diff options
author | Nicolas Vigier <boklm@mageia.org> | 2013-04-14 13:46:12 +0000 |
---|---|---|
committer | Nicolas Vigier <boklm@mageia.org> | 2013-04-14 13:46:12 +0000 |
commit | 1be510f9529cb082f802408b472a77d074b394c0 (patch) | |
tree | b175f9d5fcb107576dabc768e7bd04d4a3e491a0 /zarb-ml/mageia-discuss/attachments/20121231/5a18e88e | |
parent | fa5098cf210b23ab4f419913e28af7b1b07dafb2 (diff) | |
download | archives-master.tar archives-master.tar.gz archives-master.tar.bz2 archives-master.tar.xz archives-master.zip |
Diffstat (limited to 'zarb-ml/mageia-discuss/attachments/20121231/5a18e88e')
-rw-r--r-- | zarb-ml/mageia-discuss/attachments/20121231/5a18e88e/attachment-0001.html | 45 | ||||
-rw-r--r-- | zarb-ml/mageia-discuss/attachments/20121231/5a18e88e/attachment.html | 45 |
2 files changed, 90 insertions, 0 deletions
diff --git a/zarb-ml/mageia-discuss/attachments/20121231/5a18e88e/attachment-0001.html b/zarb-ml/mageia-discuss/attachments/20121231/5a18e88e/attachment-0001.html new file mode 100644 index 000000000..6b7fef848 --- /dev/null +++ b/zarb-ml/mageia-discuss/attachments/20121231/5a18e88e/attachment-0001.html @@ -0,0 +1,45 @@ +<br><div class="gmail_quote">2012/12/30 AL13N <span dir="ltr"><<a href="mailto:alien@rmail.be" target="_blank">alien@rmail.be</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> +Op zondag 30 december 2012 21:17:38 schreef Ludovic V Meyer:<br> +<div class="im">> Except it does let 3rd parties OS boot, at least on X86, since the norm<br> +> mandate it.<br> +> And for arm tablet, no one reacted when Apple, Acer, Samsung, Archos and<br> +> lots of others locked down their devices, so trying to argue that we now<br> +> expect them to be open would not work.<br> +<br> +</div>actually, they didn't. you can root each of those iinm.<br></blockquote><div><br>Using 3rd exploit is not really what I call open, they are not supported, likely against DMCA most of the time, and IMHO not reliable. <br> +Not to mention that it requires a manual intervention on each device. If we take the example of Apple, they closed every hole after a while when it was practical to do,and used the existing leagal way to prevent them ( see in 2009,<br> +the update of the developper agreement ). And since I know you will surely talk of if, the DCMA ruling for jailbreaking is just for phone, because unlike France, telcos in USA do not have to unlock your phone after a few months.<br> +<br>Not to mention that afaik, despites them being "not closed" by your definition, stuff like Iphonelinux are all dead in the water.<br>Cyanogenmod only exist because from time to time, Google do a code drop, and they still suffer from needing a custom fork of the kernel.<br> +<br>So if the goal is "to be able to run what I want on my device", that's something that can already be done for applications. What people should say is "running what I want provided no money directly leave my pocket, but I do not mind spending days figuring how to do it, cause I prefer spend 1 week than giving 100 bucks".<br> +<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> +this is about having a secure key hardcoded "burned" in the device, which is<br> +both stupid and annoying. because since apps need to be secured too, too many<br> +people have access to the root key. which means the chance of leak is higher.<br> +which means that your devices need to be thrown out when the rootkey is<br> +compromised or when it's deemed obsolete and a new key will be in place.<br></blockquote><div><br>The key is handled by Verisign, and since that's their jobs since around 18 years, I think they are qualified to do it.<br> +How many time in 18 years was the root cert of Verisign be compromised ?<br><br>Also, you are totally wrong about throwing the device if the key is leaked. This happened to the PS3 due to the world-record breaking ignorance of Sony ( or one sub contractor ), and AFAIK, the PS3 all around the world still work ( and also, no one formally complained about gaming consoles being closed, despite some of them just being powerful PCs ). The same goes for various phones/tablet who have been broken this way ( like the Asus transformer, AFAIK ). <br> +<br>Burning a key in silicium is what Apple have been doing since a long time. That's also the modus operandi of TPM modules. They are used by several banking institutions as a way to make sure the harddrive is protected with bitlocker ( cause you do not want your highest executive laptops to be stolen and that this cause privacy and security issues ). IE, that is viewed as sufficient for FIPS certification and usage for military grade or banking grade security. And I am pretty sure the private key is stored in some HSM like the nShield solo or similar device.<br> +<br>Not everybody work like your client ( the one we talked about yesterday on IRC, if I am not wrong ). Some people take security seriously, and check what happens. But that's not security of the root key that matter, since no one ever asked for public scrutiny or a independent audit.<br> +<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> +the thing here is that since you buy a device, it's yours and you can do what<br> +you want with it. why would you give other parties control over your device?<br> +it's stupid. there needs to be a way as an owner to decide which root keys you<br> +trust or not.<br><div class="im"></div></blockquote><div><br>You do not give control to another party, you delegate trust handling to another party.<br>That's exactly what you do with a browser. Or your bank, or anything in life. <br> +<br>Again, the norm mandate to be able to disable secureboot on x86 and to choose the key. The whole petition is about those that do not follow the norm, and for those, the incentive was to not being Windows 8 certified. So as annoying this will be, that's the best way to find something that let you run Linux.<br> +<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"> +<br> +> And regarding using consumer protection channels, no one did anything to<br> +> make anything move since one year despite being widely publicized on<br> +> various blogs, so how is your proposal different ?<br> +><br> +> Talk is cheap, if every people who proposed that ( for example, on slashdot<br> +> or various foras where nerds are discussing ), someone would have started<br> +> the work by the time. No one did, and that's because everybody that would<br> +> be serious enough know this is built on wrong assumptions.<br> +<br> +</div>in the end talk is cheap and noone does anything about it. or rather instead<br> +of working together, all the companies who back the major linuxes decide to go<br> +down the easy route. (like subscribing into the microsoft program and using<br> +their root key...)<br></blockquote><div><br>All plans that requires someone else to do anything is just a way to blame failure to someone else. If you delegate all your action to someone else, you lose the right to complain about this group not doing what you want. Only delusional fools would believe otherwise.<br> +<br>In fact, hardware not working on Linux is a decades old problem. We all have seen how boycott worked so well to have more hardware supported on linux, and how people happily trade freedom for convenience ( like nvidia drivers, printers, etc, etc ). People should just do a reality check from time to time before proposing the same plan again and again. Last time I checked, humans didn't evolve from goldfish, so maybe we could stop acting like them.<br> +<br></div></div> diff --git a/zarb-ml/mageia-discuss/attachments/20121231/5a18e88e/attachment.html b/zarb-ml/mageia-discuss/attachments/20121231/5a18e88e/attachment.html new file mode 100644 index 000000000..6b7fef848 --- /dev/null +++ b/zarb-ml/mageia-discuss/attachments/20121231/5a18e88e/attachment.html @@ -0,0 +1,45 @@ +<br><div class="gmail_quote">2012/12/30 AL13N <span dir="ltr"><<a href="mailto:alien@rmail.be" target="_blank">alien@rmail.be</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> +Op zondag 30 december 2012 21:17:38 schreef Ludovic V Meyer:<br> +<div class="im">> Except it does let 3rd parties OS boot, at least on X86, since the norm<br> +> mandate it.<br> +> And for arm tablet, no one reacted when Apple, Acer, Samsung, Archos and<br> +> lots of others locked down their devices, so trying to argue that we now<br> +> expect them to be open would not work.<br> +<br> +</div>actually, they didn't. you can root each of those iinm.<br></blockquote><div><br>Using 3rd exploit is not really what I call open, they are not supported, likely against DMCA most of the time, and IMHO not reliable. <br> +Not to mention that it requires a manual intervention on each device. If we take the example of Apple, they closed every hole after a while when it was practical to do,and used the existing leagal way to prevent them ( see in 2009,<br> +the update of the developper agreement ). And since I know you will surely talk of if, the DCMA ruling for jailbreaking is just for phone, because unlike France, telcos in USA do not have to unlock your phone after a few months.<br> +<br>Not to mention that afaik, despites them being "not closed" by your definition, stuff like Iphonelinux are all dead in the water.<br>Cyanogenmod only exist because from time to time, Google do a code drop, and they still suffer from needing a custom fork of the kernel.<br> +<br>So if the goal is "to be able to run what I want on my device", that's something that can already be done for applications. What people should say is "running what I want provided no money directly leave my pocket, but I do not mind spending days figuring how to do it, cause I prefer spend 1 week than giving 100 bucks".<br> +<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> +this is about having a secure key hardcoded "burned" in the device, which is<br> +both stupid and annoying. because since apps need to be secured too, too many<br> +people have access to the root key. which means the chance of leak is higher.<br> +which means that your devices need to be thrown out when the rootkey is<br> +compromised or when it's deemed obsolete and a new key will be in place.<br></blockquote><div><br>The key is handled by Verisign, and since that's their jobs since around 18 years, I think they are qualified to do it.<br> +How many time in 18 years was the root cert of Verisign be compromised ?<br><br>Also, you are totally wrong about throwing the device if the key is leaked. This happened to the PS3 due to the world-record breaking ignorance of Sony ( or one sub contractor ), and AFAIK, the PS3 all around the world still work ( and also, no one formally complained about gaming consoles being closed, despite some of them just being powerful PCs ). The same goes for various phones/tablet who have been broken this way ( like the Asus transformer, AFAIK ). <br> +<br>Burning a key in silicium is what Apple have been doing since a long time. That's also the modus operandi of TPM modules. They are used by several banking institutions as a way to make sure the harddrive is protected with bitlocker ( cause you do not want your highest executive laptops to be stolen and that this cause privacy and security issues ). IE, that is viewed as sufficient for FIPS certification and usage for military grade or banking grade security. And I am pretty sure the private key is stored in some HSM like the nShield solo or similar device.<br> +<br>Not everybody work like your client ( the one we talked about yesterday on IRC, if I am not wrong ). Some people take security seriously, and check what happens. But that's not security of the root key that matter, since no one ever asked for public scrutiny or a independent audit.<br> +<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> +the thing here is that since you buy a device, it's yours and you can do what<br> +you want with it. why would you give other parties control over your device?<br> +it's stupid. there needs to be a way as an owner to decide which root keys you<br> +trust or not.<br><div class="im"></div></blockquote><div><br>You do not give control to another party, you delegate trust handling to another party.<br>That's exactly what you do with a browser. Or your bank, or anything in life. <br> +<br>Again, the norm mandate to be able to disable secureboot on x86 and to choose the key. The whole petition is about those that do not follow the norm, and for those, the incentive was to not being Windows 8 certified. So as annoying this will be, that's the best way to find something that let you run Linux.<br> +<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"> +<br> +> And regarding using consumer protection channels, no one did anything to<br> +> make anything move since one year despite being widely publicized on<br> +> various blogs, so how is your proposal different ?<br> +><br> +> Talk is cheap, if every people who proposed that ( for example, on slashdot<br> +> or various foras where nerds are discussing ), someone would have started<br> +> the work by the time. No one did, and that's because everybody that would<br> +> be serious enough know this is built on wrong assumptions.<br> +<br> +</div>in the end talk is cheap and noone does anything about it. or rather instead<br> +of working together, all the companies who back the major linuxes decide to go<br> +down the easy route. (like subscribing into the microsoft program and using<br> +their root key...)<br></blockquote><div><br>All plans that requires someone else to do anything is just a way to blame failure to someone else. If you delegate all your action to someone else, you lose the right to complain about this group not doing what you want. Only delusional fools would believe otherwise.<br> +<br>In fact, hardware not working on Linux is a decades old problem. We all have seen how boycott worked so well to have more hardware supported on linux, and how people happily trade freedom for convenience ( like nvidia drivers, printers, etc, etc ). People should just do a reality check from time to time before proposing the same plan again and again. Last time I checked, humans didn't evolve from goldfish, so maybe we could stop acting like them.<br> +<br></div></div> |