Actually I think those OEMs need to get the word out more. It's not the customers' fault if a company has such poor marketing that prospective customers haven't even heard of it.
The FSF's attitude towards new technologies seems awfully reactionary (this is somewhat unsurprising when you remember that rms doesn't use a web browser; occasionally he emails interesting-sounding URLs to a service that emails them back to him in plain text, and he only checks email once a day).
Secure Boot where you can only run Microsoft-approved software is bad for software freedom, no question about it. Secure Boot as defined by the spec, where there is no requirement to have preloaded MS keys and where users explicitly can load their own keys, is absolutely _good_ for software freedom -- it makes the "evil maid" attack much, much harder. (The "evil maid" attack on full-disk encryption involves someone having access to your computer while it's off, and trojanning the bootloader and having it leak your disk password or the contents of the disk once your system boots. People naively expect full-disk encryption to stop this, but it's as easy as booting from a CD or thumbdrive. With secure boot, it involves physically opening the case and probably replacing chips.)
Let's make sure that Secure Boot stays good for software freedom, instead of throwing out the technology along with the policy, and leaving users with no defense against this sort of attack.
How many consumer systems have been the victim of evil maid attacks in practice? How many have been infected via browser (or other client) vulnerabilities that never touch the kernel nor interact with a "secure" boot implementation?
Secure boot exists primarily because it provides a "feel good" answer to content providers about the feasibility of DRM. It's not an answer to real world security issues and never has been.
Secure Boot does not implement DRM or help in any way for DRM, as it turns out. Secure Boot is about the hardware trusting the OS it's about to boot, not about the OS trusting the hardware it's running on. Once the OS has booted, it has no way to figure out if the "you were secure-booted" flag is trustworthy or not -- a trojan bootloader can easily set that flag and then chainload to the normal OS.
If you want the OS to trust the hardware it's on, you need a TPM, and you probably need the machine to be installed by someone who can communicate with the content provider. The entire point of Secure Boot is that it can be implemented just in existing UEFI code, _without_ the additional hardware of a TPM.
I develop an OS product that has no browser installed on it at all -- there's one small client application that just interacts with our one server product, and then boots everything else you might want to do in a VM. The biggest threat to the security of our outer layer is, in fact, an evil maid attack. It's certainly worth being aware of that threat, even if there are other, bigger threats. (Nobody says that we should stop worrying about buffer overflows while there are still cross-site scripting attacks, etc.)
I didn't say it "works". What I said was basically: Secure boot answers the question "How do I know someone won't write a crack to steal my content?" in an intelligible way (i.e. "Because it locks down all the software that runs on the device in an uncrackable way.")
That's a powerful sales tool. Systems that don't have secure boot have a much harder time selling their DRM implementations. And that's why we have secure boot. Don't fool yourself into thinking all problems are technical.
It is only two or three days since I first heard about the "evil maid" attack. While this could be a preoccupation for some kind of environment, and most probably very few, it is very easy to come with a scheme that both protects against that and allows other operating systems to be installed.
Given that this has not been done, and given the small number of people this scenario interests, given that thoses people are unlikely to be interested by Windows 8 to begin with, and even less by Windows RT, Secure Boot has not been designed by MS to prevent that, but really to prevent the installation of other operating systems. The FSF just fight Secure Boot for the real reason it has been created; if you create and alternate security feature for the "evil maid" scenario that preserve user freedom, that would be a completely different subject and you want angry the FSF with it. The FSF's attitude towards new technologies is not reactionary. They fight for user's freedom, as always.
Secure Boot cannot possibly be useful to prevent the installation of other operating systems. Microsoft has a website where they will accept other operating systems to be signed, and there are multiple non-MS operating systems in existence that will boot with no fuss on a machine with Secure Boot enabled. The claim that Secure Boot is bad because MS could decide to stop signing Linux is as ridiculous as the claim that Authenticode is bad because MS could decide to stop signing Firefox, or that HTTPS is bad because MS could replace the set of CAs in Internet Explorer with just itself.
The only way to defeat evil-maid attacks is for the early-boot code in your computer's firmware to cryptographically validate the bootloader or kernel that it's about to start, and make sure it's signed by a trusted authority, and make sure that it's possible for the computer owner to disable the ability for anyone other than him to change the set of trusted authorities. This happens to be exactly what Secure Boot does.
Secure boot is fantastic for users IFF they can change the master keys on the hardware. But you would have to be a complete idiot to trust that Microsoft or Apple would allow that for any longer than it takes to make the hardware ubiquitous; then the iron bars come crashing down around us.
I wish the best of luck to FSF in stopping this. I don't have much I can donate, but I hope my little bit of support will help them.
While the name "Secure Boot" seems like horribly misleading doublespeak, this still seems like a case where giving something a more descriptive name results in less effective communication. Calling it 'UEFI "Secure" Boot' would have sufficed, along with describing it as "restricted boot", but attempting to rebrand it seems like an ineffective and actively harmful marketing tactic here.
They're only trying to redefine the label to fit what the software actually does. A strong argument could be made that the name as commonly accepted is a misnomer considering what the endgame is.
Digital "rights" management is not about your rights, it's about restricting you from doing what you want with your content. Hence the R in DRM now means "restriction".
I agree with you entirely that the generally recognized name doesn't fit; however, I still think it seems counterproductive to attempt to rebrand it.
"Digital Restrictions Management" worked better, because it still abbreviates as DRM so nobody goes "huh?" when you say it. "Restricted Boot" needs an accompanying explanation to tie it to the official name of 'UEFI "Secure" Boot', which makes the attempted rebranding counterproductive.
As long as there is robust availability of hardware on which you can install your preferred software, why should EVERY bit of hardware offer that feature?
I disagree with secure boot on regular desktops but I'm not sure how I feel about it on ARM devices (specifically tablets). I feel like the only people who are going to change the OS on a tablet are geeks - it won't affect ordinary consumers who won't want to change the OS especially as tablet hardware and software is so integrated.
Is it possible to hack this or will it even affect geeks who do want to install the OS of their choice?
Why make the difference between the two? What's so special about tablets that they deserve restricted boot, but PC's do not? They're just all computers. What's worse is that in the future these computers will be a lot more popular than PC's ever were. That means more people will be restricted by default.
Most tablets and phones just happen to come with a different chip architecture, but there is nothing inherent to them that demands they should be restricted compared to the x86 alternatives.
The subsidy is paid back by the customer being locked into a service contract for some number of years. It shouldn't affect the customers' freedom to run their own software on the phone.
This really seems like something the market could decide. If there's a large group of people that want an alternative would the opportunity not be great enough for a new company to fulfill it? Who are the restricted bootloaders actually harming? There's still plenty of choices for people that want to install linux on a box and I don't see that this choice will disappear any time soon.
>We will fight Microsoft's attempt at enforcing Restricted Boot on ARM devices like smartphones and tablets. Like any other computer, users must be able to install free software operating systems on these devices. We will monitor Microsoft's behavior to make sure they do not deceive the public again by expanding these restrictions to other kinds of systems
I love how Windows RT devices which are struggling to ship a couple million are "ARM devices" but there is absolutely no mention of tens of millions of iPads, Kindle and some other Android tablets being sold with locked bootloaders.
Same with phones, are WP8 phones with a 3.5% marketshare(albeit increasing) a much bigger threat to user and software freedom than iPhones? Atleast with Microsoft you have the choice of OEMs, whereas with Apple you have no freedom of choosing the manufacturer. I think mentioning Apple undermines their point in such a serious way that the FSF(and Mozilla) hasn't mentioned it any of their long blog posts on Secure Boot.
Also, with the PCs sold being mandated by Microsoft to have a way for an end user to disable Secure Boot and Add/Remove their own keys, the user is completely in control and can even remove Microsoft's key if they so wish.
US $350,000 is a LOT of money to waste going after this, imagine what could be done with that money if it was spent on things like OpenOffice, Samba and other projects sorely lacking in money and resources. I think this is an exercise in baiting Microsoft haters part with their money rather than any productive exercise to increase computing freedom. I hope donators consider better uses of their money.
Yeah. I find it odd that despite Apple winning the world-championship in patent-trolling and is leading the fight for closed systems and walled gardens, FSF still decides to go after anyone but Apple.
Despite this tarnished image of a former tech-innovist, does the FSF really still feel it's impossible to fight the root evil here because of public perception?
Is it only picking on Microsoft because that is easier to amass support against?
We, as hackers and developers, should support this. We should fight closed systems. We should fight against the forces against general purpose computing (Cory Doctorow has a nice speach on this) and we should fight those who seek to criminalize writing code because somewhere some troll has a vague patent with no implementation covering your work.
So yes. Support the FSF on this. But also boycot those who are the chief offenders here. Every dollar spent in an Apple-store is money spent against the core of your profession. Stop spending money there. And throw away your iPhones and Macbooks. They are bad karma and software blood-money.
The banner at the top of every page currently says
"Giants like Microsoft and Apple are trying harder than ever to control the software you use.
The FSF brings software freedom supporters together to amplify your voices and make an impact."
I agree FSF should fight against Apple, too, and even though they would make a lot of enemies because of it, I think making a lot of enemies this way and becoming that controversial is a lot better than being obscure, because in the same time they'd be gaining a lot of allies, too. I think FSF fighting against Apple's closed policies would ultimately make them more popular and help them.
That being said I don't really think that not naming Apple right now, which already has an established closed platform (therefore uphill battle), detracts from them trying to stop Windows 8 machines becoming as closed as iPads before they even get a chance to take off the ground. Better (and easier) to kill off a bad idea early on.
> Better (and easier) to kill off a bad idea early on.
Yeah, so they should have gone on an all out offensive when the iPad launched. Now there's a huge precedent they will have to try to explain away, why it doesn't apply and Microsoft's stuff have to be open but not their competitors'.
While they could have included a link to their existing campaigns against Apple DRM, focusing on one company in each campaign is better than trying to focusing on everyone.
But for explaining why Microsoft should stop even if Apple has locked down devices, if a company is dumping oil in the ocean, people are allowed to complain and create a boycott against that company. If the companies defense is "well, other companies dump oil in the ocean too, so why are you picking on us?" the answer is not to say sorry and let them continue.
The equivalent analogy is if company A dumps 67M gallons of oil in the ocean per year, Company B dumps 20M gallons of oil and Company C dumps 0.5M gallons of oil a year and people make a big noise about Company C and legal action against it while giving a free pass to other companies. It makes them hypocrites.
There are a lot of negative things that you can say about Richard Stallman, but to suggest that he or his organization might be in anybody's pocket is simply preposterous.
>..trying to stop Windows 8 machines becoming as closed as iPads before they even get a chance to take off the ground. Better (and easier) to kill off a bad idea early on.
Huh? Where can I access the option on an iPad to turn off secure boot or to add my own keys or to delete Apple's? Windows 8 machines are much much more open than an iPad.
The ability to disable secure boot only applies to x86, and even there your stance has issues.
I wish people would stop repeating this like its some kind of iron clad gaurentee, Microsoft only changed the reqirement to begin with after there was a public outcry, and are free to change it again any time. (they likely will after more systems support secure boot)
also please consider the fact that how you should be able to disable secure boot is entirely unspecified. If early models are any indication, its going to be buggy and error prone on tons of systems.
> Every dollar spent in an Apple-store is money spent
> against the core of your profession.
Bullshit. Every dollar I spent on Apple was spent on top quality product which made me more productive. I also spend a considerable amount on App Store paying my colleagues for their work.
> Stop spending money
> there. And throw away your iPhones and Macbooks. They are
> bad karma and software blood-money.
Even more bullshit. You know why FSF avoid fighting Apple? It's because that fight would reveal that they are fighting in the wrong war. Not everybody in the world should be a doctor, a car mechanic, IT technician, or developer. It is so sad to see so many otherwise smart people failing to realise this.
>Every dollar I spent on Apple was spent on top quality product which made me more productive.
And also spent on patent trolling, stifling innovation, and leading the world of tech down a dark path (locked down "app store", restricted boot, the whole nine yards).
How does it feel to know your money will go directly to the cause of stopping the evolution of technology in its tracks?
Your view is terrifically selfish if nothing else.
>You know why FSF avoid fighting Apple? It's because that fight would reveal that they are fighting in the wrong war.
We should fight against the forces against general purpose computing
I have very mixed feelings about this very topic. As a developer, I completely agree with you. Hardware should be hackable and software replaceable.
But there's also another side: computing has become a lot easier for the average user. E.g. the iPhone and the iPad were the first computers that my mother really grasped and was able to use comfortably on her own. The limited walled garden approach to computing ensures that she doesn't accidentally install malware, etc. In the end, I think the secure, walled gardens are useful to the average user.
Of course, the inherent danger is unfair competition - the gatekeeper can decide to reject software whenever it wants and impose fees and crazy rules. Since in EU, we are not completely adverse to government intervention, I think it is best that the European union would regulate such walled gardens, e.g. by limiting the percentage that the gatekeeper can charge, by requiring that the gatekeeper accepts all software that is not malicious, and requiring that a method should be required to unlock hardware. I that putting think such regulations into place will be much more effective than fighting windmills.
I think that argument is bogus. Having a way to sideload apps in your device or being able to install a different OS, doesn't make grandma more likely to get malware. It's the same model Apple is using in Mac OS X, too, now.
Grandma will still use the same OS, and will still install apps from the app store, never knowing that she can even install apps from other places, and it will be just as easy as it if were without that sideloading option. Having the option to do other things doesn't interfere with any of that.
And even if it does change things a little in some extreme cases - but everything has its positive and negative sides. Everything. At the end of the day you have to decide which gives the greater benefit. And I think having "open" computing systems over completely closed ones, offers the greater benefit in the long term, just like having an open (also could be read as malware-filled, and cybercriminals-filled) Internet in the end if is of much greater benefit than having one fully controlled by the government and companies.
Now compare the difference in malware between OS X and Android. There appears to be a correlation between how easy it is to circumvent the walls and the amount of malware within the garden.
I'd love to see some real research on causality here, though, because correlation obviously doesn't imply causation (though it is a reasonable hypothesis, IMO).
Android malware takes advantage of the same social "hole" that makes Windows so prone to malware: security is practically impossible when the OEM doesn't care, the OS maker's hands are tied, and the end user doesn't have any other option.
I believe Cyanogenmod users have a much better security track record for the same social reasons that Desktop Linux users have better security. Case in point: the exynos root exploit was patched quickly for Cyanogenmod users [1]. It may never be patched for "the rest of us."
"The limited walled garden approach to computing ensures that she doesn't accidentally install malware, etc"
OK, but why not have a sanctioned, free, voids-your-warranty way to disable these restrictions, so that users who want to install software without using the app store can do so? This would not be hard. It could be buried somewhere deep where users cannot find it, it could be loaded with warnings, but all that would be fine.
Apple wants control, because control is profitable. Control lets them spot the next cool application early, so they will not be blindsided like they were by the Web. Control lets them promise developers and media partners that copyright infringement will not be such an issue. Control lets them maintain their image on a level that was not previously possible -- they can make sure that iPads are not associated with pornography, that iPhones are not associated with political cartoons, that nobody will point at Apple devices as a symbol of some national rebellion, and so forth. Control lets them slow down their competitors until Apple has a chance to market their solution (even if that solution is a total boondoggle).
It is hard to believe that Apple's policies on the app store were created with users as the top priority.
"the inherent danger is unfair competition - the gatekeeper can decide to reject software whenever it wants and impose fees and crazy rules"
Which is already what happens.
"I think it is best that the European union would regulate such walled gardens, e.g. by limiting the percentage that the gatekeeper can charge,"
I am slightly concerned that you might have got mixed up different concepts here. One is simplistic design which users with little or no previous experience can still feel comfortable to use on their own. A second is enforced uniformed interface cross multiple application which users feel familiar with (and thus also comfortable with). The third is safety against malware, which is a security concern. The last is market and user incentives.
A device without a walled garden can still maintain a simplistic design, encourage a uniformed interface, and maintain a similar security against malware. However, it has a harder time to incentivize software developers to strictly follow the uniformed interface and to always use the official store. Android market place has also less incentives to turn away new software, because developers has an alternative (thus Android app store have incentives to be lenient). For the Iphone app store, there are no alternatives for developers so Apple can be as harsh they want (thus they have incentives to be harsh).
Unwalled gardens also has a harder time to discourage users to run unknown software with malware in them. In practice, iphone users are less likely to try run downloaded software from a random internet site (or dl via bittorent), because no legit iphone developer ask them to do it. Android developers however often teaches users to use third-party stores. Thus, a android virus has a much easier time spreading than a Iphone one because on user base are trained to run untrustworthy programs, and one user base is not.
Thus a walled garden has two functions. First it maintain a monopoly grasp on a market, to extract tax on each purchase. Second, it provide incentives to developers so they follow a strict uniformed interface, to App store approvers so they will be more strict in judging new software, and to users so they are less inclined to run untrusthworthy software.
The first thing should be regulated away. The second thing should be understood when designing unwalled devices so to create the correct incentive for everyone.
The gates should not be completely closed though. By default maybe, but there should definitely be a way to make it open for the people that want it to be open. For example I received a hp pavilion laptop and wanted to install another os on it. All I had to do was set secure mode off in the bios and it was ready. That is a good solution because it works for both the grandma who wants the security of secure-boot, and me who wants to tinker.
> Every dollar spent in an Apple-store is money spent against the core of your profession. Stop spending money there. And throw away your iPhones and Macbooks. They are bad karma and software blood-money.
The key problem for mobile app developers is the rampant piracy on Android. iOS has nowhere as much piracy as Android. In this case, economics will dictate where app developers sell, will it not?
What we really need is a type of DRM that still permits general purpose computing. A safe way to store proprietary binary data (programs, media, etc) on the system in such a way the user cannot access it. This might mean restricting root, but it will mean goodbye to piracy. We could still give the user maximum power over the system in every way possible (allow him to install his own apps, access to most APIs, etc.)
In regard to Ipads, Kindle and Iphone (the three major products mentioned in the comment), FSF has criticized and campaigned against each of them in their campaign defective-by-design. The Windows phones are just a small notice in a long list of criticized products with DRM in them that the owners of the device do not have the keys.
Still, the threat of Restricted Boot is a bit different than then ordinary threat from DRM, in that it targets general purpose computers instead of semi-specialized products like phones and e-readers. The ARM move, while not very threatening today, is the foot in the door to push lockdown to more devices than phones and e-readers. It moves the language from talking about devices (a phone, a e-reader, a microwave), to talking about CPU's in computers.
> I love how Windows RT devices which are struggling to ship a couple million are "ARM devices" but there is absolutely no mention of tens of millions of iPads, Kindle and some other Android tablets being sold with locked bootloaders.
Microsoft makes a desperate attempt to secure a small anchor amid the avalanche of ARM-Android and inadvertently breathes new life into the Microsoft Meme: "Growth by Stifling Competition." Almost feel sorry for them.
Microsoft can't win no matter what they do. If they don't lock down the boot loader like Apple does they'll end up with root kit viruses and people will say "Oh, you should get an iPad so Russian mobsters don't clean out your bank account".
On the other hand, if they do lock it down there are articles like this one.
Or better yet, support the development of truly open hardware with that money. There are a few small groups and companies doing this, like the proposal for a SoC that just had general purpose processor cores, instead of dedicated video encoders/decoders and 3D acceleration.
I am certainly willing to pay a bit extra (higher cost, reduced performance) for an open platform.
• Freedom Included http://freedomincluded.com
• Garlach44 http://garlach44.eu
• InaTux http://inatux.com
• Lemote http://lemote.com/en
• Los Alamos Computers http://laclinux.com
• System76 https://www.system76.com
• ThinkPenguin http://thinkpenguin.com
• ZaReason http://zareason.com