* Posts by h4rm0ny

4573 posts • joined 26 Jul 2008

WTF is... H.265 aka HEVC?

h4rm0ny
Silver badge

Re: Implementation suggestion for smooth as silk frame-by-frame advance etc.

What you want is completely in the hands of the client

If you look at the title of the post above you, you'll see the term "Implementation suggestion". The poster knows this is something for the client to implement. They're just expanding on the original topic.

0
0
h4rm0ny
Silver badge

Re: Ah, another patent encumbered format @JDX

This is always about software patents, not the code itself. OK, you write a nice implementation, your code should be protected, I totally agree. But the algorithm used should be open, so that someone can provide an alternative implementation

This is worth examining. The above would be correct if the effort and work producing this was on the coding side, but it is actually largely on the algorithm side. I haven't looked at the algorithm, but I am a C++ programmer (or I was for some years) and I have some background in mathematics. I'm not at all trivialising the work that goes into implementing this, but if I look at the algorithm, my educated guess is that it wouldn't be that hard for me to turn it into code, just a little time because I'm rusty. But could I come up with the algorithm? I doubt it. I understand the principles detailed in this article and I dare say I could follow a more detailed version too, but my maths simply is not good enough to have done what these people did and nor do I have the large amount of time and effort these people were paid to put in.

What I'm saying, is that your suggestion that the code is what needs protecting, that "ripping off" involves copying the code, mistakes where the effort takes place, and thus where the protection should occur.

If someone creates a computer game where I am a gun running round shooting aliens in first-person view, well that's a simple idea, but the code will be huge and complex. Thus copyright law prevents me just copying it and calling it mine. But I can freely make my own version. If someone creates a complex series of sophisticated algorithms for video encoding/decoding, then the idea is the complicated part, but the implementation will be (relatively) simple in that I'm just taking the maths and turning it into code (with some parallelization if I want it to be a [I]good[/I] implementation. Thus the latter case isn't looking to copyright law to ensure the creators are fairly recompensed, but to patent law.

As you said at one point, the problem is that it becomes a standard. There are only three ways out of that. Either

* An Open Source alternative is created that is as good as the proprietary one.

* Users pay a very small sum to licence it directly.

* Someone pays it on behalf of the users.

The first has not happened, unfortunately. That would be the ideal.

The second would probably be the fairest second option but it requires more prevalent and easy micro-payments amongst users, so it's a solution for five years down the road. Though you can do it with some success today, so I would advocate this one.

The third is all nice and lovely, isn't it. In practice, it probably means Google showering you with ads and mining your data as free services usually do. Though Ubuntu maybe has enough revenue that they will do this in their case, it doesn't help the rest of the distros.

What isn't an option, imo, is simply throwing out the patent protection and saying you can just give other people's efforts away for free. The licencing terms are actually already quite generous in that you can give it away a 100,000 times before it is an issue. But surely if you are making money from other people's work (and Ubuntu *is* a business, as are others), then surely those others should have a right to recompense. I mean I actually could legally roll my own h4rm0nix distribution (you heard the name first here) and legally distribute the codec with it up to a 100,000 times. That's pretty cool. But move to a large business like Ubuntu, it's a different story, imo.

2
0

Google vows no patent prosecution for open source cloud tech

h4rm0ny
Silver badge

It's not _bad_ news, but it's more PR than anything else for the most part. Google's statement that they wont sue anyone unless they are sued first sounds very noble on the surface, but it attempts to present suing as the only way in which one party can do a wrong to the other. As Google is quite weak in patents compared to other big players, it's far more the case that Google would do another party a wrong by infringing on their patents. Naturally the infringed party would then sue at which point Google hoists their flag of "We didn't sue first". But the reality is that they don't have to sue first in order to be the transgressor. Furthermore, the caveat that Google is only extending this offer to Open Source projects, is fine for Open Source projects, but it makes it meaningless in terms of whether this is actually costing Google anything. All their real rivals are Closed Source. There is only two viable contenders in the Open Source world to Google and these are Ubuntu and Firefox OS (potentially). The Mozilla Foundation is currently dependent on Google and Ubuntu is not a rival in the mobile space, only Desktop, which Google does not value highly because they feel they cannot realistically compete with Windows or Mac there. They are rolling out ChromeOS, but I really don't think they see Ubuntu as a threat there. So basically, this gesture from Google costs them nothing. Which again, is no bad thing for Open Source, but diminishes how generous this appears.

There are two other takes on Android - that by Amazon, and that by Samsung. Neither of these will be impacted by this as the distinctions between these and Google's own Android lines, are in the proprietary level of stores, apps, etc.

Is this a bad thing? No. Is it more than PR from Google? Not much.

2
0

Microsoft backs law banning Google Apps from schools

h4rm0ny
Silver badge

Re: Just skimmed the article

Headline is click-bait, but Google are unlikely to be compliant. If you read that link more carefully, they state that they do not serve adverts in Google Apps for Education, but they don't say anything about not collecting data nor about not merging that data with other services outside of Google Apps for Education. You can always monetize the data later. Having children's data from their earliest days onwards - that's commercially valuable and in Google's best financial interests.

1
0
h4rm0ny
Silver badge

Re: The bill sounds good

and Eadon would be right. It is obvious, even for the article's author, that bill is obviously aimed to whack out MS competition

The bill affects anyone (including Microsoft) that would collect data on school children in the course of their education. The author of this article should be ashamed of themselves for their poor journalism. All Google have to do to comply with this law is to not collect data on the school children. It's not a law to ban Google from classrooms. But it is aimed at Google. There's no contradiction between the two. Google are attempting to exchange schoolchildren's data for free tools. I agree that this is wrong. All that would happen is Google would have to either start charging for their services to education like other companies, or else grant it truly free.

3
1

EU antitrust chief growls at Google, hopes to avoid sanctions

h4rm0ny
Silver badge

Re: EU

The EU is a socialist and simultaneously a fascist organisation.

A bit like the Fascists then, who re-introduced the old Latin word into the modern era. They were an off-shoot of the Italian Socialist Party.

0
0

Upping your game with Windows Server 2012

h4rm0ny
Silver badge

Re: @H4rm0ny

"Although I agree with you that it can easily be done;"

I feel the bolded word is an important ommission from your original statement which otherwise suggests it's some sort of fiddly work around to use Server 2012 without Windows 8.

"where does that leave Microsoft's core feature wrt 2012; the by default desktop-less installation? Worse; where does that leave remote administration?"

I'm really starting to wonder if you've actually used this or looked at it. Firstly, GUI-less operation is not MS's "core feature", it's one of many very nice enhancements and new features on Server 2012. If you don't use it (and this is the personal 'you' there, most people will be able to use it fine because they don't have your dislike), then there are still plenty of other features that make it well worth having. And you can turn the GUI on or off as you like. During run-time. I don't think you understand the advantage of the GUI-less setting - it reduces overhead and footprint when you're running ranks of virtualized instances. I honestly find your objection to using the management tools on Windows 8 arbitrary and ill-supported anyway. It's a $40 upgrade and Win8 does everything that Win7 does. Your inability to manage a different Start Screen is well-documented on these forums, yet it still comes up against my direct experience that I personally am able to manage with it fine so I don't see why you have trouble with it.

I also don't see why you find it so unreasonable that the new admin tools should be released for Windows 8 first.

1
1
h4rm0ny
Silver badge

"You'd need Win8 to administer it because the admin tools haven't been backported yet."

You can use the interface on Server 2012 instead, just as you can on previous versions of Server. You may not like the GUI on Server 2012 (you've written many times about that), but it doesn't seem problematic to me.

5
4

Asteroid miners hunt for platinum, leave all common sense in glovebox

h4rm0ny
Silver badge
Headmaster

Re: Inferring

Okay. Can't stand this any longer. The word you are all looking for is implying. The article itself is not going to infer anything from anyone unless you think the article is somehow sentient.

9
1

Microsoft dragging its feet on Linux Secure Boot fix

h4rm0ny
Silver badge

Re: RE: Never ascribe to malice that which can adequately be explained by incompetence

"The difficulty is that in the current scheme the root certificate is issued by an untrusted entity. And this cert cannot be substituted for one of choice."

Firstly, inability to install your own certificates does not stop anyone from installing a different OS which is what Fatman was concerned about. It merely means that you wont be using Secure Boot. Which is the same as with any PCs today. This is the main point as it fully answers the scenario that Fatman raises in thinking you wouldn't be able to re-sell a PC and put something else on it (you can).

Secondly, you're calling Verisign or the manufacturer such as Lenovo an "untrusted entity", at which point you've taken your security concerns way beyond what the vast majority of users do, to the extent that your making an equivalent argument to saying you don't trust antivirus software sellers because maybe you can't trust them not to approve something they shouldn't.

But that doesn't

1
1
h4rm0ny
Silver badge

Re: RE: Never ascribe to malice that which can adequately be explained by incompetence

"The proof of this will be in 3 to 5 years down the road, as corporate PC's get retired, and hit the resale market. How difficult will it be for a second owner to put whatever O/S on it remains to be seen"

Not sure what you think the difficulty would be. You don't need Microsoft's assistance or any of the original install keys or discs to replace the OS that is on there. You just go ahead and install what you want, turning off Secure Boot if need be. Secure Boot prevents malware from changing what can boot on a PC, not what a physically present user can install.

1
1
h4rm0ny
Silver badge

Re: Microsoft reason of doing this

"How much are you paid for this PR guff?"

Addressed to me? I'm not paid to post at all nor remunerated in any other way nor expect to be. I have no affiliation with any of the businesses involved in this story nor expect to. Accusations of being an astro-turfer is just an ad hominim. There's nothing that I've written here that I can't back up with actual sources or clear reasoning.

1
1
h4rm0ny
Silver badge

Re: Microsoft apologists miss the point

I've gone back to see where you got that "quote" from me that I thought sounded suspiciously unlike something I would write. I've found what I originally wrote and you have misquoted me and actively misrepresented what I wrote. That's a pretty low thing to do.

This is what you wrote:

"You say, "Red Hat etc are "actively taking advantage" of it - that is bullshit they have no choice, and it's a real problem"

This is what I actually wrote:

"I wonder if you will be so angry about Secure Boot and call it a "lock out system" when Red Hat or SuSE start actively taking advantage of it. I suspect not."

You should consider that when you need to start misrepresenting what someone says in order to argue with them, you have crossed bounds into setting your own desire to "win" an argument above your respect for actual truth. Your posts have been riddled with dubious misrepresntations and suppositions as well as insults such as calling people "apologists". You're a zealot, in short.

1
1
h4rm0ny
Silver badge

Re: Microsoft apologists miss the point

"They can't put in a CD/DVD and instal now. They need specialist knowledge."

Changing a simple option from "On" to "Off" when it's clearly marked and easy to get to, is not "specialist knowledge". It's more complicated to download the ISO and burn that than it is to turn off Secure Boot. And if they need technical help with that, then surely the same source can tell them "press this button when you turn it on".

"Secondly, you can turn it off now, but it's a fair risk that in the future there will be no such option to turn it off."

You say that, but you offer no proof other than saying "that's what Microsoft would do". Besides, you've been arguing that it's a problem now. An argument that something is bad because of what might happen in the future is a different argument. That could be applied to a lot of good things.

"Microsoft have forced this "secure boot" (Trusted Computing by another name) and suddenly all the Linux guys have to get Linux to work with it, or be locked out"

MS haven't forced this on anyone. Secure Boot is not a MS product. They're merely the first to make proper use of it. And demonstrably Linux is not locked out of PCs by it. Any of us can still install Linux on a Windows 8 certified PC easily which means you are clearly wrong.

"You say, "Red Hat etc are "actively taking advantage" of it - that is bullshit they have no choice, and it's a real problem.

I think if I did say that, what I was saying was that RedHat *will* take advantage of it. I'll have to go back and check the quote but it doesn't sound right the way you put it. I do believe that RedHat will take advantage of it. And they'll be right to do so - it's useful.

"That is why you are an apologist, you try to justify Microsoft's unethical actions in the comments you make, usually with arguments that are fallacy."

So you couldn't actually find a post where I showed bias, then? And where is anything I've said a fallacy? Nearly everything that I've written here has just been a factual correction of misinformation.

1
2
h4rm0ny
Silver badge

Re: Microsoft reason of doing this

"they also take the chance to earn money from Linux."

Do you really think Microsoft are motivated by a $US99 fee they get from RedHat or SuSE asking them to sign a bootloader? Because that's how much has been charged.

1
2
h4rm0ny
Silver badge

Re: Interesting approaches to monopoly

Just a bit more, in case the previous seems ambiguous without context, here is the following paragraph:

18. Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv."

Also, apologies if the last part of my previous post came across as hostile. It just seemed very strange that you would tell somone the word was "can" instead of "must". You made it sound like you had read the specification, when actually the OP has the wording right.

1
1
h4rm0ny
Silver badge

Re: Interesting approaches to monopoly

"...Actually, the word is "can", not "must". So long as SecureBoot is turned on *by default* with the MS key installed, the OEM is under no obligation to provide a method to turn it off for the HW to be approved by MS."

I don't know where you got that from. It's incorrect. Here is a link to MS's hardware certification requirements for Windows 8 PCs. LINK

From the section on Secure Boot (around page 118):

""17. Mandatory. On non-ARM systems, the platform MUST implement the ability for a physically present user to select between two Secure Boot modes in firmware setup: "Custom" and "Standard". Custom Mode allows for more flexibility as specified in the following:"

OEMs are absolutely under an obligation to allow users to disable Secure Boot to be turned off if they wish to comply to with MS's terms for certification. Why did you choose to "correct" someone who had it right?

1
1
h4rm0ny
Silver badge

Re: @dajames

"'AC@11/22-00:20 here, to be honest that's the first time I hear about Verisign keys in this UEFI SecureBoot context even though I'm a regular ElReg reader too."

The Reg's coverage here has been high on sensationalism, but rather weak on details. Verisign do provide keys for Secure Boot (I don't know whether or not they provide them for all OEMs, or just some). But obviously the component used for signing must be kept very secure, otherwise security would be compromised. So Verisign provide the keys, but MS have one of them to sign their code with (and they will sign other people's code too for a relatively small fee). Red Hat investigated doing it themself (i.e. they could get a key from Verisign too), but decided that managing that whole process plus the cost involved, was worse for them than simply paying MS to sign their code for them. The link you posted to RedHat is actually a very good link covering their decision. From there, this is probably the most relevant part:

challenge is how to both initially ship and later update the set of trusted keys stored in the system firmware. g all users to manually perform this task would not meet the ease of use objectives. After all, with any security feature if it's too hard to enable it, few will bother to use it and leave themselves exposed.

The resulting mechanism planned for getting the keys automatically distributed is to utilize Microsoft key signing and registry services. This obviates the need for every customer to have to round up a collection of keys for multiple operating systems and device drivers. t will provide keys for Windows and Red Hat will provide keys for Red Hat Enterprise Linux and Fedora. Similarly other distributions can participate at a nominal cost of $99 USD - allowing them to register their own keys for distribution to system firmware vendors.

MS get a key from Verisign, Red Hat side-steps all the hassle of doing it themselves by paying the $99 fee and MS sign it for them.

3
1
h4rm0ny
Silver badge

Re: Microsoft apologists miss the point

"Windows apologists like @Harmony preach that you can work around these lock-out systems."

There are three things wrong with the above statement. Firstly, you can work around it very easily, by just turning it off. It's no more complicated than switching a boot device in BIOS. It's actually less honest to "preach" that it's difficult to work around it, as you do. Secondly, "apologist" is a nasty word. It makes it sound like someone is justifying racism. If you genuinely see my posting factual corrections as being an apologist, it says far more about how you see things than it says about me. For you to see someone correcting misinformation here as I have been repeatededly doing as being an "apologist", you must have an incrediblly partisan view on things. I prefer my own neutrality, thanks. Thirdly, as it's so trivial to turn this off, it's only your desire to present it as a sinister move that makes you call it a "lock-out system". To nuetral parties it's a security measure that has demonstrable benefits (there is plenty of malware we can point at that will be successfully blocked by this). I wonder if you will be so angry about Secure Boot and call it a "lock out system" when Red Hat or SuSE start actively taking advantage of it. I suspect not.

I don't suppose I'll ever get an apology for being called an "apologist". Something that is an accusation of bias which I dislike. I don't think you'll be able to find any post that shows a biased point of view regarding OSs. In fact, go ahead and try.

1
2
h4rm0ny
Silver badge

Re: GPT

"In passing, you don't need a UEFI BIOS to support disks >2Gb with Linux, provided you are happy with the plural. Once a linux kernel is up and running, it'll handle a disk with a GPT without any use of the system BIOS."

That's actually the same as under Windows. It's the "up and running" part that UEFI solves. With either Linux or WIndows, you can't boot off a disk 2TB or larger (note, you wrote 2GB, this is incorrect). WIth UEFI, you can (under either).

1
1
h4rm0ny
Silver badge

Re: @AManCalledBob - Don't like windows 8? Tough, you can't run anything else.

What gives you the confidence to assume all PC hardware manufacturers will allow you to disable secure boot ? Microsoft suggested them they can do it not that they must do it (after all they can't dictate to OEMs, can they?).

MS have specified that you have to be able to turn off Secure Boot if you want to advertise your PC as certified by them for Windows 8. That's a fairly powerful marketing draw. Besides which, what would OEMs have to gain by making their product less able than a competitors?

1
2
h4rm0ny
Silver badge

Re: Secure Boot can be turned off ... BUT ...

"Once you do, if you boot up a Live CD, say, Linux Mint 13, and try to install a dual boot, Linux does not recognize Windows 8 (nor any of the numerous partitions on the hard drive) as a valid operating system. How then to set up a dual-boot system?"

Are you saying you have had this happen to you? Because turning off Secure Boot shouldn't cause you any problems with dual booting. Windows 8 runs fine on systems without Secure Boot. I think you're very misinformed. I don't see how Linux would fail to recognize any of the partitions on the hard drive. Linux has better and wider file system support than Windows.

1
1
h4rm0ny
Silver badge

Re: Interesting approaches to monopoly

"So you can re-flash the UEFI from Linux (or other non-MS utility) with a UEFI of your own, with your own signing key and without MS's revocation rights? You know, so that the UEFI could secure-boot a non-MS OS?"

No. There's no flashing of firmware involved or anything remotely like that. You just power on the computer and enter UEFI, just like you would enter BIOS (typically, you press F1). Then you just select the option for Secure Boot and turn it off. You can then boot any OS you choose. You wont then be using Secure Boot.

This means that you can't benefit from Secure Boot with Linux if you do this, but no Linux distro really makes use of it at this time anyway. The signed boot loaders that RedHat and Ubuntu are providing don't really provide any security. All that they do is enable you to use a Live CD to demo or install their Distro without having to go into the UEFI and turn Secure Boot off. Beyond that initial boot loader, there's not much protection to be gained by using Secure Boot with Linux. Hopefully one of the main distros will make use of it in time.

1
1
h4rm0ny
Silver badge

Re: Re:Don't like windows 8? Tough, you can't run anything else.

"So if you buy a machine with Win8 from an OEM it will NOT boot any other OS."

This is incorrect. Just go into UEFI and turn off Secure Boot. It's very easy, no different to swapping the default boot device.

1
2
h4rm0ny
Silver badge

Re: Windows 8

"There are now only Apple and Windows computers available easily."

There is absolutely nothing preventing you from starting a business selling PCs with a Linux distribution pre-installed. Or indeed with no OS installed. Secure Boot hasn't changed that in the slightest.

1
1
h4rm0ny
Silver badge

"Not if it means they move off Windows. Everyone's a winner in that case."

So your ethics says it's okay to jeapordize people's security because you should be able to punish people for not choosing the OS you think they should?

1
2
h4rm0ny
Silver badge

Re: how to disable this secure boot

"And if the user can do it, any malware that gets into kernel mode can do it."

No. Because kernel mode doesn't have access to change the UEFI settings. The user does it by going into UEFI on power-up, just like they would go into BIOS and changing a setting. Just because the OS says something can be done, does not mean that the firmware will agree.

1
1
h4rm0ny
Silver badge

Re: Don't like windows 8? Tough, you can't run anything else.

"That's all very well unless you want to dual-boot - if you disable Secure Boot then Windows 8 won't start."

Seems massively unlikely that is true. You can install Windows 8 on machines without Secure Boot, after all. Evidence please.

1
2
h4rm0ny
Silver badge

Re: Boot on the other foot

"The problem isn't UEFI or Secure Boot in itself, it's Microsoft's abuse of its monopoly position in order to make it very difficult (if not impossible) to install any other operating system."

If you don't have a problem with UEFI or Secure Boot, then why you do have a problem with Microsoft when their own requirements demand that it be possible for a user to turn off Secure Boot on any WIndows 8 PC? Have you thought about how useful Secure Boot would be if it were turned off by default? Obviously not.

1
0
h4rm0ny
Silver badge

Re: This UEFI thing...

"This UEFI thing... why do I get the feeling it'll be a complete flop?"

Possibly because you don't understand the difference between UEFI and Secure Boot and aren't aware that pretty much all modern x86 motherboards are shipping with UEFI instead of BIOS and that this has already been the case for some time. I have a motherboard here I bought about a year ago. And it has UEFI. Quite possibly you are using it now as well.

1
1
h4rm0ny
Silver badge

Re: Once the pre-bootloader is released

I wrote above that it's not a "pre-" bootloader. I was incorrect. My argument is still the same, but they are now using the term "pre-bootloader" as well because (although this is a bootloader), they are using it to boot their normal boot loader. So I guess it is a "pre-" bootloader in a sense. Apologies for the wrong correction.

1
0
h4rm0ny
Silver badge
Flame

Summary of the "problems"

So reading the article the show stoppers are:

(1) The signing process requires uploading from a Windows machine. Perhaps galling if you want to avoid having one in your house for reasons of principle, but from a practical point of view I find it ridiculous that the people in charge of getting Linux code signed should hold this up as a difficulty. XP, Vista and Win7 machines are ten a penny. If it's for a good cause, I have one that they can have.

(2) They have had to create an account with Microsoft. This is so stupid an objection that they should be ashamed to raise it.

(3) The signing Terms and Condiitions are incompatible with GPLv3. Well so is a good portion of most Linux distributions Linus Torvalds and most of the top Linux Developers are against licensing Linux under GPLv3 and for some of the same reasons MS can't allow it under their Terms and Conditions. GPLv3 has some major blocks when it comes to patents and DRM. This as an objection is both unreasonable and it is unnecessary as most (all?) GNU/Linux distributions are actually under GPLv2.

(4) The signing process hasn't worke and they're still waiting for MS support to get back to them. We're missing some details here. Did it fail because the people uploading are unfamiliar with the process and did something wrong? Or is it buggy software? And how long have they been waiting? Did they file this three months ago or was it last week?

Of these listed objections, only the last one may or may not be valid depending on the details. One thing I am confident of, is that if it turns out Bottomly was doing something wrong, we wont see headlines on it or scores of posts here angrily blaming him or lack of a signed Linux bootloader (even though it would have turned out he was culpable rather than MS).

2
7
h4rm0ny
Silver badge

Re: And I have this habit of assembling my own computer

"How is UEFI going to affect that?"

It wont. Also, by UEFI, I presume you mean Secure Boot which is actually only a smallish part of UEFI. You can just turn Secure Boot off. Unless you are building your own ARM devices.

2
0
h4rm0ny
Silver badge

Re: how to disable this secure boot

"how to disable this secure boot that's all I would like to know"

When you power up the computer, press the key to enter set up. Typically <F1>. Then mouse or cursor to the option saying: "Secure Boot: Enabled" and toggle it to "Disabled" or "Off". Exit and let the computer start up. It's much like changing the boot device in BIOS.

3
0
h4rm0ny
Silver badge

Re: Windows 8

"You can't disable secure boot on all systems."

Specifically, you can disable it on all x86 platforms (i.e. PCs). You can't on ARM devices that come with WindowsRT installed.

2
0
h4rm0ny
Silver badge

Re: Once the pre-bootloader is released

"Why won't the virus writers simply bundle the pre-bootloader with their "products"?"

A couple of reasons. Firstly, they can't bundle the bootloader (it's not a "pre-", btw), because only a signed bootloader will be executed, so any malware has to start further up the chain. Secondly, the bootloader is for GNU/Linux so their malware actually has to target this platform rather than Windows. Well it doesn't have to, but you'd essentially be writing malware that infected Linux and then unloaded Linux and booted up Windows. Possible but very cumbersome. The install base of GNU/Linux is far smaller than Windows and most of the roots to infect the boot process would be opportunistic and thus target Windows.

1
0
h4rm0ny
Silver badge

Re: Different UEFI firmware

Microsoft forbids you from having those open bootloaders on ARM-devices. Thus Windows 8 capable ARM devices are essentially useless.

You haven't answered Harry Shepherd's question and in fact have actually given him a pretty misleading answer. He asked about UEFI harware manufacturers generally and only used Android to help explain his question. The actual answer is yes - you can have UEFI hardware not locked to a particular set of signatures. You simply have Secure Boot turned off. The side of the coin that Christian Berger somehow managed to omit is that MS have mandated that a user be able to turn off Secure Boot on x86 devices. This isn't the case on ARM devices which are locked, unfortunately. However, Christian Berger is incorrect to say that such devices are therefore "essentially useless". They're actually very good for running Windows on. ;)

2
6
h4rm0ny
Silver badge

Re: Hubris?

"What about other open source software such as Truecrypt, who aren't a competing operating system, but are going to have problems with full disc encryption."

Shouldn't be a problem, I think. Anything you want to run from the encrypted disk, you will need to decrypt first, in which case the encryption is irrelevant. TrueCrypt creates its own virtual disk driver. Whether you are loading a module from that or from a USB drive or from a real disk, shouldn't matter. It's only when the module is retrieved from the storage "device" and its signature checked, that Secure Boot steps into the process.

1
0
h4rm0ny
Silver badge

"How about the possibility of some less than scrupulous open-source developer, fed up with the apparent obstruction from Microsoft, discovering the loophole in the system?"

Then they would be highly unethical because they would be reducing the security of millions of people.

1
2
h4rm0ny
Silver badge

"I'm sorry, but have you even looked into the concept of "Secure Boot"? It only signs the bootloader"

Not you again, lecturing people on not understanding things when you actually have it wrong yourself. It only signs the bootloader for GNU/Linux because no Linux distribution has fully engaged with Secure Boot, yet. They are using a signed boot loader as a work around to make Linux run on a system that has Secure Boot on it without actually taking advantage of its intended purpose. On Windows, Secure Boot is capable of checking that all sorts of things (i.e. drivers and other modules) are signed before loading.

"If you previously got drivers into the kernel, it will still work."

Only on Linux. On Windows it offers an extra layer of protection.

"Nobody exploits the boot-process"

Lots of malware exploits the boot process. There are whole families of malware that infect the boot process. You plainly have never bothered to actually read up much on this, instead just deciding to talk confidently without actual fact checking.

2
0
h4rm0ny
Silver badge

"Why does RedHat not engage with the OEMs and provide it's key so that Red Hat variants are supported out-of-the-box on certain equipment?"

Nothing in principle. According to RedHat's statement, they investigated doing this and found that setting up the infrastructure to do all this themselves was too costly and it was cheaper for them to simply licence MS's signing capability.

Incidentally, Secure Boot can be turned off. It's not complicated.

3
0

Microsoft's Surface bait-and-switch won't make people buy Windows 8

h4rm0ny
Silver badge

"I have recently been told......that the Surface will out sell the iPad."

This is simply impossible for the reason that nowhere near as many Surfaces will be produced as there are iPads sold. Even if every single Surface made is sold (which will probably be the case), the Surface could not outsell the iPad. The Surface is a pace-setter for the OEMs. Surface Pro included.

1
3

Microsoft-Motorola patent row: Google wants $4 BEELLION a year

h4rm0ny
Silver badge

Re: @h4rm0ny

"You pretend not getting, do you. The whole idea of Google using Moto's patents is to MAKE MS and Apple stop their aggression. "

I'm not pretending anything. I simply believe that if Google saw the opportunity to sting MS for $4bn they'd try to get that money regardless of any good faith action on MS's part. That's just business. Can you honestly see the board of Google saying to their shareholders: "we passed over this $4bn opportunity because we think MS are okay." They are rivals. They fight. You suggest that Google would be happy to accept free use of MS's patents in exchange for free use of their patents and think that it's wrong of MS to not agree to this. But do you know what MS patents are worth and what they are? No you do not. So how can you say that it is fair to do a straight swap? Do you think sueing someone for patent infringement is intrinsically wrong? If so, then Google are doing something wrong by you. If not, then what are your reasons for condemning MS for charging Google for use of theirs in the first place?

"Eye for an eye" is translated for you into "you touch my own or any of my friend's eye, I'll poke yours and kick you in the groin and rip your ear, or punch you in the face, so you don't engage in this risky business" And this is totally justified

I'm not sure which is supposed to be which party in the above. But your confidence in knowning how much the relevant patents held by each side are worth in dollars (worth translates into how much injury is inflicted in your analogy) seems unwarranted to me - unless you happen to have a lot of knowledge that the rest of us don't? We know how much MS are charging Google so we can put a value on that. We don't know how much Google's are worth, because this hasn't been settled or gone through court. We just know how much Google claim they're worth. And Google are no less unbiased in this matter than you are.

1
2
h4rm0ny
Silver badge

Re: Microsoft V. Google is like

"The best possible outcome for this is to have "method patents" disallowed. Then we can all go home and worry about more pressing issues"

I agree in a lot of cases. But some method patents are valid. Or at least it's a supportable argument that they are. In this case we're talking about video encoding. A great deal or work, imagination and cleverness can go into working out a new way of compressing images into video - thinking of ways that you can record only changes between two images for example. MPEG-4 has methods by which it checks forward and backward to reference frames, adjusts for motion blur and all kinds of things. It's a lot of work. And yet when that work is done, you could independently implement it relatively easily in different languages or platforms. Should the people who worked hard on developing those solutions not be recompensed because copyright does not cover it?

2
2
h4rm0ny
Silver badge

Re: @h4rm0ny

"No, it's you that misunderstand it."

Let's demonstrate. You wrote that someone (patent) trolling another party that was (patent) trolling, is not trollnig them. I disagree. I say that this is now clearly two people indulding in patent trolling. I tried to convey this to you in a more colourful way, hoping to show how illogical your statement was, by likening it to one person throwing excrement at another person who is also throwing excrement. The fact that one is already doing so doesn't make the latter not doing so. It's just two people throwing excrement.

You then responded with a reply saying it was okay for the second party to indulge in this behaviour. I never said anything about justification. I just said it was ridiculous for you to say that they weren't indulging in that behaviour.

And as your second post was a longish justification for why they should indulge in that behaviour, it seems you have now conceded that they are.

"Remember MS to shamelessly approach Android manufacturers, smaller companies most of the time, and extort money from them?"

What was the money wanted in exchange for?

5
4
h4rm0ny
Silver badge

Re: @auburnman

"It is fun watching it, isn't it?"

Uh no, not really. Big players charging each other fortunes means more expensive products for the rest of us.

2
1

PGP Zimmermann teams with Navy SEALs, SAS techies in London

h4rm0ny
Silver badge

Thank you for coming here and posting that. It's very interesting and it's great to see products like yours emerging. I really hope it works well as privacy is important.

You're not wrong about mandated backdoors being misused by outside parties. There was a case in Greece some years ago (you are probably aware of it, so posting more for other readers' benefit), where Vodafone's own backdoor technology was subverted by a hacker who used it to listen in on the phone calls of the Greek Prime Minister and others. All they had to do, was use the bugging that had actually been deliberately built into the system for law enforcement / intelligence agencies to use.

1
0

Evildoers can now turn all sites on a Linux server into silent hell-pits

h4rm0ny
Silver badge

Re: Web Applications are the vector

"On a an up-to-date system? If so, can you give us at least one such flaw we could exploit . Thanks"

You're asking me for a zero-day exploit that you can exploit? Uh, no.

What I wrote was that such flaws exist. I meant that they occur. You are the one that shifted the argument to my personally knowing of ones in advance of the people who patch and fix these things which is an unreasonable shift. I'm just pointing out that they occur. If you argue that they don't then you're ignorant and you're position is based on faith rather than study. Here is an example of one: Link It's pretty irrelevant to post it except for you to show that these can and do happen on Linux seeing as you seem so doubtful.

There was a privilege escalation in an NVIDIA driver last month as well. But I daresay you would try to shift the argument there as well, saying that it's not actually part of the Linux kernel. Despite it's presence on huge numbers of Linux PCs. The reason you would think it valid to shift it is because your motivation is to show that "Linux" (as if it were a person) is not at fault. Whereas my motivation is really just real world security and to show that a Linux system can be hacked.

0
1

Texan schoolgirl expelled for refusing to wear RFID tag

h4rm0ny
Silver badge

Re: OTT

All these technical solutions are starting down the wrong path. The girl has chosen the right one - take it to the people and the courts. What would be wonderful is if all the children in that school microwaved their cards as a sign of solidarity with her. If all the pupils did that, then the school could do nothing to them.

6
0

Forums

Biting the hand that feeds IT © 1998–2018