*countable infinities only

Chris Murphy lists at colorremedies.com
Sun Jun 17 16:51:59 UTC 2012

On Jun 16, 2012, at 6:36 PM, Gregory Maxwell wrote:

> On Sat, Jun 16, 2012 at 8:16 PM, Chris Murphy <lists at colorremedies.com> wrote:
>> Calls for speculation. We know what the certification policy used to be. We also know how long DOJ takes to do anything, let alone politicking behind the scenes to arrive at compromise, let alone its day in court. Years. Generations of computers without a disable feature.
> Good job selectively quoting the part of my message where I was saying
> that it was a call for speculation either way.

It was justified. Only one is speculation. The other utilizes evidence and a track record of behavior.

>> This handful are the people who use adversarial words like: fight, war, battle, attack, surrender, engagement, tactical, etc. to describe this topic. This verbiage is the hallmark of propaganda, designed to cause emotive reactions in people, so they don't consider inconvenient things like facts.
> I certainly have not done this and by using this argument against me

You're paranoid. Are you a "handful of people"? 

> It appears to me that you're
> suggesting that I'm somehow asscoiated with "propaganda" (an
> emotionally laden word too) and that people should not bother with an
> inconvenient thing like contemplating my position.

The latter, certainly.

>> Oh, the same people who must think boot loader malware is somewhere in the continuum of people's imaginations to being exclusively a Windows threat.
> Except, as I argued early in these thread, for Fedora the
> cryptographic lockdown will not meaningfully inhibit boot _time_
> malware.  If malware can exploit your kernel to infect the bootloader
> so that the kernel rootkit is reinstalled at every boot to prevent
> updates from removing it then it can just as well infect systemd to
> the exact same end.  It only helps if the whole system runs no
> unsigned code at least upto the point where it connects to the
> internet and gets updates.

And repeating yourself is going to get you a different answer than you've already gotten, naturally. It couldn't possibly be that the argument is inapplicable or uncompelling.

> There are a great many things Fedora could do which would have clear
> security benefit without the compromises. Where is the effort to fully
> seccomp-2 restrict and/or SELinux lockdown every use app that handles
> hostile network input, for example.   Closing the door on botnet
> software long after the machine is compromised is a pretty weak
> security feature and thats the most the signed bootloader/kernel can
> offer, and even that requires signing up half the userspace too.

Out of scope. Please start a new thread.

>> The Windows 8 certification is the most significant change in Microsoft's hardware requirements ever, as far as I can tell. It's a significant departure from their "support legacy at most any cost" position prior to this. Clearly they are more than a bit concerned about boot loader malware than they are gaining, what, 1%, by obliterating the entirety of desktop Linux with this conspiracy.
> Old hardware will continue to run Windows 8. I don't see that I've
> seen any evidence of Microsoft adopting policy to ensure that new
> hardware would continue to run Windows, are you saying they have?

I don't know what you have or haven't seen so I can't answer your question, even if it was understandable.

Old hardware that doesn't meet the Windows 8 hardware requirements can't claim to be made for Windows 8. If a vendor wants that certification and logo usage as an OEM, they have to meet the requirements for that certification. Simple. I'm only opining that those requirements represent the most aggressive change I've seen from Microsoft to date.

I therefore further opine conspiracy theorists necessarily have to believe that the conspiracy is primarily to obliterate a ~1% market, and that this piddly market is a greater concern to Microsoft than boot loader malware, or face planting with Windows 8, Metro, Windows Phone 7.x, 8.x, RT, or their server markets, and all other challenges. Conspiracy theorists necessarily believe it's all about them, that they're explicit targets.

Chris Murphy

More information about the devel mailing list