That seems like a lot of work and complexity for something that's already feasible.
Vendors can currently ship OS-less machines with secure boot turned off.
Linux vendors can remove MS' key and put in theirs or the distros' if there is one, or just turn it off and then install Linux before shipping it to the user. The user can install/remove keys and enable/disable secure boot as they please.
Secure Boot isn't secure nor is it a security feature. It's sole purpose is to keep Linux off of x86 computers. It's already easy to get around 'Secure Boot so I think it's broken as a concept. Security has to constantly evolve to meet evolving problems. Hardware can't do that.
+3 interesting? What's wrong with Slashdot that posts with the most misinformation are modded up? And then other people take these modded up posts as gospel and keep repeating the FUD.
Can you tell us how it's easy to get around Secure Boot?
Secure Boot isn't secure nor is it a security feature. It's sole purpose is to keep Linux off of x86 computers
Here's a couple of viruses that Secure Boot prevents.
http://www.chmag.in/article/sep2011/rootkits-are-back-boot-infection
http://www.theregister.co.uk/2010/11/16/tdl_rootkit_does_64_bit_windows/
I recommend reading atleast the first link.
Here's one juicy bit:
TDL4 is the most recent high tech and widely spread member of the TDSS family rootkit, targeting x64 operating systems too such as Windows Vista and Windows 7. One of the most striking features of TDL4 is that it is able to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and 7) and perform kernel-mode hooks with kernel-mode patch protection policy enabled.
When the driver is loaded into kernel-mode address space it overwrites the MBR (Master Boot Record) of the disk by sending SRB (SCSI Request Block) packets directly to the miniport device object, then it initializes its hidden file system. The bootkit’s modules are written into the hidden file system from the dropper.
The TDL4 bootkit controls two areas of the hard drive one is the MBR and other is the hidden file system created at the time of malware deployment. When any application reads the MBR, the bootkit changes data and returns the contents of the clean MBR i.e. prior to the infection, and also it takes care of Infected MBR by protecting it from overwriting.
The hidden file system with the malicious components also gets protected by the bootkit. So if any application is making an attempt to read sectors of the hard disk where the hidden file system is stored, It will return zeroed buffer instead of the original data.
The bootkit contains code that performs additional checks to prevent the malware from the cleanup. At every start of the system TDL4 bootkit driver gets loaded and initialized properly by performing tasks as follows: Reads the contents of the boot sector, compares it with the infected image stored in hidden file system, if it finds any difference between these two images it rewrites the infected image to the boot sector. Sets the DriverObject field of the miniport device object to point to the bootkit’s driver object and also hooks the DriverStartIo field of the miniport’s driver object. If kernel debugging is enabled then this TDL4 does not install any of it’s components.
TDL4 Rootkit hooks the ATAPI driver i.e. standard windows miniport drivers like atapi.sys. It keeps Device Object at lowest in the device stack, which makes a lot harder to dump TDL4 files.
All these striking features have made TDL4 most notorious Windows rootkit and it is also very important to mention that the key to its success is the boot sector infection.
Another bit:
The original MBR and driver component are stored in encrypted form using the same encryption. Driver component hooks ATAPI's DriverStartIo routine where it monitors for write operations. In case of write operation targeted at the MBR sector, it is changed to read operation. This way it is trying to bypass repair operation by Security Products
The OEMs offered to add Red Hat and Ubuntu etc.'s keys but they refused since they didn't want to have an exclusive solution and neither did they want to be in the position of signing keys. If the Linux foundation stepped up, the OEMs will gladly add their master key to UEFI, but it doesn't want to.
Is there something about UEFI and secureboot that causes many folks' brains to be absolutely switched off? Or is the FUD successful in muddling the facts? Or maybe the whole issue is too complex for folks to understand. But it's Linux users we're talking about, not "M$ Windoze sheeple". About 80% of the posts on here and on Reddit about UEFI Secure Boot are simply false and extremely misleading which perpetuates the cycle of ignorance and spreading FUD. Very disappointing, I expected that people would be smart on here, but they seem to be ignoring facts "la la la" in the hurry to feel victimized and jump on the anti-MS bandwagon. Post any anti-MS crap and it's automatically modded up, no wonder the site appears to be dying with very few comments on most articles these days.
Posters like bmo, symbolset, tuple666, Zero__Kelvin, LordLimeCat, Jeremiah Cornelius, UnknowingFool, rtfa-troll, binarylarry, MightyMartian, drinkypoo, pieroxy and a whole bunch of others have ruined Slashdot beyond repair(with the help of moderators) and seem to suffer from this affliction: http://linux.slashdot.org/story/09/07/25/1757253/linus-calls-microsoft-hatred-a-disease
A great deal of security isn't about what some protocol or device *can* do, it's about how it commonly ends up in real world.
It already successfully prevents many kinds of undetectable rootkits on Windows in the real world.
Initial signing key shouldn't have come in the firmware, it should have been like the TPM, the vendor has the opportunity to 'take ownership' of the platform.
I would certainly prefer that the vendors with razor thin margins of a few bucks a PC/motherboard in Taiwan not be burdened with 'taking ownership' of the platform.
If the argument is that people with piece part systems are put at risk, it's such a small population that has to be using a malicious copy of the media.
Even 1% of PC users would be in the high millions.
..and when the universe dies a heat death? Anything is possible tomorrow, Secure Boot doesn't mean that suddenly 100% of the numerous PC makers will one day suddenly ban user root keys and make their devices harder to fix in case of issues.
Gah, what's it about secure boot that seems to confuse so many people?
Currently there are zero vendors that lock out users from the signing keys since being Windows Certified needs user control of keys.
The parent posts point is that if such a vendor shows up, vote with your wallet and feet and get a computer from another vendor.
How is secure boot about lock-in when you can turn it off with a mouse click?
How is it Microsoft's fault that the FOSS community is unable to come up a signing organization that OEMs are willing to add?
Given that you're in full control of the keys, Secure Boot is more like a ADT alarm system controlled lock you put in your home than a handcuff. By default, MS is trusted, but you can make it untrusted and prevent Windows from ever booting even by accident if you so wish.
Sigh. Do you read anything you link? You are linking to an article that is speculating on the re-org. They are rumors until MS actually announces it:
You seem to lack the basic knowledge that when Bloomberg, WSJ, NYT, Washington Post say "According to people familiar with the matter" they're pretty much 100% right.
For example, see how WSJ got news of the iPad before it was launched. http://online.wsj.com/article/SB10001424052748703580904574638630584151614.html
Equating these professional organizations' sources to the same level as "rumors" by users on Apple fan forums or Slashdot does not make any sense. How many times do I have to prove that all rumors and speculation are not the same and the source and their track record matters a lot? This basically shows your willingness to argue for the sake of disagreeing rather than argue any facts and shows that debating with you is a complete waste of time.
Those Windows sites don't speculate? Since when? Perhaps you need to read more carefully.
Again, all speculation is not the same. See some of Mary Jo Foley's track record in this link which I provide again.
http://tracour.net/author/Mary%20Jo%20Foley
All you have brought is speculation unless you work at MS and have first hand knowledge. I suspect if you work for MS, you won't disclose it.
No, I don't work for MS, if I did, I would declare it, why hide it? There's nothing wrong with working for MS, as you seem to think. My speculation is from informed sources with a stellar track record and a lot of big revelations under their belt while you seem to have no clue about MS watchers who work in the press. Again, you're trying to color all speculation the same, it's not.
Ok I will switch to the format of my other reply on the other thread which seems to finally have gotten into your head since you haven't even replied to it yet.
http://slashdot.org/comments.pl?sid=3929159&cid=44180905
I said this
No employment contract in the US can force anyone to show up to the office and do work. Slavery is not legal anymore.
An "employment contract" that forces people to show up at work and actually do work against their wishes(under threat of arrest, criminal charges or physical punishment) is what slavery is. Q1 Agreed?
The thread came out like this.
I effectively said "Employment is at the will of the employee. MS cannot force him to work if he does not want to."
You came out with: "First, at-will employment only applies when there is no contract:"
Second, you do understand that top level executives often sign contracts which companies can dictate terms like term of employment. Often the exec and the employer agree on when they can leave; however, it can get contentious if there is no agreement. In this case, it points more that the exit was unexpected but MS let him go.
Did MS even have an option to not let him go? You bring up non-compete, but they're not enforceable in many states. Look at Steven Sinofsky's agreement where they had to pay him a ton to keep him out of competitors' hands. http://www.theverge.com/2013/7/3/4491560/steven-sinofsky-microsoft-retirement-agreement-deal-shares-nda
Why would they waste so much money if noncompete agreements were workable? Microsoft's lawyers known way more than you about this stuff. Q2 Agree?
I effectively said "No contract can force people to work against their will since slavery is no longer legal. The only way out is monetary punishment which Zynga likely bought out."
And guess what? I was right.
http://microsoft-news.com/don-mattrick-to-make-over-50-million-at-zynga/
Also what does non-compete agreements have to do with anything in this topic at all? It's another irrelevant topic that you brought up.
No, you bought this up by saying this upthread:
Or better yet, have Mattrick stay until the re-org is announced in a few days.
I brought up contracts etc. to counter that point
And now you argue against yourself and agree with me and don't even remember that you started this line of argument. Nice 360.
Q3 agree?
Also, another quote from you:
What the hell? You are the only that keeps insisting that this was all a part of the re-org yet "plans change". That makes absolutely no sense.
From a news report the next day http://www.bloomberg.com/news/2013-07-02/microsoft-ceo-said-to-give-bates-mergers-role-in-revamp.html
The restructuring isn’t finalized and Ballmer may still shuffle roles around up until it’s officially announced, the people said. Xbox head Don Mattrick had been a contender for the hardware post before left the company to become CEO of Zynga Inc. (ZNGA), a move announced July 1.
See how it makes sense? Q4 Agree?
Look, I understand you're not a MS watcher and you probably follow a lot of iNews, and that's good for you and I don't think that's a bad thing in itself at all. People have different interests and they should. But you come off trying to argue from a position of ignorance trying to show MS in bad light with flimsy and broken logic while lacking real information that is out there if you really wanted to grab it instead of trying to score brownie points by nitpicking on people who have done their homework.
If you read through this thread, I am quoting information and giving references. You are like the first AC, trying to inject baseless arguments that essentially boil doing "Ballmer is an unknowing fool that bumbled up the Mattrick exit, i know better, also MS sux and this is baaaaad news for MS". I am tired of being the only one doing the research here while you take irrelevant potshots at me.
If you want to argue from a position of strength, first watch the last 10 episodes of "Windows Weekly". Then read the last 50 articles on allaboutmicrosoft.com and Winsupersite. Those are not even opinion or speculation, Paul and Mary have known good sources *inside* MS and have repeatedly delivered, and also they're very critical of MS on many points. Arguing from ignorance and calling my posts speculation on the level of random Slashdot comments like yours is not called for. Q5 Agree?
Apple made those changes because developers protested. If everyone was like you or listened to you when you say "You're not entitled to anything beyond what Apple deigns to give you so just shut up and stop complaining" then those few changes would have never happened. So there's nothing wrong with demanding or complaining about the 30% cut or in-app purchase requirements that, for example, the Microsoft stores don't have. You just want people to be happy and roll over.
So Apple wasn't clear about rejections and may not have been consistent with its policies. So what? You want to contribute that to malice, go ahead. I would think that in having to curate hundreds of thousands of applications, there are bound to be problems.
I only care that the situation is fixed. A UI prototyping app was banned in multiple months even after the developer went high up the Apple exec chain. A coding app is prevented from sharing code. http://twolivesleft.com/Codea/Talk/discussion/348/apple-notified-us-of-violations-re-downloadable-code/p1
And we're not allowed to complain?
>I even remember CEO Tim Cook endorsing Google's Map app during the botched Apple Maps launch.
That was because people were getting into dangerous situations with Apple Maps. Apple didn't want to be culpable and get blame for that so they were basically forced to suggest competitors.
Wrong directions can have very bad real life situations, unlike say, a broken RSS reader app.
http://www.npr.org/2011/07/26/137646147/the-gps-a-fatally-misleading-travel-companion
I never said an employment contract is slavery. I said no contract can force an employee to show up for work and actually do work(like it happened in the old times). What happens if you go to work but don't do any work? You can be fired without pay, for example, but you won't face criminal charges or arrest, maybe financial ones based on contract Re-read my post, especially the first and last sentences. I did say there can be monetary punishment(which you repeat like a parrot in your reply as if you're stating something new).
In spite of you bolding "after", non-compete contract can and do cover while being employed.
From http://www.fklaborlaw.com/faqs/employment-law-covenant-compete.html
A covenant not to compete, which is also known as a non-competition agreement or a non-compete, is a promise by an employee not to compete with his or her employer for a specified time in a particular place. A covenant not to compete may be a clause in an employment agreement or a separate contract standing by itself.
Agreements that prevent employees from competing against their employer while still employed are upheld in every state. Most states also provide employers with a remedy to recover profits lost as a result of the "faithless employee" who breaches a fiduciary duty owed to the employer by competing against it, while employed, whether or not the employee had agreed not to compete against the employer.
This is an example of a typical ignorant post full of bluster and over confidence from you while not doing basic research.
Apple's abuses in the app store(search for iPhone application graveyard or look at the UI prototyping app that was banned) are so well known that the story was very believable. Thats why the competitor I was referring to was Android, not MS.
Wow you fail at reading comprehension. Mine are clearly labeled as speculation. I didn't throw a hissy fit when others speculate unlike you:
Please RTFA or buy a fucking clue. I am so tired of stupid Slashdot stories and commeters who only get their Microsoft news from Slashdot and don't even RTFA.
You speculate all you want but if you ate going to rant about others doing the same isn't that the pot calling the kettle black?
You fail at reading comprehension while quoting me out of context and accusing me of it. I will label some questions and request you answer them.
Here's the AC comment I was replying to, with the relevant part bolded:
While it's likely a good guess, as the end of major development cycle often brings big changes and most CEO's don't tend to collect direct reports, claiming that a reorg 'is imminent' is misleading and likely biased in itself. Are you afraid of competition?
How is "claiming a reorg is imminent misleading and biased" when I have shown multiple reliable sources stating it and you yourself agree with it? That AC obviously got his news(or lack of it) from this story and the misleading summary. Q1 Agree?
Again the re-org was planned. No one here disputes that. That is a dead point.
The AC comment I was replying to disputed that. Read it again, slowly, take your time and read it word by word.
AC comment I was replying to:
While it's likely a good guess, as the end of major development cycle often brings big changes and most CEO's don't tend to collect direct reports, claiming that a reorg 'is imminent' is misleading and likely biased in itself. Are you afraid of competition?
It was not a dead point when I replied to it and gave my source links showing reorg was coming. Q2 Agreed?
If so why do you think the AC didn't know about it?
Bingo! It's the misleading headline and summary which failed to talk about the reorg although the article alluded to it. Q3 Agreed?
Q4: Do you agree with the AC comment and would you mod it up or down if you had mod points?
What was talked about was whether Mattrick leaving was sudden or not. It seems to me and others that it was sudden. My contention is that I don't know if this bodes well for Xbox.
Of course it was sudden to us and likely was sudden to MS as well, I don't dispute that.
Headline: Steve Ballmer Replaces Don Mattrick As Xbox One Chief
Summary:
"While Don Mattrick leaves Microsoft to work at Zynga, Steve Ballmer announces that, from now on, he will be directly in charge of the Xbox One division as quoted: 'Don's directs will report to me and will continue to drive the day-to-day business as a team, particularly focused on shipping Xbox One this holiday.'"
That makes it sound as if Ballmer has just woken up one morning and decided he wants to head the Xbox team through the holiday release, while reality is much more nuanced. Q5 Agree?
I have given the source links from reliable sources for my so called speculation while you and the AC never gave one reference. When and where did you come to know about the re-org? From my posts or elsewhere?
My dispute with the summary and your posts was the implication and unfounded speculation that Ballmer will head the Xbox unit into the holiday season(read your own posts about the holiday season).
I dispute your contention that it's bad for Xbox because there are a number of scenarios where it might not be bad, for example, Mattrick wanted to be head of the entire hardware division, but Ballmer had other plans so he left. Also Mattrick might have been responsible for the E3 PR fiasco. Re-read the ZDNet Mary Jo Foley article again, it says people who don't get their desired role usually leave. Again, I don't know for sure about this like i do about the reorg , but I think it's way too early to for your contention.
Ah yes, pick on the one thing I didn't reply to because I was otherwise busy and tired of your totally ignorant nitpicking.
No employment contract in the US can force anyone to show up to the office and do work. Slavery is not legal anymore. Non-compete contracts can prevent working for other companies, but are enforceable in a few states only and only very narrowly and courts usually side with the employee. There can be monetary punishment in the contract(which Zynga can pay Mattrick to buy out).
He has not acquired a fortune; the fortune has acquired him. -- Bion
