" them, but not you. Linux shouldn't support nor promote that. |
Exactly. Bad ideas should not be used and the same goes for all kinds of software. Too much "trust" in one piece of software can leave a system not only vulnerable to failure, but lacking proper abilities to recover or correct as without redundancy or a fail-safe option to do so.
Putting all of one's eggs in a single basket leaves all the eggs prone to being broken from the basket failing. |
I am happy to see Linus take a stand. I have several problems with UEFI.
Secure boot. This has been talked about enough that I won't go into any more detail. UEFI uses FAT32 even AFTER Microsoft has repeatedly launched legal challenges against companies using FAT file-systems. Intel architected EFI and chose FAT32. Why was FAT32 kept in the standard when it became UEFI? Why not an open file-system like EXT2? The UEFI standard actually does not require FAT32. However, I have never seen a computer with UEFI that does not require FAT32 for the system partition. Why are we not more vocal about having computers with UEFI also support EXT2 for a system partition? So far UEFI has been an excuse for manufacturers to write buggy software that only works with Windows. Unfortunately I don't see manufacturers interested in fixing problems that don't affect Windows. Among other things some UEFI software does not easily allow the user to change the boot order. In fact, A new HP machine that I recently bought with Windows 8 did not come with the UEFI command shell at all. I had to download it from the UEFI developer's site to change the settings on MY computer. Microsoft forced us all to live with the Boot Configuration Database because computers lacked UEFI. Supposedly UEFI was going to replace the BCD. Apparently Microsoft no longer wants to make the Boot Configuration Database belong to the computer. Making changes in the BCD to use a non-Microsoft boot-loader isn't possible. Also, Microsoft provided no way to chain to any other boot-loader. Add to that the fact that just starting the Microsoft boot-loader replaces the default boot-loader with Microsoft's. Instead of the consumer having more control, and a better integrated boot environment, we have less control, more complexity and more segregated boot environment. With UEFI we also have less visibility into the boot configuration. The stark reality is that we're heading towards two different classes of PCs, Windows PCs and "open" PCs. Even without secure boot and UEFI, hardware has been slowly migrating away from open standards. Companies selling PCs really don't care if the hardware is incompatible with non-Windows operating systems, nor how expensive or complicated it is to write a non-Windows driver for their hardware. We've had a taste of this with "winmodems", "fake RAID" and wifi chip-sets. Because of the dwindling PC market, I expect some computer retailers and manufacturers to go out of business, and some motherboard manufacturers as well. Whether that will spur some to better support non-Windows operating systems remains to be seen. Even if hardware supports other operating systems I expect companies to charge a premium for computers that can run the other operating systems. We are already seeing companies like HP decide to only support Linux on "business" class PCs. A lot of Linux support has been happening more by accident than design. Linux support is going to require serious effort as hardware moves further from standardization. Linux distros and developers have contributed this problem by letting things get too fragmented. That has left only the big Linux developers in a position to affect how computer manufacturers support Linux. We need to figure out how to combine our forces at least for some things. People don't always realize how important Linux is for innovation. On many occasions the only technical information I have been able to get for Intel or other hardware has been by looking at Linux source. Hardware companies are keeping more and more information secret. That stifles competition with the larger companies and discourages smaller companies from developing software and hardware for consumers. In the end, hardware and software will become more expensive. Anything open will be even more expensive. |
Quote:
Quote:
Quote:
|
Quote:
|
Quote:
|
Quote:
|
Quote:
|
Windows 8 certified??? Since when has a Toys'R'Us OS been a guarantee of quality?
|
Quote:
BCD on the UEFI system I'm typing this message on refuses to chain load LILO/Linux. Of course, it doesn't matter, because we can point UEFI to ELILO... BUT saying that BCD can chain load other bootloaders on all systems is patently wrong. Microsoft must have changed something because it works on my old [pre-UEFI] desktop machine. |
Reading through Pat's comments (both in this and at least one other thread), Linus' comments (gee, Linus, tell us what your really think), articles here and there about UEFI and remembering clearly every problem I've ever had with Microsoft software (from DOS through Win7, like it or not, it comes with the box and you've got to deal with the damned thing). I'm almost glad that I'm old (68) so I probably won't have to deal with the next generations.
I have a couple of Dell Inspiron 8400's sitting in a closet running large data bases. One of them had a bad capacitor a year ago or so (cost, like $65 for a new motherboard, sometimes older hardware pays off) and I know there's going to come a time when they'll be a puff of smoke and that's that. I cannot imagine the problems that I (and everybody else) will face buying a new server and not being able to install Slackware x.x on it without having to screw around with some damned Microsoft "thing" so I can use the platform -- given comments from people who know, say, Linus, Pat, the FSF -- things don't seem to bode well for this kid. Actually scare the hell out me unless somebody can demonstrate, for sure, with real hardware and real software, that the thing will actually work; opinions to the contrary are just that, opinions. Gimme facts and show me. I'm old, I'm tired and I don't really want to reinvent the wheel again. I have to have Windows -- people give me money to do things who don't want to convert to a real operating system. I will not, under any circumstances, install Windows directly on a machine -- it goes in VirtualBox and that's proved to be fine so far. But, if I happen to live long enough for Win7 to EOL... then what? I've gotten to point that I won't buy a computer with proprietary graphics or sound cards because I don't want to deal with problems (the FOSS driver are getting better, but there are an awful lot of folks having problems and I don't need that -- the default Intel graphics and sound are just fine, thank you) -- I can't imagine having to screw around with UEFI (or have to pay micojunk for a license). I shudder at the prospect. We're lucky, methinks, that we have one guy making the call on what goes into Linux, no committees, no politics, no compromises, no nonsense: Linus says yes or no and that's that. We're also lucky that we have Pat and crew (ditto). We're also subject to the whims of a 2-bit outfit that drives an entire industry (that goes along because it's their bread and butter) simply because that outfit demonstratively never has and cannot now make safe, secure products. Alas. |
Quote:
I don't think it will negatively affect the server market much, if at all. In the short term I think it will indeed hurt, or at least impede, the adoption of Linux as a desktop OS; yet looking forward, might lend itself to breaking the stranglehold Microsoft has over OEMs. i.e., Windows 8, unlike all previous Microsoft OSes, searches for imbedded Microsoft code in the BIOS to determine whether it can self-activate. If it doesn't find it, then and only then does it need to phone home to activate its license. Kindest regards, . |
Quote:
|
how long before x86 goes the way of the dinosaurs and ARM is what is left
facebook and google are starting to use ARM in the server room how long before x86 is gone ? something will take it's place but with Win8 ARM laptops and tablets ALREADY locked out of running anything else besides win8 ........ the next few years will "be fun" and not HA, HA, fun things WILL get straitened out ( one way or another) but in the mean time , it will be a mess |
Quote:
Based on the information I can find, on UEFI systems, the "bootmgr" cannot chain to any other UEFI boot loaders. The old BIOS method of chaining "APPLICATION BOOTSECTOR" only works in BIOS booting mode, not UEFI. A UEFI file ending in ".efi" cannot be loaded by the "bootmgr" unless it has a special header that is is present in "WINLOAD.efi". Specifically, "bootmgr" will load UEFI files that have a header with "EFI_IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION" and not "EFI_IMAGE_SUSBSYTEM_EFI_APPLICATION". That is true even with secure boot disabled. You are correct, that one can simply use ELILO or some other UEFI boot loader and then chain to the Windows boot manager. Quote:
Quote:
And that gets back to what I think are the real issues. How much power should corporate Linux interests have to dictate the direction of Linux? Do their choices make Linux more compatible with consumer PCs, or do they burden Linux with complexity and reduce compatibility? Does giving Microsoft more control over PC hardware and the boot environment benefit or hurt consumers in the long run? |
All times are GMT -5. The time now is 10:15 PM. |