| View previous topic :: View next topic |
| Author |
Message |
Bones McCracker
Veteran
Joined: 14 Mar 2006
Posts: 1593
Location: U.S.A.
|
 Posted: Thu Feb 28, 2013 5:00 am Post subject: Linus: Guys, this is not a dick sucking contest. |
 |
|
Linus got the red ass at the secure boot devs... 
| Quote: | Guys, this is not a dick-sucking contest.
If you want to parse PE binaries, go right ahead. If Red Hat wants to deep-throat Microsoft, that's *your* issue. That has nothing what-so-ever to do with the kernel I maintain. It's trivial for you guys to have a signing machine that parses the PE binary, verifies the signatures, and signs the resulting keys with your own key. You already wrote the code, for chrissake, it's in that f*cking pull request.
Why should *I* care? Why should the kernel care about some idiotic "we only sign PE binaries" stupidity? We support X.509, which is the standard for signing.
Do this in user land on a trusted machine. There is zero excuse for doing it in the kernel.
Linus |
http://arstechnica.com/information-technology/2013/02/linus-torvalds-i-will-not-change-linux-to-deep-throat-microsoft/ |
|
| Back to top |
|
 |
notageek
Tux's lil' helper
Joined: 05 Jun 2008
Posts: 131
Location: MA, USA
|
| Posted: Thu Feb 28, 2013 5:06 am Post subject: |
|
|
Fuck Windows 8 compatible machines.
_________________
Do not pray for an easy life, pray for the strength to endure a difficult one. -- Bruce Lee |
|
| Back to top |
|
|
sikpuppy
n00b
Joined: 12 Jun 2012
Posts: 34
Location: Central Coast, NSW
|
| Posted: Thu Feb 28, 2013 6:09 am Post subject: |
|
|
| notageek wrote: | | Fuck Windows 8 compatible machines. |
No, because I get metal burrs on my penis. |
|
| Back to top |
|
|
notageek
Tux's lil' helper
Joined: 05 Jun 2008
Posts: 131
Location: MA, USA
|
| Posted: Thu Feb 28, 2013 6:26 am Post subject: |
|
|
Literally?
_________________
Do not pray for an easy life, pray for the strength to endure a difficult one. -- Bruce Lee |
|
| Back to top |
|
|
sikpuppy
n00b
Joined: 12 Jun 2012
Posts: 34
Location: Central Coast, NSW
|
| Posted: Thu Feb 28, 2013 6:38 am Post subject: |
|
|
| notageek wrote: | | Literally? |
I do love my machines. |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 16359
Location: Rivendell
|
| Posted: Thu Feb 28, 2013 11:49 pm Post subject: |
|
|
| BoneKracker wrote: | | Linus got the red ass at the secure boot devs... :lol: |
A little shed work could fix that.
_________________
45 |
|
| Back to top |
|
|
dmitchell
Veteran
Joined: 17 May 2003
Posts: 1159
Location: Austin, Texas
|
| Posted: Fri Mar 01, 2013 2:21 am Post subject: |
|
|
A lot of disappointed kernel devs, I bet.
_________________
Your argument is invalid. |
|
| Back to top |
|
|
Bones McCracker
Veteran
Joined: 14 Mar 2006
Posts: 1593
Location: U.S.A.
|
| Posted: Fri Mar 01, 2013 2:25 am Post subject: |
|
|
|
|
| Back to top |
|
|
salahx
Guru
Joined: 12 Mar 2005
Posts: 428
|
| Posted: Fri Mar 01, 2013 7:04 am Post subject: |
|
|
UEFI is a lot of things: Some good, some bad, and some ugly. One of the "ugly" things being its adopted FAR too many of Microsoft conventions (RTC in local time, PE/COFF, even the API looks far too much like the Win32 API - CamelCase, typedefs galore, opaque objects like handles and GUID's, functions that take dozens of arguments at least half of which aren't used)
Because of limitation of UEFI Secure boot (we can't define additional authentication mechanisms, thus for "shim" to work it has to do all the work UEFI does - parse the PE/COFF structures, validate signatures, do relocations as PE/COFF is not position-independent, map it into memory then jump to start point, etc), and Microsoft asinine signing policies (will only sign PE/COFF binaries wrapped in MS Cabinet format) - it seems that the naysayers were right - Secure boot is just another MS lockin tool.
This patch, and other patches floating around (to prevent a signed Linux kernel from being hijacked and used to chain-load Windows malware) - that disable hibernation, kexec and lots of other things (if you want Secure boot to be effective you have to make sure no "untrusted" code runs in supervisor mode) - drive the point home that Secure Boot is a best a feel-good measure, and at worst an MS lockin tool. |
|
| Back to top |
|
|
Prenj
n00b
Joined: 20 Nov 2011
Posts: 16
|
| Posted: Fri Mar 01, 2013 7:13 am Post subject: |
|
|
| Torvalds sounds angry that it wasn't a dick-sucking contest. |
|
| Back to top |
|
|
Bones McCracker
Veteran
Joined: 14 Mar 2006
Posts: 1593
Location: U.S.A.
|
| Posted: Fri Mar 01, 2013 8:15 am Post subject: |
|
|
| salahx wrote: | UEFI is a lot of things: Some good, some bad, and some ugly. One of the "ugly" things being its adopted FAR too many of Microsoft conventions (RTC in local time, PE/COFF, even the API looks far too much like the Win32 API - CamelCase, typedefs galore, opaque objects like handles and GUID's, functions that take dozens of arguments at least half of which aren't used)
Because of limitation of UEFI Secure boot (we can't define additional authentication mechanisms, thus for "shim" to work it has to do all the work UEFI does - parse the PE/COFF structures, validate signatures, do relocations as PE/COFF is not position-independent, map it into memory then jump to start point, etc), and Microsoft asinine signing policies (will only sign PE/COFF binaries wrapped in MS Cabinet format) - it seems that the naysayers were right - Secure boot is just another MS lockin tool.
This patch, and other patches floating around (to prevent a signed Linux kernel from being hijacked and used to chain-load Windows malware) - that disable hibernation, kexec and lots of other things (if you want Secure boot to be effective you have to make sure no "untrusted" code runs in supervisor mode) - drive the point home that Secure Boot is a best a feel-good measure, and at worst an MS lockin tool. |
Linux users should make this hurt where it counts: in the wallet. The Linux community may not have economic clout, but sometimes in the past when Microsoft has done such things (borderline anti-competitive practices), it has actually hurt their reputation with users and caused people to choose other products (Internet Explorer being a case in point, after they shat on Netscape and others). Another example is the office document formats.
At the moment, Microsoft is engaged in a big-time marketing campaign to make themselves "Cool", so they can compete against Apple in the tablet and hand-held space and against Google in the cloud space. A well-coordinated and viral communication effort conveying the message that what they're doing here is "Not Cool" at all, leveraging the "Anonymous" crowd and social media, could force them to the table to agree to a more open standard, perhaps with an independent signing authority. Also, maybe Red Hat should understand they're bending over too easy, and that's Not Cool either. Various governments who wanted to avoid vendor lock-in, in order to fulfill their public obligation to competitive procurement, were the main reason MS caved in on the document formats, so they should be made to understand that this is the same situation. Formal organizations such as The Linux Foundation, EFF, major distributions, can't really engage in such a thing, so I don't know who could make it happen. |
|
| Back to top |
|
|
Crooksey
Apprentice
Joined: 26 Apr 2006
Posts: 239
Location: Vatican City
|
| Posted: Fri Mar 01, 2013 12:45 pm Post subject: |
|
|
| Prenj wrote: | | Torvalds sounds angry that it wasn't a dick-sucking contest. |
Thank you for making my day  |
|
| Back to top |
|
|
jonnevers
Veteran
Joined: 02 Jan 2003
Posts: 1594
Location: Gentoo64 land
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Off the Wall
