Bonum Certa Men Certa

Red Hat Criticised for Advancing Microsoft's UEFI Agenda

Customers? What about users?

Red Hat-Microsoft page



Summary: Bloggers sound off and rant about what Red Hat has done

IT HAS not been a good week for software freedom. Canonical gave Microsoft more control over GNU/Linux and rather than file a formal complaint (e.g. antitrust) about Microsoft's trap Red Hat decided to dive right into it.



One Free software-aware journalist calls this a "bad idea":

In November 2006, when Novell signed a patent licensing deal with Microsoft, the free and open source software community, for the most part, was predictably appalled.

But recently when Red Hat announced that it had signed a deal with Microsoft to ensure that Linux could be installed on PCs that were Windows 8-capable - in other words, those that supported secure boot - there was very little outcry. Red Hat is now trying to justify this act.

In Novell's case, it was a last-ditch - albeit foolish - attempt to try and revive its business. After a series of unwise decisions that saw it lose its number-one position in the networking business (and yes, Microsoft, took it for a ride during those days), Novell had come to the point where it was willing to try anything. SUSE Linux was looked upon as some kind of saviour after Novell bought the company in 2003 but battles between suits and geeks ensured that neither party's tactics were implemented.

Hence Novell got into bed with Microsoft. One of Novell's best and brightest, Jeremy Allison, found the atmosphere suffocating and left the company in disgust, ending up later at Google.

But after Red Hat announced its Judas Iscariot act recently, the scenario is very different. Hell, we even have the announcement of the deal being made by the wispy-thin Matthew Garrett, once a renowned flame-master on mailing lists, but now one of the best and brightest at Red Hat, one who pledges allegiance to peace, civility, diversity, and probably the Dalai Lama too.


Carla from LXer (and former editor of Linux Today, book author, contributor to Linux.com etc.) is also upset about what Red Hat has done. To quote:

Tim Burke of Red Hat wrote a masterful apologetic for Microsoft's strong-arming and takeover of the most basic operation of a computer-- starting it up. Executive summary: We are in this 100% with our good friends in Redmond.

Allow me to hit the high points:

"One security threat that has been getting a lot of interest lately is the ability to ensure the integrity of the early boot sequence"

Only because the richest software company on the planet is utterly incompetent, and incapable of building a secure operating system. So instead they bully the rest of the world into trying to mitigate the security disaster that is Microsoft Windows.

"The mechanism used to confirm the integrity of operating system software...uses traditional key signing and variations of checksumming... Performing the checks early is crucial as it provides a safe, verified starting point."

ORLY? Key signing is the answer, eh? Oopsie, no it isn't, as the Flame malware proves. Flame spoofs Microsoft's own Certificate Authority, takes over Windows Update, and fools Windows computers into thinking they're installing genuine proven-trusted signed Microsoft code. See:

Microsoft Security Advisory (2718704) Unauthorized Digital Certificates Could Allow Spoofing

Flame malware mimics a Windows update

Flame Malware Hijacks Windows Update Mechanism

Those wacky malwares, don't they read Microsoft press releases on how Microsoft realio trulio this time for real has made Windows like all secure?



This is not the first time that we write about this annoying move from Red Hat, but it's good to see that other than apologies from Fedora members and Red Hat employees we mostly found opposition to Red Hat's move. We praised Red Hat many times before (I recently interviewed their CEO), but not everything this company does is praiseworthy. Microsoft got its way and Red Hat staff seeks to justify what Red Hat has done. To quote:

The other complaint about UEFI Secure Boot is that it doesn't add any security. There's two aspects to this - people either think it'll be quickly broken, or people think that the public availability of signing services will render it useless.


There are many other reasons -- better reasons -- to altogether reject UEFI, such as hardware obsolescence, control by Microsoft, and so on. It's probably too late for Red Hat to retract and change course. Redmond residents who work for Microsoft are probably opening a bottle of champagne this week.

Comments

Recent Techrights' Posts

Synthesised Voices Aren't a New Technology (the Hype Might Be, They Call It "Hey Hi" Now)
I still consider this an extension of the "hey hi" (AI) hype
 
gemini.techrights.org and techrights.org (Same Server, Not the Same Protocol)
We're reminding readers that everything in this site is fully accessible via gemini.techrights.org in Gemini Protocol
X Has Axed Itself. This is Great News and Further Affirmation of Everything We've Said About Social Control Media.
Don't waste any more time on social control media
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, October 07, 2024
IRC logs for Monday, October 07, 2024
Gemini Links 08/10/2024: Contingency Begets Complexity, Playing With Bezier Curves
Links for the day
Almost Half the Web Users Connecting to Your Site Are Using Linux
almost 1 in 2 Web-connected devices runs Android and about 2% run "proper" GNU/Linux
The Web Has Severe Amnesia Problems, But We Still Remember How Gilberto Gil Promoted Free Software in Brazil
The Digital Tipping Point (DTP) is years behind us now
LLM Hype is Already Descending, Apple Stopped Investing in the Money Furnace
Wall Street is a perverse force in the technology market, incentivising the most harmful (and mostly useless) things
Change Control and What Will Come After Git (If That's Still Possible at All)
It would be wrong to believe (at least misguided) Git can be a "standard" skill 30 or 50 years from now.
On the Web, HTTPS Has Actually Become a Privacy Problem (Broadcasting Usage/Access to the All-Seeing CA Eye). Geminispace Doesn't Have This Problem.
Down to 23 capsules: the rapid demise of Certificate Authority (CA) Let's Encrypt in Geminispace
Links 07/10/2024: Politics, Education, Wars, Financial Crunch
Links for the day
Munich Was Having Real Difficulties Moving From GNU/Linux to Windows
How many are still using GNU/Linux?
Links 07/10/2024:China’s 'Deflation' (Price Decreases), Brazil Still Bars Twitter ("X")
Links for the day
Links 07/10/2024: "Creative Computing" Turns 50, Long War in Middle East Turns 1
Links for the day
Gemini Links 07/10/2024: Luck and Dishonesty, Gaming Getting Worse
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, October 06, 2024
IRC logs for Sunday, October 06, 2024
EPO: We Give Recognition to Frauds
Good to see some frank recognition right there in the EPO's own Web site
Even Though We Don't Focus on statCounter for Now (Not Our Top Priority) GNU/Linux Reaches New Highs This Month:
We caught GNU/Linux at 4.86% before, but only temporarily
Links 06/10/2024: Ham Radio for Recovery, Health Problems Worldwide
Links for the day
Gemini Links 06/10/2024: Special Interest Galore and Religion
Links for the day
Keeping Control Out of Dictators' Hands
When people are just "numbers"...
Links 06/10/2024: Misinformation Growing on the Web, "Hey Hi" Hype Waning for Lack of RoI
Links for the day
[Meme] Years Have Passed and EPO Management Still Isn't Obeying a Ruling From a Court Regarding Communications Between Staff
Representatives talking to their staff is "privacy violation"?
Presentations of the Staff Union of the European Patent Office in Its Headquarters Tomorrow After Work
Annual General Meeting and reports
Gemini Links 06/10/2024: SSH Keys and Hobby Game Development
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, October 05, 2024
IRC logs for Saturday, October 05, 2024