Posts by h4rm0ny

You have it muddled. AMD have produced an Android interface that lets you run Android apps on Windows8. This *is* pretty cool, but I don't think we know yet whether it will include ARM devices (I suspect not). So it's not "Windows 8 users on any device" (probably).

That said, there are around twenty-thousand apps in the Windows store already because Win8 can use WP7 apps. And it's going to shoot up very fast. Also, the article writer is ridiculous to try and draw parralels between Firefox add ons and apps for Android, or the MS or Apple stores. It's a browser. They are OS's. Different roles, capabilities and needs, minor overlap. Stupid comparison.

"The rumours were £200 for the RT ones."

The stupid rumour from an "anonymous source" that had no support or evidence and was followed by a legion of people everywhere the rumour appeared saying that it was a stupid rumour. No-one who knew anything thought that anything other than wild and unfeasible speculation.

Re: Didnt Pre-ordered mine last night

"WinRT a full blown OS? hmm not so sure about that."

Okay. You posted it - so what definition of "full blown OS" excludes WinRT but includes things like Win8, OSX, Linux.

Re: Didnt Pre-ordered mine last night

"Its untested, untried, and effectivly the same price as the ipad. So they might as well get the ipad. "

For someone making an argument that the Surface will fail even if the cognoscenti like it, because it's not what the "person on the street likes", you show a weak grasp of how "the person on the street" thinks. They don't analyze past performance much or consider the company's history. They walk into a shop and play with it or watch a video or play with a friend's and say: "that's cool. I want that one."

The ones who analyze in excrutiating details, are us

Re: Business

"$499 w/o keyboard. $599 with. Seems straight forward to me."

Ah, you're just de-selecting the keyboard and then re-adding it and saying it's a £100 for the pink keyboard. It sounded like you were saying it was £100 more for colour. Standard cost of £479 with keyboard. £498 with coloured keyboard. If you remove the keyboard and just order the tablet part, then it's £399. But I don't imagine many people will do that. It turns it into a cheaper iPad a bit if you don't get the keyboard.

Re: What's wrong with Pages, Numbers and Keynote?

"This is true but the version of Office people have is seen as a status symbol."

You definitely need to find a better crowd to hang out with.

Re: I'd even buy one

In case anyone is seriously thinking of trying this, you wont be able to install Linux on the SurfaceRT for a number of reasons. Don't buy one thinking you'll be able to. It will probably be technically possible to install Linux on the SurfacePro, but it will be quite a while before people get the drivers up to speed for the new hardware. If you want to try this with any of the Win8 hybrids, get an OEM x86 one and be prepared to have problems if you're one of the early people to try this.

Re: What's wrong with Pages, Numbers and Keynote?

"True. Sadly, they won't get full fat office on MS' tablet either."

Well they will in three months when the Pro version comes out. And OEMs have theirs ready to roll this month. We've yet to see how cut down MS Office is on WinRT also. We know that it lacks VB Macros. But it does support the new iteration of macros which are the web plugins which are more secure going forward.

Re: @h4rm0ny "...using it mainly to make a......

Ballmer did publically state that they were keeping their options open whether they'd decide to do more Surface devices, but it's no good hitting someone with a stick if they think you can't do it a second time. His comment was exactly the sort of thing that fits with just using the Surface as a pace-setter. Those people who are talking about this being priced to fail (click-bait headline, I'm looking at you), or worse, those who expected it to be much cheaper despite no evidence and statements from MS to the contrary, I'm filing alongside those "analysts" who predicted wildly over the top sales figures for the iPhone5 on its release and then announced it had failed expectations when it "only" sold 5million in the first few days. If it "failed expectations", maybe you just got it wrong with your analysis. Same here. It's priced alongside the iPad as it was always said by MS that it would be.

What's interesting is that they have priced it exactly to the iPad. They clearly think two things - one, that the snap-on keyboard, better connectivity and OS trump the iPad's better screen and SIM-card slot and OS. I'd like the screen of the iPad3, but I don't need it. Plus the Surface aspect is better for widescreen media. For me *personally*, the SurfaceRT is better. So MS have got it right for a lot of people (I'm not statistically going to be the only person with these priorities).

But the second thing MS have done is pretty great tactical maneuvering. Apple are certainly not going to raise their prices - they already are targetting the upper end of the market and presumably have priced at what that demographic will bare. So if they want to adjust pricing, say perhaps because they need to due to increasing competition from MS and Android, because they want to rearrange their pricing lineup with a new mini-iPad or even just to reflect the state of the economy, the only way is down. What do people think if a rival brings out something for the same price as your device and you lower your prices? Yes - they think your product is inferior. Apple make good quality hardware but they charge you more for it. They can get away with the "Apple Tax" because they are seen as the superior product by those who buy them. This image of being the brand for the elite is one of the most valuable assets Apple has. If they lose it - they'll take a disproportionate hit to their sales because unlike PCs, image is a part of Apple's appeal. Justifiable so far because Apple do make good hardware (I'm just not an OSX or iOS fan). But if that image slips - it will hurt them.

By nailing their prices to Apple in such a brazen in-your-face way, MS are really giving Apple nowhere to adjust their pricing, which is a bad thing when you're trying to fine-tune sales. It's also the loudest possible shout of "Bring it on" that MS could make short of doing a series of "I'm an iPad, I'm a Surface" style adds. (Which would admittedly be pretty funny).

Re: Tough spot to play in

I don't think MS actually want to make the Surface a major part of their business model. I genuinely think that they are using it mainly to make a really good impression with Win8 and to beat the OEMs into raising their game. The pricing and the amount they are rumoured to have ordered made, plus Ballmer's statements about just wanting to sell a few million, support this.

Re: Business

Not sure where you got the extra £100 for a pink keyboard. The standard one is black. To get colour it will cost you £19.99 more to get one of the brightly coloured ones. Still not good, but not the £100 you reference. Possibly you are comparing the cost of the version where you specifiy you don't want a keyboard and counting the reduction and then adding in the cost for a pink one.

Also, whilst as per usual we Brits get ripped off, note that in the USA they don't print the Sales Tax in these prices so you can add about 20% to the US dollar list price you see which makes it not as bad. As the article points out, price of SurfaceRT with black keyboard is the same price as an iPad3 without any additions (comparing 32GB models). For 64GB versions, the prices are again the same though I'm not sure why you'd need the 64GB Surface as much as it comes with micro-SDXC and USB functionality so it's easy to bolt in extra space. On the other hand, the iPad3 takes a SIM card which the Surface doesn't.

Am disappointed I have to wait for the Pro version to get proper stylus support.

Re: @h4rm0ny

"You *like* feeding the trolls, don't you!"

I am genuinely interested in anything to do with OS security. It overlaps with areas I've been developing in. If RICHTO is simply saying that WinRT is more secure than iOS because it is brand new, then they are probably right but it's not very intersting nor something to WinRT's credit. If they have something interesting to say about the design, I am curious. It should certainly be much more secure than Win7 which is already very good. But I don't know much about iOS.

Re: The point is..........what?

Okay, I'll bite - how is WinRT more secure than iOS? It isn't even out yet which makes it a little unfair to start comparing.

Re: @h4rm0ny

"You got me wrong, I didn't question your experience"

You began your reply to me with: "Even taking your own word on your decade of using Debian (Ubuntu etc) " in italics. It's not even relevant to my original post, so it just sounds like you're trying to cast doubt on my word.

"I just find it next to impossible to remain neutral towards Microsoft or even feel positive about them."

RIght. Which is my point. People are downvoting a factual, sourced post which shows Linux is not being restricted, and they're doing so because their reaction is not positive because Linux isn't being blocked, but dislike of the post because it shows a party they are not neutral toward as less evil. The reaction of a normal person to finding something bad hasn't happened, is a positive one. The reaction of the downvoters (incl. you) is disappointment or anger. For such people, the need for the party they hate to be evil outweighs the actual desire for that party to do good. When you prefer someone to do evil rather than good, your hatred of them has gotten the better of you.

"Well, I guess, Chikatilo must have had a good opinion of himself too."

No idea who or what Chikatilo is but it's the second time you've brought it up. Searching brings up a Russian serial killer though. Are you now likening Microsoft to serial killers? Do you have any idea how ridiculous and maybe even offensive, that would sound to people outside of small anti-Microsoft echo chambers like The Register?

"Apple and Microsoft can't keep up with their competitors and resort to very similar dirty campaigns"

You've just named the two most successful OS producers in the world as those that "can't keep up with their competitors". You mean in technical features? Do you have even the remotest idea how difficult it is to write even just a modern OS's kernel? Have you ever worked on a project that size? Have you ever actually looked at what new features MS have come up with for Windows over the years? Why don't you do that before you dismiss without looking the work of thousands of skilled developers.

"Okay, secure boot is a nuisance and another *dirty* means against competitors"

Is the above just an article of faith with you that you feel you don't have to actually support? It has been shown that no PC is going to have a problem with Linux because of this. Will you be on here posting the same comment when Android devices start using Secure Boot? Will you be angry when CentOS comes as a signed kernel and uses that as a sales point over their competitiors?

"A number of machines with weird BIOS settings/features are already quite unfriendly to everything non-Windows"

UEFI is not BIOS any more than a car and a horse are the same thing. And what settings are you referring to, specifically? I'm okay with technical detail so when you make a comment like this, please feel free to specifically say what BIOS feature has caused you a problem. In fact, I insist. Otherwise I will not be convinced as I have Debian and Ubuntu running fine on two recent motherboards right here.

"I'd not waste my time in attempting to pull this nail out even if it was rusty."

It seems based on your desire to vote down inconvenient facts, that you'd go so far as to try and stop other people pulling out the nail if you could.

"I'd not waste my time in attempting to pull this nail out even if it was rusty."

Re: @h4rm0ny

"Even taking your own word on your decade of using Debian (Ubuntu etc) and the Microsoft related naivety doesn't undo many many bad things Microsoft has(ve, as in British) been doing for (the very) same decades."

Yes, it may be difficult to believe but I distinctly remember using SuSE Linux 6.4 as my primary OS so yes, I have been using Linux for over a decade. And I was using UNIX and Solaris some time before that. As to "Microsoft related naivety", I was talking about Secure Boot. You are self-confessedly objecting to my correcting someone because you would prefer the party you dislike to look bad. That is called prejudice or bias. And you are now writing to explain why you feel that even if MS haven't done a bad thing in this instance, you feel justified in voting down a factual correction because you consider them to be evil. And you really don't see that as morally wrong? To try to vote down true facts because you would prefer the party you don't like to actually be doing something wrong so that others will feel the same way you do, rather than actually take satisfaction in the fact that there isn't a wrong here and that the earlier poster was wrong about Linux being restricted?

Thanks, but I have my priorities right, imo. I see Linux not be restricted by something (indeed, I hope to see it take advantage of the new technology in the enterprise), and that makes me happy, not angry that I have had ammunition taken away from me.

Seriously, when you find yourself resorting to bizarre character attacks, such as quoting and italicising my career history and implying I'm lying (especially when my argument isn't based on my experience in the slightest, but on actual sourced references I provided), when you start making arguments that involve "kinship of black souls" or suggesting Apple and Microsoft are drawn to each other because they see their "evil likeness", it's time to take a step back and re-assess if you're a fair and objective person.

Re: Win7

"This is all the more important for Linux distributions with their much higher vulnerability counts than Windows OSs"

It's not "much higher". It's about 5-10% higher. And it's counterbalanced by the fact that Linux users have a much higher technical level of expertise on average (any given Windows user or Linux user might be the same, but the Linux user base doesn't usually include all the additional technically ignorant people that do use Windows and Apple alongside us more savvy users).

That said, your point is correct in that in theory someone could use a signed Linux loader to load malware into Windows. I personally find it unlikely that anyone who is able to install and manage Linux would be unable, or even discouraged, from doing so by having to change one minor setting and disable Secure Boot. But the LF and Canonical seem to believe so. They may be right.

Re: @h4rm0ny

"You got my downvoting for this phrase and the zeal of whitewashing the charcoal."

Someone says Secure Boot is MS stopping Linux without this workaround. I point out that this is not the case with explanation as to why. A rational person who wants Linux to do receives the correction with pleasure because it means Linux isn't being held down. A person who is less interested in results but gets off on the company they dislike being shown to be evil and the entity they like being shown to be good (if you're oppressed, the logic says you are the good guy), regards my post as a bad thing because it shows what this article reports on isn't the negative thing that the original poster portrayed it as. So yes, I'm perfectly comfortable saying that those who downvoted my original post actively want MS to be oppressing Linux. I've just explained why. For such people, it's less about Linux doing well, and more about feeling they are right.

And you put yourself among those people.

Re: disable secure boot on non-ARM platforms

"aaa whaaaa someone downvoted me.. mummmmmmmy!"

You miss the point - the problem is not that someone downvoted me - that's just a personal thing that doesn't affect anyone. The problem is that indicates some people would prefer to feel victimised rather than actually learn they were wrong. Linux - or indeed any other OS - doesn't benefit from that sort of support.

Re: @HMB - let me get this straight

"Announcing bad news is guaranteed to bring out the downvotes..."

That's the point. It's *good* news. Unless you actively want MS to be oppressing Linux. In any other regard, my post is a good thing for Linux as far as Linux users are concerned. And Windows users generally don't care if Linux does well because they don't see it as a problem for them. I posted a clear fact, with source and got downvotes. Almost certainly, based on the general tenure in the posts here, because it contradicted someone who was saying that MS were doing something bad for Linux.

Re: User-Generated Keys

"or is it that the key for Linux would simply make installing it more convenient (not having to go into the BIOS)?"

This last bit. You can simply turn off Secure Boot on a PC and not need the signed boot loader, but Ubuntu and the Linux Foundation have gotten themselves one so that the user doesn't have to go into the UEFI interface (UEFI is a successor to BIOS) because they believe that it might discourage users from trying out Linux. I'm trying to resist making a "back in my day" style comment about Linux users who would be discouraged by having to change the equivalent of a simple BIOS setting, but maybe things have changed and it really would put some off. Personally, I think they should just be grateful they don't have to hand-edit lilo.conf *grumble grumble kids today grumble* ;)

Re: Protecting their investment

"What is so hypothetical about this? Do you think it is wrong for an operating system manufacturer to hold sway over a hardware manufacturer?"

Well, the question you ask is hypothetical when it comes to PCs because the devices are not locked to a particular OS manufacturer and MS require any manufacturer to ensure that they are not under threat of withholding Win8 certification from them. So that is what is hypothetical.

"Why would Microsoft subsidise the cost of a netbook? What is in it for them? Do you think it is coincidence that Toshiba wouldn't sell me an NB200 without an OS? I'll tell you this .. that I personally can think of no other reason that an OS manufacturer would put money behind the sale of hardware unless it was for the reason of keeping competitors off that platform."

Again, I point out that this has nothing to do with Secure Boot, that neither the NB200 supports it (it's not even a UEFI device) nor the OS (XP or 7) can use it. Do I think it's coincidence that it's only sold with Windows on it? No of course not - marketing decisions don't just happen by coincidence. I imagine it's mainly because, as Asus found, the market for PCs delivered with Linux on them was so small to not really be worth the extra support and bureacracy and that they also got hassle from people returning them because the buyers were ignorant that PC does not mean Windows. And this is the case for nearly all mainstream sold PCs, not just this one that you say MS subsidized. I also have to ask what you actually mean by MS subsidised the cost of the laptop. Taken literally, it seems to imply that money was flowing from MS to Toshiba, which seems unlikely. Should I read you as saying MS charged Toshiba less? That is quite common - large sellers always negotiate their own deals and these are often quite closely guarded secrets, so I want to know what the terms are that you say MS made Toshiba not sell blank devices.

"I have no proof, but that is my personal opinion."

It's possible. But as I've shown, there are also other explanations even though you stated you couldn't think of any. So we don't know if it's really the case or not, it's just hypothetical and as it's hypothetical it may not be appropriate for you to get as angry about it as you don't know whether it's the case or not.

Most of the rest of your post is just general comments against Microsoft and I don't know why you're directing them at me as I was talking about Secure Boot. I am not Microsoft. I'm just someone who understands how Secure Boot actually works. If you're going to reply to my post about Secure Boot, you should be addressing Secure Boot, not just using my comment as a platform for general anti-Microsoft attitude because the latter is not really a reply to what I was talking about.

"WHY does MS think that it is OK for i86 to be allowed to be turned off, while ARM can't? That's one question I've not yet heard convincingly answered."

I commented on this elsewhere. We don't know - it's not even out yet. But ARM devices are less generic beasts than x86 devices - the software is a lot more closely written to each individual device. (If Linux has only just built a generic layer for ARM, then I can only guess how far behind Windows is). In short, I don't know but I guess they are seen more like phones where the product is a closely-integrated hardware+software designed and sold (and cruicially, budgeted for) as a single saleable thing, rather than as one thing (hardware) that comes with another thing (software). At least I presume that is the mindset. Basically, it's the same model Apple use with the iPad and some Android devices. You're not supposed to rip it apart for the parts. It may be that these are priced on the expectation that the installed OS will remain there. E.g. the iPad is priced as is because Apple expect to make money from people buying apps for it through the store. If it were generic hardware, it would be more expensive. Don't know on that front, but this is my guess for the motivations.

Re: Protecting their investment

"It has everything with secure boot. Toshiba wouldn't SELL me an NB200 without Windows on it. Don't people understand this yet?"

I actually just looked up the Toshiba NB200 to see why you are having a problem. This machine doesn't even have UEFI. It has BIOS. You're insisting that a model that does not support Secure Boot, which comes installed with an OS (XP or Win7) that cannot not use Secure Boot, has "everything to do with secure boot". It doesn't. That's what I've been telling you - what you're angry about has nothing to do with Secure Boot.

"Microsoft had contributed to the cost of the NB200 that was sold with Windows"

If that is true, then doesn't that mean that MS are subsidising the cost of the NB200. Your second comment: "Even if I wanted to pay the extra, I couldn't get an NB200 without Windows" doesn't make sense - if you're willing to pay extra for a device without Windows for some reason (I would not be), then you can just wipe the Windows that comes with it and not have to pay the extra. And again, this is nothing to do with Secure Boot. Do you think for some reason that Secure Boot would prevent you wiping Windows from your x86 device? If so, you have a very, very incorrect understanding of what Secure Boot actually is.

"As long as this kind of thing is possible, then what is to stop Microsoft insisting that the only keys installed on the NB200 (as a future example) is for the operating system that it is shipped with ... as it is ploughing money in to the sale."

As has been pointed out several times - MS are actually requiring hardware manufacturers to allow users to disable Secure Boot on PCs. Are you getting angry about hypothetical scenarios? Is that the issue?

"What the potential is for secure boot to play a part in such microshite/manufacturer deals now ... who knows, but I'm very, very wary of it and concerned about the situation."

Okay. Fine. But your earlier posts were giving the strong impression you were angry about an actual wrong being done now.

Re: Here We Go Again

"Uhmm, h4rm0ny, it seems you misunderstood the whole topic. Read up on the material here for example: http://www.rodsbooks.com/efi-bootloaders"

Would you like to actually try pointing out somethig I have got factually wrong or have misunderstood? Linking to a page about bootloaders doesn't really say anything. If you're implying I don't understand how they work, you're incorrect.

Re: Protecting their investment

"Now to the point - where is my ability to buy an NB200 without Windows on it? I can't, because Microsoft locked down my purchasing ability."

That really has nothing to do with this story about Secure Boot, but have you contacted Toyota and asked if they'll reimburse you if you don't use Windows? Dell, Acer, Lenovo and HP have all refunded people for the cost of the Windows licence if unused. Toshiba might also. That said, with volume licencing and the fact that the NB200 is very old and comes with XP on it, you're probably going to get very little back. (And it's Toshiba who are selling it with Windows on, not MS, just for accuracy). You could also buy it second hand as it's a few years old in which case you wont be paying for a Windows licence if that helps?

"So no matter what you think, I'm complaining to my MP. I have machines that run 24/7 and bring themsleves back up after a power cut that is beyond the UPS ... amd I supposed to always be there to press a button when this happens? No way."

I'm not sure what you're talking about here. Are you talking about Secure Boot blocking unsigned code from loading without user verification? Surely you would want that if you have Secure Boot turned on as that is what it is supposed to do. If you don't want that, just turn it off. (I am assuming that you aren't talking about 24/7 ARM machines on UPS).

"Also, why are the US companies Intel and AMD allowed to have a get out while UK company ARM isn't ?"

Because AMD and Intel make x86 hardware and ARM does not. Incidentally, ARM architecture was designed by a British company but the technology is actually licenced by a large number of hardware companies including US companies.

"This whole microsoft requirement stinks like shit; I'm as mad as fucking hell and my MP is damn sure going to know about it."

I genuinely don't understand why you are angry about the Microsoft requirement for Secure Boot which is that a user has the ability to turn it off on x86 devices. Without that requirement, device manufacturers could lock their x86 hardware to a specific OS. You understand that UEFI is not a Microsoft technology and nor is Secure Boot? It's produced by a forum of hardware manufacturers of about a dozen major hardware manufacturers. Linux distributions are also perfectly capable of signing code for Secure Boot.

Re: The keys are not controlled by the owner.

"You have just explained fairly well why those of us who use Gnu/Linux, FreeBSD, NetBSD, etc, might want to use Secure Boot. You have not explained why we should not have the platform key and sign boot and other software as we choose"

I never tried to explain why you shouldn't. I'm all for user ownership of the device. I'm just trying to correct some of the horrendous misinformation and outright untruths flying around here, e.g. that Linux is blocked from being run on x86 without this "workaround" or that Secure Boot is just a scam without purpose. I'm pro-Security and pro-Accurate Reporting, not pushing any other agenda.

I guess I would say that if you routinely re-compile your kernel and modules then that mitigates some of the gains of self-signing. I.e. either you remove malware infections by recompiling, or if not then you're actually signing infected code. Though please don't think I'm arguing it has no value. I just think it more useful a scenario in the enterprise where you want to push out verfied code to a lot of users, rather than worry about your own box when you're already an expert user. So I love seeing that Red Hat are leading the way in this for Linux. Being able to roll out Linux to a thousand PCs and know that no-one can alter that install without an alert or being locked out - that's good stuff. My (admittedly somewhat out of date) Gentoo box, I would be either forever generating new keys for a system where I reckon I know what I'm doing anyway (and for which there's very little malware out in the wild) or I'd just turn Secure Boot off. Anyway, those are my thoughts on it.

Re: UEFI is a lockdown technique, NOT designed to prevent malware.

"Most if not all malware does not compromise the computer through the boot process. It compromises one or more of the running processes on a running computer to 'own' the target. The computer is already running at this point. UEFI only protects boot, not the running OS. Therefore the UEFI is NOT an anti-malware technique"

I can categorically state that you are not an active professional in the field of anti-malware development. I've elsewhere linked to entire families of malware that infect the boot process. I'll give you an example of a trojan. The user receives it somehow (typically an email attachment) and they run it. Now they're not going to run that executable every time they turn their computer on (particularly if it did not contain the video of Cheryl Cole naked that they were promised the first time) so the malware needs to infect the PC so it runs automatically. There are a variety of places it can hide and run and one of those places is the boot process. The advantage of the boot process is that the malware can activate before the anti-malware software (Norton, MS Security Essentials, whatever) can start - which helps it hide. By verifying that the code to be booted is signed and not altered, Secure Boot can protect against this. You can state that it isn't so, but I've actually linked to such software definitions elsewhere. It exists and it is widely known.

Re: Here We Go Again

"I have EUFI laptop and the only way to get Linux on is via the Ubuntu installer that slips it into the Windows boot menu somehow. cant seem to get a better distro on there because there is simply no option to choose the boot device or do anything to the machine pre-boot."

If the only way to get Linux onto your laptop was via the Ubuntu installer, then Ubuntu would be the only Linux distro in existence. You can manually install Grub (or even LiLo if you want). I *think* you can still boot Win7 from both of these as well. If you meant you want to dual-boot, then the Ubuntu installer is a nice friendly way to do this by inserting it into the Windows boot menu, but there are most certainly other ways to do this. I really hate to come across as a grouchy old hand, but if you see the Ubuntu installer as the only way to get Linux on somewhere, then you'd never have survived the days of compiling your own kernel. Try getting hold of Gentoo or Arch to experience "real" Linux. ;)

Re: Wood for the Trees Problem

"No one is stopping Linux software companies from doing the same as Microsoft and saying "if you want Linux certification, you need a linux Master key in your BIOS"."

That's an interesting point. Fedora and Ubuntu are the first Linux distributions to do signed boot loaders, but I would imagine Google / Android to be the first to actually roll out devices locked to the installed device, a lá WinRT devices. It will be interesting to see the anger displayed or not displayed, when they do so.

Re: @HMB - let me get this straight

Just to follow on about WinRT. I guess the difference as MS see it, is that with OEM devices, they are selling software. But with the WinRT devices, they are not selling software, they are selling hardware and software combined. And they don't want to be subsidizing competitors, e.g. Android, by selling hardware priced according to subscription models or offset by software costs, if someone will just take the hardware and use it as a cheap platform for a rival at MS's expense. E.g. a common rumour is that some of the WinRT devices are going to be sold on a subscription model much like phones. Naturally, MS would want the device to be locked, just like a phone is locked. Doesn't mean I agree with it, but I presume that may be the reasoning.

Re: @HMB - let me get this straight

"The irony of the downvoters is that they think they are championing linux, but all they really do is make respectable linux users look more like goons by unfortunate association. They're the sort of people you don't invite along to parties because of inadequate emotional intelligence."

I've been using Linux for around a decade. And before that I was using UNIX. I remember when Ubuntu appeared and looking down on it for the way everything was pre-compiled. :D Yes, we don't need champions who would prefer a helpful lie to the truth.

"One caveat I would come out with was that I could have made it clearer that ARM wasn't included in the fair secure boot plan. I don't agree with ARM being locked out on principle, but I find it distasteful that Microsoft gets singled out for this when Apple has been locking down it's platform for some time. At least bash both of them in a balanced way."

Agreed and noted. As I wrote elsewhere, I would also like to see ARM devices required to allow Secure Boot to be disabled. I have criticised MS for this on other occasions, but I guess here I was just focused on trying to correct the onslaught of misinformation (some of which is almost certainly deliberate as at least some of the people here must know better). I will keep it in mind for the future. Cheers.

Re: The keys are not controlled by the owner.

"If UEFI was intended to protect from malware, the user could enter their own keys for what they want to have boot. This is not the current approach."

How would a piece of firmware tell the difference between a self-signed piece of software that the user wanted, and a self-signed piece of software that the user didn't want (i.e. malware). It's similar to self-signed certificates on servers - you need a trusted third party to verify (i.e. sign) your certificate else it's just a piece of software saying: "trust me because I say you can." Unless the code to be booted is signed with a key that the firmware recognizes (i.e. the device maker's key), then it can't know if the signature is valid. Yes - Secure Boot is designed to protect against malware. I linked you to a specific example of malware that would be blocked by it. There was an article on The Reg. here not long ago where someone had demonstrated how they were able to carry out an attack which was blocked if Secure Boot was enabled. It's downright bizarre that you claim it is purely a scam. Which brings us to this...

"So how did the malware get into the machine in the first place. It didn't get in through the boot process. The boot process is altered as part of the infection. What will happen is that the machine that gets infected will turn into a 'brick' and won't boot."

I gave you a direct link to an example piece of malware. You ask how did the malware get onto the machine in the first place. If you check the first line of the summary for that malware (or the technical name of it), you'll see that it is described as a Trojan. This means that the user has actively installed it, typically under the expectation that it is something else, e.g. porn or some such.

And nowhere in the description does it say that the infected device will become "a brick". Are you under the impression that Secure Boot will turn the device into a brick because of an infection? That's a good guess at what might happen if you haven't read up on it, but actually there are a range of options. First, note that this whole thing applies not just to the kernel itself but device drivers as well (which can also be infected). So you might for example, boot up in what used to be called "Safe Mode" with some functionality disabled allowing anti-malware software to re-install drivers or clean up infections. Also, typically, the system might start a separate repair or remediation process distinct from the normally booting OS which will again repair or clean up the infected system. There are all sorts of options, basically. Simply bricking the device and refusing to do anything...? Not by design, anyway.

And remember that the goal of modern malware is not normally to brick someone's device, but to either extract information or subvert their resources (e.g. for DDOS). I suppose if you're asking could someone write a piece of malware that infected not only the OS that ran, but destroyed the alternate systems put in place to recover from that as well with the deliberate intent of making the device a brick, I don't know. Maybe. But it would be a near-useless piece of malware to write and without profit. You can write a virus now today that goes and destroys an OS and user data with less privileges than are required to pull off a bootkit. So Secure Boot is not opening up any vector for attack that isn't already there.

Besides, you are aware that in the "bricking" scenario you have described, however unlikely, the user can just turn off Secure Boot, right?

"The way to prevent malware infection is at the point of infection. Fix the programs that are running, use qualified knowledgeable programmers instead of cheap off-shore labor. Take the time to test. Run boundary checking and fuzzing software against critical CIs.."

The whole principle of layered defence has just been discarded by you then? Firewalls should be disabled because no software on an OS will have a vulnerability that could be exploited? Suhosin and other server-level security should be disabled because no web-application written will have flaws in it? We should never scan for trojans because no user will ever install something without knowing what it does? We should never verify the signature of code we are booting because no malicious code will ever make it onto the device? That last one about verification of code - that's what Secure Boot does. I do not like your approach to security and I sincerely hope you are not involved in the field, though I get the impression you are not.

Honestly, you say you use Linux - one of the most secure OS's ever written, and yet you post arguments against a useful security mechanism that Linux can also take advantage of. What are you going to say when most Linux distributions are also using this security measure? Are you going to write angry posts about how CentOS or Ubuntu Server should not have this security measure?

Re: How does this work when you buy your components individually?

"Are all mobos gonna be subject to the same or is this just M$ forcing their wills on OEMs?"

You have it the wrong way around. UEFI is created by the hardware manufacturers (AMD, Intel, Lenovo, etc.). MS are actually forcing a requirement on them that Secure Boot can be disabled. No x86 hardware is currently blocking MS due to being sold with Windows on it. The article is flat out wrong.

Re: so...

"The snapper should sue the GUILTY party. The ones who did something wrong."

Ideally, prior to suing, the snapper should simply send them a letter or email pointing out the infringement and stating their normal fees for such usage. We've no idea here (because the article doesn't tell us), if she skipped directly to the lawsuit or if there is some dispute. Lawsuits should not be a first resort and you can often get a quicker resolution without them.

Re: "All Aplle had to do was just put on some various strokes and an uncopyrighted face"

It's almost certainly an oversight. Big companies don't normally knowingly invite lawsuits over what - to them - are trifling amounts.