Re: *countable infinities only
On 06/18/2012 01:21 PM, Reindl Harald wrote: Am 18.06.2012 19:18, schrieb Adam Williamson: I hesitate to put words in people's mouths, and correct me if I'm wrong, but it reads to me as if Jay and others are arguing from an incorrect That premise is to assume that there is a God-given right for people who own computing devices to retrofit alternative operating systems onto those devices. I want to put it out there that this is _not true_ it is true i buy a computer i do not rent it i pay money, i own teh device after giving my money You have to realize that the ease of installing alternative software is a historical accident resulting from the fact that you buy the computer from one company and the software is provided by another company. Certainly in cases when both hardware and software come from the same company, the expectation is that you cannot freely replace the software. Do you own it? Yes. Can you break it? Yes. Do they have to make it easy or at all possible to replace the software? No!. As Adam said, there is no legal doctrine guaranteeing the right to replace such software, and unfortunately there may be laws forbidding you from circumventing technical obstacles to replace the original software, if the manufacturer can claim that they protect some copyrighted material. Please understand that I am not saying that this is how it should be; I am just saying this is how things are now, in my personal opinion. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012 19:21:40 +0200, you wrote: Am 18.06.2012 19:18, schrieb Adam Williamson: I hesitate to put words in people's mouths, and correct me if I'm wrong, but it reads to me as if Jay and others are arguing from an incorrect That premise is to assume that there is a God-given right for people who own computing devices to retrofit alternative operating systems onto those devices. I want to put it out there that this is _not true_ it is true i buy a computer i do not rent it i pay money, i own teh device after giving my money Many things you buy come with restrictions on ownership. If you buy a car, you accept that there are restrictions on it. You cannot drive it anywhere you want, you must obey certain rules when operating it, you are forbidden from making certain modifications to it, etc. You buy a house, and you can't do anything you want. You must following building codes, community bylaws, HOH/condo rules, etc. A computer is nothing different. If it has limitations when you buy it, your are implicitely accepting those limitations when you complete the transaction. In some cases you may be able to get around those limitations, but it is not a right to be able to. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 2012-06-18 at 17:04 -0400, Gerald Henriksen wrote: On Mon, 18 Jun 2012 19:21:40 +0200, you wrote: Am 18.06.2012 19:18, schrieb Adam Williamson: I hesitate to put words in people's mouths, and correct me if I'm wrong, but it reads to me as if Jay and others are arguing from an incorrect That premise is to assume that there is a God-given right for people who own computing devices to retrofit alternative operating systems onto those devices. I want to put it out there that this is _not true_ it is true i buy a computer i do not rent it i pay money, i own teh device after giving my money Many things you buy come with restrictions on ownership. If you buy a car, you accept that there are restrictions on it. You cannot drive it anywhere you want, you must obey certain rules when operating it, you are forbidden from making certain modifications to it, etc. You buy a house, and you can't do anything you want. You must following building codes, community bylaws, HOH/condo rules, etc. A computer is nothing different. If it has limitations when you buy it, your are implicitely accepting those limitations when you complete the transaction. In some cases you may be able to get around those limitations, but it is not a right to be able to. I don't think that's a terribly good analogy. In the examples you cite, you buy the item from one party and the restrictions on its use are imposed by another party (the government). They aren't imposed for the convenience of the business that sold you the item, but for the general good of society. And we're still down the side alley of whether one should be _legally allowed_ to use a device for arbitrary purposes, which _still_ isn't really what's at issue in the case of Secure Boot. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Jay Sulzberger j...@panix.com writes: If I understand correctly, Fedora has now formally allowed Microsoft to lock Fedora out of many coming ARM devices. As I understand it, you have the freedom to purchase a $99 key from Microsoft which you can then use to install Fedora on those locked ARM devices designed for Windows 8. The current proposal is that Fedora does NOT spend the $99 on an ARM key, but any Fedora user could circumvent that. Admittedly most likely with a bit of annoying paperwork and key juggling. Hopefully the technical part would be made quite easy because it would be like the process for running self-signed on x86. Fedora also has the ability to change its collective mind at any time; if it is discovered that it makes more sense to sign Fedora ARM with a key from Microsoft, then Fedora has that option open. This whole business is leaving an awfully bad taste in my mouth but I have no ideas which are better than the original proposal. /Benny -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Jun 18, 2012, at 2:45 PM, Adam Williamson wrote: Re-reading my paragraph above, I admit I phrased it somewhat badly. A convincing case could at least be made, under the first sale doctrine, that you have the right to _try_ and retrofit alternative operating systems onto any device you purchase. I don't see how first sale doctrine applies. The doctrine applies to copyright IP, not physical hardware. And the doctrine applies only if you purchased/own a copy of the copyrighted work. If you own it, you can sell that particular instance. If you licensed or rented it, you can't. Modification/retrofitting isn't indicated in the doctrine. As I said later in my mail, the question of whether doing it when the manufacturer has made no provision to let you do it or has actively tried to prevent you doing it can ever be illegal is really kind of a side issue to the main debate in this thread, and I'm trying to avoid it. I understand the desire to avoid, but it's not so easy because everything comes with EULAs or SLAs these days. And that even includes UEFI. The EULA can of worms escaped over a decade ago and no one really bothered to care. I haven't read other vendors' SLAs for EFI, but Apple has one and it asserts the software is licensed, not owned. Therefore if I agree to the license, first sale doctrine definitely doesn't apply, and presently established case law supports this contention. The agreement expressly defines the terms of how I can make a one time permanent transfer of all of the software and hardware together as a bundle - without that, having previously agreed to the SLA, I wouldn't be able to sell the hardware because I wouldn't be able to sell the EFI software or OS which I do not own, but merely license. If I agree to the license, further I can't decompile, reverse engineer, disassemble, decrypt or modify the software at all. If I don't agree to the license, then I'm not to use the software. So on the face without further investigation, it seems like wholesale removal of their EFI is permissible. Whether it's possible or practical, for this or non-Apple hardware, I have no idea. This ideology is a problem for ebooks also because publishers are asserting these are not sold copies, but either rental or licensed copies. They are asserting you cannot give away purchased ebooks, to a library, to your mom, anyway. Some have borrowing terms, which are time limited, and frequently a one time deal for life. So this paradigm is quite dangerous compared to physical books under which first sale doctrine absolutely did (and does) apply. What I should have said is that we have no God-given right to demand that any computing device offered for sale must be explicitly designed to accommodate the retrofitting of other operating systems or software, or indeed to demand that any device available not be designed expressly to prevent it. What I was trying to correct was an impulse to assume that the x86/BIOS world where systems are explicitly designed to make execution of arbitrary code easy is the One True Way for things to be, rather than an accident of history, and anyone doing anything different must inevitably be guilty of some kind of crime or immorality and must be fought to the last ditch. That is how I understood the original text. Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 4:45 PM, Adam Williamson awill...@redhat.com wrote: What I should have said is that we have no God-given right to demand that any computing device offered for sale must be explicitly designed to accommodate the retrofitting of other operating systems or software, or indeed to demand that any device available not be designed expressly to prevent it. What I was trying to correct was an impulse to assume that the x86/BIOS world where systems are explicitly designed to make execution of arbitrary code easy is the One True Way for things to be, rather than an accident of history, and anyone doing anything different must inevitably be guilty of some kind of crime or immorality and must be fought to the last ditch. Indeed the laws and norms of our societies do not currently mandate a right for devices to be easily modified by the users. But the copyleft licenses that free software are distributed under do require that kind of freedom be not removed via copyright as a condition for distribution of the copylefted work because the freedom to modify the software we use is something important and worth investing resources into maintaining for everyone, even if it doesn't quite rise to the level of a recognized human right. It's also the case that making sure all the users have good access to become authors keeps the ecosystem viable and that the participants have standing which is legally equal makes it fair (well, as fair as anything can be... not always very). And with the trend of software systems mediating an increasingly large portion of our public and private lives, I think we will be fools if we don't recognize some degree of software freedom as a human right someday— at least if there is any remaining question of it being denied. We can split hairs over the current technicalities, but copyleft licenses were created so that people could give away software without downstream users enhancing it and locking it up again using copyright. If, practically, technologies like secureboot and trusted boot produce the same result through cryptographic lockdown instead of the threat of copyright litigation then anyone who rationally choses to use copyleft would choose to prohibit those things too. After all, cryptographic signing that actively prohibits users is a far more practical issue then the threat of copyright violation litigation. It will be unfortunate to see Fedora and Redhat in a position of arguing against licensing that allows authors to ensure that their work isn't used as a part of systems that deny their recipients the intended freedoms, simply because fedora has become invested in working with the freedom denying infrastructure— or even profits directly from it if 'competition' with radically open development practices find that they're structurally or philosophically unable to comply with the requirements for obtaining an automatically accepted signing key. And keep in mind: Fedora 18 with the signed bootloader will work fine on systems which do not permit the owner of the system to change the keys— while this might not be the world that exists when UEFI initially ships there is no assurance that it won't be later, and the decision to sign now is one less argument (if only a small one) against removing the option, and as was noted by others here at least some of the OEMs would apparently really like to do that. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Jun 18, 2012, at 4:08 PM, Chris Murphy wrote: If I don't agree to the license, then I'm not to use the software. The iOS license says if I don't agree to the license, then I'm not to use the *hardware*. Haha. The most specious aspect of SLA's, however, is the phrasing by using the device/software you agree to the terms of this license. The fact courts appear to be supporting such significant contracts without any evidence whatsoever the end user is even aware the contract exists is a way bigger problem than this Secure Boot hoopla. Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Am 17.06.2012 01:14, schrieb Chris Murphy: Please provide an example of a better option, with sufficient detail as to constitute a successful relay of the baton. The point of the thread from the outset was to explore alternatives, but so far those alternatives are vaporware. why do people not realize that with using microsoft keys we are bringing them in the future to say hey, look there is no reason to disable secure-boot, so now we make it mandatory without any option to disable it you do not believe this would happen? well, let us come back here in a few years when the damage is done WTF? signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Jun 16, 2012, at 6:36 PM, Gregory Maxwell wrote: On Sat, Jun 16, 2012 at 8:16 PM, Chris Murphy li...@colorremedies.com wrote: Calls for speculation. We know what the certification policy used to be. We also know how long DOJ takes to do anything, let alone politicking behind the scenes to arrive at compromise, let alone its day in court. Years. Generations of computers without a disable feature. Good job selectively quoting the part of my message where I was saying that it was a call for speculation either way. It was justified. Only one is speculation. The other utilizes evidence and a track record of behavior. This handful are the people who use adversarial words like: fight, war, battle, attack, surrender, engagement, tactical, etc. to describe this topic. This verbiage is the hallmark of propaganda, designed to cause emotive reactions in people, so they don't consider inconvenient things like facts. I certainly have not done this and by using this argument against me You're paranoid. Are you a handful of people? It appears to me that you're suggesting that I'm somehow asscoiated with propaganda (an emotionally laden word too) and that people should not bother with an inconvenient thing like contemplating my position. The latter, certainly. Oh, the same people who must think boot loader malware is somewhere in the continuum of people's imaginations to being exclusively a Windows threat. Except, as I argued early in these thread, for Fedora the cryptographic lockdown will not meaningfully inhibit boot _time_ malware. If malware can exploit your kernel to infect the bootloader so that the kernel rootkit is reinstalled at every boot to prevent updates from removing it then it can just as well infect systemd to the exact same end. It only helps if the whole system runs no unsigned code at least upto the point where it connects to the internet and gets updates. And repeating yourself is going to get you a different answer than you've already gotten, naturally. It couldn't possibly be that the argument is inapplicable or uncompelling. There are a great many things Fedora could do which would have clear security benefit without the compromises. Where is the effort to fully seccomp-2 restrict and/or SELinux lockdown every use app that handles hostile network input, for example. Closing the door on botnet software long after the machine is compromised is a pretty weak security feature and thats the most the signed bootloader/kernel can offer, and even that requires signing up half the userspace too. Out of scope. Please start a new thread. The Windows 8 certification is the most significant change in Microsoft's hardware requirements ever, as far as I can tell. It's a significant departure from their support legacy at most any cost position prior to this. Clearly they are more than a bit concerned about boot loader malware than they are gaining, what, 1%, by obliterating the entirety of desktop Linux with this conspiracy. Old hardware will continue to run Windows 8. I don't see that I've seen any evidence of Microsoft adopting policy to ensure that new hardware would continue to run Windows, are you saying they have? I don't know what you have or haven't seen so I can't answer your question, even if it was understandable. Old hardware that doesn't meet the Windows 8 hardware requirements can't claim to be made for Windows 8. If a vendor wants that certification and logo usage as an OEM, they have to meet the requirements for that certification. Simple. I'm only opining that those requirements represent the most aggressive change I've seen from Microsoft to date. I therefore further opine conspiracy theorists necessarily have to believe that the conspiracy is primarily to obliterate a ~1% market, and that this piddly market is a greater concern to Microsoft than boot loader malware, or face planting with Windows 8, Metro, Windows Phone 7.x, 8.x, RT, or their server markets, and all other challenges. Conspiracy theorists necessarily believe it's all about them, that they're explicit targets. Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Jun 16, 2012, at 5:26 PM, Reindl Harald wrote: Am 17.06.2012 01:14, schrieb Chris Murphy: Please provide an example of a better option, with sufficient detail as to constitute a successful relay of the baton. The point of the thread from the outset was to explore alternatives, but so far those alternatives are vaporware. why do people not realize that with using microsoft keys we are bringing them in the future to say hey, look there is no reason to disable secure-boot, so now we make it mandatory without any option to disable it you do not believe this would happen? What I believe is irrelevant. You're proposing emotional reaction based on a future hardware requirement that has not been proposed, is not in the interest of Microsoft or their OEMs post-Windows 8 requirement efforts requiring the disable feature, all for the singular purpose of destroying a 1% market. And I think your proposal is highly irrational and without merit. well, let us come back here in a few years when the damage is done WTF? Yes, let's have emotional breakdowns on list in the meantime too. Great use of time. Clearly what every company wants more than growing their markets, is to have pissed off angry customers who were forced into being customers, because their prior platform was willfully destroyed in a wild but massively successful conspiracy. There's simply no potential for saboteurs in that market growth strategy. All for a 1% claim. Based on this, Microsoft might want to, I don't know, blow up Longhua, to make Apple do a face plant. That'd translate into some real market growth for Microsoft. Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sun, Jun 17, 2012 at 12:51 PM, Chris Murphy li...@colorremedies.com wrote: It was justified. Only one is speculation. The other utilizes evidence and a track record of behavior. ... Right, In one case the actual participants in the discussion have expressed doubt that they had any effect, and in the other we have a company which has been previously convinced multiple times in multiple jurisdictions of unlawfully using their market force in the desktop space to suppress competition. I think it's all worthless speculation. But the alternative worthless speculation I offered is the one backed by a track record. I certainly have not done this and by using this argument against me You're paranoid. Are you a handful of people? I'm the person you were responding to and quoting. If you weren't trying to smear me with those claims why did you bother including them, am I to believe it was just an observation on the weather? And again, here you are with the emotionally laden accusations of poor mental health. Paranoid, and later you continue with undirected criticisms towards conspiracy theorists. I'm sure if I ask you to substantiate where any argument I've made has justified dismissal with that label you'd again respond that it had nothing to do with me and that I was being paranoid for suspecting that your comments in a message directed to me, quoting my message, and otherwise generally appearing to respond to me actually had anything to do with anything I've written in the slightest. And repeating yourself is going to get you a different answer than you've already gotten, naturally. It couldn't possibly be that the argument is inapplicable or uncompelling. Except it hasn't gotten an answer. I assume because there is nothing really to answer. As far as I can tell simply a matter of fact that the cryptographic lockdown will not meaningfully increase security for Fedora users. Perhaps it'll make for a nice bit of security-theater marketing, but the actual malware authors will not be deterred by it because controlling the boot sector isn't a goal of malware, it's a means and there are plenty of more or less equally good means to the same end which are left exposed. The Windows 8 certification is the most significant change in Microsoft's hardware requirements ever, as far as I can tell. It's a significant departure from their support legacy at most any cost position prior to this. Clearly they are more than a bit concerned about boot loader malware than they are gaining, what, 1%, by obliterating the entirety of desktop Linux with this conspiracy. Old hardware that doesn't meet the Windows 8 hardware requirements can't claim to be made for Windows 8. If a vendor wants that certification and logo usage as an OEM, they have to meet the requirements for that certification. Simple. I'm only opining that those requirements represent the most aggressive change I've seen from Microsoft to date. Old hardware that didn't meet the Window XP logo requirements couldn't claim to be made for Windows at that time. I couldn't judge if this was an more than typically aggressive change or not— I'll take your word for it— but you claimed that there was a significant departure from support legacy at most any cost, and I'm not seeing it. I therefore further opine conspiracy theorists necessarily have to believe that the conspiracy is primarily to obliterate a ~1% market, and that this piddly market is a greater concern to Microsoft than boot loader malware, or face planting with Windows 8, Metro, Windows Phone 7.x, 8.x, RT, or their I've never said nor thought that. As far as I can tell it's a move to achieve greater and more consistent control of the whole platform in order to extract greater revenues from add-ons (things like Media center pack), gain access to additional revenue streams (Metro app store), and provide a user experience more competitive with Apple's (not gunked up with crazy drivers added by every intermediary the system goes through). If it also suppresses some Linux along the way, thats actually an unfortunate outcome— Microsoft is already being paid for Windows for those systems, and anti-competitive behavior invites unwelcome regulatory scrutiny. ... and so what? That fact that it's almost certainly not all some diabolical plan doesn't make the resulting inequality it generates between RedHat and it's upstream and downstreams any more justifiable. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Am 17.06.2012 19:16, schrieb Chris Murphy: On Jun 16, 2012, at 5:26 PM, Reindl Harald wrote: Am 17.06.2012 01:14, schrieb Chris Murphy: Please provide an example of a better option, with sufficient detail as to constitute a successful relay of the baton. The point of the thread from the outset was to explore alternatives, but so far those alternatives are vaporware. why do people not realize that with using microsoft keys we are bringing them in the future to say hey, look there is no reason to disable secure-boot, so now we make it mandatory without any option to disable it you do not believe this would happen? What I believe is irrelevant. You're proposing emotional reaction based on a future hardware requirement that has not been proposed, is not in the interest of Microsoft or their OEMs post-Windows 8 requirement efforts requiring the disable feature, all for the singular purpose of destroying a 1% market. And I think your proposal is highly irrational and without merit irrational? you are aware that on ARM platform is NO DISABLE SECURE BOOT allowed this is not future requirement this is CURRENT requirement for Win8 on ARM signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sun, Jun 17, 2012 at 1:25 PM, Reindl Harald h.rei...@thelounge.net wrote: you are aware that on ARM platform is NO DISABLE SECURE BOOT allowed this is not future requirement this is CURRENT requirement for Win8 on ARM It was also the original requirement on x86 before negative PR was generated and the requirements were changed. I'm not sure if it will actually happen on x86 too, I'd give it less than even odds only because the push-back from people who refuse to believe it can't happen may well keep it away, but it seems really weird to dismiss this as a far out concern. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sun, 17 Jun 2012 13:51:32 -0400 Gregory Maxwell gmaxw...@gmail.com wrote: On Sun, Jun 17, 2012 at 1:25 PM, Reindl Harald h.rei...@thelounge.net wrote: you are aware that on ARM platform is NO DISABLE SECURE BOOT allowed this is not future requirement this is CURRENT requirement for Win8 on ARM It was also the original requirement on x86 before negative PR was generated and the requirements were changed. I'm not sure if it will actually happen on x86 too, I'd give it less than even odds only because the push-back from people who refuse to believe it can't happen may well keep it away, but it seems really weird to dismiss this as a far out concern. I don't think it's useful at this point to speculate about ARM and secure boot. It's way too early to tell what things are going to look like there. kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Jun 17, 2012, at 11:25 AM, Reindl Harald wrote: Am 17.06.2012 19:16, schrieb Chris Murphy: What I believe is irrelevant. You're proposing emotional reaction based on a future hardware requirement that has not been proposed, is not in the interest of Microsoft or their OEMs post-Windows 8 requirement efforts requiring the disable feature, all for the singular purpose of destroying a 1% market. And I think your proposal is highly irrational and without merit irrational? The only possible reason Microsoft would include their key is to have future ability to lock down the entire x86 platform for themselves, not at all having a single thing to do with user experience. you are aware that on ARM platform is NO DISABLE SECURE BOOT allowed Yes it has been brought up ad nauseum, and it's irrelevant to the conversation. this is not future requirement this is CURRENT requirement for Win8 on ARM The discussion isn't about ARM. It's not related to ARM. You might as well bring up DOJ action against Microsoft 14 years ago as though it's relevant too. I'd rather talk about whether or not Microsoft has nukes, and if they're pointed at Foxconn. Cuz clearly their usage has high efficacy for their market growth, and with almost immediate results. The followup strategy, and distraction bonus, will be buying Nokia. Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sun, Jun 17, 2012 at 7:51 PM, Gregory Maxwell gmaxw...@gmail.com wrote: On Sun, Jun 17, 2012 at 1:25 PM, Reindl Harald h.rei...@thelounge.net wrote: you are aware that on ARM platform is NO DISABLE SECURE BOOT allowed this is not future requirement this is CURRENT requirement for Win8 on ARM It was also the original requirement on x86 before negative PR was generated and the requirements were changed. [citation needed] -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sat, Jun 16, 2012 at 7:26 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 17.06.2012 01:14, schrieb Chris Murphy: Please provide an example of a better option, with sufficient detail as to constitute a successful relay of the baton. The point of the thread from the outset was to explore alternatives, but so far those alternatives are vaporware. Numerous non-vaporware recommendations follow, snipped directly from the thread: various snippets I think my main point stands: talking with, say, Dell, and Microsoft in private, without a serious legal and propaganda push, makes Fedora's position weak in the private negotiations. As soon as the other side made clear that their position was to accept Microsoft's plan, Red Hat should have called a press conference and explained the situation to reporters from the New York Times, the Wall Street Journal, etc.. Please allow me a personal remark: I too have fought one part of a big battle so hard and so long that it seemed to me that the part I was engaged in must be the whole battle. I think that perhaps the negotiators on the Fedora/Red Hat have mistaken one part of the battle for the whole battle. --- My posts argue that Fedora should neither accept, nor seem to accept, Microsoft's having the Hardware Root Key. One reason not to seem to accept Microsoft's having the Hardware Root Key is that, when arguing for Examption 4, the Englobulators will answer Well, there is really no issue here. Why, Fedora accepts that it is right and proper that Microsoft have the Hardware Root Key.. --- Now, perhaps I misread, or misremember, but in this thread, I think it was said that a home computer vendor has offered to allow a key, authorized by what you distinguish as the PK, to be loaded into the UEFI, so that Fedora would stand equal to Microsoft, though both, you now claim, would be equally junior to the vendor (which claim is not right). And you refused. This is ridiculous. If one more key can be loaded at point of sale, then so can several more. And this is not the final step in the remedy, but only an early step. We can do more. But, if Fedora agrees that Microsoft gets to dictate what is loaded at point of sale, well, that is an un-necessary loss. As your statement shows, your team was not negotiating with Microsoft, nor with the vendors of hardware, but with a non-existent being of irresistible power. Of course that negotiation with an imaginary being is much harder to win than the real negotiation. RMS had no Red Hat backing him when he started Project GNU. Nor did Linus when he started the Linux kernel. Nor did the founders of Red Hat. But you have Red Hat, with a large income, and much money. You also have many people who will help you, and help ourselves, in this fight. Suggestion 2: Have Red Hat buy a large quantity of standard home machines, on condition that the UEFI not be locked at point of delivery to Red Hat. Suggestion 3: Do a better command and control screen for the UEFI. There is enough room in the UEFI for a big, but very simple, screen. There is even room for a proper manual. You have written that there is nothing you can do about the bad interface of the UEFI. But you can. --- ad inability to manage keeping the private half of the Fedora key private: This is absurd. I will be happy to explain methods which, if Red Hat wanted, would meet all statutory, and real security, and even all anti-FUD compliance, requirements. This claimed inability is not reasonable. Why? Because your position implies that you trust Microsoft and the hardware vendor more than you trust yourselves in this. If that is your opinion, well, why run Fedora ever? After all, in the world your propose to create, Fedora depends for the security of its boot process, on Microsoft and Microsoft's partner, the hardware vendor. --- My sole comment here (Seth Johnson): Please be real about the need to act in a manner that comports with the threat. The course you must take does indeed require political activities that are not in the normal mode for most people. Yet that's what's needed, none of this other stuff attempting to finesse the matter, or to say it's all about finesse. No, it is plain that failing to take the matter to the political and public court of opinion will not give you any margin of advantage against the moves afoot here. You have to draw the line, and draw it correctly. Given a clear acknowledgement of that, what needs to be done can certainly be done with some grace. But it's not the finesse that's needed at this juncture you are now sitting in the middle of. It's the fight. Seth Johnson -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sun, Jun 17, 2012 at 8:09 PM, Matthew Garrett mj...@srcf.ucam.org wrote: On Sun, Jun 17, 2012 at 07:54:17PM -0400, Seth Johnson wrote: On Sat, Jun 16, 2012 at 7:26 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 17.06.2012 01:14, schrieb Chris Murphy: Please provide an example of a better option, with sufficient detail as to constitute a successful relay of the baton. The point of the thread from the outset was to explore alternatives, but so far those alternatives are vaporware. Numerous non-vaporware recommendations follow, snipped directly from the thread: (snip) These suggestions boil down to: 1) Do nothing 2) Become a hardware vendor 3) Use a Fedora key None of these solve the problem of getting Fedora onto arbitrary x86 hardware bought towards the end of this year. Which one is the do nothing alternative? The other two are some sort of reduction that at least moves us past acting like no constructive suggestions have been made in this discussion, so I would ask questions about how your reduction works on them. Below you'll see that I think the idea that these suggestions are saying do nothing misses the point that they're saying something that's missing, that needs to be done -- whereas more technical solutions may have seemed sufficient so far. various snippets I think my main point stands: talking with, say, Dell, and Microsoft in private, without a serious legal and propaganda push, makes Fedora's position weak in the private negotiations. As soon as the other side made clear that their position was to accept Microsoft's plan, Red Hat should have called a press conference and explained the situation to reporters from the New York Times, the Wall Street Journal, etc.. Please allow me a personal remark: I too have fought one part of a big battle so hard and so long that it seemed to me that the part I was engaged in must be the whole battle. I think that perhaps the negotiators on the Fedora/Red Hat have mistaken one part of the battle for the whole battle. insert 1 by Seth I don't see a match with any of your items here: 1) Do nothing 2) Become a hardware vendor 3) Use a Fedora key Is this the do nothing option? As in, the things said here are nothing because they do not produce a deterministic effect? /insert 1 by Seth --- My posts argue that Fedora should neither accept, nor seem to accept, Microsoft's having the Hardware Root Key. One reason not to seem to accept Microsoft's having the Hardware Root Key is that, when arguing for Examption 4, the Englobulators will answer Well, there is really no issue here. Why, Fedora accepts that it is right and proper that Microsoft have the Hardware Root Key.. insert 2 by Seth Still no match, though one could invert it and say it implies item 3) Use a Fedora key. 1) Do nothing 2) Become a hardware vendor 3) Use a Fedora key Might you see this as a do nothing option? As in not seem[ing] to accept Microsoft's having the Hardware Root Key is not related to a deterministic technical solution to getting Fedora onto arbitrary x86 hardware bought towards the end of this year? /insert 2 by Seth --- Now, perhaps I misread, or misremember, but in this thread, I think it was said that a home computer vendor has offered to allow a key, authorized by what you distinguish as the PK, to be loaded into the UEFI, so that Fedora would stand equal to Microsoft, though both, you now claim, would be equally junior to the vendor (which claim is not right). And you refused. This is ridiculous. If one more key can be loaded at point of sale, then so can several more. And this is not the final step in the remedy, but only an early step. We can do more. But, if Fedora agrees that Microsoft gets to dictate what is loaded at point of sale, well, that is an un-necessary loss. As your statement shows, your team was not negotiating with Microsoft, nor with the vendors of hardware, but with a non-existent being of irresistible power. Of course that negotiation with an imaginary being is much harder to win than the real negotiation. RMS had no Red Hat backing him when he started Project GNU. Nor did Linus when he started the Linux kernel. Nor did the founders of Red Hat. But you have Red Hat, with a large income, and much money. You also have many people who will help you, and help ourselves, in this fight. Suggestion 2: Have Red Hat buy a large quantity of standard home machines, on condition that the UEFI not be locked at point of delivery to Red Hat. Suggestion 3: Do a better command and control screen for the UEFI. There is enough room in the UEFI for a big, but very simple, screen. There is even room for a proper manual. You have written that there is nothing you can do about the bad interface of the UEFI. But you can. insert 3 by Seth I see 2) Become a hardware vendor and 3) Use a Fedora key here 1) Do nothing 2) Become a hardware vendor 3) Use a Fedora key Is this where the do nothing option
Re: *countable infinities only
On Mon, 18 Jun 2012, Matthew Garrett mj...@srcf.ucam.org wrote: On Sun, Jun 17, 2012 at 07:54:17PM -0400, Seth Johnson wrote: On Sat, Jun 16, 2012 at 7:26 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 17.06.2012 01:14, schrieb Chris Murphy: Please provide an example of a better option, with sufficient detail as to constitute a successful relay of the baton. The point of the thread from the outset was to explore alternatives, but so far those alternatives are vaporware. Numerous non-vaporware recommendations follow, snipped directly from the thread: (snip) These suggestions boil down to: 1) Do nothing 2) Become a hardware vendor 3) Use a Fedora key None of these solve the problem of getting Fedora onto arbitrary x86 hardware bought towards the end of this year. -- Matthew Garrett | mj...@srcf.ucam.org I think 50 million dollars toward buying, and properly arranging the UEFI, of several lots of x86 computers would indeed solve part of the problem you point out. Why not? What does Red Hat have to lose? If Red Hat takes no effective action, then Red Hat will lose much more than 50 million dollars, and very soon too. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sun, 17 Jun 2012, Jay Sulzberger wrote: On Mon, 18 Jun 2012, Matthew Garrett mj...@srcf.ucam.org wrote: On Sun, Jun 17, 2012 at 07:54:17PM -0400, Seth Johnson wrote: On Sat, Jun 16, 2012 at 7:26 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 17.06.2012 01:14, schrieb Chris Murphy: Please provide an example of a better option, with sufficient detail as to constitute a successful relay of the baton. The point of the thread from the outset was to explore alternatives, but so far those alternatives are vaporware. Numerous non-vaporware recommendations follow, snipped directly from the thread: (snip) These suggestions boil down to: 1) Do nothing Of course, I have never suggested doing nothing. It is the secret negotiations with hardware vendors and Microsoft, which have culminated in a suggestion to make Fedora formally subordinate, at the hardware and legal and business and public relations levels, to Microsoft which would better be characterized as doing nothing. Matthew, I know that you and the Fedora team have done your best in a difficult and dark corner, but I think if you consider a wider range of possible moves, the corner will not seem so narrow and dark and hopeless. This year's engagement is not all of the struggle. So, if for some months, it is even more annoying than once it was to install Fedora, making use of all advertised hardware facilities, well, that is not losing the war. My own estimate is that a strong stand now would result in more successful installs of Fedora, this year, than the suggested policy of accommodation to Microsoft's demands. oo--JS. 2) Become a hardware vendor 3) Use a Fedora key None of these solve the problem of getting Fedora onto arbitrary x86 hardware bought towards the end of this year. -- Matthew Garrett | mj...@srcf.ucam.org I think 50 million dollars toward buying, and properly arranging the UEFI, of several lots of x86 computers would indeed solve part of the problem you point out. Why not? What does Red Hat have to lose? If Red Hat takes no effective action, then Red Hat will lose much more than 50 million dollars, and very soon too. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sun, 17 Jun 2012, Jay Sulzberger wrote: On Sun, 17 Jun 2012, Jay Sulzberger wrote: On Mon, 18 Jun 2012, Matthew Garrett mj...@srcf.ucam.org wrote: On Sun, Jun 17, 2012 at 07:54:17PM -0400, Seth Johnson wrote: On Sat, Jun 16, 2012 at 7:26 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 17.06.2012 01:14, schrieb Chris Murphy: Please provide an example of a better option, with sufficient detail as to constitute a successful relay of the baton. The point of the thread from the outset was to explore alternatives, but so far those alternatives are vaporware. Numerous non-vaporware recommendations follow, snipped directly from the thread: (snip) These suggestions boil down to: 1) Do nothing Of course, I have never suggested doing nothing. It is the secret negotiations with hardware vendors and Microsoft, which have culminated in a suggestion to make Fedora formally subordinate, at the hardware and legal and business and public relations levels, to Microsoft which would better be characterized as doing nothing. Matthew, I know that you and the Fedora team have done your best in a difficult and dark corner, but I think if you consider a wider range of possible moves, the corner will not seem so narrow and dark and hopeless. This year's engagement is not all of the struggle. So, if for some months, it is even more annoying than once it was to install Fedora, making use of all advertised hardware facilities, well, that is not losing the war. My own estimate is that a strong stand now would result in more successful installs of Fedora, this year, than the suggested policy of accommodation to Microsoft's demands. oo--JS. 2) Become a hardware vendor 3) Use a Fedora key I am not sure of the tactical situation here. Doesn't Fedora already sign all software in the Official Repository? Is it not the case that if Fedora's private signing key were to be compromised, that a kernel controlled by an entity that is not Fedora, would be installed on many machines? Is it not also the case that if a non-kernel piece of software is sneaked into the Official Fedora Repository, we do not assume any Fedora private key compromise in this hypothetical, that the subverted non-kernel piece of software could do serious damage, incuding perhaps an escalation to root privilege? So why does the SecureBoot private key require a so much higher cost of administration? Thanks for reading this, Matthew! oo--JS. None of these solve the problem of getting Fedora onto arbitrary x86 hardware bought towards the end of this year. -- Matthew Garrett | mj...@srcf.ucam.org I think 50 million dollars toward buying, and properly arranging the UEFI, of several lots of x86 computers would indeed solve part of the problem you point out. Why not? What does Red Hat have to lose? If Red Hat takes no effective action, then Red Hat will lose much more than 50 million dollars, and very soon too. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sun, 17 Jun 2012 23:21:14 -0400 (EDT) Jay Sulzberger j...@panix.com wrote: I think 50 million dollars toward buying, and properly arranging the UEFI, of several lots of x86 computers would indeed solve part of the problem you point out. Why not? Why? 50million dollars is a big order, but I don't see how this would change MicroSoft's mind, or the vendors who still wish to sell Windows 8 client certified systems. Out of curiosity, what would be different about these machines you propose? Secure boot off by default? Secure boot completely removed? What does Red Hat have to lose? 50 million dollars? If Red Hat takes no effective action, then Red Hat will lose much more than 50 million dollars, and very soon too. I'm afraid I don't follow your logic here, sorry. kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sun, 17 Jun 2012 22:01:53 -0400, you wrote: On Sun, Jun 17, 2012 at 8:09 PM, Matthew Garrett mj...@srcf.ucam.org wrote: On Sun, Jun 17, 2012 at 07:54:17PM -0400, Seth Johnson wrote: On Sat, Jun 16, 2012 at 7:26 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 17.06.2012 01:14, schrieb Chris Murphy: Please provide an example of a better option, with sufficient detail as to constitute a successful relay of the baton. The point of the thread from the outset was to explore alternatives, but so far those alternatives are vaporware. Numerous non-vaporware recommendations follow, snipped directly from the thread: (snip) These suggestions boil down to: 1) Do nothing 2) Become a hardware vendor 3) Use a Fedora key None of these solve the problem of getting Fedora onto arbitrary x86 hardware bought towards the end of this year. Which one is the do nothing alternative? Most of them. As much as the proposed solution may suck to some, none of the suggestions made in this thread are serious. Vague ideas about protests will do nothing because the public doesn't care (and this has nothing do with this specifically, protests in general accomplish nothing most of the time). Ideas of legal action are doomed because it will take far too long and too much money, and likely fail anyway. The idea the DOJ may take an interest is a joke given the current political climate. Come some point this fall all new hardware will come with secure boot enabled, because none of the vendors can afford to not have the Windows 8 certification on their products. There is nothing Red Hat, Fedora, or anyone else in the Linux community can do to prevent this. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sun, 17 Jun 2012, Kevin Fenzi ke...@scrye.com wrote: On Sun, 17 Jun 2012 23:21:14 -0400 (EDT) Jay Sulzberger j...@panix.com wrote: I think 50 million dollars toward buying, and properly arranging the UEFI, of several lots of x86 computers would indeed solve part of the problem you point out. Why not? Why? 50million dollars is a big order, but I don't see how this would change MicroSoft's mind, or the vendors who still wish to sell Windows 8 client certified systems. It is hard to answer this so direct declaration of hopelessness. Look, once Project GNU and the Linux kernel did not exist. The present situation where GNU/Linux systems are installed on many million machines did not suddenly happen from one day to the next. There was no midnight such that one minute before midnight no GNU/Linux OSes ran, and one minute after, millions ran. Your framing of the issue here is ridiculous. The issue is not whether we can stop by tomorrow morning every hardware vendor on Earth from doing business with Microsoft. No the issue is: Must we aid and abet Microsoft in the Microsoft campaign to extinguish free sofware. Out of curiosity, what would be different about these machines you propose? Secure boot off by default? Secure boot completely removed? We write the code for the UEFI. Our interface is better, and our facilities offer better choices. What does Red Hat have to lose? 50 million dollars? If Red Hat takes no effective action, then Red Hat will lose much more than 50 million dollars, and very soon too. I'm afraid I don't follow your logic here, sorry. kevin Fifty million dollars is a small amount, considering that Red Hat, if Red Hat agrees that Red Hat OSes require a license from Microsoft, will cease to exist the day that Microsoft refuses a license. On the day of the agreement, in any case, Red Hat would cease to exist as a business independent of Microsoft. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sun, 17 Jun 2012 23:21:14 -0400 (EDT), you wrote: On Mon, 18 Jun 2012, Matthew Garrett mj...@srcf.ucam.org wrote: On Sun, Jun 17, 2012 at 07:54:17PM -0400, Seth Johnson wrote: On Sat, Jun 16, 2012 at 7:26 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 17.06.2012 01:14, schrieb Chris Murphy: Please provide an example of a better option, with sufficient detail as to constitute a successful relay of the baton. The point of the thread from the outset was to explore alternatives, but so far those alternatives are vaporware. Numerous non-vaporware recommendations follow, snipped directly from the thread: (snip) These suggestions boil down to: 1) Do nothing 2) Become a hardware vendor 3) Use a Fedora key None of these solve the problem of getting Fedora onto arbitrary x86 hardware bought towards the end of this year. -- Matthew Garrett | mj...@srcf.ucam.org I think 50 million dollars toward buying, and properly arranging the UEFI, of several lots of x86 computers would indeed solve part of the problem you point out. Why not? Intel just launched their Ivy Bridge processors, which has resulted in likely more than 200 different products being released (combined motherboards and systems from vendors like Dell). Then add all the other older Intel processors that will be used in Windows 8 certified hardware. Don't forgot to add in products based on AMD processors. Now factor in the customizations that can be done to many of those products, and you can quickly see that there is no way Red Hat can hope to offer hardware that would make every Linux user happy. Not to mention that you are effectively telling anyone not currently using Red Hat Hardware that they can't run Linux, thus eliminating the ability to gain new Linux users. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012 00:09:37 -0400 (EDT), you wrote: On Sun, 17 Jun 2012, Kevin Fenzi ke...@scrye.com wrote: On Sun, 17 Jun 2012 23:21:14 -0400 (EDT) Jay Sulzberger j...@panix.com wrote: I think 50 million dollars toward buying, and properly arranging the UEFI, of several lots of x86 computers would indeed solve part of the problem you point out. Why not? Why? 50million dollars is a big order, but I don't see how this would change MicroSoft's mind, or the vendors who still wish to sell Windows 8 client certified systems. It is hard to answer this so direct declaration of hopelessness. Look, once Project GNU and the Linux kernel did not exist. The present situation where GNU/Linux systems are installed on many million machines did not suddenly happen from one day to the next. There was no midnight such that one minute before midnight no GNU/Linux OSes ran, and one minute after, millions ran. Your framing of the issue here is ridiculous. The issue is not whether we can stop by tomorrow morning every hardware vendor on Earth from doing business with Microsoft. No the issue is: Must we aid and abet Microsoft in the Microsoft campaign to extinguish free sofware. No, the issue is how do we make it easy for people to try and/or install Fedora after the new hardware ships. Microsoft has bigger threats than Linux to worry about these days (if Microsoft wanted to kill Linux they would not have compromised on secure boot). Out of curiosity, what would be different about these machines you propose? Secure boot off by default? Secure boot completely removed? We write the code for the UEFI. Our interface is better, and our facilities offer better choices. People don't buy hardware for the BIOS or UEFI, they buy it based on price and feature offered (processor, PCI slots, etc). There is no way for Red Hat to offer the variety of hardware required. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012, Gerald Henriksen ghenr...@gmail.com wrote: On Sun, 17 Jun 2012 22:01:53 -0400, you wrote: On Sun, Jun 17, 2012 at 8:09 PM, Matthew Garrett mj...@srcf.ucam.org wrote: On Sun, Jun 17, 2012 at 07:54:17PM -0400, Seth Johnson wrote: On Sat, Jun 16, 2012 at 7:26 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 17.06.2012 01:14, schrieb Chris Murphy: Please provide an example of a better option, with sufficient detail as to constitute a successful relay of the baton. The point of the thread from the outset was to explore alternatives, but so far those alternatives are vaporware. Numerous non-vaporware recommendations follow, snipped directly from the thread: (snip) These suggestions boil down to: 1) Do nothing 2) Become a hardware vendor 3) Use a Fedora key None of these solve the problem of getting Fedora onto arbitrary x86 hardware bought towards the end of this year. Which one is the do nothing alternative? Most of them. As much as the proposed solution may suck to some, none of the suggestions made in this thread are serious. Of course, I am serious. Vague ideas about protests will do nothing because the public doesn't care (and this has nothing do with this specifically, protests in general accomplish nothing most of the time). My idea is not vague. Ideas of legal action are doomed because it will take far too long and too much money, and likely fail anyway. The idea the DOJ may take an interest is a joke given the current political climate. No. Sometimes, like Project GNU, like the Linux kernel, like Red Hat, things take time. But if we do not start, why then yes, nothing would ever get done. Come some point this fall all new hardware will come with secure boot enabled, because none of the vendors can afford to not have the Windows 8 certification on their products. There is nothing Red Hat, Fedora, or anyone else in the Linux community can do to prevent this. Your declaration of complete hopelessness is useful in this discussion. It is useful because of its clarity: There is nothing Red Hat, Fedora, or anyone else in the Linux community can do to prevent this. Allow me please to directly contradict you: Of course there have been successful campaigns of resistance to illegitimate authority and unjust rule. The United States of America was founded as the successful result of decades of resistance, and eventually war. The United States of America fought the Civil War, and the Union won, and the system of slavery lost. And massive protests helped pass the Civil Right Acts of 1964 and 1968. And RMS started Project GNU and Project GNU got Emacs for Unices, gcc, bash, and other utilities written. And Linus Torvalds started the Linux kernel and manages the kernel today. And Red Hat was founded by several people who had no money to speak of, and today Red Hat is a decent sized company. Your argument would demonstrate that the United States does not exist, that the slavocracy continues in the South, that gcc does not exist, that the Linux kernel does not exist, and that certainly Red Hat, and therefore Fedora too, does not exist. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012, Gerald Henriksen ghenr...@gmail.com wrote: On Sun, 17 Jun 2012 23:21:14 -0400 (EDT), you wrote: On Mon, 18 Jun 2012, Matthew Garrett mj...@srcf.ucam.org wrote: On Sun, Jun 17, 2012 at 07:54:17PM -0400, Seth Johnson wrote: On Sat, Jun 16, 2012 at 7:26 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 17.06.2012 01:14, schrieb Chris Murphy: Please provide an example of a better option, with sufficient detail as to constitute a successful relay of the baton. The point of the thread from the outset was to explore alternatives, but so far those alternatives are vaporware. Numerous non-vaporware recommendations follow, snipped directly from the thread: (snip) These suggestions boil down to: 1) Do nothing 2) Become a hardware vendor 3) Use a Fedora key None of these solve the problem of getting Fedora onto arbitrary x86 hardware bought towards the end of this year. -- Matthew Garrett | mj...@srcf.ucam.org I think 50 million dollars toward buying, and properly arranging the UEFI, of several lots of x86 computers would indeed solve part of the problem you point out. Why not? Intel just launched their Ivy Bridge processors, which has resulted in likely more than 200 different products being released (combined motherboards and systems from vendors like Dell). Then add all the other older Intel processors that will be used in Windows 8 certified hardware. Don't forgot to add in products based on AMD processors. Now factor in the customizations that can be done to many of those products, and you can quickly see that there is no way Red Hat can hope to offer hardware that would make every Linux user happy. This is not the issue. You have postulated that we must solve a problem we need not solve. Not to mention that you are effectively telling anyone not currently using Red Hat Hardware that they can't run Linux, thus eliminating the ability to gain new Linux users. You have committed a sign error in your argument. Because there are 200 different products being released, certainly Red Hat can get another motherboard made. It would just be the 201st such motherboard. Further, this is in answer to just another aspect of the same sign error: We do not have to solve any such problem as you pose. One superior motherboard would be of great help to Fedora, Red Hat, and the free sofwtare movement. It is hard today I think to get Fedora running on some PowerPC systems, on some MIPS systems too, and likely very hard on old VAX machines. So what? We do not have to have every motherboard work well with free software. But we do need at least one, and we hope many. oo--JS. PS. The same sign error, here appearing as a confusion between at least one and all, appears elsewhere in this discussion. I hope to get something out on this. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sun, Jun 17, 2012 at 11:21:14PM -0400, Jay Sulzberger wrote: I think 50 million dollars toward buying, and properly arranging the UEFI, of several lots of x86 computers would indeed solve part of the problem you point out. Why not? Because said machines would cost more than identical hardware with different firmware. Sales of Linux-specific PC hardware haven't been massively successful so far. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sun, Jun 17, 2012 at 11:52:48PM -0400, Jay Sulzberger wrote: So why does the SecureBoot private key require a so much higher cost of administration? Fedora's keys are currently only relevant on hardware where users have voluntarialy installed Fedora. If all x86 machines shipped with a Fedora key installed then our key security would be relevant to everyone, and we'd be a much more attractive target than we currently are. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 12:41 AM, Jay Sulzberger j...@panix.com wrote: On Mon, 18 Jun 2012, Gerald Henriksen ghenr...@gmail.com wrote: Not to mention that you are effectively telling anyone not currently using Red Hat Hardware that they can't run Linux, thus eliminating the ability to gain new Linux users. You have committed a sign error in your argument. Because there are 200 different products being released, certainly Red Hat can get another motherboard made. It would just be the 201st such motherboard. Further, this is in answer to just another aspect of the same sign error: We do not have to solve any such problem as you pose. One superior motherboard would be of great help to Fedora, Red Hat, and the free sofwtare movement. It is hard today I think to get Fedora running on some PowerPC systems, on some MIPS systems too, and likely very hard on old VAX machines. So what? We do not have to have every motherboard work well with free software. But we do need at least one, and we hope many. There certainly needs to be one to lead, but also more to follow so that that one does not become a target. But the best thing is that a free software UEFI would let anybody put their own key as hardware root, and this would stymie the rationalizing of big shots holding root and granting signing services to their hardware. Folks might have to pay extra for this at first, but it would soon be apparent that this is the way it's supposed to be. Seth -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 12:41:20AM -0400, Jay Sulzberger wrote: We do not have to have every motherboard work well with free software. But we do need at least one, and we hope many. What market share Linux has is storngly infuenced by people's ability to install Linux on computers that they already own. Few people start running Linux on hardware that they have bought purely for the purpose. Adopting an approach that dramatically increases the barrier of entry to new Linux users is an excellent way to ensure that we stop finding new Linux developers. We don't need one motherboard. We need all of them. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012, Gerald Henriksen ghenr...@gmail.com wrote: On Mon, 18 Jun 2012 00:09:37 -0400 (EDT), you wrote: On Sun, 17 Jun 2012, Kevin Fenzi ke...@scrye.com wrote: On Sun, 17 Jun 2012 23:21:14 -0400 (EDT) Jay Sulzberger j...@panix.com wrote: I think 50 million dollars toward buying, and properly arranging the UEFI, of several lots of x86 computers would indeed solve part of the problem you point out. Why not? Why? 50million dollars is a big order, but I don't see how this would change MicroSoft's mind, or the vendors who still wish to sell Windows 8 client certified systems. It is hard to answer this so direct declaration of hopelessness. Look, once Project GNU and the Linux kernel did not exist. The present situation where GNU/Linux systems are installed on many million machines did not suddenly happen from one day to the next. There was no midnight such that one minute before midnight no GNU/Linux OSes ran, and one minute after, millions ran. Your framing of the issue here is ridiculous. The issue is not whether we can stop by tomorrow morning every hardware vendor on Earth from doing business with Microsoft. No the issue is: Must we aid and abet Microsoft in the Microsoft campaign to extinguish free sofware. No, the issue is how do we make it easy for people to try and/or install Fedora after the new hardware ships. Microsoft has bigger threats than Linux to worry about these days (if Microsoft wanted to kill Linux they would not have compromised on secure boot). Out of curiosity, what would be different about these machines you propose? Secure boot off by default? Secure boot completely removed? We write the code for the UEFI. Our interface is better, and our facilities offer better choices. People don't buy hardware for the BIOS or UEFI, they buy it based on price and feature offered (processor, PCI slots, etc). There is no way for Red Hat to offer the variety of hardware required. But that is not the issue. We just need untrammelled fully working hardware. Just some untrammelled fully working hardware. We do not need to end the production of iPhones and iPads and rooted-by-Microsoft devices by tomorrow at noon. (Naturally, in the longer term, we intend to end such vicious frauds.) We just need hardware we can install Fedora on, as once we did, without asking Microsoft for permission. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 12:54:56AM -0400, Seth Johnson wrote: But the best thing is that a free software UEFI would let anybody put their own key as hardware root, and this would stymie the rationalizing of big shots holding root and granting signing services to their hardware. All UEFI implementations we're aware of will be shipping with support for replacing all the secure boot keys, including Pk. UEFI itself is also entirely free software, although specific implementations may not be. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 12:56:54AM -0400, Jay Sulzberger wrote: We just need hardware we can install Fedora on, as once we did, without asking Microsoft for permission. System76 have committed to providing hardware without pre-enabled secure boot. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 12:58 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 12:54:56AM -0400, Seth Johnson wrote: But the best thing is that a free software UEFI would let anybody put their own key as hardware root, and this would stymie the rationalizing of big shots holding root and granting signing services to their hardware. All UEFI implementations we're aware of will be shipping with support for replacing all the secure boot keys, including Pk. UEFI itself is also entirely free software, although specific implementations may not be. Then write a better UEFI. No need for a shim. Seth -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 18 Jun 2012, Matthew Garrett mj...@srcf.ucam.org wrote: On Sun, Jun 17, 2012 at 11:21:14PM -0400, Jay Sulzberger wrote: I think 50 million dollars toward buying, and properly arranging the UEFI, of several lots of x86 computers would indeed solve part of the problem you point out. Why not? Because said machines would cost more than identical hardware with different firmware. Sales of Linux-specific PC hardware haven't been massively successful so far. -- Matthew Garrett | mj...@srcf.ucam.org Why should they cost more? And suppose they cost $20 more. Let Red Hat pay this, and/or run an ad campaign explaining that with this motherboard, you can actually know what is running on the machine. Bob Young, a master of propaganda^Hsales, had a wonderful spiel in favor of free software which included the line Why would you buy a car with the hood welded shut?. ad previous lack of success of sales of GNU/Linux machines: In every case I know, Microsoft just bribed/threatened the vendor to stop selling the machines. If Red Hat accedes to Microsoft's demands here, there will be no, let me repeat, no hardware that Fedora can be easily installed on. Here is why: By your own explanation, you think that without the special key, controlled by Microsoft, Fedora would be too hard for some people to install. OK, so you agree that Fedora must get permission from Microsoft to allow easy installs of Fedora. The game is now just about over. What if one day, Microsoft makes it even harder to install Fedora without a Microsoft controlled key? What if, as has already happened with ARM, Microsoft refuses to grant Fedora a special key? No. Let Red Hat tell the truth. Let Red Hat design a better UEFI motherboard. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 01:00:33AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 12:58 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 12:54:56AM -0400, Seth Johnson wrote: But the best thing is that a free software UEFI would let anybody put their own key as hardware root, and this would stymie the rationalizing of big shots holding root and granting signing services to their hardware. All UEFI implementations we're aware of will be shipping with support for replacing all the secure boot keys, including Pk. UEFI itself is also entirely free software, although specific implementations may not be. Then write a better UEFI. No need for a shim. The machine will have a functional UEFI implementation. Why would we want to replace it? -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 01:09:52AM -0400, Jay Sulzberger wrote: The game is now just about over. What if one day, Microsoft makes it even harder to install Fedora without a Microsoft controlled key? What if, as has already happened with ARM, Microsoft refuses to grant Fedora a special key? Microsoft has not refused to grant Fedora a key for ARM. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 1:14 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 01:00:33AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 12:58 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 12:54:56AM -0400, Seth Johnson wrote: But the best thing is that a free software UEFI would let anybody put their own key as hardware root, and this would stymie the rationalizing of big shots holding root and granting signing services to their hardware. All UEFI implementations we're aware of will be shipping with support for replacing all the secure boot keys, including Pk. UEFI itself is also entirely free software, although specific implementations may not be. Then write a better UEFI. No need for a shim. The machine will have a functional UEFI implementation. Why would we want to replace it? Um, because you're not asking permission? Seth -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 1:15 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 01:09:52AM -0400, Jay Sulzberger wrote: The game is now just about over. What if one day, Microsoft makes it even harder to install Fedora without a Microsoft controlled key? What if, as has already happened with ARM, Microsoft refuses to grant Fedora a special key? Microsoft has not refused to grant Fedora a key for ARM. Oh please. Seth -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 01:16:37AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 1:14 AM, Matthew Garrett mj...@srcf.ucam.org wrote: The machine will have a functional UEFI implementation. Why would we want to replace it? Um, because you're not asking permission? I'm sorry, I really don't understand what you're suggesting here. It's not possible to simply replace a system's firmware with another implementation. You could chainboot from one UEFI implementation into another, but if the first implements secure boot then you'd have the same set of bootstrapping problems as you would with just booting an OS. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 01:17:19AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 1:15 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 01:09:52AM -0400, Jay Sulzberger wrote: The game is now just about over. What if one day, Microsoft makes it even harder to install Fedora without a Microsoft controlled key? What if, as has already happened with ARM, Microsoft refuses to grant Fedora a special key? Microsoft has not refused to grant Fedora a key for ARM. Oh please. ? -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, Jun 18, 2012 at 1:16 AM, Seth Johnson seth.p.john...@gmail.com wrote: On Mon, Jun 18, 2012 at 1:14 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 01:00:33AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 12:58 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Mon, Jun 18, 2012 at 12:54:56AM -0400, Seth Johnson wrote: On Mon, Jun 18, 2012 at 12:41 AM, Jay Sulzberger j...@panix.com wrote: On Mon, 18 Jun 2012, Gerald Henriksen ghenr...@gmail.com wrote: Not to mention that you are effectively telling anyone not currently using Red Hat Hardware that they can't run Linux, thus eliminating the ability to gain new Linux users. You have committed a sign error in your argument. Because there are 200 different products being released, certainly Red Hat can get another motherboard made. It would just be the 201st such motherboard. Further, this is in answer to just another aspect of the same sign error: We do not have to solve any such problem as you pose. One superior motherboard would be of great help to Fedora, Red Hat, and the free sofwtare movement. It is hard today I think to get Fedora running on some PowerPC systems, on some MIPS systems too, and likely very hard on old VAX machines. So what? We do not have to have every motherboard work well with free software. But we do need at least one, and we hope many. There certainly needs to be one to lead, but also more to follow so that that one does not become a target. But the best thing is that a free software UEFI would let anybody put their own key as hardware root, and this would stymie the rationalizing of big shots holding root and granting signing services to their hardware. All UEFI implementations we're aware of will be shipping with support for replacing all the secure boot keys, including Pk. UEFI itself is also entirely free software, although specific implementations may not be. Then write a better UEFI. No need for a shim. The machine will have a functional UEFI implementation. Why would we want to replace it? Um, because you're not asking permission? I'm sorry, I really don't understand what you're suggesting here. It's not possible to simply replace a system's firmware with another implementation. You could chainboot from one UEFI implementation into another, but if the first implements secure boot then you'd have the same set of bootstrapping problems as you would with just booting an OS. See the fuller thread, reconstructed in nested fashion above. A free software UEFI would be on its own hardware. Seth Folks might have to pay extra for this at first, but it would soon be apparent that this is the way it's supposed to be. Seth -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, Jun 12, 2012 at 7:58 AM, Jay Sulzberger j...@panix.com wrote: On Tue, 12 Jun 2012, drago01 drag...@gmail.com wrote: On Tue, Jun 12, 2012 at 12:11 PM, Nicu Buculei nicu_fed...@nicubunu.ro wrote: On 06/12/2012 12:58 PM, drago01 wrote: On Tue, Jun 12, 2012 at 9:44 AM, Nicu Buculei wrote: The point is we have a target audience: http://fedoraproject.org/wiki/**User_basehttp://fedoraproject.org/wiki/User_base Our desired users ARE contributors. We do have a mission as well: http://fedoraproject.org/wiki/**Overview#Our_Missionhttp://fedoraproject.org/wiki/Overview#Our_Mission The Fedora Project consistently seeks to create, improve, and spread free/libre code and content. And Bingo! the mission is all about freedom. I didn't deny that. Which you don't do by excluding users ... sure we want to gain new contributors but that does not mean that we should exclude other users. Not if it affects our freedom, is a problem of freedom versus convenience. No because secure boot does not limit your freedom in *any* way. If you want to hack on the kernel or other low level stuff flip a switch in the firmware. It is reasonable to expect this type of users to be able to do that. Up until now, installing a free OS did not require the extra moves, which Fedora admits are irksome. If Microsoft succeeds in imposing Microsoft Root Control, then it becomes even harder to install free software, as compared to running a Microsoft OS which is already loaded on the box at point of sale. If we let them, Microsoft will have erected yet another barrier to running free software. ad diction: SecureBoot does not mean secure boot in the situation where a large rich entity hostile to free software holds the unique key which allows booting on the hardware. To continue to call the arrangement under which Microsoft holds the root key to the hardware SecureBoot is inaccurate. If any Fedora developer uses the term without explanation of its real meaning, that developer suggests to those listening, that the developer thinks that Microsoft holding the root key is more secure than Fedora holding the root key, or the owner of the hardware holding the root key. It is ridiculous to use a term invented by Microsoft to mislead people who do not understand that SecureBoot means Root Control by Microsoft. If spreading to some users means losing some freedom, then I think that is against the mission. We are not loosing any freedom we are implementing a technology that makes fedora work out of the box on newer hardware. No, if we have to beg Microsoft for permission to conveniently install Fedora, we have lost our freedom to conveniently, without asking permission of Microsoft, install Fedora. Why should we beg Microsoft for a power which last month we had, and which Microsoft has seized to itself? Of course the actions by Microsoft are against anti-trust law in the US and in Europe grossly violate the rule against tying of software and hardware. And claiming Why you could pirouette and do a handspring backwards, and if Microsoft agrees, then you can install Fedora, so there is no extra bar to installation. is incorrect. Before now we did not have to do the pirouette and handspring. Before the New Microsoft Regime of Booting, we did not have to beg Microsoft to sign our keys. No. Our side must here stand and fight. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.**org/mailman/listinfo/develhttps://admin.fedoraproject.org/mailman/listinfo/devel (The following reply contains language that may be offensive to some readers (a swear word). Reader discretion is advised) Why do we need to bring Microsoft into this, much less listen to, or communicate with them? Forget about them. Our fight may be with them, but if we let them continue on their merry way, they will most certainly fail. What we need to do is let the broader public know that there are better options available - perhaps leaving out the term better because it may give Micro-shit (my own term for Microsoft) something to fight against. Is there some kind of commercial that we could put out to ask people to try it out? -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Jun 16, 2012, at 12:17 PM, Richard Vickery wrote: Why do we need to bring Microsoft into this, much less listen to, or communicate with them? Forget about them. Ahh, the Ostrich Maneuver. Had this been the policy of others working on this issue, Microsoft would not have updated their Windows 8 certification to require the user be able to disable Secure Boot. And then we'd all be in a significantly worse position. So congratulations on locating a really hideously bad idea, one that actually supports the original Microsoft position. Our fight may be with them, but if we let them continue on their merry way, they will most certainly fail. Fortunately people making informed decisions aren't so passive aggressive. Waiting for shit to hit the fan, and then using sprayed feces over everyone as justification for more shit flinging is about as stupid an idea as I've read in this thread. Yeah, great idea. Let's get pissy, but do nothing, wait for a net worse policy to develop that affects everyone, and then do nothing but get pissed off, bitch, and whine about it. What we need to do is let the broader public know that there are better options available Please provide an example of a better option, with sufficient detail as to constitute a successful relay of the baton. The point of the thread from the outset was to explore alternatives, but so far those alternatives are vaporware. Chris Murphy-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sat, Jun 16, 2012 at 7:14 PM, Chris Murphy li...@colorremedies.com wrote: Ahh, the Ostrich Maneuver. Had this been the policy of others working on this issue, Microsoft would not have updated their Windows 8 certification to require the user be able to disable Secure Boot. And then we'd all be in a significantly worse position. So congratulations on locating a really hideously bad idea, one that actually supports the original Microsoft position. Or, perhaps, they would have found themselves behind the gun-sights of the DOJ again and dropped the whole thing in order to avoid years of costly antitrust litigation. (Or do you think they would have backed off at all, just because someone asked, if they didn't think that risk was at least somewhat credible?) Hypotheticals are like that. Who knows? Certainly people who are of the opinion that Fedora shouldn't run on devices that need signed kernels aren't going to be convinced that gaining the ability to make that choice was a big improvement. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Jun 16, 2012, at 5:44 PM, Gregory Maxwell wrote: Or, perhaps, they would have found themselves behind the gun-sights of the DOJ again and dropped the whole thing in order to avoid years of costly antitrust litigation. (Or do you think they would have backed off at all, just because someone asked, if they didn't think that risk was at least somewhat credible?) Calls for speculation. We know what the certification policy used to be. We also know how long DOJ takes to do anything, let alone politicking behind the scenes to arrive at compromise, let alone its day in court. Years. Generations of computers without a disable feature. No, but in the view of a handful, it's better for the entire community to experience this pain, for years, in order to arrive at some asinine conclusion that XX is the source of all evil in the computing world. Then all would be right as rain, unified tribal behavior against an enemy that some people thought could be negotiated with. This handful are the people who use adversarial words like: fight, war, battle, attack, surrender, engagement, tactical, etc. to describe this topic. This verbiage is the hallmark of propaganda, designed to cause emotive reactions in people, so they don't consider inconvenient things like facts. Certainly people who are of the opinion that Fedora shouldn't run on devices that need signed kernels aren't going to be convinced that gaining the ability to make that choice was a big improvement. Oh, the same people who must think boot loader malware is somewhere in the continuum of people's imaginations to being exclusively a Windows threat. The Windows 8 certification is the most significant change in Microsoft's hardware requirements ever, as far as I can tell. It's a significant departure from their support legacy at most any cost position prior to this. Clearly they are more than a bit concerned about boot loader malware than they are gaining, what, 1%, by obliterating the entirety of desktop Linux with this conspiracy. Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sat, Jun 16, 2012 at 8:16 PM, Chris Murphy li...@colorremedies.com wrote: Calls for speculation. We know what the certification policy used to be. We also know how long DOJ takes to do anything, let alone politicking behind the scenes to arrive at compromise, let alone its day in court. Years. Generations of computers without a disable feature. Good job selectively quoting the part of my message where I was saying that it was a call for speculation either way. This handful are the people who use adversarial words like: fight, war, battle, attack, surrender, engagement, tactical, etc. to describe this topic. This verbiage is the hallmark of propaganda, designed to cause emotive reactions in people, so they don't consider inconvenient things like facts. I certainly have not done this and by using this argument against me I feel you're guilty of the same: It appears to me that you're suggesting that I'm somehow asscoiated with propaganda (an emotionally laden word too) and that people should not bother with an inconvenient thing like contemplating my position. Oh, the same people who must think boot loader malware is somewhere in the continuum of people's imaginations to being exclusively a Windows threat. Except, as I argued early in these thread, for Fedora the cryptographic lockdown will not meaningfully inhibit boot _time_ malware. If malware can exploit your kernel to infect the bootloader so that the kernel rootkit is reinstalled at every boot to prevent updates from removing it then it can just as well infect systemd to the exact same end. It only helps if the whole system runs no unsigned code at least upto the point where it connects to the internet and gets updates. There are a great many things Fedora could do which would have clear security benefit without the compromises. Where is the effort to fully seccomp-2 restrict and/or SELinux lockdown every use app that handles hostile network input, for example. Closing the door on botnet software long after the machine is compromised is a pretty weak security feature and thats the most the signed bootloader/kernel can offer, and even that requires signing up half the userspace too. The Windows 8 certification is the most significant change in Microsoft's hardware requirements ever, as far as I can tell. It's a significant departure from their support legacy at most any cost position prior to this. Clearly they are more than a bit concerned about boot loader malware than they are gaining, what, 1%, by obliterating the entirety of desktop Linux with this conspiracy. Old hardware will continue to run Windows 8. I don't see that I've seen any evidence of Microsoft adopting policy to ensure that new hardware would continue to run Windows, are you saying they have? -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sat, 16 Jun 2012, Chris Murphy li...@colorremedies.com wrote: On Jun 16, 2012, at 12:17 PM, Richard Vickery wrote: Why do we need to bring Microsoft into this, much less listen to, or communicate with them? Forget about them. Ahh, the Ostrich Maneuver. Had this been the policy of others working on this issue, Microsoft would not have updated their Windows 8 certification to require the user be able to disable Secure Boot. And then we'd all be in a significantly worse position. So congratulations on locating a really hideously bad idea, one that actually supports the original Microsoft position. Our fight may be with them, but if we let them continue on their merry way, they will most certainly fail. Fortunately people making informed decisions aren't so passive aggressive. Waiting for shit to hit the fan, and then using sprayed feces over everyone as justification for more shit flinging is about as stupid an idea as I've read in this thread. Yeah, great idea. Let's get pissy, but do nothing, wait for a net worse policy to develop that affects everyone, and then do nothing but get pissed off, bitch, and whine about it. What we need to do is let the broader public know that there are better options available Please provide an example of a better option, with sufficient detail as to constitute a successful relay of the baton. The point of the thread from the outset was to explore alternatives, but so far those alternatives are vaporware. Chris Murphy I have made several suggestions. If you want, read them and tell me what you think. Thank you! oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Jesse Keating wrote: The point in which you find yourself arguing over the semantics of Goodwin's law is also a clear indication that the thread has lost any amount of usefulness. Godwin's Meta-Law? Or maybe Keating's Corollary to Godwin's Law? -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Fri, Jun 15, 2012 at 4:06 AM, Eric Smith wrote: Jesse Keating wrote: The point in which you find yourself arguing over the semantics of Goodwin's law is also a clear indication that the thread has lost any amount of usefulness. Godwin's Meta-Law? Or maybe Keating's Corollary to Godwin's Law? It is more of a dilemma than a law, as it represents the common misunderstanding. Godwin's law says nothing about the usefulness of the thread. The law, by definition, applies to any thread. Orcan -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Fri, 15 Jun 2012, Mathieu Bridon boche...@fedoraproject.org wrote: On Thu, 2012-06-14 at 15:46 -0400, Jay Sulzberger wrote: Please forgive this top posting. I will not answer now your radical defense of Microsoft, except to say two things: 1. Your defense would apply also to the decades long fraud of Microsoft saying in their EULA that, if you do not run the Microsoft OS installed at point of sale of the hardware, you get a refund for the OS. But Microsoft and the hardware vendors systematically refused refunds. No they haven't. People get their OS refunded in France. It is a long and frustrating process, but with each victory it gets easier. No, even in France, as you state, it is not easy to get a refund. Even though the practice of tying software to hardware is illegal. What this shows is that one must be careful to correctly estimate the size of various forces in tactical situation. The relevance to the present case is this: Some Fedora developers argue that it will still be possible to install Fedora on x86 hardware which, as shipped, has only the PK and the PK authorized Microsoft Hardware Key in the UEFI. But Microsoft has for over a decade promised to simply give a refund when requested. And today nowhere on Earth does Microsoft actually simply give a refund when requested. Now Microsoft has promised to always allow the owner sitting before the machine to install their own key. But we know that Microsoft has systematically broken its promise to give refunds. Thus we should not accept Microsoft's promise here. In the case of ARM devices Microsoft's statement of its position is different: If the ARM device is shipped with a Microsoft OS, then Fedora will never be installed on the device. No putting one's own key in, no getting a special Microsoft/Vendor/Certificate-Authority managed key for the whole Fedora project, no nothing, just gross suppression of Fedora and all free OSes. There's even a step-by-step guide (in French) : http://non.aux.racketiciels.info/guide/index Thank you for this pointer. Here is a story from 1999: http://www.nylug.org/articles/text/article.windowsrefundday.nytimes.shtml The story is partly inaccurate. In New York City, of all the vendors whose machines we installed a free OS on, after careful removal of the Microsoft OS, only Emachines gave us a refund. Emachines was courteous in their written response to our request, and prompt in sending us the refund. And recently: For the first time in a case related to the sale of hardware/software, a judge declares explicitly that the sale of an OS by the OEM when the customer never asked for it can be considered unfair in any circumstance given its aggressive characteristic. The argument, more direct than ever (speaking about forced sale rather than bundled sale), is usable in all Europe. (quick translation from me, the inner quote is a translation of the actual words from the judge) http://aful.org/communiques/faire-payer-systeme-exploitation-non-demande-deloyal-en I am glad to see the court's clear statement. Of course this is wildly off-topic... -- Mathieu I hope that France enforces the law against tying of software to hardware. France for decades has not. Of course, neither has the United States of America, nor the UK, have enforced the laws and regulations here. Nor has any large European country enforced its analogous laws and regulations, as far as I am aware. This is not offtopic. This is the main topic. Fedora proposes to support Microsoft in Microsoft's attempt to directly control every home computer on Earth. The same arguments that are used in the present UEFI case to justify truckling to Microsoft could as well be applied to the Refund Clause question: Why there is really no problem. It is just a minor inconvenience that the hardware ships with an OS you do not want. See the EULA says you get a refund, so you just have to carefully remove the Microsoft OS, careful don't start it up by accident, and then you get a refund.. But in fact the policy of Microsoft is not to give any refunds, ever. And in fact in the UEFI case, no matter what Microsoft says, the policy of Microsoft is to make it difficult to install Fedora on x86 hardware, and impossible on ARM hardware. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/15/2012 12:05 PM, Jay Sulzberger wrote: On Fri, 15 Jun 2012, Mathieu Bridon boche...@fedoraproject.org wrote: On Thu, 2012-06-14 at 15:46 -0400, Jay Sulzberger wrote: Please forgive this top posting. I will not answer now your radical defense of Microsoft, except to say two things: 1. Your defense would apply also to the decades long fraud of Microsoft saying in their EULA that, if you do not run the Microsoft OS installed at point of sale of the hardware, you get a refund for the OS. But Microsoft and the hardware vendors systematically refused refunds. No they haven't. People get their OS refunded in France. It is a long and frustrating process, but with each victory it gets easier. No, even in France, as you state, it is not easy to get a refund. Even though the practice of tying software to hardware is illegal. What this shows is that one must be careful to correctly estimate the size of various forces in tactical situation. The relevance to the present case is this: Some Fedora developers argue that it will still be possible to install Fedora on x86 hardware which, as shipped, has only the PK and the PK authorized Microsoft Hardware Key in the UEFI. But Microsoft has for over a decade promised to simply give a refund when requested. And today nowhere on Earth does Microsoft actually simply give a refund when requested. Now Microsoft has promised to always allow the owner sitting before the machine to install their own key. But we know that Microsoft has systematically broken its promise to give refunds. Thus we should not accept Microsoft's promise here. In the case of ARM devices Microsoft's statement of its position is different: If the ARM device is shipped with a Microsoft OS, then Fedora will never be installed on the device. No putting one's own key in, no getting a special Microsoft/Vendor/Certificate-Authority managed key for the whole Fedora project, no nothing, just gross suppression of Fedora and all free OSes. There's even a step-by-step guide (in French) : http://non.aux.racketiciels.info/guide/index Thank you for this pointer. Here is a story from 1999: http://www.nylug.org/articles/text/article.windowsrefundday.nytimes.shtml The story is partly inaccurate. In New York City, of all the vendors whose machines we installed a free OS on, after careful removal of the Microsoft OS, only Emachines gave us a refund. Emachines was courteous in their written response to our request, and prompt in sending us the refund. And recently: For the first time in a case related to the sale of hardware/software, a judge declares explicitly that the sale of an OS by the OEM when the customer never asked for it can be considered unfair in any circumstance given its aggressive characteristic. The argument, more direct than ever (speaking about forced sale rather than bundled sale), is usable in all Europe. (quick translation from me, the inner quote is a translation of the actual words from the judge) http://aful.org/communiques/faire-payer-systeme-exploitation-non-demande-deloyal-en I am glad to see the court's clear statement. Of course this is wildly off-topic... -- Mathieu I hope that France enforces the law against tying of software to hardware. France for decades has not. Of course, neither has the United States of America, nor the UK, have enforced the laws and regulations here. Nor has any large European country enforced its analogous laws and regulations, as far as I am aware. This is not offtopic. This is the main topic. Fedora proposes to support Microsoft in Microsoft's attempt to directly control every home computer on Earth. The same arguments that are used in the present UEFI case to justify truckling to Microsoft could as well be applied to the Refund Clause question: Why there is really no problem. It is just a minor inconvenience that the hardware ships with an OS you do not want. See the EULA says you get a refund, so you just have to carefully remove the Microsoft OS, careful don't start it up by accident, and then you get a refund.. But in fact the policy of Microsoft is not to give any refunds, ever. And in fact in the UEFI case, no matter what Microsoft says, the policy of Microsoft is to make it difficult to install Fedora on x86 hardware, and impossible on ARM hardware. oo--JS. +1 -- Stephen Clark *NetWolves* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.cl...@netwolves.com http://www.netwolves.com -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Fri, 2012-06-15 at 12:05 -0400, Jay Sulzberger wrote: In the case of ARM devices Microsoft's statement of its position is different: If the ARM device is shipped with a Microsoft OS, then Fedora will never be installed on the device. No putting one's own key in, no getting a special Microsoft/Vendor/Certificate-Authority managed key for the whole Fedora project, no nothing, just gross suppression of Fedora and all free OSes. I'm not sure that kind of language is really helpful to anyone. Locked devices are what they are. They exist and have for years. Everything is getting more blurred now, given that it's perfectly possible for a microwave oven or wristwatch to have enough power to qualify it as a 'personal computer' by 1980s standards, and very few of them permit easy use of arbitrary code. Cellphones and tablets are personal computers in all sorts of ways; ditto with them, there has never been any kind of convention in those products that the user should be granted easy access to running arbitrary software, and they almost invariably are not. It just is what it is. You can choose to draw a somewhat arbitrary position that all computing devices have to allow ultimate control to their users and refuse to use any that don't, if you really insist. But it seems a bit of a quixotic 'cause' to take up. The open nature of the x86 PC architecture is to a large extent a historical accident more than the result of some sort of great ideological conviction, and the results of trying to graft ideological convictions on to it after the fact seem, to me, slightly forced and unconvincing. So, look. A Windows RT device is going to be just like just about any cellphone or tablet - a device which can be used for many of the purposes for which we're accustomed to using x86-based PCs, with much more restriction on user freedom than x86-based PCs have usually had. If that's not a thing you want, then you're free not to buy one. I certainly wouldn't recommend anyone buy one for the purpose of installing another operating system on it; that'd be silly (except, of course, in cases where particularly compelling implementations turn out to be trivially easy to unlock/root, which is often the case with Android phones). But I find it really difficult to truly believe that the mere existence of such devices is in itself inherently evil or wrong. There's no particular deception or duplicity going on. No-one is telling people they'll easily be able to execute arbitrary code on such devices. You go in with your eyes open, you know what you're getting, and you can choose whether it's something you want to participate in or not. If you don't, well, don't. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Fri, Jun 15, 2012 at 10:36:15AM -0700, Jesse Keating wrote: On 06/15/2012 10:31 AM, Steve Clark wrote: +1 This really isn't adding anything to the discussion, just noise. Please stop replying to large emails, quoting the entire thing, and just adding a +1. It's not helpful. +1 P.S. Sorry, I just couldn't hold the urge... -- Regards,-- Sir Raorn. --- http://thousandsofhate.blogspot.com/ signature.asc Description: Digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Hi. On Wed, 13 Jun 2012 22:13:49 -0700, Adam Williamson wrote: I hereby declare this thread officially dead. Is there a Godwin's Law equivalent that applies to the invocation of the 'GNU/ debate'? We could call it the 'RMS recurrence'. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Thu, Jun 14, 2012 at 1:13 AM, Adam Williamson wrote: On Thu, 2012-06-14 at 04:19 +0200, Kevin Kofler wrote: Adam Williamson wrote: On Wed, 2012-06-13 at 10:25 +0200, Ralf Corsepius wrote: I am inclined to believe, the spirit behind Linux has changed, changed away from being idealistic to playing issues low for commerial interests. I'm not going to agree or disagree, but purely as background, remember that the spirit behind _Linux_ has never been particularly idealistic. Linus is a pure pragmatist and has stated multiple times that he chose the GPL on practical grounds, not idealistic ones. And that's exactly why incorrectly calling GNU/Linux just Linux (as both Ralf and you did) is a mistake. Linus started only the kernel. The complete operating system was started by the GNU Project, which is very much idealistic. I hereby declare this thread officially dead. Is there a Godwin's Law equivalent that applies to the invocation of the 'GNU/ debate'? I don't think that applies since in this case what Kevin stated was explicitly the starting point of this discussion, not the finishing point. The best you can do is to claim that we are back where we started. Goodwin is more linear. No? Best, Orcan -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Thu, Jun 14, 2012 at 12:13 AM, Adam Williamson awill...@redhat.com wrote: On Thu, 2012-06-14 at 04:19 +0200, Kevin Kofler wrote: Adam Williamson wrote: On Wed, 2012-06-13 at 10:25 +0200, Ralf Corsepius wrote: I am inclined to believe, the spirit behind Linux has changed, changed away from being idealistic to playing issues low for commerial interests. I'm not going to agree or disagree, but purely as background, remember that the spirit behind _Linux_ has never been particularly idealistic. Linus is a pure pragmatist and has stated multiple times that he chose the GPL on practical grounds, not idealistic ones. And that's exactly why incorrectly calling GNU/Linux just Linux (as both Ralf and you did) is a mistake. Linus started only the kernel. The complete operating system was started by the GNU Project, which is very much idealistic. I hereby declare this thread officially dead. Is there a Godwin's Law equivalent that applies to the invocation of the 'GNU/ debate'? GNUwin's Law? -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel -- http://cecinestpasunefromage.wordpress.com/ in your fear, seek only peace in your fear, seek only love -d. bowie -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, 12 Jun 2012, Michael Scherer m...@zarb.org wrote: Le mardi 12 juin 2012 ?? 10:58 -0400, Jay Sulzberger a ??crit : On Tue, 12 Jun 2012, drago01 drag...@gmail.com wrote: No because secure boot does not limit your freedom in *any* way. If you want to hack on the kernel or other low level stuff flip a switch in the firmware. It is reasonable to expect this type of users to be able to do that. Up until now, installing a free OS did not require the extra moves, which Fedora admits are irksome. Not really my own experience, it took me 10 minutes just to find the way to boot on a usb keys on my 5 year old computer ( to reinstall it ). The interface is rather bad, first you need to plug the key, see how to enter the BIOS (not displayed, so I tried suppr, f2, f10, etc, I think it was Suppr), then make sure that say boot on harddrive is first ( that's the default ) and then select the order of the hard drives ( as I have 2 of them ), with my usb key being one of them. And of course, since that's a setting, do not forget to save and exit. While that's not hard, I do think that qualify as extra move, and given the people coming to my LUG for help, I think that my motherboard is not a exception. You are right that the old standard BIOSes are often difficult to use. But by extra I meant the new Microsoft imposed maneuvers. Of course the actions by Microsoft are against anti-trust law in the US and in Europe grossly violate the rule against tying of software and hardware. [...] No. Our side must here stand and fight. Well, have you filled a complain yet against that ? Since there was news about secureboot since months, I think that you had plenty of time to do it. In fact, even now, since people have time to complain, they can spend time to do it. -- Michael Scherer You are right that more action is required. On Tuesday 5 June 2012, in Washington DC, in the Main Building of the Library of Congress, Marcia Hofmann, Jay Sulzberger, Aaron Williamson, and Brett Wynkoop argued against using the DMCA as legal backup to Microsoft and Apple's plans to seize all home computers in the world. When a transcript of the arguments is available, I will notify Fedorians. Below my signature is a notice of the 5 June 2012 event. On Tuesday 11 May 2012, several of us attended a Tech Demo Day, also in Washington, DC, in the new Madison Building of the Library of Congress. Brett Wynkoop and I, and other partisans in the Cause, spoke and here is a video, in a perhaps inconvenient format, of Brett and my demonstrations: rtsp://rmserv1.loc.gov/avloc12/120511cop1130.rm My demonstration was not as good as it should have been, and, Heaven forwarding, a better version will be published, in the next few weeks. If Fedora appears to accept that Microsoft should have the Hardware Root Key, our side's arguments, in several arenas, are weakened. Further action will be taken. oo--JS. blockquote what=LXNY announcements list notice edits=a typo corrected Reply-To: secret...@lxny.org Subject: Tuesday 5 June 2012 Library of Congress: Argument before the Register of Copyrights For and Against the Right of Private Ownership of a Computer In Washington DC on Tuesday 5 June 2012 at 1:30 pm in the Jefferson Building, there will be a discussion of Proposed Exemption 4 to the Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies which prohibition is a part of the Digital Millennium Copyright Act. Here is the page for the Jefferson Building of the Library of Congress: http://myloc.gov/exhibitspaces/jeffbuilding/pages/default.aspx Every three years citizens of the United States argue for exemptions to the ridiculous Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies, which prohibition is a part of the Digital Millennium Copyright Act, the DMCA for short. If enforced, the Prohibition on Circum... ah, let us call it the Anti-Circumvention Clause of the DMCA, would give to Apple the power to bring a legal action which might result in jail time for some of the millions of people in the USA who today have root on the iPhones and iPads they use. And this month, for the first time, Microsoft, in partnership with Dell, HP, and Lenovo, will be in the same legal position as Apple: Microsoft has arranged that all Microsoft Certified Home Computers will only boot an Officially Approved-by-Microsoft Operating System. Under the Anti-Circumvention Clause of the DMCA getting root on an Microsoft Certified Home Computer will be a federal crime, punishable by imprisonment. (There may be a small exception to this: if you get root on the box by yourself, with no one else's help, and you do not publish information about your work, getting root may be allowed. In practice such engineering work is always a joint work of several, often, many people, and the results of such work, that is, the
Re: *countable infinities only
On 06/14/2012 01:56 PM, Jay Sulzberger wrote: If Fedora appears to accept that Microsoft should have the Hardware Root Key, our side's arguments, in several arenas, are weakened. Okay, first off, quit hijacking fedora-devel-list for your unrelated DMCA stuff. It's entirely the wrong place for that. Aside from that, you've still got the facts wrong. What you call the Hardware Root Key the specification calls the Platform Key or PK. PK serves a couple of functions - it is the ultimate arbiter of what can and can't add keys to the system, and it is the determining factor as to whether the Secure Boot feature is enabled. PK will probably not ever be Microsoft's key on any system. It'll be a unique to each hardware vendor, or possibly even unique to various business units within a hardware vendor, or anything else they happen to choose. It's completely their decision as to how they ship this, and nothing we can do will ever change that. The contents of PK are not and have not ever been the question in this thread. P.S. - It looks really strange when you namedrop yourself in your own email. It's like referring to yourself in the third person, squared. -- Peter -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Thu, 2012-06-14 at 14:38 -0400, Peter Jones wrote: P.S. - It looks really strange when you namedrop yourself in your own email. It's like referring to yourself in the third person, squared. I think it was a cut/paste on a press release. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Thu, 14 Jun 2012, Peter Jones pjo...@redhat.com wrote: On 06/14/2012 01:56 PM, Jay Sulzberger wrote: If Fedora appears to accept that Microsoft should have the Hardware Root Key, our side's arguments, in several arenas, are weakened. Okay, first off, quit hijacking fedora-devel-list for your unrelated DMCA stuff. It's entirely the wrong place for that. No. You intend to grant to Microsoft the power to impede installation of Fedora. The DMCA can today be used to threaten those who go around the impediment with jail time. My posts argue that Fedora should neither accept, nor seem to accept, Microsoft's having the Hardware Root Key. One reason not to seem to accept Microsoft's having the Hardware Root Key is that, when arguing for Examption 4, the Englobulators will answer Well, there is really no issue here. Why, Fedora accepts that it is right and proper that Microsoft have the Hardware Root Key.. Aside from that, you've still got the facts wrong. What you call the Hardware Root Key the specification calls the Platform Key or PK. PK serves a couple of functions - it is the ultimate arbiter of what can and can't add keys to the system, and it is the determining factor as to whether the Secure Boot feature is enabled. PK will probably not ever be Microsoft's key on any system. It'll be a unique to each hardware vendor, or possibly even unique to various business units within a hardware vendor, or anything else they happen to choose. It's completely their decision as to how they ship this, and nothing we can do will ever change that. The specification's words are carefully designed to mislead. As pointed out, if Microsoft has the Hardware Root Key, then SecureBoot is not a method of securely booting the hardware you own. You agree that the key in question is the Hardware Root Key. You just wrote: [the PK] is the ultimate arbiter of what can and can't add keys to the system, and it is the determining factor as to whether the Secure Boot feature is enabled. The contents of PK are not and have not ever been the question in this thread. Yes, of course, who has the Hardware Root Key is the issue here. If there is no issue as to who has the Hardware Root Key, why do you propose having Microsoft sign a Fedora key which allows for more convenient installation of Fedora? If there is no issue, Microsoft is not involved. But Microsoft is involved. P.S. - It looks really strange when you namedrop yourself in your own email. It's like referring to yourself in the third person, squared. -- Peter Thanks, Peter, for responding. I hope we may soon sit down together with food and drink before us and discuss rhetoric. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Thu, 2012-06-14 at 15:03 -0400, Jay Sulzberger wrote: On Thu, 14 Jun 2012, Peter Jones pjo...@redhat.com wrote: On 06/14/2012 01:56 PM, Jay Sulzberger wrote: If Fedora appears to accept that Microsoft should have the Hardware Root Key, our side's arguments, in several arenas, are weakened. Okay, first off, quit hijacking fedora-devel-list for your unrelated DMCA stuff. It's entirely the wrong place for that. No. You intend to grant to Microsoft the power to impede installation of Fedora. The DMCA can today be used to threaten those who go around the impediment with jail time. This is, at minimum, arguable. It would require Secure Boot to meet the definition of a 'technological protection measure'. According to chillingeffects.org, these are defined as: a measure which in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work. I don't immediately see how this can be held to apply to secure boot, as it is not intended as a copy protection measure and, as I understand it, is not necessarily or indeed often deployed by a copyright holder. Especially as the secure boot specification explicitly allows for the deployment of user keys, and the disabling (not circumvention) of secure boot. Aside from that, you've still got the facts wrong. What you call the Hardware Root Key the specification calls the Platform Key or PK. PK serves a couple of functions - it is the ultimate arbiter of what can and can't add keys to the system, and it is the determining factor as to whether the Secure Boot feature is enabled. PK will probably not ever be Microsoft's key on any system. It'll be a unique to each hardware vendor, or possibly even unique to various business units within a hardware vendor, or anything else they happen to choose. It's completely their decision as to how they ship this, and nothing we can do will ever change that. The specification's words are carefully designed to mislead. As pointed out, if Microsoft has the Hardware Root Key, then SecureBoot is not a method of securely booting the hardware you own. You agree that the key in question is the Hardware Root Key. You just wrote: [the PK] is the ultimate arbiter of what can and can't add keys to the system, and it is the determining factor as to whether the Secure Boot feature is enabled. The contents of PK are not and have not ever been the question in this thread. Yes, of course, who has the Hardware Root Key is the issue here. No, it isn't. You are fundamentally misunderstanding secure boot. Peter specifically stated that the hardware root key (as you call it; the platform key, as it is correctly called) is not the key that Microsoft will control. As Peter said, hardware manufacturers will control the hardware root key for their hardware. What Microsoft is pushing for (and requiring for compliance with its certification scheme) is that systems are shipped with Microsoft's signing key - not platform key. Microsoft do not require that Microsoft's be the _only_ signing key. Per their certification, it'd be perfectly fine to ship a system with Microsoft's key and 500 others. Signing keys are not a 'There Can Be Only One' proposition. It's therefore hard to argue that the setup is giving Microsoft any kind of exclusive control over anything. There is in theory nothing to stop any other organization from acting as a signing authority and persuading hardware vendors to install their signing key in addition to Microsoft's. The problems with this approach are discussed in mjg59's blog post. None of the problems with it is 'Microsoft don't want it to happen', because that isn't the case. If there is no issue as to who has the Hardware Root Key, why do you propose having Microsoft sign a Fedora key which allows for more convenient installation of Fedora? Read the initial blog post. Because in practice, no-one else besides Microsoft actually wants to go to the considerable trouble and expense of acting as a signing authority. _In theory_ any number of bodies could do so. _In practice_, no-one has yet showed up with the will and ability to do so, and apparently (I am not privy to any private planning in this regard) Red Hat doesn't want to either act as one in itself or lead a consortium to do so. Given that only Microsoft has committed to being a signing authority, and we aren't going to do so ourselves (either 'we' as in Red Hat or 'we' as in Fedora), the choices for secure boot boil down to either 'don't support it' or 'get our code signed by Microsoft'. But it's hard to blame Microsoft, exactly, for no-one else wanting to be a signing authority. Microsoft have certainly not done anything to preclude the possibility of any other body acting as a signing authority and getting their keys on hardware. The only thing you can fairly 'blame' Microsoft for
Re: *countable infinities only
On Thu, 14 Jun 2012, Peter Jones pjo...@redhat.com wrote: stuff removed / It's completely their decision as to how they ship this, and nothing we can do will ever change that. Peter, this is ridiculous. Of course Fedora might be able to get matters better arranged. Of course. There would be no GNU, had Richard Stallman said to himself Ah, there is nothing that can be done. There is nothing I can do, so why try?. There would be no Linux kernel had Linus Torvalds said to himself Ah, writing a kernel is a big job. I am just a beginner. I will not attempt it.. And there would be no Red Hat if the founders had said Ah, we will never get people to pay for servicing a free operating system. Let us not try.. Now, perhaps I misread, or misremember, but in this thread, I think it was said that a home computer vendor has offered to allow a key, authorized by what you distinguish as the PK, to be loaded into the UEFI, so that Fedora would stand equal to Microsoft, though both, you now claim, would be equally junior to the vendor (which claim is not right). And you refused. This is ridiculous. If one more key can be loaded at point of sale, then so can several more. And this is not the final step in the remedy, but only an early step. We can do more. But, if Fedora agrees that Microsoft gets to dictate what is loaded at point of sale, well, that is an un-necessary loss. As your statement shows, your team was not negotiating with Microsoft, nor with the vendors of hardware, but with a non-existent being of irresistible power. Of course that negotiation with an imaginary being is much harder to win than the real negotiation. RMS had no Red Hat backing him when he started Project GNU. Nor did Linus when he started the Linux kernel. Nor did the founders of Red Hat. But you have Red Hat, with a large income, and much money. You also have many people who will help you, and help ourselves, in this fight. Suggestion 2: Have Red Hat buy a large quantity of standard home machines, on condition that the UEFI not be locked at point of delivery to Red Hat. Suggestion 3: Do a better command and control screen for the UEFI. There is enough room in the UEFI for a big, but very simple, screen. There is even room for a proper manual. You have written that there is nothing you can do about the bad interface of the UEFI. But you can. oo--JS. The contents of PK are not and have not ever been the question in this thread. P.S. - It looks really strange when you namedrop yourself in your own email. It's like referring to yourself in the third person, squared. -- Peter LocalWords: UEFI -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Thu, 2012-06-14 at 15:46 -0400, Jay Sulzberger wrote: Please forgive this top posting. I will not answer now your radical defense of Microsoft, except to say two things: 1. Your defense would apply also to the decades long fraud of Microsoft saying in their EULA that, if you do not run the Microsoft OS installed at point of sale of the hardware, you get a refund for the OS. But Microsoft and the hardware vendors systematically refused refunds. I don't see how that has any relevance to the present situation, and I don't see how the argument I presented - which is entirely specific to the case of secure boot - can be said to 'apply' to that situation. 2. Does your defense apply to the case of Microsoft certified devices? Allowing your characterization of it as a 'defense' for the purposes of argument, yes, it does. It applies specifically to that case. Microsoft's certification requirements are really the only thing that gives them any kind of 'influence' in this area at all. If a device manufacturer does not care about Microsoft certification they can choose to leave secure boot out of the firmware entirely, include it but not include Microsoft's key, or really do anything they like. It is the Windows certification requirements that contain Microsoft's requirements with regard to secure boot - that it be enabled by default but can be disabled by the user, and that the system have Microsoft's signing key pre-installed. The UEFI specification itself does not have any such requirements. All it does is describe the Secure Boot mechanism, really. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Thu, 14 Jun 2012, Adam Williamson awill...@redhat.com wrote: On Thu, 2012-06-14 at 15:46 -0400, Jay Sulzberger wrote: Please forgive this top posting. I will not answer now your radical defense of Microsoft, except to say two things: 1. Your defense would apply also to the decades long fraud of Microsoft saying in their EULA that, if you do not run the Microsoft OS installed at point of sale of the hardware, you get a refund for the OS. But Microsoft and the hardware vendors systematically refused refunds. I don't see how that has any relevance to the present situation, and I don't see how the argument I presented - which is entirely specific to the case of secure boot - can be said to 'apply' to that situation. 2. Does your defense apply to the case of Microsoft certified devices? Allowing your characterization of it as a 'defense' for the purposes of argument, yes, it does. It applies specifically to that case. Microsoft's certification requirements are really the only thing that gives them any kind of 'influence' in this area at all. If a device manufacturer does not care about Microsoft certification they can choose to leave secure boot out of the firmware entirely, include it but not include Microsoft's key, or really do anything they like. It is the Windows certification requirements that contain Microsoft's requirements with regard to secure boot - that it be enabled by default but can be disabled by the user, and that the system have Microsoft's signing key pre-installed. The UEFI specification itself does not have any such requirements. All it does is describe the Secure Boot mechanism, really. -- Adam Williamson Adam, thank you for responding so quickly and so clearly. Your answers here seem to me to be difficult to effectively respond to. The difficulty is that the claims, the bald statements, are so completely at variance with what I consider to be, insofar as there are any facts in this world, the plain facts of the various cases. ad 1: The defense of Microsoft's failure to give a refund was Well, you must ask the vendor for the refund. We have nothing to do with refunds.. And the vendor would answer Well, this is really between you and Microsoft. We did not write the EULA. Microsoft did.. And here (I will expand on this next week, I hope) you say: Well, that in practice, installing Fedora is now much harder, well that has nothing to do with Microsoft. The hardware vendor made it harder. The hardware vendor could have placed extra keys, authorized by the PK, which PK mind you is not controlled by Microsoft, but the vendor did not.. But, oddly enough the vendor authorized Microsoft's key. And the vendor also, it is openly admitted, had to load Microsoft's key, in order to get the coveted Microsoft Certified Stamp, which stamp comes with large rebates in the price of a license for the Microsoft OS. And, you say that it is worth begging Microsoft to sign your key, so it is a bit more convenient to install certain Fedora kernels, when SecureBoot is turned on. These admitted facts show that Microsoft is running the show. Else why do you want Microsoft to authorize your keys? ad inability to manage keeping the private half of the Fedora key private: This is absurd. I will be happy to explain methods which, if Red Hat wanted, would meet all statutory, and real security, and even all anti-FUD compliance, requirements. This claimed inability is not reasonable. Why? Because your position implies that you trust Microsoft and the hardware vendor more than you trust yourselves in this. If that is your opinion, well, why run Fedora ever? After all, in the world your propose to create, Fedora depends for the security of its boot process, on Microsoft and Microsoft's partner, the hardware vendor. ad your answer to 2: I cannot this afternoon think of a way of making clear to you what you say. Your answer is approximately this: Somewhere there is some contract which was entered into between Microsoft and the hardware vendor. Therefore everything is OK, even if in a couple of years, Fedora is completely locked out of all ARM devices. In particular, because Microsoft and the hardware vendor say everything is OK, anti-trust law does not apply. Note that Microsoft, in combination the hardware vendors, succeeded in the last few years, in removing just about GNU/Linux system from netbooks. Some years ago many netbooks were shipped with GNU/Linux, but Microsoft put an end to this. And back then, Microsoft had no SecureBoot to help them in their program of removal and suppression. The situation with regard to ARM devices is analogous, except this time, Microsoft does have SecureBoot. Thanks again, Adam, for your time and consideration in answering me. I hope to persuade you to reconsider some of your positions, but now I will get up and go to a NYLUG meeting. oo--JS. -- devel mailing list devel@lists.fedoraproject.org
Re: *countable infinities only
On 06/14/2012 04:52 PM, Jay Sulzberger wrote:
ad inability to manage keeping the private half of the Fedora key
private: This is absurd. I will be happy to explain methods
which, if Red Hat wanted, would meet all statutory, and real
security, and even all anti-FUD compliance, requirements. This
claimed inability is not reasonable. Why? Because your position
implies that you trust Microsoft and the hardware vendor more
than you trust yourselves in this.
I should know better than wade in this discussion but I couldn't resist.
I will try to stay away from the large scale argument, and limit myself
to simple observations. In this case, I believe that you significantly
underestimate the complexity of running a certificate authority. It's
not just a matter of keeping the private key private.
The whole point of being an authority is to issue proper certificates,
and to do that meaningfully you have to vet applicants, keep track of
valid and invalid certs, handle the renewals and revocations. In fact, I
suspect that the actual cost of doing it properly far exceeds the
$99/cert, and that in fact instead of Fedora paying Microsoft, MS will
be subsidizing Fedora at these prices.
ad your answer to 2: I cannot this afternoon think of a way of
making clear to you what you say.
Actually, throughout this discussion, I had the impression that you are
the one that isn't articulating your position clearly. I think that your
main concern is that the SecureBoot is the camel's nose under the tent,
a first step towards a comprehensive signed environment where only
'approved' code can run, all the way from firmware to kernel to user
programs---not because of security but to ensure control of digital
content by large publishers. That's why you keep bringing up DRM and and
DMCA.
I personally share your long-term concern, and thank you for your
advocacy on this issue. At the same time, I think that SecureBoot is a
valid security technology; just like we sign RPM packages and prevent
installation of unsigned software, it makes sense to me to have
technical means of preventing running system software of unknown
provenance. As long as there is end user control (off switch, and
installation of third-party keys), it does not inexorably lead to the
DRM-driven lockdown.
Note that Microsoft, in combination the hardware vendors,
succeeded in the last few years, in removing just about GNU/Linux
system from netbooks. Some years ago many netbooks were
shipped with GNU/Linux, but Microsoft put an end to this.
The fact that Linux on netbooks did not become a worldwide success
has very little to do with MS machinations. For one thing, the Linux
offerings were not that good ('eee' is just about right), and for
another, the world has moved away from netbooks. Linux moved on, found a
sweet spot in Android, and trounced MS on tablets/smartphones.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Thu, Jun 14, 2012 at 01:56:01PM -0400, Jay Sulzberger wrote: If Fedora appears to accept that Microsoft should have the Hardware Root Key, our side's arguments, in several arenas, are weakened. I don't think we've argued that they should, merely that they do. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Le jeudi 14 juin 2012 à 16:52 -0400, Jay Sulzberger a écrit : Therefore everything is OK, even if in a couple of years, Fedora is completely locked out of all ARM devices. In particular, because Microsoft and the hardware vendor say everything is OK, anti-trust law does not apply. You may have missed the fact that the vast majority of arm devices on the market are already capable of being locked without any Microsoft intervention, or even without Microsoft pushing for it. Take for a example a popular SOC like qualcomm snapdragon ( popular as seen on http://en.wikipedia.org/wiki/Snapdragon_(system_on_chip) ) If you take a look on the boot process ( http://tjworld.net/wiki/Android/HTC/Vision/BootProcess ), you will see that it already use a system like secureboot, except that instead of having a interface to disable it, the key are in the chipset, and cannot be disabled if a fuse is blown. This date back to 2008 ( first sample of the SOC in 2007 ), and if you do not believe me, just search on the web for MSM7225 qfuses, msm7225 being the first chipset of the snapdragon family, and qfuses being the name of fuses to blow to activate secure enable boot on the SOC ( and by blowing fuse, understand irreversibly ). Chances are high that you will find technical documentations that explain it. -- Michael Scherer -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Thu, 2012-06-14 at 15:46 -0400, Jay Sulzberger wrote: Please forgive this top posting. I will not answer now your radical defense of Microsoft, except to say two things: 1. Your defense would apply also to the decades long fraud of Microsoft saying in their EULA that, if you do not run the Microsoft OS installed at point of sale of the hardware, you get a refund for the OS. But Microsoft and the hardware vendors systematically refused refunds. No they haven't. People get their OS refunded in France. It is a long and frustrating process, but with each victory it gets easier. There's even a step-by-step guide (in French) : http://non.aux.racketiciels.info/guide/index And recently: For the first time in a case related to the sale of hardware/software, a judge declares explicitly that the sale of an OS by the OEM when the customer never asked for it can be considered unfair in any circumstance given its aggressive characteristic. The argument, more direct than ever (speaking about forced sale rather than bundled sale), is usable in all Europe. (quick translation from me, the inner quote is a translation of the actual words from the judge) http://aful.org/communiques/faire-payer-systeme-exploitation-non-demande-deloyal-en Of course this is wildly off-topic... -- Mathieu -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/12/2012 07:43 PM, Bill Nottingham wrote: Jay Sulzberger (j...@panix.com) said: There is here no irrestible tide. Rather, Fedora is jumping to surrender before engagement. Secret discussions with Microsoft is perhaps part of this engagement. But such discussion is not the whole battle. Fedora should call a conference to organize fighting back, rather than attempting to defend on this list the serious tactical error which Fedora is about to commit. No offense, but you seem to have a very unusual idea about how much leverage Fedora has anywhere. None ... Linux and the spirit of freedom behind it matters. Why would hardware vendors listen to a community distribution that they never preinstall, have no plans to preinstall, and brings them absolutely no money? ... think Adaptec... ca. 15-20 years ago. I am inclined to believe, the spirit behind Linux has changed, changed away from being idealistic to playing issues low for commerial interests. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Wed, 2012-06-13 at 10:25 +0200, Ralf Corsepius wrote: I am inclined to believe, the spirit behind Linux has changed, changed away from being idealistic to playing issues low for commerial interests. I'm not going to agree or disagree, but purely as background, remember that the spirit behind _Linux_ has never been particularly idealistic. Linus is a pure pragmatist and has stated multiple times that he chose the GPL on practical grounds, not idealistic ones. (For double clarification, this does not necessarily mean I personally agree or that I think the Fedora project does/should. I mention it entirely as a note.) -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Peter Jones wrote: I find it pretty hard to believe this position. Through my role working on our bootloaders at Red Hat, I've seen a fair amount of pre-production hardware, and I've spent a lot of time looking at hardware that implements Secure Boot, and how it does so. I've seen the firmware interfaces so far. They've gotten a lot better than when they initially started shipping, but there are still plenty of them where /I/ can't figure out what the firmware options mean. The user only needs to be able to touch the Secure Boot setting, not the Frobnicate the XYZ unit setting nobody understands the meaning of. It's pretty disingenuous to think that our users are going to be able to figure this out. In our target userbase? Are you sure? Oh, and the tax forms I have to fill out every so often have plenty of cryptical things I'm supposed to fill in somehow, yet the government expects me to be able to figure it out. I think disabling Secure Boot is probably actually easier than filling out the average tax form. Kevin Kofler -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Adam Williamson wrote: On Wed, 2012-06-13 at 10:25 +0200, Ralf Corsepius wrote: I am inclined to believe, the spirit behind Linux has changed, changed away from being idealistic to playing issues low for commerial interests. I'm not going to agree or disagree, but purely as background, remember that the spirit behind _Linux_ has never been particularly idealistic. Linus is a pure pragmatist and has stated multiple times that he chose the GPL on practical grounds, not idealistic ones. And that's exactly why incorrectly calling GNU/Linux just Linux (as both Ralf and you did) is a mistake. Linus started only the kernel. The complete operating system was started by the GNU Project, which is very much idealistic. Kevin Kofler -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Once upon a time, Kevin Kofler kevin.kof...@chello.at said: Linus started only the kernel. The complete operating system was started by the GNU Project, which is very much idealistic. And where would GNU be if it weren't for Linux? I remember gcc and glibc before Linux came along (and then there was RMS's ugly lignux renaming attempt). There's a large chunk of GNU software that has received significan benefit from the Linux community. A Linux kernel with only software from GNU (as implied by the name GNU/Linux) would be pretty useless, so ignoring all the other software that goes into making a useful OS is also rude. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Thu, 2012-06-14 at 04:19 +0200, Kevin Kofler wrote: Adam Williamson wrote: On Wed, 2012-06-13 at 10:25 +0200, Ralf Corsepius wrote: I am inclined to believe, the spirit behind Linux has changed, changed away from being idealistic to playing issues low for commerial interests. I'm not going to agree or disagree, but purely as background, remember that the spirit behind _Linux_ has never been particularly idealistic. Linus is a pure pragmatist and has stated multiple times that he chose the GPL on practical grounds, not idealistic ones. And that's exactly why incorrectly calling GNU/Linux just Linux (as both Ralf and you did) is a mistake. Linus started only the kernel. The complete operating system was started by the GNU Project, which is very much idealistic. I hereby declare this thread officially dead. Is there a Godwin's Law equivalent that applies to the invocation of the 'GNU/ debate'? -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/11/2012 05:55 PM, drago01 wrote: On Mon, Jun 11, 2012 at 1:45 PM, Nicu Buculei wrote: Excuse me, but people like him used to be our (Fedora's) target audience. Have a read at http://fedoraproject.org/wiki/User_base For voluntary Linux consumers who are computer-friendly and likely collaborators to the project, a mere BIOS change *is* trivial. If they are not able to do even that, which level of contributions to you expect back? You don't have to know how to change firmware options to contribute besides from the fedora goals The Fedora Project consistently seeks to create, improve, and *spread* free/libre code and content. ... you can't do that by excluding users for such dubious reasons ... We do already exclude contributors for such dubious reasons as requiring them to be able to read a wiki, subscribe to a mailing list, make a FAS account... a BIOS change is equally difficult (or equally easy) as any of those. Is not rocket science. -- nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com/ photography: http://photoblog.nicubunu.ro/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, Jun 12, 2012 at 8:41 AM, Nicu Buculei nicu_fed...@nicubunu.ro wrote: On 06/11/2012 05:55 PM, drago01 wrote: On Mon, Jun 11, 2012 at 1:45 PM, Nicu Buculei wrote: Excuse me, but people like him used to be our (Fedora's) target audience. Have a read at http://fedoraproject.org/wiki/User_base For voluntary Linux consumers who are computer-friendly and likely collaborators to the project, a mere BIOS change *is* trivial. If they are not able to do even that, which level of contributions to you expect back? You don't have to know how to change firmware options to contribute besides from the fedora goals The Fedora Project consistently seeks to create, improve, and *spread* free/libre code and content. ... you can't do that by excluding users for such dubious reasons ... We do already exclude contributors for such dubious reasons Well you accuse other of not being able to read a wiki ... so please read what I wrote. excluding *users* for such dubious reasons . ... Users are not necessarily contributers. as requiring them to be able to read a wiki, subscribe to a mailing list, make a FAS account... a BIOS change is equally difficult (or equally easy) as any of those. Is not rocket science. You missed the point. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/12/2012 10:16 AM, drago01 wrote: On Tue, Jun 12, 2012 at 8:41 AM, Nicu Buculei wrote: We do already exclude contributors for such dubious reasons Well you accuse other of not being able to read a wiki ... so please read what I wrote. excluding *users* for such dubious reasons . ... Users are not necessarily contributers. as requiring them to be able to read a wiki, subscribe to a mailing list, make a FAS account... a BIOS change is equally difficult (or equally easy) as any of those. Is not rocket science. You missed the point. The point is we have a target audience: http://fedoraproject.org/wiki/User_base Our desired users ARE contributors. -- nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com/ photography: http://photoblog.nicubunu.ro/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, Jun 12, 2012 at 9:44 AM, Nicu Buculei nicu_fed...@nicubunu.ro wrote: On 06/12/2012 10:16 AM, drago01 wrote: On Tue, Jun 12, 2012 at 8:41 AM, Nicu Buculei wrote: We do already exclude contributors for such dubious reasons Well you accuse other of not being able to read a wiki ... so please read what I wrote. excluding *users* for such dubious reasons . ... Users are not necessarily contributers. as requiring them to be able to read a wiki, subscribe to a mailing list, make a FAS account... a BIOS change is equally difficult (or equally easy) as any of those. Is not rocket science. You missed the point. The point is we have a target audience: http://fedoraproject.org/wiki/User_base Our desired users ARE contributors. We do have a mission as well: http://fedoraproject.org/wiki/Overview#Our_Mission The Fedora Project consistently seeks to create, improve, and spread free/libre code and content. Which you don't do by excluding users ... sure we want to gain new contributors but that does not mean that we should exclude other users. I think this is clear enough so I am not going to go in circles with you ... its pointless. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/12/2012 12:58 PM, drago01 wrote: On Tue, Jun 12, 2012 at 9:44 AM, Nicu Buculei wrote: The point is we have a target audience: http://fedoraproject.org/wiki/User_base Our desired users ARE contributors. We do have a mission as well: http://fedoraproject.org/wiki/Overview#Our_Mission The Fedora Project consistently seeks to create, improve, and spread free/libre code and content. And Bingo! the mission is all about freedom. Which you don't do by excluding users ... sure we want to gain new contributors but that does not mean that we should exclude other users. Not if it affects our freedom, is a problem of freedom versus convenience. If spreading to some users means losing some freedom, then I think that is against the mission. I think this is clear enough so I am not going to go in circles with you ... its pointless. -- nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com/ photography: http://photoblog.nicubunu.ro/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, Jun 12, 2012 at 12:11 PM, Nicu Buculei nicu_fed...@nicubunu.ro wrote: On 06/12/2012 12:58 PM, drago01 wrote: On Tue, Jun 12, 2012 at 9:44 AM, Nicu Buculei wrote: The point is we have a target audience: http://fedoraproject.org/wiki/User_base Our desired users ARE contributors. We do have a mission as well: http://fedoraproject.org/wiki/Overview#Our_Mission The Fedora Project consistently seeks to create, improve, and spread free/libre code and content. And Bingo! the mission is all about freedom. I didn't deny that. Which you don't do by excluding users ... sure we want to gain new contributors but that does not mean that we should exclude other users. Not if it affects our freedom, is a problem of freedom versus convenience. No because secure boot does not limit your freedom in *any* way. If you want to hack on the kernel or other low level stuff flip a switch in the firmware. It is reasonable to expect this type of users to be able to do that. If spreading to some users means losing some freedom, then I think that is against the mission. We are not loosing any freedom we are implementing a technology that makes fedora work out of the box on newer hardware. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Sat, Jun 9, 2012 at 10:57 AM, drago01 wrote: On Sat, Jun 9, 2012 at 4:09 PM, Orcan Ogetbil wrote: On Sat, Jun 9, 2012 at 3:19 PM, Chris Smart wrote: On 09/06/12 19:34, drago01 wrote: If Fedora does not implement some form of Secure Boot support, 100% of Fedora users will still be able to install Fedora on new machines, after they disable Secure Boot, if their computer even has it at all (and personally, I think the majority of Fedora users will simply buy hardware which does not have Secure Boot). I know I would. No because some users in don't know what a firmware is and can't/don't want to fiddle with it. Except it won't be that hard. For people like you. I believe that supporting people who are not in your like you classification above is loss of time and resources. They should not be using any electric equipment (e.g. toaster oven, refrigerator, light bulb) to begin with. Furthermore, reading arguments against this in an official Fedora mailing list makes me sad. Sorry for being so harsh. I just don't have much tolerance for accepting unintelligence. Not sure I should even reply to such a mail but ... not being computer literate does not imply being unintelligent . Just think about that for a bit. Due to my respect to your request, I thought about it for nearly 72 hours. I still stand behind what I said: People who are incapable of switching a BIOS setting, which might involve doing a simple web search beforehand, should better not touch any electric equipment. Fellow contributors assert that such people are not in Fedora's target base, as per the statement of the Board. Of course they are right. I am just claiming the set of BIOS-capable people is not limited to target Fedora user base, but extends to all electric equipment users. Best, Orcan -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/12/2012 08:10 AM, Orcan Ogetbil wrote: On Sat, Jun 9, 2012 at 10:57 AM, drago01 wrote: On Sat, Jun 9, 2012 at 4:09 PM, Orcan Ogetbil wrote: On Sat, Jun 9, 2012 at 3:19 PM, Chris Smart wrote: On 09/06/12 19:34, drago01 wrote: If Fedora does not implement some form of Secure Boot support, 100% of Fedora users will still be able to install Fedora on new machines, after they disable Secure Boot, if their computer even has it at all (and personally, I think the majority of Fedora users will simply buy hardware which does not have Secure Boot). I know I would. No because some users in don't know what a firmware is and can't/don't want to fiddle with it. Except it won't be that hard. For people like you. I believe that supporting people who are not in your like you classification above is loss of time and resources. They should not be using any electric equipment (e.g. toaster oven, refrigerator, light bulb) to begin with. Furthermore, reading arguments against this in an official Fedora mailing list makes me sad. Sorry for being so harsh. I just don't have much tolerance for accepting unintelligence. Not sure I should even reply to such a mail but ... not being computer literate does not imply being unintelligent . Just think about that for a bit. Due to my respect to your request, I thought about it for nearly 72 hours. I still stand behind what I said: People who are incapable of switching a BIOS setting, which might involve doing a simple web search beforehand, should better not touch any electric equipment. Fellow contributors assert that such people are not in Fedora's target base, as per the statement of the Board. Of course they are right. I am just claiming the set of BIOS-capable people is not limited to target Fedora user base, but extends to all electric equipment users. Best, Orcan +1 -- Stephen Clark *NetWolves* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.cl...@netwolves.com http://www.netwolves.com -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/12/2012 06:15 AM, drago01 wrote: On Tue, Jun 12, 2012 at 12:11 PM, Nicu Buculeinicu_fed...@nicubunu.ro wrote: On 06/12/2012 12:58 PM, drago01 wrote: On Tue, Jun 12, 2012 at 9:44 AM, Nicu Buculei wrote: The point is we have a target audience: http://fedoraproject.org/wiki/User_base Our desired users ARE contributors. We do have a mission as well: http://fedoraproject.org/wiki/Overview#Our_Mission The Fedora Project consistently seeks to create, improve, and spread free/libre code and content. And Bingo! the mission is all about freedom. I didn't deny that. Which you don't do by excluding users ... sure we want to gain new contributors but that does not mean that we should exclude other users. Not if it affects our freedom, is a problem of freedom versus convenience. No because secure boot does not limit your freedom in *any* way. If you want to hack on the kernel or other low level stuff flip a switch in the firmware. It is reasonable to expect this type of users to be able to do that. If spreading to some users means losing some freedom, then I think that is against the mission. We are not loosing any freedom we are implementing a technology that makes fedora work out of the box on newer hardware. This is MS classic ploy against free software embrace and extend. First it will be it can be disabled then for windows 9 if you want to have approved hardware MS will require, like ARM, x86 secure boot can not be disabled and they will point to Fedora and say see it is not necessary that we need to be able to turn off secure boot, free software like Fedora works just fine with it enabled. -- Stephen Clark *NetWolves* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.cl...@netwolves.com http://www.netwolves.com -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/12/2012 08:10 AM, Orcan Ogetbil wrote: Due to my respect to your request, I thought about it for nearly 72 hours. I still stand behind what I said: People who are incapable of switching a BIOS setting, which might involve doing a simple web search beforehand, should better not touch any electric equipment. Fellow contributors assert that such people are not in Fedora's target base, as per the statement of the Board. Of course they are right. I am just claiming the set of BIOS-capable people is not limited to target Fedora user base, but extends to all electric equipment users. I find it pretty hard to believe this position. Through my role working on our bootloaders at Red Hat, I've seen a fair amount of pre-production hardware, and I've spent a lot of time looking at hardware that implements Secure Boot, and how it does so. I've seen the firmware interfaces so far. They've gotten a lot better than when they initially started shipping, but there are still plenty of them where /I/ can't figure out what the firmware options mean. There are still plenty of other firmware options for other features that have some acronym that only a subject matter expert will ever figure out what mean. This is not merely common, but it's true on nearly all machines I've ever encountered. On all but the most painfully limiting firmwares, there is an option the name of which I can't decode, much less establish a meaning for. A meeting of the minds between the user and the firmware developer is clearly not a high priority, and is basically never achieved. It's pretty disingenuous to think that our users are going to be able to figure this out. Even if we provide the best instructions we can, there are going to be users - reasonably smart people who are using computers and Fedora to solve real problems - who aren't going to be able to figure out how what we say maps to their firmware. It's pretty hurtful to say they shouldn't be using computers, much less /all/ electric equipment. Just because somebody doesn't have a high level of technical expertise doesn't mean they can't or shouldn't use the tools available to accomplish their goals, and it's pretty rude to treat people this way. Above that, when you make statements that denigrate a plurality of human beings, it becomes very difficult to take your point in any way seriously. -- Peter -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/12/2012 09:00 AM, Steve Clark wrote: This is MS classic ploy against free software embrace and extend. First it will be it can be disabled then for windows 9 if you want to have approved hardware MS will require, like ARM, x86 secure boot can not be disabled and they will point to Fedora and say see it is not necessary that we need to be able to turn off secure boot, free software like Fedora works just fine with it enabled. This seems like a pretty unlikely scenario. You have to disable secure boot to perform most kernel-level debugging operations in Windows 8. It'd alienate pretty much the entire OEM community for Windows add-on card drivers, pretty much all major enterprise customers, and all computer science departments that use windows for any OS program, just as some examples. Microsoft knows it needs these people. While I admit it makes sense for them to work on generic ways to do the kinds of debugging tasks, with Secure Boot enabled, that enterprise customers perform to make their production systems run better, that's certainly not going to happen any time soon, if at all. -- Peter -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, 12 Jun 2012, drago01 drag...@gmail.com wrote: On Tue, Jun 12, 2012 at 12:11 PM, Nicu Buculei nicu_fed...@nicubunu.ro wrote: On 06/12/2012 12:58 PM, drago01 wrote: On Tue, Jun 12, 2012 at 9:44 AM, Nicu Buculei wrote: The point is we have a target audience: http://fedoraproject.org/wiki/User_base Our desired users ARE contributors. We do have a mission as well: http://fedoraproject.org/wiki/Overview#Our_Mission The Fedora Project consistently seeks to create, improve, and spread free/libre code and content. And Bingo! the mission is all about freedom. I didn't deny that. Which you don't do by excluding users ... sure we want to gain new contributors but that does not mean that we should exclude other users. Not if it affects our freedom, is a problem of freedom versus convenience. No because secure boot does not limit your freedom in *any* way. If you want to hack on the kernel or other low level stuff flip a switch in the firmware. It is reasonable to expect this type of users to be able to do that. Up until now, installing a free OS did not require the extra moves, which Fedora admits are irksome. If Microsoft succeeds in imposing Microsoft Root Control, then it becomes even harder to install free software, as compared to running a Microsoft OS which is already loaded on the box at point of sale. If we let them, Microsoft will have erected yet another barrier to running free software. ad diction: SecureBoot does not mean secure boot in the situation where a large rich entity hostile to free software holds the unique key which allows booting on the hardware. To continue to call the arrangement under which Microsoft holds the root key to the hardware SecureBoot is inaccurate. If any Fedora developer uses the term without explanation of its real meaning, that developer suggests to those listening, that the developer thinks that Microsoft holding the root key is more secure than Fedora holding the root key, or the owner of the hardware holding the root key. It is ridiculous to use a term invented by Microsoft to mislead people who do not understand that SecureBoot means Root Control by Microsoft. If spreading to some users means losing some freedom, then I think that is against the mission. We are not loosing any freedom we are implementing a technology that makes fedora work out of the box on newer hardware. No, if we have to beg Microsoft for permission to conveniently install Fedora, we have lost our freedom to conveniently, without asking permission of Microsoft, install Fedora. Why should we beg Microsoft for a power which last month we had, and which Microsoft has seized to itself? Of course the actions by Microsoft are against anti-trust law in the US and in Europe grossly violate the rule against tying of software and hardware. And claiming Why you could pirouette and do a handspring backwards, and if Microsoft agrees, then you can install Fedora, so there is no extra bar to installation. is incorrect. Before now we did not have to do the pirouette and handspring. Before the New Microsoft Regime of Booting, we did not have to beg Microsoft to sign our keys. No. Our side must here stand and fight. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, 12 Jun 2012, Peter Jones pjo...@redhat.com wrote: On 06/12/2012 08:10 AM, Orcan Ogetbil wrote: Due to my respect to your request, I thought about it for nearly 72 hours. I still stand behind what I said: People who are incapable of switching a BIOS setting, which might involve doing a simple web search beforehand, should better not touch any electric equipment. Fellow contributors assert that such people are not in Fedora's target base, as per the statement of the Board. Of course they are right. I am just claiming the set of BIOS-capable people is not limited to target Fedora user base, but extends to all electric equipment users. I find it pretty hard to believe this position. Through my role working on our bootloaders at Red Hat, I've seen a fair amount of pre-production hardware, and I've spent a lot of time looking at hardware that implements Secure Boot, and how it does so. I've seen the firmware interfaces so far. They've gotten a lot better than when they initially started shipping, but there are still plenty of them where /I/ can't figure out what the firmware options mean. There are still plenty of other firmware options for other features that have some acronym that only a subject matter expert will ever figure out what mean. This is not merely common, but it's true on nearly all machines I've ever encountered. On all but the most painfully limiting firmwares, there is an option the name of which I can't decode, much less establish a meaning for. A meeting of the minds between the user and the firmware developer is clearly not a high priority, and is basically never achieved. It's pretty disingenuous to think that our users are going to be able to figure this out. Even if we provide the best instructions we can, there are going to be users - reasonably smart people who are using computers and Fedora to solve real problems - who aren't going to be able to figure out how what we say maps to their firmware. It's pretty hurtful to say they shouldn't be using computers, much less /all/ electric equipment. Just because somebody doesn't have a high level of technical expertise doesn't mean they can't or shouldn't use the tools available to accomplish their goals, and it's pretty rude to treat people this way. Above that, when you make statements that denigrate a plurality of human beings, it becomes very difficult to take your point in any way seriously. -- Peter Let Fedora help bring to market better hardware. Do not agree that Microsoft should have the Hardware Root Key on just about all x86 style computers for sale next year. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, Jun 12, 2012 at 10:22 AM, Peter Jones pjo...@redhat.com wrote: This seems like a pretty unlikely scenario. You have to disable secure boot to perform most kernel-level debugging operations in Windows 8. It'd alienate pretty much the entire OEM community for Windows add-on card drivers, pretty much all major enterprise customers, and all computer science departments that use windows for any OS program, just as some examples. Microsoft knows it needs these people. One way to tell if the characteristics you know about something are meaningful is to replace the thing you're talking about and see if the comments make any less sense. You could replace disable-secure-boot with access to source code here and it makes absolutely as much sense except for the fact that they don't generally give access to their source code. Certainly as a developer it's even more important to be able to read the implementations of the stuff you're calling than it is to be able to run modified versions of them. Presumably if Microsoft manages to get by with giving drivers authors highly confined access to implementation details they could get by just as well requiring people to sign up to buy developer cryptographic keys in order to do kernel debugging. Alternatively you could make the same arguments about various mobile platforms which are normally shipped to users in a totally locked down state: the hardware peripheral makers need low level access. The vendors manage to find ways to accommodate these people without compromising their control over the normal installed base. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Le mardi 12 juin 2012 à 10:58 -0400, Jay Sulzberger a écrit : On Tue, 12 Jun 2012, drago01 drag...@gmail.com wrote: No because secure boot does not limit your freedom in *any* way. If you want to hack on the kernel or other low level stuff flip a switch in the firmware. It is reasonable to expect this type of users to be able to do that. Up until now, installing a free OS did not require the extra moves, which Fedora admits are irksome. Not really my own experience, it took me 10 minutes just to find the way to boot on a usb keys on my 5 year old computer ( to reinstall it ). The interface is rather bad, first you need to plug the key, see how to enter the BIOS (not displayed, so I tried suppr, f2, f10, etc, I think it was Suppr), then make sure that say boot on harddrive is first ( that's the default ) and then select the order of the hard drives ( as I have 2 of them ), with my usb key being one of them. And of course, since that's a setting, do not forget to save and exit. While that's not hard, I do think that qualify as extra move, and given the people coming to my LUG for help, I think that my motherboard is not a exception. Of course the actions by Microsoft are against anti-trust law in the US and in Europe grossly violate the rule against tying of software and hardware. [...] No. Our side must here stand and fight. Well, have you filled a complain yet against that ? Since there was news about secureboot since months, I think that you had plenty of time to do it. In fact, even now, since people have time to complain, they can spend time to do it. -- Michael Scherer -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/12/2012 10:58 AM, Jay Sulzberger wrote: On Tue, 12 Jun 2012, drago01drag...@gmail.com wrote: On Tue, Jun 12, 2012 at 12:11 PM, Nicu Buculeinicu_fed...@nicubunu.ro wrote: On 06/12/2012 12:58 PM, drago01 wrote: On Tue, Jun 12, 2012 at 9:44 AM, Nicu Buculei wrote: The point is we have a target audience: http://fedoraproject.org/wiki/User_base Our desired users ARE contributors. We do have a mission as well: http://fedoraproject.org/wiki/Overview#Our_Mission The Fedora Project consistently seeks to create, improve, and spread free/libre code and content. And Bingo! the mission is all about freedom. I didn't deny that. Which you don't do by excluding users ... sure we want to gain new contributors but that does not mean that we should exclude other users. Not if it affects our freedom, is a problem of freedom versus convenience. No because secure boot does not limit your freedom in *any* way. If you want to hack on the kernel or other low level stuff flip a switch in the firmware. It is reasonable to expect this type of users to be able to do that. Up until now, installing a free OS did not require the extra moves, which Fedora admits are irksome. If Microsoft succeeds in imposing Microsoft Root Control, then it becomes even harder to install free software, as compared to running a Microsoft OS which is already loaded on the box at point of sale. If we let them, Microsoft will have erected yet another barrier to running free software. ad diction: SecureBoot does not mean secure boot in the situation where a large rich entity hostile to free software holds the unique key which allows booting on the hardware. To continue to call the arrangement under which Microsoft holds the root key to the hardware SecureBoot is inaccurate. If any Fedora developer uses the term without explanation of its real meaning, that developer suggests to those listening, that the developer thinks that Microsoft holding the root key is more secure than Fedora holding the root key, or the owner of the hardware holding the root key. It is ridiculous to use a term invented by Microsoft to mislead people who do not understand that SecureBoot means Root Control by Microsoft. If spreading to some users means losing some freedom, then I think that is against the mission. We are not loosing any freedom we are implementing a technology that makes fedora work out of the box on newer hardware. No, if we have to beg Microsoft for permission to conveniently install Fedora, we have lost our freedom to conveniently, without asking permission of Microsoft, install Fedora. Why should we beg Microsoft for a power which last month we had, and which Microsoft has seized to itself? Of course the actions by Microsoft are against anti-trust law in the US and in Europe grossly violate the rule against tying of software and hardware. And claiming Why you could pirouette and do a handspring backwards, and if Microsoft agrees, then you can install Fedora, so there is no extra bar to installation. is incorrect. Before now we did not have to do the pirouette and handspring. Before the New Microsoft Regime of Booting, we did not have to beg Microsoft to sign our keys. No. Our side must here stand and fight. oo--JS. +1 -- Stephen Clark *NetWolves* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.cl...@netwolves.com http://www.netwolves.com -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Mon, 2012-06-11 at 10:17 -0400, Gregory Maxwell wrote: On Mon, Jun 11, 2012 at 9:56 AM, Nicu Buculei nicu_fed...@nicubunu.ro wrote: Of course we are missing that part *now*, there is no motherboard with UEFI and Secure Boot in the wild so we can take screenshots and publish them. Once such board will be released, plenty of instructions and tutorials will follow, to make it work not only with Linux, but also with older versions of Windows. My understanding is that the folks working on secureboot are too busy building cryptographically signed boot-loaders that will inhibit users from changing their kernels to take pictures and work on instructions. But I could be mistaken. You are, and that was being very un-excellent, so please refrain from it in future. In fact, mjg for one has already explicitly stated that instructions would be a good thing, but it's not possible to work on them now because there are no production firmwares available yet so we don't know what the interfaces will look like. The intended-for-developers prototype interfaces people like mjg are currently working with look very different to how the eventual consumer interfaces will look. It is never a good idea to assume malice where you can't prove it. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, 2012-06-12 at 11:08 -0400, Jay Sulzberger wrote: Let Fedora help bring to market better hardware. Do not agree that Microsoft should have the Hardware Root Key on just about all x86 style computers for sale next year. That tide still appears to be coming in despite your commands, Your Majesty... -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, Jun 12, 2012 at 9:30 AM, Adam Williamson awill...@redhat.comwrote: On Tue, 2012-06-12 at 11:08 -0400, Jay Sulzberger wrote: Let Fedora help bring to market better hardware. Do not agree that Microsoft should have the Hardware Root Key on just about all x86 style computers for sale next year. That tide still appears to be coming in despite your commands, Your Majesty... - It isn't particularly fair to do one post telling someone they are being un-excellent, followed immediately by another post which is un-excellent. darrell -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, 12 Jun 2012, Adam Williamson awill...@redhat.com wrote: On Tue, 2012-06-12 at 11:08 -0400, Jay Sulzberger wrote: Let Fedora help bring to market better hardware. Do not agree that Microsoft should have the Hardware Root Key on just about all x86 style computers for sale next year. That tide still appears to be coming in despite your commands, Your Majesty... -- Adam Williamson There is here no irrestible tide. Rather, Fedora is jumping to surrender before engagement. Secret discussions with Microsoft is perhaps part of this engagement. But such discussion is not the whole battle. Fedora should call a conference to organize fighting back, rather than attempting to defend on this list the serious tactical error which Fedora is about to commit. oo--JS. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On Tue, Jun 12, 2012 at 12:25 PM, Adam Williamson awill...@redhat.com wrote: You are, and that was being very un-excellent, so please refrain from it in future. I'm left wondering where your concern about being excellent to each other has been hiding throughout this thread, and where it was when you made the Your Majesty comment to Jay Sulzberger moments after this post. It is never a good idea to assume malice where you can't prove it. This sounds like a guilty conscience speaking to me. I never claimed any malice. I apologize if my message sounded as though I were. Let me make this more clear: People in this thread have been saying that instructions can't be created because the hardware is not available to the public yet. However, the people working this stuff actually do have access to UEFI secureboot hardware. I presumed this was under NDA, because none of them were stepping up to say no, actually I do have the hardware. The idea that the firmware is complete enough to build and test the cryptographic lockdown but not complete enough to make write instructions against simply didn't occur to me. And with that thought in mind I think it's even more sad that the Fedora community isn't focusing primarily on making instructions _now_ while there may still be an opportunity to encourage making those yet unwritten interfaces easy and consistent. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
On 06/12/2012 01:11 PM, Gregory Maxwell wrote: Let me make this more clear: People in this thread have been saying that instructions can't be created because the hardware is not available to the public yet. However, the people working this stuff actually do have access to UEFI secureboot hardware. I presumed this was under NDA, because none of them were stepping up to say no, actually I do have the hardware. Reference UEFI x86 hardware exists, but it is reference hardware, and has not yet been abused horribly by an OEM. It will look nothing like that when it gets to you, and the way that a bootloader interacts with UEFI isn't affected at all by that, which is why we can implement that bootloader and test it on the reference hardware. Keep in mind that while BIOS looks like an 8bit text adventure game, UEFI is a graphical UI, and each OEM is going to want to provide value add and customize it for you to leave no doubt what sort of hardware you're running. We have no clue what the OEMs will do to the interface. The idea that the firmware is complete enough to build and test the cryptographic lockdown but not complete enough to make write instructions against simply didn't occur to me. And with that thought in mind I think it's even more sad that the Fedora community isn't focusing primarily on making instructions _now_ while there may still be an opportunity to encourage making those yet unwritten interfaces easy and consistent. We can't write instructions on the reference hardware, because it wouldn't be useful, and I believe it may violate NDAs if we were to do so. (I haven't signed any NDAs in this space personally, although, I'm quite sure Red Hat has. I can't tell you anything that would violate the NDA either, because I don't have the reference hardware, nor have I touched/used it. I merely know that it does exist, which you could have figured out with the right set of Google keywords.) ~tom == Fedora Project -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: *countable infinities only
Jay Sulzberger (j...@panix.com) said: There is here no irrestible tide. Rather, Fedora is jumping to surrender before engagement. Secret discussions with Microsoft is perhaps part of this engagement. But such discussion is not the whole battle. Fedora should call a conference to organize fighting back, rather than attempting to defend on this list the serious tactical error which Fedora is about to commit. No offense, but you seem to have a very unusual idea about how much leverage Fedora has anywhere. Why would hardware vendors listen to a community distribution that they never preinstall, have no plans to preinstall, and brings them absolutely no money? Bill -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
