Supporting hardened boot is not the same as requiring it. Microsoft already utilizes this for BitLocker. You can still install Linux on a machine that supports hardened booting and signed images. You just can't enable hardened boot unless you use signed images.
Um, Microsoft used to do exactly this. http://www.theregister.co.uk/2001/08/31/jean_louis_gass_233_... I don't know if they have the muscle or the guts to try something like this again.
edit: fixed typo
They both result from signing an agreement between said parties, and basically provide the same benefits to both parties (given that most people won't install an operating system themselves).
Except one leaves a choice to the end user, and the other doesn't.
Your $200 Dell from Best Buy might, but that will be part of the subsidy from MS. Meh.
Does this mean you can just add you own key and self sign any code you want?
"After years of trying to cut off Linux growth as a desktop platform on x86 and x64 PCs, Microsoft may have actually figured out a way to stop Linux deployments on client PCs dead in their tracks."
I'm quite certain Microsoft has (A) not put any significant effort into cutting off growth as a desktop platform, and (B) If they had, they were almost completely successful, and characterizing it as "trying" implies that they had limited success.
Seriously, this seems especially short-sighted, as the perception is that MS is getting thrashed by Apple in the consumer market. I think its more about preventing malware from getting ahold of the boot process, side effects be damned.
If that doesn't work, the need for booting non-standard Windows images will save us. I've never worked for any company that ran a stock Windows install -- everyone rolls their own. If new machines won't boot this image, guess what, that new machine is bought from some vendor that doesn't do this to them. And the only reason most people use Windows at home is because they use Windows at work. If big companies started migrating away from Windows, Microsoft could be in serious trouble. (Yup, Microsoft Word is much nicer than LibreOffice Writer or AbiWord. But you don't know that if you've never used it. Or, you don't care, because you're writing a memo, not a book. And that's $600 Microsoft loses right there.)
Next, we're forgetting the all-important server market. Nobody uses Windows as a server OS, so all those servers are going to have to be able to run Grub. Since servers are what make the OEMs money (they actually need that quad core chip, you don't), keeping users of that market happy will be the hardware companies' biggest concern. If Intel chips stop booting Linux, guess what, AMD is the new king of the market.
Finally, many of these companies are in markets other than consumer computers, and they won't want to alienate their other partners. If, say, Samsung says "our hardware will only run Windows", then they won't be manufacturing Android phones or Chromebooks anymore. And that's a big deal, because they won't be manufacturing iPhones either, and that means they're out of the mobile market. (Have you ever seen anyone without MVP certification anywhere near a Windows Phone? I didn't think so.)
Basically, Windows is important, but not so important that anyone would want to be the first to go Windows-only in hardware. Hardware companies want to provide nice computers at a nice price. End users mostly want to browse the web. This puts Microsoft in a position to do exactly what the market wants, not what it thinks it can bear. When you're at the top, the only place to go is down. And that is where Microsoft is going.
That's not how this works. It doesn't expect that the entire OS install is signed. It expects that the kernel is signed. "Non-standard" Windows installs don't generally futz with the Kernel. If you work for a company that uses a hacked kernel internally, please let me know, so I can make sure I'm not invested.
> Nobody uses Windows as a server OS
Microsoft's server product(along with its related tools and products) is massively successful. The Internet darlings may not run Windows Server, but many, many companies do.
> If, say, Samsung says "our hardware will only run Windows", then they won't be manufacturing Android phones or Chromebooks anymore.
Why would anyone do that? Even if Samsung sold some hardware that was locked down to only Windows, why would they suddenly stop selling other hardware? There's just no point. They already sell devices that are effectively locked down to Android, but that doesn't preclude them continuing to sell Windows laptops.
Yes, and Linux as a server is massively successful. And the internet darlings are one of the biggest customers. If a machine can't boot linux because of the signed kernel requirements enforced at the firmware, those internet darlings would move to machines that can. That isn't a risk intel el al. are going to take, especially with AMD breathing down its back.
If I'm correct (?) your whole reply to that point was a bit over the top, especially the 'tell me where you work so that I can ignore you' part.
Edit: Reading the original source (I recommend it!) confuses me. It says 'unsigned binaries will not load', but still: I'm still reading that as 'will not be loaded by the UEFI firmware' - which should only need to load the bootloader (+ relevant drivers) as far as I understand it?
I don't think this will affect corporate Windows installations as you'd presumably be installing a signed kernel and signed drivers - as the post above yours states, it's very rare to use a non-Microsoft-supplied kernel and unsigned drivers in the corporate environment today.
Signing a Linux bootloader could be perceived as a potential breach of this trusted boot process, as Windows could then potentially be loading in an emulated environment created by a malicious GRUB module or the like. Chances are, nobody subscribing to Trusted Boot will ruin their marketability by either a) not providing a way to disable the trust verification or b) not signing a Linux bootloader. However, that possibility is what has the rash of speculative "Linux won't run anymore!!!" articles running around the internet this week.
More solid info on the trusted boot process can be derived from:
Secondly, in the near future the design of the kernel will mean that the kernel itself is part of the bootloader. This means that kernels will also have to be signed.
No PC OEM has a rational fear of MS doing bad by them, regardless of lock-in. Firstly, MS has no good reason to do that since it would just put the retail price of the PCs too high to sell well, and MS is a volume business and knows it. They're smart enough to know to avoid hurting their own sales. They already know who and how to charge ridiculously high prices per client for software and its not OEMs or retail consumers. Secondly, the OEMs so affected would likely run to the FTC immediately and file complaints of unfair trade practices, and then MS would find itself in a fecal-tornado of bad press and government action that it would surely not enjoy. Thirdly, OEM licenses can only go so high, as then OEMs could just buy and install retail copies of Windows on their machines. In short, this whole fantastical scenario goes against everything that MS has done as a business and everything that MS has done as part of creating and maintaining relationships with OEMs over the past 3 decades, it makes no sense.
As far as the server market, those machines are almost invariably different hardware than commodity PCs. I don't think it's likely that PC component makers or OEMs will opt for Windows-only systems, but I don't think you've put forward a sufficient argument on why that should be the case.
Microsoft already prices it differently for different OEMs. They are already in mortal fear than Microsoft will change it, even without the technology to enforce it.
Can't find a link now, but in one of the big computer trade shows, in the morning Asus said they'll be promoting linux on the recent 9" eee. Afternoon, they apologized and said they will only promote Windows, and will in fact redesign it to better fit windows. The difference was apparently made by a call from Microsoft that threatened their volume licensing deal.
> MS would find itself in a fecal-tornado of bad press and government action that it would surely not enjoy.
The government works for Microsoft. MS had some fear of antitrust back in the late 90s, but they've since become one of the largest lobbyists, buying politicians on both sides. They are not touchable by antitrust or any other government action in the foreseeable future.
Take away the free option, and the non industry consumers will just dump their OS. What is stopping Linux from ruling the Desktop market is a awesome UI.
Now, I decide to buy a netbook for browsing and light development. I can save upto 1500 rupees on the OS if I go in for a pre loaded freeDOS version. So this is what I have decided, to buy a good HP netbook which comes close to 15000 rupees. Install Ubuntu LTS version on it. Remain hassle free for the next two years. And spend the saved 1500 rupees on buying a good headphone to listen to music.
I don't see any reason why I must remotely feel the need to use Windows anymore. Unless ofcourse I need to work on a word document. Most of the times OpenOffice is sufficient, if it isn't I just walk upto the next DTP store around my place, pay the guy 20 bucks and get the work done in an hour.
Which is why my employer really doesn't use Outlook/Exchange for email, or Sharepoint for the intranet, or IIS for the public website, or ActiveDirectory to manage logins and whatever else it does, or ....
Maybe you mean, "nobody uses only Windows as a server OS"? But even tho that would work for my employer (we also have Linux and AIX) and probably all large companies (including Microsoft?), I'm sure there are a ton of smaller ones it doesn't apply to.
If you really have to live with all that stuff, I'm deeply sorry for you. I use Exchange and AD and it's bad enough.
If you come to Brazil, I can introduce you.
I doubt that secure boot is a factor in this, since it would be easy for vendors to disable by default in the factory if they wanted to install Linux.
The point of the article isn't that the machines will be Windows-only, but that dual booting may no longer be possible. It makes a point of emphasizing that secure booting will likely be easy for the user to disable, although that will disable Windows 8 as well.
Never going to happen. Win8 will install on machines built for Win7.
Win 8 is not going to refuse to boot on machines that have boot signing disabled.
Maybe Microsoft will require OEMs to support secure boot to be certified for Win8 (fine by me). That doesn't mean that the user won't be able to disable it if they want, and it definitely doesn't mean Win8 won't run when it's turned off.
The very last thing for which I'd consider using MS Word (or any WYSIWYG processor, for that matter) would be writing a book (or any prolonged text which concentrates on the content). Seriously, if you do this you've never even thought about the fact that there are alternatives which are vastly superior for such tasks (one of which being plaintext. Yes, plaintext). I don't get why you would even consider writing a book in a document processor - save for LyX, but that's not exactly a standard word processor.
Sorry for the rant, I mostly agree with you. The general development still scares me though.
Estimates of between 40-75% of all servers are Windows based. While Linux is ahead in Web servers (71% market share), they aren't the only type of server going around...
These stats are hard to measure as they can't really account for people who just install free linux distros, but in terms of sold Linux based licenses, Microsoft is ahead. At the very least it shows the that the assertion "no one uses Windows as a server OS" is far from the truth. 5-6 billion dollars revenue a quarter is hardly 'no one'.
True to some extent, but they can always create Linux models that just don't include the MS public key.
the need for booting non-standard Windows images will save us.
Customized Windows images should have the same signature since the signed components (kernel, drivers, etc.) will be the same.
the all-important server market
This either doesn't apply to servers or the vendors will just create Linux models.
If Intel chips stop booting Linux
To be clear, that is not what we're talking about. This is an optional firmware feature (and I assume it will apply to all logoed PCs regardless of processor type).
This is the problem with getting tech news only from HN.
When I tried to bring up Linux as an option, they sort of winced and said "Linux... ehhh... it's hard to get Linux doing what you want."
1. Can SQL server deployment be automated? I remember reading somewhere it is mostly GUI administration, though things might have changed with WMI.
2. How do you manage IIS? Say you need to restart IIS on 200+ servers?
3. What is the remote model? Windows doesn't have a decent command line, so ssh will be weird.
Do you write custom code for all this, because I find the ecosystem on Windows sorely lacking.
PS is a "decent command line" for Windows, that can handle most of the things you discuss pretty well.
Also if you don't know this anything about new toolchain, how can you say that your old one is "just as good"?
Caveat: I have been heavy Linux user for past 7 years, but I'm not so quick to dismiss alien technology, especially when it addresses obvious flaws in Unix -- e.g. piping plain text with parsing and printing it again on all stages seems so ancient, I would much rather like to be able to use structured data instead. Also, you could remove the overhead of process initialization if your command line tools are just functions, and not executables. Just sayin'.
The major question is does the objects which are to be automated lend themselves to automation?
Here is one of the results I found while looking for 'sql server automate'
If I were talking about MySQL/PostgreSQL, they lend themselves very well to automating. The shell script just calls the relevant programs.
Likewise, if I am automating nginx, shell is just the glue. nginx provides the nut and bolts, and scripting is the wrench.
Unless IIS, SQl server et al. provide similar facilities, powershell isn't going to help.
I haven't used SQL server in a long, long time. My doubts were from some articles I have read:
nix DBA’s used shell scripts as their primary management tool, but the SQL Server of that day was not scriptable. Would those DBA’s accept the use of GUI tools?
So it looks like it used to be the case that it wasn't scriptable, but it is now.
You rarely write custom code when scripting....most use cases a covered by a huge library MS offers. The rest is available through google :)
We have run large Windows Server Farms at my past company (SaaS Business) and maybe 3-4 Linux Servers...the ones causing the most trouble where the Linux ones. One reason: Every dummy can administrate a Windows machine....not so a Linux machine! That fact forced the Ops team to get rid of the Linux machines as quick as the could.
So you choose a inferior mediocre alternative just because you can hire mediocre folks to handle it(you mentioned 'dummy'). Ultimately having sufficient technical debt to make your miserable for the next decade.
Linux command line isn't very upfront friendly for sure, but its strength lies in automating as much as you can, programatically. When you talk of administration things go beyond cleaning up files and giving access to users. You must have abilities/tools to quickly hack up solutions to programming problems while problems in operations. That's why bash/sed/awk/perl and other Unix text processing utilities are so big on the server side. Unix forms a complete programming ecosystem in itself apart from being an OS.Windows command line is not just weak but literally useless in this area.
Its like saying just because anybody can use notepad, Emacs is useless.
The thought never crosses their mind that you get what you pay for, and 1 qualified Linux admin can replace an entire team of Windows admins due to automation, scripting, and superior manageability of Linux.
1. Windows was never originally designed to work as a Server side operating system at the first place. They started to drive it on the server side when they first discovered the Internet had a huge commercial potential to sell machines on the backend. There fore all means of getting things done on a windows machine for a developer have to go somehow through a set GUI's to get work done programatically. This sucks from a programmers perspective, programming is all about level of customizability.
2. Command line on windows sucks, apart from just removing, adding files/directories and running commands anything else is just a pain. The UNIX command line is a complete interpreter in itself(bash).
3. The UNIX operating system is more than an OS, its a complete programming ecosystem in itself. The whole concept of everything being a file or a process is just so elegant. You can endlessly leverage native tools like sed/bash/awk/cut/tr/perl and other text processing utilities to solve any problem with a combination of text files and processes. Which is not easily possible with windows, heck using those tools on windows is big pain. They are often ported with limitations.
4. Debugging, is a breeze. Checking logs is a breeze. Text processing utilities and endlessly configurable tools make it very easy for system administration with the help of pipes. This is very crucial for system administrators. They often want to do stuff without the help of programmers to get quick solutions when they get paged at 2 in the night.
5. Many other development features like Inter process communication with tools like DBus. Sockets et al are vastly superior in UNIX than windows.
6. Many programming languages were developed(Perl/Ruby/C) with entire context of UNIX in mind. Therefore they natively work very well with UNIX.
7. Vast resources of knowledge of troubleshooting and maintenance available for UNIX. Which makes things newbies easier to deal with it.
8. Unix is open source, its freely available. And will be there for a long time. People who supply it do it on passion and pure volunteer effort and will do it for fun and because they like. Windows can be killed by anytime for profit.
9. Vendor lock in problems. I don't understand why I should use all MS specific software all over. I can't scale horizontally due to cost issues. Also apart from .NET developing for any other technology sucks on windows.
10. Lack of multiuser login, Servers need many people to login and work at the same time. For testing and for development reasons.Servers are just so much more than deployment only boxes.
11. GUI overhead, Why should I spend my computing resources on OS and GUI when I should I actually be spending them on my applications?
12. Registry is a pain on Windows, I don't have to worry about those hassles on UNIX.
The list goes on and on...
"There fore all means of getting things done on a windows machine for a developer have to go somehow through a set GUI's to get work done programatically."
This alone is enough to discard anything you say about this topic. You obviously have no idea what you're talking about. Everything in Windows is programmable, through a standard object model, and the facilities to put them into any program are standardized, too.
"Which is not easily possible with windows, heck using those tools on windows is big pain."
Windows != Unix. If you are a bricklayer and you get into gardening, would you complain that your concrete mixer doesn't work well for shoveling a garden? Unix tools on Windows is a crutch for people who refuse to adjust to the environment they're in (or as a band aid for a quick and dirty port of Unix functionality).
"tools like DBus. Sockets et al are vastly superior in UNIX than windows."
Windows != Unix. The concurrent tasks model in Windows is based on threads, not process spawning. Don't take your Unix prejudices to Windows when you write software for Windows. Are you seriously suggesting there are no working ipc mechanisms in Windows? There are vast amounts of functionality to do so, and on a much deeper level than just 'pipe text from one process to the next' (i.e., a proper object model that can be used to share code written in several languages and with which you can pass objects and not just text).
"Lack of multiuser login,"
WTF are you talking about? Have you ever seen a Windows box since Windows 95?
"Registry is a pain on Windows, I don't have to worry about those hassles on UNIX."
What? Are you saying you prefer 25 different file formats, spread out in non-standard ways, without a standardized layout? Or are you saying that editing Apache config files with sed and awk is a good idea? If so, you're clearly off your rockers. Of course you can hack together something that 'mostly works', but at least with the registry you have a standard format, standardized and cross-language APIs and a (more or less) standard organization of data.
Now I'm not defending the implementation of the registry; it has outlived its design. But being against the idea is lunacy - why do you think the Gnome guys realized in the early 2000's that they needed something similar?
UNIX is about being generic. Yes, it means Apache and Varnish have different config file formats. But it also means that I already have the tools I need to automate my configuration so I don't have to care.
(Yes, Windows is programmable. But when you start having to compile software to automate your deployment, it becomes engineering and becomes a task of its own. Compare this to a quick command-line oneliner, and you'll see why people prefer UNIX. Engineering is about knowing how much you need to get something accomplished. Sometimes you do need to write highly-advanced configuration software. But other times, you don't. Windows doesn't give you that choice.)
Secondly, it's only true in the most simple cases that you can edit config files easily. First, all config formats are different - from the bizarre (Sendmail) to fairly sensible (Apache), but each one requires separate tools/scripts. Secondly, most of them are quite hard to automate - for example most config formats ignore white space, but writing a robust 'parser' in bash/sed/awk is a major pita and something you can never quite get right. (this is what I alluded to in my previous post). I don't see how you can say 'I already have most of the tools' - you need to learn the syntax and then write a complete program to parse the files. For example, you need somewhat of a state machine to parse/edit Apache VirtualHost directives. You need to write a complete editor from scratch each time.
I'm not sure what you mean with the last line. Just as with a properly set up make environment, you can compile a whole Visual Studio project with a single command from the command line. There is no way to do a bunch of things 'automatically' on Linux either (compile, run test, deploy, whatever), you still need to code them into your makefiles/deployment scripts.
(I've written software on and admin'ed Linux for coming on 15 years and I've written Windows software for over 10 - I have quite a bit of experience with both. They both have good and bad sides, and I run my personal servers on Linux myself. That said, the arguments used here against Windows are plain false and reek of Slashdot-style fanboyism).
The idea of diffing a registry dump fills my heart with horror.
> First, all config formats are different - from the bizarre (Sendmail) to fairly sensible (Apache), but each one requires separate tools/scripts.
I am quite happy editing them with vi or emacs (when available). I also like joe a lot - it reminds me of WordStar.
> you need to learn the syntax and then write a complete program to parse the files.
In about 10 years of Unix, I never had to build anything like this. And, when I wanted to parse my own config files, I always had libraries to do it ready.
> For example, you need somewhat of a state machine to parse/edit Apache VirtualHost directives. You need to write a complete editor from scratch each time.
I think you may be approaching the problem from the wrong angle. Are you trying to build a GUI tool to edit Apache configuration files?
Sure, so am I (well except for Sendmail configs). We were talking about programmatically editing here.
"And, when I wanted to parse my own config files, I always had libraries to do it ready."
Really? How do you, in bash, write a script to change, or if necessary add, an 'IndexAllowed' directive to a certain specific VirtualHost? Mind you, Apache config files can Include other files (and many distros ship with default config files that use this).
"Are you trying to build a GUI tool to edit Apache configuration files?"
I'm not building anything, I was just using this as an example of things you'd want to script, for example in the context of a web hosting provider who wants to automate the creation of new customer setups. (Yes I realize that there are many way to attack this specific problem, but most of them are very specific to Apache and would have to be re-engineered for each problem)
I am not sure it's a good idea. Just generating the files from a CMDB and placing them in the servers seems the simplest approach. I do it. This way I have the nice side effect that anything a sysadmin did directly and manually on the server bypassing the config database (something that shouldn't really be done) gets wiped out as soon as possible.
> in bash
Almost every Unix out there has Python, Perl and Ruby already installed. You don't need to use bash unless you really want it.
Why is it so difficult for people to make a point without making personal remarks?
Seriously, if you claim that a drawback of Windows is that it doesn't allow multi-user login, then it's hard not to ask "WTF are you talking about? Really, what are you talking about? Are you stuck in some circa-1995 reference frame? That doesn't even make sense!"
So I'm not sure that it was a personal remark. It may have just been honest lack of comprehension.
2. This may be true for the good old cmd.exe but.. have you tried PowerShell? I've been playing with PowerShell 2 on Windows 7 and found that it leaves little to be desired. It is self-documenting (a-la Emacs). It can be extended using .NET. You can pipe entire objects instead of unstructured text streams. Coming from a strong UNIX background I /am/ impressed and actually think it is way better than a POSIX-compatible shell. I even wrote a couple of scripts  to post-configure my Windows 7 installation in a similar way I do on Linux with Puppet .
7. This is true even for Windows, in my experience. Every time I do a Google search for troubleshooting I am directed to Microsoft's Knowledge Base or the (free) MSDN website.
11. AFAIK, you can uninstall the GUI component on Windows Server 2008 (you will be left with a heavily stripped down GUI, without the usual graphical shell)
12. It may be a pain but at least it is a consistent way to store configuration settings and it is widely adopted as such. Compare it with the plethora of different configuration file formats used on a typical Linux/Unix workstation (Mac OS X being the exception since they seem to consistently use XML-based property lists almost everywhere). Each system has its strengths and weaknesses but I wouldn't call the Windows Registry "a mess".
I don't comment on your other points either because I don't have enough first-hand experience with it (1, 4, 5, 9, 10) or because I partially agree with you (3, 6, 8).
Anyway, it seems that you're a coming from a strong UNIX mindset and that you try to forcefully shoehorn it to Windows (3rd and 4th points), along with (my guess) lack of experience in certain areas of Windows administration (2nd point).
As for me: I was really impressed by Windows 7. Some things I really miss are a decent Window Manager (but this is true of every commercial OS I've ever tried) and a good software management solution (either a decent, standardized, package manager, an AppDir mechanism like OS X or both).
You know there is a fallacy there, don't you? It's perfectly possible to ignore something for decades and still fall in love with it later. I've seen lots of Windows and Linux fanboys fall for OSX and become very annoying in the process.
I can believe you are no Windows fanboy without you presenting credentials.
> [...] I can believe you are no Windows fanboy without you presenting credentials.
You're right. Sometimes I believe it is better to point out where I am coming from (especially when replying to the "anti-something" kind of posts) to avoid to be seen as a fanboy. I always try to be as unbiased as possible. Maybe I'm just being overly considerate.
I come from backend server based mindset and find it difficult to shoehorn the concepts there to a desktop operating system. For no justifiable reason. I still see no reason why I must use Windows on my backend.
I fail to see the need to endlessly shoehorn Windows for all my backend tasks(powershell included) when I can get everything of that in a Vanilla linux installation.
If you say Windows is good desktop operating system, you are correct in your own right. But literally there is no comparison between the UNIX and Windows on the server end.
On the similar lines, there are many things in Windows (like directory share on network, printer settings) which are far more easier to use than on Linux.
That's not exactly correct. Windows NT was designed to compete against Unix in the desktop workstation and non-dedicated server market. It was designed by a team formed mostly by DEC alumni. I call it "the bastard child of VMS" for a reason.
> 8. Unix is open source, its freely available.
Linux and BSD are, but OSX and Solaris are only partially open source and AIX and HP-UX are very proprietary.
> 10. Lack of multiuser login,
I believe Windows servers can currently host more than one user session. I used this with NT TSE and I don't think this feature was removed since the late 90's (when I used it). It may be some idiotic license restriction.
> 11. GUI overhead
Windows' GUI is rather primitive. I can't imagine the resources it consumes are relevant these days. I have seen more sophisticated stuff on Symbian phones.
Yes. Windows XP and Server 2003 Standard allow one local login plus two Terminal Server (remote desktop) sessions. Windows Server 2003 Enterprise and Datacenter Editions allow more (but nobody ever bought those flavors because Standard was so much cheaper.) I'm not familiar with Windows 2008 Server but the policies are probably similar.
The limit of two remote sessions in the regular editions is arbitrary, but was chosen mostly for RAM constraints; the windowing environment for each user plus the tasks they're likely to run will consume a few hundred MB of RAM or more. The advanced editions support RAM beyond the 4 GB 32-bit limit.
I'd say the company you work for has a humongous and probably incurable HR problem. If this is the kind of IT folks they hire, my best advice would be to run away and stay as far from it as possible.
You can also write a very fun book with the stories you probably witness. I'd buy it.
Most of us have worked one or more tech jobs, and HN isn't the source for the assumption that nobody uses Windows as servers. That nobody is far fetched - of course .net shops will most probably be deploying on Windows; for some reasons most of the Java shop do so as well.
But outside that, Linux or BSD is the favored deployment platform. And the OP's argument basically boils down to server vendors can't afford to not boot Linux, not when Linux has a significant market share.
Besides, the server is where Linux matters, not consumer hardware.
- DIY with OEM materials
- Apple :-P
Can you imagine the Anti-Trust problems this would create? Microsoft is still a big fat target for anti-trust lawsuits and this one is pretty blatant.
And if it does happen, while we're waiting for the Justice Department to end it I'm pretty sure the Linux hackers will find a way around it. When there is a will, there is a way.
Does it have to be directly signed by that key, or does it work like the CA system that web browsers use?
> A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux. [ from the blog post rather than the article ]
Which tells us that either systems will not ship with only those keys, or there will be a simple way to disable this ("Press F2 for setup"), or somebody will be getting sued on antitrust grounds (which maybe would be ignored again in the US, but not the rest of the world) and forced to provide a workaround.
I'm sure I'll be able to find unsigned hardware for my personal use, but it's the interoperability that concerns me.
Without a TPM how can the EFI be trusted? You just have to replace it as well as the boot loader and kernel.
* Windows PCs without installation medium
* Windows installation with a full partitition table (four primary partitions)
* (intentionally?) corrupted partition tables
I.e. installing GNU/Linux requires you to resize partitions with a potentially corrupted NTFS file system and/or delete backup partitions. Alternatively the user uses a Windows image file as Linux file system (Wubi) which is slower and a more fragile solution.
== Will not block Linux or any other OS booting. Secondly anti-trust cases would kill MS if they would block any other OS, so they won't.
In two weeks we'll have forgotten all about it.
The only alternative to 'blocking Linux' is 'allowing anything to run', and if manufacturers were happy to allow that, they wouldn't bother with these features in the first place.
I'm sure there'll still be lots of computers that are capable of running Linux - multi-thousand dollar servers and high-end workstations; the kind of computers you buy through your account manager. It seems pretty sensible to block unauthorised OSs on low-end computers — the kind that ship with OS X or Windows Basic, the kind where minimizing support costs is vitally important.
Unfortunately, that's the same market segment where I and everybody I know got their start: taking over an old Windows box and putting Linux to see what the fuss was all about.
I thing mjg's wait-and-see approach is good to do. Not panic yet. But certainly not to forget either - keep an eye out, see how it develops, and be prepared to oppose lock-down through various channels should it come (and hopefully before it is to late).
With such a practice Microsoft is quickly approaching a time when Windows Logo will be perceived like a hot-iron branding of robbers and other criminals in the medieval era.
I doubt it. Whilst I don't mean to belittle the hard work that goes into the hackintosh projects out there, we're talking about a tiny, tiny group of people that probably have an imperceptible impact on MSFT's bottom line.
I'd be more worried about Apple waking up one day and shipping an update that breaks everything.
Could be -- it sounds like a possible "tie-out" (a variation on tie-in). AFAIK There haven't been many tie-out cases, but as antitrust litigator George Gordon  put it a few years back, "The term “tie out” is often used to refer to arrangements in which a license prohibits a licensee from dealing in and/or developing competing, noninfringing technologies. [Footnote omitted] Such arrangements have been found to be intellectual property misuse and could form the basis for an antitrust claim as well." 
If MS were to do something like this, I imagine Gary Reback , its nemesis in previous antitrust battles, would be all over it ....
And who do you expect to pursue this anti-trust?
The US government?
Oh, I didn't realize you were joking! ha ha, funny.
The US government is owned by big corps, MS being one of them. Something really weird has to happen for them to turn against their corporate masters. (And don't compare it to the previous anti-trust case - at the time, microsoft wasn't lobbying and paying, sorry, donating to, politicians from both parties)
My conclusion : A smart vendor will include a signed program that will manage said keys in the BIOS.
I genuinely dispair for people who spend their entire time platform bashing and don't add something constructive to the discussion or tar and feather a side religiously. It paints a very bad picture of the "startup culture" amongst more established organisations.
One more reason to hate MS and want it die everywhere.