On Thu, Jan 3, 2013 at 4:23 PM, gary sheppard rhyotte@gmail.com wrote:
I very much wish people would listen to what Ron just said!
As for why they are lining up behind it? Personally I think they are afraid to be seen as "reactionary" and against "progress". After all "everyone" knows secureboot will make life in computing land *Perfect*! The way it has been dressed up and loudly presented to World_+_Dog makes it seem as though anyone against it is against "progress"!
Numerous security experts have already said it is anything but secure, and it will never be secure. They have only said this quietly, and that "voice" has been minimalized, while "PROGRESS" is shouted to the heavens. Hey, look at android and how phone makers "lock" it down. Does it stay locked? No! Come on people, put your heads out of... ;)
Gary
When the FSF has been right and "everyone in the open source community" opposed them, they didn't back down. I put "everyone..." in quotes because it hasn't always been the same community, but I do feel that the term open source isn't used by the FSF for a good reason.
I'm not trying to attack people for talking about the open source community -- rather, I believe the FSF was successful for example in establishing the GPL as a popular license specifically because they had the right approach. I think they did what Mahatma Gandhi did, which was to carefully evaluate what response would *work* and then keep executing on that, basically flawlessly, until it did work.
A counterexample would have been the Hurd kernel, because it apparently wasn't executed right (again, not trying to pick on something) -- but if the idea is sound, it could still be pulled off.
The FSF has taken lots of dings over the years for standing up for what they believed, but they have still succeeded.
If Secure Boot is a bad idea (I believe it is) -- no need to attack corporate-sponsored efforts to line up behind it. I personally use Gentoo Linux which means my kernels are compiled right on my own box. Secure Boot will never work for that (specifically, getting each kernel signed for each user would never scale). Sure, I could use a shim but for me that's equivalent to accepting defeat.
I suppose we could thank the corporate-sponsored bootloaders that will make an easy path to boot and install linux during this period of uncertainty. However, Ron, let me buy you a drink sometime: we need a better solution. Coreboot could do that.
"Never give in. Never give in. Never, never, never, never—in nothing, great or small, large or petty—never give in, except to convictions of honour and good sense. Never yield to force. Never yield to the apparently overwhelming might of the enemy."
David