Re: *countable infinities only
(I'm posting in this thread rather than starting a new one in order to respect people who've spam-canned it) It is being widely reported that Canonical's be signing the kernel, they won't be requiring signed drivers, and won't be restricting runtime functionality while securebooted. What is being claimed is that the only thing they'll be restricting is the bootloader and they're going to write a new bootloader for this in order to avoid signing code written by third parties. This seems a bit incongruent with many of the claims made here about the degree of participation with cryptographic lockdown required and the importance of it. I feel like the entire discussion has been a bit unfair where people were repeatedly challenged to offer alternatives when things claimed to be impossible based on NDAed discussions are, apparently, actually possible and the remaining weak alternatives were discarded as not being usable enough. [1] http://www.h-online.com/open/news/item/Canonical-details-Ubuntu-UEFI-Secure-Boot-plans-162.html -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/25/2012 11:25 AM, Gregory Maxwell wrote: This seems a bit incongruent with many of the claims made here about the degree of participation with cryptographic lockdown required and the importance of it. I think we've made it fairly clear that we don't believe their interpretation is correct. This shouldn't surprise anybody. I feel like the entire discussion has been a bit unfair where people were repeatedly challenged to offer alternatives when things claimed to be impossible based on NDAed discussions are, apparently, actually possible and the remaining weak alternatives were discarded as not being usable enough. I feel like this is quite patronizing. We've stated time and again that we don't believe the scenario you're preaching has any real /viability/, and so we've chosen not to propose it. There's no secret here - it's possible to do, but we don't think it'd last very long before our keys are blacklisted and we're back to a state where Fedora isn't bootable by default on new hardware. This is still completely congruous with what we've been saying all along. -- Peter -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 25, 2012 at 1:56 PM, Peter Jones pjo...@redhat.com wrote: I feel like this is quite patronizing. We've stated time and again that we don't believe the scenario you're preaching has any real /viability/, and Sounds like you're not arguing with me, you're arguing with Canonical. I didn't propose this, the only stuff I proposed fit within the invariants you set out: That the rules of the game required you to restrict the system thusly if Fedora was to boot at all. I was under the impression that you couldn't get a key like that signed in the first place. But what do I know, it seems like the experts at canonical don't agree and are going to try several other routes concurrently. Canonical seems to be giving this a higher level of organizational attention[1], vs pure decision making by the engineering guys deep in the trenches. Obviously this has system implications far beyond a bit of bootloader code. And as a result it appears that they have a plan which will make a better stand for software freedom while simultaneously satisfying the PR interest of not capitulating to Microsoft, for whatever value that has. so we've chosen not to propose it. There's no secret here - it's possible to do, but we don't think it'd last very long before our keys are I'm looking for a message where anyone said we could do this, but we expect our keys would eventually be blacklisted can you help me out? I think I'd have said well, you should do that then, put the ball in Microsoft's court ::shrugs:: [1] http://blog.canonical.com/2012/06/22/an-update-on-ubuntu-and-secure-boot/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 25, 2012 at 02:10:10PM -0400, Gregory Maxwell wrote: I was under the impression that you couldn't get a key like that signed in the first place. But what do I know, it seems like the experts at canonical don't agree and are going to try several other routes concurrently. We never said it would be impossible to get a key. It's just msasively unlikely that such a key will be useful for any length of time, and so it's not something that solves any of the problems we're interested in solving. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 25 Jun 2012, Gregory Maxwell gmaxw...@gmail.com wrote: (I'm posting in this thread rather than starting a new one in order to respect people who've spam-canned it) It is being widely reported that Canonical's be signing the kernel, they won't be requiring signed drivers, and won't be restricting runtime functionality while securebooted. What is being claimed is that the only thing they'll be restricting is the bootloader and they're going to write a new bootloader for this in order to avoid signing code written by third parties. This seems a bit incongruent with many of the claims made here about the degree of participation with cryptographic lockdown required and the importance of it. I feel like the entire discussion has been a bit unfair where people were repeatedly challenged to offer alternatives when things claimed to be impossible based on NDAed discussions are, apparently, actually possible and the remaining weak alternatives were discarded as not being usable enough. The main error of the Surrender before Engagement Argument is: 1. to implicitly assume that the issue is smaller than it is The situation is quite different: If we do not here and now stand and fight, likely we will shortly lose the right to own a computer. The issue is so large that it is absurd to allow a small group of engineers from Fedora to engage in secret negotiations with the Englobulators about the issue. The small team is not empowered by me, nor by millions of others, to give away our present practical power to install Fedora on a new x86 home computer by putting in a CD, and setting some values in some configuration files. As of today Red Hat has formally agreed that Microsoft should be given an absolute veto power over ease of installation of a free OS on almost all x86 home computer sold, starting within six months. oo--JS. [1] http://www.h-online.com/open/news/item/Canonical-details-Ubuntu-UEFI-Secure-Boot-plans-162.html -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Jay Sulzberger (j...@panix.com) said: The issue is so large that it is absurd to allow a small group of engineers from Fedora to engage in secret negotiations with the Englobulators about the issue. The small team is not empowered by me, nor by millions of others, to give away our present practical power to install Fedora on a new x86 home computer by putting in a CD, and setting some values in some configuration files. 1. Invalid assumption about 'small group of engineers from Fedora' as if they were working alone in a vacuum. But hey, whatever allows you to belittle people... 2. You are simultaneously ascribing to Fedora the power to move the industry despite anything you do, while claiming that they aren't empowered by you to do so. Given that, why not concentrate your considerable mailbox filling activities towards whomever has allowed Fedora the power to move the industry, or whomever you would *like* to empower to represent you? This is a development list, after all, not a ranting list. Bill -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Jun 25, 2012, at 9:25 AM, Gregory Maxwell wrote: It is being widely reported that Canonical's be signing the kernel, they won't be requiring signed drivers, and won't be restricting runtime functionality while securebooted. What is being claimed is that the only thing they'll be restricting is the bootloader and they're going to write a new bootloader for this in order to avoid signing code written by third parties. I'm reading they're going to use a modified Intel efilinux, not writing a new boot loader. And that they will not require either signed kernel or kernel modules. This seems a bit incongruent with many of the claims made here about the degree of participation with cryptographic lockdown required and the importance of it. Yes it does, because the Canonical approach effectively turns UEFI Secure Boot into UEFI Secure Pre-Boot. It is such a minimalist implementation that it's rendered meaningless when a signed pre-boot environment hands off control to an unsigned kernel, the veracity of which cannot be confirmed. The kernel itself could be malware. So what's the point of Secure Pre-Boot? I feel like the entire discussion has been a bit unfair where people were repeatedly challenged to offer alternatives when things claimed to be impossible based on NDAed discussions are, apparently, actually possible and the remaining weak alternatives were discarded as not being usable enough. I think for at least 9 months now the idea of a strictly pre-boot implementation of Secure Boot is possible, but meaningless to the point of WTF, why bother? with the effort required. It's like building a bridge that's 80% complete, and therefore 100% useless. Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Jun 25, 2012, at 12:22 PM, Jay Sulzberger wrote: The main error of the Surrender before Engagement Argument is: 1. to implicitly assume that the issue is smaller than it is The situation is quite different: If we do not here and now stand and fight, likely we will shortly lose the right to own a computer. The issue is so large that it is absurd to allow a small group of engineers from Fedora to engage in secret negotiations with the Englobulators about the issue. The small team is not empowered by me, nor by millions of others, to give away our present practical power to install Fedora on a new x86 home computer by putting in a CD, and setting some values in some configuration files. As of today Red Hat has formally agreed that Microsoft should be given an absolute veto power over ease of installation of a free OS on almost all x86 home computer sold, starting within six months. Lacking both reason and logic, this line of argument is ad hominem. My diplomatic response is that you're suffering from psychosis, as in, divorced from reality. Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 25, 2012 at 2:37 PM, Chris Murphy li...@colorremedies.com wrote: I'm reading they're going to use a modified Intel efilinux, not writing a new boot loader. And that they will not require either signed kernel or kernel modules. Thats my understanding. So what's the point of Secure Pre-Boot? Making Ubuntu work on the hardware people have. Which is the justification given here why Fedora needed to adopt crytographic signing of the kernel/drivers/etc. I think this all would have been a much simpler matter if it wasn't being described as essential for keeping Fedora operable on the computers of the common folk. Of course, users who want more aggressive secureboot would be free to replace the keys in their system with ones which only sign bootloaders which are more thoroughly locked down… but I don't see evidence of the demand. (can you point to some?) I think for at least 9 months now the idea of a strictly pre-boot implementation of Secure Boot is possible, but meaningless to the point of WTF, why bother? with the effort required. It's like building a bridge that's 80% complete, and therefore 100% useless. And the kernel hands off control to a init/systemd which is unsigned— which can be rooted and exploit a vulnerable kernel to prevent updates. It's like building a bridge that is _10%_ complete, and therefore 100% useless. :) … the amount of critical userspace code that runs before updates can be processed is enormous and the kernel and bootloader is just a tiny fraction of that. Why not build the 100% bridge that actually provides a remotely secured platform? Because it's incompatible with software freedom. Central control is Microsoft's strength, not Fedora's. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 2012-06-25 at 14:10 -0400, Gregory Maxwell wrote: On Mon, Jun 25, 2012 at 1:56 PM, Peter Jones pjo...@redhat.com wrote: I feel like this is quite patronizing. We've stated time and again that we don't believe the scenario you're preaching has any real /viability/, and Sounds like you're not arguing with me, you're arguing with Canonical. That's disingenuous. You were the one that brought it up here, it's entirely fair to respond to you. I didn't propose this, the only stuff I proposed fit within the invariants you set out: That the rules of the game required you to restrict the system thusly if Fedora was to boot at all. The constraint is not to boot at all, it's to boot without needing to reconfigure SB. And as a result it appears that they have a plan which will make a better stand for software freedom while simultaneously satisfying the PR interest of not capitulating to Microsoft, for whatever value that has. Calculon: And you say you can guarantee me an Oscar? Bender: I can guarantee you anything you want! so we've chosen not to propose it. There's no secret here - it's possible to do, but we don't think it'd last very long before our keys are I'm looking for a message where anyone said we could do this, but we expect our keys would eventually be blacklisted can you help me out? I really feel you're being intentionally dense. Revocation of the ability to execute known malware vectors is the entire point of the Secure Boot exercise. If the signing authority wasn't willing to issue revocations, they'd be failing at their own stated goal. - ajax signature.asc Description: This is a digitally signed message part -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Jun 25, 2012, at 12:48 PM, Gregory Maxwell wrote: So what's the point of Secure Pre-Boot? Making Ubuntu work on the hardware people have. Which is the justification given here why Fedora needed to adopt crytographic signing of the kernel/drivers/etc. That does not answer the question. Ubuntu would work on Secure Boot hardware if they recommended users disable Secure Boot. So why not recommend that, and not support Secure Boot at all? Again, what is the point of Secure Pre-Boot? And the kernel hands off control to a init/systemd which is unsigned— which can be rooted and exploit a vulnerable kernel to prevent updates. It's like building a bridge that is _10%_ complete, and therefore 100% useless. :) So you have located a vulnerability in SELinux or systemd? And you have an exploit example? The expectation is that even Secure Boot will be broken, but will be fixed. You seem to be using the logic that because something has vulnerability potential, it should not be used. This is absurd. The way it works is we do our best, and fill the holes as needed. There is necessarily a transition from signed binaries, to containment unless the entire OS, programs, apps are going to be signed, so I don't think it's a remarkable hypothetical that there may one day be a vulnerability in systemd found. But that is not a reason to say, OK Secure Boot is totally pointless. It gets used for what it can be used for, then transition to something else. And if you have something more than a hypothetical vulnerability today in SELinux or systemd, presumably you've filed a bug. Why not build the 100% bridge that actually provides a remotely secured platform? Because it's incompatible with software freedom. Central control is Microsoft's strength, not Fedora's. I observe that this sequence is extremely low signal to noise, poor rationale, and high on derangement. Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 25, 2012 at 3:28 PM, Chris Murphy li...@colorremedies.com wrote: That does not answer the question. Ubuntu would work on Secure Boot hardware if they recommended users disable Secure Boot. So why not recommend that, and not support Secure Boot at all? I advocated that. It was argued here that this would be an enormous barrier to usability because common users couldn't figure out how to do that, doubly so because there would be no consistency in the fancy GUI UEFI interfaces, and asking people to disable security is likely to scare them even if we could manage good instructions. It was also pointed out that some hardware in the future may not allow it. So you have located a vulnerability in SELinux or systemd? And you have an exploit example? Absent those vulnerabilities you don't need secureboot at all. Just use SElinux to prevent the userspace from changing the boot enviroment. The signing only helps if the discretionary access control is already compromised— it helps you get the horse back in the barn, but only if enough of the system is protected by it. In Fedora the kernel+bootloader isn't enough. It's a strict subset it helps with. ... I expect this is part of the reason that we've seen no one requesting this functionality. Can you point me to a bugzilla entry or even a mailing list post on a compromise this actually would have blocked, preferably one that couldn't have been closed without complicating replacing the kernel. I observe that this sequence is extremely low signal to noise, poor rationale, and high on derangement. Derangement. Hm. Could you actually _feel_ the excellence flowing through your fingertips as you typed out this message? -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 25 Jun 2012, Chris Murphy li...@colorremedies.com wrote: On Jun 25, 2012, at 12:48 PM, Gregory Maxwell wrote: So what's the point of Secure Pre-Boot? Making Ubuntu work on the hardware people have. Which is the justification given here why Fedora needed to adopt crytographic signing of the kernel/drivers/etc. That does not answer the question. Ubuntu would work on Secure Boot hardware if they recommended users disable Secure Boot. So why not recommend that, and not support Secure Boot at all? Again, what is the point of Secure Pre-Boot? And the kernel hands off control to a init/systemd which is unsigned??? which can be rooted and exploit a vulnerable kernel to prevent updates. It's like building a bridge that is _10%_ complete, and therefore 100% useless. :) So you have located a vulnerability in SELinux or systemd? And you have an exploit example? The expectation is that even Secure Boot will be broken, but will be fixed. You seem to be using the logic that because something has vulnerability potential, it should not be used. This is absurd. The way it works is we do our best, and fill the holes as needed. There is necessarily a transition from signed binaries, to containment unless the entire OS, programs, apps are going to be signed, so I don't think it's a remarkable hypothetical that there may one day be a vulnerability in systemd found. But that is not a reason to say, OK Secure Boot is totally pointless. It gets used for what it can be used for, then transition to something else. And if you have something more than a hypothetical vulnerability today in SELinux or systemd, presumably you've filed a bug. Why not build the 100% bridge that actually provides a remotely secured platform? Because it's incompatible with software freedom. Central control is Microsoft's strength, not Fedora's. I observe that this sequence is extremely low signal to noise, poor rationale, and high on derangement. Chris Murphy Your use of the phrase Secure Boot is incorrect, and is, I think, the source of much confusion. Having a computer that only boots a Microsoft OS is not a case of Secure Boot. Having a computer which you have installed Fedora on, and which Microsoft can remotely disable, is not a case of Secure Boot. oo--JS -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 25, 2012 at 2:48 PM, Gregory Maxwell gmaxw...@gmail.com wrote: On Mon, Jun 25, 2012 at 2:37 PM, Chris Murphy li...@colorremedies.com wrote: I'm reading they're going to use a modified Intel efilinux, not writing a new boot loader. And that they will not require either signed kernel or kernel modules. Thats my understanding. So what's the point of Secure Pre-Boot? Making Ubuntu work on the hardware people have. Which is the justification given here why Fedora needed to adopt crytographic signing of the kernel/drivers/etc. I think this all would have been a much simpler matter if it wasn't being described as essential for keeping Fedora operable on the computers of the common folk. Of course, users who want more aggressive secureboot would be free to replace the keys in their system with ones which only sign bootloaders which are more thoroughly locked down… but I don't see evidence of the demand. (can you point to some?) It would appear that right now, it's a matter of a political necessity, unforeseen by the general population, though vaguely bugging the free software development community. I would agree there's not much demonstrated demand, but if we wait til the worst apprehensions come true, we will be at a disadvantage. The general population does not experience the problem that free software developers can more readily anticipate. I think for at least 9 months now the idea of a strictly pre-boot implementation of Secure Boot is possible, but meaningless to the point of WTF, why bother? with the effort required. It's like building a bridge that's 80% complete, and therefore 100% useless. And the kernel hands off control to a init/systemd which is unsigned— which can be rooted and exploit a vulnerable kernel to prevent updates. It's like building a bridge that is _10%_ complete, and therefore 100% useless. :) … the amount of critical userspace code that runs before updates can be processed is enormous and the kernel and bootloader is just a tiny fraction of that. Why not build the 100% bridge that actually provides a remotely secured platform? Because it's incompatible with software freedom. I don't see this. If you choose an authority and can put their keys into your own box, then you're good until that authority is compromised. This, if I am tracking this correctly, is the infrastructure part of the solution. You just have to get out in front with the trusted authority. I would think that if FSF provided keys, that would be pretty trustworthy, though for the following reason I actually don't think they should be out front with this part, because they would clearly be targetted, and we wouldn't want that to happen until there was a developed market in trust authorities. It would not, of course, assure that all content and code could be processed freely, but it would create the context in which we could demonstrate that the authorities that provide palladiated content and code are restricting people's capacity to compute. Keep up providing authorities that assure software freedom -- do the whack a mole bit if necessary -- and that context will be the context that demonstrates to the people at large that there are people out there that have truly fully-functional computers and they want to have that too. This is not inconsistent with software freedom. You're going to have a root key. If it's your own, you can't do much unless you buy into the englobulators' signing regime; if you want to do more, you have to create some sort of collaborative context that uses a common trusted key. We might have lots of little groups like that, but they will not be able to stand up against the political norms we can easily anticipate being established if we do not come to terms with how to make software freedom viable while using Secure Boot our own selves. So to me that clearly indicates a *political* need for developers who want to keep their freedom, to get out in front and *create* a market in trusted authorities. If your idea of software freedom is decentralized in some sort of resolutely individualistic way, you'll be locked out by the larger forces. That's why it's necessary to get out in front ad establish the infrastructure, and get people offering lots of trust authorities, start trying to conceptualize that market and how and whether it would be competitive. This is the way I see the situation; I feel that I step a bit beyond my expertise or comprehension as I describe it, so somebody please tell me if my conception misses anything. I defer to Jay usually for this very reason. So have at it: let me know what you see when you see me explain this piece of the puzzle. :-) Seth Central control is Microsoft's strength, not Fedora's. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel -- devel mailing list devel@lists.fedoraproject.org
Re: *countable infinities only
On Mon, 25 Jun 2012, Seth Johnson seth.p.john...@gmail.com wrote: On Mon, Jun 25, 2012 at 2:48 PM, Gregory Maxwell gmaxw...@gmail.com wrote: On Mon, Jun 25, 2012 at 2:37 PM, Chris Murphy li...@colorremedies.com wrote: I'm reading they're going to use a modified Intel efilinux, not writing a new boot loader. And that they will not require either signed kernel or kernel modules. Thats my understanding. So what's the point of Secure Pre-Boot? Making Ubuntu work on the hardware people have. Which is the justification given here why Fedora needed to adopt crytographic signing of the kernel/drivers/etc. I think this all would have been a much simpler matter if it wasn't being described as essential for keeping Fedora operable on the computers of the common folk. Of course, users who want more aggressive secureboot would be free to replace the keys in their system with ones which only sign bootloaders which are more thoroughly locked down??? ??but I don't see evidence of the demand. (can you point to some?) It would appear that right now, it's a matter of a political necessity, unforeseen by the general population, though vaguely bugging the free software development community. I would agree there's not much demonstrated demand, but if we wait til the worst apprehensions come true, we will be at a disadvantage. The general population does not experience the problem that free software developers can more readily anticipate. I think for at least 9 months now the idea of a strictly pre-boot implementation of Secure Boot is possible, but meaningless to the point of WTF, why bother? with the effort required. It's like building a bridge that's 80% complete, and therefore 100% useless. And the kernel hands off control to a init/systemd which is unsigned??? which can be rooted and exploit a vulnerable kernel to prevent updates. ??It's like building a bridge that is _10%_ complete, and therefore 100% useless. :) ??? the amount of critical userspace code that runs before updates can be processed is enormous and the kernel and bootloader is just a tiny fraction of that. ??Why not build the 100% bridge that actually provides a remotely secured platform? Because it's incompatible with software freedom. I don't see this. If you choose an authority and can put their keys into your own box, then you're good until that authority is compromised. This, if I am tracking this correctly, is the infrastructure part of the solution. You just have to get out in front with the trusted authority. I would think that if FSF provided keys, that would be pretty trustworthy, though for the following reason I actually don't think they should be out front with this part, because they would clearly be targetted, and we wouldn't want that to happen until there was a developed market in trust authorities. It would not, of course, assure that all content and code could be processed freely, but it would create the context in which we could demonstrate that the authorities that provide palladiated content and code are restricting people's capacity to compute. Keep up providing authorities that assure software freedom -- do the whack a mole bit if necessary -- and that context will be the context that demonstrates to the people at large that there are people out there that have truly fully-functional computers and they want to have that too. This is not inconsistent with software freedom. You're going to have a root key. If it's your own, you can't do much unless you buy into the englobulators' signing regime; if you want to do more, you have to create some sort of collaborative context that uses a common trusted key. We might have lots of little groups like that, but they will not be able to stand up against the political norms we can easily anticipate being established if we do not come to terms with how to make software freedom viable while using Secure Boot our own selves. So to me that clearly indicates a *political* need for developers who want to keep their freedom, to get out in front and *create* a market in trusted authorities. If your idea of software freedom is decentralized in some sort of resolutely individualistic way, you'll be locked out by the larger forces. That's why it's necessary to get out in front ad establish the infrastructure, and get people offering lots of trust authorities, start trying to conceptualize that market and how and whether it would be competitive. This is the way I see the situation; I feel that I step a bit beyond my expertise or comprehension as I describe it, so somebody please tell me if my conception misses anything. I defer to Jay usually for this very reason. So have at it: let me know what you see when you see me explain this piece of the puzzle. :-) Seth I will not address directly any particular point in this branch of the thread, but I have some questions about what sort of capabilities the UEFI will have in machines sold later this
Re: *countable infinities only
On Mon, Jun 25, 2012 at 09:14:54PM -0400, Jay Sulzberger wrote: These questions are asked so that I may better lay out some actual security considerations in a later post. http://www.uefi.org/specs/download/UEFI_2_3_1_Errata_B.pdf sections 27.6, 27.7 and 27.8, along with 7.2 for an overview of authenticated variables. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/25/2012 09:14 PM, Jay Sulzberger wrote: [...] I have some questions about what sort of capabilities the UEFI will have in machines sold later this year: 1. What is the mechanism for remote revocation of signing keys? There's 2 mechanisms here. The first is a key list called DBX. This is just a list of public keys that's checked before DB (the allowed key list). Any key on DBX isn't allowed to boot up. The second mechanism is a facility for signed updates. Basically, you can do a SetVariable() call to append to DBX, and the call parameters must be signed by the KEK. If the appended data isn't signed, or is signed by a key other than the KEK, you get an error code. There's actually a third mechanism, of course, which is that the firmware can add keys, so if you apply a firmware update (which also undergo cryptographic verification), the firmware could add a key on the next reboot. 2. In particular, will the UEFI be able to revoke, at the command of Hardware Key Central, signing keys without a standard (style of) kernel being booted? That is, can the UEFI receive commands over the Net using its own network capabilities? There's no mechanism for automatic network updates or anything like that in the standard, though a UEFI binary run from the firmware could apply an update if it's signed by the KEK. 3. If booting a standard style of kernel is required to revoke, at the command of Hardware Key Central, signing keys, then the standard kernel must be capable of receiving and interpreting such commands, Well, the kernel wouldn't really be the responsible code here. Most likely we'll make that a package update and use rpm %post scripts to apply changes. and also be capable of modifying the memory of the UEFI hardware. No, we don't have this ability. The spec defines this in some general terms, but on x86, here's the basic mechanism. From userland, we set a UEFI variable, using a mechanism such as the existing efivars facility. It has flags set to append to the DBX variable, and also a flag that says it's an authenticated variable. It also includes the signed data. The kernel then calls UEFI's runtime services function SetVariable(), at which point in time firmware code is running again. This code calls the into SMM mode, which is a special processor mode that's always been available on x86, and has been used in the past for many things. At this point the processor signals to the chipset that you're in SMM mode, at which point the chipset makes the flash available. This is also the point at which the signature is validated. If the signature is valid, the write happens on the flash. If it's not, it stores a return code and exits SMM, which as a bi-product blocks our access to the memory in question. That all propagates back up and we get a success or failure from SetVariable(). How will the Englobulators ensure that every signed-by-Microsoft Red Hat kernel will take orders from Hardware Key Central? Note I assume here that Hardware Key Central is controlled by the Englobulators. I don't know what an Englobulator is. -- Peter -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, 26 Jun 2012, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 25, 2012 at 09:14:54PM -0400, Jay Sulzberger wrote: These questions are asked so that I may better lay out some actual security considerations in a later post. http://www.uefi.org/specs/download/UEFI_2_3_1_Errata_B.pdf sections 27.6, 27.7 and 27.8, along with 7.2 for an overview of authenticated variables. -- Matthew Garrett | mj...@srcf.ucam.org Thanks! oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 25 Jun 2012, Peter Jones pjo...@redhat.com wrote: On 06/25/2012 09:14 PM, Jay Sulzberger wrote: [...] I have some questions about what sort of capabilities the UEFI will have in machines sold later this year: 1. What is the mechanism for remote revocation of signing keys? There's 2 mechanisms here. The first is a key list called DBX. This is just a list of public keys that's checked before DB (the allowed key list). Any key on DBX isn't allowed to boot up. The second mechanism is a facility for signed updates. Basically, you can do a SetVariable() call to append to DBX, and the call parameters must be signed by the KEK. If the appended data isn't signed, or is signed by a key other than the KEK, you get an error code. There's actually a third mechanism, of course, which is that the firmware can add keys, so if you apply a firmware update (which also undergo cryptographic verification), the firmware could add a key on the next reboot. Is there a hardware switch or jumper that can be set so that no modification of the firmware is possible? My question here is: if I have gross physical possession of the hardware can I disable firmware updates done just via code running on the x86/UEFI chips? 2. In particular, will the UEFI be able to revoke, at the command of Hardware Key Central, signing keys without a standard (style of) kernel being booted? That is, can the UEFI receive commands over the Net using its own network capabilities? There's no mechanism for automatic network updates or anything like that in the standard, though a UEFI binary run from the firmware could apply an update if it's signed by the KEK. Will the UEFI be able to send and receive information over a local network, say via Ethernet? That is, without an old fashioned kernel being booted. By old fashioned I mean something like the Linux kernel, which, I think runs, usually, in a space different from the space where UEFI code runs? 3. If booting a standard style of kernel is required to revoke, at the command of Hardware Key Central, signing keys, then the standard kernel must be capable of receiving and interpreting such commands, Well, the kernel wouldn't really be the responsible code here. Most likely we'll make that a package update and use rpm %post scripts to apply changes. I will attempt to think about this. and also be capable of modifying the memory of the UEFI hardware. No, we don't have this ability. The spec defines this in some general terms, but on x86, here's the basic mechanism. From userland, we set a UEFI variable, using a mechanism such as the existing efivars facility. It has flags set to append to the DBX variable, and also a flag that says it's an authenticated variable. It also includes the signed data. The kernel then calls UEFI's runtime services function SetVariable(), at which point in time firmware code is running again. This code calls the into SMM mode, which is a special processor mode that's always been available on x86, and has been used in the past for many things. At this point the processor signals to the chipset that you're in SMM mode, at which point the chipset makes the flash available. This is also the point at which the signature is validated. If the signature is valid, the write happens on the flash. If it's not, it stores a return code and exits SMM, which as a bi-product blocks our access to the memory in question. That all propagates back up and we get a success or failure from SetVariable(). So, if I have understood (part of) your explanation, the x86 processor must run in order to modify the contents of the flash memory used by the UEFI to hold various tables, including the DBX table. I will attempt to think about this. How will the Englobulators ensure that every signed-by-Microsoft Red Hat kernel will take orders from Hardware Key Central? Note I assume here that Hardware Key Central is controlled by the Englobulators. I don't know what an Englobulator is. Ah, here a long and bulbous discussion threatens to obtrude. -- Peter One more question today: I know that UEFI hardware is available. Which hardware do you recommend, if I want to actually see the UEFI and perhaps try it out? Thank you, Peter! oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/25/2012 11:08 PM, Jay Sulzberger wrote: Is there a hardware switch or jumper that can be set so that no modification of the firmware is possible? My question here is: if I have gross physical possession of the hardware can I disable firmware updates done just via code running on the x86/UEFI chips? There's no real guarantee that any particular machine will have any physical switch, but that doesn't mean you can't just /not run/ the software that does the updates. Will the UEFI be able to send and receive information over a local network, say via Ethernet? That is, without an old fashioned kernel being booted. By old fashioned I mean something like the Linux kernel, which, I think runs, usually, in a space different from the space where UEFI code runs? Some vendor's firmware could, in theory, do that. It's not part of the spec. 3. If booting a standard style of kernel is required to revoke, at the command of Hardware Key Central, signing keys, then the standard kernel must be capable of receiving and interpreting such commands, Well, the kernel wouldn't really be the responsible code here. Most likely we'll make that a package update and use rpm %post scripts to apply changes. I will attempt to think about this. I hope everything comes out okay. I know that UEFI hardware is available. Which hardware do you recommend, if I want to actually see the UEFI and perhaps try it out? I'm really, *really* not in the business of recommending hardware. There are various sites on the internet that do that exclusively. One of them has probably figured out that they should be thinking about UEFI by now. -- Peter -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 25 Jun 2012, Peter Jones pjo...@redhat.com wrote: On 06/25/2012 11:08 PM, Jay Sulzberger wrote: Is there a hardware switch or jumper that can be set so that no modification of the firmware is possible? My question here is: if I have gross physical possession of the hardware can I disable firmware updates done just via code running on the x86/UEFI chips? There's no real guarantee that any particular machine will have any physical switch, but that doesn't mean you can't just /not run/ the software that does the updates. Will the UEFI be able to send and receive information over a local network, say via Ethernet? That is, without an old fashioned kernel being booted. By old fashioned I mean something like the Linux kernel, which, I think runs, usually, in a space different from the space where UEFI code runs? Some vendor's firmware could, in theory, do that. It's not part of the spec. 3. If booting a standard style of kernel is required to revoke, at the command of Hardware Key Central, signing keys, then the standard kernel must be capable of receiving and interpreting such commands, Well, the kernel wouldn't really be the responsible code here. Most likely we'll make that a package update and use rpm %post scripts to apply changes. I will attempt to think about this. I hope everything comes out okay. ;) I know that UEFI hardware is available. Which hardware do you recommend, if I want to actually see the UEFI and perhaps try it out? I'm really, *really* not in the business of recommending hardware. There are various sites on the internet that do that exclusively. One of them has probably figured out that they should be thinking about UEFI by now. -- Peter Peter and Matthew, thanks again, for your time and effort given to explain things. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 2012-06-25 at 23:31 -0400, Peter Jones wrote: I know that UEFI hardware is available. Which hardware do you recommend, if I want to actually see the UEFI and perhaps try it out? I'm really, *really* not in the business of recommending hardware. There are various sites on the internet that do that exclusively. One of them has probably figured out that they should be thinking about UEFI by now. To elaborate, there still seems to be an unwarranted confusion between UEFI and Secure Boot going on here. UEFI-based hardware is available right now and has been for some time. I am typing this on a system with UEFI firmware. Many many systems shipped today are using UEFI-based firmware, though often the copy of Windows that's pre-installed is BIOS-native not UEFI-native, and often the firmware will default to booting other media in BIOS compatibility mode and will only use native UEFI if explicitly instructed to. Secure Boot is a single feature of a later version of the UEFI spec. To my knowledge, no hardware currently generally available is Secure Boot-enabled. Peter, Matthew etc. are all working with pre-production development firmware. Presumably, updates could be shipped which add Secure Boot functionality to already-shipped hardware, I don't know if there are any plans for that. But you cannot, right now, go out and buy hardware that has Secure Boot functionality off the shelf. It's just not there. If you're really interested just in playing with UEFI itself - like Peter I'm not a hardware recommendation site, but I use an Asus P8P67 Deluxe for my UEFI testing, and it's at least capable of successfully booting and installing Fedora UEFI native. I don't know if this is true of later Asus motherboards. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Wed, 20 Jun 2012 13:40:14 +0900, you wrote: On Mon, 18 Jun 2012 14:56:20 +0100 Matthew Garrett mj...@srcf.ucam.org wrote: System76 (and possibly others) will be supplying systems that provide (2), so that choice is available to you. Matthew, I often read you referring to System76, since the UEFI discussion. System76 products are limited to the US market (only), and not all Fedora users are US residents. They do ship to other countries, Japan included: https://www.system76.com/home/shippinginformation/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Wed, 20 Jun 2012 09:57:58 -0400 Gerald Henriksen ghenr...@gmail.com wrote: On Wed, 20 Jun 2012 13:40:14 +0900, you wrote: On Mon, 18 Jun 2012 14:56:20 +0100 Matthew Garrett mj...@srcf.ucam.org wrote: System76 (and possibly others) will be supplying systems that provide (2), so that choice is available to you. Matthew, I often read you referring to System76, since the UEFI discussion. System76 products are limited to the US market (only), and not all Fedora users are US residents. They do ship to other countries, Japan included: https://www.system76.com/home/shippinginformation/ Effectively. I am looking at their page right now. There's been quite a change since the last direct email exchange, about a year ago, when they said they weren't delivering overseas, and they had no plan to be represented in Asia. Things have changed. That's a good news (for once). Thanks for the update. -- nomnex nom...@gmail.com Freenode: nomnex Registered Linux user #505281. Be counted at: http://linuxcounter.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Wed, Jun 20, 2012 at 11:04 AM, nomnex nom...@gmail.com wrote: Things have changed. That's a good news (for once). Thanks for the update. Bravo, so apparently there is a leader on this, a free software UEFI on its own trustworthy hardware, that hopefully will tell the truth to the user about security for the owner of the device, and make installing free operating systems non-scary. However, more need to follow in the same market (and in providing infrastructure for boxes over which owners have root control) so System76 does not become a target. Then big shots won't be able to turn a practice of holding root on their devices and granting signing services to their hardware, into a bogus norm either of a kind that says you must have a license to compute, or of a kind that says copyright means you can't parse and process published information, that turns it into a prior restraint. You might have to pay extra at first, but this will make it apparent to the world at large that this is the way things should be, rather than either of those bogus norms. Then we will have won the entire information freedom battle, for us and our grandchildren. No need for a shim. Use your own chain of trust. No implication that anybody must be *forced* to provide devices without Secure Boot turned on. The Secure Boot technology is a useful facility. You need to come to terms with what this new technology means for freedom. That does not mean boot on all hardware sold. It does mean make sure free software has and supports hardware with UEFIs that cater to freedom, and that gives you control over boxes you own. Seth On Wed, Jun 20, 2012 at 11:04 AM, nomnex nom...@gmail.com wrote: On Wed, 20 Jun 2012 09:57:58 -0400 Gerald Henriksen ghenr...@gmail.com wrote: On Wed, 20 Jun 2012 13:40:14 +0900, you wrote: On Mon, 18 Jun 2012 14:56:20 +0100 Matthew Garrett mj...@srcf.ucam.org wrote: System76 (and possibly others) will be supplying systems that provide (2), so that choice is available to you. Matthew, I often read you referring to System76, since the UEFI discussion. System76 products are limited to the US market (only), and not all Fedora users are US residents. They do ship to other countries, Japan included: https://www.system76.com/home/shippinginformation/ Effectively. I am looking at their page right now. There's been quite a change since the last direct email exchange, about a year ago, when they said they weren't delivering overseas, and they had no plan to be represented in Asia. Things have changed. That's a good news (for once). Thanks for the update. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Wed, Jun 20, 2012 at 01:19:22PM -0400, Seth Johnson wrote: On Wed, Jun 20, 2012 at 11:04 AM, nomnex nom...@gmail.com wrote: Things have changed. That's a good news (for once). Thanks for the update. Bravo, so apparently there is a leader on this, a free software UEFI on its own trustworthy hardware, that hopefully will tell the truth to the user about security for the owner of the device, and make installing free operating systems non-scary. To the best of my knowledge, their UEFI implementation isn't free software. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Proceed to the next paragraph then. ;-) Seth On Wed, Jun 20, 2012 at 1:21 PM, Matthew Garrett mj...@srcf.ucam.org wrote: On Wed, Jun 20, 2012 at 01:19:22PM -0400, Seth Johnson wrote: On Wed, Jun 20, 2012 at 11:04 AM, nomnex nom...@gmail.com wrote: Things have changed. That's a good news (for once). Thanks for the update. Bravo, so apparently there is a leader on this, a free software UEFI on its own trustworthy hardware, that hopefully will tell the truth to the user about security for the owner of the device, and make installing free operating systems non-scary. To the best of my knowledge, their UEFI implementation isn't free software. -- Matthew Garrett | mj...@srcf.ucam.org However, more need to follow in the same market (and in providing infrastructure for boxes over which owners have root control) so System76 does not become a target. Then big shots won't be able to turn a practice of holding root on their devices and granting signing services to their hardware, into a bogus norm either of a kind that says you must have a license to compute, or of a kind that says copyright means you can't parse and process published information, that turns it into a prior restraint. You might have to pay extra at first, but this will make it apparent to the world at large that this is the way things should be, rather than either of those bogus norms. Then we will have won the entire information freedom battle, for us and our grandchildren. No need for a shim. Use your own chain of trust. No implication that anybody must be *forced* to provide devices without Secure Boot turned on. The Secure Boot technology is a useful facility. You need to come to terms with what this new technology means for freedom. That does not mean boot on all hardware sold. It does mean make sure free software has and supports hardware with UEFIs that cater to freedom, and that gives you control over boxes you own. Seth devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/18/2012 06:18 PM, Adam Williamson wrote: I hesitate to put words in people's mouths, and correct me if I'm wrong, but it reads to me as if Jay and others are arguing from an incorrect premise. That premise is to assume that there is a God-given right for people who own computing devices to retrofit alternative operating systems onto those devices. I want to put it out there that this is _not true_. The problem with this claim is that it equivocates on the meaning of a right. There are at least two definitions of a right in this sense: moral rights and legal rights. These are not the same. Moral rights are not in the gift of any Government. While we may not have a legal right to run whatever software we wish on hardware we own, it's not at all unreasonable to claim a moral right to do so. Andrew. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/18/2012 05:03 PM, Przemek Klosowski wrote: On 06/18/2012 01:21 PM, Reindl Harald wrote: i buy a computer i do not rent it i pay money, i own teh device after giving my money You have to realize that the ease of installing alternative software is a historical accident resulting from the fact that you buy the computer from one company and the software is provided by another company. Certainly in cases when both hardware and software come from the same company, the expectation is that you cannot freely replace the software. And, as if on cue, Microsoft just announced their own ARM tablet. Do you feel that they should leave it open to installing alternative OS? Would they subsidize its hardware cost like they apparently do with Xboxes, and would your answer change depending on whether they do? -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Andrew Haley wrote: The problem with this claim is that it equivocates on the meaning of a right. There are at least two definitions of a right in this sense: moral rights and legal rights. These are not the same. Moral rights are not in the gift of any Government. While we may not have a legal right to run whatever software we wish on hardware we own, it's not at all unreasonable to claim a moral right to do so. Andrew. Orthogonal to moral vs. legal rights, there is also a distinction between positive and negative rights. If you have a positive right to something, that actually puts an obligation on someone to guarantee that you get/have/exercise the something. If you have a negative right to something, that only prohibits taking the something away from you, but doesn't put an obligation on anyone to guarantee that you get/have/exercise the something. For instance, in the US the right to use a printing press is protected by the First Amendment (freedom of speech), but it is a negative right, in that the government can't (except in very limited circumstances) do anything to prevent you from using a printing press, but the government is NOT obligated to provide you with a printing press. On the other hand, the right to an attorney for criminal defendants, protected by the Sixth Amendment, has been interpreted by SCOTUS a positive right, since if you cannot afford an attorney the government is obligated to provide one for you. I would claim that the moral right to run whatever software we wish on hardware we own is a negative right; it doesn't put any obligation on another party to help you do it. If you can hack up Fedora to run on a Nokia Windows phone, more power to you, but Nokia and Microsoft aren't obligated to help you do it, and aren't legally prohibited from doing things that make it difficult for you to exercise your moral right. Possibly in this example someone might consider Nokia and Microsoft to be infringing their moral right, but (in the US at least) they'd have no recourse. Eric -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/19/2012 03:45 PM, Eric Smith wrote: I would claim that the moral right to run whatever software we wish on hardware we own is a negative right; it doesn't put any obligation on another party to help you do it. If you can hack up Fedora to run on a Nokia Windows phone, more power to you, but Nokia and Microsoft aren't obligated to help you do it, and aren't legally prohibited from doing things that make it difficult for you to exercise your moral right. I think I'd disagree with you there. I don't think it's any different from someone using extensive technical measures to prevent anyone other than the authorized dealers of a particular car from servicing it. Such a move would be treated as anti-competitive in many countries, and IMO software should be treated in the same way. Possibly in this example someone might consider Nokia and Microsoft to be infringing their moral right, but (in the US at least) they'd have no recourse. Indeed. Andrew. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, 2012-06-19 at 09:40 +0100, Andrew Haley wrote: On 06/18/2012 06:18 PM, Adam Williamson wrote: I hesitate to put words in people's mouths, and correct me if I'm wrong, but it reads to me as if Jay and others are arguing from an incorrect premise. That premise is to assume that there is a God-given right for people who own computing devices to retrofit alternative operating systems onto those devices. I want to put it out there that this is _not true_. The problem with this claim is that it equivocates on the meaning of a right. There are at least two definitions of a right in this sense: moral rights and legal rights. These are not the same. Moral rights are not in the gift of any Government. While we may not have a legal right to run whatever software we wish on hardware we own, it's not at all unreasonable to claim a moral right to do so. See later discussion. In the sense of 'attempt to do so', this is certainly supportable, but is a side track to our actual topic here. In the sense of 'demand that the manufacturer make it easy to do so', no, I don't believe it is reasonable to claim such a right, moral or legal. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
I wrote: I would claim that the moral right to run whatever software we wish on hardware we own is a negative right; it doesn't put any obligation on another party to help you do it. If you can hack up Fedora to run on a Nokia Windows phone, more power to you, but Nokia and Microsoft aren't obligated to help you do it, and aren't legally prohibited from doing things that make it difficult for you to exercise your moral right. Andrew Haley wrote: I think I'd disagree with you there. I don't think it's any different from someone using extensive technical measures to prevent anyone other than the authorized dealers of a particular car from servicing it. Such a move would be treated as anti-competitive in many countries, and IMO software should be treated in the same way. If the things that make it difficult to run software of your choosing on a device can be proven to serve no purpose but to stifle competition, then yes. But often those things have other purposes as well. For example, requiring firmware updates to be signed has a demonstrable purpose in preventing certain types of malware from infecting a product, so that feature cannot be said to serve no purpose other but to stifle competition. Eric -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, 19 Jun 2012, Adam Williamson awill...@redhat.com wrote: On Tue, 2012-06-19 at 09:40 +0100, Andrew Haley wrote: On 06/18/2012 06:18 PM, Adam Williamson wrote: I hesitate to put words in people's mouths, and correct me if I'm wrong, but it reads to me as if Jay and others are arguing from an incorrect premise. That premise is to assume that there is a God-given right for people who own computing devices to retrofit alternative operating systems onto those devices. I want to put it out there that this is _not true_. The problem with this claim is that it equivocates on the meaning of a right. There are at least two definitions of a right in this sense: moral rights and legal rights. These are not the same. Moral rights are not in the gift of any Government. While we may not have a legal right to run whatever software we wish on hardware we own, it's not at all unreasonable to claim a moral right to do so. See later discussion. In the sense of 'attempt to do so', this is certainly supportable, but is a side track to our actual topic here. In the sense of 'demand that the manufacturer make it easy to do so', no, I don't believe it is reasonable to claim such a right, moral or legal. -- Adam Williamson Adam, just a short bald claim: In the United States and Europe there is a large body of statute law, regulatory rulings, and court decisions which say that yes, a large powerful company cannot take certain actions to impede competitors. In particular entering into a compact to make Fedora harder to install on every single x86 home computer sold is not allowed. Or once was not allowed. Recently neither regulatory bodies, nor courts, have enforced these old once settled laws and regulations. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, Jun 19, 2012 at 11:50 AM, Eric Smith e...@brouhaha.com wrote: If the things that make it difficult to run software of your choosing on a device can be proven to serve no purpose but to stifle competition, then yes. But often those things have other purposes as well. For example, requiring firmware updates to be signed has a demonstrable purpose in preventing certain types of malware from infecting a product, so that feature cannot be said to serve no purpose other but to stifle competition. Though it serves a genuine interest it is not, however, a least restrictive means. (at least not when it inhibits the user completely) It wouldn't pass the tests we'd apply if it were a state mandated restriction, should the fact that it's not actually a state restriction matter though when it has market force equal to the state's authority? Seems kind of funny that in the US we've been so careful to avoid the state infringing individual rights and then somewhat careless about other powerful entities using massive money, state granted monopolies, and market force to achieve the same ends. It's a mad world. ::shrugs:: One thing we can do is not license our code for these environments that deny users these freedoms. If we think that restrictions on freedom by private parties is an acceptable risk where it wouldn't be acceptable for the government because market solutions work against private parties then we have to do what we can to make the market solutions work. Part of that means that we should stop giving them free software for use in products where they deny users the same freedoms they enjoyed. RedHat and Fedora participating in this technical process which denies freedom to users will simply make the issue harder to address via the market because will make drawing the lines between acceptable and unacceptable behavior harder, potentially resulting in another billion dollar company on the unacceptable side of the line— an outcome which no one wants— and it will undermine the arguments people would make for state intervention, since the antitrust arguments are rather fragile and courts are unlikely to appreciate the nuance of why RedHat and only RedHat (for an extreme example) being able to ship GNU/Linux for popular desktops doesn't disprove competitive concerns. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/19/2012 04:50 PM, Eric Smith wrote: I wrote: I would claim that the moral right to run whatever software we wish on hardware we own is a negative right; it doesn't put any obligation on another party to help you do it. If you can hack up Fedora to run on a Nokia Windows phone, more power to you, but Nokia and Microsoft aren't obligated to help you do it, and aren't legally prohibited from doing things that make it difficult for you to exercise your moral right. Andrew Haley wrote: I think I'd disagree with you there. I don't think it's any different from someone using extensive technical measures to prevent anyone other than the authorized dealers of a particular car from servicing it. Such a move would be treated as anti-competitive in many countries, and IMO software should be treated in the same way. If the things that make it difficult to run software of your choosing on a device can be proven to serve no purpose but to stifle competition, then yes. But often those things have other purposes as well. For example, requiring firmware updates to be signed has a demonstrable purpose in preventing certain types of malware from infecting a product, so that feature cannot be said to serve no purpose other but to stifle competition. That's true, but couldn't you argue something similar thing for a car? As in, Unauthorized shops may install inferior copied parts. We've all heard this kind of thing before, and treat it with the contempt it deserves. Andrew. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Jun 19, 2012, at 10:03 AM, Jay Sulzberger wrote: In the United States and Europe there is a large body of statute law, regulatory rulings, and court decisions which say that yes, a large powerful company cannot take certain actions to impede competitors. Cite the law and case law that applies to these certain actions impeding Fedora (or other Linux). Or please stop repeating this claim. In particular entering into a compact to make Fedora harder to install on every single x86 home computer sold is not allowed. Or once was not allowed. That's not how this works. It's harder to install relative to itself, but the same barrier to installing Fedora applies to installing Windows. That OEMs then find a way around that to pre-install is a function of the high demand for Windows pre-installed on hardware by end users. And harder to install does not mean anything like impossible (or effectively impossible) to install, an alternative. Recently neither regulatory bodies, nor courts, have enforced these old once settled laws and regulations. This large body of law will see that Red Hat had the option to have its keys included with new UEFI hardware, making installations equally easy or difficult for all parties involved, thus the anti-competition claim is rendered moot. That Red Hat declined to have its keys included in on the basis of unfair advantage to other distributions is an unexpected non-competitive behavior from the view of competition law. Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Jun 19, 2012, at 7:59 AM, Przemek Klosowski wrote: And, as if on cue, Microsoft just announced their own ARM tablet. Do you feel that they should leave it open to installing alternative OS? Apple does not. Although I don't think they're using UEFI on their hardware, the described boot process sounds similar to Secure Boot. Would they subsidize its hardware cost like they apparently do with Xboxes, and would your answer change depending on whether they do? Doesn't matter. And there's no reason for them to subsidize the hardware, just because of a lockout. There's reason for them to subsidize in order to catch up with iOS and Android, however. Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, 19 Jun 2012, Chris Murphy li...@colorremedies.com wrote: On Jun 19, 2012, at 10:03 AM, Jay Sulzberger wrote: In the United States and Europe there is a large body of statute law, regulatory rulings, and court decisions which say that yes, a large powerful company cannot take certain actions to impede competitors. Cite the law and case law that applies to these certain actions impeding Fedora (or other Linux). Or please stop repeating this claim. In particular entering into a compact to make Fedora harder to install on every single x86 home computer sold is not allowed. Or once was not allowed. That's not how this works. It's harder to install relative to itself, but the same barrier to installing Fedora applies to installing Windows. That OEMs then find a way around that to pre-install is a function of the high demand for Windows pre-installed on hardware by end users. And harder to install does not mean anything like impossible (or effectively impossible) to install, an alternative. Recently neither regulatory bodies, nor courts, have enforced these old once settled laws and regulations. This large body of law will see that Red Hat had the option to have its keys included with new UEFI hardware, making installations equally easy or difficult for all parties involved, thus the anti-competition claim is rendered moot. That Red Hat declined to have its keys included in on the basis of unfair advantage to other distributions is an unexpected non-competitive behavior from the view of competition law. Chris Murphy Chris, rather than me attempting to explain to you the long history here, I gently suggest that you attempt to study the statutes and regulations and court decisions with some sympathy for free software, and indeed, some sympathy for the rule of law. Thanks, and please forgive me for not answering you in the style you demand. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, 2012-06-19 at 12:03 -0400, Jay Sulzberger wrote: Adam, just a short bald claim: In the United States and Europe there is a large body of statute law, regulatory rulings, and court decisions which say that yes, a large powerful company cannot take certain actions to impede competitors. In particular entering into a compact to make Fedora harder to install on every single x86 home computer sold is not allowed. Or once was not allowed. Recently neither regulatory bodies, nor courts, have enforced these old once settled laws and regulations. I'm aware of this. So are Red Hat's lawyers, I'm sure. I am inferring from the stuff posted by Matthew so far that they believe there is no basis for a legal complaint in Microsoft's behaviour in this area. I certainly can't see one myself, though of course I am not a lawyer; as I've already noted, it's very hard to characterize Microsoft's behaviour as 'impeding competitors'. They have done nothing at all to prevent anyone else from complying with the Secure Boot specification. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, 2012-06-19 at 12:10 -0400, Gregory Maxwell wrote: On Tue, Jun 19, 2012 at 11:50 AM, Eric Smith e...@brouhaha.com wrote: If the things that make it difficult to run software of your choosing on a device can be proven to serve no purpose but to stifle competition, then yes. But often those things have other purposes as well. For example, requiring firmware updates to be signed has a demonstrable purpose in preventing certain types of malware from infecting a product, so that feature cannot be said to serve no purpose other but to stifle competition. Though it serves a genuine interest it is not, however, a least restrictive means. (at least not when it inhibits the user completely) It wouldn't pass the tests we'd apply if it were a state mandated restriction, should the fact that it's not actually a state restriction matter though when it has market force equal to the state's authority? I think you're arguing a long way in advance of your evidence here. The Secure Boot requirements either in the UEFI spec or in the Microsoft certification scheme for x86 certainly do not 'inhibit the user completely'; on the contrary they leave all power in the hands of the user, who has only to choose to exercise it. The requirements in the Microsoft certification scheme for ARM can be somewhat more reasonably described as 'inhibiting the user' (though only to an extent), but in that context, they certainly do not have 'market force equal to the state's authority', and are certainly no more restrictive than the system already in use on equivalent devices from competing manufacturers. It's a fun pastime to wave around the concept of competition and monopoly legislation every time Microsoft coughs, but let's face it: when Microsoft actually was guilty of blatant monopoly abuse it took years to reach a fairly weak judgment against them which had virtually no practical consequences. The chances of getting any kind of judicial relief in a case like this where the situation is far less clear-cut than a partisan interest may want it to be seem, to be, astronomical. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, 19 Jun 2012 11:15:34 -0700, you wrote: On Tue, 2012-06-19 at 12:03 -0400, Jay Sulzberger wrote: Adam, just a short bald claim: In the United States and Europe there is a large body of statute law, regulatory rulings, and court decisions which say that yes, a large powerful company cannot take certain actions to impede competitors. In particular entering into a compact to make Fedora harder to install on every single x86 home computer sold is not allowed. Or once was not allowed. Recently neither regulatory bodies, nor courts, have enforced these old once settled laws and regulations. I'm aware of this. So are Red Hat's lawyers, I'm sure. I am inferring from the stuff posted by Matthew so far that they believe there is no basis for a legal complaint in Microsoft's behaviour in this area. I certainly can't see one myself, though of course I am not a lawyer; as I've already noted, it's very hard to characterize Microsoft's behaviour as 'impeding competitors'. They have done nothing at all to prevent anyone else from complying with the Secure Boot specification. -- Thinking about it, I would go further and say that even if Secure Boot could not be disabled, and 3rd parties could not get keys, would not violate the law. Microsoft got into trouble for 2 things - including IE as part of Windows, and their agreements with OEMs that made them exclusively Windows. On the web browser, I think it is safe to say history has sided with Microsoft. Every OS or Desktop Environment now comes with its own web browser, because a device connected to the Internet without a web browser is useless for most people. The trickier issue was their OEM agreements, which likely were a violation of the law, which forbid the OEMs from selling products with competing products if they wanted to sell Windows. It is obvious that these clauses no longer exist, as for example Dell has sometimes sold machines with Linux. Requiring Secure Boot for Windows 8 certification thus wouldn't be anti-competitive, even if it could not be disabled, because Microsoft is not forbidding anyone from producing and/or selling an x86 (or otherwise) product without Secure Boot. In fact, Microsoft's legal standing is likely strengthened for the time being by the fact that if Dell for example were to sell a machine at Christmas without Secure Boot the machine would be able to run Windows 8 (whether Dell could ship it with Windows 8 installed, or the end user would have to purchase a copy and install it themselves is unknown and not relevant), the only definite restriction is that Dell could not market that machine as Windows 8 ready. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, 19 Jun 2012, Gerald Henriksen ghenr...@gmail.com wrote: On Tue, 19 Jun 2012 11:15:34 -0700, you wrote: On Tue, 2012-06-19 at 12:03 -0400, Jay Sulzberger wrote: Adam, just a short bald claim: In the United States and Europe there is a large body of statute law, regulatory rulings, and court decisions which say that yes, a large powerful company cannot take certain actions to impede competitors. In particular entering into a compact to make Fedora harder to install on every single x86 home computer sold is not allowed. Or once was not allowed. Recently neither regulatory bodies, nor courts, have enforced these old once settled laws and regulations. I'm aware of this. So are Red Hat's lawyers, I'm sure. I am inferring from the stuff posted by Matthew so far that they believe there is no basis for a legal complaint in Microsoft's behaviour in this area. I certainly can't see one myself, though of course I am not a lawyer; as I've already noted, it's very hard to characterize Microsoft's behaviour as 'impeding competitors'. They have done nothing at all to prevent anyone else from complying with the Secure Boot specification. -- Thinking about it, I would go further and say that even if Secure Boot could not be disabled, and 3rd parties could not get keys, would not violate the law. Microsoft got into trouble for 2 things - including IE as part of Windows, and their agreements with OEMs that made them exclusively Windows. On the web browser, I think it is safe to say history has sided with Microsoft. Every OS or Desktop Environment now comes with its own web browser, because a device connected to the Internet without a web browser is useless for most people. The trickier issue was their OEM agreements, which likely were a violation of the law, which forbid the OEMs from selling products with competing products if they wanted to sell Windows. It is obvious that these clauses no longer exist, as for example Dell has sometimes sold machines with Linux. Requiring Secure Boot for Windows 8 certification thus wouldn't be anti-competitive, even if it could not be disabled, because Microsoft is not forbidding anyone from producing and/or selling an x86 (or otherwise) product without Secure Boot. In fact, Microsoft's legal standing is likely strengthened for the time being by the fact that if Dell for example were to sell a machine at Christmas without Secure Boot the machine would be able to run Windows 8 (whether Dell could ship it with Windows 8 installed, or the end user would have to purchase a copy and install it themselves is unknown and not relevant), the only definite restriction is that Dell could not market that machine as Windows 8 ready. Henrik, I will respond to your claims, if you will answer me one question first: As you know, for over a decade Microsoft included in every EULA for its home computer OSes, a Refund Clause. The clause stated that if the buyer of the computer never booted the already installed Microsoft OS, that the buyer would get a refund for the unused Microsoft OS. For all that time Microsoft refused to give a refund when the claim was made. Indeed a few people got refunds, but in most cases, people who complied with the terms of the Refund Clause did not get a refund, due to Microsoft's direct refusal. Do you condone, or consider as negligible, this long continued abuse by Microsoft? oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
typo in last Was Re: *countable infinities only
Oi, please forgive me Gerald Henriksen! I called you Henrik, and this is not your name. Oi. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, 2012-06-19 at 17:49 -0400, Jay Sulzberger wrote: Henrik, I will respond to your claims, if you will answer me one question first: As you know, for over a decade Microsoft included in every EULA for its home computer OSes, a Refund Clause. The clause stated that if the buyer of the computer never booted the already installed Microsoft OS, that the buyer would get a refund for the unused Microsoft OS. For all that time Microsoft refused to give a refund when the claim was made. Indeed a few people got refunds, but in most cases, people who complied with the terms of the Refund Clause did not get a refund, due to Microsoft's direct refusal. Do you condone, or consider as negligible, this long continued abuse by Microsoft? Please stop bringing this up. It has nothing to do with the current situation. I cannot see any relevance at all in any reply Henrik might give to your question. It sounds more like you're just taking it upon yourself to decide whether you consider people to be more sympathetic to Microsoft than you would like. If you have a reply to Henrik's points that you think it would benefit everyone to see, then post it. If you don't, don't. It seems presumptuous to demand his position on a different issue before you continue the conversation. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Moral rights are from the Civil Code/French tradition. We don't do moral rights, although certain interests keep trying. Moral rights in the copyright context (I am unaware that they exist outside copyright) are a right of attribution and a right of integrity. We don't have these in the US tradition. I could live with a right of attribution, kind of, but the integrity right would be a disaster. The fact the US and UK traditions don't have these kinds of copyright notions is one of the things that is good in the context of information freedom. I see the wikipedia page on moral rights lists them with natural or inalienable rights. My guess is that's a new notion, possibly part of a scheme to confuse the concept of moral rights in copyright law with the most fundamental rights. Copyright is a statutory right in America, which means Congress could, if it had the will, change copyright to suit the digital age -- so just keep that distinction clear. Far better to talk natural or inalienable rights than use a terminology that can give us a lot of trouble in copyright. Seth On Tue, Jun 19, 2012 at 4:40 AM, Andrew Haley a...@redhat.com wrote: On 06/18/2012 06:18 PM, Adam Williamson wrote: I hesitate to put words in people's mouths, and correct me if I'm wrong, but it reads to me as if Jay and others are arguing from an incorrect premise. That premise is to assume that there is a God-given right for people who own computing devices to retrofit alternative operating systems onto those devices. I want to put it out there that this is _not true_. The problem with this claim is that it equivocates on the meaning of a right. There are at least two definitions of a right in this sense: moral rights and legal rights. These are not the same. Moral rights are not in the gift of any Government. While we may not have a legal right to run whatever software we wish on hardware we own, it's not at all unreasonable to claim a moral right to do so. Andrew. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
The positive/negative right formulation is a post-New Deal notion, rooted in the question of whether it has been textually granted -- very different from the notion that we hold rights prior to government. It may be that we can describe all rights regardless of whether they are the result of legislation or constitutional language, but we have a unique foundation that renders the government accountable to the people in that we established the States and the Union on the basis of inalienable rights that are not subject to government abrogation (except for very compelling reasons and by narrowly tailored laws). Seth On Tue, Jun 19, 2012 at 10:45 AM, Eric Smith e...@brouhaha.com wrote: Andrew Haley wrote: The problem with this claim is that it equivocates on the meaning of a right. There are at least two definitions of a right in this sense: moral rights and legal rights. These are not the same. Moral rights are not in the gift of any Government. While we may not have a legal right to run whatever software we wish on hardware we own, it's not at all unreasonable to claim a moral right to do so. Andrew. Orthogonal to moral vs. legal rights, there is also a distinction between positive and negative rights. If you have a positive right to something, that actually puts an obligation on someone to guarantee that you get/have/exercise the something. If you have a negative right to something, that only prohibits taking the something away from you, but doesn't put an obligation on anyone to guarantee that you get/have/exercise the something. For instance, in the US the right to use a printing press is protected by the First Amendment (freedom of speech), but it is a negative right, in that the government can't (except in very limited circumstances) do anything to prevent you from using a printing press, but the government is NOT obligated to provide you with a printing press. On the other hand, the right to an attorney for criminal defendants, protected by the Sixth Amendment, has been interpreted by SCOTUS a positive right, since if you cannot afford an attorney the government is obligated to provide one for you. I would claim that the moral right to run whatever software we wish on hardware we own is a negative right; it doesn't put any obligation on another party to help you do it. If you can hack up Fedora to run on a Nokia Windows phone, more power to you, but Nokia and Microsoft aren't obligated to help you do it, and aren't legally prohibited from doing things that make it difficult for you to exercise your moral right. Possibly in this example someone might consider Nokia and Microsoft to be infringing their moral right, but (in the US at least) they'd have no recourse. Eric -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Minor clarifying insert: On Tue, Jun 19, 2012 at 8:26 PM, Seth Johnson seth.p.john...@gmail.com wrote: The positive/negative right formulation is a post-New Deal notion, rooted in the question of whether it has been textually granted -- very different from the notion that we hold rights prior to government. It may be that we can describe all rights ^in this way -- in terms of their being positive or negative -- regardless of whether they are the result of legislation or constitutional language, but we have a unique foundation that renders the government accountable to the people in that we established the States and the Union on the basis of inalienable rights that are not subject to government abrogation (except for very compelling reasons and by narrowly tailored laws). Seth On Tue, Jun 19, 2012 at 10:45 AM, Eric Smith e...@brouhaha.com wrote: Andrew Haley wrote: The problem with this claim is that it equivocates on the meaning of a right. There are at least two definitions of a right in this sense: moral rights and legal rights. These are not the same. Moral rights are not in the gift of any Government. While we may not have a legal right to run whatever software we wish on hardware we own, it's not at all unreasonable to claim a moral right to do so. Andrew. Orthogonal to moral vs. legal rights, there is also a distinction between positive and negative rights. If you have a positive right to something, that actually puts an obligation on someone to guarantee that you get/have/exercise the something. If you have a negative right to something, that only prohibits taking the something away from you, but doesn't put an obligation on anyone to guarantee that you get/have/exercise the something. For instance, in the US the right to use a printing press is protected by the First Amendment (freedom of speech), but it is a negative right, in that the government can't (except in very limited circumstances) do anything to prevent you from using a printing press, but the government is NOT obligated to provide you with a printing press. On the other hand, the right to an attorney for criminal defendants, protected by the Sixth Amendment, has been interpreted by SCOTUS a positive right, since if you cannot afford an attorney the government is obligated to provide one for you. I would claim that the moral right to run whatever software we wish on hardware we own is a negative right; it doesn't put any obligation on another party to help you do it. If you can hack up Fedora to run on a Nokia Windows phone, more power to you, but Nokia and Microsoft aren't obligated to help you do it, and aren't legally prohibited from doing things that make it difficult for you to exercise your moral right. Possibly in this example someone might consider Nokia and Microsoft to be infringing their moral right, but (in the US at least) they'd have no recourse. Eric -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Seth Johnson wrote: The positive/negative right formulation is a post-New Deal notion, rooted in the question of whether it has been textually granted -- very different from the notion that we hold rights prior to government. Nevertheless, even prior to that formulation rights like freedom of the press were effectively negative rights, in that they did not obligate anyone else to give you a printing press. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, 19 Jun 2012, Adam Williamson awill...@redhat.com wrote: On Tue, 2012-06-19 at 17:49 -0400, Jay Sulzberger wrote: Henrik, I will respond to your claims, if you will answer me one question first: As you know, for over a decade Microsoft included in every EULA for its home computer OSes, a Refund Clause. The clause stated that if the buyer of the computer never booted the already installed Microsoft OS, that the buyer would get a refund for the unused Microsoft OS. For all that time Microsoft refused to give a refund when the claim was made. Indeed a few people got refunds, but in most cases, people who complied with the terms of the Refund Clause did not get a refund, due to Microsoft's direct refusal. Do you condone, or consider as negligible, this long continued abuse by Microsoft? Please stop bringing this up. It has nothing to do with the current situation. I cannot see any relevance at all in any reply Henrik might give to your question. It sounds more like you're just taking it upon yourself to decide whether you consider people to be more sympathetic to Microsoft than you would like. If you have a reply to Henrik's points that you think it would benefit everyone to see, then post it. If you don't, don't. It seems presumptuous to demand his position on a different issue before you continue the conversation. -- Adam Williamson Thanks, Adam, I will attempt to avoid engaging Gerald Henriksen further on this list regarding this topic. ad your claim that the EULA fraud is unrelated to Microsoft's abuse of the UEFI: Of course, the EULA fraud and the UEFI fraud of SecureBoot (when it is Microsoft's kernel that is booted) are part of the same campaign to end free software. I will also not engage you further in this topic, beyond, I hope, posting a general summary of my positions on this nexus of difficulties. Thanks, Adam, for posting and expressing your position so clearly. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012 14:56:20 +0100 Matthew Garrett mj...@srcf.ucam.org wrote: System76 (and possibly others) will be supplying systems that provide (2), so that choice is available to you. Matthew, I often read you referring to System76, since the UEFI discussion. System76 products are limited to the US market (only), and not all Fedora users are US residents. There are no such vendors in my location (Japan) by example, where makers, vendors, and the majority of the PC users I could met, display a total disregard for the desktop Linux. -- nomnex nom...@gmail.com Freenode: nomnex Registered Linux user #505281. Be counted at: http://linuxcounter.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Le dimanche 17 juin 2012 à 21:54 -0600, Kevin Fenzi a écrit : On Sun, 17 Jun 2012 23:21:14 -0400 (EDT) Jay Sulzberger j...@panix.com wrote: I think 50 million dollars toward buying, and properly arranging the UEFI, of several lots of x86 computers would indeed solve part of the problem you point out. Why not? Why? 50million dollars is a big order, but I don't see how this would change MicroSoft's mind, or the vendors who still wish to sell Windows 8 client certified systems. Just to put thing in perspective, for 50 millions $, that would mean around 6 new laptop for each Red hat employees. ( in fact, I think more, or with better hardware, due to bulk pricing ). So of course, the question is what to do with them, and then this become resell them, ( and so that mean become a online hardware vendor ( with all the associate cost, like taxes, etc )) or keep them ( that mean in 3/4 years, the money is lost ). Out of curiosity, what would be different about these machines you propose? Secure boot off by default? Secure boot completely removed? What does Red Hat have to lose? 50 million dollars? Again, to put thing in perspective, that mean budget sponsoring for 8000 FUDCON ( based on http://fedoraproject.org/wiki/FUDCon:Zurich_2010_Budget ), or if we take 73K as the average pay for a software engineer in the US, around 650 software engineers. Again, if we take around 1100 commiters on the kernel ( http://lwn.net/Articles/373405/ ), and 10% coming from Red Hat, that mean spending 6 time more than what Red hat pay on kernel hacker. I am sure that we could continue endlessly to show how much that's quite a lot of money better spent elsewhere. Cause money spent buying laptop is not money spent writing code. -- Michael Scherer -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012 01:09:52 -0400 (EDT), you wrote: On Mon, 18 Jun 2012, Matthew Garrett mj...@srcf.ucam.org wrote: On Sun, Jun 17, 2012 at 11:21:14PM -0400, Jay Sulzberger wrote: I think 50 million dollars toward buying, and properly arranging the UEFI, of several lots of x86 computers would indeed solve part of the problem you point out. Why not? Because said machines would cost more than identical hardware with different firmware. Sales of Linux-specific PC hardware haven't been massively successful so far. -- Matthew Garrett | mj...@srcf.ucam.org Why should they cost more? And suppose they cost $20 more. Let Red Hat pay this, and/or run an ad campaign explaining that with this motherboard, you can actually know what is running on the machine. So now your solution to the problem is to have Red Hat subsidize the hardware (aka lose money). That is a good way to go out of business in a hurry. ad previous lack of success of sales of GNU/Linux machines: In every case I know, Microsoft just bribed/threatened the vendor to stop selling the machines. Of course it could have nothing to do with the Linux community failing to provide what the customers wanted, everything has to be a conspiracy. If Red Hat accedes to Microsoft's demands here, there will be no, let me repeat, no hardware that Fedora can be easily installed on. Here is why: By your own explanation, you think that without the special key, controlled by Microsoft, Fedora would be too hard for some people to install. OK, so you agree that Fedora must get permission from Microsoft to allow easy installs of Fedora. The game is now just about over. What if one day, Microsoft makes it even harder to install Fedora without a Microsoft controlled key? What if, as has already happened with ARM, Microsoft refuses to grant Fedora a special key? No. Let Red Hat tell the truth. Let Red Hat design a better UEFI motherboard. So now the target has moved from Red Hat buying some hardware with secure boot disabled to Red Hat hiring a design team (at signficant cost) and developing their own motherboard. It is so nice that you are so willing to spend Red Hat's money, though I suspect the shareholders would have other ideas about entering into the world of spending lots of money to design a motherboard that you then intend to sell at a loss. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Le lundi 18 juin 2012 à 06:09 -0400, Gerald Henriksen a écrit : On Mon, 18 Jun 2012 01:09:52 -0400 (EDT), you wrote: No. Let Red Hat tell the truth. Let Red Hat design a better UEFI motherboard. So now the target has moved from Red Hat buying some hardware with secure boot disabled to Red Hat hiring a design team (at signficant cost) and developing their own motherboard. Technically, half of the work is already done thanks to coreboot : http://www.coreboot.org/Payloads#Tiano_Core But since reflashing is 1) risky and 2) either expensive ( need specific hardware ) or 2) still need to sign the system to reflash ( as explained on http://mjg59.dreamwidth.org/12745.html ) that's not a solution to the problem we want to have Fedora working on hardware that will be soon on the market. But people who think that's a good idea could start a kickstarter campaign, and get funds to produce the so-called motherboards. ( and if you do not get enough support at the first step, i doubt the others steps would have been successful ). Or alternatively, just convince everybody to buy from a supplier who committed to not ship secureboot enabled ( https://plus.google.com/101839830409692150605/posts/4Mp24WusuQM ) -- Michael Scherer -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 01:47:34AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 1:16 AM, Seth Johnson seth.p.john...@gmail.com wrote: I'm sorry, I really don't understand what you're suggesting here. It's not possible to simply replace a system's firmware with another implementation. You could chainboot from one UEFI implementation into another, but if the first implements secure boot then you'd have the same set of bootstrapping problems as you would with just booting an OS. See the fuller thread, reconstructed in nested fashion above. A free software UEFI would be on its own hardware. The features you wanted in a free software UEFI are present in existing UEFI implementations, so I'm not sure what you're asking for. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/18/2012 12:53 AM, Matthew Garrett wrote: On Sun, Jun 17, 2012 at 11:52:48PM -0400, Jay Sulzberger wrote: So why does the SecureBoot private key require a so much higher cost of administration? Fedora's keys are currently only relevant on hardware where users have voluntarialy installed Fedora. If all x86 machines shipped with a Fedora key installed then our key security would be relevant to everyone, and we'd be a much more attractive target than we currently are. In addition to Matthew's point, we must keep in mind, as has previously been pointed out, that giving a Fedora (or RH) specific key to hardware vendors for them to ship would be very difficult to justify to the greater community. Instead of requiring anybody who wants to make their own linux distro for general computing pay $99, we'd be supporting a system wherein it's impossible to do so without cultivating your own relationship with every hardware vendor for years on end. This would be a catch 22, because the difficulty in establishing the market presence required before hardware vendors want to talk to you would be *significantly greater* than it is today. It would also result in a significantly fragmented compatibility matrix, as getting hardware vendors to add a key represents what they'd consider a significant expense (system flash real estate is still a critical resource), and it's most likely any vendor addoption of a new distro key would happen on an incremental basis. -- Peter -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 7:43 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 01:47:34AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 1:16 AM, Seth Johnson seth.p.john...@gmail.com wrote: I'm sorry, I really don't understand what you're suggesting here. It's not possible to simply replace a system's firmware with another implementation. You could chainboot from one UEFI implementation into another, but if the first implements secure boot then you'd have the same set of bootstrapping problems as you would with just booting an OS. See the fuller thread, reconstructed in nested fashion above. A free software UEFI would be on its own hardware. The features you wanted in a free software UEFI are present in existing UEFI implementations, so I'm not sure what you're asking for. No need for a shim. Not having to ask permission. It's my understanding that you are buying a signed key so the installation of Fedora is not scary. Seth -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/18/2012 01:17 AM, Seth Johnson wrote: On Mon, Jun 18, 2012 at 1:15 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 01:09:52AM -0400, Jay Sulzberger wrote: The game is now just about over. What if one day, Microsoft makes it even harder to install Fedora without a Microsoft controlled key? What if, as has already happened with ARM, Microsoft refuses to grant Fedora a special key? Microsoft has not refused to grant Fedora a key for ARM. Oh please. It's very difficult to see what your argument is from those two words. Just to be clear, and to expand on Matthew's (quoted) response, at this time there's no reason to believe the ability to get a signed bootloader on ARM will be any different than on x86. *We*, Matthew and I, have chosen to extend a proposal which excludes Fedora from this process on ARM machines due to our belief that users should have ultimate control of their systems. That control must include replacing all of the Secure Boot keys - PK, KEK, DB, and DBX. We don't believe we can reasonably support a Free Software platform on machines without that functionality, and so we've opted not to bring a proposal which would include supporting that platform. There's every indication that were we to so choose, Microsoft would happily sign our binaries and allow us to boot on Secure Boot constrained ARM machines at no additional cost. We believe that without the guarantee that you can disable Secure Boot or use your own chain of trust, it isn't a platform we can or should support. -- Peter -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 08:45:07AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 7:43 AM, Matthew Garrett mj...@srcf.ucam.org wrote: The features you wanted in a free software UEFI are present in existing UEFI implementations, so I'm not sure what you're asking for. No need for a shim. Not having to ask permission. It's my understanding that you are buying a signed key so the installation of Fedora is not scary. You're still not making it clear what you want. Hardware without secure boot? Hardware with secure boot but a different default policy? Hardware with free firmware that may or may not have secure boot enabled by default? -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 08:54:08AM -0400, Peter Jones wrote: There's every indication that were we to so choose, Microsoft would happily sign our binaries and allow us to boot on Secure Boot constrained ARM machines at no additional cost. We believe that without the guarantee that you can disable Secure Boot or use your own chain of trust, it isn't a platform we can or should support. To emphasise this point - Microsoft will sign EBC objects, so it's not obvious that there's any way they *could* block a bootloader for ARM devices. We're just choosing not to. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 8:54 AM, Peter Jones pjo...@redhat.com wrote: On 06/18/2012 01:17 AM, Seth Johnson wrote: On Mon, Jun 18, 2012 at 1:15 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 01:09:52AM -0400, Jay Sulzberger wrote: Bob Young, a master of propaganda^Hsales, had a wonderful spiel in favor of free software which included the line Why would you buy a car with the hood welded shut?. ad previous lack of success of sales of GNU/Linux machines: In every case I know, Microsoft just bribed/threatened the vendor to stop selling the machines. If Red Hat accedes to Microsoft's demands here, there will be no, let me repeat, no hardware that Fedora can be easily installed on. Here is why: By your own explanation, you think that without the special key, controlled by Microsoft, Fedora would be too hard for some people to install. OK, so you agree that Fedora must get permission from Microsoft to allow easy installs of Fedora. The game is now just about over. What if one day, Microsoft makes it even harder to install Fedora without a Microsoft controlled key? What if, as has already happened with ARM, Microsoft refuses to grant Fedora a special key? Microsoft has not refused to grant Fedora a key for ARM. Oh please. It's very difficult to see what your argument is from those two words. It's apparently difficult to recognize Jay's argument, immediately above. Jay did not say you currently cannot get an ARM key. I did not present an argument in my comment. Just to be clear, and to expand on Matthew's (quoted) response, at this time there's no reason to believe the ability to get a signed bootloader on ARM will be any different than on x86. *We*, Matthew and I, have chosen to extend a proposal which excludes Fedora from this process on ARM machines due to our belief that users should have ultimate control of their systems. That control must include replacing all of the Secure Boot keys - PK, KEK, DB, and DBX. We don't believe we can reasonably support a Free Software platform on machines without that functionality, and so we've opted not to bring a proposal which would include supporting that platform. There's every indication that were we to so choose, Microsoft would happily sign our binaries and allow us to boot on Secure Boot constrained ARM machines at no additional cost. Exactly. Microsoft would happily give you permission if you ask. You recognize that this is rendering you vulnerable, as Jay said. We believe that without the guarantee that you can disable Secure Boot or use your own chain of trust, it isn't a platform we can or should support. Exactly correct. Except the word guarantee is of equivocal meaning, potentially allowing for a course of action that renders you vulnerable. Seth -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 09:20:05AM -0400, Seth Johnson wrote: It's apparently difficult to recognize Jay's argument, immediately above. Jay did not say you currently cannot get an ARM key. I did not present an argument in my comment. What if, as has already happened with ARM, Microsoft refuses to grant Fedora a special key? As far as I can tell, Jay did say we currently cannot get an ARM key? -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 8:59 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 08:45:07AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 7:43 AM, Matthew Garrett mj...@srcf.ucam.org wrote: The features you wanted in a free software UEFI are present in existing UEFI implementations, so I'm not sure what you're asking for. No need for a shim. Not having to ask permission. It's my understanding that you are buying a signed key so the installation of Fedora is not scary. You're still not making it clear what you want. Hardware without secure boot? Hardware with secure boot but a different default policy? Hardware with free firmware that may or may not have secure boot enabled by default? Write a new UEFI. No need for a shim. Peter stated what the free software UEFI on its own hardware should support: disable Secure Boot or use your own chain of trust. Plus, because you appear to be motivated to buy a shim for this reason, write the UEFI so it does not make it scary to install in any configuration you use as the empowered owner of the device. Seth -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 9:23 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 09:20:05AM -0400, Seth Johnson wrote: It's apparently difficult to recognize Jay's argument, immediately above. Jay did not say you currently cannot get an ARM key. I did not present an argument in my comment. What if, as has already happened with ARM, Microsoft refuses to grant Fedora a special key? As far as I can tell, Jay did say we currently cannot get an ARM key? I stand corrected. Jay's point is that Microsoft will be in a position to change policy, on either platform. That could happen once it is in a position to do so. Seth -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/18/2012 09:26 AM, Seth Johnson wrote: On Mon, Jun 18, 2012 at 8:59 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 08:45:07AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 7:43 AM, Matthew Garrett mj...@srcf.ucam.org wrote: The features you wanted in a free software UEFI are present in existing UEFI implementations, so I'm not sure what you're asking for. No need for a shim. Not having to ask permission. It's my understanding that you are buying a signed key so the installation of Fedora is not scary. You're still not making it clear what you want. Hardware without secure boot? Hardware with secure boot but a different default policy? Hardware with free firmware that may or may not have secure boot enabled by default? Write a new UEFI. No need for a shim. Peter stated what the free software UEFI on its own hardware should support: disable Secure Boot or use your own chain of trust. This is what current x86 UEFI implementations give us. Plus, because you appear to be motivated to buy a shim for this reason, write the UEFI so it does not make it scary to install in any configuration you use as the empowered owner of the device. Buy a what now? shim is a piece of software Matthew has been writing. We're not talking about buying any software. -- Peter -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Am 18.06.2012 15:30, schrieb Seth Johnson: On Mon, Jun 18, 2012 at 9:23 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 09:20:05AM -0400, Seth Johnson wrote: It's apparently difficult to recognize Jay's argument, immediately above. Jay did not say you currently cannot get an ARM key. I did not present an argument in my comment. What if, as has already happened with ARM, Microsoft refuses to grant Fedora a special key? As far as I can tell, Jay did say we currently cannot get an ARM key? I stand corrected. Jay's point is that Microsoft will be in a position to change policy, on either platform. That could happen once it is in a position to do so. EXACTLY this is the problem and wre are playing them in the hands * NOW secure boot is optional on x86 * we support it with the MS keys * the next HW generation my have it mandatory * the argument for make it mandatory may be see, even free OS has no problem who can make sure that we get forever keys from MS? if we take opensource and free software seriously we should not do anything to bring MS or any other single company in a position making us depending on their goodwill over the long signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 09:43:27AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 9:37 AM, Matthew Garrett mj...@srcf.ucam.org wrote: Like I said before, the existing UEFI implementations on the existing hardware will support Disable Secure Boot or use your own chain of trust. If you're asking for the ability to install Linux without requiring signed binaries then presumably you just want a UEFI implementation that doesn't enforce secure boot by default? Those exist already, without needing to write a new implementation. I defer to Jay for now. It seems to me you are seeking permission from Microsoft or you would not be writing a shim. Ok so what you mean is I want a UEFI implementation that doesn't require a Microsoft signature to boot? The options there are currently (1) have a Fedora specific key (which we're not doing because it would fragment the community) and (2) ship systems without secure boot enabled by default. System76 (and possibly others) will be supplying systems that provide (2), so that choice is available to you. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 9:56 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 09:43:27AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 9:37 AM, Matthew Garrett mj...@srcf.ucam.org wrote: Like I said before, the existing UEFI implementations on the existing hardware will support Disable Secure Boot or use your own chain of trust. If you're asking for the ability to install Linux without requiring signed binaries then presumably you just want a UEFI implementation that doesn't enforce secure boot by default? Those exist already, without needing to write a new implementation. I defer to Jay for now. It seems to me you are seeking permission from Microsoft or you would not be writing a shim. Ok so what you mean is I want a UEFI implementation that doesn't require a Microsoft signature to boot? The options there are currently (1) have a Fedora specific key (which we're not doing because it would fragment the community) and (2) ship systems without secure boot enabled by default. System76 (and possibly others) will be supplying systems that provide (2), so that choice is available to you. To me. We all -- and this notably includes Red Hat -- need to work to make those other systems viable. That goes beyond my own choices. Seth -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 10:04:38AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 9:56 AM, Matthew Garrett mj...@srcf.ucam.org wrote: Ok so what you mean is I want a UEFI implementation that doesn't require a Microsoft signature to boot? The options there are currently (1) have a Fedora specific key (which we're not doing because it would fragment the community) and (2) ship systems without secure boot enabled by default. System76 (and possibly others) will be supplying systems that provide (2), so that choice is available to you. To me. We all -- and this notably includes Red Hat -- need to work to make those other systems viable. That goes beyond my own choices. So you want Fedora to boot on all hardware sold? There are two options there - we can sign Fedora with the Microsoft key or we can force Microsoft to change the Windows 8 requirements to forbid secure boot. The second of these is impossible, which leaves signing with Microsoft. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 10:10 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 10:04:38AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 9:56 AM, Matthew Garrett mj...@srcf.ucam.org wrote: Ok so what you mean is I want a UEFI implementation that doesn't require a Microsoft signature to boot? The options there are currently (1) have a Fedora specific key (which we're not doing because it would fragment the community) and (2) ship systems without secure boot enabled by default. System76 (and possibly others) will be supplying systems that provide (2), so that choice is available to you. To me. We all -- and this notably includes Red Hat -- need to work to make those other systems viable. That goes beyond my own choices. So you want Fedora to boot on all hardware sold? I want Red Hat, Fedora, and the free software community to come to terms with what they must do in the context created by this new technology. That does not mean boot on all hardware sold. Seth There are two options there - we can sign Fedora with the Microsoft key or we can force Microsoft to change the Windows 8 requirements to forbid secure boot. The second of these is impossible, which leaves signing with Microsoft. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 10:14:04AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 10:10 AM, Matthew Garrett mj...@srcf.ucam.org wrote: So you want Fedora to boot on all hardware sold? I want Red Hat, Fedora, and the free software community to come to terms with what they must do in the context created by this new technology. That does not mean boot on all hardware sold. Could you please give a concrete description of what you want because I have absolutely no idea what you're talking about at this point. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 10:21 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 10:14:04AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 10:10 AM, Matthew Garrett mj...@srcf.ucam.org wrote: So you want Fedora to boot on all hardware sold? I want Red Hat, Fedora, and the free software community to come to terms with what they must do in the context created by this new technology. That does not mean boot on all hardware sold. Could you please give a concrete description of what you want because I have absolutely no idea what you're talking about at this point. I can't now. Jay would certainly engage fruitfully in a discussion based on the parameters described. I will say: A political campaign that rebukes Microsoft. A stand that does not accommodate Microsoft before we see a technical path forward and a realistic future for free software. Technically, I'll say only this for now: a UEFI that tells the truth to the user and makes things non-scary, on trustworthy hardware -- plus all the infrastructure needed to render the use of these systems viable for free software. But Jay can address these things better than I. Seth -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012 15:35:40 +0200 Reindl Harald h.rei...@thelounge.net wrote: Am 18.06.2012 15:30, schrieb Seth Johnson: I stand corrected. Jay's point is that Microsoft will be in a position to change policy, on either platform. That could happen once it is in a position to do so. EXACTLY this is the problem and wre are playing them in the hands * NOW secure boot is optional on x86 * we support it with the MS keys * the next HW generation my have it mandatory * the argument for make it mandatory may be see, even free OS has no problem who can make sure that we get forever keys from MS? Nothing in life is sure or forever. ;) if we take opensource and free software seriously we should not do anything to bring MS or any other single company in a position making us depending on their goodwill over the long I don't understand this argument, as if/when MS changed their certification (say for windows 9, as I think it's pretty much impossible for them to change the windows 8 client certification at this point), to require secure boot not be disable-able or disallow client keys to be enrolled, we could simply at that point stop signing our bootloader shim with MS'es key. This is what some would prefer we do now, but right now since you CAN disable secure boot and you CAN enroll your own keys, I think the gains in supporting secure boot outweigh the small (and easily workaroundable) loss in redistribution rights. Additionally, I can't see what MS would gain by making the above changes you posit, and in fact, it would be likely bad for them. IMHO (IANAL), if secure boot was non disableable folks would have a much better case for a class action suit. This general purpose hardware I bought doesn't work for general purpose computing. As it is now, they could just say disable secureboot. We really can't know whats going to happen down the road, we can only act on it as we know it. kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 01:09:52AM -0400, Jay Sulzberger wrote: The game is now just about over. What if one day, Microsoft makes it even harder to install Fedora without a Microsoft controlled key? What if, as has already happened with ARM, Microsoft refuses to grant Fedora a special key? Microsoft has not refused to grant Fedora a key for ARM. This I do not understand. By reports in the admittedly incompetent magazines dealing with home computers, Microsoft's policy is to keep Fedora, and any other OSes, except for Microsoft OSes, off all Microsoft Certified ARM devices. Perhaps you mean that Fedora has not asked Microsoft for a signing key. Further questions ad ARM: According to Microsoft, can, in future, SecureBoot be disabled on Microsoft Certified ARM devices? Will the person who walks out of the store with a Microsoft Certified ARM device be able to put their own signing key in? What about the PK? Thanks, Matthew. oo--JS. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 10:48 AM, Kevin Fenzi ke...@scrye.com wrote: On Mon, 18 Jun 2012 15:35:40 +0200 We really can't know whats going to happen down the road, we can only act on it as we know it. LOL -- by all the signs we have available to know it. Seth -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/18/2012 11:03 AM, Jay Sulzberger wrote: Microsoft has not refused to grant Fedora a key for ARM. This I do not understand. By reports in the admittedly incompetent magazines dealing with home computers, Microsoft's policy is to keep Fedora, and any other OSes, except for Microsoft OSes, off all Microsoft Certified ARM devices. Perhaps you mean that Fedora has not asked Microsoft for a signing key. Signing on ARM would use the same key and signing service as x86. We have chosen not to pursue this usage due to the inability to disable Secure Boot or install your own chain of trust on ARM given the rules they've put forward. Further questions ad ARM: According to Microsoft, can, in future, SecureBoot be disabled on Microsoft Certified ARM devices? On ARM client devices, no, the current requirements do not allow you to disable Secure Boot. I don't think the behavior on server hardware is specified yet whatsoever. Will the person who walks out of the store with a Microsoft Certified ARM device be able to put their own signing key in? What about the PK? No, not either. -- Peter -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 11:03:23AM -0400, Jay Sulzberger wrote: This I do not understand. By reports in the admittedly incompetent magazines dealing with home computers, Microsoft's policy is to keep Fedora, and any other OSes, except for Microsoft OSes, off all Microsoft Certified ARM devices. I think you've answered your own question there. Further questions ad ARM: According to Microsoft, can, in future, SecureBoot be disabled on Microsoft Certified ARM devices? Will the person who walks out of the store with a Microsoft Certified ARM device be able to put their own signing key in? What about the PK? No, Windows 8 ARM devices will not permit the user to install their own keys or disable secure boot. That's why we're not going to support them. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 12:56:54AM -0400, Jay Sulzberger wrote: We just need hardware we can install Fedora on, as once we did, without asking Microsoft for permission. System76 have committed to providing hardware without pre-enabled secure boot. -- Matthew Garrett | mj...@srcf.ucam.org Matthew, I am delighted to hear this. Note that this contradicts the claim, made more than once in this thread, that such an arrangement is, in practice, impossible. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/18/2012 11:14 AM, Jay Sulzberger wrote: System76 have committed to providing hardware without pre-enabled secure boot. Matthew, I am delighted to hear this. Note that this contradicts the claim, made more than once in this thread, that such an arrangement is, in practice, impossible. Not to dwell on this too much, but I think you're conflating it not being possible with it not being something /we're/ going to do. The latter has been stated; I don't think the former has been stated by anybody directly involved with the plan for supporting Secure Boot. -- Peter -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012, Gerald Henriksen ghenr...@gmail.com wrote: On Mon, 18 Jun 2012 01:09:52 -0400 (EDT), you wrote: On Mon, 18 Jun 2012, Matthew Garrett mj...@srcf.ucam.org wrote: On Sun, Jun 17, 2012 at 11:21:14PM -0400, Jay Sulzberger wrote: I think 50 million dollars toward buying, and properly arranging the UEFI, of several lots of x86 computers would indeed solve part of the problem you point out. Why not? Because said machines would cost more than identical hardware with different firmware. Sales of Linux-specific PC hardware haven't been massively successful so far. -- Matthew Garrett | mj...@srcf.ucam.org Why should they cost more? And suppose they cost $20 more. Let Red Hat pay this, and/or run an ad campaign explaining that with this motherboard, you can actually know what is running on the machine. So now your solution to the problem is to have Red Hat subsidize the hardware (aka lose money). That is a good way to go out of business in a hurry. ad previous lack of success of sales of GNU/Linux machines: In every case I know, Microsoft just bribed/threatened the vendor to stop selling the machines. Of course it could have nothing to do with the Linux community failing to provide what the customers wanted, everything has to be a conspiracy. If Red Hat accedes to Microsoft's demands here, there will be no, let me repeat, no hardware that Fedora can be easily installed on. Here is why: By your own explanation, you think that without the special key, controlled by Microsoft, Fedora would be too hard for some people to install. OK, so you agree that Fedora must get permission from Microsoft to allow easy installs of Fedora. The game is now just about over. What if one day, Microsoft makes it even harder to install Fedora without a Microsoft controlled key? What if, as has already happened with ARM, Microsoft refuses to grant Fedora a special key? No. Let Red Hat tell the truth. Let Red Hat design a better UEFI motherboard. So now the target has moved from Red Hat buying some hardware with secure boot disabled to Red Hat hiring a design team (at signficant cost) and developing their own motherboard. Yes. That has always been part of one of my short list of suggestions. Why not? ad design team at significant cost: Yes, of course. As has been mentioned, all prototype UEFIs seen by the Red Hat team have bad interfaces. Why not make a better one? It is so nice that you are so willing to spend Red Hat's money, though I suspect the shareholders would have other ideas about entering into the world of spending lots of money to design a motherboard that you then intend to sell at a loss. Gerald, I will not respond in detail to your post. I will say two things: Red Hat, before its initial public offering, arranged to lose money, so that the company would appear more attractive to investors. By the incorrect theory of business explicit in your post, every cost borne by Red Hat, every investment made by Red Hat, must necessarily result in Red Hat going broke. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 10:14:04AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 10:10 AM, Matthew Garrett mj...@srcf.ucam.org wrote: So you want Fedora to boot on all hardware sold? I want Red Hat, Fedora, and the free software community to come to terms with what they must do in the context created by this new technology. That does not mean boot on all hardware sold. Could you please give a concrete description of what you want because I have absolutely no idea what you're talking about at this point. -- Matthew Garrett | mj...@srcf.ucam.org Matthew this is near to the heart of our disagreement. That you cannot see the main issue, and its scale, makes this conversation, at certain junctures of argument, difficult. I am attempting to write something that will make the main issue clear. But here are two headers of my argument: If we do not defend the ground on which free software lives and grows, we will shortly have no free software. Part of the ground is that we need ask no permission of Microsoft, nor anybody else, to convenienetly use any services provided by the hardware, services which under your proposed plan will only be conveniently available to Microsoft. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012, Peter Jones pjo...@redhat.com wrote: On 06/18/2012 11:03 AM, Jay Sulzberger wrote: Microsoft has not refused to grant Fedora a key for ARM. This I do not understand. By reports in the admittedly incompetent magazines dealing with home computers, Microsoft's policy is to keep Fedora, and any other OSes, except for Microsoft OSes, off all Microsoft Certified ARM devices. Perhaps you mean that Fedora has not asked Microsoft for a signing key. Signing on ARM would use the same key and signing service as x86. We have chosen not to pursue this usage due to the inability to disable Secure Boot or install your own chain of trust on ARM given the rules they've put forward. Further questions ad ARM: According to Microsoft, can, in future, SecureBoot be disabled on Microsoft Certified ARM devices? On ARM client devices, no, the current requirements do not allow you to disable Secure Boot. I don't think the behavior on server hardware is specified yet whatsoever. Will the person who walks out of the store with a Microsoft Certified ARM device be able to put their own signing key in? What about the PK? No, not either. -- Peter Thanks very much Peter. I am sorry not to have in hand today a proper exposition of my position. Heaven forwarding, I will get one out soon. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 11:03:23AM -0400, Jay Sulzberger wrote: This I do not understand. By reports in the admittedly incompetent magazines dealing with home computers, Microsoft's policy is to keep Fedora, and any other OSes, except for Microsoft OSes, off all Microsoft Certified ARM devices. I think you've answered your own question there. Further questions ad ARM: According to Microsoft, can, in future, SecureBoot be disabled on Microsoft Certified ARM devices? Will the person who walks out of the store with a Microsoft Certified ARM device be able to put their own signing key in? What about the PK? No, Windows 8 ARM devices will not permit the user to install their own keys or disable secure boot. That's why we're not going to support them. -- Matthew Garrett | mj...@srcf.ucam.org Thanks, Matthew. Just one word before I break off, if I can ;), engagement for today: If I understand correctly, Fedora has now formally allowed Microsoft to lock Fedora out of many coming ARM devices. I will read all responses either late this evening or tomorrow. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/18/2012 11:54 AM, Jay Sulzberger wrote: If I understand correctly, Fedora has now formally allowed Microsoft to lock Fedora out of many coming ARM devices. Well, no. At this point it's still just a proposal. -- Peter -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 11:40:01AM -0400, Jay Sulzberger wrote: But here are two headers of my argument: If we do not defend the ground on which free software lives and grows, we will shortly have no free software. Part of the ground is that we need ask no permission of Microsoft, nor anybody else, to convenienetly use any services provided by the hardware, services which under your proposed plan will only be conveniently available to Microsoft. The only way to avoid asking permission of anyone is for secure boot to be disabled by default on all hardware. The problem with that is that vendors *want* secure boot. Some vendors are unhappy that Microsoft required that users be able to disable it on x86. So this isn't a Microsoft problem - it's an industry problem. So what would a solution look like? Since vendors want secure boot, we would obviously need to force the vendors to change their mind. There are two entities that are capable of doing so: 1) Microsoft. If Microsoft changed the Windows 8 requirements such that vendors *must* leave secure boot disabled by default we'd be fine. But then we'd be beholden to Microsoft again, and they could change their mind in future. Given what you've said, it sounds like you don't like this option. 2) Government. If a large enough set of national governments required that secure boot be disabled by default then we could assume that arbitrary hardware would work out of the box. It's unclear to me which laws you think the vendors would be breaking, but I'm not a lawyer. Microsoft may have started this movement, but they're not the only relevant entity in favour of it. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 2012-06-18 at 11:54 -0400, Jay Sulzberger wrote: Just one word before I break off, if I can ;), engagement for today: If I understand correctly, Fedora has now formally allowed Microsoft to lock Fedora out of many coming ARM devices. The use of the term 'allowed' implies that we have any kind of standing to 'allow' or 'disallow' it. Microsoft has published its certification requirements for ARM client devices. They don't have any kind of obligation to ask Fedora, Red Hat or anyone else who isn't actually building ARM client hardware what we think of those requirements. We are not a party to them. A couple of concerned Red Hat / Fedora developers - Peter and Matthew - have stated that they are unhappy that the certification requirements for Windows ARM client devices don't state that the user should be able to disable Secure Boot or install their own signing keys, and stated that because of this, they don't intend at present to pursue the approach of having Microsoft sign Fedora ARM releases for use on Microsoft-certified ARM client devices. I don't think we can formally characterize this as 'Fedora's' position on the issue, as AFAIK it hasn't come up before any kind of Fedora representative body, but in practice, I suspect it's highly likely to hold as Fedora policy if that were to happen. This is the entirety of the situation with regards to ARM client devices. I am not sure what you think would constitute us 'disallowing' Microsoft from making things we don't like part of their certification requirements. Sending them a strongly-worded letter? Making a complaint to some body that Microsoft had...done what? It seems prima facie the case that this is not monopoly abuse, because Microsoft does not hold anything resembling a monopoly in the ARM client device market (if anyone does, Apple does). Remember that when we talk about Microsoft-certified ARM client devices it is a very long-winded way of saying 'tablets and tablet/laptop hybrids running Windows RT', and right now, Microsoft's presence in that space is virtually non-existent. It seems unlikely that it can be characterized as anti-competitive behavior, or one of the many manufacturers who _already_ ship ARM client devices with locked firmware intended to be inaccessible to the user and a signed bootloader requirement - including but not limited to Apple, Samsung, Motorola (Google), and HTC - would have gotten into trouble already. So, again, exactly - what is it that you are proposing should be done? -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012 11:14:11 -0400 (EDT), you wrote: On Mon, 18 Jun 2012, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 12:56:54AM -0400, Jay Sulzberger wrote: We just need hardware we can install Fedora on, as once we did, without asking Microsoft for permission. System76 have committed to providing hardware without pre-enabled secure boot. -- Matthew Garrett | mj...@srcf.ucam.org Matthew, I am delighted to hear this. Note that this contradicts the claim, made more than once in this thread, that such an arrangement is, in practice, impossible. No one said it was impossible. What was said was the big outfits, who rely on selling hardware in big volumes, will ship with secure boot enabled. Dell, HP, Asus, Acer, etc all rely on the Windows market to stay in business and thus cannot ship with secure boot disabled. But also note that is the ability to disable secure boot that Fedora/Red Hat got from Microsoft that will allow small builders like System76 to ship systems without it enabled. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 2012-06-18 at 09:35 -0700, Adam Williamson wrote: A couple of concerned Red Hat / Fedora developers - Peter and Matthew - have stated that they are unhappy that the certification requirements for Windows ARM client devices don't state that the user should be able to disable Secure Boot or install their own signing keys, and stated that because of this, they don't intend at present to pursue the approach of having Microsoft sign Fedora ARM releases for use on Microsoft-certified ARM client devices. I don't think we can formally characterize this as 'Fedora's' position on the issue, as AFAIK it hasn't come up before any kind of Fedora representative body, but in practice, I suspect it's highly likely to hold as Fedora policy if that were to happen. This is the entirety of the situation with regards to ARM client devices. I am not sure what you think would constitute us 'disallowing' Microsoft from making things we don't like part of their certification requirements. Sending them a strongly-worded letter? Making a complaint to some body that Microsoft had...done what? Sorry for the self-reply, but just in case it's not brutally clear yet, I wanted to explicitly state this: I hesitate to put words in people's mouths, and correct me if I'm wrong, but it reads to me as if Jay and others are arguing from an incorrect premise. That premise is to assume that there is a God-given right for people who own computing devices to retrofit alternative operating systems onto those devices. I want to put it out there that this is _not true_. It is perfectly possible, of course, for one to aspire to a world in which it is true. Many of us would want to live in such a world. We have been lucky enough to live in a world for some time where it _so happened_ that the 'computing devices' we cared about almost always allowed us to do this. However, in the boring practical world where such 'rights' are granted by process of law, no such right exists. As a practical matter, people have been manufacturing, advertising and selling computing devices to the public, all over the world, for decades, which do not intend to allow the end user of the device to retrofit alternative software - operating system software, firmware, bootloader, or application. It is _already demonstrably the case_ that over the last few years and over the next decade or so, the trend has been and will be for reduced user freedom on typical client computing devices. A smartphone is a 'typical client computing device'. A tablet is a 'typical client computing device'. The vast majority of such devices sold today are designed to preclude the user from installing alternative operating systems and to impose restrictions on the user's ability to execute arbitrary code: virtually all cellphones and tablets are sold with locked bootloaders and without user root access. This has not been challenged in a court of law and I am not aware of any basis on which a challenge to this could plausibly be launched. (As an aside, of course _in practice_ many of these devices are hacked, and the question of whether such hacking can be illegal in a given case is a complex legal one. I don't think it should detain us here, though; the key point is that it's fine for the manufacturers to take steps to _try_ and prevent the installation of alternative software. The question of what happens if their mechanisms are defeated is besides the point.) Fedora can deplore the situation; Fedora can state its support for computing devices which allow the user the freedom to install alternative operating system software, with reasoned arguments in support; Fedora can work together with manufacturers of computing devices which allow such freedom. But I believe it's true, and I think it's vitally important to keep in mind when debating this topic, that there is no way in which Fedora can possibly forcibly impose its position on anyone. It appears to be legally fine for companies to ship computers you can't (aren't intended to be able to) put other operating systems on; it is trivially demonstrable that some companies consider it desirable to do so in some markets; therefore said devices are going to exist. Fedora can take any one of several approaches to their existence, but simply deploring the fact and acting, in all respects, either as if such devices will magically cease to exist at some point or as if we can pressure them out of existence both seem to be losing strategies in all regards, to me. I also think any argument which seems to be rooted on the assumption that such devices are Wrong, Evil and/or Illegal _and that All-Right Thinking People Will Agree if we can only motivate them enough_ is doomed to fail. Zillions of people buy locked devices. They understand, in a vague way, just what it is they are buying. They are not outraged. They won't be outraged no matter how outraged we try to make them. There will always be some people who believe that locked
Re: *countable infinities only
On Mon, 18 Jun 2012 11:54:20 -0400 (EDT), you wrote: On Mon, 18 Jun 2012, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 11:03:23AM -0400, Jay Sulzberger wrote: This I do not understand. By reports in the admittedly incompetent magazines dealing with home computers, Microsoft's policy is to keep Fedora, and any other OSes, except for Microsoft OSes, off all Microsoft Certified ARM devices. I think you've answered your own question there. Further questions ad ARM: According to Microsoft, can, in future, SecureBoot be disabled on Microsoft Certified ARM devices? Will the person who walks out of the store with a Microsoft Certified ARM device be able to put their own signing key in? What about the PK? No, Windows 8 ARM devices will not permit the user to install their own keys or disable secure boot. That's why we're not going to support them. -- Matthew Garrett | mj...@srcf.ucam.org Thanks, Matthew. Just one word before I break off, if I can ;), engagement for today: If I understand correctly, Fedora has now formally allowed Microsoft to lock Fedora out of many coming ARM devices. Fedora (or any other Linux) won't run on most of the ARM devices out there already, so what is your point? Apple certainly isn't allowing Fedora to run on the iPad or iPhone. Samsung isn't allow Fedora to run on their tablets. And even if they didn't prevent it, there is no open source drivers for much of the hardware in those devices anyway, and no documentation to write any. The only place Linux like Fedora can run on ARM are a handful of developer devices like BeagleBoard, PandaBoard, Raspberry PI, etc. and even that will often require a binary blob. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012 11:23:53 -0400 (EDT), you wrote: On Mon, 18 Jun 2012, Gerald Henriksen ghenr...@gmail.com wrote: On Mon, 18 Jun 2012 01:09:52 -0400 (EDT), you wrote: On Mon, 18 Jun 2012, Matthew Garrett mj...@srcf.ucam.org wrote: On Sun, Jun 17, 2012 at 11:21:14PM -0400, Jay Sulzberger wrote: I think 50 million dollars toward buying, and properly arranging the UEFI, of several lots of x86 computers would indeed solve part of the problem you point out. Why not? Because said machines would cost more than identical hardware with different firmware. Sales of Linux-specific PC hardware haven't been massively successful so far. -- Matthew Garrett | mj...@srcf.ucam.org Why should they cost more? And suppose they cost $20 more. Let Red Hat pay this, and/or run an ad campaign explaining that with this motherboard, you can actually know what is running on the machine. So now your solution to the problem is to have Red Hat subsidize the hardware (aka lose money). That is a good way to go out of business in a hurry. ad previous lack of success of sales of GNU/Linux machines: In every case I know, Microsoft just bribed/threatened the vendor to stop selling the machines. Of course it could have nothing to do with the Linux community failing to provide what the customers wanted, everything has to be a conspiracy. If Red Hat accedes to Microsoft's demands here, there will be no, let me repeat, no hardware that Fedora can be easily installed on. Here is why: By your own explanation, you think that without the special key, controlled by Microsoft, Fedora would be too hard for some people to install. OK, so you agree that Fedora must get permission from Microsoft to allow easy installs of Fedora. The game is now just about over. What if one day, Microsoft makes it even harder to install Fedora without a Microsoft controlled key? What if, as has already happened with ARM, Microsoft refuses to grant Fedora a special key? No. Let Red Hat tell the truth. Let Red Hat design a better UEFI motherboard. So now the target has moved from Red Hat buying some hardware with secure boot disabled to Red Hat hiring a design team (at signficant cost) and developing their own motherboard. Yes. That has always been part of one of my short list of suggestions. Why not? ad design team at significant cost: Yes, of course. As has been mentioned, all prototype UEFIs seen by the Red Hat team have bad interfaces. Why not make a better one? It is so nice that you are so willing to spend Red Hat's money, though I suspect the shareholders would have other ideas about entering into the world of spending lots of money to design a motherboard that you then intend to sell at a loss. Gerald, I will not respond in detail to your post. I will say two things: Red Hat, before its initial public offering, arranged to lose money, so that the company would appear more attractive to investors. By the incorrect theory of business explicit in your post, every cost borne by Red Hat, every investment made by Red Hat, must necessarily result in Red Hat going broke. I never said that. What I said was selling hardware at a loss (ie. lose money on the hardware sale) is not something that makes sense for a software company like Red Hat. There are some markets where selling at a loss makes sense - the proverbial razor blade example - because you make up the difference and then some in selling an add on. But because Fedora is free, there is no way to make up the money lost on the hardware sale. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/18/2012 10:18 AM, Adam Williamson wrote: Sorry for the self-reply, but just in case it's not brutally clear yet, I wanted to explicitly state this: [snip] Bravo! -- Brendan Conoboy / Red Hat, Inc. / b...@redhat.com -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012 10:18:35 -0700, you wrote: On Mon, 2012-06-18 at 09:35 -0700, Adam Williamson wrote: Much good stuff deleted. Fedora can deplore the situation; Fedora can state its support for computing devices which allow the user the freedom to install alternative operating system software, with reasoned arguments in support; Fedora can work together with manufacturers of computing devices which allow such freedom. But I believe it's true, and I think it's vitally important to keep in mind when debating this topic, that there is no way in which Fedora can possibly forcibly impose its position on anyone. It appears to be legally fine for companies to ship computers you can't (aren't intended to be able to) put other operating systems on; it is trivially demonstrable that some companies consider it desirable to do so in some markets; therefore said devices are going to exist. Fedora can take any one of several approaches to their existence, but simply deploring the fact and acting, in all respects, either as if such devices will magically cease to exist at some point or as if we can pressure them out of existence both seem to be losing strategies in all regards, to me. I also think any argument which seems to be rooted on the assumption that such devices are Wrong, Evil and/or Illegal _and that All-Right Thinking People Will Agree if we can only motivate them enough_ is doomed to fail. Zillions of people buy locked devices. They understand, in a vague way, just what it is they are buying. They are not outraged. They won't be outraged no matter how outraged we try to make them. Very well said. I think a lot of the trouble here is that people have become obsessed with hating Microsoft for past issues, and need to move on. If people are happy with Linux returning to its roots as a hobbyist system where you have to consult online lists of what hardware is okay to buy, and more importantly what to avoid buying, and then searching for and reading through howto's to get things working, then sticking a foot down and saying we will not participate in the secure boot issue is a valid choice. It just isn't a choice I would make. For Linux in general, and Fedora in particular, to continue to have the influence it does, where essentially all but a couple of hardware makers have provided what is necessary for open source drivers, it is necessary to both have developers and users in sufficient enough numbers. And despite what people here seem to think Microsoft is not the biggest threat to that. Ironically, both Microsoft and Fedora are in the same situation where the younger generation are more interested in Android and iOS than they are in Linux or Windows. Making it harder for those who do have an interest in trying Linux, who might become the next user, or better developer/packager, by not supporting secure boot will in my opinion be self defeating in the long run. Secure boot is not the biggest danger, a lack of new blood into the Linux community is. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Jun 18, 2012, at 8:33 AM, Seth Johnson wrote: I will say: A political campaign that rebukes Microsoft. For what? Come up with three example picket sign messages for your campaign, and *briefly* elaborate on each one using less than 60 words each. A stand that does not accommodate Microsoft before we see a technical path forward and a realistic future for free software. Microsoft is concerned about boot loader malware. And they have a solution to this problem in the form of Secure Boot and the Windows 8 hardware requirements. No accommodation by a 3rd part is possible You have three choices: produce a compelling thesis and explanation why their concern is unwarranted; prove a Secure Boot vulnerability exists ideally with an example exploit which cannot easily be fixed within the present specification (i.e. it's a fundamental flaw, not merely a bug); or an alternative to Secure Boot and/or Windows 8 hardware requirements that meets Microsoft and OEMs UX goals. More than convincing Fedora decision makers, or Red Hat, your argument for an alternative must be compelling to Microsoft. Those insisting on a foundation that's adversarial will 100% fail to come up with an alternative to the solution Microsoft and OEMs have already satisfactorily arrived at for their concern. Technically, I'll say only this for now: a UEFI that tells the truth to the user and makes things non-scary, on trustworthy hardware -- plus all the infrastructure needed to render the use of these systems viable for free software. So you're saying hardware vendors should not be free to create a crap UEFI UX? How do you propose enforcing this? Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 1:18 PM, Adam Williamson awill...@redhat.com wrote: On Mon, 2012-06-18 at 09:35 -0700, Adam Williamson wrote: I hesitate to put words in people's mouths, and correct me if I'm wrong, but it reads to me as if Jay and others are arguing from an incorrect premise. That premise is to assume that there is a God-given right for people who own computing devices to retrofit alternative operating systems onto those devices. I want to put it out there that this is _not true_. It is perfectly possible, of course, for one to aspire to a world in which it is true. Many of us would want to live in such a world. We have been lucky enough to live in a world for some time where it _so happened_ that the 'computing devices' we cared about almost always allowed us to do this. However, in the boring practical world where such 'rights' are granted by process of law, no such right exists. This is your error. There are many statutory rights (early on they were called civil rights and political rights), but there are also rights possessed prior to government. Those who articulated these rights in the process of the English Revolutions said they were natural rights, and some of those called them God-given. Indeed, this is a key premise of the American Revolution. Among these now-mostly-called-fundamental rights, but originally termed natural rights was the right of property which the government could not take from a free man without severe due process and just compensation. This was part of the checks and balances, and why owning property was so key to the political philosophy at the founding in the States. In this connection, the claim is that if we actually purchase something (and do not contract the transaction otherwise), then as our property we can do with it as we see fit. The notion that there's another kind of transaction where nobody actually owns the devices is part of how the content cabal sometimes frames their conception. 1) This does not mean someone cannot sell a palladiated device to you. 2) This does not mean you cannot crack it, though the DMCA apparently says you cannot without risk of imprisonment -- yet at the recent DMCA Exemptions hearings we seemed to register the dawning awareness in the Copyright Office that circumvention to put in a new operating system is not the same thing as a copyright infringement; and more astoundingly, the content cabal advocates specifically stated that the act of circumvention to put in another operating system on your own device has nothing to do with copyright; what will be made of this development by the Office is hard to say yet. They seem to recognize the pertinence of the point (the point being, what about using my property with whatever operating system I please on it?). They say they may ask for more input and are presently trying to figure out how they will proceed. 3) The claim that Microsoft or anybody must be *forced* to provide devices without Secure Boot turned on is not Jay's position (or mine); that's Matthew Garrett's frustrated characterization of the options. (Though I believe Jay would hold for the particular case of Microsoft, inasmuch as they possess or come to possess a monopoly, they would appropriately be forced to do various things.) Indeed, the Secure Boot technology is a useful facility. We can create a market in devices over which owners can hold root control; that market may cost a little more, and it may cater to an elite, but inasmuch as that elite does not eventually endorse a license to compute the fact that they are using devices that give them full root rights and capacity to parse and process whatever information they receive can make the very existence of those devices a desirable feature for the public at large. Inasmuch as such a market exists, the folks who want the world to confuse prior restraint versions of copyright with security features, will be unable to rationalize the norms they want to establish, and people will demand, both for their kids and for their personal professional advancement, the right to do the same with the same kind of devices with UEFIs that cater to freedom. Seth As a practical matter, people have been manufacturing, advertising and selling computing devices to the public, all over the world, for decades, which do not intend to allow the end user of the device to retrofit alternative software - operating system software, firmware, bootloader, or application. This is -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 2012-06-18 at 14:42 -0400, Seth Johnson wrote: In this connection, the claim is that if we actually purchase something (and do not contract the transaction otherwise), then as our property we can do with it as we see fit. The notion that there's another kind of transaction where nobody actually owns the devices is part of how the content cabal sometimes frames their conception. 1) This does not mean someone cannot sell a palladiated device to you. 2) This does not mean you cannot crack it, though the DMCA apparently says you cannot without risk of imprisonment -- yet at the recent DMCA You're arguing the point I specifically stated was a side issue. I fully acknowledged that the question of what can be done by third parties to circumvent a manufacturer's attempt to restrict the capabilities of a product is a rather thorny one. But we don't need to argue about it, because it's really not relevant here. I think _everyone_ arguing in the thread is happy to keep in mind the caveat that, in many cases (not all; un-cracked devices exist), enthusiasts will be able to circumvent protections. We don't really need to argue about how often this will be the case or whether such cracking should be legally protected or not. It's a huge side alley. It doesn't actually affect the key points we've been debating. For all intents and purposes we can assume that any device which requires more than a single keypress to 'crack' will not be 'cracked' by the vast majority of users. Exemptions hearings we seemed to register the dawning awareness in the Copyright Office that circumvention to put in a new operating system is not the same thing as a copyright infringement; and more astoundingly, the content cabal advocates specifically stated that the act of circumvention to put in another operating system on your own device has nothing to do with copyright; what will be made of this development by the Office is hard to say yet. They seem to recognize the pertinence of the point (the point being, what about using my property with whatever operating system I please on it?). They say they may ask for more input and are presently trying to figure out how they will proceed. Irrelevant. (FWIW, I've already stated elsewhere in the thread that I'd be very surprised if anyone could succeed in arguing in a court that any future circumvention of Secure Boot which turns out to be possible constitutes a breach of the DMCA). 3) The claim that Microsoft or anybody must be *forced* to provide devices without Secure Boot turned on is not Jay's position (or mine); that's Matthew Garrett's frustrated characterization of the options. (Though I believe Jay would hold for the particular case of Microsoft, inasmuch as they possess or come to possess a monopoly, they would appropriately be forced to do various things.) Indeed, the Secure Boot technology is a useful facility. We can create a market in devices over which owners can hold root control; that market may cost a little more, and it may cater to an elite, but inasmuch as that elite does not eventually endorse a license to compute the fact that they are using devices that give them full root rights and capacity to parse and process whatever information they receive can make the very existence of those devices a desirable feature for the public at large. If I can be allowed to nitpick, I don't think Fedora can 'create' such a market. We aren't hardware manufacturers and don't intend to be. (Somewhat) happily such a market is inevitable and you could perfectly reasonably argue that it already exists. What are Raspberry Pis and Beagleboards and even Nexus cellphones but these 'elite' enthusiast/developer devices? On the other hand, the Nexus example is a salutary one. The cellphone market has been around for decades; the smartphone market, arguably, ten years or so; a major player has provided a very credible series of devices with 'openness' as an explicit selling point; and those devices certainly haven't wiped the floor with all the others. They've sold in respectable numbers to enthusiasts. All indications are that the vast majority of cellphone purchasers don't even consider it a minor factor in their purchase. Nothing I said was based on an assumption that such devices won't exist. On the contrary, it's inevitable that they will (and do). Really, what I'm foreseeing is exactly this Balkanization of the 'computer market'. The key point is that it has been entirely an accident of history that for a couple of decades, the _same devices_ have, broadly speaking, served the needs of simple consumers and of enthusiasts. The vast majority of end users buy, and will continue to buy, 'computers' (or however they eventually come to conceive of such devices; it's an area undergoing an intriguing shift at present) on the same basis as they buy cars, washing machines, game consoles, cellphones and e-book readers (all things that can be considered
Re: *countable infinities only
On Jun 18, 2012, at 10:05 AM, Matthew Garrett wrote: 2) Government. If a large enough set of national governments required that secure boot be disabled by default then we could assume that arbitrary hardware would work out of the box. It's unclear to me which laws you think the vendors would be breaking, but I'm not a lawyer. In the current U.S. (and likely EU as well) political climate, i.e. extreme ignorance of computing, fear of real and imaginary infrastructure vulnerabilities, and desire to make out with all things with the word security, there is in my estimation no chance Secure Boot nor the Windows 8 hardware requirements will be perceived as being anti-competitive. It would be easier to find government money to retrofit older hardware with UEFI Secure Boot capability than to find the money to even explore the possibility of Microsoft (or vendor) anti-competitive behavior, in this context. Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Am 18.06.2012 19:18, schrieb Adam Williamson: I hesitate to put words in people's mouths, and correct me if I'm wrong, but it reads to me as if Jay and others are arguing from an incorrect That premise is to assume that there is a God-given right for people who own computing devices to retrofit alternative operating systems onto those devices. I want to put it out there that this is _not true_ it is true i buy a computer i do not rent it i pay money, i own teh device after giving my money signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 3:15 PM, Chris Murphy li...@colorremedies.com wrote: On Jun 18, 2012, at 10:05 AM, Matthew Garrett wrote: 2) Government. If a large enough set of national governments required that secure boot be disabled by default then we could assume that arbitrary hardware would work out of the box. It's unclear to me which laws you think the vendors would be breaking, but I'm not a lawyer. In the current U.S. (and likely EU as well) political climate, i.e. extreme ignorance of computing, fear of real and imaginary infrastructure vulnerabilities, and desire to make out with all things with the word security, there is in my estimation no chance Secure Boot nor the Windows 8 hardware requirements will be perceived as being anti-competitive. Certainly if you subtract Microsoft's desktop monopoly from the equation the more likely legislative direction would be towards _mandating_ secure boot, without user installable keys, in products sold or marketed in the US just like we see with video recorders and macrovision. Or at least, that probably wouldn't be a tremendously uphill battle for someone who wanted to lobby for it, precisely because of the climate you've outlined. The implication that such legislation was a bought and paid for outright land-grab market over to monopolists would probably be the only effective argument against it— because everyone is blinded by words like cybersecurity, so arguing that we don't need to take user's control of their computers away for cybersecurity won't work, and varrious narrow exceptions for research and education will silence the majority of the special interests who would otherwise complain. Part of the reasons that emotions can run high here is that this is all happening in the context of a general change in computing devices with long term human right implications, issues far beyond the ease of installing a single distribution. As software mediation becomes more critical in people's lives control over that software is being further restricted. Can free software survive as something that preserves individual rights as it becomes increasingly beholden to large publicly traded companies for basic usability? As technically skilled people we're all taking part in building the future— but what future will it be? Hopefully not this one: http://www.gnu.org/philosophy/right-to-read.html -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Jun 18, 2012, at 11:21 AM, Reindl Harald wrote: Am 18.06.2012 19:18, schrieb Adam Williamson: I hesitate to put words in people's mouths, and correct me if I'm wrong, but it reads to me as if Jay and others are arguing from an incorrect That premise is to assume that there is a God-given right for people who own computing devices to retrofit alternative operating systems onto those devices. I want to put it out there that this is _not true_ it is true i buy a computer i do not rent it i pay money, i own teh device after giving my money Yes but you might own a device that disallows by design applying an alternative OS. You don't have a right to own a device that allows by design applying an alternative OS. If you agree to terms of use that proscribe the means by which you'd apply or use an alternative OS, then you're violating the agreement. So you kinda need to know what you're buying before you own it. Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 2012-06-18 at 14:27 -0600, Chris Murphy wrote: On Jun 18, 2012, at 11:21 AM, Reindl Harald wrote: Am 18.06.2012 19:18, schrieb Adam Williamson: I hesitate to put words in people's mouths, and correct me if I'm wrong, but it reads to me as if Jay and others are arguing from an incorrect That premise is to assume that there is a God-given right for people who own computing devices to retrofit alternative operating systems onto those devices. I want to put it out there that this is _not true_ it is true i buy a computer i do not rent it i pay money, i own teh device after giving my money Yes but you might own a device that disallows by design applying an alternative OS. You don't have a right to own a device that allows by design applying an alternative OS. If you agree to terms of use that proscribe the means by which you'd apply or use an alternative OS, then you're violating the agreement. So you kinda need to know what you're buying before you own it. I think we're headed off down the side alley again. Re-reading my paragraph above, I admit I phrased it somewhat badly. A convincing case could at least be made, under the first sale doctrine, that you have the right to _try_ and retrofit alternative operating systems onto any device you purchase. As I said later in my mail, the question of whether doing it when the manufacturer has made no provision to let you do it or has actively tried to prevent you doing it can ever be illegal is really kind of a side issue to the main debate in this thread, and I'm trying to avoid it. What I should have said is that we have no God-given right to demand that any computing device offered for sale must be explicitly designed to accommodate the retrofitting of other operating systems or software, or indeed to demand that any device available not be designed expressly to prevent it. What I was trying to correct was an impulse to assume that the x86/BIOS world where systems are explicitly designed to make execution of arbitrary code easy is the One True Way for things to be, rather than an accident of history, and anyone doing anything different must inevitably be guilty of some kind of crime or immorality and must be fought to the last ditch. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
