This is an articulate, succinct article that clearly outlines the concern without any FUD or name-calling. This is what I want to see from the FSF, and what would make me more likely to donate to them in the future.
I hate to turn this into an RMS rant, but this approach stands in stark relief to his "iBad/iGroan/Swindle" theatrics. This, I can appreciate. This, I can get behind. I just wish that these kinds of articles and press releases were what the FSF was most known for.
I don't think you really mean this: "I hate to turn this into an RMS rant". If it was true that you didn't want to turn it into an RMS rant, then why did you do exactly that?
The "theatrics" you refer to -- picking alternative, damning names for treacherous computing devices -- are very much present in this article:
Instead of "Secure Boot," the article says, if the vendors implement it in a way that deprives users of control, we should call it "Restricted Boot". Even the reason for the alternative name is similar to the reasons in those other campaigns.
So, the "name-calling" is there - to help people remember the issue.
Is FUD present in any of these campaigns? "FUD" is a derogatory name for negative statements that drum up false fears, uncertainties, and doubts. In these various FSF campaigns, the fears, uncertainties and doubts are all quite realistic.
"Restricted Boot" is a perfectly good name for a BIOS replacement that would only allow you to install pre-authorized OSes. "iGroan/iBad/Swindle" is immature playground nonsense.
As for not wanting to turn my post into an RMS rant but doing so anyways, I felt it was germane to the submission. You're free to disagree, but there's nothing inconsistent about having reservations about something you're doing.
The name-changes the parent post were referring to were bad puns. "Restricted Boot" is not a bad pun. It's just descriptive of what they fear it may be.
> The threat is not the UEFI specification itself, but in how computer manufacturers choose to implement the boot restrictions.
Exactly. When Apple shipped the first Intel Macs without Boot Camp, there wasn't outrage that Windows/Linux couldn't boot; People that cared just didn't buy them. Just don't purchase a computer that has been crippled by the manufacturer.
It will still be possible to build your own computer - OEMs will only bother to certify entire systems, and bare motherboard sales won't be affected by Windows Logo Certification since the class of users who build their own computers don't even notice marketing programs like that.
It's also likely that many, perhaps even most, certified systems will offer a means to disable or customize the secure boot functionality. You can disable Computrace, TPM, and Intel ME on virtually all machines that ship with them. This should be no different.
The problem is not that enthusiasts who want to run an open source operating system won't be able to choose appropriate hardware to run that OS. The problem is that Secure Boot may remove the option of buying a Windows PC and then at some later time deciding that you want to run an open source operating system on it from those who weren't thinking about open source operating systems to begin with.
At the moment, every PC sold is a potential target for a Linux distribution or other open source operating system, and hence every PC sold increases the size of the potential market. Secure Boot has the potential to disrupt this: a PC with Secure Boot may deny the owner the ability to install and run an unauthorized operating system. This could significantly reduce the potential market for open source operating systems.
Look at it this way: at the moment if your mum/dad/grandparent/whoever is willing to try a different operating environment, you can install pretty much any Linux distribution (or other open source operating system) on their hardware, or if they can do so themselves. And by 'can' here, I don't just mean that you personally are able, but also that the original manufacturer allows that kind of thing to happen.
In the future, computer manufacturers may sell computers to people on which you (or they) will no longer be allowed to install an open source operating system for them to try out, even if they want to.
I would also like to mention the common use of Linux on recycled or older computer hardware. There is a mountain of hardware sitting in warehouses or going into landfill. Many of these machines are usable with Linux. If restrictive boot-loaders become common on consumer grade hardware, that option is closed off.
Hello bad_user. Yup your comment is probably spot on for the £300 15.4 inch 'household laptop' that is very popular in the UK for consumer purchase.
I suspect as pad devices and mobile phones take over the real mobile use cases, laptops will get a bit more expensive as the market shrinks.
There is an opportunity to build them a bit better and to make them a bit more recyclable/upgradeable. Each product manufacturer has to make small decisions like this across all areas if we are to achieve sustainable consumption.
The tricky bit is encouraging manufacturers to make those decisions.
A lot of the second-hand computers go to charities, and end up in schools of developing countries, etc. These are often places that wouldn't be able to afford computers otherwise.
On long term, the people who learn computing this way may be a market for new computers, and that makes it good for computer manufacturers.
Besides that, computers in a landfill is a terrible idea, ecology-wise.
Do you have any data to back this up? I've been tasked with getting rid of old computers before (at a large company) and it was a very painful process. Schools wouldn't take them. I can't even imagine trying to send them to another country! We ended up actually paying someone to haul many of them away.
> The problem is that Secure Boot may remove the option of buying a Windows PC and then at some later time deciding that you want to run an open source operating system on it from those who weren't thinking about open source operating systems to begin with.
Exactly. This is how I got into GNU/Linux in the first place, and I'm sure I'm not the only one. Removing this option will severely hinder the adoption of better, free operating systems.
No - it is not the same. That was one manufacturer - this is everyone of them. With Apple, what you were looking at was a single, vertically integrated walled garden, that was never even the playing ground for DIY.
For many in the west, DIY is synonymous with "enthusiast". But here in Asia/India, a very VERY significant percentage of the total PC market is held by "unbranded" PCs - about 45% (ref: http://trak.in/tags/business/2011/05/17/top-pc-compnies-indi... ).
This is so relevant to the Indian market that it is almost scary. As a yardstick - for a fresh hire in India's largest tech employer, Infosys, buying a Macbook is almost 6 months salary. Buying an unbranded PC running Linux is about a month and a half salary.
Secondly, your assertion that motherboard sales wont be affected is wrong. The push to implement this is piracy and not marketing - which means Microsoft (and not the end users) will be the driving force behind the push to certify motherboards.
"It will still be possible to build your own computer"
That's like saying it will be possible to build your own tablet or laptop, because that's what most people will use in the future. People are moving away from PC's so that's not a very good argument.
I am not quite convinced that the days of the PC are over, but I can see the market being squeezed quite a bit. And none of the devices that are supposedly the future have the same open nature as the PC.
kogir wrote: "Exactly. When Apple shipped the first Intel Macs without Boot Camp, there wasn't outrage that Windows/Linux couldn't boot; People that cared just didn't buy them. Just don't purchase a computer that has been crippled by the manufacturer."
The free software movement seeks to educate all people about software freedom and to encourage them to value and protect software freedom.
When someone buying a product "doesn't care" about these restrictions, especially if the buyer doesn't understand what they are giving up, that's a problem the FSF wants to solve.
So, yes, by all means: if you don't want those restrictions, don't buy those products. The Free Software Foundation would like to help more people come to that same conclusion, rather than naively buying into a software world where users no longer have much control over their own computers.
What is important is that we have a voice that can apply pressure where required on the pc / motherboard manufacturers at this time, while things are yet to be decided.
The article does say that this could go either way; a point well worth raising with the decision makers who I expect aren't technical like us.
It's a little different when a single, minority system vendor who is selling systems at twice the price does something like this, vs. when the dominant player in 90% of the market wants to require it of all the PC vendors.
It doesn't make Apple right, but the surface area affected was much smaller so the objections were commensurately sparse.
I think we should fear Microsoft lowering OEM licensing prices for manufacturers who remove the option to disable secure boot. They'll probably justify that by claiming it will help reduce piracy and support costs and say that it helps bring computers to more people.
Microsoft supports OEMs having the flexibility to decide who manages security certificates and how to allow customers to import and manage those certificates, and manage secure boot. We believe it is important to support this flexibility to the OEMs and to allow our customers to decide how they want to manage their systems.
Get back to me when Dell includes the certificate I use to sign the Linux kernels I compile here.
This only allows other companies that offer proprietary OSs that run on x86 PCs to try to persuade OEMs to include their certificates in the trusted certificate list. It's great news for... mostly nobody.
>They'll probably justify that by claiming it will help reduce piracy and support costs and say that it helps bring computers to more people.
Their stated reason thus far is that it prevents rootkits that load even before an antivirus can run, thus being able to hide itself. I don't think it reduces piracy, or support costs except those caused by boot malware.
There are "activator" bootloaders that trick a pirated copy of Windows into thinking that it's licensed. Of course, any machine with secure boot will already include a licensed copy of Windows 8, but secure boot could prevent people from installing pirated copies of Windows 9.
> will already include a licensed copy of Windows 8
Even if the first thing you do is to disable the damn thing and install your favorite OS. If it's already hard to buy some computers without Windows, this may make it completely impossible.
We have already seen this before .. I have a stack of Panasonic Toughbooks that have a locked BIOS configuration, and absolutely nothing can be done with these machines (they were thrown away, stupidly) because nobody knows the password to re-configure them to boot properly. The BIOS is completely locked down.
So, we will start to see this happen on a broader industry scale, and in my opinion the benefits of "secure boot" definitely do not outweigh the liability of making hardware that won't be useful in the future, simply because 'the OS it originally had on it was such utter shit to require such measures in the first place'..
Is it possible to reset the bios? Back in my pc repair days it was possibly by shorting two pins on the motherboard, usually they were near the bios battery
Alternatively, removing the BIOS battery and then reflashing the BIOS chip was an option. A scary, unreliable option because reflashing wasn't always possible and you didn't really know for sure until you tried.
Nope, this cannot be done with these Toughbooks - there are fuses in a surface-mount package that are programmed with the secret key and the BIOS cannot be reset with 'traditional' remove-the-battery hacks - these fuses either have to be read out, or the package needs to be replaced.
Its a huge hassle and a dire waste of hardware to have this occur and I personally do not look forward to a future where the whims of a despotic software company dictate what we can do with our possessions. Oh, wait ..
I always suspect the entertainment industry behind stuff like this. I know the only reason Netflix doesn't run on Linux(even though it runs on ChromeOS, which is linux) is because it is open source. With "secure boot", they could be sure there is no way for you to do anything with the video/audio stream except watch or listen. I think this is the real reason behind this madness. The compromise will be that your hardware will still run, but certain features will be missing without an "approved OS".
Some publishers of various kinds of media welcome the idea of treacherous computing for exactly the reason you suggest: If enough people agree to buy broken computers - so broken that they can not be programmed to copy certain files, for example - then big music companies, book companies, movie companies, etc. all have an easier time. They can, as you say, deliver content only on these broken devices, leading more people to give up their software freedom in exchange for more convenient access to TV or tunes.
It doesn't stop there, though. Some software vendors also like these restrictions. With treacherous computing, vendors can make themselves the exclusive providers of software and enjoy monopolistic pricing. In contrast, consider that the cost of a complete operating system for a non-broken computer starts with many decent options at a price of $0.
Treacherous computing also makes it easier for software vendors to monitor their users in ways that users can't control and might not even notice. There is no way, for example, to tell some devices not to "call home" and betray a users privacy to their vendors.
So it's a convergence of reasons, not just the "entertainment industry" (I guess you mean a few big companies, not everyone who sells entertainment) behind the thing.
This is FUD. Is windows 8 shipping? No. Are there any systems in the wild locked to windows 8. No. Have any vendors come out and said they plan to restrict FOSS from booting so I know who not to do business with? No.
Call me back when someone has actually locked out FOSS.
I can't get to the article, so I haven't read it yet and can't comment on it specifically. However, pre-emptive concern is not necessarily FUD. A little sabre-rattling can send a signal to manufacturers that they need to provide an option to disable secure boot or they will tick off a vocal customer base. Waiting until someone has actually locked out alternative operating systems is somewhat too late; the point is to prevent them from doing it in the first place.
A lot of the comments, and some articles regarding the issue pose the idea that Microsoft is trying to restrict users from installing other Operating Systems in their own machines.
I personally doubt that is the case. Microsoft has bigger problems, and I don't think they are trying to block other OSes (especially Linux).
Even so, I don't think the "Secure Boot" implementation will get traction. I think, that even though it s a good idea for malware protection, the execution and wide adoption is not that easy. I believe the "Secure boot" thing won't get very far.
Regarding the FSF, I won't comment, I think RMS has tainted enough for me.
if computer makers wish to distribute machines with the Windows 8 compatibility logo, they will have to implement a measure called "Secure Boot."
I obviously have no idea how much that little sticker is supposed to be worth in terms of sales in store, but if Dell, say, complies while others do not they can legitimately claim 'only our computers are windows 8 compatible'.
MS is targeting the distribution with this, not the end user, so traction is a lot easier to get.
Yes, they'll have to implement Secure Boot if they want the little Windows 8 sticker. There's nothing there that says they can't provide an option to turn it off. All arguments make the assumption that Secure Boot is required to be on at all times and not just on on-by-default option.
I think that sticker, if required, will obviously pressure OEM makers to obtain it. I believe Microsoft will not go through with implementing Secure Boot. There is no real benefit. The developers pushing this are trying to make Windows more resistant to malware. Secure Boot is not fail proof though. I think in the end, the cost of implementation and distribution of this will out weight its benefits and kill it.
> Did you read the article? It's not about "traction", it's about having that sticker or not:
"to distribute machines with the Windows 8 compatibility logo, they will have to implement a measure called "Secure Boot."
Read the article. Windows 8 still a year away (or more). Microsoft right now is shooting ideas in the air. Will this really mean that Windows 8 will force it for real? Who knows. That is exactly what I am saying. I don't think this will get traction enough to get implemented. If it gets implemented, yes, probably it will have to get traction, that sticker will make sure of it.
Microsoft right now is far away from releasing Win8, things like this popup every time they are releasing a new version. A lot of them get dropped. I believe this will get dropped.
>> RMS has tainted enough for me.Consequently, Secure Boot is OK :-)
Nop. Secure Boot is not ok. I just don't trust the FSF any more.
I'm curious: what could the FSF have possibly done to earn your distrust? Have they ever lied? Have they ever hid their intentions? Have they been factually incorrect on a particular issue? Or did they made predictions that haven't realized? Or did they act like jerks? (This one doesn't count in my book.) What happened? (I'm serious, I'd like to know.)
Thinking on an answer, I realized that it is not that I don't trust the FSF, I just don't care much for their actions anymore. Their intentions have been devaluated by the actions and comments of RMS. Everytime RMS gives in to its tendency to destroy more than create, the FSF looses value for me.
And this is obviously my opinion. I know a lot of people believe the contrary, and that is ok. Everybody is allowed to have an opinion.
Let me explain why secure boot/trusted computing matters for me personally.
More of my life is conducted on a computer than ever. My family photos, banking transactions, files are all stored on a computer. Meanwhile, Flash and Adobe Reader installs security updates on a regular rhythm. I need my PC to be secure from drive-by downloads.
Getting linux to run is a secondary issue, as much as I value software freedom.
You should not be running Flash and Adobe Reader on a computer that has access to your banking transactions and family photos! Secure boot won't help with that!
I hate to turn this into an RMS rant, but this approach stands in stark relief to his "iBad/iGroan/Swindle" theatrics. This, I can appreciate. This, I can get behind. I just wish that these kinds of articles and press releases were what the FSF was most known for.