Re: [arch-general] Campaign against Secure Boot
On Mon, 2012-06-25 at 22:29 -0400, Manolo Martínez wrote: On 06/26/12 at 12:55am, Karol Babioch wrote: I have only the following criticism: Given the relatively low cost of getting a signed certificate from Microsoft (to my knowledge it will cost about 100 USD), it might fail to achieve what it is proposed to. Obviously Microsoft will try to prevent any sort of abuse, but even if Microsoft only hands out signed certificates after some extensive checks to trustworthy companies/organisations, it can't control it from there on any more. Just for clarification: you seem to be endorsing a model in which organizations (linux distros?) pay Microsoft for the right to install non-Microsoft software in PCs. Is that correct? First of all: Apologize for my OT noise. Second: Yes, FLOSS users are willing to pay 99 USD to an organization to use free as in beer software. I can't resist: http://www.youtube.com/watch?v=4IXmHqPWxUw ;D
Re: [arch-general] Campaign against Secure Boot
On Tue, 2012-06-26 at 10:28 +0200, Ralf Mardorf wrote: On Mon, 2012-06-25 at 22:29 -0400, Manolo Martínez wrote: On 06/26/12 at 12:55am, Karol Babioch wrote: I have only the following criticism: Given the relatively low cost of getting a signed certificate from Microsoft (to my knowledge it will cost about 100 USD), it might fail to achieve what it is proposed to. Obviously Microsoft will try to prevent any sort of abuse, but even if Microsoft only hands out signed certificates after some extensive checks to trustworthy companies/organisations, it can't control it from there on any more. Just for clarification: you seem to be endorsing a model in which organizations (linux distros?) pay Microsoft for the right to install non-Microsoft software in PCs. Is that correct? First of all: Apologize for my OT noise. Second: Yes, FLOSS users are willing to pay 99 USD to an organization to use free as in beer software. I can't resist: http://www.youtube.com/watch?v=4IXmHqPWxUw ;D In Germany we already have organizations that take money for not being interested in their films and music, GEZ and GEMA. It takes a lawyer to completely get rid of the GEZ, since they are stalking, once you get out of this mafia and there's no way to get rid of the GEMA. As soon as you buy any empty data media to store your data, your audio and video productions, you need to pay to archive your own work. So Prince and Madonna get money from Germans who never ever would listen to their crap. Free downloads are not what artists make suffering, Prince, Madonna and Metallica are the vampires who get money for the work of CC (Creative Commons) artists. So let's pay M$ for not using M$. A business model that should be supported and perhaps you like to be fucked by http://de.wikipedia.org/wiki/Godwin%E2%80%99s_law too.
Re: [arch-general] Campaign against Secure Boot
Hi, Am 26.06.2012 04:29, schrieb Manolo Martínez: Just for clarification: you seem to be endorsing a model in which organizations (linux distros?) pay Microsoft for the right to install non-Microsoft software in PCs. Is that correct? Yeah, I see that this creeps the shit out of some of you. However can anybody come up with a better model? Again, I can't. And I definitely want to take advantage of Secure boot, so only signed code is run at some point in the future. Maybe for the sake of objectiveness we would be better of when some neutral organization would take care of that, but for the time being I can live with the fact that Microsoft is doing it. I don't expect them to be too unfair here. And I don't think that they will make that much money out of it. Furthermore they probably will have to invest some serious amount of money in order to build a robust infrastructure for this. Just compare the situation with SSL/TLS. Here you also have to invest some money (which can cost up to a couple of thousand USD when dealing with EV certificates) in order to provide your users/customers with basic security. Archlinux sets a good example here. Remember: You can always (by specification) turn off Secure boot, so even small distributions won't be ruled out. As these small distributions are probably used mainly by advanced users anyway, I don't see much trouble here. Personally I can totally live with the solution, which is proposed right now. I'm also willing to donate some money to Arch, when they will have struggle to come up with 100 USD for their certificate, if they choose to get one in the future. Best regards, Karol Babioch signature.asc Description: OpenPGP digital signature
Re: [arch-general] Campaign against Secure Boot
Karol ... don't ever accept the unacceptable because it's shaped as the best proposition ever. Make your own. Microsoft should not ask people to pay anything for a technology they impose, the new economy is about giving what you produce, I guess we'll receive a lot and lower down the quantity of shit productions. How have we done without secure boot until now ? So you fix the hole at the begining of the process, but when does the process really begin ? Did you install some malware yourself ? Ho, god, maybe we should pay microsoft so they disable the ignorants neurones in our brains. Karol please think a bit deeper and longer. Future is beautiful Laurent 2012/6/26 Karol Babioch ka...@babioch.de Hi, Am 26.06.2012 04:29, schrieb Manolo Martínez: Just for clarification: you seem to be endorsing a model in which organizations (linux distros?) pay Microsoft for the right to install non-Microsoft software in PCs. Is that correct? Yeah, I see that this creeps the shit out of some of you. However can anybody come up with a better model? Again, I can't. And I definitely want to take advantage of Secure boot, so only signed code is run at some point in the future. Maybe for the sake of objectiveness we would be better of when some neutral organization would take care of that, but for the time being I can live with the fact that Microsoft is doing it. I don't expect them to be too unfair here. And I don't think that they will make that much money out of it. Furthermore they probably will have to invest some serious amount of money in order to build a robust infrastructure for this. Just compare the situation with SSL/TLS. Here you also have to invest some money (which can cost up to a couple of thousand USD when dealing with EV certificates) in order to provide your users/customers with basic security. Archlinux sets a good example here. Remember: You can always (by specification) turn off Secure boot, so even small distributions won't be ruled out. As these small distributions are probably used mainly by advanced users anyway, I don't see much trouble here. Personally I can totally live with the solution, which is proposed right now. I'm also willing to donate some money to Arch, when they will have struggle to come up with 100 USD for their certificate, if they choose to get one in the future. Best regards, Karol Babioch
Re: [arch-general] Campaign against Secure Boot
And remember one day when the Disable Secure Boot button is not present. Well we have right to not allow that too. 2012/6/26 Lars Madson rwx...@gmail.com Karol ... don't ever accept the unacceptable because it's shaped as the best proposition ever. Make your own. Microsoft should not ask people to pay anything for a technology they impose, the new economy is about giving what you produce, I guess we'll receive a lot and lower down the quantity of shit productions. How have we done without secure boot until now ? So you fix the hole at the begining of the process, but when does the process really begin ? Did you install some malware yourself ? Ho, god, maybe we should pay microsoft so they disable the ignorants neurones in our brains. Karol please think a bit deeper and longer. Future is beautiful Laurent 2012/6/26 Karol Babioch ka...@babioch.de Hi, Am 26.06.2012 04:29, schrieb Manolo Martínez: Just for clarification: you seem to be endorsing a model in which organizations (linux distros?) pay Microsoft for the right to install non-Microsoft software in PCs. Is that correct? Yeah, I see that this creeps the shit out of some of you. However can anybody come up with a better model? Again, I can't. And I definitely want to take advantage of Secure boot, so only signed code is run at some point in the future. Maybe for the sake of objectiveness we would be better of when some neutral organization would take care of that, but for the time being I can live with the fact that Microsoft is doing it. I don't expect them to be too unfair here. And I don't think that they will make that much money out of it. Furthermore they probably will have to invest some serious amount of money in order to build a robust infrastructure for this. Just compare the situation with SSL/TLS. Here you also have to invest some money (which can cost up to a couple of thousand USD when dealing with EV certificates) in order to provide your users/customers with basic security. Archlinux sets a good example here. Remember: You can always (by specification) turn off Secure boot, so even small distributions won't be ruled out. As these small distributions are probably used mainly by advanced users anyway, I don't see much trouble here. Personally I can totally live with the solution, which is proposed right now. I'm also willing to donate some money to Arch, when they will have struggle to come up with 100 USD for their certificate, if they choose to get one in the future. Best regards, Karol Babioch
Re: [arch-general] Campaign against Secure Boot
I understand that given Microsoft's record in the past, some of you are worried, but when looking in the specifications (as Thomas already pointed out) it is quite clear that Microsoft wants to do the right thing here. Personally I couldn't come up with a better way/infrastructure than the one that is going to be implemented. http://www.linuxfoundation.org/sites/main/files/lf_uefi_secure_boot_open_platforms.pdf So basically the relative low price of 100 USD will mean that there might be a lot of organizations with a signed certificate. It would only take a breach into one of those organizations to get your code booted on basically every machine. It is something like the current situation with root CAs in SSL/TLS, but at least from my understanding there is not necessarily a way of revoking certificates. I agree with a lot of what you have said. There is nothing to stop this $100 rising though. The best part is it will likely force Motherboard manufacturers to raise their security game. UEFI is actually originally from Intel I believe but in order to get the Windows 8 badge you need to adhere to Microsofts requirements and so most motherboard/bios manufacturers will probably follow that. There will be better and worse bioses, the question is what can the average user do. I presume some security bioses will hardcode more aspects to mitigate attacks not covered by Microsoft's spec even and not caring about this badge. Really I need to find the time to more than skim through this spec and Intels or others. http://download.microsoft.com/download/A/D/F/ADF5BEDE-C0FB-4CC0-A3E1-B38093F50BA1/windows8-hardware-cert-requirements-system.pdf Which states. MANDATORY. The platform shall ship with an initial, possibly empty, forbidden signature database (EFI_IMAGE_SECURITY_DATABASE1) created with the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_ACCESS attribute. When a signature is added to the forbidden signature database, upon reboot, any image certified with that signature must not be allowed to initialize/execute. So revocation is possible likely even through Windows update. AND a) It shall be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK. !! This may be implemented by simply providing the option to clear all Secure Boot databases (PK, KEK, db, dbx) which will put the system into setup mode. !! I haven't checked this as apparently the spec is like 2000 pages. This link says setup mode spec makes no mention of key installation by users being possible. http://mjg59.dreamwidth.org/13713.html?replyto=521361 The problem is On/OFF is the only requirement but microsofts keys must be recoverable if removed (even though 'database' suggests a multiple key feature is possible). Chances are many will do the least possible to adhere. There are no setup mode requirements as far as I can tell but maybe they are. It will come down to bios vendors but it would be best to have a USER EDITABLE whitelist option (assuming the bios and password uses decent password encryption and write protection) to prevent things like rogue certs such as the recent windows update patch fixed or perhaps if your security policy banned Windows ;-). I have a few questions I'd investigate. I believe Microsoft could use it as a selling or anti competition point i.e. your company can use secure boot but only if you use Windows on this cheap hardware you desire or bought last year. what's more is there is no technical reason for this situation. Can you sign keys as Tom mentioned? I hope so, the word import or signed keys are not in Microsofts document atleast. As you can disable it completely with a password you should be able to install non OEM firmware such as Openbios. Key import via password or even usb key auth would solve all of these issues. I can't believe that has been overlooked without reason or shall we say preference. It may be the disable option was an afterthought must. It's not Microsoft's job to mandate good bios practice but I'd say the right thing includes thinking about all possible users especially when it will cost little more to be a responsible party. Considering Microsoft have stated they will provide security updates to even pirated copies of Windows and yet require online! validation to download the recent key signing security patch. I still don't trust the vendor that started with stolen code. I can't see the requirment for online validation being simply a mistake when I've also found more than one friends machines seriously out of date without security warning until WGA was installed. -- Why not do something good every day and install BOINC.
Re: [arch-general] Campaign against Secure Boot
Having looked again at the fsfs campaign. We, the undersigned, urge all computer makers implementing UEFI's so-called Secure Boot to do it in a way that allows free software operating systems to be installed. To respect user freedom and truly protect user security, manufacturers must either allow computer owners to disable the boot restrictions, or provide a sure-fire way for them to install and run a free software operating system of their choice. We commit that we will neither purchase nor recommend computers that strip users of this critical freedom, and we will actively urge people in our communities to avoid such jailed systems. The latest spec (may 9th) mandates disabling, not sure if it has changed in that respect? IN which case their may be light for the following. I believe Microsoft could use it as a selling or anti competition point i.e. your company can use secure boot but only if you use Windows on this cheap hardware you desire or bought last year. what's more is there is no technical reason for this situation. Can you sign keys as Tom mentioned? I hope so, the word import or signed keys are not in Microsofts document atleast. Ensuring users can add keys and allowing multiboot and reasonably easy usage of livecds without disabling secureboot all together should be the current campaign. -- Why not do something good every day and install BOINC.
Re: [arch-general] Campaign against Secure Boot
Ensuring users can add keys and allowing multiboot and reasonably easy usage of livecds without disabling secureboot all together should be the current campaign. And openbios installation. I wonder if Dell will only allow Dell Windows? -- Why not do something good every day and install BOINC.
Re: [arch-general] Campaign against Secure Boot
On Jun 25, 2012, at 6:24 AM, David C. Rankin wrote: On 06/22/2012 09:09 PM, Manolo Martínez wrote: Is Arch going to sign [this petition](http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement)? I, for one humble user, would like it (us, whatever) to. Manolo Did anyone sign it? I've got problem once submitting, I'm redirected to crm.fsf.org which says that I must be logged in :/ Am I the only one?
Re: [arch-general] Campaign against Secure Boot
2012/6/25 Geoffroy PLANQUART geoff...@planquart.fr On Jun 25, 2012, at 6:24 AM, David C. Rankin wrote: On 06/22/2012 09:09 PM, Manolo Martínez wrote: Is Arch going to sign [this petition]( http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement)? I, for one humble user, would like it (us, whatever) to. Manolo Did anyone sign it? I've got problem once submitting, I'm redirected to crm.fsf.org which says that I must be logged in :/ Am I the only one? It worked for me this morning. -- Frederic Bezies fredbez...@gmail.com
Re: [arch-general] Campaign against Secure Boot
On Mon, Jun 25, 2012 at 12:49 AM, Geoffroy PLANQUART geoff...@planquart.fr wrote: Did anyone sign it? I've got problem once submitting, I'm redirected to crm.fsf.org which says that I must be logged in :/ Am I the only one? You're definitely not the only one, I'm having the same issue. ~Celti
Re: [arch-general] Campaign against Secure Boot
On 06/25/2012 09:58 AM, Patrick Burroughs wrote: On Mon, Jun 25, 2012 at 12:49 AM, Geoffroy PLANQUART geoff...@planquart.fr wrote: Did anyone sign it? I've got problem once submitting, I'm redirected to crm.fsf.org which says that I must be logged in :/ Am I the only one? You're definitely not the only one, I'm having the same issue. ~Celti I confirm same issue here. Are fsf servers maybe running on windows servers?? :-)
Re: [arch-general] Campaign against Secure Boot
Sorry for crossposting and that for some lists it becomes a new thread, but on different lists people reported issues when they tried to sign http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement I used Firefox 13.0.1 Ubuntu Precise x86_64, JavaScript is enabled and cookies are allowed, btw., there's a fsf.org cookie in my list. Tracking isn't allowed, but there anyway are no trackers on fsf.org. Hth, Ralf
Re: [arch-general] Campaign against Secure Boot
Am 23.06.2012 04:09, schrieb Manolo Martínez: Is Arch going to sign [this petition](http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement)? I, for one humble user, would like it (us, whatever) to. Manolo While I won't answer your question, I have this to say: For a non-ARM PC to be certified for Windows 8, the EFI firmware MUST support Setup Mode. As this is a MUST requirement, everyone will fulfill it, as they really do want the Windows 8 logo (if anyone wants to look up the source for this, go ahead, I am too lazy right now). If I understand it right, in Setup Mode, you can either boot any non-signed operating system, or you can import your own keys into the firmware, so that you can sign your own bootloaders. For me, this is enough to not care about Secure Boot. signature.asc Description: OpenPGP digital signature
Re: [arch-general] Campaign against Secure Boot
On Mon, Jun 25, 2012 at 09:49:44AM +0200, Geoffroy PLANQUART wrote: Did anyone sign it? I've got problem once submitting, I'm redirected to crm.fsf.org which says that I must be logged in :/ Reminds me that last time I tried drupal it was utter brokenness. No real surprise this hasn't changed in the meantime. :) cheers! mar77i
Re: [arch-general] Campaign against Secure Boot
Am I the only one? Worked for me a while back but their mail server failed RFC compliance and so the confirmation failed getting through my greylisting. There's a new RFC that's very clear on greylisting apparently so that should hopefully sort itself out. Last time I tried I got the must be logged in problem too. I wouldn't be surprised if they use Cisco crap too!! -- Why not do something good every day and install BOINC.
Re: [arch-general] Campaign against Secure Boot
On Debian user mailing list somebody mentioned that hitting Enter instead of using the Save button did work for him to sign up at fsf.org. IIRC the Save button did work for me this morning.
Re: [arch-general] Campaign against Secure Boot
On Mon, 25 Jun 2012 10:35:16 +0200 Thomas Bächler tho...@archlinux.org wrote: Am 23.06.2012 04:09, schrieb Manolo Martínez: Is Arch going to sign [this petition](http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement)? I, for one humble user, would like it (us, whatever) to. Manolo While I won't answer your question, I have this to say: For a non-ARM PC to be certified for Windows 8, the EFI firmware MUST support Setup Mode. As this is a MUST requirement, everyone will fulfill it, as they really do want the Windows 8 logo (if anyone wants to look up the source for this, go ahead, I am too lazy right now). If I understand it right, in Setup Mode, you can either boot any non-signed operating system, or you can import your own keys into the firmware, so that you can sign your own bootloaders. For me, this is enough to not care about Secure Boot. Right. Or you can buy a key from Microsoft like Fedora is planning to http://lwn.net/Articles/500231/. It's good that people are thinking about this problem, but so far solutions have been quite ugly from a technical standpoint. -- Leonid Isaev GnuPG key: 0x164B5A6D Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D signature.asc Description: PGP signature
Re: [arch-general] Campaign against Secure Boot
On Mon, 2012-06-25 at 10:39 -0500, Leonid Isaev wrote: On Mon, 25 Jun 2012 10:35:16 +0200 Thomas Bächler tho...@archlinux.org wrote: Am 23.06.2012 04:09, schrieb Manolo Martínez: Is Arch going to sign [this petition](http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement)? I, for one humble user, would like it (us, whatever) to. Manolo While I won't answer your question, I have this to say: For a non-ARM PC to be certified for Windows 8, the EFI firmware MUST support Setup Mode. As this is a MUST requirement, everyone will fulfill it, as they really do want the Windows 8 logo (if anyone wants to look up the source for this, go ahead, I am too lazy right now). If I understand it right, in Setup Mode, you can either boot any non-signed operating system, or you can import your own keys into the firmware, so that you can sign your own bootloaders. For me, this is enough to not care about Secure Boot. Right. Or you can buy a key from Microsoft like Fedora is planning to http://lwn.net/Articles/500231/. It's good that people are thinking about this problem, but so far solutions have been quite ugly from a technical standpoint. On a discussion at Debian users mailing list I started with who cares, it doesn't have impact to us free OS users, as long as we don't plan to install Windoof 8 too, but I changed my opinion to let's nuke down Microsoft, the most worse case scenario will happen. This is the pathetic overstated version, but it's near to what many people feel during this discussion. And I'm only speaking for Intel/AMD mobos ;). We already know, that UEFI can't be disabled for every hardware :(.
Re: [arch-general] Campaign against Secure Boot
If I understand it right, in Setup Mode, you can either boot any non-signed operating system, or you can import your own keys into the firmware, so that you can sign your own bootloaders. For me, this is enough to not care about Secure Boot. I didn't know key replacement was a requirement for MS certification. That's better than I thought, however. You can only have one key and so it's a barrier to competition via preventing trying out other OS's on a whim!!. To multiboot you have to pay and spend a lot of time. Having authorisation to disable it completely but not import multiple keys simply doesn't make sense. Once sorted, Next stop. Preventing my hard drives firmware from nullifying my boot security ;-) -- Why not do something good every day and install BOINC.
Re: [arch-general] Campaign against Secure Boot
Am 25.06.2012 18:37, schrieb Kevin Chadwick: If I understand it right, in Setup Mode, you can either boot any non-signed operating system, or you can import your own keys into the firmware, so that you can sign your own bootloaders. For me, this is enough to not care about Secure Boot. I didn't know key replacement was a requirement for MS certification. That's better than I thought, however. You can only have one key and so it's a barrier to competition via preventing trying out other OS's on a whim!!. To multiboot you have to pay and spend a lot of time. Having authorisation to disable it completely but not import multiple keys simply doesn't make sense. I don't think so. I need to verify this, but if I remember right, you can simply sign Microsoft's key so Windows 8 is also trusted by your own key. signature.asc Description: OpenPGP digital signature
Re: [arch-general] Campaign against Secure Boot
On Mon, 2012-06-25 at 19:24 +0200, Thomas Bächler wrote: Am 25.06.2012 18:37, schrieb Kevin Chadwick: If I understand it right, in Setup Mode, you can either boot any non-signed operating system, or you can import your own keys into the firmware, so that you can sign your own bootloaders. For me, this is enough to not care about Secure Boot. I didn't know key replacement was a requirement for MS certification. That's better than I thought, however. You can only have one key and so it's a barrier to competition via preventing trying out other OS's on a whim!!. To multiboot you have to pay and spend a lot of time. Having authorisation to disable it completely but not import multiple keys simply doesn't make sense. I don't think so. I need to verify this, but if I remember right, you can simply sign Microsoft's key so Windows 8 is also trusted by your own key. Pff, I need to build my own kernels, to optimize to my needs and I won't care about a boot-boot-loader or any singing. Ok, I don't have any Windows installed (excepted of XP on Arch on VBox) and I won't install Windoof 8. Try an educated guess! In Europe M$ does violate laws, but M$ simply pays the punishment by pocket money/stamp coffer ... dunno how the idiom is called in English, but I suspect you understand. However, isn't is suspect that the name Microsoft always comes along with UEFI?! I don't have tendencies to believe in conspiracy theories! I simply don't trust this situation any longer. Again, at first I didn't care, now I'm completely against it.
Re: [arch-general] Campaign against Secure Boot
On 06/25/12 at 05:59pm, Ralf Mardorf wrote: We already know, that UEFI can't be disabled for every hardware :(. That's what I thought, too. Also: the point is not just whether there are technical ways around Secure Boot, but whether this will raise the technical entry barrier to FOSS, making it unacceptably cumbersome to many. I hope everyone agrees that this would be bad news. Manolo
Re: [arch-general] Campaign against Secure Boot
On Mon, 2012-06-25 at 13:45 -0400, Manolo Martínez wrote: On 06/25/12 at 05:59pm, Ralf Mardorf wrote: We already know, that UEFI can't be disabled for every hardware :(. That's what I thought, too. Also: the point is not just whether there are technical ways around Secure Boot, but whether this will raise the technical entry barrier to FOSS, making it unacceptably cumbersome to many. I hope everyone agrees that this would be bad news. +1 (for your statement, not for the UEFI crap ;)
Re: [arch-general] Campaign against Secure Boot
On Mon, 2012-06-25 at 19:54 +0200, Ralf Mardorf wrote: On Mon, 2012-06-25 at 13:45 -0400, Manolo Martínez wrote: On 06/25/12 at 05:59pm, Ralf Mardorf wrote: We already know, that UEFI can't be disabled for every hardware :(. That's what I thought, too. Also: the point is not just whether there are technical ways around Secure Boot, but whether this will raise the technical entry barrier to FOSS, making it unacceptably cumbersome to many. I hope everyone agrees that this would be bad news. +1 (for your statement, not for the UEFI crap ;) PS: Some people with much more knowledge than I've got explained why UEFI isn't secure in the way it's supposed to be secure. IMO it might be possible that it's only to get rid of FLOSS OSes. They anyway won't get rid of FLOSS software for Windows ;) neither it's a solution against virulent software. As Mr. Brauner (Brauner Microphones) and Mr. Fey (Studio Mag) ones mentioned: We only like rich people to be able to get knowledge and the abilities to produce music, all the other people are trash only. I thank both and I know why several friend and I aren't friends with Mr. Brauner anymore, Mr. Fey anyway never was a friend of mine or any other one I know. Microsoft is a little bit big bigger than Brauner and the Studio Mag. Those people are the pure evil. I'm happy that Steve Jobs is dead, I don't know him personal, but I suspect him as the same kind (or much more worse) of human, as some evil humans I personal know and Mr. Gates seems to be the same kind of human, I also don't know him personal. Has anybody knowledge about weapon systems ;)?!. I don't have knowledge ;), but AFAIK the company M$ is a global player regarding to war. I might be mistaken. Market economy isn't evil per se, humans make it anti-social. I'm pissed!
Re: [arch-general] Campaign against Secure Boot
On Mon, 2012-06-25 at 20:26 +0200, Arno Gaboury wrote: On 06/25/2012 07:44 PM, Ralf Mardorf wrote: On Mon, 2012-06-25 at 19:24 +0200, Thomas Bächler wrote: Am 25.06.2012 18:37, schrieb Kevin Chadwick: If I understand it right, in Setup Mode, you can either boot any non-signed operating system, or you can import your own keys into the firmware, so that you can sign your own bootloaders. For me, this is enough to not care about Secure Boot. I didn't know key replacement was a requirement for MS certification. That's better than I thought, however. You can only have one key and so it's a barrier to competition via preventing trying out other OS's on a whim!!. To multiboot you have to pay and spend a lot of time. Having authorisation to disable it completely but not import multiple keys simply doesn't make sense. I don't think so. I need to verify this, but if I remember right, you can simply sign Microsoft's key so Windows 8 is also trusted by your own key. Pff, I need to build my own kernels, to optimize to my needs and*I won't care about a boot-boot-loader or any singing.* Ok, I don't have any Windows installed (*excepted of XP on Arch on VBox*) and I won't install Windoof 8. Try an educated guess! In Europe M$ does violate laws, but M$ simply pays the punishment by pocket money/stamp coffer ... dunno how the idiom is called in English, but I suspect you understand. However, isn't is suspect that the name Microsoft always comes along with UEFI?! I don't have tendencies to believe in conspiracy theories! I simply don't trust this situation any longer. Again, at first I didn't care, now I'm completely against it. I am following this thread, and honestly, who needs to dual boot today? I do not see anmore the need of it, as LVM is matured enough to avoid anyway the pain of rebooting to run winoz, no? We all know Apfle and Winoz are not playing the game and try to close everything, no? Just my 2 cents in this vibrant debate. Yep, no issue for me, my mobos will be based on Intel or AMD. Do you use other hardware? Than perhaps you'll be screwed in the near future. Good luck!.
Re: [arch-general] Campaign against Secure Boot
On 06/25/2012 08:31 PM, Ralf Mardorf wrote: On Mon, 2012-06-25 at 20:26 +0200, Arno Gaboury wrote: On 06/25/2012 07:44 PM, Ralf Mardorf wrote: On Mon, 2012-06-25 at 19:24 +0200, Thomas Bächler wrote: Am 25.06.2012 18:37, schrieb Kevin Chadwick: If I understand it right, in Setup Mode, you can either boot any non-signed operating system, or you can import your own keys into the firmware, so that you can sign your own bootloaders. For me, this is enough to not care about Secure Boot. I didn't know key replacement was a requirement for MS certification. That's better than I thought, however. You can only have one key and so it's a barrier to competition via preventing trying out other OS's on a whim!!. To multiboot you have to pay and spend a lot of time. Having authorisation to disable it completely but not import multiple keys simply doesn't make sense. I don't think so. I need to verify this, but if I remember right, you can simply sign Microsoft's key so Windows 8 is also trusted by your own key. Pff, I need to build my own kernels, to optimize to my needs and*I won't care about a boot-boot-loader or any singing.* Ok, I don't have any Windows installed (*excepted of XP on Arch on VBox*) and I won't install Windoof 8. Try an educated guess! In Europe M$ does violate laws, but M$ simply pays the punishment by pocket money/stamp coffer ... dunno how the idiom is called in English, but I suspect you understand. However, isn't is suspect that the name Microsoft always comes along with UEFI?! I don't have tendencies to believe in conspiracy theories! I simply don't trust this situation any longer. Again, at first I didn't care, now I'm completely against it. I am following this thread, and honestly, who needs to dual boot today? I do not see anmore the need of it, as LVM is matured enough to avoid anyway the pain of rebooting to run winoz, no? We all know Apfle and Winoz are not playing the game and try to close everything, no? Just my 2 cents in this vibrant debate. Yep, no issue for me, my mobos will be based on Intel or AMD. Do you use other hardware? Than perhaps you'll be screwed in the near future. Good luck!. Once upon a time, I had a dream OSX would leed to some kind of semi open OS, with lots of dev improvments from the community. PPP, it was long time ago, and was really naive.
Re: [arch-general] Campaign against Secure Boot
On Mon, 2012-06-25 at 20:37 +0200, Arno Gaboury wrote: Once upon a time, I had a dream OSX would leed to some kind of semi open OS, with lots of dev improvments from the community. PPP, it was long time ago, and was really naive. Hahaha, when I searched for a successor for my Atari St, my first guess was Apple. It's not naive, since hardware is important, reliable hardware is important, unfortunately my moneybag ships with some limitations ;). I had the same dream. I won an iPad2 and can't use it, since Vbox + oracle-ext + XP SP2 can't handle it. No jailbreak until now, but I downloaded Absinth a long time ago, I simply wished to test a legal iPad for a while. My iPad2 is unable to get iBooks, so every elCheapo Ebookreader has more abilities than my iPad 2, just because I'm using Linux. It's not a fault of Linux, it's spirit of mischief by companies like M$ and Apfel.
Re: [arch-general] Campaign against Secure Boot
On Mon, 2012-06-25 at 20:59 +0200, Ralf Mardorf wrote: On Mon, 2012-06-25 at 20:37 +0200, Arno Gaboury wrote: Once upon a time, I had a dream OSX would leed to some kind of semi open OS, with lots of dev improvments from the community. PPP, it was long time ago, and was really naive. Hahaha, when I searched for a successor for my Atari St, my first guess was Apple. It's not naive, since hardware is important, reliable hardware is important, unfortunately my moneybag ships with some limitations ;). I had the same dream. I won an iPad2 and can't use it, since Vbox + oracle-ext + XP SP2 can't handle it. No jailbreak until now, but I downloaded Absinth a long time ago, I simply wished to test a legal iPad for a while. My iPad2 is unable to get iBooks, so every elCheapo Ebookreader has more abilities than my iPad 2, just because I'm using Linux. It's not a fault of Linux, it's spirit of mischief by companies like M$ and Apfel. PS: Do you know that there's a Apple community for old Apple OSs, I guess before Apple switched to Intel? Even gifted Apple users don't follow the policy of Apple per se.
Re: [arch-general] Campaign against Secure Boot
On Mon, 2012-06-25 at 21:13 +0200, Ralf Mardorf wrote: On Mon, 2012-06-25 at 20:59 +0200, Ralf Mardorf wrote: On Mon, 2012-06-25 at 20:37 +0200, Arno Gaboury wrote: Once upon a time, I had a dream OSX would leed to some kind of semi open OS, with lots of dev improvments from the community. PPP, it was long time ago, and was really naive. Hahaha, when I searched for a successor for my Atari St, my first guess was Apple. It's not naive, since hardware is important, reliable hardware is important, unfortunately my moneybag ships with some limitations ;). I had the same dream. I won an iPad2 and can't use it, since Vbox + oracle-ext + XP SP2 can't handle it. No jailbreak until now, but I downloaded Absinth a long time ago, I simply wished to test a legal iPad for a while. My iPad2 is unable to get iBooks, so every elCheapo Ebookreader has more abilities than my iPad 2, just because I'm using Linux. It's not a fault of Linux, it's spirit of mischief by companies like M$ and Apfel. PS: Do you know that there's a Apple community for old Apple OSs, I guess before Apple switched to Intel? Even gifted Apple users don't ^ at least (broken English, apologize) follow the policy of Apple per se.
Re: [arch-general] Campaign against Secure Boot
On 25/06/12 21:18, Ralf Mardorf wrote: On Mon, 2012-06-25 at 21:13 +0200, Ralf Mardorf wrote: On Mon, 2012-06-25 at 20:59 +0200, Ralf Mardorf wrote: On Mon, 2012-06-25 at 20:37 +0200, Arno Gaboury wrote: Once upon a time, I had a dream OSX would leed to some kind of semi open OS, with lots of dev improvments from the community. PPP, it was long time ago, and was really naive. Hahaha, when I searched for a successor for my Atari St, my first guess was Apple. It's not naive, since hardware is important, reliable hardware is important, unfortunately my moneybag ships with some limitations ;). I had the same dream. I won an iPad2 and can't use it, since Vbox + oracle-ext + XP SP2 can't handle it. No jailbreak until now, but I downloaded Absinth a long time ago, I simply wished to test a legal iPad for a while. My iPad2 is unable to get iBooks, so every elCheapo Ebookreader has more abilities than my iPad 2, just because I'm using Linux. It's not a fault of Linux, it's spirit of mischief by companies like M$ and Apfel. PS: Do you know that there's a Apple community for old Apple OSs, I guess before Apple switched to Intel? Even gifted Apple users don't ^ at least (broken English, apologize) follow the policy of Apple per se. Could you guys keep it either ontopic and stop ranting about Microsoft or Apple/OSX: a) it doesn't help b) it's a waste of your time, in that time you could have done something usefull like contributing to an opensource project so that there are better alternatives ;) -- Jelle van der Waa signature.asc Description: OpenPGP digital signature
Re: [arch-general] Campaign against Secure Boot
On 06/25/2012 12:44 PM, Jelle van der Waa wrote: On 25/06/12 21:18, Ralf Mardorf wrote: On Mon, 2012-06-25 at 21:13 +0200, Ralf Mardorf wrote: On Mon, 2012-06-25 at 20:59 +0200, Ralf Mardorf wrote: On Mon, 2012-06-25 at 20:37 +0200, Arno Gaboury wrote: Once upon a time, I had a dream OSX would leed to some kind of semi open OS, with lots of dev improvments from the community. PPP, it was long time ago, and was really naive. Hahaha, when I searched for a successor for my Atari St, my first guess was Apple. It's not naive, since hardware is important, reliable hardware is important, unfortunately my moneybag ships with some limitations ;). I had the same dream. I won an iPad2 and can't use it, since Vbox + oracle-ext + XP SP2 can't handle it. No jailbreak until now, but I downloaded Absinth a long time ago, I simply wished to test a legal iPad for a while. My iPad2 is unable to get iBooks, so every elCheapo Ebookreader has more abilities than my iPad 2, just because I'm using Linux. It's not a fault of Linux, it's spirit of mischief by companies like M$ and Apfel. PS: Do you know that there's a Apple community for old Apple OSs, I guess before Apple switched to Intel? Even gifted Apple users don't ^ at least (broken English, apologize) follow the policy of Apple per se. Could you guys keep it either ontopic and stop ranting about Microsoft or Apple/OSX: a) it doesn't help b) it's a waste of your time, in that time you could have done something usefull like contributing to an opensource project so that there are better alternatives ;) I second that one, it is just noise complaining so much about both, especially on an Arch MB
Re: [arch-general] Campaign against Secure Boot
On Mon, 2012-06-25 at 21:44 +0200, Jelle van der Waa wrote: On 25/06/12 21:18, Ralf Mardorf wrote: On Mon, 2012-06-25 at 21:13 +0200, Ralf Mardorf wrote: On Mon, 2012-06-25 at 20:59 +0200, Ralf Mardorf wrote: On Mon, 2012-06-25 at 20:37 +0200, Arno Gaboury wrote: Once upon a time, I had a dream OSX would leed to some kind of semi open OS, with lots of dev improvments from the community. PPP, it was long time ago, and was really naive. Hahaha, when I searched for a successor for my Atari St, my first guess was Apple. It's not naive, since hardware is important, reliable hardware is important, unfortunately my moneybag ships with some limitations ;). I had the same dream. I won an iPad2 and can't use it, since Vbox + oracle-ext + XP SP2 can't handle it. No jailbreak until now, but I downloaded Absinth a long time ago, I simply wished to test a legal iPad for a while. My iPad2 is unable to get iBooks, so every elCheapo Ebookreader has more abilities than my iPad 2, just because I'm using Linux. It's not a fault of Linux, it's spirit of mischief by companies like M$ and Apfel. PS: Do you know that there's a Apple community for old Apple OSs, I guess before Apple switched to Intel? Even gifted Apple users don't ^ at least (broken English, apologize) follow the policy of Apple per se. Could you guys keep it either ontopic and stop ranting about Microsoft or Apple/OSX: a) it doesn't help b) it's a waste of your time, in that time you could have done something usefull like contributing to an opensource project so that there are better alternatives ;) Pardon. We, at least I shouldn't waste the time of other people. No excuse for writing useless stuff, you're right, OTOH is it really time, that could be used for something better? Some people take things more or less serious. We are on a software mailing list ... software is a joke regarding to other simple issues such as http://en.wikipedia.org/wiki/White_power_skinhead You might call it polemic and OT for this list. Ok, you might be right, where is the border? UEFI also is far away from the unconvincable Neo-Nazis ... well everything so far is good, so there's no reason to be polemic and in the end we'll chime in we were not aware about it. Yes, lets be quiet, sorry again, Ralf
Re: [arch-general] Campaign against Secure Boot
On Mon, 2012-06-25 at 22:05 +0200, Ralf Mardorf wrote: On Mon, 2012-06-25 at 21:44 +0200, Jelle van der Waa wrote: On 25/06/12 21:18, Ralf Mardorf wrote: On Mon, 2012-06-25 at 21:13 +0200, Ralf Mardorf wrote: On Mon, 2012-06-25 at 20:59 +0200, Ralf Mardorf wrote: On Mon, 2012-06-25 at 20:37 +0200, Arno Gaboury wrote: Once upon a time, I had a dream OSX would leed to some kind of semi open OS, with lots of dev improvments from the community. PPP, it was long time ago, and was really naive. Hahaha, when I searched for a successor for my Atari St, my first guess was Apple. It's not naive, since hardware is important, reliable hardware is important, unfortunately my moneybag ships with some limitations ;). I had the same dream. I won an iPad2 and can't use it, since Vbox + oracle-ext + XP SP2 can't handle it. No jailbreak until now, but I downloaded Absinth a long time ago, I simply wished to test a legal iPad for a while. My iPad2 is unable to get iBooks, so every elCheapo Ebookreader has more abilities than my iPad 2, just because I'm using Linux. It's not a fault of Linux, it's spirit of mischief by companies like M$ and Apfel. PS: Do you know that there's a Apple community for old Apple OSs, I guess before Apple switched to Intel? Even gifted Apple users don't ^ at least (broken English, apologize) follow the policy of Apple per se. Could you guys keep it either ontopic and stop ranting about Microsoft or Apple/OSX: a) it doesn't help b) it's a waste of your time, in that time you could have done something usefull like contributing to an opensource project so that there are better alternatives ;) Pardon. We, at least I shouldn't waste the time of other people. No excuse for writing useless stuff, you're right, OTOH is it really time, that could be used for something better? Some people take things more or less serious. We are on a software mailing list ... software is a joke regarding to other simple issues such as http://en.wikipedia.org/wiki/White_power_skinhead You might call it polemic and OT for this list. Ok, you might be right, where is the border? UEFI also is far away from the unconvincable Neo-Nazis ... well everything so far is good, so there's no reason to be polemic and in the end we'll chime in we were not aware about it. Yes, lets be quiet, sorry again, Ralf And yes, I'm a German, half of my grandparents would agree with you, the other half was killed in WWII, because they made too much noise. I've a criminal record for absence of the German armed forces. In German we say wehret den Anfängen. Yes, I might be polemic, it might be completely useless, but do we know? UEFI dosen't kill people, so I must be a polemic German idiot. Any hints, when freedom really is attached and when we should talk about it are welcome. Oh, nobody today can get a criminal record for what I've done, the law changed a little bit, because idiots like me where haunted and today everybody has got a choice. Note! Evil companies aren't stupid, they know how far they can go, IOW, they take care that many people guess that criticism could be confused with grotesque paranoia or too much noise on a mailing list. I might be wrong, but you might be wrong too, Ralf
Re: [arch-general] Campaign against Secure Boot
On 06/25/2012 01:51 PM, Ralf Mardorf wrote: On Mon, 2012-06-25 at 22:05 +0200, Ralf Mardorf wrote: On Mon, 2012-06-25 at 21:44 +0200, Jelle van der Waa wrote: On 25/06/12 21:18, Ralf Mardorf wrote: On Mon, 2012-06-25 at 21:13 +0200, Ralf Mardorf wrote: On Mon, 2012-06-25 at 20:59 +0200, Ralf Mardorf wrote: On Mon, 2012-06-25 at 20:37 +0200, Arno Gaboury wrote: Once upon a time, I had a dream OSX would leed to some kind of semi open OS, with lots of dev improvments from the community. PPP, it was long time ago, and was really naive. Hahaha, when I searched for a successor for my Atari St, my first guess was Apple. It's not naive, since hardware is important, reliable hardware is important, unfortunately my moneybag ships with some limitations ;). I had the same dream. I won an iPad2 and can't use it, since Vbox + oracle-ext + XP SP2 can't handle it. No jailbreak until now, but I downloaded Absinth a long time ago, I simply wished to test a legal iPad for a while. My iPad2 is unable to get iBooks, so every elCheapo Ebookreader has more abilities than my iPad 2, just because I'm using Linux. It's not a fault of Linux, it's spirit of mischief by companies like M$ and Apfel. PS: Do you know that there's a Apple community for old Apple OSs, I guess before Apple switched to Intel? Even gifted Apple users don't ^ at least (broken English, apologize) follow the policy of Apple per se. Could you guys keep it either ontopic and stop ranting about Microsoft or Apple/OSX: a) it doesn't help b) it's a waste of your time, in that time you could have done something usefull like contributing to an opensource project so that there are better alternatives ;) Pardon. We, at least I shouldn't waste the time of other people. No excuse for writing useless stuff, you're right, OTOH is it really time, that could be used for something better? Some people take things more or less serious. We are on a software mailing list ... software is a joke regarding to other simple issues such as http://en.wikipedia.org/wiki/White_power_skinhead You might call it polemic and OT for this list. Ok, you might be right, where is the border? UEFI also is far away from the unconvincable Neo-Nazis ... well everything so far is good, so there's no reason to be polemic and in the end we'll chime in we were not aware about it. Yes, lets be quiet, sorry again, Ralf And yes, I'm a German, half of my grandparents would agree with you, the other half was killed in WWII, because they made too much noise. I've a criminal record for absence of the German armed forces. In German we say wehret den Anfängen. Yes, I might be polemic, it might be completely useless, but do we know? UEFI dosen't kill people, so I must be a polemic German idiot. Any hints, when freedom really is attached and when we should talk about it are welcome. Oh, nobody today can get a criminal record for what I've done, the law changed a little bit, because idiots like me where haunted and today everybody has got a choice. Note! Evil companies aren't stupid, they know how far they can go, IOW, they take care that many people guess that criticism could be confused with grotesque paranoia or too much noise on a mailing list. I might be wrong, but you might be wrong too, Ralf WOW!!! I am an America/German Jew myself (1st generation here) and have to say you're blending so many things unrelated with mediocre issues. Secure Boot MS Apple DO NOT equal Hitler killing Jews!!! So why not just stick to Arch Linux topics and how they directly relate to actual issues at hand, or how secure boot would/will effect Arch. Endless rants of evil this is just like evil that, makes you sound as nutty as Hitler was. I honestly do not care if you are right or I am, but these ramblings are moot to the point the OP sent to the list. To me personally you have gone past the point of OT, way way past it. I think everyone who cares about this IS aware of it and if they feel there is truly something to worry about then actually put action to the rambles you post, such as following the link. Please keep Hitler out of these talks, to me it is moronic, not polemic, or you just like stirring the shit pot to see what floats.
Re: [arch-general] Campaign against Secure Boot
Yep, no issue for me, my mobos will be based on Intel or AMD. IMO it's not mainly about you or me, though I'm all for making it easier to use your own keys, heck I can build my own hardware and I expect BIOS choice will be the answer. I ask myself would it have stopped me using Unix. Probably not, putting a smoothwall firewall in is what pulled me in and it was full of unpatched holes when I put it in too and was owned pretty quick (before ipcop came along, switched to that but then landed on OpenBSD after reports from others of their ipcop being owned and many PDFs). Depending how easy it is to control. It may well have stopped me trying out the countless livecds though and I wonder what difference that may have made. Just reduced knowledge or worse? Then I ask, will it make someone less stubborn and determined go back to Windows. I'm guessing it may prevent me letting friends have the choice or a backup OS on their laptops after I fix them. I'm sure UEFI will evolve in the right direction though by hook or by crook. Is it too late to start off without major issue? -- Why not do something good every day and install BOINC.
Re: [arch-general] Campaign against Secure Boot
I am following this thread, and honestly, who needs to dual boot today? Most of my systems are single OS but I have a system with atleast 6 OS's on it and over 10 virtual images on one of them. Granted a couple of the Os's could be cleaned out now, but only a couple. On another system I have a HDD with JAVA for rare access to a KVM. I don't use it for anything else and steer clear of JAVA for day to day. -- Why not do something good every day and install BOINC.
Re: [arch-general] Campaign against Secure Boot
Hi, seems to be a classical case of Godwin's law ;). But back to topic: To be honest I don't understand what all the fuzz is about. From a security point of view it makes totally sense to sign/verify every piece of code that gets executed when booting. Otherwise there will always be some sort of gap in the chain of trust you try to achieve. As there is already malware that puts itself into the MBR and gets executed before any security measures of the operating system (and/or anti virus software) kicks in, it is absolutely understandable that Microsoft tries to close this hole. By the way: This is also the case for Linux (and for that matter any other OS). Probably the only reason why we (running anything other than Windows and/or OS X) don't care about, is that we are not affected by it in this large scale. So, in general, we should appreciate technologies, which basically enable us (for the first time on PCs) to be certain that only code is executed, which we put there in the first place. I understand that given Microsoft's record in the past, some of you are worried, but when looking in the specifications (as Thomas already pointed out) it is quite clear that Microsoft wants to do the right thing here. Personally I couldn't come up with a better way/infrastructure than the one that is going to be implemented. I have only the following criticism: Given the relatively low cost of getting a signed certificate from Microsoft (to my knowledge it will cost about 100 USD), it might fail to achieve what it is proposed to. Obviously Microsoft will try to prevent any sort of abuse, but even if Microsoft only hands out signed certificates after some extensive checks to trustworthy companies/organisations, it can't control it from there on any more. So basically the relative low price of 100 USD will mean that there might be a lot of organizations with a signed certificate. It would only take a breach into one of those organizations to get your code booted on basically every machine. It is something like the current situation with root CAs in SSL/TLS, but at least from my understanding there is not necessarily a way of revoking certificates. Another minor point of criticism from me would be the chosen name. Maybe some none technical people will hesitate to disable something called Secure boot, while they would disable something called Signed boot without putting much thought into it. But probably only time will tell how this turns out. Another interesting question that to my knowledge wasn't yet answered: Is the planned scenario from Red hat even possible with Grub2? As it is published under GPLv3 it might not be the case, because GPLv3 might prevent any secrets in form of private keys. This would basically mean that the proposed scenario is quite useless. Has anyone any insights on that? Best regards, Karol Babioch signature.asc Description: OpenPGP digital signature
Re: [arch-general] Campaign against Secure Boot
On Tue, 2012-06-26 at 00:55 +0200, Karol Babioch wrote: Hi, seems to be a classical case of Godwin's law ;). I've got no time to read your mail now, I'll do it later, but regarding to the first sentences, Godwin's law is another issue. When talking about different opinions there often is a confusion with fascism. But the discussion is about freedom in FLOSS, a real discussion where fascism might or might nor be involved. Btw. Mr. Goldwin http://upload.wikimedia.org/wikipedia/commons/thumb/8/8d/Mike_Godwin_at_Wikimedia_2010.jpg/220px-Mike_Godwin_at_Wikimedia_2010.jpg is not that smart as some people guess that he is, since a rule already pretentious implemented a thingy. Does Mr. Goldwin stand above others? IMO he's just a smartass. His statement suffers from pretensions. A gobshite is unimpeachably, hence he doesn't have any opinion. To jump on bandwagons is easy. I might be mistaken regarding to my opinion or any other person might be mistaken to her/his opinion, but Godwin's law is just contemptuous, it's absolutely incorrect. Using such a unreflected law is a paradox, since it's the most evil fascism in itself, because it's a stupid generalisation.
Re: [arch-general] Campaign against Secure Boot
On Tue, 2012-06-26 at 01:29 +0200, Ralf Mardorf wrote: On Tue, 2012-06-26 at 00:55 +0200, Karol Babioch wrote: Hi, seems to be a classical case of Godwin's law ;). I've got no time to read your mail now, I'll do it later, but regarding to the first sentences, Godwin's law is another issue. When talking about different opinions there often is a confusion with fascism. But the discussion is about freedom in FLOSS, a real discussion where fascism might or might nor be involved. Btw. Mr. Goldwin http://upload.wikimedia.org/wikipedia/commons/thumb/8/8d/Mike_Godwin_at_Wikimedia_2010.jpg/220px-Mike_Godwin_at_Wikimedia_2010.jpg is not that smart as some people guess that he is, since a rule already pretentious implemented a thingy. Does Mr. Goldwin stand above others? IMO he's just a smartass. His statement suffers from pretensions. A gobshite is unimpeachably, hence he doesn't have any opinion. To jump on bandwagons is easy. I might be mistaken regarding to my opinion or any other person might be mistaken to her/his opinion, but Godwin's law is just contemptuous, it's absolutely incorrect. Using such a unreflected law is a paradox, since it's the most evil fascism in itself, because it's a stupid generalisation. In German I'm eloquent, my English is terrible broken. Godwin simply is an asshole. It's easy to pronounce sentence of death, but living a secure stiffs live without risking anything for humanity. People can mistaken, but it's important that they risk something. Godwin just is a somebody else wearing designer glasses, just talking ... at least he seems to be, I don't know him personal.
Re: [arch-general] Campaign against Secure Boot
On Tue, 2012-06-26 at 01:43 +0200, Ralf Mardorf wrote: On Tue, 2012-06-26 at 01:29 +0200, Ralf Mardorf wrote: On Tue, 2012-06-26 at 00:55 +0200, Karol Babioch wrote: Hi, seems to be a classical case of Godwin's law ;). I've got no time to read your mail now, I'll do it later, but regarding to the first sentences, Godwin's law is another issue. When talking about different opinions there often is a confusion with fascism. But the discussion is about freedom in FLOSS, a real discussion where fascism might or might nor be involved. Btw. Mr. Goldwin http://upload.wikimedia.org/wikipedia/commons/thumb/8/8d/Mike_Godwin_at_Wikimedia_2010.jpg/220px-Mike_Godwin_at_Wikimedia_2010.jpg is not that smart as some people guess that he is, since a rule already pretentious implemented a thingy. Does Mr. Goldwin stand above others? IMO he's just a smartass. His statement suffers from pretensions. A gobshite is unimpeachably, hence he doesn't have any opinion. To jump on bandwagons is easy. I might be mistaken regarding to my opinion or any other person might be mistaken to her/his opinion, but Godwin's law is just contemptuous, it's absolutely incorrect. Using such a unreflected law is a paradox, since it's the most evil fascism in itself, because it's a stupid generalisation. In German I'm eloquent, my English is terrible broken. Godwin simply is an asshole. It's easy to pronounce sentence of death, but living a secure stiffs live without risking anything for humanity. People can mistaken, but it's important that they risk something. Godwin just is a somebody else wearing designer glasses, just talking ... at least he seems to be, I don't know him personal. PPS: I'm still the idiot, however, for some hardware UEFI can't be disabled. I never mentioned Hitler. Again, good luck, I'm still using Intel and/or AMD boards, where it should be possible to disable UEFI. Should I be quiet, just because there aren't issues for me? I'm only installing Linux distros, no Windows 8. Simple, later I read all mails and if needed I'll excuse, if I should notice that I was mistaken. M$ never ever will excuse, but being quiet as Microsoft is, seems to be the more accepted way, even on Linux mailing lists? Pleas can anybody quote something where Mr. Godwin has risk his own ass?!
Re: [arch-general] Campaign against Secure Boot
On 06/26/12 at 12:55am, Karol Babioch wrote: I have only the following criticism: Given the relatively low cost of getting a signed certificate from Microsoft (to my knowledge it will cost about 100 USD), it might fail to achieve what it is proposed to. Obviously Microsoft will try to prevent any sort of abuse, but even if Microsoft only hands out signed certificates after some extensive checks to trustworthy companies/organisations, it can't control it from there on any more. Just for clarification: you seem to be endorsing a model in which organizations (linux distros?) pay Microsoft for the right to install non-Microsoft software in PCs. Is that correct? Manolo
Re: [arch-general] Campaign against Secure Boot
On 06/22/2012 09:09 PM, Manolo Martínez wrote: Is Arch going to sign [this petition](http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement)? I, for one humble user, would like it (us, whatever) to. Manolo Sometimes the political side of open-source is just as important to its continued success as the technical/development side of the house. I have never seen a FSF position taken that should not be fully supported by every Linux distro on the planet. From that standpoint, the Arch signature on the movement will add weight and legitimacy to the cause and may help further the goal of limiting, if not killing, secure boot requirements from motherboard companies. It is one of those simple meaningless movements on first blush -- that just might end up being one of the most important for the continue booting of open-source OSs on new hardward. Decision Maker Archers -- It's worth doing. -- David C. Rankin, J.D.,P.E.
