

Linux Has Not Won, Microsoft is as Dangerous as Ever, Fie on Secure Boot - CrankyBear
http://lxer.com/module/newswire/view/177429/

======
yason
If you want to "win" then you must think about your achievements. Focusing on
where you're being screwed keeps you being screwed.

In the last 20 years, Linux has taken over many domains. First servers. The
big win that made Linux impossible to ignore. Ten years later a major shift to
the userland was mobile: there are half a billion Android devices sold. Not to
mention embedded systems. Meanwhile, Linux has also become _the way to build
supercomputers_ : the world's fastest supercomputers these days mean
assembling huge Tesla GPU racks to run Linux.

While I do realize that secure boot can make Linux's life harder, I also
realize that Linux per se isn't going anywhere or isn't attacked by Microsoft
but general purpose computers are suffering from exhausted momentum. There are
more and more devices that come with a preinstalled system, such as Android
and iOS and the traditional desktop/laptop paradigm of buying hardware and
installing whatever you want to run on it will continue to move into the
marginal.

I predict that eventually it's the programmers who will be the only ones who
exercise tasks of so varying nature that they need a more complex interface,
something like what I'm using now. Most of the rest of people can manage with
mostly touching a screen to use applications that offer a set of predefined
capabilities, occasionally hooking up a keyboard.

The era of immutable operating systems with applications installable from a
prefiltered app store is probably what actually works for most people. It's us
programmers who long for the days when hardware was to be bought and software
was to be written because we know that the lowest layer must always be there.
For us, it was the very definition of a computer: programming hardware was all
there ever was to computers. But most people don't need that.

Most people are perfectly _happy with an appliance_. They don't want to
install updates or _manage their system_ , they just click the power button
and immediately continue from where they left the last time. They want an
application and they tap it and it gets installed without clicking through a
dozen pages of a helper wizard or aptitude install commands. And appliances
such as tablets and phones and touchscreen laptops deliver a much better
experience for non-programmers.

What we as programmers see as a bad thing is that programming will be removed
farther from the end users. We all know how we started with playing games and
ended up writing our own games because our computers allowed, and to an
extent, suggested that. We would want to preserve that heritage to the future
whizkids and future programmers. But that's still got a perspective bias: most
people so far still haven't "found it" even if their computer would have
allowed it. It's just us for which "finding it" was the revelation, and we
know we would've "found it" anyway, somehow.

Maybe they'll be selling a limited stock of programmer's computers in ten
years that are fully programmable. There's definitely a market for those
because you can't write the nice appliances without a real programmers'
computer. Maybe my grandkids will receive one of my old programmer's
workstations from my work place, and use that deprecated hardware to teach
themselves programming and find it a thousand times more interesting than
playing games on their phones, much like my predecessors managed to hook
themselves up with cheap nighttime computing time in a mainframe at their
father's workplace and abused those cycles to write games to entertain
themselves.

~~~
Executor
What a trash comment. No, the closed garden application computer is not the
right way to go for non-programmers. It gives tremendous monopolistic power to
corporations - fuck that.

We need to get rid of all the kinks out of linux, make plug and play work
seamlessly, and improve usability. Part of that means getting rid of the
dependency to use the terminal (who uses that piece of shit anyway?) and the
need to config text files to fix driver issues. Linux still has the ability to
reach #1 in non-programmer desktop usage.

~~~
GHFigs
_What a trash comment._

Actually, it's not. You just disagree with it. Sometimes when you disagree
with someone's conclusions, it's hard to see the merit of their reasoning.

 _We need to..._

There are two complications to this. One is that the "we" of Linux development
has never and will never have the kind of coherence that it takes to appeal to
an extremely large audience. (Even calling it "Linux" isn't always agreed-
upon). There are a great many people working on Linux or making things from
Linux, but they are not all going in the same direction. This is both a
strength and a weakness.

The second is not so much a different reason as it is an example of a major
weakness of this style of development: It's a demonstrably inefficient way of
addressing the needs of certain kinds of users. The list of things you say
need to be fixed with the Linux desktop, which is quite typical and also quite
incomplete, has also _remained constant_ for more than a decade as year after
year "of the Linux Desktop" passed by. Although the situation has improved,
"We" have not moved on to a better class of problems because most people
working on them _want_ to use the terminal, or at least _don't mind_ editing
text files for configuration, and correspondingly are not very good at
addressing the needs of people very much unlike them.

------
blhack
Is anybody seriously running linux on their desktop anymore outside of
hobbyism?

Okay, I joke, I know several people who run linux on their desktop.

It seems like something that you grow out of, though. I use a mac, and most of
the people I know who /really/ know [1]linux do too. In fact, the person I
know who "knows linux" the most inside and out runs an ancient PPC macbook. I
think he said he installed Ubuntu on his machine at work, though.

The reason for this is that we all run linux* on our servers. My primary
machine is a VPS from linode which runs gentoo linux, and has for a very long
time. The aforementioned PPC macbook guy doesn't really have a primary machine
anymore. He is getting into power electronics, and is more likely to be
sitting at an oscilloscope than a laptop.

Lately, my hobby box has been a raspberry pi which I'm looking to make it into
a telepresence robot for our lab. Interestingly, live streaming video from a
linux machine doesn't _quite_ seem like a "solved" problem yet. It's lots of
twiddling ffmpeg to make things work; things still aren't "plug and play".

This is cool, by the way, it feels like the first time I stayed up all night
installing gentoo.

\--

I guess that for my peer group, linux was something that felt really
revolutionary and new and important 10 years ago. We were battling against the
big bad microsoft, THIS was going to be the year of the linux desktop! (No,
MOM! You have to install Suse! It's totally easy let me show you!).

Then...we won.

Linux is just a tool for me. Like a hammer. When I want to use it, I pick it
up and use it. It doesn't feel revolutionary and important anymore because it
just feels /obvious/.

[1]: It's a bit silly to say "linux". I'm generally not specifically using any
of the features of the linux kernel. Most of what I'm doing could easily be
replicated on a *BSD system. Although this whole "gnu plus linux" debate thing
is a bit silly. When I say "linux" people know what I mean. Sorry, Stallman :(

~~~
bwanab
Uh, yeah. My whole family runs linux on the desktop almost exclusively. I'm
the only one who ever boots into Windows and it's only because that's the only
way I can get into my company's system when working from home.

~~~
dfrey
If you aren't already, you should definitely try running Windows inside
Virtualbox. The only reason I boot into Windows these days is for games.

------
Irregardless
Everything about Windows 8 seems designed to benefit Microsoft by herding
consumers into their new walled garden. Steve Jobs would be so proud of MS if
he were around to see this (aside from the fact that the UI is a disaster).
That's the main reason I'm now shopping for a computer with Linux pre-
installed, and I really hope more people are doing the same.

I have almost zero familiarity with Linux and dread the prospect of having to
learn a new OS on my everyday computer, but Windows 8 is just THAT repulsive.

~~~
qdog
Depending on what you need you could buy a Chromebook for $200-250. I was
considering getting one, and then installing linux on an SD card (assuming
this works on the Samsung Chromebook, have only vaguely looked into it).

If you are into games and are looking to run Steam, I suppose you want more
horsepower. I usually buy stuff off of Newegg and build my own if it's not a
laptop.

~~~
Irregardless
True, I hadn't considered a Chromebook. It could probably do everything I need
with EC2 or Linode, but I'm afraid that might up the learning curve a little
too much since I'd be completely new to all of those environments.

------
jiggy2011
"Every purchase of a Windows license is an attack on Linux. Linux has not won,
and Microsoft is as dangerous as ever."

This just seems silly. How is this an "attack", does the Linux foundation
somehow lose funding proportional to the number of Windows licenses sold?

~~~
azakai
The attack is not windows licenses being sold, it's the new 'secure boot'
thing.

~~~
jiggy2011
The article literally said what I quoted above.

------
lttlrck
What an awful rant.

Who said Linux has won the _desktop_?

So now it's got a bit harder to remove the Windows 8 license you just
voluntarily paid for. Oh dear.

If you are going to whine about Secure Boot please write an article based on
its technical merits.

~~~
jlgreco
For me it had won. Linux had reached the point where I could go up to any
computer I wished, fire up Linux, and have it not even occur to me that
something wouldn't work. Not _"have it work most of the time"_ , but have it
work _"enough of the time that I no longer pondered the possibility that it
wouldn't."_ My last two laptop purchases in the last 3 years were done with no
research into Linux compatibility; neither time did I regret the purchase.

Now I have a concern again, and that doesn't feel nice.

~~~
Shorel
> For me it had won.

You are not the desktop market, just a single user.

------
Finster
>Every purchase of a Windows license is an attack on Linux.

Oh, Linux community, shine on, you crazy diamond!

------
vital
I stopped reading Carla Schroder's articles a few years ago. Her ideas about
Linux border on religious fanaticism.

------
Nux
"I think UEFI Secure Boot is a shuck and a bald-faced Microsoft anti-
competitive tool." <\- DAMN RIGHT!

~~~
sbuk
This I agree with 100%. If only thr rhetoric were dialled down more elsewhere.
I'd take Linux users more seriously then.

------
tomrod
I'm surprised Microsoft's actions regarding boot loading are legal. They're
clearly economically inefficient by forcing an association of platform and
preventing multihoming.

~~~
kvb
Does MSFT's approach make it harder to write rootkits? Doesn't that have value
to their users? Is there a plausible alternative that protects their users to
the same degree? If not, then even if it makes it harder for users to install
Linux as a side effect (or primary effect, if you're feeling cynical), I don't
understand why this behavior would be illegal.

~~~
jerf
Yes, yes, and yes respectively. Secure booting isn't necessarily a bad thing,
but users must be in full control over their keys. Only the user can decide
who the user trusts. If the default shipping state is that only the keys used
by the currently-installed OS are valid, well, that's just the only sane
default. But that's not how this is being done.

~~~
kvb
Is that really an issue with Microsoft/UEFI/secure boot, or is the problem
that OEMs aren't building firmware that does what you want?

~~~
takluyver
Well, for ARM devices, Microsoft doesn't allow OEMs to provide a way to change
the keys.

For what it's worth, I think Microsoft _are_ doing this for the security
reasons they give. But I think they were well aware of the hurdle it would
present to Linux distributions when they chose to do it.

------
tomjen3
Linux hasn't won the desktop -- but it will one day when everybody just use an
Android tablet.

And nobody will have noticed.

~~~
acuozzo
> but it will one day when everybody just use an Android tablet.

I doubt an Android tablet will __ever__ be able to process my post-production
renders in a reasonable amount of time.

This is the #1 thing I do with my desktop computer at home.

~~~
wcchandler
What if instead of your desktop, you had a low-end server that was fairly
cheap (~$1000) that _could_ process it, quicker, cheaper, and more efficiently
than your desktop? And better yet, the server is stored in a closet, never to
see the light of day because it "just works" on your network? You're in
complete control over it, giving it varying heavy tasks from whatever
lightweight appliance you're using. Be it rendering video, playing a game,
streaming media, storing data, etc...

~~~
xradionut
You mean the Windows 2008 R2 server that I have at home? Or the Ubuntu server
that I have at home? Can't be the DG/UX server, that's sitting in the garage
awaiting the metal scrappers.

------
dschiptsov
It couldn't be dangerous because it doesn't produce any quality software,
instead, it is just annoying, trying to make things more complicated for
people, because it cannot produce any good software, but still can collect
fees.)

------
noonespecial
There are "user interface appliances" and then there are the general purpose
computers that actually do the hard work of the internet. That Microsoft moved
some "beige box" computers from one category to the other by adding secure
boot is not really news.

------
stephengillie
What about the Shim to get around secure boot?

<https://news.ycombinator.com/item?id=4868856>

------
cardine
I get the feeling the author doesn't like Microsoft.

------
cooldeal
>The biggest flaw in Secure Boot is the spec requires a single Platform Key.
You can add more keys, but they must be signed by the Platform Key

I think this that is just wrong, can someone please verify? I thought the user
could add their own master keys to boot their own OSes apart from being able
to disable secure boot as mandated by Microsoft for Windows certification (as
much as it can force OEMs without the anti-trust rulings stopping it from
mandating requirements to OEMs).

There is so much FUD and misinformation spread by folks who you would think be
otherwise smart and knowledgeable that it's hard to find to what to believe
and what not to.

~~~
Locke1689
You are correct. On x86 you can put UEFI in "Custom Mode," which allows you to
add keys which were not signed by the platform key.

