No, you wouldn't. I note elsewhere that it should be possible to safely and securely install keys automatically from a read-only volume. You know, one that was pre-fabricated or required direct, manual intervention to set up.

It might, if no one steps up to manage it.

Someone could do that, though. After all, the APIs aren't copyrightable so pull a LibreOffice: establish a foundation, swap out the trademarks, and move on.

What third party?

Verisign maybe? Someone already established in the industry that isn't obviously biased?

How about the Linux/BSD/Haiku/ReactOS/Hurd community pick a 3rd party or just one of themselves?

And have to run around and convince all the hardware vendors to include them, only to be ignored readily? I suspect the only reason Redhat had success was precisely because they are Redhat.

the dancing bunnies problem.

Ah yes, better to spew some FUD and not approach the problem rather than think of a way it could be done safely. Blame the user and use it as a justification to impose even more onerous restrictions. Why not use it as a justification to bar disabling UEFI or changing keys? Because MS knows they'd get nailed to the wall for being anti-competitive. Again.

True, I forgot about the resizer utility. Mostly it brings to mind how bootcamp refused to work if I had pre-planned and partitioned the device accordingly ahead of time, insisting that the only way it could work is to take space from the HFS+ utility. I don't recall using the installer however, but I never installed Windows on the unit.

Could Oracle decide that if it can't have its way with Java, then nobody should have their version of Java, and simply stop making new versions?

Wanna see OpenJDK get a lot of investment?

Bootcamp was only necessary because Windows XP needed the legacy BIOS to function. Windows 7 and most modern Linux distributions will readily boot from EFI systems.

I installed Ubuntu 12.04 on my 2006 Macbook recently, with the intent of doing so without having a trace of OS X on the system. The amd64+mac ISO they have installed cleanly without a single problem, and boots directly into Ubuntu without needing Bootcamp or OS X on the platform.

The same will not be possible on PCs once Windows 8 ships. It will be a pain in the ass for anyone not blessed by Microsoft.

The UEFI spec (which Microsoft has a HUGE hand in writing these days) explicitly denies the ability to automatically install keys. They could have made it possible to do so, say by requiring it happen from read-only media, but they didn't.

It's left vague enough that it's virtually guaranteed to be an enormous pain in the ass to enable secure boot for any platform not explicitly blessed by Microsoft.

UEFI is not a problem, because I'll just continue to do what I've been doing for almost two decades: building my own servers and workstations from individual components.

Your motherboard will come with Microsoft's key and default to secure boot.

if at some point in the future a client asks me to migrate all of their existing workstations and servers from Windows to Linux, then UEFI may make that difficult.

Precisely.

Because there were several other paths they could have chosen to work with secure boot, but this was the most efficient?

Most efficient? Hardly.

One thing MS could have done was ensured, for the sake of not appearing totally anti-competitive, was to put a 3rd party in charge of the process, include guidelines in UEFI for how keys could automatically be installed safely, and specify a minimum functionality set for "custom mode" so using Linux and Windows securely on the same machine isn't a binary choice.

It is deliberately inefficient, and it puts Microsoft in a position of power. They'll happily take a loss for such control, as we've seen in the past.

Then you aren't the target market for the app store.

And if you aren't the target market for the App Store, better hope Apple never pulls Gatekeeper out.

The App store is for common joe six pack who frankly doesn't need to editing their apache config files in the first place.

Deliberately crippling software so that its utility is limited in the name of "security," even if it hinders the end-user's ability to use it, is stupid as fuck.

My guess is that in the future you'll need a Mac Developers account to access the core features of OSX if you want to do any customizations.

I expect this too. And then we can mock anyone who suggests that OS X is an open platform.