Redhat/Fedora selling out to Microsoft

I guess some of us have become so jaded by the tragic absurdity that is IP law and policy that there is simply nothing left to add to the conversation or rant about any more.

I was going to comment earlier today after seeing your OP, but have become calloused to these issues.

Yes, it's depressing that one of the top FOSS successes has sold out and chooses to pay the tithe to the Supreme Software Master of the known Universe (i.e. MS). It appears no one will be able to market software without tribute to the King- an unbelieveable outcome of the "computing revolution" and the freedoms it was supposed to grant individuals.

No flying cars, no hovering skateboards, no monoliths on the moon, now no computer freedom- like Yogi Berra sez- "The future ain't what it used to be!"

We'll see how Canonical handles this...

Not sure what to say. It looks like Fedora/Red Hat were backed into a corner and this was the best solution they could come up with. I guess we will have to see how the other companies handle this.

So, time to move away from Redhat-compatible distros, then

Looks like the only "untainted" major Linux branch is Debian, and other smaller independants (like Arch, etc)

http://futurist.se/gldt/wp-content/u...2/gldt1202.png

MS already tainted the Suse associated distros through the Novell/SCO meddlings.

Exactly.

This has been MS's modus operadi for 30+ years. No need to articulate the process for us "old timers". Funny how the youngin's fall for it time and again.

Another relevant post:
 

This is ALWAYS how they operate (any entity with too much power)- some policies appear innocuous in the planning stages, then WHAM- they get you with arbitrary changes later. Death by a thousand cuts works quite well...

This is the difference between recognizing bad policies early in the game, when those policies violate basic principles- user abuse/control/freedom implications.

Unfortunately, not everyone has the ability to recognize and/or the power the stop these violations of principles until they are manifest much later down the road in concrete real world application. MS knows this and uses it to their advantage.

Edited by Rgb - 10/9/12 at 11:36am

Just like every other folly invented by Microsoft...there will be ways to get around UEFI. The more things change, the more they remain the same, so to speak...

According to Microsoft's specifications, x86 machines that are sold with a Windows license sticker must have secure boot enabled, but must also offer a firmware option to disable it. There would be little point to secure boot on a Linux machines, so if you're not dual booting there is little to worry about. Machines, or components one would assume, that don't come with Windows will probably not have secure boot at all, or at least not enabled by default.

This is just a work around to have Fedora (and other distros) install to a secure boot environment out of the box, with five clicks.

The bigger problem is UEFI boot in general. Setting a computer to boot in UEFI is tricky. Fortunately, most computers have a BIOS emulation mode, so no problem there either.

Yep.

And what do you want to bet that MS will offer all kinds of extra promotional dollars to OEM's that leave out the disable switch.



Yep.

But, I think they'll always have to have the ability to burn new firmware into the ROMs [just in case they screwed something up in the original release]. So, I think the best that we can hope for is that there'll be people that are willing to reverse-engineer everyone's firmware and come up with patches to the secure boot code so that it falsely reports that everything passes.

But that'll mean having to risk bricking your MB with a firmware patch to install Linux.

Yeah, if it indeed become necessary to hack a motherboard BIOS to install something other than Windows, that is what we will be doing. There are people installing Debian on phones that have the bootloaders locked by OEMs, right now, today! Even installing Android on M$ devices that had locked bootloaders. Even if it does become a hurdle for novice Linux users, someone will find a way to reverse engineer the problem. And lots of OEMs, like Dell, actually make a lot of money selling enterprise equipment that runs Linux. So overall I think everyone is just going on FUD with this. Speculating about it is kind of pointless this early in the game.

So maybe not all hardware manufacturers will want to be Win8 certified. Apple is one example, they have had proprietary hardware for years already, that requires some hacking to install a different OS. There is a market, small though it may be, for non Windows PCs, and I think manufacturers would be foolish to give in to M$ and support their goal of monopolizing the PC world. Sure hardware makers must be Windows certified, since that is the biggest marker. But, everything doesn't have to be. Anyway, this will play out as it will, no matter what we think or speculate at this time.

For my part anyway, I'm not looking to buy any new hardware for the next several years. I'm willing to just wait and see what becomes available when I do need/want to upgrade. So the situation just doesn't worry me. But it does amaze me the power M$ has to dictate to hardware manufactures what "features" to include.

Linus Torvalds on secure boot.

Just so I understand, is this for M$ computers or everything? In other words, if I buy a Biostar mobo, then will it have this secure boot?

It's all speculation at this point, but between the likelihood of MS offering cash incentives to the hardware manufactures to lock everything down and the manufactures really not wanting to support multiple versions of firmware, it's a significant possibility.

Keep in mind that there's actually only a couple of MB manufacturers. Everybody else just buys unbranded boards and stamps their own name on them.

I'm a Debian girl and if Debian caved in like "Red Hat/Fedora", I would no longer donate money to them. I've always either used Ubuntu or Debian. I really think this is sad even though I've never used the rpm distros. I for one will not buy a motherboard in which this crap can't be disabled. I hope Asus allows this feature to be disabled.

Great. I may not be upgrading for awhile.

These kinds of policies and schemes will never end. Ballmer and his ilk will never stop-

https://www.youtube.com/watch?v=La_u1jPLOIA

http://siivola.org/monte/papers_grou...sychopathy.htm

http://hbr.org/2004/10/executive-psychopaths/ar/1

http://www.correntewire.com/psycopat...xecutive_trait

http://www.dailykos.com/story/2011/1...al-psychopaths

Good /. discussion

http://linux.slashdot.org/story/12/0...i-restrictions

Of course, this is a ploy to label anyone not running Windows/MS approved software in the future as "insecure"- simple mind tricks that work quite well for the average consumer and corporate users. If you have to disable the secure boot feature on your computer, you MUST be "NOT secure" anymore, right? Simple FUD mind tricks for the masses.

The principle being violated here is that the owner of the computer is the only entitiy with the right to apply keys and sign their software. In the FOSS/Linux world, this is trivial to implement- just make the repos/Ubuntu Software Centers/$DISTRO_APP_STOREs of the world sign software as its installed, compiling the app as part of the download/install process if needed, all automated of course. The computer owner would input their hardware key/serial number printed on the mobo (or arbitrary random key they formulate themselves) to complete the software signing process.

The policy flaw in the MS scheme is relying on entities outside the computer owners control to manage keys/signing. Only the computer owner should manage their keys and software signing.

FOSS/Linux solved trusted software from day one- first, by storing software at known trusted sources (repositories, random .rpm's or .deb's or untrusted third party repos notwithstanding), second by relying on open sourcing, so everyone can have their eyes on the code if needed to ferret out security/privacy issues (closed binary drivers notwithstanding).

Microsoft Certificate Was Used To Sign Flame Malware

http://news.slashdot.org/story/12/06...-flame-malware

So much for "secure" booting...

Relying on entities outside your control to sign and secure software on your computer results in this-

Flame Malware Hijacks Windows Update

http://it.slashdot.org/story/12/06/05/1638228/flame-malware-hijacks-windows-update

Ubuntu Lays Plans For Getting Past UEFI SecureBoot

http://linux.slashdot.org/story/12/05/31/190217/red-hat-will-pay-microsoft-to-get-past-uefi-restrictions

http://sourceforge.net/projects/elilo/

http://en.wikipedia.org/wiki/Unified_Extensible_Firmware_

https://github.com/mfleming/efilinux

http://lwn.net/Articles/453638/

http://www.theinquirer.net/inquirer/news/2186842/canonical-intels-efilinux-ubuntu-uefi-secure-boot
Edited by Rgb - 6/26/12 at 7:06am

Oh I'm not worried. There is always a way around things. There are always cracks.

That said, I was considering going to Fedora because it has selinux integral, as opposed to Debian's bolted on. But with this M$ bootloader, no way man.