Hacker News new | comments | ask | show | jobs | submit login
Microsoft is killing Linux shops with Secure Boot
113 points by gabordemooij on May 5, 2013 | hide | past | web | favorite | 95 comments
Here are some examples (Dutch so I passed the links through Google Translate)




It's now impossible to buy a Linux laptop in the Netherlands. You HAVE to pay for Windows, even though you don't want to use that OS at all.

Seems like we're back to square one. And the worst part is, nobody seems to care. No outcry from the developer community. It's really sad. We don't seem to give a shit about freedom and choice.

Wait wait wait...

So Microsoft demands(!) that all x86 PCs and laptops which are sold in its certification program have to have Secure Boot easily disable-able in the BIOS/uEFI by the end user...

So these Linux-computer companies either buy laptops from manufacturers directly or produce their own, but somehow the laptops they're buying are unable to have Secure Boot turned off even though that is the industry standard and literally what every single laptop retailer's laptops do?

This whole thing makes no logical sense at all.

I totally doubt that anyone is producing x86 laptops where you cannot disable Secure Boot, if for no other reason that it would make these laptops ineligible for Windows/Microsoft certification which consumers care about.

These companies might be going out of business, but trying to tie it to Secure Boot is nonsensical.

Plus on top of everything I just said several Linux distributions now support Secure Boot out of the box. So these companies don't even have to go into the BIOS/uEFI and change the settings, just install Ubuntu like they always have.

So OP: PROVE that Secure Boot is the cause of these companies going under? Or at least explain the logic to it.

Proof: Manufacturers MUST ship with SB turned on - that's why they can't get the hardware. (http://blog.fpmurphy.com/2012/09/lenovo-t430-t530-now-suppor...)

There are costs involved in preparing a Linux system, which makes many manufacturers opt to simply abandon their non-OS/Linux lines.

Also some indirect proof:

* timing: secure boot gets introduced, suddenly all Linux shops here close * M$ has a track record of abusing its monopoly

The enormous number of articles on the web shows turning off secure boot isn't always that easy either:http://www.zdnet.com/2013-installing-linux-on-windows-8-pc-i...

I think it is amusing that your first link shows just how easy it is to disable Secure Boot, disproving the point you were trying to make by linking it...

Also if you click through to the "Windows Certification Program" you'll find this Microsoft requirement (for the Windows 8 logo program):

> Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv. A Windows Server may also disable Secure Boot remotely using a strongly authenticated (preferably public-key based) out-of-band management connection, such as to a baseboard management controller or service processor. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure Boot must not be possible on ARM systems.

So your links are really hurt you a lot here.

> The enormous number of articles on the web shows turning off secure boot isn't always that easy either:http://www.zdnet.com/2013-installing-linux-on-windows-8-pc-i....

That article doesn't say what you claim it says. In fact it says quite the opposite.

It lists several distributions which work "out of the box" with no modifications to the system at all. It then goes on to talk about disabling Secure Boot.

It does quite correctly whine that you cannot install Windows on Surface RT hardware, which is a valid complaint, but outside the scope of this thread.

Manufacturers MUST ship with SB turned on

Yes, Win 8 won't boot without it. You can disable the feature in the BIOS if you are going to install a different OS.

Windows 8 does boot without secure boot enabled.

Sorry for spreading misinformation, I was under the impression it was an install-time setting. After a little Googling it appears you are correct.

> "So Microsoft demands(!) that all x86 PCs and laptops which are sold in its certification program have to have Secure Boot easily disable-able in the BIOS/uEFI by the end user..."

You say "easily disable-able" but that's not the case. The process of disabling SecureBoot is anything but easy, and it's undocumented.

On my motherboard I go:

Security (tab) -> Secure Boot -> Disabled -> Save

And it is documented. It is right there in the manual. This is an ASRock motherboard produced in the last few years.

It literally is as complicated as turning on and off the internal sound or networking, or switching on USB legacy mode.

PS - This web-site shows a different ASRock motherboard with the same-ish setup: http://www.eightforums.com/tutorials/17058-secure-boot-enabl...

My experience has been: Enter uEFI > Navigate to Security > Select SecureBoot > Disable

What has your terrible experience been and on what model of computer?

Why on earth you you say that? Its just a bios setting. OK, may be average non techie person might be scared of bios settings, but if they are, there is literally no way they would or should be trying to replace Windows with Linux.

"The process of disabling SecureBoot is anything but easy, and it's undocumented"

Making things up does not somehow make your argument more convincing, it reflects poorly on you for anyone who actually uses a laptop/desktop with uEFI. If an end-user knows how to get into a BIOS, they can find the plain-text labeled option to disable.

I have a ASUS machine, I want to install Fedora from USB (but it does not work with UEFI)

Can you tell me how to disable it? I tried everything, and it did not worked...

Yes, the BIOS does have a option to disable secure boot there, but even using that option, secure boot still stays active and refuse to boot anything unsigned.

Having worked at (and briefly managed) a local computer store, then a big box store, it's a brutal business. In the small store we made all our money on service: selling recycled commodity boxes was a way to get traffic through the door, so you could fix them later. A few high-end builds were the highlight of my year, but they were few and far between. We considered offering Linux, but:

- It used to be that most technical people ( and some non-technical) would buy desktops. You can sidestep the Windows tax and attendant issues by building a desktop (from parts you know work well with Linux), and maybe hit a competitive price in the high end. Now that desktops are a tiny sliver of the market, these stores are enslaved by OEMs, reboxing existing laptop designs.

- Starting from the same wholesale price, Linux resellers 'add value' by installing Linux. But this value-add isn't really apparent to a large enough audience - there isn't enough public awareness, and people aren't willing to pay a premium. Especially if they're competent enough to install Linux themselves. In my experience people expect ANY OS to be free; when we used to try and sell Win XP as an upgrade (over 2K), people were aghast that the software cost money.

- People want free support if you sell them on Linux. If they nuke the system, you either scare them off with your hourly service rate, or you eat the cost of the labour and go broke.

- So the vendor either charges a higher sticker price and doesn't sell many, or eats the labour cost for developing Linux support, fixing and reboxing laptops and tries to make up the tiny (or even negative) gross margin on volume.

When I moved to a bigger chain store, they subsidized the low-margin laptop market by aggressively pushing house-brand accessories: cables, cases, blank media, printer ink. These small stores are typically much less aggressive about selling high-margin commodities along with a system (it's harder to do with less capital, space and by mail).

So it isn't a problem of freedom and choice. It isn't a problem of Microsoft crushing little independents (not consciously). The computer business is very hard to do well at small scale, and you should expect that on a medium time-scale most will die. This is only exacerbated by the rush to laptops, then tablets and smartphones, where it's impossible to differentiate.

There are two separate but correlated issues.

1) SecureBoot on WART (windows on ARM) 2) SecureBoot on x86/64

The first issue (WART) is easily explained. Microsoft stipulates that ARM vendors may not accept any other operating system than Windows to run. This is a case where one company (Microsoft) colludes with other companies (Asus etc.) to create a product that is closed to the competition.

The second issue (x86/64) is more nuanced. Microsoft stipulates that other OSes need to be able to run on these devices. However to do so one has to obtain a boot key from microsoft. The bios mechanism to restrict boot also has to work. There are a couple issues with this: 1) microsoft so far has issued barely any secure boot keys 2) Obtaining a secure boot key costs money 3) Microsoft can revoke those keys at any time 4) The implementation of secure boot on some devices is hardcoded to windows and won't work otherwise

Both topics are not a "market issue" because there are multiple companies involved, many of which are monopoly holders in an area or other. Dell/HP/Asus etc. are monopoly holders to personal computing hardware. And Microsoft is a monopoly holder to personal computing operating systems. When you get multiple monopoly holders banding together forming one company, you are talking of a syndicate. Syndicates are explicitely forbidden to be formed under monopoly laws. Thus Microsoft and its OEMs are in deep shit, at least in theory.

  | Dell/HP/Asus etc. are monopoly holders to
  | personal computing hardware
Doesn't the mono- part of monopoly make this statement a little shakey?

> Microsoft stipulates that other OSes need to be able to run on these devices. However to do so one has to obtain a boot key from microsoft.


Microsoft stipulates that other OSes must be supported AND that Secure Boot must have an off-switch in the BIOS/uEFI.

Secure Boot has three "modes:"

- Use my built in keys (aka Microsoft signing only).

- Use user supplier keys (aka Custom Mode).

- Off

Only Microsoft-mode and off-mode are relevant to this discussion, because outside of government entities it isn't viable to produce and distribute custom keys.

There are a lot of wrong statements in your post.

>Microsoft stipulates that other OSes need to be able to run on these devices. However to do so one has to obtain a boot key from microsoft.

No, Microsoft stipulates that the secure boot should be able to be disabled without needing to obtain a boot key from Microsoft. In fact you can install your own personal key and remove Microsoft's to prevent Windows from booting.

>The implementation of secure boot on some devices is hardcoded to windows and won't work otherwise


>Dell/HP/Asus etc. are monopoly holders to personal computing hardware

If there are multiple companies in the market with comparable market share, by definition they are not monopolies.

Microsoft doesn't sell laptops to OEMs, and none of these companies is buying anything from Microsoft, so I don't see what Microsoft has to do with it. If they have lost their original supplier, for whatever unstated reason, there are dozens of Asian white box PC makers who will ship whatever you like, at low prices....

Perhaps the market is just too small to make financial sense, or these Dutch shops have no money.

I used the Wayback machine to have a look at the products and the results are not too exciting. For example, a year ago, the 1.9kg Mingos LT-13-2 laptop had a 1.3GHz Pentium, 2GB of RAM and a 160GB hard drive for €540.00 ($708) with Ubuntu.


I can't see how any rational person would buy that, even if they were totally clueless, rabid anti-Microsoft fanboys. It's not like installing Ubuntu is hard ...

This whole thing makes no sense.

You can still buy a Dell XPS 13 with Ubuntu via dell.nl or an OS-less laptop via BTO.

> http://linuxcomputers.nl/

They don't appear to even mention secure boot as the reason, but pricing, margin and lack of interest, both from consumers as from vendors.

The thing is, high-end laptops used to be one expensive option among many before the whole SecureBoot thing.

You had a choice.

That choice has been killed. High-end laptops are now the only option if you want freedom, and that's not an accidental thing, it's by microsoft's design.

I'm failing to see why disabling Secure Boot on a lower-end laptop before installing Linux isn't a viable option here?

Of course, being able to have it ship disabled by default is ideal, but for the HN crowd and for Linux shops, disabling Secure Boot in BIOS/EFI is trivial.

What about people who want to dual-boot?

What about them? It remains trivial to dual-boot.

Dutch here. These vendors have all run into the same problem; their Dutch distributor is no longer able/willing to sell them laptops without Windows 8 preloaded and they haven't found an alternative distributor.

Previously they could buy branded laptops (HP, Lenovo, and such) without Windows. Consumers can already buy such laptops with Windows, and then install Linux on them. These shops made it possible to buy laptops free of Windows, so without having to pay "Windows-tax".

Hettes.nl have received an outpouring of support and have started a petition with the intent to get this practice of product tying discussable in the Dutch House of Representatives and in a well known Dutch consumers' rights television show, and raise awareness of this to the European Union.

They write (my translation):

"At this moment we are receiving many comments about the stopping of Hettes.nl, also on the Internet we are mentioned multiple times and many visitors of Hettes.nl are disappointed that we are stopping. Because of these comments we want to start a petition to make the Dutch government and the European union see that this product tying should stop and that it should be possible to buy computers (any brand) without Windows. So that we can offer computers without Windows to consumers that prefer other operating systems!"

The petition is the link in the last paragraph on this page: http://www.hettes.nl/hettes-stopt

Edit: added translation of Hettes.nl paragraph about their petition.

Not exactly a solution to the troubling issue, but System 76 assembles wonderful linux machines and they ship to the Netherlands.


Cool, finally someone with a real solution. My next machine will probably a System76 then.

I really did not know what to do. I simply refuse to pay for an OS I really don't want.

My only option seemed to buy a Loongson, but that would make me incompatible with the rest of my team:


Asus also sells Linux systems via Amazon in Germany, that is how I got my netbook with an AMD Brazos CPU.

The only issue is that they only do it occasionally with a limited set of units.

For appropriate values of ‘wonderful’. But I guess if one pays 1500+ € for a computer, an extra 100 € for Windows is not all that important.

So, even if I hate MS and did not use their product, I still need to pay to support MS to be even more evil next time.

I see it as a slight annoyance that comes bundled with this wonderful trackpoint. Really, my point was that this is a major issue if the system costs 500€, but about two thirds less important if it costs 1500€.

Yes it's important. I don't want to pay for something I don't want.

The question is (a) how much extra are you willing to pay for not having Windows pre-installed. Does $100 - $200 sound reasonable? And (b) how many other people share your view?

You are welcome to make your own personal demands on the market only if you are willing to pay for them, or in this case, if you can find many thousands of other people also willing to pay the price.

It's pointless just claiming a "right". You have no rights. You can't force anybody to supply what you want except by enabling the supplier to make a profit. As it is, you're expecting them to make a significant loss.

It's not just a question of removing Windows (or whatever OS you have installed for burn in and testing). There's the huge cost of qualifying parts for a different operating system, the extra tracking and stock-keeping costs, extra advertising and marketing costs (that will reflect the small number of units shipped), and the high cost of supporting Linux.

Since any 157 Linux buyers typically want at least 57 different versions of Linux, and a fair few want to dual boot because they actually do use Windows (for games, iTunes, whatever), the whole idea is a non-starter....

Ouch. $112.68 shipping to Europe.

There no outcry because what you've shown is a market issue that has nothing to do with secure boot or Microsoft.

I am not sure that is fair; the websites above mention that they can no longer purchase laptops without a Microsoft license, which hurts their ability to remain profitable.

Ie at one point you could argue that if you didn't like AT&T, then the market would create a viable alternative. It never did, and was broken up as we know the free market does not solve everything.

In this situation, you could argue the market would create a viable alternative, but Microsoft has a consistent track record of influencing the market monopolistically.

It's just the market that has gone in this direction.

As mentioned previously, it used to be the case that you could make a living off of making custom PCs and selling them for a premium. You can still actually do this, charging for a 15% premium or something like that, and make a part time job out of it. But then you have to provide services such as overclocking and water-cooling. Back in the days of XP and Vista, all you had to do was assemble a system from OEM parts and sell it. You could offer higher quality parts + a Windows OS + better performance/price ratio and still be profitable because the system you made would still be cheaper than a pre-built computer.

The thing that has changed is, as I said, the market. You can't do that anymore because the margins are prohibitively small. You need to buy in bulk and sell in bulk to make any kind of money.

But that's not an issue with Microsoft or this secure boot thing, that's just the way that prices have changed in the market. A lot of companies can no longer afford to sell systems without the extra money from MS sales and the bloatware. It was never all that profitable to sell Linux machines to begin with, and it's even harder now. But it's still possible. It's just that you have to sell huge numbers of them, more than before, in order to stay afloat.

Another thing that you have to take into account is that it's a niche market to begin with. Most people who enjoy Linux also know how to manage it, know how to assemble a computer, and would prefer to set up the software/hardware themselves rather than have a company do it for them.

I could be wrong in some of what I have above but that's my understanding of this whole issue.

Unfortunately, none of the websites says why suppliers X, Y and Z, who used to sell them laptops without Windows, will no longer supply them with laptops without Windows, if that is the case. (There's no evidence that it is.)

Also, none of the websites says why they can't just buy their laptops directly from Chinese white box PC suppliers. Am I supposed to believe it's cheaper to buy them via another European company that actually buys them from a Chinese white box supplier? Really?

Microsoft's record of trying to influence the market dates from around 1992-95, and it spent the 2000's under close judicial control, so your fact-free monopoly assertion doesn't carry a lot of weight now.

Either way, Apple has conclusively demonstrated that the market certainly will support a viable alternative -- and one that commands huge profit margins. This doesn't mean suppliers of crappy low-spec/high-priced Linux laptops are entitled top a free lunch, or that politicians should interfere with the market to prop up their failing businesses.

>the websites above mention that they can no longer purchase laptops without a Microsoft license.

OK, but what does that have to do with secure boot?

"the websites above mention that they can no longer purchase laptops without a Microsoft license, which hurts their ability to remain profitable"

None of this has anything to do with Secureboot.

"In this situation, you could argue the market would create a viable alternative"

So blame the OEMs for not viewing the Linux-using crowd as a viable market. Target the persons who see you as unprofitable.

Of all the vile things Microsoft has been doing to suppress superior competition to their inferior products, this must be one of the vilest. It's absolutely disgusting.

I don't quite understand from those links how Microsoft does that, what is Secure Boot, what are Linux shops and what does Microsoft do to kill them?

If you haven't been following this story as it developed over the past year and a half, microsoft corporation has leveraged their existing dominant position in the desktop OS market and mandated that OEMs include microsoft's encryption key in their motherboards, to the exclusion of all other encryption keys, as a prerequisite to their logo certification program.

What is sad though is that antitrust regulators worldwide have looked at this practice and saw nothing wrong with it.

You forget to mention that secure boot can be disabled. And that there are Linux distributions that can handle secure boot.

To quote the Linux Foundation: "Linux and other open operating systems will be able to take advantage of secure boot if it is implemented properly in the hardware. This document is intended to describe how the UEFI secure boot specification can be implemented to interoperate well with open systems and to avoid adversely affecting the rights of the owners of those systems while providing compliance with proprietary software vendors' requirements." http://www.linuxfoundation.org/publications/making-uefi-secu...

> "You forget to mention that secure boot can be disabled."

Correct. But the steps to do so vary wildly from motherboard to motherboard and are not documented anywhere.

In fact, one of the things HispaLinux requested is that OEMs provide clear documentation of the technical steps required to disable SecureBoot.

Yes, I agree (although you cannot really blame Microsoft for this). But, to be honest, someone who is able to install Linux should also be able to roam through the Bios (which he/she should do anyway to check the settings, e.g. confirm the boot sequence). Plus, as far as I understand it, Linux can actually profit from secure boot, right?

You responded to:

  | what is secure boot

  | microsoft corporation has leveraged their
  | existing dominant position in the desktop OS
  | market and mandated that OEMs include microsoft's
  | encryption key in their motherboards, to the
  | exclusion of all other encryption keys, as a
  | prerequisite to their logo certification program.
If I did not know what SecureBoot was, I would still be in the dark.

I don't understand. This seems multiple times worse than the previous things Microsoft has been fined for so how can they see nothing wrong with it?

1. It's actually trying to solve a real issue (viruses installing themselves in the boot loader so that they load before the operating system).

2. EFI Secure Boot was designed to allow for multiple keys, not just the 'one true Microsoft key.'

3. It's the OEMs that are creating crappy implementations, and not documenting how to disable Secure Boot. These are not things (at least officially) mandated by Microsoft. [Though one could make an argument that Microsoft should mandate that these things be documented instead of just stating that 'the ability to do X should exist.']

In future Organizations want us to "Root" our PC's, huh? We didn't complain enough, we accepted that our vendor-locked Smartphones had to be rooted, to become free. Our freedom is getting hand-cuffed slow enough, that the spoilt Slave of the industry doesn't revolt, but fast enough to raise profits for the supporters of this party.

My words in your ears, dear friends. We have to stop the engine of slavery, the software that limits our hardware, it will limit our horizon when we allow it mature and manifest itself within our technology. Viva Freedom!

No, you just head into the UEFI Bios and turn secure boot of. No rooting required here (besides its not being the right phrase).

Unless you are on ARM, and only for now.

Agree, sorry, should have mentioned that I mean the X86 plattform.

Sure, but ARM is going to be more and more common on low-end computers. Even if the ability to disable these restrictions on x86 is still available in five or ten years -- and I am not so confident that it will be -- it will not matter for people who cannot spend more than $500 on a computer.

Are you saying that WindowsRT will totally take over the ARM market and kill Android?

No, I am saying that much of what we now think of as the "x86 market" will be taken over by ARM. Cheap desktops and laptops are not going to stick with x86 forever, but there will still be demand for desktop and laptop form factors and there will still be demand for Windows.

Fedora’s Matthew Garrett explains his position very good. The "UEFI Forum", which controls the Standard, is made up of computing industry representatives including Microsoft, Apple, Intel, AMD, and a handful of computer manufacturers.

http://mjg59.dreamwidth.org/12368.html This a more technical perspective: http://www.rodsbooks.com/efi-bootloaders/secureboot.html

The day people start doing more than watching youtube videos with their ARM computers is certainly a possible future. Smartphones are becoming a stronger selling factor than the PC industry. We all agree that the future is mobile and everbody is betting on this future.

Although not a BIOS disadvantage per se, switching from EFI mode to BIOS mode requires re-installing your OS(es), or at least reconfiguring their boot loaders.

I myself will boycott the evilest MS and will not buy anything associated with MS from now on.

Secure boot is evil until we can provide our own key. Even if GNU keys are permitted, it is still bad enough.

You can provide your own keys, at least on some motherboards. Here is the screenshot from my motherboard's bios:


I bought my high end Ubuntu laptop from System76 (1) but the international shipping is horribly expensive (north of $100). I'd hope there would be regionally more distributed dedicated Linux hardware shops. Well, maybe this will happen when things get worse?

[1] https://www.system76.com/

Politicy makers are dumb. They took ages to resolve an issue such as availability to choose the default browser on an operating system, yet, in their closed world of waiting for their retirement checks, they, and their fault of ideals in their confortable sofas do no address the :

simple issue of hardware and operating system separation.

Because responsible citizens should be making those decisions, not "policy makers".

Unfortunately, in market-driven cases like this the decisions are being made by the middle of the bell curve. And we know what that means:


Run Linux on your iPad or iPhone then. Oh wait.

It's different. Apple and microsoft can do what they want with hardware/software bundles that they build themselves. That's why noone complains that those surface products are locked down, it's because microsoft manufactures them. Consumer harm comes into play when microsoft leverages their existing desktop OS monopoly to twist OEMs' arms into including an encryption key that OEMs gain no direct benefit from.

>That's why noone complains that those surface products are locked down, it's because microsoft manufactures them

The Surface Pro is not locked down. You can even remove Microsoft's key and stop Windows from booting and install Ubuntu's key or your own.

>Consumer harm comes into play when microsoft leverages their existing desktop OS monopoly to twist OEMs' arms into including an encryption key that OEMs gain no direct benefit from.

The OEMs benefit is that their customer's PCs are not vulnerable to undetectable rootkits as soon as they get on the internet and get hit by a Java, Flash exploit or download a fake codec or toolbar. Interesting how no one seems to talk about benefits of secure boot to real users in this discussion.

> "Interesting how no one seems to talk about benefits of secure boot to real users in this discussion."

Look, microsoft should be working to fix their software instead of leaving it as it is and instead making life miserable for those who want digital freedom.

"microsoft should be working to fix their software"

This is how they are working to fix their software.

I don't see how any computer can be flexible enough to be a general purpose PC with full freedom of customization and at same time be invulnerable to viruses and bootkits

The only way to make an OS more secure is iOS style DRM walled garden sandbox lockdown.

If what you say is true, why are Android, OS X and even Linux susceptible to viruses and rootkits? For example, Java, Flash and Adobe Reader PDF exploits are all the rage now, and OS X and Linux are as vulnerable to them as Windows is.

Here we go again, just like last time with lots of FUD. I read through the links in the post and they're completely devoid of any details.

First, I completely fail to see what this has to do with Secure Boot. If you're a System Builder and you're able to install Linux but are unable to turn off a checkbox in the settings, then you're a shitty system builder and deserve to have your business shut down.

Second, I completely fail to see what this has to do with Windows 8. The main complaint seems to be that the big OEMs are not shipping laptops without Windows being already installed. Wasn't this true with Windows 7 too?

It looks like the magic words "Windows 8 Secure Boot" were included in the headline and post only to gain HN karma points.

If you're a business and want laptops without an OS, you need to go to the ODMs like Clevo, Compal, Asus, MSI, Quanta, Wistron, Mitac, Arima and Invente. http://en.wikipedia.org/wiki/Original_design_manufacturer

They will happily sell you laptops in bulk without an OS installed. For example http://www.system76.com does exactly that.

Looks like the computer shops linked seem to just want Lenovo to sell them bare laptops so they can skim a profit by just loading Linux on them and then selling them for a higher price. Guess what, Lenovo doesn't want to increase their costs by creating a separate assembly line process which won't make them any money.

Asus sells barebones laptop kits if I am not mistaken.

It's interesting how yelling "OMG WINDOWS 8 SECURE BOOT!!!" gets you a lot of karma here even though it has nothing to do with the issue at hand.

The user is in control of the PC. They can load any key they trust or roll their own personal key and even remove Microsoft's key to prevent Windows from booting on their computer.

I don't see why tens of millions of PCs used by non-technical people should be susceptible to undetectable rootkits out of the box just to appease some stupid system builders who can't find the setting to turn it off in the BIOS menu.

> "If you're a business and want laptops without an OS"

No, I'm a consumer who wants the same variety of laptops/specs/price points that are sold with windows eight preinstalled, to be available without microsoft's contraptions, be they operating systems or encryption keys.

microsoft doesn't want me to have that choice, and this is the topic at hand, and by the way, you should consider sticking to the topic at hand.

Easy: buy a Mac.

If there was a viable market of people willing to pay an economic price for a Linux laptop then there would be companies to provide them. Several have tried. Some are still trying (eg Dell) though it's hard to make money selling to cheapskates.

As it is, whatever Linux market there is depends on the economies of scale created by the Windows market. You're saving far more money thanks to Windows than you would ever pay for Windows licences.

Why on earth would I buy a Mac if I am looking for a Linux machine trying to avoid paying for something I don't use. Does it make me a cheapskate if I don't want to pay the Windows/Apple tax? I would have no problem spending let's say $1500 for a decent Linux latop: one with certified hardware, a penguin key (instead of a Windows key), a pre-installed Linux distro and no secure boot nonsense.

Often times, due to Microsoft co-marketing funds, "desktop real-estate" (trial-ware installs), and some other things - that end up offsetting the OEM's costs - you're actually paying less for a system with Windows installed then you are for a system without an OS installed. So the cost issue is mostly a non-issue, as to maintain the same profit margins the OEM will sell the non-OS system at a higher price.

This is especially true for "basic" systems, were they sell them at almost cost price... As OEMs make all their profits on upgrades and higher spec systems that they can sell at a markup.

Sense of humour failure?

He didn't say he wanted a Linux machine, he said he wanted one without "windows eight preinstalled".

Otherwise, you're free to spend $1,500 on a decent Mac or Windows laptop and install your distro of choice....

Linus uses a Mac laptop, doesn't he?

Just because somebody prefers free/open-source software doesn't make them a "cheapskate"

In theory, you're right. However, in reality, the sort of people who whine about paying $20 or less for a bundled copy of Windows are generally not in the market for PCs that have a viable profit margin. This is one of the things that kills would-be Linux companies (though here are others).

You're welcome to point me to the evidence for a large group of open source enthusiasts shopping for high-margin laptops.

I don't think that's the case. The argument, as I see it is:

In order to buy a product from company X, which I like and want to use, I'm also required to give money to company Y for a product I do not like and am not going to use. I don't want to reward company Y for making a product I do not like, and I am angry company X has made a business/marketing deal that means I can't get its product without rewarding company Y.

As others have pointed out already, PC makers get most of their profits at the low-end from bundling. I'd rather pay the same price with no bundled crapware and no bundled OS because dislike crapware and I dislike Microsoft's current operating systems and I do not want the companies that made them to get my money.

It's more complicated than that. See my earlier answer: https://news.ycombinator.com/item?id=5659110

In any case, you're not buying two separate products, you are buying one, integrated product. The thing you think you want does not exist. No OEM says "Hey, I'll make a laptop and then decide which OS to load." Their business is making Windows laptops. If they were designing, qualifying and building Linux laptops, they'd have to charge you a lot more, and you wouldn't pay it. That's why no one does it.

The problem is not about high-margin / low-margin laptops at all ... it is simply linked to the terrible Linux popularity :

I am at my third Sony Z laptop (~2k to ~3k laptops). Every time, the first thing I did with them was to dump the original windows partition and install linux . The "windows tax" on them were negligible and did not impact my choice at all, so would Sony do anything for people like me ? Of course not except if a competitor would produce a successful similar hardware with Linux on it, and that doesn't happen because people don't show interest for linux.

Yes, fair point. However, some widely known attempts to sell Linux hardware have been based on low price points. Early netbooks (which still seem to be popular with Linux users) and the Wal-Mart machines are examples. Correct me if I'm wrong, but I haven't seen anyone having a go at the Sony Z level...

Nice strawman. Not wanting to pay thousands of dollars for a PC does not make someone a "cheapskate".

Outside of the US Dell won't sell you a laptop with linux or no OS. I tried enquiring in th UK about the ultrabook that's on sale with Ubuntu in the USA and was told no, no chance. This was a business enquiry too, not just consumer.

It was a few months back so I guess it could have changed.

I purchased the Dell XPS developer edition here in DK 2 months ago. While it's under "small business", you can buy it as a private person (the only downside is a stream of annoying small business email ads until they acknowledge your unsubscription). Here it is on the UK site: http://www.dell.com/uk/business/p/xps-13-linux/pd

That's changed recently then. I'd still like it if they would sell you any of their stuff without windows. I don't even need a discount, I just don't want to pay MS for a machine that won't be running their OS.

Last time I checked, Germany is outside US.

And are dell/ubuntu laptops available there? In which case you are privileged. Couldn't get one here.

I am a consumer and I want an iPad without the cost of iOS so that I load Android on it. Also, I want a cheap sushi restaurant near my home with hot waitresses. Just because you want something doesn't make it happen. There needs to enough of people like you in the market for business to serve it.

There have been a lot of Linux OEMs over the years. e.g. http://en.wikipedia.org/wiki/Geeknet

Walmart was selling Linux PCs. If there was demand they would've thrived. There are some like System 76 and the new Dell Ubuntu ultrabook.

The OEMs are barely making money as-is. Without the crapware they install their profit is much much less. http://www.tuaw.com/2013/04/17/apple-sells-5-of-pcs-world-wi...

Any time I've seen someone large or mainstream try to sell Linux PCs, their marketing and sometimes their choice of distribution has been bizarre.

At the low-end, they've usually used some no-name distribution with nonstandard components and a skin that looks just like Windows at first glance. I think making it look like Windows is probably the worst thing they could do for user comfort; regardless of looks, they'll eventually run in to something that doesn't work like Windows. The experience is less jarring if it looks different from the start. Getting help from technical friends and relatives is definitely easier if it looks, feels and works like a popular distribution.

The low-end Linux machines usually aren't cheaper than Windows, and little explanation of the advantages that might matter to that market segment can be found in the marketing materials for such machines. The advantages as I see them are easy access to a large amount of free, safe software through the distribution's repository, and reduced maintenance relative to Windows; it doesn't become slow, get malware, etc... if you just use it without messing with anything.

There have been some really puzzling decisions at the high-end too. Dell's Ubuntu developer machine having the lowest available screen resolution comes to mind. Usually, when large computer manufacturers offer professional machines with Linux, it's hard to find them. There's usually a "customize this model" page that offers a choice of OS - any of several versions of Windows. The Linux versions are treated as separate products and not listed where the standard models are. People only find them if they're actively looking.

It almost seems like these ventures were set up to fail so PC manufacturers and/or Microsoft could say "Look. We keep trying and nobody buys these things.".

I'm with you. HispaLinux did send a memo to their local EC office, but the official position in Brussels seems to be that there's been no breach of law.

Speaking for myself, I sent a private e-mail to Neelie Kroes saying that I support the position of HispaLinux and that I regard it as an anticompetitive, exclusionary practice for there to be only microsoft's encryption key by default on all new motherboards, to the exclusion of say the GNU/Linux community's key.

But there's only so much one private e-mail can do.

> I sent a private e-mail to Neelie Kroes saying that I support the position of HispaLinux and that I regard it as an anticompetitive, exclusionary practice for there to be only microsoft's encryption key by default on all new motherboards, to the exclusion of say the GNU/Linux community's key.

The whole problem is that there is no "GNU/Linux community's key" because no one is stepping up to provide it. The big OEMs had already told Red Hat that they're willing to include the community's keys so I fail to see the "anticompetitive, exclusionary practice". Microsoft does not mandate that only its key should be included by default on all new motherboards. The OEMs are free to include any other keys.

Who do you trust to maintain a GNU/Linux community key? The Free Software Foundation, which takes an extreme position that even excludes Fedora? The Linux Foundation, which talks about compliance with proprietary vendors' requirements? Linus Torvalds, who takes no issue with TiVO?

There is no single vendor I trust with the decision about which distro's bootloaders can be signed. I only trust the distro I am using, and only because I can switch to another distro at will (which I have done three times since I began experimenting with Linux all those years ago). That is the problem with the UEFI design: it does not let me, the user, decide who to trust, unless I am technically adept enough to install custom keys (I personally am, but even a lot of people at the local LUG and 2600 meetups are not).

What we really need a system that allows me to install whatever OS I want, and allows that OS to optionally enable bootloader signing with its own key. I should be able to hit a button while booting up to enable a special "OS installation mode," which will boot from a USB device or a DVD to install an OS. During that process, the OS installer can load keys for bootloader signing. The user should always be able to install the OS of their choice, and should not have to rely on Microsoft or anyone else to "approve" a bootloader, OS, or anything else.

In Turkey's laws you can not sell a product with combining another product in same label. Computer is a product and software is another product. Hence you can not sell them under same label according to laws. But they selling computers by combining with M$ licenses. Some of my friends had to seek to justice but as you expect they can not take their money back.

The winner is always who has the big money. They don't need to put an encryption key in motherboards. They do this f.cking shit already without key.

In all fairness, I don't think secure boot has the IT pros in mind. It targets the vast majority of IT users who have no clue at all and install every crap they can find on their systems. I recommend you take a look at this document by the linux foundation. http://www.linuxfoundation.org/publications/making-uefi-secu...

> In Turkey's laws you can not sell a product with combining another product in same label.

Do you have a source for this? I can't find any.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact