Yeah, that is not an insult. Feel free to take it up to the mods to decide. Actually, I will take your immaturity claims up as well and let's see which one floats.
Retronautics: A digital gallery of my retro computers, hardware and projects.
wrote:Yeah, that is not an insult.
I say it is.
A demagogue is clearly immoral.
So you are attacking my motives and pulling my integrity into question (and as I argued, ironically enough a demagogue is the exact opposite of my stance in this discussion).
I think that's quite a severe insult.
And you want to compare that to me giving my opinion on certain behaviour ("immature", because that's what it is when you make choices and refuse to face the consequences of your actions)?
Please do take it up to the mods if you think being called a demagogue is an insult, I kindly implore you to do it.
https://www.dictionary.com/browse/demagogue?s=t
demagogueor dem·a·gog [ dem-uh-gog, -gawg ] […]
demagogueor dem·a·gog
[ dem-uh-gog, -gawg ]noun
1.
a person, especially an orator or political leader, who gains power and popularity by arousing the emotions, passions, and prejudices of the people.
2.
(in ancient times) a leader of the people.verb (used with object), dem·a·gogued, dem·a·gogu·ing.
3.
to treat or manipulate (a political issue) in the manner of a demagogue; obscure or distort with emotionalism, prejudice, etc.verb (used without object), dem·a·gogued, dem·a·gogu·ing.
4.
to speak or act like a demagogue.
There is nothing deragotary about the term demagogue and it defines your way of arguing perfectly.
Retronautics: A digital gallery of my retro computers, hardware and projects.
wrote:There is nothing deragotary about the term demagogue and it defines your way of arguing perfectly.
I wonder if anyone agrees with you on that.
I say that "arousing the emotions, passions, and prejudices of the people" is exactly what I'm *not* doing. Emotion, passion and prejudice don't come into play. I point to sources and keep things factual. I also don't try to go for any kind of "sentiment" (if anything I'm defending the side that could be considered impopular with people, and as such people would not likely share any "sentiment").
Now, if I were to classify rhetoric such as "choice and freedom" or "Microsoft wants to lock out competitors with Secure Boot"... I think that would classify as "arousing the emotions, passions and prejudices of the people".
Same goes for "obscure or distort with emotionalism, prejudice, etc."
So please, people who are still reading this thread. Your opinions on the matter. Let's solve this democratically.
I know very little about Secure Boot so I don’t comment on it.
But I know that calling someone a demagogue isn’t exactly an insult, it has more to say about what you talk about than what you are. Well, at least it’s what I think.
"Design isn't just what it looks like and feels like. Design is how it works."
JOBS, Steve.
READ: Right to Repair sucks and is illegal!
wrote:wrote:If a bios become a sort of o.s. itself that's so complex may need many more updates what's the point to put security in such priority with smart logics the o.s. booting while the bios itself may become in the future a more serious source of problems?
I have nothing to add that would be more profound than this statement, I just believe it bears repeating.
I am not a defeatist. I don't believe the status quo is immutable. I think the computing industry is heading down a path where the needs of a few, the convenience of enterprises, and the apathy and ignorance of most others, will strip away the ability for mere mortals to build, maintain, and innovate on their own property. Right-to-Repair is already a canary in this coalmine.
I may tend to overthink things 'philosophically' as much as I'm realistic how the market worked/works. But may it be the "unexpected" mobile immense early 2000's acceleration forced the old slower hw/sw computer logics to make some "accelerations" too, maybe to bend them from "user owned boxes" to "user owned under contracts and server depending ones" where the priority may be (or not) not necessary the product but mostly the new market logics? Companies/clients closer bond, contracts, agreements, data, telemetries, statitics, studies, ads, 'do you agree or..do you agree stuff'. I am not talking about privacy or whatever but the intrinsical difference from old tech existence logics to these ones that'd have been ethically unacceptable in the 80's or 90's.
Maybe the old bioses were a "limit" for such modernity, now capable of being a sort of overlayed expandable unified "process/os" that seems like a "new hired chief director" when now the old os, components, softwares feel like becoming "just employees" even when before they were running the company just as good or better.
EFI was originally developed by HP and Intel for the Itanium series, in the mid-1990s. So long before the smartphone revolution.
Itaniums were aimed at high-end servers and workstation machines, with many CPUs, drives and advanced peripherals, where the old BIOS was just too much of a limitation.
It made sense to have a sophisticated pre-boot environment which could already detect the hardware configuration and allow basic initialization, to make it easier to boot from large HDDs, more advanced partitions, RAID configurations, get the network cards up-and-running for network boot, etc...
wrote:But I know that calling someone a demagogue isn’t exactly an insult, it has more to say about what you talk about than what you are. Well, at least it’s what I think.
That's a weird way of looking at it...
Did you look at the Wiki page?
https://en.wikipedia.org/wiki/Demagogue
They name Adolf Hitler as an example.
And also McCarthy, the guy that created the whole 'Red scare' anti-communism nonsense in the US.
I suppose Donald Trump and Boris Johnson would also fit in that list. People I despise, because of them acting lika a demagogue.
Also, look at the list of methods:
Scapegoating, fearmongering, lying etc etc.
As I said, that's a direct insult to my morality and integrity.
Perhaps the biggest flaw in comparing me to a demagogue is that I don't even have an agenda to begin with. I have no political issues, and I do not seek to convince anyone of a certain view.
I merely provide the facts.
Now, as I said on my blog, the GPL is a political manifest, and the FSF is a political organization (which we already covered with their article on Secure Boot earlier, it is very misleading, and has a clear objective of undermining Secure Boot and steering people away from it). Oh the irony.
I'm not trying to convince anyone to use UEFI or Secure Boot or whatever. I'm just saying that they may have been misled by others, and their views of Secure Boot are not necessarily correct.
But as they say about leading a horse to water...
wrote:EFI was originally developed by HP and Intel for the Itanium series, in the mid-1990s. So long before the smartphone revolution.
Itaniums were aimed at high-end servers and workstation machines, with many CPUs, drives and advanced peripherals, where the old BIOS was just too much of a limitation.
It made sense to have a sophisticated pre-boot environment which could already detect the hardware configuration and allow basic initialization, to make it easier to boot from large HDDs, more advanced partitions, RAID configurations, get the network cards up-and-running for network boot, etc...
I didn't know that, I imagine many other concepts may have been studied in the 90's (for servers..) but if they weren't applied to become 'the' mass standard (for clients..) until these years maybe the mobile revolution and the related logics helped.
With all the features that are (now capable of being) added to the modern bios (and some mainboards seems to have already), the whole ''security reason to exist'' at first may seems vaporized once most mainboards will be left alone after few years and supposedly vulnerable (just like o.s. before) on a unified design, to future bugs if they may work on the same way for every bioses, similar to the kernel "change logs" concept itself, where the old vulnerabilities become sort of "certified to exist" for each version.
@Scali: Well, I may be wrong then. That's fine.
BTW, I never liked Secure Boot. I had to turn it off every time I wanted to build a Hackintosh, for example.
"Design isn't just what it looks like and feels like. Design is how it works."
JOBS, Steve.
READ: Right to Repair sucks and is illegal!
wrote:What will we do when the UEFI becomes targeted by malware?
I suppose the logic would suggest considering it obsolete, changing it with a new one, then repeat. 😐
I've tried some early modern bios based mainboards that in their web support manufacturer pages have only the v1.0 released bios version..others just a couple new versions and now long time left alone.
wrote:wrote:What will we do when the UEFI becomes targeted by malware?
I suppose the logic would suggest considering it obsolete, changing it with a new one, then repeat. 😐
I've tried some early modern bios based mainboards that in their web support manufacturer pages have only the v1.0 released bios version..others just a couple new versions and now long time left alone.
Sorry, I couldn't resist...
"Design isn't just what it looks like and feels like. Design is how it works."
JOBS, Steve.
READ: Right to Repair sucks and is illegal!
wrote:wrote:wrote:What will we do when the UEFI becomes targeted by malware?
I suppose the logic would suggest considering it obsolete, changing it with a new one, then repeat. 😐
I've tried some early modern bios based mainboards that in their web support manufacturer pages have only the v1.0 released bios version..others just a couple new versions and now long time left alone.Sorry, I couldn't resist...
It's the first time I hear those first two words, thanks, clearly not my first language, but understood the concept. 😊
Some may ask if everything seems like oriented to speed up the need for a faster products change (and other reasons) or maybe not and everything it's just for the better, who knows. I may not have the technical knowledges to deeply analyze it, just using my experience with desktop/mobile tech during the last two decades and try to feel where things are going to.
Maybe I've usually a nostalgic point of view on tech just like people seriously thinking old analog audio was better than the digital one but sometimes I feel like they may not be, at least in some ways, wrong on some aspects.
wrote:But you keep missing the point: Secure Boot uses X509 certificates, so it basically adopted the system that SSL uses. The proble […]
But you keep missing the point:
Secure Boot uses X509 certificates, so it basically adopted the system that SSL uses.
The problem is that you turn the responsibility around: You say "issued to major standard bodies (like the LF)".
But issuing certificates is not an active task of a Certificate Authority. The LF would need to *request* a certificate from one of these Certificate Authorities. A CA only issues certificates to organizations that request them. They don't go around randomly handing out certificates to whoever.
Had they just done that (as I already said), then they could have sent their key to all OEMs for inclusion in their firmware, just like Microsoft has done with their key.
But the LF just sat on their hands, so nothing happened, no key was obtained, and there was nothing to include for OEMs, even if they wanted to support linux.
You know what I meant. The certificate request gets validated by the holder of the signing certificate upstream with the end product (a signed certificate) effectively issued to the user.
wrote:The problem with 'delegated' certificates as in SSL doesn't really work in Secure Boot for obvious reasons: you cannot assume an […]
The problem with 'delegated' certificates as in SSL doesn't really work in Secure Boot for obvious reasons: you cannot assume any kind of network connectivity, so you cannot 'bubble up' authority via the internet.
All keys have to be present in the keystore at startup.
So while theoretically you *could* give the LF a root certificate and give each linux distro a sub-certificate, there's little point:
Each linux distro key would have to be specifically included in the keystore. Which obviously means that new linux distros would run into the problem that their keys are not widespread yet.
Hence a single shared key is the more practical choice (just like MS uses only one key for all versions of Windows, rather than different keys for Windows Home, Professional, Server, Embedded etc).
Even in SSL, full network connectivity back to the CA isn't required as long as the connective certificates are provided locally to validate back to the CA certificate. UEFI could do the same by including intermediate certificates in the EFI partition or off board boot medium with the signed UEFI application binary.
All hail the Great Capacitor Brand Finder
wrote:Even in SSL, full network connectivity back to the CA isn't required as long as the connective certificates are provided locally to validate back to the CA certificate.
But that's the thing: under those circumstances you can easily download and install the required certificates. The validation is merely to make sure the certificates belong to the actual organization.
UEFI is different: the bootloader is merely signed with a private key, it does not contain the public key for obvious reasons: that would defeat the purpose.
You need the actual public key to be able to verify the signature on the bootloader (as you may know, it is a one-way hash, so it's not really possible to create any kind of parent-child relationship for the keys).
A parent certificate could merely verify that the public key is actually provided by the organization it claims. But that is not something that needs to be checked during boot, only before installing the key.
wrote:Now, as I said on my blog, the GPL is a political manifest, and the FSF is a political organization (which we already covered with their article on Secure Boot earlier, it is very misleading, and has a clear objective of undermining Secure Boot and steering people away from it). Oh the irony.
In the context: I am undecided on the secure boot technicalities.
I agree with you here that GPL / FSF is political. Same of GNU and larger Linux organisations. If someone wants to waste his/her time and feel bad about oneself, the world, politics, religion and whatnot, go to the founder https://stallman.org/
On the other hand there is Microsoft supplying the control systems for industry/business globally. Even like 60% of OS marketshare in Russia, according to statcounter, just to illustrate that it is everywhere. Can there be any more political potential then this? I personally don't care about wheter or not an OEM commitee is responsible instead of Microsoft, that is all the same. Microsoft is just a brand name, a front. For one, Bill Gates was a front for Microsoft for a while, and now fronts one of the most dubious foundations.
In short: Politics in both organisations and I don't like either one.
--> ISA Soundcard Overview // Doom MBF 2.04 // SetMul
Just adding to the list of the win10 tweak programs , I found these 2 pretty much essential if you are an old fart that does not like change 🤣
1. Winaero Tweaker that was suggested in previous posts, a collection of must-have customization options
2. OLDNEWEXPLORER , this one allows customization of explorer windows so you can get back for example the win7 decluttered look and everything in between
wrote:But that's the thing: under those circumstances you can easily download and install the required certificates. The validation is […]
But that's the thing: under those circumstances you can easily download and install the required certificates. The validation is merely to make sure the certificates belong to the actual organization.
UEFI is different: the bootloader is merely signed with a private key, it does not contain the public key for obvious reasons: that would defeat the purpose.
You need the actual public key to be able to verify the signature on the bootloader (as you may know, it is a one-way hash, so it's not really possible to create any kind of parent-child relationship for the keys).
A parent certificate could merely verify that the public key is actually provided by the organization it claims. But that is not something that needs to be checked during boot, only before installing the key.
Pretty sure chains of trust don't need a network connection to validate as long as the chain is intact and present. The downstream certificate has a signature precomputed in response to the CSR which can be validated using the upstream public key. If a developer were confident of what would be in the key store and could arrange for her cert to be signed by one of the corresponding private keys, it could be validated with no network connection. Then it's just a matter of including the required intermediate certificates along with the boot payload.
All hail the Great Capacitor Brand Finder
wrote:Pretty sure chains of trust don't need a network connection to validate as long as the chain is intact and present.
They do if certificates can be revoked, which is the case for SSL.
wrote:Pretty sure chains of trust don't need a network connection to validate as long as the chain is intact and present.
Well, as I say, the use case is different.
There's no point in having a chain when you need all parts of the chain present anyway.
This is not about validating certificates, it's about using the public key to validate the signature.
