* Posts by h4rm0ny

4544 posts • joined 26 Jul 2008

What happened to Eadon??

h4rm0ny
Silver badge

I heard...

...that threw a bucket of Windows phones over them and he melted.

Eadon was particularly unwholesome. He (or she, but male seems to be the consensus), sometimes caused me to wonder if he was actually an MS-fan trying to discredit Linux and Open Source users. He was that bad. There were some days that I could almost feel the hatred fizzing out of my monitor at me when he and I discussed things. I think I was particularly bad because I *am* a UNIX programmer (or was for many years) and I'd lay fairly good odds that I actually know a considerable amount more about GNU/Linux than he does. (I still remember snobbishly looking down on Ubuntu when it appeared for being pre-compiled :D )And yet since some time after Windows 7, I've been increasingly impressed by MS's products and direction. And so day after day, Eadon would hiss and spit at me about the virtues of Linux and call me a shill and every other name, and I'd vainly try to explain that both were good. I've no doubt got a bit of a reputation here and elsewhere as a Microsoft fanperson, but the weird thing is that it is Eadon and a few like him, that have pushed me in that direction.

But Eadon could also very easily be tied up in knots. Conditioned hatred leads to that. I once got him to out and out state that bias and distortion of the truth was the morally right thing if it made Microsoft look bad.

I would almost feel sorry for him, if he weren't such a destructive thing to the image of Open Source. We're all better off without him.

1
1

Articles with no comments

h4rm0ny
Silver badge
Mushroom

Re: Articles with no comments

Agreed. This is annoying. How am I supposed to find the thread for the Trident article for example. There seems no obvious category and no way of knowing what thread people are discussing it in. Give us proper comments. I like to read what people have written without following a series of clues. And sometimes I like people to read what I have written without having to do the same.

3
0

Admen's suggested tweaks to Do Not Track filed straight into the bin

h4rm0ny
Silver badge

Re: DNT is a mirage

"i.e. the Reg have one for containing our forum accounts. While this may not be the best example, the Reg aren't completely evil in spite of what maybe written in the comments sections responding to articles written by Andrew and Lewis..."

You're confused about what tracking is. It's not when you sign into an account on El Reg. It's when you sign into El Reg. and read an article on 3D televisions and then you go to Facebook and the two sites share information (probably by a Third Party) and Facebook says 'I hear you like televisions, wouldn't you like to see some ads from Panasonic, now?).

It's not about signing into a site, it's about tracking between them.

9
0
h4rm0ny
Silver badge

Re: I love W3C

"The ad men responded with; "We'll ignore DNT information from IE10.".

Actually the person who said that was a lean engineer at the Apache Foundation who unilaterally put in an unapproved patch to do that right before a major release and was roundly slapped by his fellow team members. IIRC, the revert comment said something like 'don't stick your politics into the code'. The commit actually worked below the web application level interfering with the actual HTTP header information.

The ad agencies actually were fine with having it buried in the browser settings. They know there's a coming storm with privacy and the original DNT would have let them say that people were voluntarily accepting the tracking whilst knowing that hardly anyone would trek through three layers of menus to turn it off. When MS were going to enable it by default, they actually changed the spec to disallow it, but MS found a way around that by including it in the default choices on browser setup.

So I see why it seems odd that MS are on this panel. But we really don't know what their position was in the meetings. Maybe they just feel they can have more influence from inside than from out.

2
0

YES, Xbox One DOES need internet, DOES restrict game trading

h4rm0ny
Silver badge

Re: Microsoft: "We're always listening to our customers"

"£40-50 is a lot compared to other media types and while a music album can last your lifetime in terms of enjoyment a game gets boring"

I get bored of music too. Let's compare it to films. A film might last around two hours. A Blu-ray of it will cost, let's say £15 (we are comparing new and big name films if you're pitching £40-50 for games). So a film is £7.50 per hour. Do these £40-50 games come in under seven hours of total play? Because if not, they are a good buy compared to film media. Note that I was especially generous in comparing them to purchased discs which multiple people can watch (just like multiple people can play a game) rather than to cinema tickets which are per person (rather than per household like the Xbox games) and which would *really* make games look cheap.

Some here are ignoring the flip side of the criticism that if games companies are against trade-in because it hits how much revenue they get from games, then limiting trade-in should result in cheaper games, unless there is price-fixing going on in which case you have a different problem.

Also, has anyone compared the financial impact of trade-in games with the impact of piracy? It seems to me that the latter is quite probably a far greater cause of this DRM than trade-in.

0
0

Microsoft touts business features of Windows 8.1

h4rm0ny
Silver badge

Re: @JDX - StartIsBack

"Too bad the rest of the planet is not as smart as you are! You must feel so lonely up there!"

Actually, I'm up there with the super-geniuses too, apparently. And so is my mother who similarly managed to use Windows 8 fine.

Seriously, children are able to learn the Windows 8 interface easily in no time. You really want to argue that you're less intelligent and IT capable than them?

3
5
h4rm0ny
Silver badge

Thats it Luke, let the hatred flow through you...

MS reveal a list of upcoming features, many of which will be very useful to the Enterprise. And every comment is seething contempt. The unreasoning hatred and bias in this place is absurd.

13
9

Look ma, no plugins! Streaming web video with just JavaScript

h4rm0ny
Silver badge

Re: Shouldn't that be...

Well the point is, no matter what you do regarding DRM and watermarking. It will _always_ affect the legitimate user and never affect the pirate

An invisible watermark does not affect me as a legitimate user. If a whole bunch of material I have purchased shows up pirated and they can identify the source as me, then that can well affect me as a pirate. The files are distinguishable. As well as knowing that they were originally sold to me, they can theoretically find the first time that file was uploaded and from where.

3
1
h4rm0ny
Silver badge

Re: WebGL

Conceptually it is a security nightmare. That was always the given reason by Microsoft for not implementing it.

1
1

Why next iPhone screen could be made of SAPPHIRE - and a steal...

h4rm0ny
Silver badge

Re: Never mind the quality - feel the width !

"Hmm, it wasn't really the image I wanted to accompany my morning coffee, though."

Think yourself lucky. I was eating raspberry yoghurt when I read that line. (I actually was).

4
0

Want to know what CIA spooks really think of spy movies and books?

h4rm0ny
Silver badge

Re: Films and Novels require the suspension of disbelief

Swordfish with Hugh Jackman hacking with multiple consoles deserves a special mention for grating stupidity.

I use multiple consoles all the time. ;) Try multiple people

Realistic Hacking

Hollywood doesn't get more accurate than that! ;)

1
0
h4rm0ny
Silver badge

Re: Mostly Boredom

"I love the way James Bond breaks into the villain's office at night and the first thing he pulls out of the filing cabinet is the Master Plan. Dgeez, it takes me half an hour to find anything in my *own* filing cabinet."

I agree with your post overall, but I can't help thinking that any evil genius would probably be a lot more organized than us.

I mean, if you walked into an office, what would scream "Evil" at you more than a tidy desk? It's just wrong.

6
0

Linux kernel 3.9 lands

h4rm0ny
Silver badge

Re: Quick Noob Q.

Can the kernel be set to override UEFI BIOS and get around this whole MS lock down of motherboards? I am looking at a new Linux home machine on new hardware. My new Mobo has UEFI, so it is a concern obviously.

You'll be fine. Part of the requirements from MS for Windows 8 certification actually specify that a physically present user must be able to turn Secure Boot off. Additionally, with some GNU/Linux distributions, you wont even have to do that as they have signed boot loaders. The Secure Boot hysteria was actually a big piece of FUD from MS critics. Meanwhile, Google's Pixel, that can only have your choice of OS installed on it by repeatedly putting the device in developer mode everytime you boot, has passed with nary a whisper of criticism.

2
1
h4rm0ny
Silver badge

Re: Quick Noob Q.

it is possible it might have some secret option to be turned on/off within the EFI interface, before you can do just that.

The UEFI standard is just that - a documented standard shared created by a large range of big hardware players from AMD to Apple to Intel to Lenovo. There wont be "secret options" to turn on Secure Boot against the user's will. There's no such option in UEFI and no-one wants to fake a UEFI system.

1
0
h4rm0ny
Silver badge

Eadon logic dictates that market share is all when it comes to windows phone. Applies different logic to desktop.

Ah, I see. It wasn't clear from your post that you were highlighting Eadon's double-standards, I thought you were taking an unwarranted shot at Linux. He really is hugely destructive to debate.

2
0
h4rm0ny
Silver badge

Re: Windows Desktop is from Venus, Linux Desktop is from Mars

<quote>The god in this case is Mars, not Linus. Calm down, it's just a bit of wordplay on the "A is from Venus B is from Mars" trope, not frothing lunacy.</quote>

I don't know how you got that. He wrote: "The Linux Desktop is cool, named after a god". I'm familiar with KDE, Gnome, Xfce and others, but I don't know one called Mars. How you parsed his post to this, I have no idea. You must have studied Eadonish at University or something.

2
0
h4rm0ny
Silver badge
Mushroom

Re: Windows Desktop is from Venus, Linux Desktop is from Mars

Eadon isn't a Linux supporter - he's a parody account. I assume he's a Windows user of some ilk

I don't know. He's been going a long time and I remember his earlier posts which were also very pro-Linux and anti-MS, but not always as stupid as this one (though still frequently stupid and profoundly biased). I lean more to the 'Genuine Idiot' Theory of Eadon. Though if they really do get their pleasure in life from posting silly things on The Reg forums, then that's just tragically sad.

Either way though, he makes us genuine Linux users look bad and I resent him for that.

8
0
h4rm0ny
Silver badge

@spoddyhalfwit. Don't let Easdon provoke you into negative attacks. GNU/Linux has loads to offer. Windows is good too. These things are not mutually exclusive. Linux powers at least half of the Internet for a start. Not to mention the Linux kernel being a critical part of Android. If you like Windows (I do), then Linux was one of the best things that happened to security in Windows by pushing MS to compete against a better opponent ten years ago. It's not a war, even if posters like Eadon want to make it one. Chill.

20
0
h4rm0ny
Silver badge

Re: Windows Desktop is from Venus, Linux Desktop is from Mars

The Windows Desktop runs hot; has a quadrillion exotonnes of hot marketing air swirling around it and is toxic and crushing to all known forms of life except for viruses, which thrive on it.

The Linux Desktop is cool, named after a god and mankind desperately wants to go there,

With supporters like you, who needs Bill Gates? You are the worst of the Linux community and I am glad that the vast majority are not frothing lunatics such as yourself.

Named after a god. LOL. I mean I have great respect for Linus Torvalds, but to paraphrase Doctor Who, he'd make a very bad god. No day off for a start! ;)

10
4

AMD reveals potent parallel processing breakthrough

h4rm0ny
Silver badge

What concerns me though, I recall some time back (a couple of years ago) there being a WebGL exploit that could extract pieces of video RAM. Admittedly, the exact problem occurred nearly 2 years ago, and a lot has changed since then, however this isn't to say the same vulnerability can't exist in future software.

Issues of this nature were given by Microsoft as the reason they hadn't implemented WebGL in IE for such a long time.

1
0

Ban drones taking snaps of homes, rages Google boss... That's HIS job, right?

h4rm0ny
Silver badge

Re: So few comments?

I think this is a case of glass houses and throwing stones. Im betting hes got a reporter doing exactly this and he doesn't like it.

Probably that. But aside from the downright offensiveness of Schmidt being the one to say this, he is correct in this case. I'll just be keeping a very close eye on whether his actions match his rhetoric.

2
0

WTF is... H.265 aka HEVC?

h4rm0ny
Silver badge

Re: Implementation suggestion for smooth as silk frame-by-frame advance etc.

What you want is completely in the hands of the client

If you look at the title of the post above you, you'll see the term "Implementation suggestion". The poster knows this is something for the client to implement. They're just expanding on the original topic.

0
0
h4rm0ny
Silver badge

Re: Ah, another patent encumbered format @JDX

This is always about software patents, not the code itself. OK, you write a nice implementation, your code should be protected, I totally agree. But the algorithm used should be open, so that someone can provide an alternative implementation

This is worth examining. The above would be correct if the effort and work producing this was on the coding side, but it is actually largely on the algorithm side. I haven't looked at the algorithm, but I am a C++ programmer (or I was for some years) and I have some background in mathematics. I'm not at all trivialising the work that goes into implementing this, but if I look at the algorithm, my educated guess is that it wouldn't be that hard for me to turn it into code, just a little time because I'm rusty. But could I come up with the algorithm? I doubt it. I understand the principles detailed in this article and I dare say I could follow a more detailed version too, but my maths simply is not good enough to have done what these people did and nor do I have the large amount of time and effort these people were paid to put in.

What I'm saying, is that your suggestion that the code is what needs protecting, that "ripping off" involves copying the code, mistakes where the effort takes place, and thus where the protection should occur.

If someone creates a computer game where I am a gun running round shooting aliens in first-person view, well that's a simple idea, but the code will be huge and complex. Thus copyright law prevents me just copying it and calling it mine. But I can freely make my own version. If someone creates a complex series of sophisticated algorithms for video encoding/decoding, then the idea is the complicated part, but the implementation will be (relatively) simple in that I'm just taking the maths and turning it into code (with some parallelization if I want it to be a [I]good[/I] implementation. Thus the latter case isn't looking to copyright law to ensure the creators are fairly recompensed, but to patent law.

As you said at one point, the problem is that it becomes a standard. There are only three ways out of that. Either

* An Open Source alternative is created that is as good as the proprietary one.

* Users pay a very small sum to licence it directly.

* Someone pays it on behalf of the users.

The first has not happened, unfortunately. That would be the ideal.

The second would probably be the fairest second option but it requires more prevalent and easy micro-payments amongst users, so it's a solution for five years down the road. Though you can do it with some success today, so I would advocate this one.

The third is all nice and lovely, isn't it. In practice, it probably means Google showering you with ads and mining your data as free services usually do. Though Ubuntu maybe has enough revenue that they will do this in their case, it doesn't help the rest of the distros.

What isn't an option, imo, is simply throwing out the patent protection and saying you can just give other people's efforts away for free. The licencing terms are actually already quite generous in that you can give it away a 100,000 times before it is an issue. But surely if you are making money from other people's work (and Ubuntu *is* a business, as are others), then surely those others should have a right to recompense. I mean I actually could legally roll my own h4rm0nix distribution (you heard the name first here) and legally distribute the codec with it up to a 100,000 times. That's pretty cool. But move to a large business like Ubuntu, it's a different story, imo.

2
0

Google vows no patent prosecution for open source cloud tech

h4rm0ny
Silver badge

It's not _bad_ news, but it's more PR than anything else for the most part. Google's statement that they wont sue anyone unless they are sued first sounds very noble on the surface, but it attempts to present suing as the only way in which one party can do a wrong to the other. As Google is quite weak in patents compared to other big players, it's far more the case that Google would do another party a wrong by infringing on their patents. Naturally the infringed party would then sue at which point Google hoists their flag of "We didn't sue first". But the reality is that they don't have to sue first in order to be the transgressor. Furthermore, the caveat that Google is only extending this offer to Open Source projects, is fine for Open Source projects, but it makes it meaningless in terms of whether this is actually costing Google anything. All their real rivals are Closed Source. There is only two viable contenders in the Open Source world to Google and these are Ubuntu and Firefox OS (potentially). The Mozilla Foundation is currently dependent on Google and Ubuntu is not a rival in the mobile space, only Desktop, which Google does not value highly because they feel they cannot realistically compete with Windows or Mac there. They are rolling out ChromeOS, but I really don't think they see Ubuntu as a threat there. So basically, this gesture from Google costs them nothing. Which again, is no bad thing for Open Source, but diminishes how generous this appears.

There are two other takes on Android - that by Amazon, and that by Samsung. Neither of these will be impacted by this as the distinctions between these and Google's own Android lines, are in the proprietary level of stores, apps, etc.

Is this a bad thing? No. Is it more than PR from Google? Not much.

2
0

Microsoft backs law banning Google Apps from schools

h4rm0ny
Silver badge

Re: Just skimmed the article

Headline is click-bait, but Google are unlikely to be compliant. If you read that link more carefully, they state that they do not serve adverts in Google Apps for Education, but they don't say anything about not collecting data nor about not merging that data with other services outside of Google Apps for Education. You can always monetize the data later. Having children's data from their earliest days onwards - that's commercially valuable and in Google's best financial interests.

1
0
h4rm0ny
Silver badge

Re: The bill sounds good

and Eadon would be right. It is obvious, even for the article's author, that bill is obviously aimed to whack out MS competition

The bill affects anyone (including Microsoft) that would collect data on school children in the course of their education. The author of this article should be ashamed of themselves for their poor journalism. All Google have to do to comply with this law is to not collect data on the school children. It's not a law to ban Google from classrooms. But it is aimed at Google. There's no contradiction between the two. Google are attempting to exchange schoolchildren's data for free tools. I agree that this is wrong. All that would happen is Google would have to either start charging for their services to education like other companies, or else grant it truly free.

3
1

EU antitrust chief growls at Google, hopes to avoid sanctions

h4rm0ny
Silver badge

Re: EU

The EU is a socialist and simultaneously a fascist organisation.

A bit like the Fascists then, who re-introduced the old Latin word into the modern era. They were an off-shoot of the Italian Socialist Party.

0
0

Upping your game with Windows Server 2012

h4rm0ny
Silver badge

Re: @H4rm0ny

"Although I agree with you that it can easily be done;"

I feel the bolded word is an important ommission from your original statement which otherwise suggests it's some sort of fiddly work around to use Server 2012 without Windows 8.

"where does that leave Microsoft's core feature wrt 2012; the by default desktop-less installation? Worse; where does that leave remote administration?"

I'm really starting to wonder if you've actually used this or looked at it. Firstly, GUI-less operation is not MS's "core feature", it's one of many very nice enhancements and new features on Server 2012. If you don't use it (and this is the personal 'you' there, most people will be able to use it fine because they don't have your dislike), then there are still plenty of other features that make it well worth having. And you can turn the GUI on or off as you like. During run-time. I don't think you understand the advantage of the GUI-less setting - it reduces overhead and footprint when you're running ranks of virtualized instances. I honestly find your objection to using the management tools on Windows 8 arbitrary and ill-supported anyway. It's a $40 upgrade and Win8 does everything that Win7 does. Your inability to manage a different Start Screen is well-documented on these forums, yet it still comes up against my direct experience that I personally am able to manage with it fine so I don't see why you have trouble with it.

I also don't see why you find it so unreasonable that the new admin tools should be released for Windows 8 first.

1
1
h4rm0ny
Silver badge

"You'd need Win8 to administer it because the admin tools haven't been backported yet."

You can use the interface on Server 2012 instead, just as you can on previous versions of Server. You may not like the GUI on Server 2012 (you've written many times about that), but it doesn't seem problematic to me.

5
4

Asteroid miners hunt for platinum, leave all common sense in glovebox

h4rm0ny
Silver badge
Headmaster

Re: Inferring

Okay. Can't stand this any longer. The word you are all looking for is implying. The article itself is not going to infer anything from anyone unless you think the article is somehow sentient.

9
1

Microsoft dragging its feet on Linux Secure Boot fix

h4rm0ny
Silver badge

Re: RE: Never ascribe to malice that which can adequately be explained by incompetence

"The difficulty is that in the current scheme the root certificate is issued by an untrusted entity. And this cert cannot be substituted for one of choice."

Firstly, inability to install your own certificates does not stop anyone from installing a different OS which is what Fatman was concerned about. It merely means that you wont be using Secure Boot. Which is the same as with any PCs today. This is the main point as it fully answers the scenario that Fatman raises in thinking you wouldn't be able to re-sell a PC and put something else on it (you can).

Secondly, you're calling Verisign or the manufacturer such as Lenovo an "untrusted entity", at which point you've taken your security concerns way beyond what the vast majority of users do, to the extent that your making an equivalent argument to saying you don't trust antivirus software sellers because maybe you can't trust them not to approve something they shouldn't.

But that doesn't

1
1
h4rm0ny
Silver badge

Re: RE: Never ascribe to malice that which can adequately be explained by incompetence

"The proof of this will be in 3 to 5 years down the road, as corporate PC's get retired, and hit the resale market. How difficult will it be for a second owner to put whatever O/S on it remains to be seen"

Not sure what you think the difficulty would be. You don't need Microsoft's assistance or any of the original install keys or discs to replace the OS that is on there. You just go ahead and install what you want, turning off Secure Boot if need be. Secure Boot prevents malware from changing what can boot on a PC, not what a physically present user can install.

1
1
h4rm0ny
Silver badge

Re: Microsoft reason of doing this

"How much are you paid for this PR guff?"

Addressed to me? I'm not paid to post at all nor remunerated in any other way nor expect to be. I have no affiliation with any of the businesses involved in this story nor expect to. Accusations of being an astro-turfer is just an ad hominim. There's nothing that I've written here that I can't back up with actual sources or clear reasoning.

1
1
h4rm0ny
Silver badge

Re: Microsoft apologists miss the point

I've gone back to see where you got that "quote" from me that I thought sounded suspiciously unlike something I would write. I've found what I originally wrote and you have misquoted me and actively misrepresented what I wrote. That's a pretty low thing to do.

This is what you wrote:

"You say, "Red Hat etc are "actively taking advantage" of it - that is bullshit they have no choice, and it's a real problem"

This is what I actually wrote:

"I wonder if you will be so angry about Secure Boot and call it a "lock out system" when Red Hat or SuSE start actively taking advantage of it. I suspect not."

You should consider that when you need to start misrepresenting what someone says in order to argue with them, you have crossed bounds into setting your own desire to "win" an argument above your respect for actual truth. Your posts have been riddled with dubious misrepresntations and suppositions as well as insults such as calling people "apologists". You're a zealot, in short.

1
1
h4rm0ny
Silver badge

Re: Microsoft apologists miss the point

"They can't put in a CD/DVD and instal now. They need specialist knowledge."

Changing a simple option from "On" to "Off" when it's clearly marked and easy to get to, is not "specialist knowledge". It's more complicated to download the ISO and burn that than it is to turn off Secure Boot. And if they need technical help with that, then surely the same source can tell them "press this button when you turn it on".

"Secondly, you can turn it off now, but it's a fair risk that in the future there will be no such option to turn it off."

You say that, but you offer no proof other than saying "that's what Microsoft would do". Besides, you've been arguing that it's a problem now. An argument that something is bad because of what might happen in the future is a different argument. That could be applied to a lot of good things.

"Microsoft have forced this "secure boot" (Trusted Computing by another name) and suddenly all the Linux guys have to get Linux to work with it, or be locked out"

MS haven't forced this on anyone. Secure Boot is not a MS product. They're merely the first to make proper use of it. And demonstrably Linux is not locked out of PCs by it. Any of us can still install Linux on a Windows 8 certified PC easily which means you are clearly wrong.

"You say, "Red Hat etc are "actively taking advantage" of it - that is bullshit they have no choice, and it's a real problem.

I think if I did say that, what I was saying was that RedHat *will* take advantage of it. I'll have to go back and check the quote but it doesn't sound right the way you put it. I do believe that RedHat will take advantage of it. And they'll be right to do so - it's useful.

"That is why you are an apologist, you try to justify Microsoft's unethical actions in the comments you make, usually with arguments that are fallacy."

So you couldn't actually find a post where I showed bias, then? And where is anything I've said a fallacy? Nearly everything that I've written here has just been a factual correction of misinformation.

1
2
h4rm0ny
Silver badge

Re: Microsoft reason of doing this

"they also take the chance to earn money from Linux."

Do you really think Microsoft are motivated by a $US99 fee they get from RedHat or SuSE asking them to sign a bootloader? Because that's how much has been charged.

1
2
h4rm0ny
Silver badge

Re: Interesting approaches to monopoly

Just a bit more, in case the previous seems ambiguous without context, here is the following paragraph:

18. Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv."

Also, apologies if the last part of my previous post came across as hostile. It just seemed very strange that you would tell somone the word was "can" instead of "must". You made it sound like you had read the specification, when actually the OP has the wording right.

1
1
h4rm0ny
Silver badge

Re: Interesting approaches to monopoly

"...Actually, the word is "can", not "must". So long as SecureBoot is turned on *by default* with the MS key installed, the OEM is under no obligation to provide a method to turn it off for the HW to be approved by MS."

I don't know where you got that from. It's incorrect. Here is a link to MS's hardware certification requirements for Windows 8 PCs. LINK

From the section on Secure Boot (around page 118):

""17. Mandatory. On non-ARM systems, the platform MUST implement the ability for a physically present user to select between two Secure Boot modes in firmware setup: "Custom" and "Standard". Custom Mode allows for more flexibility as specified in the following:"

OEMs are absolutely under an obligation to allow users to disable Secure Boot to be turned off if they wish to comply to with MS's terms for certification. Why did you choose to "correct" someone who had it right?

1
1
h4rm0ny
Silver badge

Re: @dajames

"'AC@11/22-00:20 here, to be honest that's the first time I hear about Verisign keys in this UEFI SecureBoot context even though I'm a regular ElReg reader too."

The Reg's coverage here has been high on sensationalism, but rather weak on details. Verisign do provide keys for Secure Boot (I don't know whether or not they provide them for all OEMs, or just some). But obviously the component used for signing must be kept very secure, otherwise security would be compromised. So Verisign provide the keys, but MS have one of them to sign their code with (and they will sign other people's code too for a relatively small fee). Red Hat investigated doing it themself (i.e. they could get a key from Verisign too), but decided that managing that whole process plus the cost involved, was worse for them than simply paying MS to sign their code for them. The link you posted to RedHat is actually a very good link covering their decision. From there, this is probably the most relevant part:

challenge is how to both initially ship and later update the set of trusted keys stored in the system firmware. g all users to manually perform this task would not meet the ease of use objectives. After all, with any security feature if it's too hard to enable it, few will bother to use it and leave themselves exposed.

The resulting mechanism planned for getting the keys automatically distributed is to utilize Microsoft key signing and registry services. This obviates the need for every customer to have to round up a collection of keys for multiple operating systems and device drivers. t will provide keys for Windows and Red Hat will provide keys for Red Hat Enterprise Linux and Fedora. Similarly other distributions can participate at a nominal cost of $99 USD - allowing them to register their own keys for distribution to system firmware vendors.

MS get a key from Verisign, Red Hat side-steps all the hassle of doing it themselves by paying the $99 fee and MS sign it for them.

3
1
h4rm0ny
Silver badge

Re: Microsoft apologists miss the point

"Windows apologists like @Harmony preach that you can work around these lock-out systems."

There are three things wrong with the above statement. Firstly, you can work around it very easily, by just turning it off. It's no more complicated than switching a boot device in BIOS. It's actually less honest to "preach" that it's difficult to work around it, as you do. Secondly, "apologist" is a nasty word. It makes it sound like someone is justifying racism. If you genuinely see my posting factual corrections as being an apologist, it says far more about how you see things than it says about me. For you to see someone correcting misinformation here as I have been repeatededly doing as being an "apologist", you must have an incrediblly partisan view on things. I prefer my own neutrality, thanks. Thirdly, as it's so trivial to turn this off, it's only your desire to present it as a sinister move that makes you call it a "lock-out system". To nuetral parties it's a security measure that has demonstrable benefits (there is plenty of malware we can point at that will be successfully blocked by this). I wonder if you will be so angry about Secure Boot and call it a "lock out system" when Red Hat or SuSE start actively taking advantage of it. I suspect not.

I don't suppose I'll ever get an apology for being called an "apologist". Something that is an accusation of bias which I dislike. I don't think you'll be able to find any post that shows a biased point of view regarding OSs. In fact, go ahead and try.

1
2
h4rm0ny
Silver badge

Re: GPT

"In passing, you don't need a UEFI BIOS to support disks >2Gb with Linux, provided you are happy with the plural. Once a linux kernel is up and running, it'll handle a disk with a GPT without any use of the system BIOS."

That's actually the same as under Windows. It's the "up and running" part that UEFI solves. With either Linux or WIndows, you can't boot off a disk 2TB or larger (note, you wrote 2GB, this is incorrect). WIth UEFI, you can (under either).

1
1
h4rm0ny
Silver badge

Re: @AManCalledBob - Don't like windows 8? Tough, you can't run anything else.

What gives you the confidence to assume all PC hardware manufacturers will allow you to disable secure boot ? Microsoft suggested them they can do it not that they must do it (after all they can't dictate to OEMs, can they?).

MS have specified that you have to be able to turn off Secure Boot if you want to advertise your PC as certified by them for Windows 8. That's a fairly powerful marketing draw. Besides which, what would OEMs have to gain by making their product less able than a competitors?

1
2
h4rm0ny
Silver badge

Re: Secure Boot can be turned off ... BUT ...

"Once you do, if you boot up a Live CD, say, Linux Mint 13, and try to install a dual boot, Linux does not recognize Windows 8 (nor any of the numerous partitions on the hard drive) as a valid operating system. How then to set up a dual-boot system?"

Are you saying you have had this happen to you? Because turning off Secure Boot shouldn't cause you any problems with dual booting. Windows 8 runs fine on systems without Secure Boot. I think you're very misinformed. I don't see how Linux would fail to recognize any of the partitions on the hard drive. Linux has better and wider file system support than Windows.

1
1
h4rm0ny
Silver badge

Re: Interesting approaches to monopoly

"So you can re-flash the UEFI from Linux (or other non-MS utility) with a UEFI of your own, with your own signing key and without MS's revocation rights? You know, so that the UEFI could secure-boot a non-MS OS?"

No. There's no flashing of firmware involved or anything remotely like that. You just power on the computer and enter UEFI, just like you would enter BIOS (typically, you press F1). Then you just select the option for Secure Boot and turn it off. You can then boot any OS you choose. You wont then be using Secure Boot.

This means that you can't benefit from Secure Boot with Linux if you do this, but no Linux distro really makes use of it at this time anyway. The signed boot loaders that RedHat and Ubuntu are providing don't really provide any security. All that they do is enable you to use a Live CD to demo or install their Distro without having to go into the UEFI and turn Secure Boot off. Beyond that initial boot loader, there's not much protection to be gained by using Secure Boot with Linux. Hopefully one of the main distros will make use of it in time.

1
1
h4rm0ny
Silver badge

Re: Re:Don't like windows 8? Tough, you can't run anything else.

"So if you buy a machine with Win8 from an OEM it will NOT boot any other OS."

This is incorrect. Just go into UEFI and turn off Secure Boot. It's very easy, no different to swapping the default boot device.

1
2
h4rm0ny
Silver badge

Re: Windows 8

"There are now only Apple and Windows computers available easily."

There is absolutely nothing preventing you from starting a business selling PCs with a Linux distribution pre-installed. Or indeed with no OS installed. Secure Boot hasn't changed that in the slightest.

1
1
h4rm0ny
Silver badge

"Not if it means they move off Windows. Everyone's a winner in that case."

So your ethics says it's okay to jeapordize people's security because you should be able to punish people for not choosing the OS you think they should?

1
2
h4rm0ny
Silver badge

Re: how to disable this secure boot

"And if the user can do it, any malware that gets into kernel mode can do it."

No. Because kernel mode doesn't have access to change the UEFI settings. The user does it by going into UEFI on power-up, just like they would go into BIOS and changing a setting. Just because the OS says something can be done, does not mean that the firmware will agree.

1
1
h4rm0ny
Silver badge

Re: Don't like windows 8? Tough, you can't run anything else.

"That's all very well unless you want to dual-boot - if you disable Secure Boot then Windows 8 won't start."

Seems massively unlikely that is true. You can install Windows 8 on machines without Secure Boot, after all. Evidence please.

1
2

Microsoft's Surface bait-and-switch won't make people buy Windows 8

h4rm0ny
Silver badge

"I have recently been told......that the Surface will out sell the iPad."

This is simply impossible for the reason that nowhere near as many Surfaces will be produced as there are iPads sold. Even if every single Surface made is sold (which will probably be the case), the Surface could not outsell the iPad. The Surface is a pace-setter for the OEMs. Surface Pro included.

1
3

Forums

Biting the hand that feeds IT © 1998–2018