Bonum Certa Men Certa

GNU/Linux Users Infuriated by Microsoft's Lennart Poettering Attacking Linux Freedom

Related: Microsoft is Trying to Hire (Read: Pay Salaries to) Matthew Garrett

Did you join Microsoft to attack Linux?



Summary: Microsoft's Lennart Poettering didn't take long to show his true colours... (and agenda)

AS just noted in Daily Links (or here), Lennart Poettering is being bossed by the NSA's foremost tentacle (Microsoft) and he acts accordingly. He says "I would go as far as saying that SecureBoot on Linux distributions is mostly security theater at this point, if you so will." (It is in general the case, not just in Linux)



But he wishes to go further with the security theater.

Although LWN lacks comments on this matter and Phoronix is, as usual, just Microsoft-friendly fluff these days, we need to examine comments in Phoronix. Here are some:

And of course, the UKI must include systemd, that will take over as a UEFI payload and control everything in the system!



Responding to the above:

Next year's new systemd plugin, same old story.



More:



Great. Some of the reasons I can't stand Windows.



How about no, especially if it makes it harder to build your own kernels or to make changes to the initrd



Responding to the above:

That's the fly in the ointment. The whole trusted boot and execution system requires end users to be able to load their own keys into the UEFI boot key store. Not all hardware allows that. For that matter not all PC hardware even allows for it. The only way this works is if there's some way to require OEMs to allow third party keys other than those signed by a megacorp. Apple and Microsoft will fight that with every dirty trick, lawsuit, and just plain underhandedness they can - and not enough users will even notice to bother to protest - so it's unlikely there would be any effective regulatory process to stop it. Think of the kids. Think of the corporate bottom lines. Think of national security. Think of...



To which the reply was:

That is not enough -- if there is a way to enroll user keys, evil maid can use it to inject her own. There are some solutions, but they are super complex in comparison to just fuse corpo-keys. Anyhow, all this requires user to fully trust the motherboard firmware, which is not verifiable.



More:

No, thanks. I'll opt to continue configuring and building my kernels (and initramfs) locally. Unsigned, very true. Trusted by .... me And yes, running an OpenRC system here.



Bureaucracy has arrived at Linux. Every bit needs a form and a signature before it can be flipped.


This is ridiculious. Securtity has nothing to do with signing if there is not trust in that chain. You must trust the parties involved in signing - and in case of Microsoft one would be crazy to trust it (we got lots of proofs). All those pseudo security features made the computers much less trust worthy - using minix to spy on users (Intel) - the stupid boot signatures which are more for making GNU/Linux more inconvenient or broken than making anything more secure. And the big binary monster of systemd may be nice to improve boot time and avoid race conditions, but the killing of processes and other things configuered in disguise does not make the situation better but much worse. Trust comes if you understand your system - and if other use reasonable defaults. Init scripts were easy - systemd is a monster in comparison. So while not against a trusted boot process in general, the authority must be trustworthy - and I am not aware of anything which would provide the necessary level of trust. And if big companies are involved it comes with a necessity of matching agendas - and not concerning security but more to the contrary. So this is just a Trojan Horse ... and a realy obvious one.



Bureaucracy came to Linux decades ago.
No, it was optional and so has not arrived, but was only lurking in the shadow. A bit like you.

The way I see it is this corporate FUD - the type of features corporations create when they have become too large to fail, and need to trick customers to get them to believe they need something they do not. And who is he working for now? Right, Microsoft ... I did not need a secure boot process in 25 years and I did not need Microsoft, and this is not going to change.


And? It's generated locally which makes it 1000 time more trusted than being generated remotely by who knows on what server run by who knows who! Why the fuck would I want it to be built and signed by someone who I don't know and trust? Lennart, get lost with your Microsoft infested ideas that can only think on how to infest more computers with its spyware! From all the employers you couldn't work for another one? I'm starting to feel more and more disgusted about this attitude and thinking that we are so stupid to want thing built by somebody else, especially by Microsoft!



Reply:

If it's reproducible, it kinda doesn't matter who signs it. If it also makes it 1000x harder for anyone to sign images that aren't reproducible, then most end-users have avoided plethora of attacks - quite unattainable for malware makers and most bad actors.

I'm starting to feel more and more annoyed how I can't give regular people an hardened Linux setup resistant to most ab- and misuse. All because of some pointless feet-dragging all while the actual threats to computing freedom fly past unnoticed.



More:

You are simply not save from mega corporations. They will try to cash in on every bit of fear, uncertainty and doubt you may have. They want you to need them and to buy from them. First they tell you it is 'locally generated', then it is 'generated', and then to best buy it from them for a price...



Uhu, so we all need to pay someone else to give us a f* rng nft: “hey daddy, can you please sign my initrd?, here are some bucks for your efforts”, to use whenever it actually matters because, yes, I bet everyone would be able to sign their own stuff, but of course, we would need certified signatures from some megacorp *cough, Microsoft, cough* to use our own things anywhere outside our home lab.

We have seen this sh* with secure boot or web certificates to name two from the top of my mind; good intentions on paper, implementation faulted by design to maximize profit for a selected few.





I have not lost time or work to an attack which would be hindered by secure boot and don't know anyone else who has either. I have repaired and recovered data from computers for myself and others by booting external media of my own contrivance. I gain substantial benefit from external media Linux installations where my usb stick or SSD carries a useful environment to most any machine.

I see zero benefit, only pain as the boot process gets locked down like a cell phone, game console or Windows. It is about security, not user security, not my security, not your security. Who is Lennart working for now? Who is putting up the money? There is a good place to start looking.


"How on earth that now would work" you say... So you do not know and have got no idea. At least are you not hiding your ignorance. You must think all this encryption can be disabled or worked around easily. It is like you expect nightclubs to have two entrances, one with a bouncer and one without, where you can choose one or the other in case the bouncer does not let you in. You seem to be missing the basic principle here. It has to be mandatory at every link and layer, or it will be as weak as the weakest point. So it is either a useless feature or a guaranteed source of trouble for admins and anyone who wants their freedom.



Seems like this is the biggest problem: Asshole vendors that don't allow the user to sign their own shit. Funny how the whole "Trust" issue requires me to trust corporations who have done the wrong things in the past that hire people I've never met and vetted that run closed source code that isn't audited or vetted by a greater community at large.

Am I the weird one for thinking that I don't like being forced to trust them and that it's fucked up that I'm not allowed to trust myself or those that I deem trustworthy? I feel like the phrase "Protect and Serve" comes to mind.

Since you're at Microsoft, how about getting them to flex their muscles into strong-arming vendors and BIOS makers into making a method that allows the user to add their own keys so the initrd can be added to the secure chain and mitigate all the systmed madness...Or have you taken too many Soma Tabs, Linus.

Systemd is great, but it doesn't have to be the solution to every problem. It can be A solution, but it sucks when it's THE solution.



Ah yes, another dubious "security feature" that is just another thinly veiled excuse for big corpos to control the open source ecosystem.

Never forget "Embrace, extend, and extinguish"!



Is Lennart Poettering the Klaus Schwab of linux world? Honest question.



There will be more to come for sure. Maybe even a bunch of Microsoft AstroTurfers.

Recent Techrights' Posts

EPO Staff Representatives Say It Has Gotten Very Hard to Get Promoted (Forget About Getting Rewarded for Hard Work)
This has long been a problem
Occupational Health, Safety and Ergonomics Committee (LOHSEC) at the European Patent Office (EPO)
nobody in EPO management ever gets punished for crimes, no matter how severe
Microsoft is Actually Quite Worthless, Its Valuation is Based on Lies and Consistently Defrauding Shareholders
Microsoft's future is not what Wall Street "tells" us
The Final Demise of Social Control Media May be Upon Us (It Ought to be Collectively Abandoned for Society's Sake)
If it keeps going down, prospects of a turnaround or rebound are slim
The Latest NDAA Amendment Can (or Should) Allow the United States to Remove Microsoft Even Faster From Its Infrastructure (Which Routinely Gets Cracked Completely by Russia and China, Thanks to Microsoft)
It's time to move!
 
Kathy Lette on Julian Assange Staying at Her Attic, Why His Release Matters So Much, and Jen Robinson Staying Over Yesterday
They talk a lot about politics, but the segment mentions publishers, including Rushdie
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 12, 2024
IRC logs for Friday, July 12, 2024
Microsoft Windows Down to a New Low in Canada (Only a Third)
Very steep decline a decade ago
Links 12/07/2024: EU/China Tensions and Ukraine War Updates
Links for the day
EPO Staff Reps: "Until now, Mr Campinos is still leaving the appellants in the dark about the exact content of the opinion of the Appeals Committee on the EPO salary adjustment procedure."
Campinos chooses to lawyer up rather than listen up
[Meme] That Time EPO Workers Were Panicking Because the Elevators Kept Getting Stuck
Many people forgot that
[Video] Julian Assange's Brother Gabriel Shipton on How the Convoy to the Airport Was Arranged, Being at the Beach With Julian Assange After Release (He's Doing Well), and How Taylor Swift Has 'Helped' Julian
At the airport he was greeted by many press crews, but they were not there for him. They were there because of Taylor Swift.
[Meme] Financial Disinformation From Chatbots Controlled by the Manipulator (Rigger)
ChatGPT, the media is starting to say you're all hype...
Links 12/07/2024: Nations That Already Ban TikTok and Russia's 'Shadow War' Online
Links for the day
Gemini Links 12/07/2024: Changing and the WIPO Lunacy
Links for the day
Let's Encrypt Continues to Collapse in Geminispace and That's Good News for Free Speech (Among Other Things)
due to the way modern Web browsers work, many sites have no option but to use Let's Encrypt or pay for some other CA to issue some worthless-but-glorified bytes
Microsoft Falls Below 20% in Montenegro - Plunging to All-Time Low
sharp drop
[Meme] The Free Speech Absolutist From Apartheid South Africa
What will it take for all sensible people to quit X/Twitter?
Linux is Displacing Microsoft and Replacing Windows in Germany (Android Surge and New Highs for ChromeOS+GNU/Linux in Germany)
Germany is upgrading to GNU/Linux, not to latest Windows
Reorganising for Better Efficiency and More Publication (Original Material)
XBox "journalism" these days is mostly slop (chatbot spew disguised as news), so studying this matter isn't easy
Software Freedom is Still the FSF
At the moment the best advocacy group for Software Freedom is the FSF
Links 12/07/2024: XBox in Trouble, Crackdowns in UAE
Links for the day
Gemini Links 12/07/2024: Make Tea Not War, Considering Guix
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 11, 2024
IRC logs for Thursday, July 11, 2024
Links 11/07/2024: Intuit Layoffs, Companies Keep Bricking Products
Links for the day
Gemini Links 11/07/2024: Switch to a Dumbphone and Development Frustrations
Links for the day
Starting in 5 Minutes: Stella Assange on the Latest...
We might update this page with a WebM copy (local) if there is something important
The Race to GNU/Linux in Moldova
12 years ago Microsoft was still measured at 99%
EPO: Special Permission Needed to be Ill or Care for the Ill When Issuing Monopolies to Foreign Corporations is a Paramount Priority
It's 'production' 'production' 'production'!
[Meme] A Special Patent Office, the EPO
"I have no death certificate yet"
Links 11/07/2024: Internet Phone Book and Intense Mind Control/Censorship by Social Control Media
Links for the day
Andreas Tille, Chris Lamb & Debian sexism, not listening to real female developers
Reprinted with permission from Daniel Pocock
GNU/Linux Expanding in Russia, But Not Exactly Invading the Market
Russian spies work at Microsoft
[Meme] GPL is Still an Alien Concept to the Boardroom of IBM
stomp all over copyleft while blackmailing the FSF into inaction
ChromeOS and GNU/Linux Also Leapfrog and Surpass Apple in Kenya
ChromeOS is at about 1% there, so 6% total (more than Apple)
[Meme] Pay Cash, Avoid Hidden Fees
Cashless society means a less free society
5 Weeks Have Passed Since the Edward Brocklesby (ejb) Scandal or 'Gate' Started. Debian Has Not Yet Responded in Any Way Whatsoever (to Quell Concerns/Fears).
still an ongoing series
The Media Cannot Use the B Word (Bribe) Anymore?
That might "offend" Microsoft
99 More to Go (in 9 Days)
Unless the FSF extends the 'cutoff' date as it usually does
Microsoft Windows in Bulgaria: From 99% to Barely a Quarter
Only 15 years ago it seemed like Windows had cemented its 'lead'
[Meme] Changing How We Think of Patents
they're only about serving and protecting powerful people
Our Most Productive Summer Since We Started (2006)
We have over 10,000 lines of written notes and drafts
Compare WIPO to ADR Forum
it is "rude" not to hire lawyers
[Meme] GPL Circumvention by IBM (Red Hat)
"GPL? All mine!"
GNU/Linux and ChromeOS in Costa Rica: Over 4% Now
Desktop (or Laptop) & Tablet & Mobile combined would be about 50% "Linux"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 10, 2024
IRC logs for Wednesday, July 10, 2024
Links 11/07/2024: Space Programs, Education, and Mass Layoffs
Links for the day
Fellowship indexing pages by person
Reprinted with permission from the Free Software Fellowship
US State Department admitted General Hugh S. Johnson went off-topic, Andreas Tille called for punishments
Reprinted with permission from Daniel Pocock
Gemini Links 11/07/2024: Shifting Interests and It's All Books Now
Links for the day