Friday FOSS Week in Review
The biggest news this week has centered around fears that Linux may become uninstallable on Wintel machines from the big OEM’s. But there’s been more. Some fun stuff. Some silly stuff. Some stuff that might eventually develop into something important…
Secure Boot Has Penguinistas Buzzing
Last week on FWIR I mentioned there was a storm beginning to brew around Windows 8 and secure boot, which could potentially keep Linux from being installed on some computers once they’re implemented. Well, it’s not just brewing anymore, it’s a full fledged storm with hurricane force winds.
After Microsoft passed the buck and attempted to pooh-pooh the issue as simple Linux paranoia, Red Hat engineer Matthew Garrett fired back on his blog, which was then picked-up in an article posted Monday on The Register:
“Garrett said that Windows 8 certification requires that hardware ship with UEFI secure boot enabled. A feature allowing secure boot to be disabled – necessary to run Linux and FreeBSD on certified systems – is not required for certification. ‘We’ve already been informed by hardware vendors that some hardware will not have this option,’ Garrett writes in a flow-up blog post to his original critique of the technology.
“In addition, Windows 8 certification does not require that the system ship with any keys other than Microsoft’s. Such systems will only securely boot Microsoft operating systems.
“‘A system that ships with Microsoft’s signing keys and no others will be unable to perform secure boot of any operating system other than Microsoft’s,’ Garrett writes. ‘No other vendor has the same position of power over the hardware vendors. Red Hat is unable to ensure that every OEM carries their signing key. Nor is Canonical. Nor is Nvidia, or AMD or any other PC component manufacturer.'”
After this, all heck broke loose. The next day, Jeff Hoogland posted a blog downplaying the importance of the secure boot feature on Linux and defending Microsoft:
“Microsoft is simply adding a feature to their operating system. What do I mean by pointing this out? Simply that if a market lockout does happen at the hardware level it is the hardware makers you need to be outraged at. Just as easily as they can give their hardware key to Microsoft they can also give it to Linux distributions. In fact it will ultimately be up to the hardware maker whether they have secure boot enabled in their hardware at all.
“Meaning that if you are really worried about the future of this feature – start contacting hardware vendors and stop attacking Microsoft for adding a feature to their operating system. In reality only time will tell what will happen with the addition of this feature to Windows 8.
“I don’t see anyone getting outraged at Google because they allow device makers to lock down ARM hardware. In fact ARM hardware is one of the hardest things around to install an alternative operating system to. Where is the outrage over this if we really want to see true software freedom for all devices?”
Today, the story became even more interesting when a writer using the handle “memenode” noted on Tech-FAQ that even if the hardware folks made signing keys available, secure boot can’t be implemented from within a GPL application under the terms of the license:
“…Linux vendors could certify a key to be used with UEFI secure boot and include this key in Linux boot loaders so they can pass this security checkpoint. The important thing here is that this key needs to stay secret, and the only way to make sure it stays secret while distributing it as part of Linux boot loaders is for it to be in binary form (no source code).
“This is where we get to the core of the issue. Most commonly used Linux boot loaders, GRUB and GRUB2 are licensed under GPL, a license which denies embedding proprietary code in it, and requiring a secret key to function. GRUB2 is licensed under GPLv3 which makes this explicitly denied, whereas it is a gray area in GPLv2. As gray as it may be, however, exploiting it would run against the spirit of the license which is what fueled the strictness in GPLv3 to begin with.
“In other words, making Linux boot loaders work with secure boot would require breaking their licensing requirements, and arguably the spirit of Free Open Source Software as well.”
This becomes even more interesting due to the fact that soon Linux will be taking care of it’s own booting. What kind of workaround will Mr. Torvalds find for this that doesn’t evoke the ire of RMS? The good news is that LILO, that old workhorse of a bootloader from old, has been back in development for about a year now. As it’s licensed under the BSD, it can implement secure boot.
As a free software advocate, I have to say that the secure boot feature is just plain wrong. I’m all for security, and protecting the boot process is becoming increasingly important, but this is absolutely the wrong way to go about it. It’s one thing for an operating system such as Windows to require digital signatures for things to work within the system; it’s quite another when your computer won’t run without the cooperation of a hardware vendor that might have gone out of business years ago.
I do think the folks in Redmond are up to no good here. I’ll let you in on my suspicions on Monday or Tuesday. Stay tuned…
Two New Linux Mobil OSes in the Works
It seems like only yesterday that Intel was telling us they remain committed to MeeGo. Well, on Wednesday ars technica informed us that Intel’s saying that MeeGo’s out, to be replaced by a new Linux-based mobile OS, Tizen. They’re partnering with Samsung on this:
“Intel’s Imad Sousou discussed the transition from MeeGo to Tizen last night in a statement on the official MeeGo blog. He contends that the new plan for an HTML-based mobile environment necessitated a clean break. He doesn’t believe that MeeGo could have evolved to fulfill the technical requirements of the new vision.
“‘Why not just evolve MeeGo? We believe the future belongs to HTML5-based applications, outside of a relatively small percentage of apps, and we are firmly convinced that our investment needs to shift toward HTML5. Shifting to HTML5 doesn’t just mean slapping a web runtime on an existing Linux, even one aimed at mobile, as MeeGo has been,’ he wrote. ‘Over the next couple of months, we will be working very hard to make sure that users of MeeGo can easily transition to Tizen.’
“It’s still not totally clear whether Tizen marks a new beginning or is merely an exercise in rebranding MeeGo to diffuse the stink of rejection that was left by Nokia’s departure. Jim Zemlin, the executive director of the Linux Foundation, revealed in a blog entry that some existing MeeGo technologies will be adopted in Tizen.”
Meanwhile, we got news yesterday that Intel’s old MeeGo partner, Nokia, is also developing a new Linux-based mobile OS. According to eWeek, they’re working on Meltemi OS to be used in feature phones:
“One might have expected Nokia to eschew its interest in Linux entirely now that it’s a tight partner with Microsoft, but the Wall Street Journal reports the Finnish phone vendor is now working on another new Linux-based OS. ‘Meltemi’ is expected to run on its feature phones in place of the aging Symbian, says the story.
The Meltemi project is being led by Nokia Executive Vice President Mary McDowell, a source told the publication. Nokia declined to comment to the WSJ, which offered few additional details.
In April, Nokia CEO Stephen Elop was said to have mentioned a Meltemi project in a leaked memo picked up by the Register. At the time, Meltemi was considered to be related to Windows Phone, however. Now, it appears that Meltemi may instead be an offshoot of Nokia’s long-time Maemo Linux project, but aimed at feature phones instead of mini-tablets and high-end smartphones.
I’ve got to admit, I’m a little confused. I thought the evil empire was pouring a billion dollars into Nokia and that the Finnish company was putting all their eggs in the WP7 basket. I guess they’re doubling down, in case the Windows phone doesn’t work out.
A Full Year of LibreOffice
When The Document Foundation was formed to create LibreOffice a year ago, I fully expected for the project to quickly be folded back into OpenOffice. Of course, I was expecting Oracle to adopt an intelligent stance and for Larry Ellison to act like an adult. Silly me, I should’ve known.
Anyway, here it is a year later. Everyone I know uses LibreOffice, no one I know uses OpenOffice, and no one I know is willing to trust Oracle even a little bit anymore.
Happy birthday, LibreOffice! I know you’ll have many more.
Hans Reiser Seeks New Trial
Remember ReiserFS, the file system for Linux developed by Hans Reiser? I was always meaning to give it a try someday. Then, Hans Reiser got himself arrested, badly botched his trial and ended up getting a sentence of 15 to life for killing his wife in Oakland, California.
Yesterday Wired reported that Hans is seeking a new trial, claiming that he was forced to take the stand by his lawyers. I wish him good luck with that.
Samsung and Apple Battles Continue
At this point, I’m really glad the mobile tech firms don’t have armies. It’s nasty enough as it is with all the fighting taking place within the relatively civilized confines of courthouses. At least now Samsung in on the offense, rattling their patent sabers and seeking injunctions against iPhone.
Monday found the duo in a district court in The Hague, Netherlands. At issue are four Samsung patents Apple evidently violates. Samsung is asking for licensing money from Apple and is also seeking an injunction to keep iPhone 3GS, iPhone 4, iPad, iPad 2, and other products out of Europe until licensing terms are set. It’s expected the judge will issue a ruling on October 14, the day after another injunction banning the import of three Samsung Galaxy models is scheduled to begin.
In addition to this case, Samsung and Apple are currently engaged in legal battles in Asia and North America as well.
Given Enough Monkeys and Enough Typewriters….
I just couldn’t let this slide by unnoticed. You know the old adage, if you have enough monkeys and enough typewriters eventually you’ll get the complete works of Shakespeare? Well, the BBC is reporting this to be true and practically a done deal – if you allow for a little leeway in the way the adage is put to the test.
In this case, the monkey’s aren’t real but are virtual (a word that seems to have a different meaning now than it did when I was a kid). We’re also not asking these virtual monkeys to type Hamlet all the way through from beginning to end. The “monkeys” spit out nine character chunks, which are then checked against the Bard’s output for a match. If a match is found, it’s cut and pasted in it’s proper place. To dumb it down even further, spaces and punctuation aren’t used.
Although the methodology might seem more than a little like cheating, the Beeb points out it’s a necessary adjustment, as any nine character string in English contains about 5.5 trillion possible combinations:
“Mathematicians said the constraints Mr Anderson introduced to the project mean he will complete it in a reasonable amount of time.
“‘If he’s running an evolutionary approach, holding on to successful guesses, then he’ll get there,’ said Tim Harford, popular science writer and presenter of the BBC’s radio show about numbers More or Less.
“And without those constraints?
“‘Not a chance,’ said Dr Ian Stewart, emeritus professor of mathematics at the University of Warwick.
“His calculations suggest it would take far, far longer than the age of the Universe for monkeys to completely randomly produce a flawless copy of the 3,695,990 or so characters in the works.
“‘Along the way there would be untold numbers of attempts with one character wrong; even more with two wrong, and so on,’ he said. ‘Almost all other books, being shorter, would appear (countless times) before Shakespeare did.'”
I guess this means that a bunch of monkeys locked in a room with typewriters would type Running Linux long before they’d get Shakespeare finished. Actually, probably their typewriters would break down first. In this day and age, you’ll never find a typewriter repairman.
Well, that does it for this week. I’ll see you on Monday. Until then, may the FOSS be with you….
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux
As long as secure boot can be switched OFF there is no problem for any-one.
My hardware vendor says it will ALWAYS be switchable.
But can I believe that???
I think I know the character of M$ and some hardware-producers… I would not rely on it.
@rijnsma Red Hat has already been told by some vendors that secure boot will not be able to be turned off on some machines.
I’m waiting for the anti-trust lawsuits to start. The Europeans, in particular, will likely kick Micromafia where it hurts, even if the US government remains useless.
@AC You might want to go to our Facebook page and participate in our poll on this.
http://www.facebook.com/FOSSForce
I expect that Microsoft will twist the hardware makers arms with a discount for machines that will only run Windows 8. Much like the arrangement to pay for every machine sold, whether not it actually runs Windows. Before long, it will be almost impossible to find a laptop that will run other OSes.
Then Microsoft can say they are not to blame – it is the hardware makers decision.
It looks like an attempt from MS to make all oem computers, Windows exclusive machines. Just like the Apple ones, or the mobile phones who only work with certain proprietary o/s. We will see what the anti monopoly authorities think about that.
right now I enjoy dual boot. I typically boot to windows vista, which remains my os of choice. Occasionally I’ll boot into Linux Mint 11, which for me is a functional os with which my level of satisfaction is ever increasing. But in the future, If I had to choose just one, I would ditch windows and convert to linux completly
If this is the way that things are headed, I will move to an island and declare independence of the rest of the world.
Where the only things that are aloud the corporate monopolized way, where they have all the right and the individual has none.
Doesn’t it sound just like the dictatorships, that world leaders have been pushing all of us to eliminate, for the past 100 years.
Well I guess it is not a Dictatorship, if they are made legal by the paid off courts of the world.
This is realpolitik of the world leaders, they are bought and are paid for we do not matter.
Every they it shows more and more, soon we will have to hail windows, hail apple , hail FRIAA.
Didn’t all the wars in the past teach any one anything, the last war that is still being fought was not over terrorist.
Or was it OIL well it’s the same, well lets justify this for more security, in are Owen cowering meager life’s.
Yes this are the buttons that they push fear, panic, welfare of your families.
Some use the patriotic sense others the religious views or jobs, to make there manipulation come on-line.
There is no real liberty just the thought or I just say it, we are there surfs they owned us.
We are there property, and soon we will not even matter.
You, me, all of us, will be slaves to there every whim.
Every day they make us do as they like.
Tell me how many freedom’s do you still have, what speech? bull shit, this will get censored as soon as I post it.
It will get censored because it will be offensive to some c.e.o. in its remarks.
Isn’t it the way the way that most revolutions started by oppression.
This is my point view but that is what they are making it happen.
You can not make a patten with out any approachable means, that means they have those right you do not.
They can tell you what is pornography, and not art, but they can sell it to you every day, but that is advertisement.
It is art if its made in hollywood, but not in your hometown.
That if you sing a song, and it’s made for public it belongs to them, you will go to jail if you don’t pay them.
If make your Owen energy and it’s not made by them, it is e legal because you did not pay taxes on it.
So what I AM saying it is time to let everyone know to say there Peace to let you legislators know it is enough.
The law is for every one,!!! not just the c.e.o’s and big companies.
If the OS was secure from the beginning it would not need to be this drastic, or wouldn’t it.
Bad code is bad code.
Most holes in the code are renowned and good hackers know how to block them, but it is not in there best interest to do so.
Most holes are made on purpose.
It is simple look at DOA or any hole with java, flash, apache, they knew of them some up to 1.5 years.
Just think it not just MS domain in the BIOS it is any register key that can work at boot up time.
Who would like to know what is in your PC at any time.
Most people are tracked every day and do not even know of it, cells, cars, cameras,laptops,tablets,and all security cameras inside & out doors.
Even what they watch and listen to every day TV, radios, PC’s, it’s all monitored.
So!! how much privacy do you have? how much liberty do you have?
So really., how much are you really willingly going to give up for that new swiss cheese.
I agree with haldfary, this would seem to be an attempt on MS’s part to “lock down” the os. Very similar to what has been occurring in the mobile world since day one.
The difference is that in the PC world (as opposed to the fragmented mobile world), MS has (still) enough of a market share that this could have serious antitrust implications.
I actually hope that an antitrust action would come out of this, and the outcome be that a clear line is drawn between hardware and the os that it runs on.
It’s MY hardware, I paid for it, and I should have the right to put whatever software I want on it.
We as consumers need to start declining the Microsoft’s EULA when we purchase new PCs, and start demanding bare-bone PCs from vendors and manufactures. Next time we go to buy a PC, tell the BestBuy, WalMart, Staples, etc that we want the computer but we do not agree to the MS EULA and ask them to remove the OS. It is possible to even get a refund for OS & all the applications that come pre-installed. It is a difficult process but it is possible. Ask for the manager, after a while the stores (online & offline) will realize that the demand for barebone systems is high. Send out e-mails & snail mail letters to the board of directors of vendors & manufactures that you do not want MS’s secure boot on their hardware.
So, what’s the point of secure boot anyway? I assume once the OS boots, it’s as secure as it wants to (or is able to) be. So, is the only purpose to prevent flash drives and CD’s from ‘booting’ to malware that installs viruses and trojans? If so, wouldn’t it suffice to have the BIOS (or whatever the new thing is) warn you before proceeding to boot from anything but the primary device?
I guess that doesn’t stop unauthorized users with physical access to the machine from booting from those devices, but wouldn’t a simple password work there?
@littlenoodles These days malicious code often overwrites the bootsector with bootworms and the like. This has become very problematic, and UEFI as well as it’s secure boot function are designed to tackle that infected during boot problem.
However, secure boot won’t work, and if it does, it won’t work for long. It’s the type of scheme that crackers are excellent at getting around, and quickly.
I dont get Nokia but I havent been able to follow waht theyre doing for the past year so this isnt a surprise I guess.
They had Meego, then they gave up and now are gonna start another similar project.
I presume theyre gonna keep this close to the vest and dont need an open source ecosystem because I cant see a rush their way.
Will this make a difference?
Dont know but Id be surprised if this actually even comes out.
MeeGo had a lot more buzz and positive vibes towards Nokia.
THings have changed and they gotta reinvnte the circle….again.
nothing that cant be fixed with IDA-Pro and a flash programmer.
just like the mini-pci wifi-whitelists in laptops.
however, if it comes to that then it will be war and lots of bad things will be happening.
wait for the virus that spreads via IE/FLASH/HTML5-extensions and “edits” the bootkey on win8 so it never reboots!!!!
it’s possible – trust me!
“Yesterday Wired reported that Hans is seeking a new trial, claiming that he was forced to take the stand by his lawyers. I wish him good luck with that.”
I hope that son of a whore burns in hell. We miss you, Nina.
The premise that Microsoft made with Secure Boot is protecting the Operating System from root-kits and the like. However, that doesn’t fix the problem. Once an O/S is running, a root-kit can be installed. It installs itself within the operating systems file structure. The root-kit is then loaded AFTER the o/s has started to boot. Hence, the UEFI aka Secure Boot will NOT stop a root-kit from installing nor will it stop it from running.
Secure boot isn’t the way to “protect” an operating system from viruses and the like. Microsoft has a huge market share. Most vendors won’t say no to Microsoft, and secure boot, because at the end of the day it’s Microsoft Windows on the computer that sells the computer.
Don’t defend Microsoft. They not only knew of UEFI, but they implemented it within their operating system.
@Jurgen My remark was meant to be flippant and certainly not to offend.
@haldfary Apple machines are not Apple OS only, my Macbook Pro triple boots OS X, Ubuntu and Windows no problem.
GNU/Linux users are a fickle lot – they want Linux on their machines, but what do they buy? They buy a system PRELOADED with M$ Windows. M$ owns the workplace desktop, so it naturally becomes the defacto standard even for most Linux users on their personal systems that they buy. Then they have to decide – “should I dual boot, use a virtual solution, or go commando and reformat the whole box Linux?” Now M$ is throwing them a new wrinkle – “keyed boot.” So how do we Linux fools react? We whine! Do something about it! Quit buying! Don’t buy a Win. 8 box – recycle older Win. 7/Vista/XP boxes within a Linux user base consortium. Linux users need to decide whether their Linux boxes are toys or they are their premier system of choice under most major circumstances. Sure, there are times when M$ Win is necessary – For instance
JMP 9 only runs under Windows or OS/X, but unless you really need a Win. 8 box, won’t the older Win. 7 box work as well? And you keep your money for more useful items such as a beer.
@Richard Thornton You make a good point, Richard, for dyed in the wool Linux users. However, there’s another class of Linux user – which has always been big but is becoming bigger. That would be mom, grandpa, your neighbor, anyone who turns to you for help with their Windows machine. These are the people who, after one too many virus infections, or when MS quits supporting the version of Windows they’re running on their old box and who can’t afford a new computer… We are the people who we convince that now is the time to get over your fears and install an OS that isn’t prone to viruses and which will run just fine on the rusty old box you refuse to replace.
Myself, I always buy a white box from the local mom and pop shop when I want a new computer. However, I’ve often been in the situation where I needed a computer, or needed to get a computer for a friend, and the only thing the budget could afford was a used box. Unvaryingly, the used box will be running some flavor of Windows, which I’ll wipe and install a Linux distro. The used Windows box option will go the way of the passenger pigeon, as will putting Linux on granpa’s box, if this plays out the way some people fear.
I won’t put Windows of any release on my equipment. Not only have I seen it clobber other OSes, but it overwrote ASCII data on a thumb drive it wasn’t supposed to access. It’s just greedy for space!
Re: Given Enough Monkeys and Enough Typewriters….
“The “monkeys” spit out nine character chunks, which are then checked against the Bard’s output for a match. If a match is found, it’s cut and pasted in it’s proper place. To dumb it down even further, spaces and punctuation aren’t used.”
So, what’s the big deal?
Even I could do that! 🙂
I have worked in the security services for well over 15 years.
And there is no one tool, much less 15 or 21 Applications that will stop any cracker.
There is no 100% secured system in the market much less and OS.
Well with the exception of a PC that is not turn on or just totally without any I/O.
Those are it’s points of entry, limit that and you have a secured system.
So what is left for the rest ?,
Linux is not a more secured system, but it is less likely to get cracked into.
Even most newbies will not install any software at a whim like most MS users.
Two reasons.
One most do not run ass and administrator.
Two they are more likely to ask for help before installing any software in there Linux Box.
And it’s not do to lack of software, it’s that they don’t want any software to damage there system.
And that it would take to much time to do it over, well that is a myth.
But it has help in keeping most Linux user from trying all the garbage that is out there.
And another thing is most Linux distributions have there own repositories.
This will more then likely keep most cracked software out.
Like most Linux software user there is one use for windows it is games.
Every thing that I need is in Linux from editing music & videos to remote administrator of other OS from home.
So why would I use ms.
Like I said games that is all.
Every year ms has promised a secured system it has never delivered.
And most of all it dose not take a genius to work or even have a secured system under Linux.
Just a little time.
Microsoft would try to break any other OS, but it won’t win in the long run. These days people want to buy computers and laptops without an OS. When you walk in to any computer store, you’d see lot of computers without an OS or with Linux, especially in Europe and Asia.
If Microsoft goes with their ideas of dominating the world, crackers will break it. Microsoft will not win!