subject:"FSF Campaign against Microsoft's Plan to Enforce Secure Boot"

FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-23 Thread Shlomi Fish

Hi all,

The Free Software Foundation started a campaign called “Stand up for your
freedom to install free software!” about Microsoft's plan to enforce “Secure 
Boot” in the installations of Windows 8, which will prevent people from being 
able to boot into GNU/Linux, one of the BSD variants, or other operating 
systems. You can sign it here:

http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement

More information can be found at:

http://linuxhelp.blogspot.com/2011/10/fsf-campaign-against-secure-boot.html

Regards,

Shlomi Fish

-- 
-
Shlomi Fish   http://www.shlomifish.org/
Apple Inc. is Evil - http://www.shlomifish.org/open-source/anti/apple/

  VB.NET is all of the fun of enforced privacy OO with all of the power
of BASIC.   — Freenode’s #perl

Please reply to list if it's a mailing list post - http://shlom.in/reply .

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-23 Thread geoffrey mendelson



On Oct 23, 2011, at 12:28 PM, Shlomi Fish wrote:


The Free Software Foundation started a campaign called “Stand up for  
your
freedom to install free software!” about Microsoft's plan to enforce  
“Secure Boot” in the installations of Windows 8, which will prevent  
people from being able to boot into GNU/Linux, one of the BSD  
variants, or other operating systems. You can sign it here:


http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement



It's pure FUD.
"we are concerned that Microsoft and hardware manufacturers will  
implement these boot restrictions in a way that will prevent users  
from booting anything other than Windows."


Not that they are, or saying they will, or even hinted they will.

The FSF is struggling to regain some semblance of public support after  
RMS's disastrous FSF boycott of Israel and his comments about Steve  
Jobs. Do the world a favor and let the FSF die with dignity, instead  
of being remembered as a bunch of racist FUDslinging lunatics.


Geoff.

--
Geoffrey S. Mendelson,  N3OWJ/4X1GM
My high blood pressure medicine reduces my midichlorian count. :-(














___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-23 Thread Ori Idan

Unfortunately this is not FUD at all, it was reported by a Red-Hat employee
and was not denied by Microsoft.

See:
http://www.theregister.co.uk/2011/09/21/secure_boot_firmware_linux_exclusion_fears/

-- 
Ori Idan


On Sun, Oct 23, 2011 at 1:06 PM, geoffrey mendelson <
geoffreymendel...@gmail.com> wrote:

>
> On Oct 23, 2011, at 12:28 PM, Shlomi Fish wrote:
>
>>
>> The Free Software Foundation started a campaign called “Stand up for your
>> freedom to install free software!” about Microsoft's plan to enforce
>> “Secure Boot” in the installations of Windows 8, which will prevent people
>> from being able to boot into GNU/Linux, one of the BSD variants, or other
>> operating systems. You can sign it here:
>>
>> http://www.fsf.org/campaigns/**secure-boot-vs-restricted-**boot/statement
>>
>
>
> It's pure FUD.
> "we are concerned that Microsoft and hardware manufacturers will implement
> these boot restrictions in a way that will prevent users from booting
> anything other than Windows."
>
> Not that they are, or saying they will, or even hinted they will.
>
> The FSF is struggling to regain some semblance of public support after
> RMS's disastrous FSF boycott of Israel and his comments about Steve Jobs. Do
> the world a favor and let the FSF die with dignity, instead of being
> remembered as a bunch of racist FUDslinging lunatics.
>
> Geoff.
>
> --
> Geoffrey S. Mendelson,  N3OWJ/4X1GM
> My high blood pressure medicine reduces my midichlorian count. :-(
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> __**_
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/**mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-23 Thread Tzafrir Cohen

On Sun, Oct 23, 2011 at 01:11:01PM +0200, Ori Idan wrote:
> Unfortunately this is not FUD at all, it was reported by a Red-Hat employee
> and was not denied by Microsoft.
> 
> See:
> http://www.theregister.co.uk/2011/09/21/secure_boot_firmware_linux_exclusion_fears/

The said RedHat employee is Matthew Garret. Here is the latest from him
about the issue:

http://mjg59.dreamwidth.org/6503.html

Specifically while the UEFI secure boot specification allows the option
of accepting custom boot loader at startup (prompting the user to
authorize it), Microsoft's requirements for Windows 8 compatibility
forbid this.

There are some reasonable technical reasons for not allowing this (it
is indeed not unlike the prompt for a self-signed SSL certificate in a
web browser). But then if we follow this analogy, we'll be left in a
world where Microsoft practically signs all certificates. If this would
happen on the web, it would be a bad thing as well.

(I suggest you actually read those links and don't comment only based on
my over-simplistic message)

BTW: I believe ChromeOS relies on a similar "secure boot" mechanism,
though those devices are supposed to have a switch (BIOS setting or
whatever) to switch to an "insecure mode".

-- 
Tzafrir Cohen | tzaf...@jabber.org | VIM is
http://tzafrir.org.il || a Mutt's
tzaf...@cohens.org.il ||  best
tzaf...@debian.org|| friend

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-23 Thread Amos Shapira

On 23 October 2011 22:06, geoffrey mendelson
 wrote:
>
> On Oct 23, 2011, at 12:28 PM, Shlomi Fish wrote:
>>
>> The Free Software Foundation started a campaign called “Stand up for your
>> freedom to install free software!” about Microsoft's plan to enforce
>> “Secure Boot” in the installations of Windows 8, which will prevent people
>> from being able to boot into GNU/Linux, one of the BSD variants, or other
>> operating systems. You can sign it here:
>>
>> http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement
>
>
> It's pure FUD.
> "we are concerned that Microsoft and hardware manufacturers will implement
> these boot restrictions in a way that will prevent users from booting
> anything other than Windows."
>
> Not that they are, or saying they will, or even hinted they will.

I didn't follow the detail but a few weeks ago this made a noise on
Slashdot and as far as I'm aware Microsoft issued a statement which
calmed down the activists and it became a none-issue. I didn't follow
it closely so I might be wrong.

>
> The FSF is struggling to regain some semblance of public support after RMS's
> disastrous FSF boycott of Israel and his comments about Steve Jobs. Do the
> world a favor and let the FSF die with dignity, instead of being remembered
> as a bunch of racist FUDslinging lunatics.

Were there echoes of this argument outside Israel?

--Amos

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-24 Thread geoffrey mendelson



On Oct 24, 2011, at 1:56 AM, Amos Shapira wrote:

I wrote:


The FSF is struggling to regain some semblance of public support  
after RMS's
disastrous FSF boycott of Israel and his comments about Steve Jobs.  
Do the
world a favor and let the FSF die with dignity, instead of being  
remembered

as a bunch of racist FUDslinging lunatics.




Amos wrote:

Were there echoes of this argument outside Israel?



Yes, the hi-tech field is both heavily invested in Israel and  
populated by Jews. It spread like wildfire even making the BBC and  
other media. So while people who support the "Palestinian cause",  
where cheering that he made a stand, everyone with investment in  
Israel, or a business dependent upon Israeli products, or Israeli  
developed technology was aghast.


It's one thing to not have a Jew in your country club or marry your  
children, but it's completely different to have your stock portfolio  
become worthless paper.


RMS's comments on Steve Jobs where much nicer than he was given credit  
for. However the press was looking for a way to get rid of him, and  
that was it.


I am a US citizen, I vote in US elections, and I file US tax returns.  
There some things I leave to US residents and if I were a resident of  
Massachusetts I would have filed complaints to the Secretary of State  
and the IRS that RMS's boycott, as President of the FSF, of Israel was  
cause to dissolve the corporation and revoke their tax exempt status.


The founders of the FSF tried to do a legal trick when they  
incorporated to get more ability to "spread their message", but it  
also restricts them from such activity.


I did not file those complaints, but I expect that other people also  
read their articles of incorporation (it's on their web site), spent  
10 seconds with google looking up the law behind it, (wikipedia has a  
good article) and did file complaints.


Geoff.




--
Geoffrey S. Mendelson,  N3OWJ/4X1GM
My high blood pressure medicine reduces my midichlorian count. :-(














___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-24 Thread Nadav Har'El

On Mon, Oct 24, 2011, geoffrey mendelson wrote about "Re: FSF Campaign against 
Microsoft's Plan to Enforce "Secure Boot"":
> Amos wrote:
> >Were there echoes of this argument outside Israel?
> 
> Yes, the hi-tech field is both heavily invested in Israel and
> populated by Jews. It spread like wildfire even making the BBC and

I wanted to search for "Richard Stallman Israel" on Google to see what people
have been saying, in English, about this topic, but as I was in the middle of
typing this, and typed "Richard Stallman Is", I was shown the following
completion suggestions:

"richard stallman is an idiot"
"richard stallman is crazy"
"richard stallman is a douchebag"
"richard stallman is insane"

I obviously don't agree with any of these statements, but it's sad that
apparently this is what people think (or at least, search in Google...).

Anyway, most of the results of my intended query appear to be Israeli or
Jewish sources. It doesn't appear like the whole world had any interest
in this affair... I wonder if most free software activists are even aware of
it.

-- 
Nadav Har'El|Monday, Oct 24 2011, 
n...@math.technion.ac.il |-
Phone +972-523-790466, ICQ 13349191 |I have a watch cat! If someone breaks in,
http://nadav.harel.org.il   |she'll watch.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-24 Thread geoffrey mendelson



On Oct 24, 2011, at 2:02 PM, Nadav Har'El wrote:
I obviously don't agree with any of these statements, but it's sad  
that
apparently this is what people think (or at least, search in  
Google...).


Anyway, most of the results of my intended query appear to be  
Israeli or
Jewish sources. It doesn't appear like the whole world had any  
interest
in this affair... I wonder if most free software activists are even  
aware of

it.



ROTFL. The vagaries of using google. I put in "richard stallman  
boycott israel" and 3,420 results.


They are aware. Very aware.

Geoff.

--
Geoffrey S. Mendelson,  N3OWJ/4X1GM
My high blood pressure medicine reduces my midichlorian count. :-(














___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-24 Thread geoffrey mendelson



On Oct 24, 2011, at 3:03 PM, geoffrey mendelson wrote:



On Oct 24, 2011, at 2:02 PM, Nadav Har'El wrote:
I obviously don't agree with any of these statements, but it's sad  
that
apparently this is what people think (or at least, search in  
Google...).


Anyway, most of the results of my intended query appear to be  
Israeli or
Jewish sources. It doesn't appear like the whole world had any  
interest
in this affair... I wonder if most free software activists are even  
aware of

it.



ROTFL. The vagaries of using google. I put in "richard stallman  
boycott israel" and 3,420 results.


They are aware. Very aware.



BTW, "richard stallman israel boycott" yields 42,600 results.

Geoff.

--
Geoffrey S. Mendelson,  N3OWJ/4X1GM
My high blood pressure medicine reduces my midichlorian count. :-(














___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-24 Thread Steve G.

Either way, I am not going to participate in anything that lends credence to
FSF. Quite frankly, at least  MS are not openly anti-Israeli, anti-Semitic,
or anti 'the bad Jews/Israeli'.

Let someone more credible start a petition, and I will surely sign.

F-FSF.

Z.
On Mon, Oct 24, 2011 at 7:13 AM, geoffrey mendelson <
geoffreymendel...@gmail.com> wrote:

>
> On Oct 24, 2011, at 3:03 PM, geoffrey mendelson wrote:
>
>
>> On Oct 24, 2011, at 2:02 PM, Nadav Har'El wrote:
>>
>>> I obviously don't agree with any of these statements, but it's sad that
>>> apparently this is what people think (or at least, search in Google...).
>>>
>>> Anyway, most of the results of my intended query appear to be Israeli or
>>> Jewish sources. It doesn't appear like the whole world had any interest
>>> in this affair... I wonder if most free software activists are even aware
>>> of
>>> it.
>>>
>>
>>
>> ROTFL. The vagaries of using google. I put in "richard stallman boycott
>> israel" and 3,420 results.
>>
>> They are aware. Very aware.
>>
>
>
> BTW, "richard stallman israel boycott" yields 42,600 results.
>
>
> Geoff.
>
> --
> Geoffrey S. Mendelson,  N3OWJ/4X1GM
> My high blood pressure medicine reduces my midichlorian count. :-(
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> __**_
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/**mailman/listinfo/linux-il
>



-- 
Sincerely,

Steve

http://www.words2u.net - GPS points and tracks (mainly in Costa Rica)

http://www.words2u.net/recipes - Recipe collection
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-24 Thread Nadav Har'El

On Mon, Oct 24, 2011, Steve G. wrote about "Re: FSF Campaign against 
Microsoft's Plan to Enforce "Secure Boot"":
> at least  MS are not openly anti-Israeli, anti-Semitic,
> or anti 'the bad Jews/Israeli'.

Indeed. I still remember very vividly a meeting held 11 years ago in the
ISOC-IL offices, about the sad state of Hebrew support on the Web.
The conclusion was that, sadly but truely, Microsoft was the only one that
bothered fixing its browser (IE 5, at the time) to support new standards
that will help Israeli users - namely "logical order" Hebrew text (Unicode's
bidi, see http://www.unicode.org/reports/tr9/tr9-1.html).

Our knight in shiny armor, Netscape, did nothing to solve the our (Israelis')
problems, and forced us to use the ridiculous "visual order" method.
Mozilla, the recently announced free spin-off from Netscape, also didn't help.
IBM, that volunteered to solve this problem in Netscape, proposed a patch,
but Netscape didn't even care enough about us Israelis to apply it.
It would take several more years until Isralis finally had a free browser that
supported logical-order (bidi) Hebrew.

So despite all its other flaws, Microsoft does indeed care about Israel and
Israelis.


-- 
Nadav Har'El|Monday, Oct 24 2011, 
n...@math.technion.ac.il |-
Phone +972-523-790466, ICQ 13349191 |Seen on a box of animal crackers: "Do not
http://nadav.harel.org.il   |eat if seal is broken."

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-24 Thread Steve G.

Shlomi,

1. Thank you for the education

2. I am not trying to negate the validity of their argument (or for that
matter to support it). I am saying that I will have nothing to do with them,
their drives, their server, and any of their software that is not already
provisioned by my distro, unless I can't live with it.

And quite frankly, I don't care whether the FSF and RMS are one and the same
or not. Until they kick the piece of waste out, they should go sell their
stuff somewhere else.

There are plenty of other organizations to support.

Z.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-24 Thread Shlomi Fish

Hi Steve,

On Mon, 24 Oct 2011 09:24:54 -0600
"Steve G."  wrote:

> Either way, I am not going to participate in anything that lends credence to
> FSF. Quite frankly, at least  MS are not openly anti-Israeli, anti-Semitic,
> or anti 'the bad Jews/Israeli'.
> 

Well, from what I understood, it's just that Stallman in his visit to
the Palestinian Authority, complied to the demands of his Palestinian sponsors,
and wouldn't lecture at a place that didn't support the boycott of the Israeli
academia. That wasn't a global position of the Free Software Foundation, who
certainly isn't anti-Semitic (see
http://www.shlomifish.org/philosophy/politics/define-zionism/ about a lot of 
this confusion.). 

> Let someone more credible start a petition, and I will surely sign.
> 

Well, the petition is hosted on the FSF server, but otherwise it isn't
trying to promote them. And it's possible other entities won't start competing
petitions so as to not fragment the votes, so you'll never get to voice your
support.

Also see:

http://en.wikipedia.org/wiki/Ad_hominem

Regards,

Shlomi Fish

> F-FSF.
> 
> Z.
> On Mon, Oct 24, 2011 at 7:13 AM, geoffrey mendelson <
> geoffreymendel...@gmail.com> wrote:
> 
> >
> > On Oct 24, 2011, at 3:03 PM, geoffrey mendelson wrote:
> >
> >
> >> On Oct 24, 2011, at 2:02 PM, Nadav Har'El wrote:
> >>
> >>> I obviously don't agree with any of these statements, but it's sad that
> >>> apparently this is what people think (or at least, search in Google...).
> >>>
> >>> Anyway, most of the results of my intended query appear to be Israeli or
> >>> Jewish sources. It doesn't appear like the whole world had any interest
> >>> in this affair... I wonder if most free software activists are even aware
> >>> of
> >>> it.
> >>>
> >>
> >>
> >> ROTFL. The vagaries of using google. I put in "richard stallman boycott
> >> israel" and 3,420 results.
> >>
> >> They are aware. Very aware.
> >>
> >
> >
> > BTW, "richard stallman israel boycott" yields 42,600 results.
> >
> >
> > Geoff.
> >
> > --
> > Geoffrey S. Mendelson,  N3OWJ/4X1GM
> > My high blood pressure medicine reduces my midichlorian count. :-(
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > __**_
> > Linux-il mailing list
> > Linux-il@cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/**mailman/listinfo/linux-il
> >
> 
> 
> 

-- 
-
Shlomi Fish   http://www.shlomifish.org/
Understand what Open Source is - http://shlom.in/oss-fs

CPAN thrives *because* of the unfettered uploading of shit, not in spite of it.
— Andy Lester

Please reply to list if it's a mailing list post - http://shlom.in/reply .

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-24 Thread Tzafrir Cohen

On Mon, Oct 24, 2011 at 11:37:39AM -0600, Steve G. wrote:
> Shlomi,
> 
> 1. Thank you for the education
> 
> 2. I am not trying to negate the validity of their argument (or for that
> matter to support it). I am saying that I will have nothing to do with them,
> their drives, their server, and any of their software that is not already
> provisioned by my distro, unless I can't live with it.
> 
> And quite frankly, I don't care whether the FSF and RMS are one and the same
> or not. Until they kick the piece of waste out, they should go sell their
> stuff somewhere else.
> 
> There are plenty of other organizations to support.

People's Front of Judea is one.


-- 
Tzafrir Cohen | tzaf...@jabber.org | VIM is
http://tzafrir.org.il || a Mutt's
tzaf...@cohens.org.il ||  best
tzaf...@debian.org|| friend

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-24 Thread geoffrey mendelson



On Oct 24, 2011, at 7:26 PM, Shlomi Fish wrote:


Well, from what I understood, it's just that Stallman in his visit to
the Palestinian Authority, complied to the demands of his  
Palestinian sponsors,
and wouldn't lecture at a place that didn't support the boycott of  
the Israeli
academia. That wasn't a global position of the Free Software  
Foundation, who

certainly isn't anti-Semitic (see
http://www.shlomifish.org/philosophy/politics/define-zionism/ about  
a lot of this confusion.).



You understand wrong. Since Stallman signed his messages as President  
of the FSF, they are legally the position of the FSF.


Geoff.
--
Geoffrey S. Mendelson,  N3OWJ/4X1GM
My high blood pressure medicine reduces my midichlorian count. :-(














___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-24 Thread Nadav Har'El

On Mon, Oct 24, 2011, Tzafrir Cohen wrote about "Re: FSF Campaign against 
Microsoft's Plan to Enforce "Secure Boot"":
> > There are plenty of other organizations to support.
> 
> People's Front of Judea is one.

No way, I hate them! I support the Judean People's Front!

(If someone doesn't understand the joke, you haven't seen the movie
"Life of Brian" :-)).

-- 
Nadav Har'El|Monday, Oct 24 2011, 
n...@math.technion.ac.il |-
Phone +972-523-790466, ICQ 13349191 |"We don't see things as they are, we see
http://nadav.harel.org.il   |them as we are." -- Anais Nin

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-24 Thread Steve G.

I thought I got the joke, but was not sure if it was Monty Python, so thanks
for clarifying.

Now a technical question - wouldn't we still be able to run Linux as a
virtual machine under windows? So what's the big deal? Practically all
laptops today, and most desktops, come with some flavor of windows. All one
needs to do is use a VMM from Oracle, MS, VmWare, Citrix/XEN, Parallels,
etc. and  use it to run Linux! It may reduce performance a little, but quite
frankly, today's computers are so over-specified for their usage (do I
really need a 3 core CPU to browse the net? most of what I do is i/o and
networking, not computation).

So I can have my cake, and Microsoft can have theirs too. The only possible
impact is that selection of Linux compatible machines would be limited to
those manufactured with Linux in mind, so I would probably have to pay more
instead of getting whatever is on sale. On the positive side, though, unlike
all my discounted hardware, these would work under Linux right off the bat,
instead of a year later (yes, finally my Toshiba can use the earphones under
Linux, not just the tinny speakers, as was the case till now! On the other
hand, Unity 3D still hard freezes my computer, or at least my Xserver on
every machine I tested...)

Let the flames begin.

Z.
On Mon, Oct 24, 2011 at 3:28 PM, Nadav Har'El wrote:

> On Mon, Oct 24, 2011, Tzafrir Cohen wrote about "Re: FSF Campaign against
> Microsoft's Plan to Enforce "Secure Boot"":
> > > There are plenty of other organizations to support.
> >
> > People's Front of Judea is one.
>
> No way, I hate them! I support the Judean People's Front!
>
> (If someone doesn't understand the joke, you haven't seen the movie
> "Life of Brian" :-)).
>
> --
> Nadav Har'El|Monday, Oct 24
> 2011,
> n...@math.technion.ac.il
> |-
> Phone +972-523-790466, ICQ 13349191 |"We don't see things as they are, we
> see
> http://nadav.harel.org.il   |them as we are." -- Anais Nin
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>

-- 
Sincerely,

Steve

http://www.words2u.net - GPS points and tracks (mainly in Costa Rica)

http://www.words2u.net/recipes - Recipe collection
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-24 Thread Amit Aronovitch

On Mon, Oct 24, 2011 at 6:03 PM, Nadav Har'El wrote:

> On Mon, Oct 24, 2011, Steve G. wrote about "Re: FSF Campaign against
> Microsoft's Plan to Enforce "Secure Boot"":
> > at least  MS are not openly anti-Israeli, anti-Semitic,
> > or anti 'the bad Jews/Israeli'.
>
> Indeed. I still remember very vividly a meeting held 11 years ago in the
> ISOC-IL offices, about the sad state of Hebrew support on the Web.
> The conclusion was that, sadly but truely, Microsoft was the only one that
> bothered fixing its browser (IE 5, at the time) to support new standards
> that will help Israeli users - namely "logical order" Hebrew text
> (Unicode's
> bidi, see http://www.unicode.org/reports/tr9/tr9-1.html).
>
> Our knight in shiny armor, Netscape, did nothing to solve the our
> (Israelis')
> problems, and forced us to use the ridiculous "visual order" method.
>

Yeah, but Netscape was far from being a knight.
 Royalty free browser is fine, support over more than one OS even better,
but that's not free software.
Uncontrolled race of un-standardized/half-baked html "extensions" - as bad
as their competitor, if not worse.
It only donned armor on its deathbed (by freeing the code and forming
Mozilla).
מודה ועוזב ירוחם

Mozilla, the recently announced free spin-off from Netscape, also didn't
> help.
>

Takes time for new FOSS project to digest a large inherited codebase (and
weren't they busy with infrastructure work, such as XUL, at the time?)

IBM, that volunteered to solve this problem in Netscape, proposed a patch,
> but Netscape didn't even care enough about us Israelis to apply it.
> It would take several more years until Isralis finally had a free browser
> that
> supported logical-order (bidi) Hebrew.
>
> So despite all its other flaws, Microsoft does indeed care about Israel and
> Israelis.
>
>
People care. Corporations seek profit for investors. Some people would argue
that this is more a virtue than a flaw.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-24 Thread Amit Aronovitch

On Mon, Oct 24, 2011 at 1:51 PM, geoffrey mendelson <
geoffreymendel...@gmail.com> wrote:

>
> On Oct 24, 2011, at 1:56 AM, Amos Shapira wrote:
>
>
> I wrote:
>
>>
>>> The FSF is struggling to regain some semblance of public support after
>>> RMS's
>>> disastrous FSF boycott of Israel and his comments about Steve Jobs. Do
>>> the
>>> world a favor and let the FSF die with dignity, instead of being
>>> remembered
>>> as a bunch of racist FUDslinging lunatics.
>>>
>>
>>
> Amos wrote:
>
>> Were there echoes of this argument outside Israel?
>>
>
>
> Yes, the hi-tech field is both heavily invested in Israel and populated by
> Jews. It spread like wildfire even making the BBC and other media. So while
> people who support the "Palestinian cause", where cheering that he made a
> stand, everyone with investment in Israel, or a business dependent upon
> Israeli products, or Israeli developed technology was aghast.
>
> It's one thing to not have a Jew in your country club or marry your
> children, but it's completely different to have your stock portfolio become
> worthless paper.
>
> RMS's comments on Steve Jobs where much nicer than he was given credit for.
> However the press was looking for a way to get rid of him, and that was it.
>
> I am a US citizen, I vote in US elections, and I file US tax returns. There
> some things I leave to US residents and if I were a resident of
> Massachusetts I would have filed complaints to the Secretary of State and
> the IRS that RMS's boycott, as President of the FSF, of Israel was cause to
> dissolve the corporation and revoke their tax exempt status.
>
> The founders of the FSF tried to do a legal trick when they incorporated to
> get more ability to "spread their message", but it also restricts them from
> such activity.
>
> I did not file those complaints, but I expect that other people also read
> their articles of incorporation (it's on their web site), spent 10 seconds
> with google looking up the law behind it, (wikipedia has a good article) and
> did file complaints.
>
>
>
Sorry for not following up on the legal issues (getting too tired right
now), but I thought that Israel was the country that tried to legislate a
non-boycott law :-)

If US law forbade boycotts, how comes Pepsi or McDonnald's were not
dissolved for participating in the Arab boycott? (and this was full boycott,
not merely a
single-visit-personal-compliance by the foundation's president).

I need to know that, because I'm considering boycotting emails from people
that boycott organizations whose presidents boycott countries that pass laws
against boycotting Israel.

If some of the people involved in this chain are US citizens (or Israeli, or
both), would I get into trouble?

   (yet another) AA

[Disclaimer: This message does not express a real intention, by the author
or other associated parties, to participate in any form of boycott. Just
mild confusion, some amusement, and moderate insomnia]
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-24 Thread geoffrey mendelson



On Oct 25, 2011, at 2:45 AM, Amit Aronovitch wrote:
Sorry for not following up on the legal issues (getting too tired  
right now), but I thought that Israel was the country that tried to  
legislate a non-boycott law :-)


If US law forbade boycotts, how comes Pepsi or McDonnald's were not  
dissolved for participating in the Arab boycott? (and this was full  
boycott, not merely a

single-visit-personal-compliance by the foundation's president).

I need to know that, because I'm considering boycotting emails from  
people that boycott organizations whose presidents boycott countries  
that pass laws against boycotting Israel.


If some of the people involved in this chain are US citizens (or  
Israeli, or both), would I get into trouble?


   (yet another) AA




It's not the boycott itself, it's that a boycott of Israel is outside  
of the activities that the FSF is chartered to conduct.


Because of the type of corporation they chose to incorporate as, they  
can only do political actions as  corporation related to free software  
(check their articles of incorporation and the relevant laws, IANAL).


For example (but don't hold me to it) they could boycott Apple because  
it uses a closed OS, but not because it uses child labor in China.


So because RMS claimed that AS PRESIDENT OF THE FSF he was boycotting  
Israel because of its treatment of Palestinian Arabs, he was  
performing a political activity that they were forbidden to do.


If he had claimed that he was doing it as RMS, private citizen, or  
because free software was being blocked at the "borders", Israel was  
harming Palestinian Arabs for use of free software, etc it would have  
been different.


BUT he dragged the FSF into it, and that was not legal.

Geoff.



--
Geoffrey S. Mendelson,  N3OWJ/4X1GM
My high blood pressure medicine reduces my midichlorian count. :-(














___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-25 Thread Tzafrir Cohen

On Mon, Oct 24, 2011 at 04:28:01PM -0600, Steve G. wrote:
> I thought I got the joke, but was not sure if it was Monty Python, so thanks
> for clarifying.
> 
> Now a technical question - wouldn't we still be able to run Linux as a
> virtual machine under windows? 

Maybe. But this is a very grave limitation, and I would really hate to
have it. It makes the guest OS inferior, avoids direct access to the
hardware for the most part. I wouldn't buy such a hardware.

Oh, and given MS's past history with licensing, I would expect funny
games in the future if this were to be the norm (e.g. machines with the
vmx bit enabled would start to cost more).

-- 
Tzafrir Cohen | tzaf...@jabber.org | VIM is
http://tzafrir.org.il || a Mutt's
tzaf...@cohens.org.il ||  best
tzaf...@debian.org|| friend

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-25 Thread Tzafrir Cohen

On Mon, Oct 24, 2011 at 11:18:43PM +0200, geoffrey mendelson wrote:
>
> On Oct 24, 2011, at 7:26 PM, Shlomi Fish wrote:
>
>> Well, from what I understood, it's just that Stallman in his visit to
>> the Palestinian Authority, complied to the demands of his Palestinian 
>> sponsors,
>> and wouldn't lecture at a place that didn't support the boycott of the 
>> Israeli
>> academia. That wasn't a global position of the Free Software  
>> Foundation, who
>> certainly isn't anti-Semitic (see
>> http://www.shlomifish.org/philosophy/politics/define-zionism/ about a 
>> lot of this confusion.).
>
>
> You understand wrong. Since Stallman signed his messages as President of 
> the FSF, they are legally the position of the FSF.

IANAL and thus IDCALI.

Stallman did this as a private person.

-- 
Tzafrir Cohen | tzaf...@jabber.org | VIM is
http://tzafrir.org.il || a Mutt's
tzaf...@cohens.org.il ||  best
tzaf...@debian.org|| friend

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-25 Thread geoffrey mendelson



On Oct 25, 2011, at 10:07 AM, Tzafrir Cohen wrote:

IANAL and thus IDCALI.



Sorry, I don't understand the acronym, nor could I find an explanation  
that fit.



Stallman did this as a private person.



NO, he did not. Here's an example of his signature from his emails,  
taken from a conversation on this list back when it was relevant. You  
are welcome to look them up in the archive:


Dr Richard Stallman President,
Free Software Foundation
51 Franklin St Boston MA 02110
There can be no doubt that he said it as President of the FSF, and  
which FSF he was speaking as.

To be blunt, have you ever been an officer of a corporation in the US?
Geoff.

--
Geoffrey S. Mendelson,  N3OWJ/4X1GM
My high blood pressure medicine reduces my midichlorian count. :-(














___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-25 Thread Nadav Har'El

On Tue, Oct 25, 2011, Amit Aronovitch wrote about "Re: FSF Campaign against 
Microsoft's Plan to Enforce "Secure Boot"":
> People care. Corporations seek profit for investors. Some people would argue
> that this is more a virtue than a flaw.

Yes, all corporations seek profit, but like the Perl moto says, "there is more
than one way to do it". One company can decide that it can make more money by
selling stuff that Israelis want (this is the way that Microsoft went, almost
from the start), another company can decide that it can't be bothered with this
small market (this is the way Apple went for many years, and many of its
services still are unavailable in Israel), and a third company can decide to
boycott Israel completely, because selling in Israel will actually cause it
to lose money (e.g., because of the Arab Boycott).

So while companies that chose the first path - like Microsoft - aren't saints,
they should at least be commended for chosing this path, and not one of the
other two.

-- 
Nadav Har'El|   Tuesday, Oct 25 2011, 
n...@math.technion.ac.il |-
Phone +972-523-790466, ICQ 13349191 |A conclusion is simply the place where
http://nadav.harel.org.il   |you got tired of thinking.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-25 Thread Stan Goodman

On Tuesday 25 October 2011 10:07:30 Tzafrir Cohen wrote:
> On Mon, Oct 24, 2011 at 11:18:43PM +0200, geoffrey mendelson wrote:
> > On Oct 24, 2011, at 7:26 PM, Shlomi Fish wrote:
> >> Well, from what I understood, it's just that Stallman in his visit
> >> to the Palestinian Authority, complied to the demands of his
> >> Palestinian sponsors,
> >> and wouldn't lecture at a place that didn't support the boycott of
> >> the Israeli
> >> academia. That wasn't a global position of the Free Software
> >> Foundation, who
> >> certainly isn't anti-Semitic (see
> >> http://www.shlomifish.org/philosophy/politics/define-zionism/
> >> about a lot of this confusion.).
> > 
> > You understand wrong. Since Stallman signed his messages as
> > President of the FSF, they are legally the position of the FSF.
> 
> IANAL and thus IDCALI.
> 
> Stallman did this as a private person.

He was in the Middle East to speak as an officer of FSF; he cancelled 
his talk to the Israel group at the behest of the Jordanian group, which 
had a political axe to grind. It doesn't matter if there were signed 
letters or not, and certainly not on what stationery they were written. 
The basic fact is that he adopted the illegitmate demand of the 
Jordanian group and cancelled for an abhorent excuse. That could not 
have been done as a private person.
-- 
Stan Goodman
Qiryat Tiv'on
Israel

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-25 Thread geoffrey mendelson



On Oct 25, 2011, at 11:23 AM, Nadav Har'El wrote:

 another company can decide that it can't be bothered with this
small market (this is the way Apple went for many years, and many of  
its

services still are unavailable in Israel),


That's simply untrue. Apple for whatever reason it chose, sold an  
exclusive franchise to a company called YEDA about 27 years ago. When  
it expired, they chose to sell another one to a new company iDigital,  
which happens to be part owned by the President's son.


They do that in many countries because of tax and other considerations.

What products are sold in Israel or not is up to iDigital. They have  
to commit to a certain level of sales and support before Apple will  
consider letting them sell products. This requires an investment in  
sending technicians overseas to learn how to maintain products,  
training sales and support people, producing sales and user  
literature, etc.


Some products are not sold here because they are phased in, for  
example the iPhone 4s, but that's common around the world.


For example, someone I know went to Office Depot the first day they  
were selling legally imported iPads and a person from iDigital was  
there answering questions and doing demos.  The iPad came out of the  
box with Hebrew support.


I don't know anything about Apple II's, etc, but when I purchased my  
first MAC in 1990 (I was using them at work before that), it was in  
the US. It did not come with Hebrew support, but you could download  
for free (or get it from a user group if they had it) a Hebrew  
localized version of MacOS. I assume it was available here for free.


BTW, despite what many people say, Steve Jobs was very supportive of  
open source. The actual MacOS is open source (though with a different  
license). The GUI and the apps are not, but that is a different issue.  
Every version of MacOS X based upon UNIX is. It also comes with a  
suite of developer tools including gcc (now an optional download or a  
free app from the app store) and X windows, so you could in theory,  
boot the OS, go into X windows and live there running open source  
programs, without ever running a closed source program from Apple,  
once you started X.


In fact I have a particularly pesky Windows program I need to run on  
my MAC, and I run it by having compiled an open source version of X  
Windows and WINE and run it by starting a BASH script. Both X and WINE  
were compiled from source. There are versions available in binary, but  
I needed to build them in sync to get the app to work.


Back in the old days (before OSX and the G3 processor), Apple did in  
fact implement Linux on Macs, and it was GPL'ed. In the end they  
decided to not persue it, because they are as you say in the business  
of making money, and the GPL was not compatible with that goal in  
their opinion.


Instead they used BSD with its "artistic license", but it's still open  
source.


BTW, as for boycotts, the only easily recognized Israeli product in  
the MACs in the 1990's was a Tadiran  battery and someone sued Apple  
in the UK for "supporting the genocide of the Palestinians" by using  
them.


Geoff.

--
Geoffrey S. Mendelson,  N3OWJ/4X1GM
My high blood pressure medicine reduces my midichlorian count. :-(














___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-25 Thread Tzafrir Cohen

On Tue, Oct 25, 2011 at 10:36:44AM +0200, geoffrey mendelson wrote:
>
> On Oct 25, 2011, at 10:07 AM, Tzafrir Cohen wrote:
>> IANAL and thus IDCALI.
>>
>
> Sorry, I don't understand the acronym, nor could I find an explanation  
> that fit.
>
>> Stallman did this as a private person.
>
>
> NO, he did not. Here's an example of his signature from his emails,  
> taken from a conversation on this list back when it was relevant. You  
> are welcome to look them up in the archive:
>
>   Dr Richard Stallman President,
>   Free Software Foundation
>   51 Franklin St Boston MA 02110
> There can be no doubt that he said it as President of the FSF, and which 
> FSF he was speaking as.
> To be blunt, have you ever been an officer of a corporation in the US?
> Geoff.

No. However you have been looking for any anti-Stallman and anti-GPL
excuse for a long time. Well before this afair. I recall all sort of odd
excuses of why not use the GPL. I suppose you'll be tellin us that the
French have declared the GPL illegal:

  
https://www.mirbsd.org/permalinks/wlog-10_e20111024-tg.htm#e20111024-tg_wlog-10

Over time I have lerned to just ignore your "legal" arguments.

-- 
Tzafrir Cohen | tzaf...@jabber.org | VIM is
http://tzafrir.org.il || a Mutt's
tzaf...@cohens.org.il ||  best
tzaf...@debian.org|| friend

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-25 Thread Amit Aronovitch

Setting aside the amusing political debates and going back to the original
topic - what's the actual status of the UEFI boot issue?

(Following up on the link from Tzafrir's
post:http://mjg59.dreamwidth.org/6503.html,
see my comments below )

On Mon, Oct 24, 2011 at 1:56 AM, Amos Shapira wrote:

> On 23 October 2011 22:06, geoffrey mendelson
>  wrote:
> >
> > On Oct 23, 2011, at 12:28 PM, Shlomi Fish wrote:
> >>
> >> The Free Software Foundation started a campaign called “Stand up for
> your
> >> freedom to install free software!” about Microsoft's plan to enforce
> >> “Secure Boot” in the installations of Windows 8, which will prevent
> people
> >> from being able to boot into GNU/Linux, one of the BSD variants, or
> other
> >> operating systems. You can sign it here:
> >>
> >> http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement
> >
> >
> > It's pure FUD.
> > "we are concerned that Microsoft and hardware manufacturers will
> implement
> > these boot restrictions in a way that will prevent users from booting
> > anything other than Windows."
> >
> > Not that they are, or saying they will, or even hinted they will.
>
> I didn't follow the detail but a few weeks ago this made a noise on
> Slashdot and as far as I'm aware Microsoft issued a statement which
> calmed down the activists and it became a none-issue. I didn't follow
> it closely so I might be wrong.
>
>
Can you help locating the MS statement that you describe?

Some relevant details, described in Mathew Garett's post (thanks Tzafrir for
the link), and some of the replies there:

1. Problems with the proposed UEFI boot standard boil down to the fact that
it lacks any means to allow the *owner of the hardware* to edit the list of
trusted keys (load new keys, delete old ones).

2. It seems to me that some aspects of this are in fact a security issue,
which should also be in the interest of Microsoft to solve (e.g. they would
probably want some means to recover in case one of their keys get stolen).

3. Some solution to the problem (a mechanism for loading keys from specially
formatted removable media) will be (is being) suggested by Garrett to UEFI
during this week's "plugfest" http://www.uefi.org/events/

4. Readers of this group should be interested to know that this solution
(whatever other advantages/disadvantages it might have) would allow you to
end up being able to boot kernels (or bootloaders) that you compiled
yourself and signed with your own private key.

Hence: if that MS statement contained some indication that Microsoft would
support such a solution, indeed I see no serious reason to worry.
Either way, we should follow closely for reports from the plugfest
conclusions next week.

   AA
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-25 Thread geoffrey mendelson



On Oct 25, 2011, at 5:37 PM, Amit Aronovitch wrote:

Setting aside the amusing political debates and going back to the  
original topic - what's the actual status of the UEFI boot issue?



1. Microsoft never said they would do what the FSF claims they would.

2. Microsoft has said, but not in these words, we were not going to do  
this.


If you want a somewhat relevant and entertaining experience watch the  
movie "Minority Report".


Geoff.

--
Geoffrey S. Mendelson,  N3OWJ/4X1GM
My high blood pressure medicine reduces my midichlorian count. :-(














___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-25 Thread Baruch Siach

Hi Amit,

On Tue, Oct 25, 2011 at 05:37:29PM +0200, Amit Aronovitch wrote:
> On Mon, Oct 24, 2011 at 1:56 AM, Amos Shapira wrote:
> > I didn't follow the detail but a few weeks ago this made a noise on
> > Slashdot and as far as I'm aware Microsoft issued a statement which
> > calmed down the activists and it became a none-issue. I didn't follow
> > it closely so I might be wrong.
> >
> Can you help locating the MS statement that you describe?

The MS response on this issue is at 
http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx.

Matthew then responded to this at http://mjg59.dreamwidth.org/6503.html.

baruch

> Some relevant details, described in Mathew Garett's post (thanks Tzafrir for
> the link), and some of the replies there:
> 
> 1. Problems with the proposed UEFI boot standard boil down to the fact that
> it lacks any means to allow the *owner of the hardware* to edit the list of
> trusted keys (load new keys, delete old ones).
> 
> 2. It seems to me that some aspects of this are in fact a security issue,
> which should also be in the interest of Microsoft to solve (e.g. they would
> probably want some means to recover in case one of their keys get stolen).
> 
> 3. Some solution to the problem (a mechanism for loading keys from specially
> formatted removable media) will be (is being) suggested by Garrett to UEFI
> during this week's "plugfest" http://www.uefi.org/events/
> 
> 4. Readers of this group should be interested to know that this solution
> (whatever other advantages/disadvantages it might have) would allow you to
> end up being able to boot kernels (or bootloaders) that you compiled
> yourself and signed with your own private key.
> 
> Hence: if that MS statement contained some indication that Microsoft would
> support such a solution, indeed I see no serious reason to worry.
> Either way, we should follow closely for reports from the plugfest
> conclusions next week.

-- 
 ~. .~   Tk Open Systems
=}ooO--U--Ooo{=
   - bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-25 Thread geoffrey mendelson



On Oct 25, 2011, at 5:55 PM, Baruch Siach wrote:


Hi Amit,

The MS response on this issue is at
http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx 
.


Matthew then responded to this at http://mjg59.dreamwidth.org/6503.html 
.


For those that don't want to read through a lot of technical stuff he  
said:


	"But for the foreseeable future, you'll be able to buy hardware that  
runs Linux."


Geoff.

--
Geoffrey S. Mendelson,  N3OWJ/4X1GM
My high blood pressure medicine reduces my midichlorian count. :-(














___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-25 Thread Oleg Goldshmidt

2011/10/25 Amit Aronovitch :

>> I didn't follow the detail but a few weeks ago this made a noise on
>> Slashdot and as far as I'm aware Microsoft issued a statement which
>> calmed down the activists and it became a none-issue. I didn't follow
>> it closely so I might be wrong.
>>
>
> Can you help locating the MS statement that you describe?


I was not the one who "described" it but I believe this is the
statement in question:

http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx

Some quotes:

"Secure boot doesn’t “lock out” operating system loaders, but is a
policy that allows firmware to validate authenticity of components"

"Microsoft does not mandate or control the settings on PC firmware
that control or enable secured boot from any operating system other
than Windows"

This does not really mean much to me. As far as I can decipher the
really problematic piece is the bootloader (e.g., grub for our
purposes). The statements above say, if the FW vendor allows disabling
the security feature it's up to you, it you want to use grub and Linux
we are fine with that. What they do not say is, e.g., if you disable
the FW security layer you will not be able to boot Windows 8 from
unsigned grub. They do not say how one would go about signing grub
(see the RedHat guy's post for details of the problem).

I miss lots of things in the debate that I've seen discussed nowhere.
E.g., if I disable FW security layer and use unsigned grub to boot
Linux, will I be able to run Windows 8 in a VM on top of that Linux?
Will hypervisor vendors (including hosted hypervisors) have to include
new "security" components that would verify all the layers below to
run a Windows 8 guest (nested virtualization will be so much more fun,
eh?)? WIll security be checked only at OS boot? Will it be impossible
to live-migrate a Windows 8 VM between physical servers with different
security settings (sounds like a lot of work for VMware VirtualCenter
and other products like that). Ditto for enterprise level provisioning
and/or scheduling systems that match images (of physical or virtual
systems) with HW resources. Ditto for "orchestration" products that
reshuffle resources to optimize whatever and heal other stuff and add
capacity on demand etc., etc., etc. All those will have to take
additional parameters into account (and do more work, e.g.,
reconfigure FW on the fly, adding to provisioning complexity and
time), otherwise things won't boot.

However, the discussion below the blog I linked to above seems to
indicate that MS may not be as evil as we give them credit to be:

Q. [W]ill Windows 8 be usable on systems which have secure boot
disabled for compatibility questions?
A. Of course Windows is usable without secure boot -- just like the post stated.

I did not find this statement in the blog, but I could have missed it.
As far as I understand the blog post was written by a different
person(Tony Mangefeste) than the blog owner (Steven Sinofsky), and the
answer I quoted above is from the blog owner. So I am not 100% sure
that the security option can be turned off in Windows 8.

-- 
Oleg Goldshmidt | p...@goldshmidt.org

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-25 Thread Tzafrir Cohen

On Tue, Oct 25, 2011 at 05:37:29PM +0200, Amit Aronovitch wrote:
> Setting aside the amusing political debates and going back to the original
> topic - what's the actual status of the UEFI boot issue?
> 
> (Following up on the link from Tzafrir's
> post:http://mjg59.dreamwidth.org/6503.html,
> see my comments below )

> Can you help locating the MS statement that you describe?
> 
> Some relevant details, described in Mathew Garett's post (thanks Tzafrir for
> the link), and some of the replies there:
> 
> 1. Problems with the proposed UEFI boot standard boil down to the fact that
> it lacks any means to allow the *owner of the hardware* to edit the list of
> trusted keys (load new keys, delete old ones).

Rather: the owner can not edit the list of certificate authorities. The
owner can, optionally (according to the standard) add extra keys. But
this option is prohibited by Microsoft.

> 
> 2. It seems to me that some aspects of this are in fact a security issue,
> which should also be in the interest of Microsoft to solve (e.g. they would
> probably want some means to recover in case one of their keys get stolen).
> 
> 3. Some solution to the problem (a mechanism for loading keys from specially
> formatted removable media) will be (is being) suggested by Garrett to UEFI
> during this week's "plugfest" http://www.uefi.org/events/
> 
> 4. Readers of this group should be interested to know that this solution
> (whatever other advantages/disadvantages it might have) would allow you to
> end up being able to boot kernels (or bootloaders) that you compiled
> yourself and signed with your own private key.

Custom kernel? How about custom boot loader code?

Grub2 can:

* read pathes and files from the disk(s).
* run a program:
  
http://www.gnu.org/software/grub/manual/html_node/Shell_002dlike-scripting.html#Shell_002dlike-scripting

So, would grub be allowed to boot?

> 
> Hence: if that MS statement contained some indication that Microsoft would
> support such a solution, indeed I see no serious reason to worry.
> Either way, we should follow closely for reports from the plugfest
> conclusions next week.

-- 
Tzafrir Cohen | tzaf...@jabber.org | VIM is
http://tzafrir.org.il || a Mutt's
tzaf...@cohens.org.il ||  best
tzaf...@debian.org|| friend

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-25 Thread geoffrey mendelson



On Oct 25, 2011, at 6:34 PM, Oleg Goldshmidt wrote:


This does not really mean much to me. As far as I can decipher the
really problematic piece is the bootloader (e.g., grub for our
purposes).


The points not covered here is that secure boot IN PART has been  
around for a long time. Later versions of Windows XP started the trend  
by looking for encrypted keys in the BIOS. This is how Windows knows  
you are using for example a Packard Bell version of Windows (and  
therefore not needing activation) on a Packard Bell computer.


Windows 7 expanded upon this. As a way of getting around this  
mechanism, hackers have developed a modified GRUB (yes, they started  
with the real thing) that loads the keys from disk and fakes the  
authentication server in the BIOS.


So you can go to xxx.com and download a version of GRUB which lets you  
choose the manufacturer of your computer that Windows 7 sees, so that  
it will boot without external authentication.


That's why Microsoft is asking for the ability to check if a  
bootloader was used that is not approved and to warn the customer.


MY GUESS is that if an unsigned version of GRUB (or any other  
bootloader) is used, Microsoft will use an alternate identification  
and authentication method (e.g. call 1-800-Linux-sux and ask for  
Bill). (that's a joke for the paranoid trolls out there).


To me this has a silver lining. If Windows 8 refuses to boot on a  
computer with the secure boot disabled or not included at all, then  
they can't sell you that computer with a copy of Windows 8, and charge  
you for it.


Geoff.
--
Geoffrey S. Mendelson,  N3OWJ/4X1GM
My high blood pressure medicine reduces my midichlorian count. :-(














___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-25 Thread Tzafrir Cohen

On Tue, Oct 25, 2011 at 06:00:41PM +0200, geoffrey mendelson wrote:
>
> On Oct 25, 2011, at 5:55 PM, Baruch Siach wrote:
>
>> Hi Amit,
>>
>> The MS response on this issue is at

>> http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx
>>  
>> .
>>
>> Matthew then responded to this at http://mjg59.dreamwidth.org/6503.html 
>> .
>
> For those that don't want to read through a lot of technical stuff he  
> said:
>
>   "But for the foreseeable future, you'll be able to buy hardware that  
> runs Linux."

Some more context, for those of you who don't want to bother reading the
whole article:

This quote is from a footnote. The oroginal text:

The obvious workaround is for them to just turn off secure boot.
Ignoring the arguments over whether or not OEMs will provide that
option[6], it benefits nobody for Linux installation to require
disabling a legitimate security feature. It's also not likely to be in a
standard location on all systems and may have different naming. It's a
support nightmare. Let's focus on trying to find a solution that
provides the security and doesn't have obvious scaling issues.

And the footnote itself:

[6] And to forestall panic, at this point we expect that most OEMs will
provide this option on most hardware, if only because customers will
still want to boot Windows 7. We do know that some hardware will ship
without it. It's not implausible that some OEMs will remove it in order
to reduce their support burden. But for the foreseeable future, you'll
be able to buy hardware that runs Linux.

So yeah. Matthew Garret says we have nothing to worry about in the
forseeable future. I guess I should learn to read british
understatements.

-- 
Tzafrir Cohen | tzaf...@jabber.org | VIM is
http://tzafrir.org.il || a Mutt's
tzaf...@cohens.org.il ||  best
tzaf...@debian.org|| friend

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-25 Thread Amit Aronovitch

On Tue, Oct 25, 2011 at 5:51 PM, geoffrey mendelson <
geoffreymendel...@gmail.com> wrote:

>
> On Oct 25, 2011, at 5:37 PM, Amit Aronovitch wrote:
>
>  Setting aside the amusing political debates and going back to the original
>> topic - what's the actual status of the UEFI boot issue?
>>
>
>
> 1. Microsoft never said they would do what the FSF claims they would.
>
> 2. Microsoft has said, but not in these words, we were not going to do
> this.
>
> If you want a somewhat relevant and entertaining experience watch the movie
> "Minority Report".
>
>
My concern in that message was regarding standartization of BIOS boot
protocols, and whether or not future standards would allow you to boot your
own self-compiled/self-signed kernels.

Whatever or not the FSF announcement said. Microsoft is *not* the authority
responsible for that, merely one out of 11 companies (including Apple and
IBM) which are represented in the relevant forum.

The relevance of FSF in the matter is only due to the fact that they brought
this specific issue to the attention of this specific list.
Microsoft's opinion (and I mean their opinion on BIOS boot options, not on
Stallman or his visit to Israel^H^HPalestine) is relevant because I suppose
that they are strongly represented, and unlikely to be ignored (Redhat is
not listed on UEFI site, so I suppose Mathew Garrett's suggestions will get
less attention than ideas brought forward by Microsoft).
Hence my interest in the statement mentioned here.

Took a while, but while writing this reply I finally got your point about
"Minority Report" (been a while, and all I remembered from the film was Tom
Cruise waving his hands to operate that then-futuristic-looking GUI) :-)

   AA
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FSF Campaign against Microsoft's Plan to Enforce "Secure Boot"

2011-10-25 Thread Nadav Har'El

On Tue, Oct 25, 2011, geoffrey mendelson wrote about "Re: FSF Campaign against 
Microsoft's Plan to Enforce "Secure Boot"":
> >small market (this is the way Apple went for many years, and many
> >of its
> >services still are unavailable in Israel),
> 
> That's simply untrue. Apple for whatever reason it chose, sold an
> exclusive franchise to a company called YEDA about 27 years ago.
> When it expired, they chose to sell another one to a new company
> iDigital, which happens to be part owned by the President's son.
> They do that in many countries because of tax and other considerations.
> What products are sold in Israel or not is up to iDigital. They have

As they say, the proof is in the pudding. The product that turned Apple's
luck around, the iPhone, wasn't sold here for years. If I understand
correctly, you still can't buy songs or movies on iTunes if you're in
Israel. Apple also makes it easy for application makers to discreminate
against people from certain countries, and as in Israeli I still can't get
some applications that Americans can. Until very recently (perhaps just a
year ago?), the iPhone didn't have a Hebrew keyboard out of the box.

You can blaim Yeda, Akum, Pelephone or the President of Israel, but at the
end, it all comes down to a top management decision - does the company do
*whatever it takes* to please Israelis and make a few extra millions (peanuts
compared to the billions they are already making)? Microsoft decided *yes*:
they didn't sell their products through crappy resellers, they added Hebrew
support many many years ago, they didn't make it easy for application writers
to discriminate Israelis, didn't limit their online services only to
people from certain countries, and their new products were available in
Israel at the same time they were available everywhere else. Apple, on
the other hand, decided *no* - they would use a reseller than everyone
complain about, they would take years until new products reached Israel,
they would sell products without Hebrew support, prevent their own online
services from working in Israel, and help other app writers avoid being
sold in Israel.

If Apple wanted to act differently in Israel, they could do it 27 years
ago, 10 years ago, 5 years ago, or today. But they simply don't care. I don't
think it's antisemitism - it's simply that they don't care about the extra
0.01% that their profits can grow by pleasing Israelis more. Beside, Israelis
are, despite their hatred of being "friers", world famous suckers: If the
iPhone is (unlike its situation in the rest of the world!) the top selling
smartphone in Israel, even without iTunes working here, then why should
Apple bother to fix anything?

> Some products are not sold here because they are phased in, for
> example the iPhone 4s, but that's common around the world.

I'm not talking about a few months of delay. I'm talking about the *years*
it took before the iPhone got here, the *years* it took for it to get even
a Hebrew keyboard, and more importantly - iTunes store is still not available
(as I'm told), 8 years (!) after it was open in the U.S.

And again, don't blaim Akum - I don't think Akum is more powerful or greedy
than the RIAAA or whatever in the U.S. If iTunes still isn't available here
it's because Apple didn't bother.

> For example, someone I know went to Office Depot the first day they
> were selling legally imported iPads and a person from iDigital was
> there answering questions and doing demos.  The iPad came out of the
> box with Hebrew support.

Indeed. But believe it or not, until about a year ago, iOS did *not* come
with Hebrew support (especially no Hebrew keyboard). People were selling
various apps on the appstore for adding a rudementary Hebrew keyboard.

> BTW, despite what many people say, Steve Jobs was very supportive of
> open source. The actual MacOS is open source (though with a

I think there is no doubt that apple changed, some for the better and
some for the worst, but changed - when they came out with ipod (2001)
itunes (2003) and iphone (2007). Perhaps it has a few pieces of openness
from before that era, but it shed most of its openness during those years.
Mac OS X was released in 2001 - just before those "end of openness" years.

-- 
Nadav Har'El|   Tuesday, Oct 25 2011, 
n...@math.technion.ac.il |-
Phone +972-523-790466, ICQ 13349191 |Debugging: the art of removing bugs.
http://nadav.harel.org.il   |Programming: the art of inserting them.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

37 matches

Mail list logo