Thoughts on Linux and so-called Secure Boot.

DRM, fun for the whole Family License Pack

The uEFI Forum is largely a bunch of SOPA promoters hoping to turn your PC into a locked platform using DMCA anti-circumvention laws.

Unfortunately, the next generation boot firmware for the PC not only fails to completely replace the PC BIOS (which will continue to be used for power on self test and hardware initialization). Those in the know, beyond the corporate media spin doctoring, know that uEFI is just a layer of DRM and corporate lock-in that rides on top of the 30 year old legacy BIOS that starts the computer in real mode just like it did in the 1980s.

uEFI is not a next generation PC boot firmware, we’re being sold a bill of goods. The biggest particular problem is “Secure Boot”. Users are being mislead into believing it has something to do with securely booting a computer while its true purpose is to lock the user into running whatever corporate-sponsored OS that came with the computer, and turning them into a criminal by forcing them to commit a US federal felony by circumventing it to install free software as the computer’s operating system instead.

For the latest lies from the corporate-sponsored media, we go to The H Online which has declared that “Securely booting Linux [is] a “difficult” proposition”. The H is becoming less of a legitimate news source about free and open source software, and becoming more like just any other anti-free and open source rag that mindlessly recites anything that Microsoft pays for. The Register is another example of such an occurance. Over time, Microsoft starts writing their Linux news and you get libellous headlines instead of information. It’s not like the Red Hat employee that they cite is helping dispel this propaganda. (more in a moment)

uEFI “Secure Boot” (which should be called Restricted Boot since it is designed to lock you into an ISV’s operating system software), is is a complex specification. It relies on a nebula of assumptions about the state of the hardware and the bootloader that are not necessarily true and are easily forged. Even if that was not the case, it relies on an assumption that there are no firmware bugs which can be used to subvert and bypass it. It will not provide any meaningful level of additional security to users of any PC operating system, even if it agrees to boot the operating system that the user is trying to use at all. It is designed to turn anyone who cracks it into a criminal, by forcing them to violate Section 1201 of the Digital Millennium Copyright Act and being liable to be sentenced to prison for trying to use their computer in freedom.

Cited in the contemptible malarkey is Matthew Garrett, a Red Hat employee. Red Hat is a member of the uEFI forum so that they can sign RHEL and won’t be stopped by Restricted Boot on any workstation or server that comes with their software. I’m pretty sure that this is why we won’t be seeing the GRUB 2 bootloader on RHEL any time soon. GRUB 2 is licensed under the GPL version 3, which  protects users from what the FSF refers to as “Tivoization”, which refers to the practice of using free software in a manner that locks the user out of their system with free software, by using DRM in that software.

If Red Hat shipped GRUB 2 and did not disclose their signing keys as teh GPL 3 requires(to protect the user from exploitative hardware/software vendors), they would be in violation of the GPL. The Free Software Foundation could revoke their rights to use the GRUB 2 software. Red Hat has a lot of resources and can probably maintain their fork of Grub 0.97 indefinitely so that they can cooperate with hardware makers to restrict the user. Red Hat benefits from user lock-in just as surely as Apple and Microsoft do if only their signing key is in the uEFI Secure Boot implementation on hardware that ships with their operating system, because there won’t be any of that pesky competition on any system that comes with RHEL.

So right off the bat, I don’t think Matthew Garrett can be a trusted source of information because he is obviously tainted by his employer, and has the same reasons to lie and mislead you as Stevan Sinofsky of Microsoft.

Canonical (Ubuntu) is also a member of the uEFI forum and can probably use Secure Boot on embedded ARM systems to trap people in Ubuntu. They can’t use GRUB 2, but there are bootloaders for ARM, some of them proprietary, which can be used instead. They can probably also sign Ubuntu LTS releases and get their signing key into workstations and servers that ship with Ubuntu, for much the same end result as the RHEL situation I described above. They could even use Grub Legacy in that situation. It didn’t just disappear, it’s still being carried by them if you look up “grub” in their software repository.

A better news flash would be that there never was, is, or will be a way to securely boot a PC, and that corporations are salivating at the prospect of using it to lock end users into their operating system software, to keep the user trapped with whatever their computer happened to come with. The headlines designed to smear Linux are just paid for by Microsoft. The “bootloader attacks” that Secure Boot is supposedly meant to deal with are mostly attacks on the Windows Activation system that rely on bootloader exploits to make Windows believe it is an OEM copy that came with the PC so that the user may use a copy of Windows without paying for it.

Microsoft isn’t interested in stopping the malware of the week from stealing your identity or subverting your system and using it to display (sometimes pornographic) advertisements, which are just two of the things that Windows is known well for. They are interested in stopping the user from being able to run their own software on their private property and from getting away with using a less crippled version of Windows than what came with their computer without forking over more money through the Anytime Upgrade scam.

I don’t believe the corporate ambitions of Red Hat or Canonical are any different.

This work by Ryan Farmer is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.

SOPA/PIPA would cost taxpayers $45 million a year to protect billionaires

They saved a spot in line for the MAFIAA

Just a quick post from the “It’s only a recession if you work for a living” department.

SOPA/PIPA would cost US federal taxpayers $45 million dollars a year to enforce.

“Still, Coburn has his concerns with the approach taken in the Senate bill. And he insists, as he does with all legislation, that its costs be offset with cuts elsewhere in the budget; the Senate bill, he said, carries an estimated $45 million in federal enforcement costs. “

It is “interesting” when the resounding answer to everything else is “it’s not in the budget”, that they come up with $450 million in deficit spending over the next 10 years to protect the rich business criminals at the MAFIAA and Fixed News.

Oh well, the lobbyists bribed a pack of corrupt politicians to pass the damned thing. I guess anything is in the budget when corporate lobbyists have worked enough dirty money into the United States Congress.

As corporate welfare goes, SOPA/PIPA is hardly the costliest legislation in recent history, but that’s no excuse for fleecing taxpayers who work for a living to protect billionaires.

Besides, some people like Fox Noise.

PS: Just for fun. If you gave the budget to enforce SOPA for 10 years to NASA, they could do another Mars mission, complete with two more rovers. Hey, it beats giving scum sucking corporate bitch turned Senator turned scum sucking corporate bitch Chris Dodd a handout. Doesn’t it?

This work by Ryan Farmer is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.

Megaupload seized. Fascists continue to leave Controlled Cloud Computing alone.

The FBI picked yesterday to raid and take down MegaUpload.

In what was, obviously, intended to say “Fuck you America, we don’t need SOPA to do this”, the jack booted thugs at the FBI, acting upon orders from their commanders at the MAFIAA (A catch all term that is commonly used to refer to RIAA/MPAA/BSA type cartel organizations), seized the MegaUpload domain, arrested the owners and administrators, and replaced it with the standard finger wagging “This domain has been seized” banner.

Anonymous responded by taking out the DoJ, FBI, and some cartel websites with a Distributed Denial of Service attack. (Windows malware-controlled PCs can do something productive I guess.)

Sure, MegaUpload probably had some files that were violating copyright. I know Twitter does. So does Facebook, Google Docs, Amazon “Cloud”,  the Ubuntu One skin for “Amazon Cloud”, and many others. Incidentally, they all oppose SOPA, not because it’s the moral and just position to be in (it is), but because it would cause them an undue burden to ceaselessly monitor their users. Under SOPA/PIPA, legitimate websites can be taken down by the government because one of their users posted a link to copyright-infringing material. SOPA/PIPA is clearly designed to discourage sites from allowing user-generated content. (I guess that means that if SOPA/PIPA get passed into law, you won’t be reading any more blogs.)

If you think about it, MegaUpload was in the same “cloud storage” business that companies like Amazon and Microsoft are in, it is my firm belief that the US government only picked on MegaUpload  because they made the government come back with a warrant when they wanted private user data, and Amazon and Microsoft are all too eager to comply with them with no court supervision required.

While I’m on the subject of major “cloud” storage sites, I’ve noticed a lot of “pirated software” on Microsoft Windows Skydrive, including materials to crack Microsoft software. Go figure.

The Federal Government has generally left certain “cloud” storage companies alone because they comply with warrantless sneak and peak searches, authorized not by the Constitution, but by anti-terrorism legislation rammed through in the aftermath of 9/11, when people were so frightened that they let the government pass anything and everything that claimed to “protect” them. The legislation hasn’t caught one terrorist in 11 years, it has not stopped a single terrorist attack anywhere in the world.

What it is doing, is enabling the US government agents on the MAFIAA payroll to take down sites without even bothering to give lip service to constitutional “protections” like freedom of speech, freedom against self-incrimination, the right to due process and equal protection of the laws, etc.

If anything is enabling “terrorism” on Americans, it is laws like the PATRIOT ACT, DMCA, proposed SOPA/PIPA,  companies like Apple and Microsoft, and products like iTunes.

Companies that write and push these laws are terrorist organizations. Wiktionary defines terrorism  as “A psychological strategy of war for gaining political or religious ends by deliberately creating a climate of fear among the population of a state.” The fear inspired by possible SOPA violations is designed to get the population of a state (the United States) to censor themselves. When the day comes that you can’t even talk about things they don’t like, you’re being censored, regardless of what SOPA proponents like MPAA scumbag Chris Dodd will tell you. (Now should we go after the MPAA/RIAA with cruise missiles, or should we take this opportunity to try out Prompt Global Strike? It would be the best use of my tax money in a long time either way.)

When you buy things from Microsoft, Apple, iTunes, RIAA labels, the MPAA, or various other censorship promoters, you’re not supporting American jobs, you’re supporting draconian laws like the PATRIOT ACT, DMCA, and the proposed SOPA. These things don’t just come out of nowhere, the promoters of them use a lot of money (some of it may even be from you) to grease the wheels. I don’t even believe it is just campaign contributions either. I think there’s plenty of cash under the table going to our elected officials from these outfits. Mexican President Felipe Calderon said at one point that part of the reason so many illegal drugs were getting across the border was because American politicians were taking cash money from drug cartels to make sure that certain smugglers got through without any issues at the border. Why would anyone have a hard time believing that American politics works differently elsewhere?

I haven’t bought any new RIAA-labeled music since the RIAA sued Napster. (I have bought some used CDs, mostly of stuff I listened to in the 80s and 90s. In compliance with the First Sale Doctrine.) I have not purchased any MPAA-labeled movies since they got on the lawsuit wagon. I specifically refuse to buy anything from Adobe, Apple, or Microsoft. As these companies started to openly work against my interests, I cut myself away from them. I could ignore them no longer. Will it stop them? No. It will never stop them as long as people think it is socially acceptable to spend money on cartel-promoted intangible items like MP3 files and ebooks and movies. The only thing I can do is apologize for my part of funding them and not do it again.

On so-called “Piracy”? I have no ethical problems with sharing information to help your friends. Unfortunately the MAFIAA has the finest government money can buy in the United States, and sharing information to help your friends can be illegal.

I’ve posted before what my thoughts are on “digital purchases”, they’re just a sneaky way to remove ownership from you and allow the MAFIAA to never let your “purchases” out of their sight. “Content” on “the cloud” is even worse because then you’re not even in possession of the file. It is the ultimate Digital Restrictions Management, cloaked as a kind of convenience.

“What about stores selling files? They got rid of DRM years ago!”

A common misconception exists around that. The only reason Apple doesn’t use DRM on their proprietary AAC files, and why many MP3 stores such as Amazon’s don’t do so either, is due to the obvious argument that the Red Book CD standard never had DRM. The argument can still be made, as long as CDs are still for sale, that the customer could theoretically buy and rip their own CDs. Thus there’s no reason to DRM-cripple the digital stuff until they cease making CDs. (Though it didn’t stop Apple from attempting this, they didn’t back off of it for years, and then they forced all their customers to buy the files all over again to get a clean copy) Then it will be back. Take my word, it’ll be back. Notice how there are precisely ZERO online movie stores with no DRM? Blu Ray has about half a dozen layers of DRM, and you have to crack them all before the disc plays on a non-”authorized” device. Since, barring violation of the DMCA, it’s impossible to make a clean copy of n HD movie, Apple and other stores don’t have to provide you with a clean copy of a movie that you have nominally “bought”. (They can take it away at any time thanks to their Foulplay DRM).

What companies are going for with SOPA and other “anti-piracy” laws is no less than the death of the free and open internet where all (regardless of government and corporate approval) are more or less free to voice their opinion and make their own websites and host their own material, and to turn it into something that more closely resembles America Online or the Microsoft Network from the 1990s. Full of nothing but tons of corporate-controlled push content and advertising, and the pack of pedophiles that lurk around that they’re really not interested in doing anything about. (They never have been interested in stopping pedophiles. Pedophiles don’t cost companies any money and provide a great excuse to raid sites they dislike.)

I don’t disagree with what Anonymous does. They are striking back at an oppressive, extralegal, and anti-constitutional cabal of government gone bad and out of control corporations. If anyone from them reads this, I’d like to put in a request. Next time, DDoS those parasites over at Apple, take down iTunes, do something that stings. Godspeed and good sailing!

This work by Ryan Farmer is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.