Bonum Certa Men Certa

How Secure Boot Could Have Ruined My First Linux Experience And Why IBM Is Making Things Worse.

Reprinted with permission from Ryan Farmer. Also available in Gemini

Historically, using Free and Open Source Software has been a “license to tinker”, and Linux was no exception.



If it didn’t do something you needed it to do, you could patch it with “something I found”.



If that hadn’t been the case, I would have never been able to start using Mandrake Linux in the 1990s.



You see, the family computer had this horrible piece of hardware in it called a “Winmodem”. And let me tell you about those.



Pretty much as the name implies, the manufacturer dropped a Windows driver, which essentially was the modem.



Theoretically, this had benefits, like the modem could be updated by simply installing a new driver, since most of the logic for the thing is in the software, which runs on the computer, in the Windows 98 kernel in my case.



But that benefit hardly ever materialized. If any manufacturer actually sold you a modem and then later updated you to v.90 or v.92 or something, I’m not aware of it.



They left me at K56Flex and x2, two competing specifications written by rival companies, that predated the ITU standard for v.90 and v.92 56k dial up modems.



Fortunately, most ISPs supported one, the other, or both, in which case it would go ahead and work, but the modem itself was STILL a problem.



Because you only had the Windows driver, and because it implemented the entire modem, without Windows, the modem did nothing. You had no Internet access at all. Dead hardware.



Fortunately, I found the source code to a module that I could compile and add to Linux, and it made the modem work well enough, that I could at least get by until I had saved enough to buy a Zoom 56k modem that supported the actual ITU standards.



The Winmodem was a parasite. Even under Windows, the damn thing made the entire system hang whenever it picked up or hung up the phone line, and then while it was running, it stole CPU time for the driver.



So, this is basically my “Richard Stallman and the Printer” story.



Eventually I was able to remove the Winmodem and the (somewhat unstable) out-of-tree driver, but when I needed to patch the kernel, nothing stopped me. Nothing could have stopped me because nobody had lost their mind and thought Microsoft was a security company.



We didn’t have these ridiculous “Security” charades by the purveyor of the least secure software on the planet.



(“Secure” Boot offers no advantages and the GNOME Desktop has even been tarred and feathered by a “Security” Theater screen by people at IBM Red Hat…… I use KDE now.)



While it is much less common now to encounter the need to run unsigned modules, everyone should be allowed to, without Microsoft in their way. Or in the way of even booting the computer.



Unfortunately with IBM Red Hat’s assistance, crazier things than “Secure” Boot are happening.



This includes the outlandish notion that most of the file system should be read-only (“immutable”) and shouldn’t be within the user’s reach because Apple does this with a toy OS.



How is the user supposed to edit flat configuration files to make systemd (their other disaster) behave differently? How is the user supposed to take software they want in /opt and put it in /opt?



I don’t think you can. And the “Transactional Upgrade” system sounds horrible.



An “everything or nothing” upgrade of every package on the system, even if some are broken, and the only thing you can do if some are is roll the entire thing back?



I will never install a distribution with an immutable file system.



These distributions are worse than useless.



Even IBM Fedora, which has been banging this drum the loudest, has had an immutable “spin” forever, says they’ll make it “Workstation” someday, and well, that hasn’t happened.



There’s just no way to make it actually work. Not if you want to configure the system at all, or do something like dnf update –security.



Don’t even get me started on “kernel lockdown”, where even root is somehow not allowed to change kernel variables.



If a user has so seriously misconfigured their system that a vulnerability exists, let them live with that.



But this really has nothing to do with Security. It’s about walling the user off from their own computer to enforce Windows, or at the very least, make Digital Restrictions Malware (DRM) more effective on Linux.



Quit screwing up my laptop.

Recent Techrights' Posts

Certificate Authority Let's Encrypt Has Almost Gone Down to Zero, Nearly Totally Extinct in Geminispace, the Few Capsules Still Using It Are Spam/Dead/Stagnant
This represents another decrease for Let's Encrypt; the last decrease was last week
Trying to Silence Techrights Was a Huge Mistake
Peter Thiel attacked a publisher for asserting, correctly, that he was gay. Now everyone knows it.
 
Gemini Links 07/09/2025: Scanner, Slop, and Chadobear
Links for the day
The UEFI 9/11 is 3 Days Away
Nobody denies that bad things will happen
Google Versus Journalism
Google played a big role in the demise of news sites
Gemini Links 07/09/2025: Advertising, Decentralized Archival, and Outsourcing to Bezos
Links for the day
Not Much Left in News Cycles
To be very clear, this does not describe "Linux" anything; it's true in just about every facet of news, except the paid-for fake "journalism" about "hey hi" (sites getting paid explicitly to maintain or rekindle hype)
Throwing Away "Old" Computers (Mozilla and Other Climate Deniers)
Mozilla is not leftist
The UEFI 9/11 - Part VIII - Denial of Service and Selling Us WSL (Windows) Instead of "Risky" (Prone by Breakage by Microsoft) GNU/Linux
Restricted Boot (so-called 'SecureBoot') does not improve security. It is nothing but trouble. It's meant to trouble non-Windows users. In dual-boot setups, SecureBoot is a recipe for disaster because Microsoft keeps erasing or tampering with the boot sector, to paraphrase an associate
Slop is Extremely Rare in Geminispace, Slop Images Are Unheard Of (Despite Images Being Supported)
As long as Geminispace grows in terms of domains it's safe to predict the protocol will still be used in 2029 and hence Geminispace will turn 10
Links 07/09/2025: Robodebt Class Action, Fines, and Copyright Settlement
Links for the day
Links 07/09/2025: Yle Impersonated in Social Control Media, Boat-Attacking Orcas, Midjourney Sued Again
Links for the day
Slopwatch: LinuxSecurity, Linux Journal, and the Serial Slopper
Google won't tackle the issue because Google participates not only in relaying slop but also in generating lots of it
Links 07/09/2025: Google Fines in EU and "Your Internet Access Is at Risk"
Links for the day
Gemini Links 07/09/2025: Little Brother and Corporate Theatre
Links for the day
Links 07/09/2025: More Harms of Slop and Anthropic's Nightmare Scenario (Huge Legal Liabilities for Slop)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, September 06, 2025
IRC logs for Saturday, September 06, 2025
Microsoft Sites Now Talking About September's Mass Layoffs at Microsoft
It's noteworthy that even Microsoft's MSN now covers the latest revelations about mass layoffs
Gemini Links 06/09/2025: SpellBinding Moving and "The Cloud" Ridiculed
Links for the day
Slopwatch: On "the Apology Industry", Chatbots (Punchbag for Customers), and Fake Articles About "Linux"
"news reporting priorities changed"
Links 06/09/2025: "Covid Incidence on the Rise" and Many Attacks on the Press Worldwide
Links for the day
The Register Bill
The Register MS - putting the "MS" in your centre of the universe
Analogies for "Memory Safety" in Rust
Don't worry, it's Rust! It can do anything!
Nobody Denies That SecureBoot Will Cause Problems After September 11
Not even Microsoft
Gemini Links 06/09/2025: Infinite Scrolling and Posting from Emacs
Links for the day
Links 06/09/2025: GitHub Meltdown Over Slop, "U.S. Jury Says Google Should Pay $425 Million in Privacy Lawsuit"
Links for the day
Despite Its Severe Financial Problems Gnome Foundation Inc Paid Rosanna Yuen Over 100,000 Dollars Last Year
maybe relocation should be considered
The "Left" and the Right"
It poisons everything
Mozilla and Rust Are Not Leftists
they're part of the mass consumerism machine
Disposable to Microsoft
There is an extensive set of people who got used by Microsoft, only to be thrown away a month later or a year later or a decade later
The UEFI 9/11 - Part VII - This Coming Week Many PCs Will Refuse to Boot "Linux" (Because of Microsoft's Expired Certificate)
The real solution is, disable "secure boot" or "SecureBoot" while it's still possible. [...] Just like submarine patents, a lot of this problem was "hibernating" for a while
The Thing Nobody in Red Hat Wants to Talk About Openly
There is a real sentiment or worry among Red Hatters, Europeans and Americans in particulars (because of higher salary expectations)
Slopwatch: Small Parade of Fake News About "Linux" and Scams Borrowing the Name (or Word) "Linux"
In practice, LLMs are a risk
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 05, 2025
IRC logs for Friday, September 05, 2025
Genini Links 05/09/2025: Community, ROOPHLOCH, and PITkit
Links for the day
Links 05/09/2025: Vaccine Sceptics Poison the Well, Two Exploited Vulnerabilities Patched in Android
Links for the day
Gemini Links 05/09/2025: Logitech Lift and DIY Gemini Servers
Links for the day
Links 05/09/2025: Sainsbury's Caught Spying on In-Store Shoppers and Microsoft "OpenAI is Using Legal Threats to Harass its Critics"
Links for the day
BASIC Predates Microsoft by Over a Decade, Microsoft-Controlled Sites Like The Register MS Don't Want You to Know This
The state of the media is really bad when it relies a lot on oligarchs' money and is appointing editors who are working for oligarchs
Brian Kernighan, "Only Third to Dennis Richie and Ken Thompson" (UNIX), Agreed With Someone Who Said Rust Was Just Hype, Should Not Replace C
17 hours ago
Reminder: Microsoft's "Secure Boot" Certificate for "Linux" Will be Expired in One Week
Many PCs won't manage to 'rotate' to another certificate
"Many of the Red Hat Employees Are Still Looking for Work"
Shame on IBM's CEO
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, September 04, 2025
IRC logs for Thursday, September 04, 2025
Microsoft Started With Code Literally From The Trash, Nothing Has Improved Since
The reality is, there are systems and code that are reliable. But they're not Microsoft's.
Hypothesis That New McKinsey/Microsoft Executive Inside Red Hat Will Outsource Research and Development Operations to India (Like They Do in IBM)
IBM is floundering
Slopwatch: Scams, Fake Articles About "Linux", Plagiarism, and Worse
Perhaps some time soon the LLMs or the "Big LLMs" will run out of money (to borrow) and go offline, leaving those slopfarms in a tough place