Re: [ubuntu-uk] heads up - Secure Boot Problems for Linux Users Are Here Already
On 02/06/12 15:56, Alan Bell wrote: Could linux foundation do the same for the servers? beause they can be cracked in a similar way? servers generally won't get the secure boot thing. Odd really because it kind of makes more sense to me in that context. Probably because the biggest market for servers is corporate customers who have their own IT department and who would very quickly go see another supplier if they had to fiddle with settings in order to install the operating system of their choice on their systems. For a typical large corporate that regularly installs dozens of servers, any change in installation procedure means: * Re-train the whole of IT, * Change all training and documentation material, * Update the process of how business units get servers commissioned, * Find a way to phase in the new process while phasing out the old one, * Getting confirmation from suppliers of what exact models will have UEFI so that they can have clear guidance: if model A, then do process 1 else do process 2, * Factor in additional costs and delays for the inevitable cock-ups that will happen. It's an interesting game that Microsoft are playing and I'm wondering whether their primary motivation is to lock competition out or to force the last refuseniks off XP and onto a more recent version of Windows. From an OEM perspective, what could happen is that you would see UEFI on consumer ranges first, where customers tend to just go with what's pre-installed, and then slowly see it appear on business ranges, where customers tend to wipe the pre-installed OS and replace it with their in-house image. The fact that this logic is completely at odds with the security benefits of UEFI secure booting only makes sense if you see it from an accounting point of view: secure boot is a technical tool to mitigate the risk of a server getting compromised. This is modelled as a risk with associated cost (cost of rebuilding a compromised server, checking if it's the only compromised one, potential reputation costs, etc). Most companies already mitigate that risk using firewalls, intrusion detection systems, etc. Mitigation is not perfect so there is a residual risk with associated cost. UEFI secure boot is then an opportunity to reduce this residual cost through additional mitigation. If the cost saving that results from migrating the estate to UEFI secure boot is lower than the cost of actually doing it, companies will just stay put with what they have, accept the risk and pay the price whenever the risk is realised. So the fact that servers won't get the secure boot option is simply a sign that nobody has yet managed to demonstrate that the cost of introducing secure boot in a corporate environment was lower than the potential cost of the risk it mitigates. Cheers, Bruno -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] heads up - Secure Boot Problems for Linux Users Are Here Already
On Sun, 2012-06-03 at 12:39 +0100, Bruno Girin wrote: On 02/06/12 15:56, Alan Bell wrote: any change in installation procedure means: * Re-train the whole of IT, * Change all training and documentation material, * Update the process of how business units get servers commissioned, * Find a way to phase in the new process while phasing out the old one, * Getting confirmation from suppliers of what exact models will have UEFI so that they can have clear guidance: if model A, then do process 1 else do process 2, * Factor in additional costs and delays for the inevitable cock-ups that will happen. Cheers, Bruno You missed one important step in the process of change The time spent by It peeps running around like headless chickens going oh no, not again! -- Regards, Bill B. [SuperEngineer] -- -Registered Linux User 523667- -Registered Ubuntu User 32366- -Free as in Freedom-- -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
[ubuntu-uk] Branded Ubuntu Disks
Hi I've a selection of branded Ubuntu CD's. 8.10 Server, 9.10 Desktop etc, plus tons of Ubuntu stickers. Does a Ubuntu Fanboy/girl want them before they go in the bin? Colin -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Branded Ubuntu Disks
Hey, I wouldn't mind some of that, how much would it cost for postage or whatever? Joe Sent via BlackBerry® from Orange -Original Message- From: Colin McCarthy binarysig...@gmail.com Sender: ubuntu-uk-boun...@lists.ubuntu.com Date: Sun, 3 Jun 2012 15:30:22 To: ubuntu-uk@lists.ubuntu.com Reply-To: UK Ubuntu Talk ubuntu-uk@lists.ubuntu.com Subject: [ubuntu-uk] Branded Ubuntu Disks -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/ -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Branded Ubuntu Disks
No clue what postage would be but probably not much, so happy to cover. Email me directly your address and I will send on Wednesday. Colin On 3 June 2012 15:34, Joe yothsogg...@gmail.com wrote: Hey, I wouldn't mind some of that, how much would it cost for postage or whatever? Joe Sent via BlackBerry® from Orange -Original Message- From: Colin McCarthy binarysig...@gmail.com Sender: ubuntu-uk-boun...@lists.ubuntu.com Date: Sun, 3 Jun 2012 15:30:22 To: ubuntu-uk@lists.ubuntu.com Reply-To: UK Ubuntu Talk ubuntu-uk@lists.ubuntu.com Subject: [ubuntu-uk] Branded Ubuntu Disks -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/ -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/ -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] heads up - Secure Boot Problems for Linux Users Are Here Already
- Mensaje original - On 02/06/12 15:56, Alan Bell wrote: Could linux foundation do the same for the servers? beause they can be cracked in a similar way? servers generally won't get the secure boot thing. Odd really because it kind of makes more sense to me in that context. Probably because the biggest market for servers is corporate customers who have their own IT department and who would very quickly go see another supplier if they had to fiddle with settings in order to install the operating system of their choice on their systems. For a typical large corporate that regularly installs dozens of servers, any change in installation procedure means: * Re-train the whole of IT, * Change all training and documentation material, * Update the process of how business units get servers commissioned, * Find a way to phase in the new process while phasing out the old one, * Getting confirmation from suppliers of what exact models will have UEFI so that they can have clear guidance: if model A, then do process 1 else do process 2, * Factor in additional costs and delays for the inevitable cock-ups that will happen. It's an interesting game that Microsoft are playing and I'm wondering whether their primary motivation is to lock competition out or to force the last refuseniks off XP and onto a more recent version of Windows. From an OEM perspective, what could happen is that you would see UEFI on consumer ranges first, where customers tend to just go with what's pre-installed, and then slowly see it appear on business ranges, where customers tend to wipe the pre-installed OS and replace it with their in-house image. The fact that this logic is completely at odds with the security benefits of UEFI secure booting only makes sense if you see it from an accounting point of view: secure boot is a technical tool to mitigate the risk of a server getting compromised. This is modelled as a risk with associated cost (cost of rebuilding a compromised server, checking if it's the only compromised one, potential reputation costs, etc). Most companies already mitigate that risk using firewalls, intrusion detection systems, etc. Mitigation is not perfect so there is a residual risk with associated cost. UEFI secure boot is then an opportunity to reduce this residual cost through additional mitigation. If the cost saving that results from migrating the estate to UEFI secure boot is lower than the cost of actually doing it, companies will just stay put with what they have, accept the risk and pay the price whenever the risk is realised. So the fact that servers won't get the secure boot option is simply a sign that nobody has yet managed to demonstrate that the cost of introducing secure boot in a corporate environment was lower than the potential cost of the risk it mitigates. Cheers, Bruno thanks for the info guys! Got more than I need! I was a bit concernd that some servers were using arm as well. But clearly it will not be a problem. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] heads up - Secure Boot Problems for Linux Users Are Here Already
On 03/06/12 19:03, Andres Muniz wrote: thanks for the info guys! Got more than I need! I was a bit concernd that some servers were using arm as well. But clearly it will not be a problem. Well, until proved otherwise :-) Bruno -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
