| DistroWatch Weekly
If you've enjoyed this week's issue of DistroWatch Weekly, please consider sending us a tip.
(Tips this week: 0, value: US$0.00)
|Linux Foundation Training
|Reader Comments • Jump to last comment
1 • Pantheon Linux (by Dr.Saleem Khan on 2012-07-30 09:31:17 GMT from Pakistan) |
In the times when arch linux is getting harder and harder to install for newbies this shower of arch based/forked distro is a pleasant change . But I wonder why Pantheon Linux download page is BLANK with nothing available for download at present .
2 • Ubuntu 12.10 Alpha 3 fixes more bugs on Dell Vostro 360 (by Gavin R. Putland on 2012-07-30 09:39:04 GMT from Australia)
On the Dell Vostro 360 all-in-one PC, getting a full-high-definition Linux desktop has been a major headache (cf. http://www.grputland.com/2012/05/linux-on-dell-vostro-360-use.html ).
To my knowledge, Ubuntu 12.10 ("Quantal Quetzal") Alpha 2 was the first distribution to give full HD on the Vostro 360 without fiddling with the boot parameters, and without risking a permanent blank screen whenever you checked the display settings, detected displays, or locked the screen; and it was the first distribution to let you suspend and resume, although this required some tweaking.
Now Alpha 3 brings the following improvements: *
(1) You no longer need extra boot parameters in order to suspend and resume;
(2) When you resume, you no longer need to press a brightness button in order to turn the display back on.
However, you still need the boot parameters "acpi_osi=Linux acpi_backlight=vendor" to enable the brightness control via the hardware buttons or System Settings. Then everything seems to work.
The only apparent regression that I have noticed is that the "screensaver" is bright white. That will surely be alterable in the release version.
In summary, it looks as if Vostro 360 owners will have reason to upgrade to a non-LTS release.
* Hardware: Dell Vostro 360 with Core i3-2100 processor and integrated Intel HD 2000 graphics. Boot media: Live USB stick created with "sudo dd if=quantal-desktop-amd64.iso of=/dev/sdc bs=16M".
3 • Mageia's Distrowatch Ranking ??? (by Bob on 2012-07-30 10:04:11 GMT from Austria)
While it is pretty obvious why Mint and Ubuntu are leading the Distrowatch ranking, I completely fail to understand why Mageia is in front of Fedora, Debian and Opensuse. Well, Debian might be a bit boring to some but Opensuse (especially the upcoming 12.2) and Fedora feel way more solid than Mageia. "Inflated Distrowatch page hits" or did I miss out on something great?
4 • Secure boot (by Koroshiya Itchy on 2012-07-30 10:17:38 GMT from Belgium)
For the last years I have always purchased computers with no OS pre-installed and therefore I guess that the "secure boot" feature is not likely to affect me. I also hope that a decent hack will be ready even before Windows 8 is released. Any news on that?
5 • @3 "Inflated Distrowatch page hits" or did I miss out on something great? (by greg on 2012-07-30 10:28:50 GMT from Slovenia)
If someone checks out a distributiuon page on distrowatch it doesn't mean that:
1. they donwloaded it
2. they downloaded it and tried it in live session
3. they installed it on their computer
it just means they had a look at the page about Mageia (in this case)
6 • Q&A - Adding menu items in Gnome Shell (by silent on 2012-07-30 10:50:49 GMT from Hungary)
How can I add menu items with parameters to Gnome Shell without the command line. What I mean is things like "LD_PRELOAD=/usr/lib32/libv4l/v4l1compat.so skype", "vlc ~/channels.conf" or "firefox distrowatch.com". It appears to be quite an ordinary task so there must be a graphical user interface to do that in a modern desktop environment. So far I could only find the Quicklaunch extension, which is good, but it is not integrated with the main menu or sidebar.
7 • Running Gsettings out of a Gnome session (by Osqui on 2012-07-30 10:55:36 GMT from Spain)
I want to run gsettings from a kickstart file in order to do an unattended installation with some postconfigurations (like automatic change of the desktop background, for example) but it haven't been able to do it. It seems that gsettings doesn't work if a Gnome session hasn't started yet.
Someone has a workaround?
8 • @1, Arch and @4, Secure Boot (by TobiSGD on 2012-07-30 11:52:46 GMT from Germany)
@1: "In the times when arch linux is getting harder and harder to install for newbies this shower of arch based/forked distro is a pleasant change"
Those distros are nice for people that know how Arch works, but I would not recommend them to beginners, for one simple reason: Arch, due to its rolling release nature, can and will break. If you have installed regular Arch using the Beginners Guide you have gained basic knowledge about the system you run and where to start troubleshooting. But distros that are considered to be "Arch easy to install" completely omit this first learning step. A newbie will be completely clueless what is going on, unable to fix his "easy" system.
@4: " I also hope that a decent hack will be ready even before Windows 8 is released. Any news on that?"
There is no hack needed. If you buy your (x86) hardware with the Windows 8 logo you will get hardware that have to has an option to disable Secure Boot or, if you want to use that feature, to add your own custom keys.
9 • Mageia Q & A (by GTarn on 2012-07-30 12:29:46 GMT from United Kingdom)
Mageia uses American English in its Menu, even when the user in the UK has set the default language as British English. Some developers seems to believe that American English should be the default language of the Internet and of computers throughout the globe set to English language, irrespective of country and culture, and this is plainly a step too far. There are 60 million people here in the UK and it would be better for us to use our own language. See:
Having said that, Mageia looks like a sweet operating system run by dedicated people. Please realise, Mageia, that some Brits love their own language and want to use that language on their computers at home and at work.
If a British coder or hobbyist can find the time and feels capable of taking on the task of revising the Mageia Menus for UK users, please ask to join Mageia and help out UK users here. It would be doing your country a favour.
10 • Mageia Ranking (by eddie on 2012-07-30 12:39:56 GMT from Germany)
Greg at post #5 is right. Nonetheless, Mageia has developed nicely. I installed it on a (by todays standards) old PC and it works pretty well. Almost painless from a to z. I recommended it to my wife (lifetime Windows user) in order to fix her increasing Windows XP-problems - and she is now using Mageia happily.
The only problem is - as with any other distro - support for non-supported hardware (like e-g some printers and scanners). But that's not Mageias fault at all but the hardware-vendors fault (Hello Canon, hello Samsung, hello HP... ;-) ).
11 • OpenBSD (by Jesse on 2012-07-30 12:46:58 GMT from Canada)
I have to wonder if Theo de Raadt's comments were taken out of context or if he didn't think before speaking. Without efforts by organizations like Canonical, Red Hat and FSF we'd probably be facing secure boot technology without the ability to turn it off. As it is these organizations pushed hard for compromises and the ability to use secure boot if the user wants it. This is pretty big and they're giving users more choices.
Theo calls this effort on behalf of open source users traitorous and goes on to insist someone step forward and "do the right thing", but then he admits he doesn't have a plan and doesn't seem to know what that "right thing" is. Secure boot obviously isn't going away, so I wonder what he would want open source companies to do? Roll over and die? Force all open source users to use old or fringe hardware? I don't particularly like the concept of secure boot, but since it is coming I think it is important to have companies like Red Hat and Canonical step up to make their distributions work with the technology.
12 • #9 (by eddie on 2012-07-30 12:47:12 GMT from Germany)
A bit harsh, ain't you? If you want it fixed, then report a bug or fix the bug yourself if you are a coder. Other languages are also not fully supported yet (e.g. in Dolphin, some parts are english when you selected e.g. german as main system language). That the system uses american english whenever there is a hole in the language-packages is better than having to read cryptic symbols. And btw: Other distros have the same "problems".
Relax and btw. ... GB is pretty irrelevant nowadays. :-P
13 • @8 Secure Boot (by Koroshiya Itchy on 2012-07-30 12:47:24 GMT from Belgium)
Ok, if that is the case, Secure Boot does not represent a practical problem. However, it remains questionable both from the ethical and legal points of view. About the first concept, they clearly do not care at all. Concerning legal issues, I guess that the notion of trying to put obstacles for a given user to decide which software is installed in his computer could be considered a violation of both the American and European antitrust laws. Namely, because of the fact that MS already has the monopoly of the desktop market.
14 • Inflated Mageia's Distrowatch page hits (by bam on 2012-07-30 13:22:24 GMT from United States)
Inflated Mageia Distrowatch page hits: This is indeed true.
It seems like you get a certain group of people, coming in and just " hitting" Mageia. These rankings are getting to be a farce.
A distro gets a poor review, and the next day it gets a massive uptick??
15 • @1 re Pantheon Linux (by Willie Green on 2012-07-30 13:31:35 GMT from United States)
So now we have to pay for a menu installer?
16 • Inflated Mageia rankings (by Bam on 2012-07-30 13:41:08 GMT from United States)
@3So what exactly is causing this? I mean, Mageia is obviously not that popular (it should rather be around Mandriva I guess). I think most Linux users wouldn't even recognize the name 'Mageia'. Maybe a lot of Mageia users visiting Distrowatch lately?
Would it be some kind of enthusiasm towards the distribution maybe?
And it is possible to "game" the HPD stats, although I confess I neither know nor care exactly how one does it. But it's been done before, and it will no doubt be done again.
PCLinuxOS did do something like that at one time, which inflated their numbers at Distrowatch.
People want to see their Mageia going strong, come in and inflate the numbers. It is so obvious.
17 • @13 Secure Boot (by denflen on 2012-07-30 13:51:53 GMT from United States)
Love your slant on this coming disaster. I build my own computers, and would not be surprised to find Secure Boot preloaded in the motherboard. I don't even want to see an option for it. That is BS! Let's hope somebody picks up the Antitrust Violation and runs with it. How many novice users will even attempt to install a Linux Desktop anymore?
18 • Secure Boot (by trans on 2012-07-30 14:13:23 GMT from United States)
@#8 ARM based systems will not be allowed to have a Secure Boot disable option. So how much longer do you think it will be until all systems are the same?
Sadly, I am becoming increasingly of the opinion that that only way to stop Microsoft's desktop monopoly is to organize hammer squads to enter major computer retail stores and fix the problem squarely where steel meets keyboard. Public awareness needs to be drawn to this issue in a bad way.
19 • Changing desktop backgrounds from the terminal (by Nathan Zachary on 2012-07-30 14:18:22 GMT from United States)
Having not used a desktop environment for many years, I'm not sure if this will work inside of GNOME, KDE, Xfce, et cetera, but it works with the window managers that I use (Openbox or PekWM). Using a very lightweight programme called feh, one can set the background with:
feh --bg-scale /path/to/image
I'd certainly be interested in hearing whether or not that works inside of a full DE.
20 • RE: ARM based EMBEDDED systems and Secure Boot (by Eddie on 2012-07-30 14:33:04 GMT from United States)
"ARM based systems will not be allowed to have a Secure Boot disable option."
@18, You do know that this is talking about Windows embedded systems with ARM processors? Again this is another attempt to stir something up without knowing the facts. Being an embedded system, it makes turning off Secure Boot irrelevant.
21 • @11,20 (by notsure on 2012-07-30 14:59:39 GMT from United States)
11: At least he was honest about no plan for 'secure' boot. after reading the article, except for using the term traitor, he really doesn't slam them. Think about it, canonical and red hat have a large user base - they would likely have the most success here, but their motives are not for the good of the FSF/OSS...
As always, he is taken out of context, most likely due to name-calling, but the content is worth thinking about. What is wrong with waiting and developing a strategy that works, rather than bowing?
20: I wouldn't say he's a nut, he advocates for openness, plain and simple. Read through his name-calling, and think about what he is actually saying
22 • About "Secure Boot" (by Cyber-Steve-97504 on 2012-07-30 15:00:18 GMT from United States)
I am a "homebrewer" myself, denflen, and I have been both building my own desktop systems and "retro-fitting" Linux to other machines that I purchased with some version of Microsoft Windows already installed "at the factory".
Therefore, this "Secure Boot Controversy" interests me. Can anyone out there on the Internet suggest a "primer" on what is planned with "Secure Boot"? This might well take the form of a web page or URL...
Given the huge(and expensive) controversy over Microsoft Internet Explorer about 1998-2000, it is a sad comment on Microsoft's current management that they seem to be up to their old tricks in 2012. Regarding the IE controversy, the folks over in Europe did, I think, slap Microsoft with a major anti-trust(is that what they call it "on the other side of the Pond"?) judgment in 1999 or 2000? Microsoft and/or Bill Gates, as I recall, contributed about $3,000,000,000 to George W Bush's presidential campaign in 2000 and when he was "elected", the Justice Department shelved further action against Microsoft in this country. (A coincidence, "brothers and sisters"?)
By-the-Way, an article on the "Secure Boot Controversy" would a welcome addition to a future issue of DDW,,,
23 • Secure Boot (by ladislav on 2012-07-30 15:42:48 GMT from Taiwan)
I, for one, am with Theo on this one. Microsoft has a long long history of trying everything in its power to destroy any competition and there is little doubt in my mind that this is another one of those brilliant Ballmeresque ideas that is designed purely to stop other operating system to be on equal footing with Windows. Microsoft has never ever played fair and square in this market. I also agree with 18 - confrontation, rather than cooperation, is the answer and the most powerful Linux companies companies, like Red Hat and Canonical, should lead the way. Sadly, they just let Microsoft dictate their terms. They are pathetic, really...
24 • Arch and ease of use (by claudecat on 2012-07-30 15:47:36 GMT from United States)
We all know that Arch is not meant for the linux newcomer and that there are ways to make it easier to install (Archbang, Bridge, etc). Some have made the point that taking such shortcuts deprives the user of the experience necessary to maintain their system as it "will break". While there is truth in this, it is also true that no distro does a better job at documentation. Anyone willing to read can prevent and/or work around any breakage by simply checking the website/forum and paying attention to the output of pacman -Syu. It's not as difficult as some claim.If you can read you can maintain Arch easily.
25 • Ubuntu Made Easy (by Glenn Condrey on 2012-07-30 16:07:41 GMT from United States)
I'm glad to see Mr. Rickford Grant receiving some press for his "Ubuntu Made Easy" books.
He's been plugging away at it for awhile now..this is just the latest incarnation of that book.
I've been reading his books for awhile now....he has also written about other distros (my first Rickford Grant book was about Xandros Made Easy).
Mr. Grant is a great author...I too have found his books infectious and fun to tinker along with. I'm also proud to call him my friend.
26 • re 23 - secure boot (by corneliu on 2012-07-30 16:31:21 GMT from Canada)
Both RedHat and Canonical are commercial companies. They take the decisions that make sense for them from an economic point of view. Would you rather have RedHat and Canonical weakened by bad economic decisions or have them take not-so-popular but financially sane decisions? Let's not forget that these two companies bring a lot of value to the Linux community.
27 • Mageia, Secure Boot and Theo de Raadt (by Blue Knight on 2012-07-30 16:42:23 GMT from France)
Fedora more solid than Mageia? At first, Fedora solid? Mwhahaha I use Fedora on a desktop but I'm laughing... (and I have now Mageia 2 on a laptop)
> "There is no hack needed. If you buy your (x86) hardware with the Windows 8 logo you will get hardware that have to has an option to disable Secure Boot or, if you want to use that feature, to add your own custom keys."
Sorry but no, not really. You're wrong, nearly.
What says Theo de Raadt is dumb, totally. We can be very astonished to see someone like him saying something like: "We have no plans. I don't know what we'll do. We'll watch the disaster and hope that someone with enough power sees sense." This is dumb, idiot and quite serious... It seemed this man was not so dumb usually...
28 • Mageia (by corneliu on 2012-07-30 16:53:00 GMT from Canada)
It is obvious that the HPD stats do not reflect the installed base of Mageia. But I have no doubts that Mageia is a very popular Linux distro. I think the main reason for Mageia's sudden popularity is because it fills a void. Right now, of all Linux desktop environments, KDE is by far the sanest, most customizable, most flexible, best desktop oriented desktop environment. Also, KDE's look and feel is at least on par with any other DE. There is a need for a great KDE oriented distro. Mandriva left a void in this area and Mageia promptly took advantage of that. Mageia may not be as good as Fedora but the KDE integration is better compared with Fedora. I know Suse has good KDE integration but Novell's and now Attachmate's Microsoft friendly policies pushed a lot of users to move to other distros such as Mageia.
29 • @18, Secure Boot (by TobiSGD on 2012-07-30 16:55:59 GMT from Germany)
"ARM based systems will not be allowed to have a Secure Boot disable option. So how much longer do you think it will be until all systems are the same?"
ARM based iOS devices are closed, most ARM based Android devices are closed. Microsoft is doing nothing new in this segment and when you look at their market-share on embedded devices I doubt that this will have a serious impact.
"Sadly, I am becoming increasingly of the opinion that that only way to stop Microsoft's desktop monopoly is to organize hammer squads to enter major computer retail stores and fix the problem squarely where steel meets keyboard. Public awareness needs to be drawn to this issue in a bad way."
Yes of course, making this public with raging through computer stores will in any case let the Linux people bring their case to the public and will have no negative consequences for the Linux world.
You must be joking.
Those are commercial entities, there is only one way to make your case clear to them. You don't want Secure Boot on your ARM device? Then don't buy one with Windows on it. You want to be able to install the Linux distro of your choice on your x86 mainboard? Then make your homework and buy hardware that let you disable Secure Boot or add your own keys. Surprisingly, you will find that you get this option guaranteed only with hardware that has the Windows 8 logo.
30 • @24, Arch (by TobiSGD on 2012-07-30 16:57:57 GMT from Germany)
"If you can read you can maintain Arch easily."
If you can read you can install Arch easily.
31 • @27, Secure Boot (by TobiSGD on 2012-07-30 16:59:55 GMT from Germany)
"Sorry but no, not really. You're wrong, nearly."
Nope, I am not. Just read the requirements for getting the Windows 8 logo.
32 • @28 and ladislav (by Blue Knight on 2012-07-30 17:03:02 GMT from France)
I agree with you about KDE but Fedora better than Mageia, er...
We can not agree with you about this, not at all. "confrontation"? What "confrontation"? 80/90% vs. about 5%, at best almost. "confrontation"? Mwhahaha lol
And even, we can also not be absolutely agree about "purely to stop other operating system"...
33 • Secure Boot drama (by DavidEF on 2012-07-30 17:09:09 GMT from United States)
This whole conversation about Secure boot has veered too far into FUD. Yes, Secure Boot is Microsoft's new plan for world domination through anti-competitive practices. But that is not the end of the story. It is required to be present in hardware, and, for ARM devices, to be locked down. But, this requirement is not to RUN Windows 8, as the articles and comments all seem to suggest, it is to CERTIFY the devices. Windows Logo certification is how vendors and end-users are supposed to be able to know that a certain Windows version will run on the hardware in question. You are not required to certify your hardware in order to install Windows on it. OEM's that are smart enough to see what Secure Boot really is can choose not to use Secure Boot on their hardware. They just won't be able to certify their hardware with MS Windows Logo Certification. Most ARM devices are not, and probably won't be, Windows devices. On x86 devices, any OEM that wants to stay in business will make it dead easy to bypass, disable, or use Secure Boot with any OS. They can do this and still certify their hardware. The ball is really in the OEM's court. MS has made their obvious boneheaded play. OEM's now need to choose either to be on the side of the consumer, or follow Microsoft's path to obsolescence. Microsoft is not so powerful in today's computing market. After all, they ONLY have a DESKTOP monopoly! They fail miserably in any other field they try to enter, unless you're an Xbox fan :)
34 • @ Pantheon Linux & Arch Linux and other forks (by Dr.Saleem Khan on 2012-07-30 17:16:50 GMT from Pakistan)
I agree that Arch Linux is not for newbies : anyone who wants to install and use arch linux will ultimately subject himself/herself to manual tweaking ( which is most of the arch linux`s basic concept plus the command line package management and manual interventions needed off and on to avoid the "feared breakages" .
I prefer and did the native arch installation once and did not need to reinstall ever again for almost 2 years now and I am sure that recent script based arch installation will not prove to be as difficult as it is feared and apprehended because as I mentioned earlier if you want to use arch you must be ready for whatever the developers offer you or build something of your own and use that to install and maintain arch linux ( as mentioned by someone related to arch linux in DW last week ).
But the need & importance of recent arch forked distros can not be undermined either . Newbies can easily install arch linux using any of these forks and gradually learn to do things the arch way because no matter whatever they use to install arch linux they have to do things according to arch`s concept or they will be forced to quit the distro sooner or later .
I have found Bridge Linux useful in one way : it comes with different desktops based versions and it is easy for me to install and configure arch based system for my friends and in other places where i want to build an installation in a shorter time period . The same I applied in our college`s computers lab where our principal demaned to have dual boot system with linux and windows 7 and Bridge Linux did the job for me much quicker than the native arch installation would have done .
Lastly I don`t think arch linux breaks more frequently than any other distro would : like any other distro it will break for you as often as expected unless you are doing the things rightly and you know what you are doing . For me Arch Linux makes it a better computing life than I saw with any other distro that I tried in my distro-hopping life before I settled down with arch linux.
35 • @ 30 (by claudecat on 2012-07-30 17:49:44 GMT from United States)
Try an Arch install using wireless with WPA and an essid that consists of multiple words. It can be done, but it took lots of trial and error and was not adequately covered in the otherwise great Arch Beginner's Guide. Sadly, I don't recall exactly what I did to finally make it work... I now use Archbang for installs and look forward to testing Bridge for the same purpose.
Other than that, you are correct; my point was just that Arch maintenance is MUCH easier than Arch installation, requiring far less reading. I've only experienced breakage through personal laziness, and it has always been fixable with a quick perusal of the forum or main web page.
I agree completely with Dr Khan. Very well stated.
36 • Welcome secure boot (by stratus on 2012-07-30 17:51:19 GMT from India)
I welcome secure boot, because, there will be hardware created without secure boot to compete, and then it is going to fireback at Mickysoft and Linux will come up strong against.
you will see how to bypass secure boot, after it launch, perhaps you have to wait for 6 to 8 months to hack it.
37 • @36, Secure Boot (by TobiSGD on 2012-07-30 19:41:08 GMT from Germany)
Again, I wonder why this is so hard to understand: If you don't want to use Secure Boot just disable it. No hack needed at all.
38 • Secure Boot (by Marti on 2012-07-30 20:05:09 GMT from United States)
With respect to Comment 4 from Koroshiya: I am more than sure that Microsoft and the governments are going to make No OS, and open source BIOS, PCs illegal. This will give absolute power to those entities. OEMs will not choose to be on the side of the consumer. (See Comment 33.) They will be forced to conform to "National Security!" Apple is going to probably have to go through the same motions. Odd, US government mandating security standards to benefit a major corporation, against US citizens, on PCs mostly made by overseas, underpaid, overworked, slave-like laborers.
39 • Secure boot = Secure Monopoly (by Jeffersonian on 2012-07-30 20:46:52 GMT from United States)
I see here screams of unjustice, when a few large corporations are trying to monopolize the desk-top, and make it impossible to run free open-source sofware on commercially available hardware.
But there are ways, even simple ways to fight the endless endeavours of the monopolists.
Just stop moaning, and please be creative...
Right or wrong, I tend to believe that open-source firmwares and open hardware platforms could be a possible answer to the problem.
Another one, could be to exp-lain everyone that they should not buy a locked hardware platform, unless perhaps it has been developed as a single product ?
Like Apple corporation who develop the hardware and the software together... using open source software, by the way !
Thomas Jefferson undestood the need for separation of church and state.
Now we need a good separation of software and hardware !
I cannot wait for you suggestions, here on Distrowatch knowing that small companies may be eager to develop a nice open hardware platform, if there is good software and customers for it.
Could you create a sspecial page towards this endavour?
And yes, I did open my mouth :-)
40 • Dumb as Dirt (and real dirty) Securebooters (by Woody Oaks on 2012-07-30 20:47:36 GMT from United States)
Not too many years ago the Canopy Group, a Linux distributor doing business as Caldera, bought SCO and then, two and a half years later, changed its name to SCO and began to sue businesses which were using Linux computing systems; eventually their net of retardation came to include their own clients and even Novell, from whom SCO had originally purchased their licence to use (but not to own) Unix 5R4 years earlier.
Do you remember all the people who took that joke seriously? It occupied quite a lot of federal court time for quite a few years, a litigation-underwriting industry of no small size arose, and many a technology journalist opined the demise of the Linux kernel. The joke itself was almost too dumb to be believed, but the FUD it caused was real indeed. So don't dismiss the dangers of Secure Boot because of its inherent absurdity. Consider all the supposedly-rational businesses which continue to conduct all of their operations and maintain all of their records in Microsoft's secret codes, secret codes to which they can have no access and over which they can exercise no control. Consider that a considerable portion of our entire civilization is submitting the record of its intellectual activity to this vault also. Yes, stupidity is suicide - a suicide bomber.
41 • Secure Boot (by TobiSGD on 2012-07-30 21:27:41 GMT from Germany)
It is really hard to believe for me how widespread the FUD, coming from uninformed bloggers (or bloggers that intentionally spread FUD to get more clicks on their site) is in reality:
I would recommend to think about following facts:
1. Many governments, especially in Europe, Russia, China and India, are using Linux and open source software for their own systems. How likely is it that they will support a system that would lock their software out?
2. Microsoft is not implementing the hardware part of Secure Boot. There are even efforts from Intel developers, they are working on an open source version of UEFI, including Secure Boot. What tells us this? Microsoft does not control your hardware.
3. As I have stated many times before: The Windows 8 Logo program requires for x86 hardware that there has to be an option to disable Secure Boot and that there must be options for the user to add their own custom keys to it and remove the Microsoft keys. Hardware that does not fulfill these requirements simply does not get the Logo.
So Microsoft is actively pushing the hardware manufacturers to make it possible to use other OSes.
42 • @ 28 Magia (by vw72 on 2012-07-30 21:46:59 GMT from United States)
I agree with what you say regarding Mandriva and Magia, Fedora, Suse, etc. But don't forget Kubuntu. It ships a pure KDE desktop but also includes all of the advantages of Ubuntu in terms of huge repositories, 3rd party support, etc. It also has a very active and friendly community.
Some people complain that it isn't as visually appealing as Suse, however, that is because it ships the default theme and layout selected by the KDE developers instead of branding it with kubuntu choices.
Anyway, if you are looking for a KDE distro to try that has the latest KDE but is stable, lots of software, etc. You should check out Kubuntu, particularly if you are used to Ubuntu as the underpinnings are the same.
43 • About books (by Jesse on 2012-07-30 23:11:03 GMT from Canada)
Hey all, I've got a question for you. Some people have sent me feedback about the book review. I received some nice comments and a few suggestions and I appreciate it. I'm considering doing another book review sometime down the line and I'd like to know something: Do you prefer the idea of having a book review presented as a Feature or as a Q&A/Opinion piece? In other words, would you like to see a DWW issue with both a distro review and a book review, or a book review and a Q&A column? I feel most people probably come here for the distro reviews and news, so I think if I'm going to talk about books it makes sense to do so in the place of an Opinion piece. Thoughts?
44 • More About "Secure Boot" and UEFI (by Cyber-Steve-97504 on 2012-07-30 23:33:07 GMT from United States)
At any rate, I started a "Google" search and it located a Wikipedia article on this important topic. This article rather compactly gave me an outline of the UEFI/Secure Boot dispute and some of the relevant technical details. High marks, Wikipedia!
By-the-way, since I am proficient only in English, I simply cannot say whether Wikipedia has articles on this topic which are as good in other languages. It has been noted elsewhere that English is pretty close to a universal language in the topics of Information Technology and Computer Science today.
The article which I found was at the following URL
Incidentally, despite the temptation, I absolutely reject the "hammer attack" approach to the problem. If this was intended as a joke, I am not at all amused. However, if some more reasonable actions can be taken now to "head 'em off at the Pass", I think that we should do that.
Microsoft tried to "push" some considerably less outrageous restrictions on computer software in the case which I cited(the "Internet Browser War" of 1998-2000) and they did not succeed then.
The Wikipedia article summarized the "bait and switch" tactic which Microsoft seems to have tried regarding Windows 8, UEFI and the ARM microprocessor family.
The UEFI/Secure Boot Dispute makes Microsoft look very bad and, arguably, they deserve no better.
45 • Re: About books by Jesse (by tdockery97 on 2012-07-31 00:13:29 GMT from United States)
I personally enjoyed it presented as you did in this issue. Nice job Jesse.
46 • Changing desktop background from command line (by Steve from Ferndale on 2012-07-31 00:29:46 GMT from United States)
On XFCE and some other desktop mangers, my desktop wallpaper is a symlink named Wallpaper.jpg that is linked to a real image file. I just delete the old symlink and create a new one to the new image file. Reload the desktop and done... new wallpaper.
47 • @33 (by Adam Williamson on 2012-07-31 06:15:18 GMT from Canada)
That's not the important thing about certification. Companies which want to sell computers with Windows pre-loaded have to comply with the Microsoft certification requirements to buy copies of Windows from Microsoft at OEM rates (which are significantly lower than retail prices). If you don't comply with the certification requirements, Microsoft won't sell you OEM Windows licenses; you'd have to buy all your copies at retail. This isn't really practically workable for any normal hardware manufacturer. In practice, they all comply with MS's requirements and buy their copies of Windows from Microsoft. Just about any computer you can buy at retail with Windows 8 pre-installed will comply with the Win8 certification requirements, in practice.
"On x86 devices, any OEM that wants to stay in business will make it dead easy to bypass, disable, or use Secure Boot with any OS. They can do this and still certify their hardware."
They are _required_ to make it possible to disable Secure Boot in order to get certification.
48 • Ubuntu book (by Slightly Reticent on 2012-07-31 06:56:11 GMT from United States)
On Amazon, already discounted:
"List Price: $34.95 ... Price: $19.06 ..."
Unlike full list price at No Starch.
49 • Mageia (by Distro Hopper on 2012-07-31 07:23:53 GMT from United States)
Instead of another demise, a group of developers formed a viable group and salvaged an near-enterprise-quality distro. Why wouldn't that attract DistroWatch readers' interest? Let's encourage and support this newborn community.
50 • MageiaXMint (by zykoda on 2012-07-31 07:26:43 GMT from United Kingdom)
It seems to me that Mageia waxes as Mint wanes: Pure speculation on my part of course! Remember Mandrake (later Mandriva pre Mageia) was top some years ago. The basis is good but financially turmoiled over the past decade.
51 • Changing the desktop background from the command line (by Arseny - n on 2012-07-31 09:27:02 GMT from Russian Federation)
I think feh utility can do this on xfce with "feh --bg-max file".
52 • RE: Secure Boot (by Koroshiya Itchy on 2012-07-31 12:18:54 GMT from Belgium)
These are the relevant Wikipedia articles:
It seems that (quote) "disabling Secure Boot must be possible on x86/x86-64-based devices but 'MUST NOT be possible' on ARM-based devices". So it seems that, from a practical point of view, the issue will affect primarily ARM-based devices.
The MicroSoft states that (quote): "At the end of the day, the customer is in control of their PC. Microsoft’s philosophy is to provide customers with the best experience first, and allow them to make decisions themselves". Which essentially means that secure boot will be enabled by default in all systems and that it will up to the user to disable it. Most likely, if you try to disable it from Windows 8, you will go through a scary disclaimer message stating how unsafe it is to disable this feature.
This means that the hardware will be effectively sold locked, even if reversibly and temporarily (except for the ARM machines). For me this is not acceptable. But then, that is what Apple is doing, and in their case it is not even reversible. The difference is that Apple is a also hardware company and therefore they sell you both the hardware and the software (even if the hardware is produced in China by FoxConn and the software is a hack of BSD).
If a campaign is initiated I would focus on making Secure Boot an option but never activated it by default. The machines should be sold unlocked. The OS could give the user the option of reversibly lock the machine but then a disclaimer should be displayed informing the user that such option will prevent another OS to be installed as long as it is enabled.
One can claim that selling OS-locked machines would consolidate the effective monopoly of MicroSoft in the desktop arena.
Would this make sense?
53 • @47 "required to make it possible to disable Secure Boot" (by Pearson on 2012-07-31 12:29:02 GMT from United States)
"They [Certified Windows 8 PC distributors] are _required_ to make it possible to disable Secure Boot in order to get certification."
From Wikipedia <http://en.wikipedia.org/wiki/Secure_boot#Windows_8>:
In January 2012, Microsoft confirmed it would require hardware manufacturers to enable secure boot on Windows 8 devices, and that x86/64 devices must provide the option to turn it off while ARM-based devices must not provide the option to turn it off.
54 • @47 OEM Pricing is tied to the Logo Cert Program? (by DavidEF on 2012-07-31 13:03:50 GMT from United States)
Thank you for that revelation. I didn't know the OEM's had to use the Windows Logo Certification program in order to qualify for OEM pricing. I'm sure you're right, that it would make NOT certifying their hardware impracticable. Still, as I said before, most ARM devices are not Windows and probably won't be. And the x86 platform has the option of turning off Secure Boot or changing the keys. So, OEM's still have the ball in their court. The question for me is "Will the OEM's work on behalf of the consumers, or will they give Microsoft a closed 'private playground' to play in?"
55 • secure boot (by Nate on 2012-07-31 14:30:54 GMT from United States)
While the W8 implementation of secure boot is a crime against humanity, I'm glad EFI is becoming more mainstream.
While I'm against software restrictions, I'm glad MS is at least trying to improve security, "even though as usual, the results will be laughably bad."
Still, the issue remains of how to ensure people can still use an OS other than W8. While it's indeterminable if RH and Canological are sell outs for purchasing licenses, it's a safe bet that they're safe in the short run.I assume Mint will survive, since it's Ubuntu with some additional and replaced packages. The same with other direct compatables of licensed distos. There may be problems with the Mandriva family.
The non-commercial && non-commercial derived distros will need to find a way to survive. While many of them, including all of the wallbuntus should be safe, the remainders should look at other options. One idea is that we should purchase one license for Linux at the level of the Linux foundation. That way, almost all of the Linux versions will be safe "except for DSL." The BSDs might want to cooperate in a similar fashion. One advantage of this plan is that all of the commercial Linux distros will be able to operate as a team against this mutual threat, with additional support from the non-commercial versions. Does anyone else this this idea is viable?
56 • Secure boot continued. (by Nate on 2012-07-31 14:41:14 GMT from United States)
We may be able to use this to our advantage. If we can get the OEMs angry enough at MS, which may be doable with the slate, they may be willing to cooperate with the BSD/Linux/Amiga/etc. family. This could give us an advantage.
The only problems with this plan are that in order to work, some of the OEMs will have to get ticked off at MS "which will only happen if they start cannibalizing their sales" and the OEMs will have to be willing to consider this OS family as a viable alternative "Which will only happen with half of them under the best conditions."
Still, if MS and the OEMs screw up and succeed in the correct combinations, Linux, BSD, Amiga, Minux, and the opensolaris derivative that I can't remember the name of should be safe without any significant effort.
Still, purchasing licenses at a top developer level or the top of derivative chains is probably the safest, if not-unethical plan.
57 • Even more secureboot planning (by Nate on 2012-07-31 15:07:58 GMT from United States)
You raise a critical point about users being scared to disable secureboot. The Disabled by default plan should work, but it's missing one detail: "how to get the OEMs to ship secureboot off by default." This may be compatible with the plan outlined in #56, but I think we should implement other plans as well.
#1 is a great point. Getting governments around the world on our side would be an excellent means of ensuring an open implementation of secure boot. This could be easily done within: USA, all of the EU countries, Russia, and India. It may also be workable to get help from countries which use a non-MS supported language, which have always been a strong suit of the UNIX family. I think we should focus on the commonwealth countries as well. These won't be as easy, but attempting to get government help from them would be a smart move.
58 • secureboot on ARM (by Nate on 2012-07-31 15:30:06 GMT from United States)
While we will probably be safe with X86, does anyone have any idea on how to fix the secureboot problem on ARM? I have some, but they're mostly impractical, so I would appreciate alts.
0. Reverse-engineer the software update features load a third-party system on-board disguised as an update. This could be done just to disable secureboot, or it could be used to create a dual-boot situation. This process would need to be tailored to each individual device model.
1. Try to get laws passed that ban restricted booting on devices. This is unlikely to work.
2. Manually modify the hardware to load a third party OS. This would be really hard to do.
3. Exploit the kernel flaws in windows so we can modify the boot process enough to load a third party OS.
4. Anything anyone else can come up with.
I know these are bad plans for fixing secureboot on ARM, but could someone please suggest better ones?
59 • @58 (by Adam Williamson on 2012-07-31 15:45:33 GMT from Canada)
If you really want to load a third-party OS on a Windows ARM device it'll have to be some kind of 0 or 3 - just like locked-down cellphones, you'll need someone to come up with some kind of 'unlock' exploit. The alternative is fairly simple: don't buy Windows ARM devices. There are plenty of other types of ARM devices available, from ones similarly locked-down with another OS that may be more to your liking, to open, hackable devices. It's not like the x86 market where, if you're buying a pre-assembled system, it's almost certainly going to have Windows on it.
60 • @53 (by Adam Williamson on 2012-07-31 15:46:23 GMT from Canada)
I was referring specifically to x86, as is clear from the context you cut out of your quote.
61 • Use kquitapp to finish Plasma Desktop instead of pkill (by Josep on 2012-07-31 16:05:42 GMT from Spain)
Instead of finishing the Plasma Desktop with pkill you can use the command kquitapp plasma-desktop
62 • installing whatever OS & software you want on ARM (by Julian on 2012-07-31 16:49:22 GMT from United States)
do a google search on these terms:
"how to root galaxy nexus"
"how to root nexus 7"
I'd post the same for raspberry pi, but there is no need to root a raspberry pi as they are already not locked in any way.
63 • @58 and 59 Alt OS on SecureBoot ARM devices (by DavidEF on 2012-07-31 19:57:00 GMT from United States)
In reading these two posts, I have to agree with Adam Williamson's "simple" alternative: "don't buy Windows ARM devices. There are plenty of other types of ARM devices available"
We should support vendors that sell unlocked ARM devices, and somehow send a message to those OEM's and vendors that support the locked down Windows ARM idiocy. If they can clearly see that 1) we have money to spend, and 2) there are enough of us to matter, and 3) we won't be buying their "locked" junk, then maybe we can encourage some of them to offer a free(dom) alternative.
The other solution I will whole-heartedly support is to hack their silly "security", install any OS we want, make them look like fools, and use the hardware on our terms!
64 • Books (by Glenn Condrey on 2012-07-31 20:50:50 GMT from United States)
@Jesse...I like the way you did the book review this week. I wish you'd keep it.
I passed along your review with one of the authors no less....Rickford Grant is a FB friend....and he was pleasantly surprised at the review you gave the book.
So yeah....make it a feature if you have to. There are not that many good linux 'how to follow along with' books for new people out there.
Rickford has been putting out good manuals for years now (I have his Xandros themed linux howto still with Xandros 3.0 OCE)
The only other good author I know...is Dee Ann LeBlanc who did the Fedora themed "Linux for Dummies". I dunno if she is still involved with that however.
65 • @63 (by Adam Williamson on 2012-07-31 23:07:39 GMT from Canada)
I'm not sure how giving them your money makes them look like fools...
66 • command line background (by commandliner on 2012-08-01 01:16:09 GMT from United States)
There are many tools that can change backgrounds from the command line in addition to feh including esetbg. Since I always have imagemagick installed on my computers for batch image work, I don't go through the hassle of installing other things like feh. If your wallpaper will scale (I edit mine so they do), it's pretty easy:
% display -window root -size 1280x800 path/to/wallpaper
67 • oops (by commandliner on 2012-08-01 01:17:58 GMT from United States)
68 • Desktop backgrounds (by Johannes on 2012-08-01 09:22:35 GMT from Germany)
Thanks a lot for this tutorial on desktop backgrounds. DW is much more than only Distro lists :-)
69 • @42 Kubuntu (by John on 2012-08-01 10:28:05 GMT from Europe)
Absolutely agree on these comments about Kubuntu. Whatever reputation it may have had in the past, it is now an excellent distro and I appreciate the minimal amount of branding layered over KDE.
However, I think the best thing about this distro is the kubuntu-low-fat-settings package. I'm running on modest hardware and with that package installed it absolutely screams and allows KDE to run well on less system resources than you would expect. I believe you could achieve the same with any KDE distro by playing with the settings, but not this easily/quickly. .
Particularly useful as I am finding Unity/Gnome shell sluggish on the same hardware and am not aware of a similar, easy way to their boost performance like that.
70 • Changing your Xfce wallpaper (by Stefan on 2012-08-01 12:56:59 GMT from Sweden)
There is another way to change your wallpaper in xfce. I use a small script to do it automatically every 5 minutes. The tool that does the trick is xfconf-query:
xfconf-query -c xfce4-desktop -p /backdrop/screen0/monitor0/image-path -s path_to_image.png
71 • @65 A fool and his money? (by DavidEF on 2012-08-01 13:01:35 GMT from United States)
Of course, in the end, you are right. They will be happy to sell us more locked hardware, while they laugh all the way to the bank. But, I was specifically referring to making them look like fools in regard to security, not that they need any help with that. Secure boot will be hacked, and at least we will know they are fools! The greater good will come if OEM's see that there are enough people who don't want Secure Boot, AND if Secure Boot is a non-feature due to being hacked.
72 • Book Reviews (by Jose Mirles on 2012-08-01 13:42:53 GMT from United States)
I really enjoyed the book review. The way it is currently presented is great.
Please do not just review books on distro. Expand out to other Open Source topics, e.e., applications, programming, security, etc.
If you could find a newbie book on setting up and maintaining a Home network, with a file server and a media center, i have a couple of folks that would love it!
73 • Books (by Jesse on 2012-08-01 15:29:22 GMT from Canada)
Thanks for the feedback on the book review. If I do another one it won't be distro-specific, I'd rather focus on something any Linux/BSD user can get into.
@Glenn, thanks for passing along the review to Rickford Grant. He has a talent for explaining technology in a way people can understand. I think people should definitely check out his other Linux books.
74 • RE #43 (by A. Person on 2012-08-01 16:08:20 GMT from United States)
Book review and Q&A every other week.
Another possibility is a guest book reviewer to lighten your load and provide more book reviews.
75 • Secureboot (by ShadowJack on 2012-08-01 17:45:25 GMT from United States)
As I understand it, the whole point of securebooting is to make Windows more secure. Hasn't this been the No.1 gripe against them in the first place?
76 • @75 Secure Boot (by DavidEF on 2012-08-01 20:18:22 GMT from United States)
The whole 'selling' point of Secure Boot is to make Windows more secure. You're right about that. There are at least two problems I see:
1) We cannot trust Microsoft's definition of "secure" because in the past, they've shown their interest is to make their own bottom line secure, not the user's computers.
2) We cannot trust Microsoft to get anything right. How many other features has Microsoft copied from either Apple or Linux? Have they done anything as well as that which they copied? I just read an article that claims that Apple had 'Secure Boot' first, and MS is copying them. The problem with copying Apple is that the MS platform (Windows) and the MS ecosystem are so different that they can't hope to have positive results.
Apple has a right and the ability to lock their hardware because they make both the hardware and the software. We also have the right to not buy their stuff if we disagree. Microsoft still has a monopoly in the desktop, so they don't have the right to lock it down. They also don't control the hardware, so they can't hope to know what in the world they're doing, and do it right.
It is my belief that the only "security" MS even hopes to achieve from Secure Boot is financial security for themselves and maybe secondarily their OEM partners. It won't help us at all. Plus it will make our hardware harder to use, not only for those wishing to install an open OS, but even for those who simply don't like the "Improvements" in Windows 8, and wish to downgrade to Windows 7 or even XP.
In fact, MS may be more scared of that than of Linux, BSD, etc. When Vista hit the market, people were contacting their vendors DEMANDING that they provide XP drivers, so their computers could be downgraded to the better OS. I'm sure the vendors turned it around on MS as well. That had to hurt. Windows 8 will be a bigger departure from what people are accustomed to than Vista was. MS is going to lose a lot of business this time around. Secure Boot will help by preventing the downgrades without putting vendors on the spot. Anyone wishing to buy a new computer will have to take Windows 8, or buy an enterprise service contract from Microsoft for the "priveledge" of installing XP or Win7.
I'm just so thankful that there is, for now anyway, hardware available without this Restrictive Boot technology, so we can still have the option of using free and open OS on our computers. Maybe the OEM's will see the disaster coming and swerve to avoid it, so THEY can be free as well as WE.
77 • Laptop Advice with Secure Boot Coming (by Jim on 2012-08-01 20:30:08 GMT from United States)
I am in the market for a laptop with windows 7 on which I will dual boot some linux distro. From what I am reading, it would appear I should by a laptop with w-7 Before w-8 comes out, to avoid all of the secure boot hassle. Is this correct. I currently use lubuntu 12.04.
78 • RE;77 (by greg on 2012-08-01 23:12:24 GMT from United States)
Sounds like a good idea, even without the secure boot issue. Who knows how many bugs windows 8 will have initially.
79 • Longhorn's echo? (by Woody Oaks on 2012-08-02 02:54:52 GMT from United States)
Windows 8: Windows Revistad?
80 • @75 Secure Boot (by Koroshiya Itchy on 2012-08-02 08:46:38 GMT from Belgium)
"...the whole point of securebooting is to make Windows more secure..."
I agree with DavidEF. That is indeed the DECLARED objective. The question is: Is it really the primary objective?
I doubt it. Firstly, because Microsoft has a tradition of very aggressive pro-monopoly strategies. Secondly, because I do not really think that this feature is going to make Windows significantly more secure (provided that 99.999999999 % of the external non-intrinsic Windows threads come from the internet).
It seems clear for me that the whole point about secure boot is to put an obstacle on the way of other operating systems. Not only free OSs such as GNU/Linux, but also older Microsoft OSs such as Windows XP. In fact, the main problem for Microsoft in the desktop arena right now is not called Linux, it is called Windows XP, which is still, by far, the main operating system installed on desktops worldwide right now.
I believe that MS is having a harder struggle for de-rooting XP and preventing users to downgrade than fighting against free software.
81 • @80 (by Patrick on 2012-08-02 16:00:04 GMT from United States)
"...the whole point of securebooting is to make Windows more secure..."
...The question is: Is it really the primary objective?
...It seems clear for me that the whole point about secure boot is to put an obstacle on the way of other operating systems.
Exactly. That's how they intend to make Windows "more secure". I'm convinced that when they say that, they really mean "make it's position in the market more secure". :-)
82 • Secure Boot (by fernbap on 2012-08-02 16:05:34 GMT from Portugal)
I don't know in which way secure boot would make any OS more secure. That is curiously similar to smartphones being locked for a specific operator. That in itself adds nothing to security.
I agree that the greatest threat to MS monopoly is, as Balmer himself said, the huge number of pirated copies of XP. However, Balmer himself had said that allowing piracy was "the most successful long term marketing strategy" for MS, which in itself shows how MS is concerned about security.
It is also a way to hide the fact that, so far, XP has been the most successful windows by far, and win 8 will not change that. In fact, it will add to the problem.
Typical monopolist strategy: let the other companies open the markets, having to support its costs, and then invade it and take over it.
Secure Boot will add nothing to security.
83 • @80 @81 @82 (by Adam Williamson on 2012-08-02 19:02:30 GMT from Canada)
"I don't know in which way secure boot would make any OS more secure"
It's never a good idea to boast about ignorance. ;)
84 • @83 Speaking of ignorance... (by DavidEF on 2012-08-02 20:37:51 GMT from United States)
I'm glad you posted those links. I didn't know those pages existed, even though I've been searching the internet for all the info I could find. If you have any more, I'd like to know it.
85 • @83 Secure Boot (by Koroshiya Itchy on 2012-08-02 21:40:06 GMT from Belgium)
I prefer the original article ;-)
86 • Red Hat/Fedora Propaganda (by Landor on 2012-08-03 07:03:21 GMT from Canada)
Don't buy into any of this crap that any of the team are obviously sent out on damage control missions. It's pure bullshit if you actually use your head.
Here you have an employee telling you x86 are going to have the option to turn it off, and then saying that only arm devices that have Windows on them will be locked down, and none of you reading see the flaw here? All of you kill me, seriously.
If that's all that's going to be affected by this change, then why in the hell is Red Hat signing a deal with MS for? What, Red Hat now runs on Windows based arm devices?
Stop being sheeple. Half the time he even doesn't know what he's talking about himself, I know this for a fact from experience.
Keep your stick on the ice...
87 • @83 (by Patrick on 2012-08-03 16:19:00 GMT from United States)
I don't question that secure boot will work in what it is designed to do. It probably will. I just question the whole claimed motive. In the whole chain of firmware -> boot loader -> OS, the least secure part, the part where malware thrives, is in Microsofts case definitely the OS. There is no problem nowadays between the firmware and the boot loader. This is not the olden DOS days anymore where boot sector viruses were a big issue. If this kind of security was the real motivation, secure boot would be a solution looking for a problem.
No, in Microsofts mind, the malware they're trying to prevent from loading, or at least make more difficult to load for the average user is any bootloader or OS that isn't theirs. If a convicted monopolist with a history of foul play succeeds in having hardware manufacturers produce hardware that comes only with their key built-in, I think the prudent thing is to not assume they have good intentions.
88 • secure boot (by notsure on 2012-08-03 16:24:12 GMT from United States)
installing and using openbsd would be more secure
89 • @83 (by fernbap on 2012-08-03 16:39:13 GMT from Portugal)
"the least secure part, the part where malware thrives, is in Microsofts case definitely the OS"
Is that so hard to understand? Windows will never be secure as long as it is windows. As simple as that.
So, going for something that will keep other OSes from being run effectively reduces security, doesn't it?
90 • Security (by Jesse on 2012-08-03 16:44:17 GMT from Canada)
>> " There is no problem nowadays between the firmware and the boot loader. This is not the olden DOS days anymore where boot sector viruses were a big issue. If this kind of security was the real motivation, secure boot would be a solution looking for a problem."
I was with you up until this part. Malware which runs before the OS has made a big comeback in recent years. Just subscribe to some security bulletins for a while and you will see this is a real threat, not only for MS systems, but for dual-boot environments. Having a trusted chain between the BIOS and the operating system is becoming more important. The method of loading a trusted boot loader and kernel is debatable.
I think most developers would agree we need to address this security concern, we're just not crazy about having Microsoft dictate the implementation.
91 • @86 (by Adam Williamson on 2012-08-03 17:16:17 GMT from Canada)
You don't have to believe me if you don't feel like it. You can read the official Microsoft document. It's all there.
"Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv. A Windows Server may also disable Secure Boot remotely using a strongly authenticated (preferably public-key based) out-of-band management connection, such as to a baseboard management controller or service processor. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure Boot must not be possible on ARM systems."
That's a straight copy/paste. Is that definitive enough for you? Why would I flat out lie about something that's extremely easy to verify?
The reason we're using Microsoft's signing service is simply so Fedora will boot and install correctly on systems with Secure Boot enabled. We can't assume everyone who's interested in trying Fedora will be aware of Secure Boot and know they have to turn it off. Some people will be uncomfortable doing so. This is why Fedora - and Ubuntu, and other distros, since none of them have simply said 'we're fine with requiring people to turn off Secure Boot', AFAIK - came up with or are coming up with plans to work with SB in some fashion.
92 • @85 (by Adam Williamson on 2012-08-03 17:20:03 GMT from Canada)
What do you mean, 'original article'? Matthew is probably the leading expert on Secure Boot within the F/OSS world. He's been working on it and deeply involved in the discussions around it for years. Carla is a journalist; her story is just one of the many which was written _in the wake of_ Matthew's blogging about Secure Boot. It was Matthew's first post on the subject - http://mjg59.dreamwidth.org/12368.html - which brought the subject to the attention of the media in the first place. All the media articles post-date that blog post.
93 • @87 (by Adam Williamson on 2012-08-03 17:28:40 GMT from Canada)
It's true that there's far more malware that affects the OS than affects the bootloader chain, but that's an incomplete assessment. Boot chain malware is very potent; even though there isn't so much of it because it's somewhat tricky to implement - much harder than throwing together an OS-level piece of malware from a kit, like people do these days - it's more dangerous because it's a lot harder to detect and remove. You can't fix it from the OS level, if it's written well; it will persist across complete re-format / re-install of the OS. Why do you think Win7 pirate cracks are implemented as bootloader hacks?
Here's an interesting link for those who are seemingly convinced there's no problem with bootloader chain security and no need for SB and signed firmware updates: http://www.theverge.com/2012/8/1/3212820/persistent-undetectable-malware-black-hat-2012 . (You don't actually need SB to prevent that attack - only signed firmware updates - but it's still something a lot of people aren't aware of). That's from two days ago.
94 • @92 (by Adam Williamson on 2012-08-03 17:29:32 GMT from Canada)
Oh, I see what you mean now - the posts of Matt's that I linked to were responses to that article among others. True, but it's part of an ongoing dialog.
95 • Linux and Compatibility (by tdockery97 on 2012-08-04 20:28:51 GMT from United States)
Not being a gamer, nor having to work for a living any longer, I have been able to transition completely from Windows to Linux. I do find it interesting that so many people require Linux to be compatible with Windows, while the reverse is rarely, if ever, true.
96 • Theo de Raadt on the Secure Boot dilemma (by J. Matheus on 2012-08-06 00:08:10 GMT from Brazil)
The dogs bark, but the caravan goes on!
Number of Comments: 96
Display mode: DWW Only • Comments Only • Both DWW and Comments
|• Issue 734 (2017-10-16): Star 1.0.1, running the Linux-libre kernel, Ubuntu MATE experiments with snaps, Debian releases new install media, Purism reaches funding goal|
|• Issue 733 (2017-10-09): KaOS 2017.09, 32-bit prematurely obsoleted, Qubes security features, IPFire updates Apache|
|• Issue 732 (2017-10-02): ClonOS, reducing Snap package size, Ubuntu dropping 32-bit Desktop, partitioning disks for ZFS|
|• Issue 731 (2017-09-25): BackSlash Linux Olaf, W3C adding DRM to web standards, Wayland support arrives in Mir, Debian experimenting with AppArmor|
|• Issue 730 (2017-09-18): Mageia 6, running a completely free OS, HAMMER2 file system in DragonFly BSD's installer, Manjaro to ship pre-installed on laptops|
|• Issue 729 (2017-09-11): Parabola GNU/Linux-libre, running Plex Media Server on a Raspberry Pi, Tails feature roadmap, a cross-platform ports build system|
|• Issue 728 (2017-09-04): Nitrux 1.0.2, SUSE creates new community repository, remote desktop tools for GNOME on Wayland, using Void source packages|
|• Issue 727 (2017-08-28): Cucumber Linux 1.0, using Flatpak vs Snap, GNOME previews Settings panel, SUSE reaffirms commitment to Btrfs|
|• Issue 726 (2017-08-21): Redcore Linux 1706, Solus adds Snap support, KaOS getting hardened kernel, rolling releases and BSD|
|• Issue 725 (2017-08-14): openSUSE 42.3, Debian considers Flatpak for backports, changes coming to Ubuntu 17.10, the state of gaming on Linux|
|• Issue 724 (2017-08-07): SwagArch 2017.06, Myths about Unity, Mir and Ubuntu Touch, Manjaro OpenRC becomes its own distro, Debian debates future of live ISOs|
|• Issue 723 (2017-07-31): UBOS 11, transferring packages between systems, Ubuntu MATE's HUD, GNUstep releases first update in seven years|
|• Issue 722 (2017-07-24): Calculate Linux 17.6, logging sudo usage, Remix OS discontinued, interview with Chris Lamb, Debian 9.1 released|
|• Issue 721 (2017-07-17): Fedora 26, finding source based distributions, installing DragonFly BSD using Orca, Yunit packages ported to Ubuntu 16.04|
|• Issue 720 (2017-07-10): Peppermint OS 8, gathering system information with osquery, new features coming to openSUSE, Tails fixes networking bug|
|• Issue 719 (2017-07-03): Manjaro 17.0.2, tracking ISO files, Ubuntu MATE unveils new features, Qubes tests Admin API, Fedora's Atomic Host gets new life cycle|
|• Issue 718 (2017-06-26): Debian 9, support for older hardware, Debian updates live media, Ubuntu's new networking tool, openSUSE gains MP3 support|
|• Issue 717 (2017-06-19): SharkLinux, combining commands in the shell, Debian 9 flavours released, OpenBSD improving kernel security, UBports releases first OTA update|
|• Issue 716 (2017-06-12): Slackel 7.0, Ubuntu working with GNOME on HiDPI, openSUSE 42.3 using rolling development model, exploring kernel blobs|
|• Issue 715 (2017-06-05): Devuan 1.0.0, answering questions on systemd, Linux Mint plans 18.2 beta, Yunit/Unity 8 ported to Debian|
|• Issue 714 (2017-05-29): Void, enabling Wake-on-LAN, Solus packages KDE, Debian 9 release date, Ubuntu automated bug reports|
|• Issue 713 (2017-05-22): ROSA Fresh R9, Fedora's new networking features, FreeBSD's Quarterly Report, UBports opens app store, Parsix to shut down, SELinux overview|
|• Issue 712 (2017-05-15): NixOS 17.03, Alpha Litebook running elementary OS, Canonical considers going public, Solus improves Bluetooth support|
|• Issue 711 (2017-05-08): 4MLinux 21.0, checking file system fragmentation, new Mint and Haiku features, pfSense roadmap, OpenBSD offers first syspatch updates|
|• Issue 710 (2017-05-01): TrueOS 2017-02-22, Debian ported to RISC-V, Halium to unify mobile GNU/Linux, Anbox runs Android apps on GNU/Linux, using ZFS on the root file system|
|• Issue 709 (2017-04-24): Ubuntu 17.04, Korora testing new software manager, Ubuntu migrates to Wayland, running Nix package manager on alternative distributions|
|• Issue 708 (2017-04-17): Maui Linux 17.03, Snaps run on Fedora, Void adopts Flatpak, running Android apps on GNU/Linux, Debian elects Project Leader|
|• Issue 707 (2017-04-10): PCLinuxOS 2017.03, Canonical stops Unity development, OpenBSD on a Raspberry Pi, setting up a VPN for privacy|
|• Issue 706 (2017-04-03): Super Grub2 Disk, Snap packages of deepin applications, Subgraph OS routes network traffic for one application, announcements from Linux Mint|
|• Issue 705 (2017-03-27): Minimal Linux Live, sharing control of the operating system, new KaOS features, Uplos32 provides 32-bit fork of PCLinuxOS|
|• Issue 704 (2017-03-20): ToarusOS 1.0.4, Linux Mint's security record, Debian starts Project Leader election, Ubuntu 12.04 reaches end-of-life|
|• Issue 703 (2017-03-13): SolydXK 201701, CloudReady, Solus announces new features, KDE Connect sends text messages from desktop, openSUSE's YaST module for Let's Encrypt|
|• Issue 702 (2017-03-06): Fatdog64 Linux, elementary OS bundled with new netbook, Haiku announces new features, security and the size of a distro's development team|
|• Issue 701 (2017-02-27): OBRevenge 2017.02, Mageia 6 delays, NetBSD reproducible builds, questions about swap space, trying to steam video on a Raspberry Pi|
|• Issue 700 (2017-02-20): RaspBSD, Debian replaces Icedove with Thunderbird, Fedora's licensing guidlines, tips for switching shells, finding battery charge, getting IP address and killing processes|
|• Issue 699 (2017-02-13): Clear Linux, GhostBSD network utility ported to FreeBSD, Ubuntu coming to Fairphone, elementary OS crowd funding an app store|
|• Issue 698 (2017-02-06): Solus 2017.01.01, comparing containers with portable applicatins, Tails dropping 32-bit support, Debian Stretch enters freeze|
|• Issue 697 (2017-01-30): Subgraph OS 2016.12.30, running Ubuntu on an Android phone, Arch Linux phasing out 32-bit support, Linux Mint testing updated LMDE media|
|• Issue 696 (2017-01-23): GoboLinux 016, remotely running desktop applications, Solus adopting Flatpak, KDE neon using Calamares, TrueOS tests OpenRC|
|• Issue 695 (2017-01-16): Zorin OS 12, Peppermint team fixes installer bug, Debian refreshes Jessie media, Ubuntu improves low graphics mode, Exciting things coming in 2017|
|• Issue 694 (2017-01-09): MX Linux 16, Fedora considers systemd security features, DragonFly BSD to support massive swap space, Ubuntu Touch roadmap, Puppy's newsletter, sudo's password prompt|
|• Issue 693 (2017-01-02): Comparing small distros, fig language, video driver comparsion, Debian+PIXEL, Wayland on FreeBSD|
|• Issue 692 (2016-12-19): Bodhi Linux 4.0.0, Cappsule containers, Calculate's new Utilities package, Solus and Ubuntu MATE build new application menu|
|• Issue 691 (2016-12-12): SalentOS 1.0, openSUSE improves YaST, Fedora considers slower release cycle, KDE neon gets LTS branch|
|• Issue 690 (2016-12-05): Fedora 25, Ubuntu adopts rolling HWE kernel, running Android apps on GNU/Linux, Haiku working toward EFI support|
|• Issue 689 (2016-11-28): openSUSE 42.2, Fedora's upgrade path, plans for Korora 25, transitioning from PC-BSD to TrueOS, Webconverger's reproducible builds|
|• Issue 688 (2016-11-21): Endless OS 3.0.5, KDE neon fixes security hole, FreeBSD's Quarterly Status Report, Rolling release trial #2 concludes|
|• Issue 687 (2016-11-14): NAS4Free 10.3.0.3, Fedora gains MP3 playback, budgie-remix becomes Ubuntu Budgie, Ubuntu flavours compared, Rolling release trial #2|
|• Issue 686 (2016-11-07): FreeBSD 11.0, rolling release trial #2, Debian announces supported architectures, Simplicity switching to antiX base, farewell to Mythbuntu|
|• Issue 685 (2016-10-31): elementary OS 0.4, SUSE gains ARM support, Mint improves language support, Dirty COW explained, Rolling release trial #2|
|• Issue 684 (2016-10-24): Ubuntu 16.10, Linux popularity in different markets, Fedora runs on Raspberry Pi, Ubuntu features live kernel patching|
|• Issue 683 (2016-10-17): Refracta 8.0, making packages for distributions, Alpine switches to LibreSSL, 386BSD website publishes classic code|
|• Full list of all issues|
|Random Distribution |
GoboLinux is a modular Linux distribution - it organizes the programs in a new, logical way. Instead of having parts of a program thrown at /usr/bin, other parts at /etc and yet more parts thrown at /usr/share/something/or/another, each program gets its own directory tree, keeping them all neatly separated and allowing the user to see everything that's installed in the system and which files belong to which programs in a simple and obvious way.