Microsoft pulled a Sony!

I think the two things I said pretty much cover it. One for drive virtualization, another for accessing drives with other filesystems.

I guess if they banned sptd or ext2fsd there might be some backlash, 'cause many people use either or both.

edited 22nd Sep '11 2:30:46 PM by SavageHeathen

Yes. Your graphic card? Third party driver. LAN and Wi-Fi? Likely also third party drivers. Any third party device requiring a driver, really. I already stated a use I have for drivers that the makers couldn't afford or couldn't be arsed to get signed.

edited 22nd Sep '11 2:33:12 PM by Fighteer

What if they baked those capabilities into the OS? MS has been on a kick towards that sort of stuff for ages. Alternatively, what's so hard about making these third-party interfaces compatible with SMB or Homegroups or whatever thing Win8 uses?

Those are not third party. The hardware manufacturer provides the drivers — they are first-party as far as the hardware is concerned. If you can afford to produce thousands of graphics cards, you can afford to get your driver signed.

Edit: Dammit, I have to be more careful which post I click the Edit button on.

edited 22nd Sep '11 2:33:41 PM by Fighteer

You can't activate 3D acceleration on a virtualized Windows Vista or Windows 7, since you need to install an unsigned Virtual Box-made driver to do it. There should be an I know it's unsigned, I want to do it anyway option that is non-hijackable by malware (i.e. requiring the Administrator to type his password... on a screen dialog full of stern warnings)

edited 22nd Sep '11 2:36:04 PM by SavageHeathen

I thought you meant relative to Microsoft. Anyway, the Atmega programmer driver thing, for instance, is a first party driver that is unsigned.

I think that the Ultimate Edition lets you use unsigned drivers, but it costs a lot more than Home Premium.

edited 22nd Sep '11 2:40:06 PM by Balmung

Savage Heathen, I think you underestimate the ability of casual users to ignore security warnings. By Murphy's Law, any opportunity for someone to say "okay, please infect my computer with malware" is likely to be taken by a nontrivial portion of the user base. Heck, look how much user data is lost to phishing, when you'd think everyone would know to be careful of it by now. *

Requiring an administrator password is a solution that causes as many problems as it solves with the same casual users, as you'd have to store that password at the hardware/firmware level, and most people would have long forgotten it by the time the rare unsigned driver upgrade came around, requiring endless hours of tech support headaches.

A better solution is probably what was said above: provide an unlocked Ultimate Edition for the tinkerers.

edited 22nd Sep '11 2:45:41 PM by Fighteer

There were two reasons people were pissed off- one, being able to install linux was advertised as a feature. And two, Sony started going after people who installed linux with lawsuits.

Sort of? I was under the impression they outsource a lot of the tech to other tech companies, or purchase components from them. I know they stopped making their own desktop processors back when they adopted Intel, because they were paying way too much money to produce inferior chips.

Anyways, reading this...

The fuck? Microsoft, didn't you learn any goddamn thing from your horrible practices of making IE impossible to uninstall, or forcing computer component distributors to sell only Windows? As I read it, this is essentially banning any computer capable of running Windows 8 from installing Linux, and if you think anyone is going to bother selling computers that can't run Windows, ha.

What if there was a separate advanced mode that the user had to specifically enable, buried deep inside a system preferences menu where lusers are unlikely to find it?

Something like an "Enable unsigned driver install". Driver installs would still require confirmation, and the dialog would be different and scarier from the regular install requires privileges shtick.

edited 22nd Sep '11 2:49:08 PM by SavageHeathen

That only matters from an antitrust perspective. Anyway, MS is seeing the writing on the wall with the PC market and wants a piece of the tablet/smartphone market... and quite honestly doesn't give a flying fuck about Linux users.

No, the only way to make this workable is to have it be an edition feature. That way you can deter casual lusers from even having the opportunity to enable that setting simply by making it more expensive.

edited 22nd Sep '11 2:49:06 PM by Fighteer

So we get charged extra for the privilege of having Microsoft treat us like grown-ups?

(thread hop)

I just had a look at the technology in question, it would appear that basically, it'd be a BIOS (well I guess it's UEFI now) setting for secure booting. If you want to install linux, you'd turn that off. PC won't really be capable of making win8-only hardware, because remember, these guys don't just sell to one market. Some people make server hardware, others make tablets or handsets and they aren't about to destroy themselves by locking up with just MSFT and forget the three or four other major OS out there. Linux is standard for servers these days, it'd be stupid to think that manufacturers would give that up for paying thousands of dollars per machine for Win8 Server Edition... or free Linux.

MSFT isn't as powerful as it used to be an anything non-PC would be a total no-go with this type of control. They'd build the system with secureboot, but only if the OS supported such a thing. Anyway, secureboot is more like "corporation controls what software you use" boot, a perverted application of an actual security mechanism.

edited 22nd Sep '11 2:53:26 PM by breadloaf

@deathjavu: Apple always bought processors from other companies, it was IBM and Motorola before Intel.

As for the IE thing, as I understand it, it's just a shell for Windows Explorer (the file manager for Windows).

OK, fine, to be technical, Apple assembles their own hardware, (though still putting a lot of pressure on suppliers for specs that fit their designs).

Point is, Microsoft software is destined for non-Microsoft devices, but is demanding certain support now that could (not necessarily, perhaps have some unlocking mechanism that requires a working level of technical knowledge) adversely impact consumer choice on those (again, not-Microsoft-produced) devices.

edited 22nd Sep '11 3:57:41 PM by Tangent128

this makes the extremely wrong assumption that microsoft, like Sony and Apple, actually make hardware for consumers to buy. Nope.

"CURRENT LINUX MACHINES CAN'T INSTALL WINDOWS 8!" is, in fact, a more accurate headline. Windows 8 requires UEFI with support for secure booting. As in, an extra feature of UEFI systems. turn that function off for all other O Ses that you're installing.

Microsoft is doing nothing to limit Linux installation. they are, in fact, limiting their own Windows distributions in the name of security.

They don't make hardware for you to buy, but they hold those who do by the balls.

Basically, this news means you can't have a PC dual-booting Windows 8 and Linux. Or you can't buy one type of PC and change your mind later about which OS you want.

The easiest way around would be to have a non-GPL wrapper with a secret key around GRUB 2, then load Ubuntu from there. Such key would trust anything except known Linux malware. Of course, Windows wouldn't trust that key: Fair enough. We'd only need a way to mount interoperable media partitions for dual-booting Win/Linux systems.

What concerns me isn't the locking down of the bootstrap process... It's a sensible anti-rootkit measure. When your boot gets compromised, you grab the Windows 8 Recovery disc and restore your system to its last point before the rootkit outbreak happened.

If we were able to trust all parties involved, this would be a non-issue... Still, as it is, the potential censorship/software distribution monopoly/Über-DRM/assorted anti-user measures are chilling.

edited 23rd Sep '11 6:44:37 AM by SavageHeathen

Short version:

By the time Windows 8 is no longer vaporware, a release of Grub will have been signed by a certificate authority and this will be a non-issue.

Ending this issue once and for all:

Spiffy new BIOS-replacing UEFI offers significant benefits over the blue-and-gray keyboard-only interface of old. It's a more robust, easier-to-navigate interface thanks to the GUI and mouse support, but more importantly the Unified Extensible Firmware Interface will help with those 7-second Windows 8 boot times. When Microsoft started talking about the Secure Boot technology it built into Windows 8, some Linux users grew concerned that their OS would be locked out of OEM machines.

Thankfully, that's not the case: as Microsoft explained in its latest Building Windows 8 blog, Secure Boot is a feature of UEFI that Windows 8 will take advantage of to prevent malware—not other operating systems—from jumping into the boot process.

Microsoft laid out the major points of its Secure Boot system and how it works with the UEFI BIOS to improve OS security:

• UEFI allows firmware to implement a security policy
• Secure boot is a UEFI protocol not a Windows 8 feature
• UEFI secure boot is part of Windows 8 secured boot architecture
• Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure
• Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components
• OE Ms have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform
• Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows

Microsoft's Windows Certification program with OE Ms will ensure firmware doesn't have control over the Secure Boot process, making it impossible for malware to sneak into the process and disable security. Secure Boot is based on the Public Key Infrastructure used to certify firmware.

If you planned to dual boot Windows 8 with another OS, rest easy—Secure Boot won't interfere.

edited 24th Sep '11 12:46:21 AM by revertedtozero

Yeeeah I thought as much. It didn't make much sense to me for UEFI to be bowing to Microsoft design specs.

Especially considering that UEFI is largely Intel's baby, and Intel is a big Linux supporter.

Okay, good. Can we close this thread now?

In theory, the "OEMs free to customize security levels" could still cause frustration if implemented in certain ways.

But I think we have established that Microsoft is not to blame if they do so, so the accusation of this thread has been resolved. No lock objection.

No lock objection: If we stumble across more Microsoft sheanigans, we can just open another thread.