View previous topic :: View next topic |
Author |
Message |
Bones McCracker Veteran


Joined: 14 Mar 2006 Posts: 1605 Location: U.S.A.
|
Posted: Thu Feb 28, 2013 5:00 am Post subject: Linus: Guys, this is not a dick sucking contest. |
|
|
Linus got the red ass at the secure boot devs...
Quote: | Guys, this is not a dick-sucking contest.
If you want to parse PE binaries, go right ahead. If Red Hat wants to deep-throat Microsoft, that's *your* issue. That has nothing what-so-ever to do with the kernel I maintain. It's trivial for you guys to have a signing machine that parses the PE binary, verifies the signatures, and signs the resulting keys with your own key. You already wrote the code, for chrissake, it's in that f*cking pull request.
Why should *I* care? Why should the kernel care about some idiotic "we only sign PE binaries" stupidity? We support X.509, which is the standard for signing.
Do this in user land on a trusted machine. There is zero excuse for doing it in the kernel.
Linus |
http://arstechnica.com/information-technology/2013/02/linus-torvalds-i-will-not-change-linux-to-deep-throat-microsoft/ _________________
patrix_neo wrote: | The human thought: I cannot win.
The ratbrain in me : I can only go forward and that's it. |
|
|
Back to top |
|
 |
notageek Tux's lil' helper


Joined: 05 Jun 2008 Posts: 131 Location: MA, USA
|
Posted: Thu Feb 28, 2013 5:06 am Post subject: |
|
|
Fuck Windows 8 compatible machines. _________________ "Defeat is a state of mind. No one is ever defeated, until defeat has been accepted as a reality." -- Bruce Lee |
|
Back to top |
|
 |
sikpuppy n00b


Joined: 12 Jun 2012 Posts: 34 Location: Central Coast, NSW
|
Posted: Thu Feb 28, 2013 6:09 am Post subject: |
|
|
notageek wrote: | Fuck Windows 8 compatible machines. |
No, because I get metal burrs on my penis. |
|
Back to top |
|
 |
notageek Tux's lil' helper


Joined: 05 Jun 2008 Posts: 131 Location: MA, USA
|
Posted: Thu Feb 28, 2013 6:26 am Post subject: |
|
|
Literally? _________________ "Defeat is a state of mind. No one is ever defeated, until defeat has been accepted as a reality." -- Bruce Lee |
|
Back to top |
|
 |
sikpuppy n00b


Joined: 12 Jun 2012 Posts: 34 Location: Central Coast, NSW
|
Posted: Thu Feb 28, 2013 6:38 am Post subject: |
|
|
notageek wrote: | Literally? |
I do love my machines. |
|
Back to top |
|
 |
pjp Administrator


Joined: 16 Apr 2002 Posts: 17128
|
Posted: Thu Feb 28, 2013 11:49 pm Post subject: |
|
|
BoneKracker wrote: | Linus got the red ass at the secure boot devs... :lol: | A little shed work could fix that. _________________ I can saw a woman in two, but you won't want to look in the box when I'm through.
For my next trick, I'll need a volunteer. |
|
Back to top |
|
 |
dmitchell Veteran


Joined: 17 May 2003 Posts: 1159 Location: Austin, Texas
|
Posted: Fri Mar 01, 2013 2:21 am Post subject: |
|
|
A lot of disappointed kernel devs, I bet. _________________ Your argument is invalid. |
|
Back to top |
|
 |
Bones McCracker Veteran


Joined: 14 Mar 2006 Posts: 1605 Location: U.S.A.
|
Posted: Fri Mar 01, 2013 2:25 am Post subject: |
|
|
 _________________
patrix_neo wrote: | The human thought: I cannot win.
The ratbrain in me : I can only go forward and that's it. |
|
|
Back to top |
|
 |
salahx Guru

Joined: 12 Mar 2005 Posts: 432
|
Posted: Fri Mar 01, 2013 7:04 am Post subject: |
|
|
UEFI is a lot of things: Some good, some bad, and some ugly. One of the "ugly" things being its adopted FAR too many of Microsoft conventions (RTC in local time, PE/COFF, even the API looks far too much like the Win32 API - CamelCase, typedefs galore, opaque objects like handles and GUID's, functions that take dozens of arguments at least half of which aren't used)
Because of limitation of UEFI Secure boot (we can't define additional authentication mechanisms, thus for "shim" to work it has to do all the work UEFI does - parse the PE/COFF structures, validate signatures, do relocations as PE/COFF is not position-independent, map it into memory then jump to start point, etc), and Microsoft asinine signing policies (will only sign PE/COFF binaries wrapped in MS Cabinet format) - it seems that the naysayers were right - Secure boot is just another MS lockin tool.
This patch, and other patches floating around (to prevent a signed Linux kernel from being hijacked and used to chain-load Windows malware) - that disable hibernation, kexec and lots of other things (if you want Secure boot to be effective you have to make sure no "untrusted" code runs in supervisor mode) - drive the point home that Secure Boot is a best a feel-good measure, and at worst an MS lockin tool. |
|
Back to top |
|
 |
Prenj n00b


Joined: 20 Nov 2011 Posts: 16
|
Posted: Fri Mar 01, 2013 7:13 am Post subject: |
|
|
Torvalds sounds angry that it wasn't a dick-sucking contest. |
|
Back to top |
|
 |
Bones McCracker Veteran


Joined: 14 Mar 2006 Posts: 1605 Location: U.S.A.
|
Posted: Fri Mar 01, 2013 8:15 am Post subject: |
|
|
salahx wrote: | UEFI is a lot of things: Some good, some bad, and some ugly. One of the "ugly" things being its adopted FAR too many of Microsoft conventions (RTC in local time, PE/COFF, even the API looks far too much like the Win32 API - CamelCase, typedefs galore, opaque objects like handles and GUID's, functions that take dozens of arguments at least half of which aren't used)
Because of limitation of UEFI Secure boot (we can't define additional authentication mechanisms, thus for "shim" to work it has to do all the work UEFI does - parse the PE/COFF structures, validate signatures, do relocations as PE/COFF is not position-independent, map it into memory then jump to start point, etc), and Microsoft asinine signing policies (will only sign PE/COFF binaries wrapped in MS Cabinet format) - it seems that the naysayers were right - Secure boot is just another MS lockin tool.
This patch, and other patches floating around (to prevent a signed Linux kernel from being hijacked and used to chain-load Windows malware) - that disable hibernation, kexec and lots of other things (if you want Secure boot to be effective you have to make sure no "untrusted" code runs in supervisor mode) - drive the point home that Secure Boot is a best a feel-good measure, and at worst an MS lockin tool. |
Linux users should make this hurt where it counts: in the wallet. The Linux community may not have economic clout, but sometimes in the past when Microsoft has done such things (borderline anti-competitive practices), it has actually hurt their reputation with users and caused people to choose other products (Internet Explorer being a case in point, after they shat on Netscape and others). Another example is the office document formats.
At the moment, Microsoft is engaged in a big-time marketing campaign to make themselves "Cool", so they can compete against Apple in the tablet and hand-held space and against Google in the cloud space. A well-coordinated and viral communication effort conveying the message that what they're doing here is "Not Cool" at all, leveraging the "Anonymous" crowd and social media, could force them to the table to agree to a more open standard, perhaps with an independent signing authority. Also, maybe Red Hat should understand they're bending over too easy, and that's Not Cool either. Various governments who wanted to avoid vendor lock-in, in order to fulfill their public obligation to competitive procurement, were the main reason MS caved in on the document formats, so they should be made to understand that this is the same situation. Formal organizations such as The Linux Foundation, EFF, major distributions, can't really engage in such a thing, so I don't know who could make it happen. _________________
patrix_neo wrote: | The human thought: I cannot win.
The ratbrain in me : I can only go forward and that's it. |
|
|
Back to top |
|
 |
Crooksey Apprentice


Joined: 26 Apr 2006 Posts: 239 Location: Vatican City
|
Posted: Fri Mar 01, 2013 12:45 pm Post subject: |
|
|
Prenj wrote: | Torvalds sounds angry that it wasn't a dick-sucking contest. |
Thank you for making my day  |
|
Back to top |
|
 |
jonnevers Veteran


Joined: 02 Jan 2003 Posts: 1594 Location: Gentoo64 land
|
|
Back to top |
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|