
German government warns Windows 8 is a security risk - reirob
http://www.zeit.de/digital/datenschutz/2013-08/trusted-computing-microsoft-windows-8-nsa
======
grobmeier
2013, it's the post-snowden era. We don't have a cold war any more, but the
level of spying is unbelievable. I am currently moving out my emails from
GMail and installed PGP. At the moment I am using OSX since I do for years.
But in the end the only "safe" way to protect your business and privacy is to
use Linux/Unix. The FSF said it for years; the german CCC told us for years. I
admit, I didn't believe it's so bad. I always thought: good there are a few of
us paranoid, they take care there is a balance.

Now we see, there is no balance. Good we have had these paranoid people
because they are now providing us a chance to opt-out.

Good there were these programmers who worked for years and often in their
prime time in free and open solutions like GNU/Linux. Snort, the intrusion
detection system. GPG. And so on.

For me it is a hard job to opt-out of being spied. But I will move on, step
for step. Email privacy is the first; no GMail, no Apple Mail. Old friend
Thunderbird/Enigmail it is. I also installed TrueCrypt.

The biggest move will be to change the OS (again). Guess it takes me months or
longer as I have a lot of great OSX software. But on the other hand, I can
simply set up a new machine for private tasks - or dual boot my macbook with
Linux.

I hope my government will take this warning serious and support more "Linux @
City" projects (Munich runs on Linux and Open- or LibreOffice).

Wow, long comment. I just needed to say. I am worried.

~~~
progman
It is even worse. The attempt to escape into OSS/Linux is a step in the right
direction. But as long as we are dependent on mass consumer hardware then
there is always a risk of being spied through hardware backdoors. In this case
it doesn't matter which software we use. Even encryption is useless. It is NOT
enough to avoid Windows 8 because the real problem is modern hardware that
uses Trusted Computing chips.

Trusted Computing (TC) is way more dangerous than classical hardware
backdoors. I consider TC an evil technology because it not only takes control
away from the user but it even allows to inject faked evidence into computers
which could make innocent people -- independent journalists, political
activists etc. -- suspect to crime.

TC could also be used to delete evidence from computers of journalists who
would have no power to keep it. TC allows to control people without letting
them even know about it. TC is a huge danger for freedom of speech. It should
be banned politcally and boycotted in business. My recommendation: Don't buy
consumer hardware but use embedded Linux systems with bare bone technology.

If we want to be truly secure from being spied then we must do a complete
restart with new hardware and software from scratch. There is no way around.

I am actually "glad" about the NSA scandal (thank you Snowden) because it woke
people up and made them aware of the reality of global surveilliance, and
about the huge threats of Trusted Computing. NSA should be controlled by the
people of the United States but obviously it has become out of control. This
single NSA case has silenced the mouth of the conspiracy mockers once and for
all.

~~~
thaumasiotes
> TC could also be used to delete evidence from computers of journalists who
> would have no power to keep it.

Since Amazon deleted all those copies of 1984 from everyone's Kindles, I don't
keep mine connected to the internet. If you have data, you can keep it. Keep
it on your own devices.

~~~
bangboppok
> Since Amazon deleted all those copies of 1984 from everyone's Kindles

What? When? Seriously?

~~~
superuser2
They mistakenly sold books the publishers hadn't licensed, then refunded the
customers and removed the books from their Kindles.

------
reirob
This leads to a German article. Sorry I did not find any English article on
this topic yet. So here the short summary (actually my translations of
selected passages):

[German] government experts warn, Windows 8 is an unacceptable security risk
for governmental offices and companies. The so-called Trusted Computing might
be a backdoor for NSA.

[..]

According to their [expert's] opinion the operating system contains a backdoor
which cannot be closed. This backdoor is called Trusted Computing and might
have the consequence that Microsoft could control every computer remotely. And
therefore NSA could do it as well.

[..]

Three points are decisive: First the [new] TPM, in contrary to the existing
standard, is active from the time when you switch on the computer. As soon as
you start the computer you cannot decide anymore if you want Trusted-Computing
(Opt-in). Secondly it is not possible to deactivate in future the TPM (Opt-
out). Third the OS takes over the control over the TPM, in the case of Windows
OS it means that the computer is controlled by Microsoft.

\----

In the light of the current situation on spying, I have to say that I am happy
that it goes in this direction.

~~~
dotdot
Being unable to read German I can't comment fully on the original article, but
based on this summary this warning seems pretty silly.

The operating system kernel always has full control over the system, how are
they suggesting the TPM adds control here? The TPM is a small chip that
handles certain crypto operations more securely (especially key management),
how does this provide any additional backdoor scenarios?

If Microsoft wanted a backdoor it could easily be added to the OS without a
TPM.

~~~
polymatter
>If Microsoft wanted a backdoor it could easily be added to the OS without a
TPM.

Without a TPM, it is possible to detect and remove (or more likely mitigate) a
backdoor. With the TPM, even if you know about a backdoor and have a patch you
can not apply it without Microsofts blessing. At least, thats my
understanding.

------
mjg59
TPMs can't be used to control which software you can install. All they can do
is prove what software you're running, which means that a remote provider can
choose whether or not to provide a service based on what you're running.
Trusted Boot is about providing proof, not about enforcing local policies.
Secure Boot _can_ be used to restrict which software you can install, as
demonstrated in Windows RT. But that has nothing to do with TPMs - iOS behaves
in the same way without using any TPMs.

So I don't really understand the article. Placing trust in TPMs to maintain
your secrets obviously depends on you trusting the TPM manufacturer not to
hand over any of the secret keys, but having a TPM doesn't mean that you have
to place trust in it.

~~~
MichaelGG
TPMs are also pretty handy for low-level corporate security. Setup disk
encryption, store in the TPM then either boot directly (allowing RAM attacks)
or require a PIN (requiring someone to break the TPM itself). That's a pretty
nifty feature for general security.

I think the distrust and confusion around TPMs and so on is due to Microsoft's
moronic handling of Vista's protected playback system and people have
extrapolated from there.

~~~
eru
I believe the Chromebook uses TPM quite well.

------
pilif
So because Windows 8 has support for trusted boot and friends that might (it's
pure speculation) contain a backdoor, it's less secure than previous versions
that did not support trusted boot at all?

I agree that the NSA spying is a real threat, but so is traditional malware.
The article is basically saying that, because the malware protection is not
good enough (i.e. not securing against NSA malware), it's _worse_ than no
protection at all.

FUD.

I do agree that locking down the OS so that it runs only MS-signed
applications is a dick move in general and we'll probably see really bad
changes in the market overall, but I see no relation to the NSA spying issue.
The NSA can install malware as well on XP machines as it can on Windows 8
machines, so in that regard, Win8 is no better nor worse than previous
versions.

(also: I really don't intend to be trolling and my argument seems reasonable.
As such I wonder what the reason for the downvotes is. Is it possible that you
guys are getting an english article with a different content? If I click the
link I get to see a german article)

~~~
belorn
> The article is basically saying that, because the malware protection is not
> good enough (i.e. not securing against NSA malware), it's worse than no
> protection at all.

No. If the OS is locked down so only MS-signed applications can run, it is
impossible to run software that can detect malware that has been approved by
MS. It is also impossible to run software that can remove such malware.

If the OS makes it impossible to detect or remove malware, it is less secure
than OS that _do_ allow detection and removal of malware. _This is not FUD_.

What should happen, is that MS should be held strict liable for any illegal
acts which their restrictions helps to propagate. Held under vicarious
liability by non-US markets (so they can't get immunity by the US government),
MS shareholders would demand the elimination of the restrictions in favor of
less legal risk for the company.

~~~
amanne
First, Windows 8 allows you to run whatever desktop apps you want, including
third party antivirus software of your choice that have full access to the
system.

Second, I haven't seen your argument made for iOS and Chromebooks which are
much more locked down than Windows 8. Though one could argue that Chromebook
doesn't need to have malware since everything is helpfully uploaded to the
cloud.

~~~
belorn
If the third party antivirus software need to be approved by MS, then I can't
run the software of my choice.

It might had been worth mentioned, I am not the first person to talk about
liability issues regarding lockdown. I first heard it in a talk that described
the iPhone.

------
anologwintermut
This is about the TPM in windows 8. It's the same argument about treacherous
computing that goes around, except the article seems to be suggesting people
think it's a extent problem now because the TPM is always on, not a
hypothetical in the future/ Microsoft's long term plan. Further, there is a
nebulous assertion linking this to the NSA.

1) The TPM still can't control your computer(yet). It can only measure it's
state, allow you access to keys you created in some state, and attest to
things about the state (which would allow other parties to mandate what state
your system is in when interacting with it, but presumably those entities
would be bond by German law and likely be German themselves)

2) If Microsoft wanted to backdoor your system, they don't need the TPM to do
it. In fact, the TPM can be used to protect against a whole bunch of malware
that various intelligence agencies might use: it can protect keys with
passwords (with rate limiting/self destruct for guessing), make sure the
system is in the same state(i.e. malware free) when you created you PGP key as
it is when your using it to decrypt an e-mail, and it can isolate an
application from the rest of your system.

~~~
acqq
I have a Windows 8 notebook and for the first time in my life I have _no
control_ over my own general purpose computer:

\- I can't enter BIOS before entering OS.

\- Once I enter the BIOS from the OS I can't activate the hard disk password.

\- I can't install the Windows 8 OS clean. The MSFT has the deal with the
computer producers that _doesn 't allow them to deliver the pure OS medium,_
you can only backup the already present installed files to some external HDD.

\- Because of the previous and the fact that the binaries are controlled on
the hardware level (TPM), I have no control of what's running on my computer
-- I can't know, to be precise.

\- It's even worse than that, there is some Intel built-in technology on the
hardware/BIOS/drivers level which also has built-in "features" that allow
communication with some external "command and control center" which I don't
control. It supposedly allows, among other "features" disabling the notebook
once it's stolen. But I don't control how it's done, and I don't know if it
has additional backdoors. It proudly claims to facilitate "remote access."

It's scary how it looks like all together. I haven't even figured out how I'd
be able to install Linux on the computer. In some forums people claim that the
OEM should allow that, but apparently a lot of people haven't managed to
actually install it on different specific computers -- there are BIOS problems
that can't be avoided, and the OEMs don't give you support or the updates.
Mine is an Intel i5 processor-based modern Acer. It's fast, but I have _no
control._ Definitely not FUD.

Personally I like Apple approach more: thanks to their approach of the OSX or
iOS (no third party pre-installed crap) at least I have to just trust Apple.
Here I have to trust Microsoft, Intel and every company who has the drivers on
my machine. Much more chance for some of them to do what they want, in the
name of "cloud." Remember routers that are controlled from the producer of the
router, even "protecting" you from browsing all the sites? Remember Android
phones which upload all your passwords to the cloud of the mobile operator?
That's where the "cloud" support of the driver writers goes now. It _is_
scary.

(Globally, we're talking about this:
[http://xkcd.com/743/](http://xkcd.com/743/) \-- We've been giving up the
control of "infrastructures" for a long time)

~~~
btb
What brand notebook is that? Just so I can make a mental note to avoid
purchasing that brand in the future :)

~~~
acqq
It's Acer, but I as far as I know almost nothing it Acer specific -- it's a
Windows 8, all OEMs must accept what MSFT wants, plus the concept of third
party additions, plus the Intel technologies. I'm surprised how little
coverage there is on this all aspects.

The discussions of kernel-level "giving up control" existed in Palladium and
"technologies formerly known as Palladium ([http://en.wikipedia.org/wiki/Next-
Generation_Secure_Computin...](http://en.wikipedia.org/wiki/Next-
Generation_Secure_Computing_Base)) even 10 years ago but with Windows 8 they
start to be ubiquitous and nobody even notices.

~~~
amanne
It was Apple that implemented Palladium in on iPads and iPhones and many
technical folks even cheered it on.

~~~
acqq
I like iPad and iPhone as they are. Apple devices don't come with random crud
from the third parties preinstalled. Windows computers have problematic things
even in BIOSes: different software from companies that claim to "protect" your
computer but can even provide remote access for third parties.

------
petera
The core-argument is that the Windows 8 way of using, implementing and
enforcing TPM and establishing a so called feudal security approach isn't
considered good security practice any longer.

It's not so hard to understand.

------
muyuu
I would pay a 50%+ premium for competitive open source hardware. Happily.

------
orionblastar
I tried my hand at Translating the article here:
[http://www.greatdox.com/windows8/](http://www.greatdox.com/windows8/)

Sorry for any errors in Grammar or mistranslations. I also don't claim the
technical 'facts' in the article are true, but they are what the original
article was stating.

A link back to Hacker News on this thread and other related links. Plus a link
to Lunubtu and Linux.org at the end.

Please ignore my affiliate links near the bottom, I am having problems finding
a job, and paying for web hosting, etc. Most people don't click on them
anyway, and the entire web page is text no javascript, no images, no pop-ups,
etc.

------
kunai
I never really understood how TC works. Does the TPM actually do anything on-
the-fly that is noticeable? Is it used at all on any consumer devices?

Fill me in here, because I'm at a loss.

EDIT: Never mind. It seems like prior TPMs shipped with hardware, but were
opt-in instead of opt-out, and now, with the W8.1 hardware spec, TPM 2.0
(which has a greater range of TC technologies) will need to be enabled as
default on hardware shipped with W8.1, and there is no possible way to opt-
out.

A shame that hardware manufacturers are just Microsoft lackeys.

------
Udo
Translation (it's a very long-winded article with many repetitions, I left
some passages out):

How trustworthy is Microsoft? This is the question that concerns the Federal
Administration and other German government agencies, as well as companies and
private users who might want to use the Windows operation system now and in
the future. Sooner or later they will be forced to use Windows 8 or its
successor. According to documents available to the ZEIT ONLINE, government IT
experts consider Windows 8 to be dangerous. They contend that the operating
system contains a backdoor which cannot be closed. This backdoor is called
Trusted Computing and it might empower Microsoft and the NSA to remotely
control any device that uses it.

[...] The way in which the chip and the operating system cooperate is
standardized and the specification for this is defined by the Trusted
Computing Group (TCG). The TCG was founded ten years ago by Microsoft, Intel,
Cisco, AMD, HP, and Wave Systems - all of which are US companies.

The current TPM specification is scheduled to be replaced by a new one dubbed
TPM 2.0. Together, TPM 2.0 and Windows 8 achieve what has become the norm on
smartphones, tablets, and gaming consoles: hardware and operating system
become a tightly coupled unit that allows the OS vendor to tie down precisely
what can be installed on a device and what cannot. To put it another way,
Trusted Computing is a vehicle for Digital Rights Management (DRM)
enforcement.

[...] Three issues arise here: First, contrary to the current generation
standard TPM will be enabled right from the first boot-up of the device.
Whoever uses this computer will no longer be able to decide if they want to
use TPM (Opt-in). Secondly, TPM can no longer be deactivated on systems that
have it (Opt-out). Thirdly, how TPM functions are used is entirely up to the
operating system [vendor], in the case of Windows computers this will be
Microsoft.

From the year 2015 on every single PC will be shipped with Windows 8.x and TPM
2.0. For the user there is simply no way to tell what exactly Microsoft does
to their system through remote updates.

To summarize, users of a Trusted Computing System lose control of their
computer. This is the design goal of Trusted Computing, as the Federal
Ministry for IT Security (BSI) explains in detail here [link]. The BSI
suggests that government agencies, companies, and private users actually make
use of this technology - but only if certain conditions are met. A way to Opt-
in and Opt-out is part of these conditions, and these options are being
eliminated now. [...] Accordingly, the Federal Administration and the BSI now
express very clear warnings against the use of Trusted Computing 2.0 within
German agencies.

According to a paper issued by the Ministry for Commerce from early 2012: "
_Due to the loss of control over [the capabilities of] information technology_
" " _the security-oriented principles of 'confidentiality' and 'integrity' are
no longer achievable_". Other statements assert for example: " _this could
have severe consequences for the IT security of the Federal Administration._ "
Thus the conclusion is: " _The use of 'Trusted Computing' technology in this
form ... is not acceptable within the Federal Administration and other
critical infrastructure_".

[end of page 1]

Another document reveals that Windows 8 and its successors combined with TPM
2.0 are already unusable "even today". Windows 7 could "be used securely until
2020". After that, other solutions would have to be found.

In an assessment the BSI writes that " _unconditional and complete trust_ " in
Trusted Computing is not possible with TPM 2.0. The documents contain evidence
that the German government did try to influence the development of the new
standard. This type of cooperation has been taking place for years, this time
the Germans have been simply ignored though. However, other parties got
exactly what they wanted. The NSA, for example. " _The NSA approves_ " was a
catch phrase that has been issued during the last meeting between TCG and
interested parties, according to some participants.

[end of translation]

The second page contains a lot of predictable conclusions about suspected
NSA/US spying capabilities.

~~~
amanne
It's funny how Windows 8 is singled out as if other Windows versions are any
better. Windows 7 can be securely used till 2020? That's the cut off date for
updates from MS. The same MS that the article says " For the user there is
simply no way to tell what exactly Microsoft does to their system through
remote updates."

The above is true of Apple and Google, but it is glossed over.

First, I fail to see any relevance or technical info about what the TPM or
trusted boot has to do with the issue at hand.

If anything they should be warning people about using Chromebooks where
everything is uploaded to the cloud by default, same with Google Apps and
Skydrive. Or Outlook.com and Gmail.

Oh, also be careful about Ubuntu, Shuttleworth said he has root on your
machines.

In short, this is a rambling article full of technical sounding gibberish
designed to get semi technical folks riled up with scary sounding buzzwords
instead of actually educating people.

Edit: Fixed typo reported in reply.

~~~
moocowduckquack
_" First, I fail to see any relevance or technical info about how TPM or
trusted boot to the issue at hand."_

Is that a sentence? It sort of looks like a sentence, but something seems
missing.

~~~
mpyne
I'm assuming you're not a computer, have you tried using context clues to
figure out what the author might have meant? This isn't Reddit, we don't need
grammar Nazis or joke threads here.

~~~
moocowduckquack
wasn't a grammar issue, it was that the middle of the sentence seemed to be
missing and that it was confusing enough that I thought it useful to point
out, and now it is fixed and makes sense to people, yayy :)

~~~
mpyne
Sorry for my misunderstanding then, glad it's worked out for all involved. :)

------
Zigurd
It is fairly amazing that any non-"Five Eyes" nation would use non-auditable
and non-buildable software on systems they want to secure for quite a while
now. I suppose the recent revelations have drained the last drop of
credibility from the "we could but we wouldn't" argument.

------
reirob
Just have found another article that might give some more details. It is again
a German article, so I hope that German speaking community will step in again
(the last Google translation was really bad) and provide its interpretation.

The article is an interview of Professor Dr. Rüdiger Weis, who is a cryptology
expert:

[https://netzpolitik.org/2013/interview-trusted-computing-
sti...](https://netzpolitik.org/2013/interview-trusted-computing-stimmt-
geheimdienste-froehlich/)

------
cmarschner
Nothing prevents you from buying a non-Windows, non-Mac laptop. It's not the
year 2000 anymore when there were hardly any other options.

~~~
ZanyProgrammer
Tell me where these mythical laptops are, other than the Dell XPS 13?

~~~
nileshtrivedi
[http://www.system76.com/](http://www.system76.com/) among others.

~~~
kintamanimatt
I hadn't heard of them, although buying such a thing internationally would be
an expensive pain in the ass to return if there were an in-warranty defect!

Also, as an Ubuntu-user, as I really love the idea of these, but they're ugly
and look really cheap:
[http://i.imgur.com/KGPznQz.jpg](http://i.imgur.com/KGPznQz.jpg)

~~~
snarfy
There are other places, like
[http://www.powernotebooks.com/](http://www.powernotebooks.com/) and
[http://www.xoticpc.com/](http://www.xoticpc.com/) that have excellent
warranties and deal with all the international stuff so you don't have to.
Granted they don't come with linux, but you can order them with no OS.

~~~
kintamanimatt
There is also the so-called Windows Refund [0] for everyone else, but it's an
absolute pain in the butt to go through (deliberately so), and ends up costing
more in time and hassle for a measly refund.

[0]
[http://en.wikipedia.org/wiki/Bundling_of_Microsoft_Windows#L...](http://en.wikipedia.org/wiki/Bundling_of_Microsoft_Windows#License_refund_cases)

------
D9u
If Microsoft has been complying with government requests to facilitate access
to Microsoft online services, then it wouldn't be entirely unreasonable to
extrapolate from there to question whether or not Microsoft operating systems
have also been engineered to facilitate government access.

------
frank_boyd
TPM combined with the recent revelations may become Windows' final nail in the
coffin.

~~~
esw
I certainly understand the sentiment, but we've been talking about the end of
the Windows era for at least fifteen years. At some point it will inevitably
end, but I suspect that we will only be able to point to the 'final nail' in
hindsight.

------
Hen4732
[https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2...](https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2013/Windows_TPM_Pl_21082013.html)

------
lispm
[http://www.golem.de/news/trusted-computing-
bundesregierung-w...](http://www.golem.de/news/trusted-computing-
bundesregierung-warnt-vor-windows-8-1308-101101.html)

------
polskibus
can anyone elaborate on TPMs, what are they, why are they the risk in MS case
etc.?

~~~
jlgaddis
[http://en.wikipedia.org/wiki/Trusted_Platform_Module](http://en.wikipedia.org/wiki/Trusted_Platform_Module)

~~~
josteink
Key point: "Trusted" in this sense refers to trust to an external entity and
not the owner or user of the actual computer, which ironically is _not_
trusted to have full access to all things on the computer.

The biggest problem is that the "trusted" party which has full access is
almost certainly under NSA/PRISM jurisdiction and can be forced to do things
which most people would find objectionable.

~~~
mseebach
Where do you see that a trusted party has full access? Yes, the NSA could
probably create a Windows build with a backdoor, and forge a signature that
the TPM would accept, but they could (and probably did) just ask Microsoft to
do that and save the bother.

What attack vector, _exactly_ , does the TPM enable that isn't present pre-
TPM?

~~~
bad_user
Because you can only install software approved by Microsoft, you cannot
install software on it for detecting a backdoor installed by Microsoft. These
computers are only more secure if you trust Microsoft. If Microsoft can't be
trusted (and they can't be, as they are under NSA's jurisdiction), then the
Windows 8 computers are less secure.

But wait, it gets worse. At least in the case of MacBooks you only have to
trust Apple, but in the case of Microsoft you also have to trust the computer
manufacturer. And that's a really tough pill to swallow.

I actually hope that Windows 8 will be banned by governments in the public
sector, as Trusted Computing is a scourge upon this industry.

~~~
ZanyProgrammer
Um, wait-Windows 8 will allow you to install any old x86 Windows program. Only
Windows RT is locked down to such an extent. I hope HN doesn't have Slashdot
levels of ignorance concerning Windows.

~~~
throwawaykf02
_> I hope HN doesn't have Slashdot levels of ignorance concerning Windows._

Only Windows? HN also has Slashdot levels of ignorance concerning the legal
system, patents, copyright, and the music industry, and these are only the
topics I know something about. I avoid political discussions, but from what
I'm told, those are just as misinformed.

Note that I am no expert in those topics either. I just took the time and
effort to research those on my own rather than accept the sound bites media
puts out.

When it comes to technology, there's probably no better place. (And even that
I would caveat with an exception for Microsoft technologies, where you'll find
more FUD than knowledge.) But basically for anything else, don't expect much
from HN.

------
walshemj
So just don't install a TPM module if your getting paranoid and does any one
know what powers the BND and the plethora of secret police have in Germany?

This smells of poujadist knee jerk Anti Americanism

~~~
kintamanimatt
I'd be under the impression that TPM 2.0 modules come pre-installed and are
probably surface mounted chips, the removal of which would void any warranty
and possibly cause damage to the motherboard.

~~~
walshemj
So and your point is? for example None of the consumer Ausus 8 series MB's
(1150 Haswell) come with a pre installed TPM they just have the header.

~~~
kintamanimatt
My point is TPM 2.0 appears to be a different beast. While it's optional
today, it probably won't be tomorrow. Vendors are very keen to lock shit down
and create walled app gardens in the name of increased security.

~~~
walshemj
So don't buy an iPhone ;-)

But you do have a point - I suggest you lobby your MEP/Senator/MP to ban
totally walled gardens or to use anti trust to split the app side of Google
and Apple etc from the parent - this is what caused IBM so much trouble in the
60/70's

~~~
kintamanimatt
TPM isn't limited to iPhones!

I don't think TPM or walled gardens are a political problem, but more a
technical and marketing problem. Lobbying for legislation that prevents
alternative marketplaces from being locked out of a particular ecosystem
doesn't actually mean people will use them en masse, or even know they exist.
For example, despite Android's open nature, Amazon Appstore is very unlikely
to ever beat Google Play because most people don't switch from the default.
Similarly, Internet Explorer remained the most popular browser up until
lately, despite alternatives and European legislation. Google Chrome is now
the most popular browser, but it took an expensive ad campaign to make Google
Chrome happen, not legislation. Firefox is trailing in last among popular web
browsers!

Increased adoption of FOSS is really the only solution. It only becomes
political when FOSS is legally restricted.

~~~
walshemj
call me when open office and gimp don't suck

~~~
kintamanimatt
I don't really use OpenOffice apps frequently (LaTeX FTW!), but OO doesn't
suck.

Photoshop beats the pants off GIMP, unfortunately.

~~~
catnaroek
OpenOffice/LibreOffice suck for what I do with Office: Write scripts that
exchange data with other applications, in particular, operations research
software. It is a pity, because Python is a superior scripting language than
VBA, but for the most part, developers of optimization and simulation packages
have voted with their feet to make it easier for their programs to exchange
data with Excel and Access, not with OO/LO Calc.

Admittedly, my use case is not terribly common.

~~~
kintamanimatt
Thing is, it's use cases like this that are hindering adoption of Linux on the
desktop, and I feel sad that these points of friction still exist; they
shouldn't. <stallman-clone>We need, in part, widespread adoption of free, open
source software to help maintain privacy, personal security, and freedom. It's
use cases like yours that need to be taken into account and accommodated.
Until this happens, and migrating to something like Ubuntu is problem-free and
frictionless, our computers aren't free, and we, as a society are less free
and more vulnerable to malicious government entities. Also, the era of the
cloud as we know it has to end!</stallman-clone>

I see you're new too! Welcome to HN! :-)

~~~
catnaroek
> Thing is, it's use cases like this that are hindering adoption of Linux on
> the desktop, and I feel sad that these points of friction still exist; they
> shouldn't.

I am a happy Arch user at home. There is no non-free software installed on my
personal machine. Even for my operations research work, when I do it using my
machine, I prefer using free software (e.g., GLPK for optimization and Aivika
for simulation) over the proprietary alternatives, because free software
developers do not pull crap like "The professional edition can only run models
with up to 2000 variables. If you need more, buy the enterprise edition."

Sadly, at work I do not get to pick what tools I use. Customers do not want to
give up Excel and the proprietary software designed to interact / exchange
data with it.

In any case, my original comment ("OpenOffice/LibreOffice suck for what I do
with Office") was not meant to be a characterization of free software in
general.

> <stallman-clone>We need, in part, widespread adoption of free, open source
> software to help maintain privacy, personal security, and freedom. (...)

Five years ago or so, I might have dismissed you as a lunatic; but, these
days, I find myself increasingly agreeing with this point of view. I have seen
OS X evolve from a somewhat restrictive but overall very convenient OS
(Leopard and Snow Leopard) to an OS openly designed to limited what users can
or cannot do (Lion, I have not used Mountain Lion). Windows has undergone a
similar path (beginning with the Windows Genuine Advantage thing).

It is quite a feat that proprietary software has become so restrictive that I,
someone who still does not place software freedom too high in his priority
list, actively seek to use free software over its proprietary counterparts.

> (...) Also, the era of the cloud as we know it has to end!</stallman-clone>

Word!

> I see you're new too! Welcome to HN! :-)

Thanks! :-)

~~~
kintamanimatt
> Five years ago or so, I might have dismissed you as a lunatic

Six months ago I'd have dismissed me as a lunatic too! Stallman, whether by
luck or foresight, was right.

