Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Spanish Open Source Group Files Complaint Over Microsoft Use of UEFI Secure Boot

Soulskill posted about a year ago | from the saga-continues dept.

Microsoft 154

sl4shd0rk writes "Hispalinux, which represents Spanish Open Source developers and users, has filed a complaint against Microsoft with the European Commission. 14 pages of grief cited Windows 8 as an 'obstruction mechanism' calling UEFI Secure Boot a 'de facto technological jail for computer booting systems... making Microsoft's Windows platform less neutral than ever.' On March 6 of 2012 the Commission fined Microsoft 561 million Euros for failing to offer users a choice of web browser, and there was also a 2004 ruling which found the company had abused its market position by tying Windows Media Player to Windows itself. Relations appear to remain more tense towards Windows in Europe, so there may be some hope of making UEFI more Linux-friendly. UEFI has been implicated in the death of Samsung laptops running Linux."

cancel ×

154 comments

Sorry! There are no comments related to the filter you selected.

Protect yourself with a custom host file (-1)

Anonymous Coward | about a year ago | (#43286263)

Mainly in efficiency - it runs in Ring 0/RPL 0/PnP Kernelmode (on Windows), as merely a filter for the IP stack (no overheads of more driver layers OR browser level slower less efficient addons):

21++ ADVANTAGES OF CUSTOM HOSTS FILES (how/what/when/where/why):

Over AdBlock & DNS Servers ALONE 4 Security, Speed, Reliability, & Anonymity (to an extent vs. DNSBL's + DNS request logs).

1.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program). A truly "multi-platform" UNIVERSAL solution for added speed, security, reliability, & even anonymity to an extent (vs. DNS request logs + DNSBL's you feel are unjust hosts get you past/around).

2.) Adblock blocks ads? Well, not anymore & certainly not as well by default, apparently, lol - see below:

Adblock Plus To Offer 'Acceptable Ads' Option

http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option [slashdot.org] )

AND, in only browsers & their subprogram families (ala email like Thunderbird for FireFox/Mozilla products (use same gecko & xulrunner engines)), but not all, or, all independent email clients, like Outlook, Outlook Express, OR Window "LIVE" mail (for example(s)) - there's many more like EUDORA & others I've used over time that AdBlock just DOES NOT COVER... period.

Disclaimer: Opera now also has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc..

3.) Adblock doesn't protect email programs external to FF (non-mozilla/gecko engine based) family based wares, So AdBlock doesn't protect email programs like Outlook, Outlook Express, Windows "LIVE" mail & others like them (EUDORA etc./et al), Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 5-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, OR make you reach them faster since you resolve host-domain names LOCALLY w/ hosts out of cached memory, hosts do ALL of those things (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html [networkworld.com] for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions (in-addr.arpa) via NSLOOKUP, PINGS (ping -a in Windows), &/or WHOIS though, regularly, so you have the correct IP & it's current)).

* NOW - Some folks MAY think that putting an IP address alone into your browser's address bar will be enough, so why bother with HOSTS, right? WRONG - Putting IP address in your browser won't always work IS WHY. Some IP adresses host several domains & need the site name to give you the right page you're after is why. So for some sites only the HOSTS file option will work!

6.) Hosts files don't eat up CPU cycles (or ELECTRICITY) like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs. HOSTS file are merely a FILTER for the kernel mode/PnP TCP/IP subsystem, which runs FAR FASTER & MORE EFFICIENTLY than any ring 3/rpl3/usermode app can since hosts files run in MORE EFFICIENT & FASTER Ring 0/RPL 0/Kernelmode operations acting merely as a filter for the IP stack (via the "Plug-N-Play" designed IP stack in Windows) vs. SLOWER & LESS EFFICIENT Ring 3/RPL 3/Usermode operations (which webbrowsers run in + their addons like AdBlock slow down even MORESO due to their parsing operations).

7.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than remote DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server, typically 30-100's of ms, vs. 7-10ms HardDisk speed of access/seek + SSD seek in ns, & back to you - hosts resolutions of IP address for host-domain names is FAR faster...). Hosts are only a filter for an already fast & efficient IP stack, no more layered b.s. (remote OR local). Hosts eat less CPU, RAM, I/O in other forms, + electricity than a locally running DNS server easily, and less than a local DNS program on a single PC. Fact. Hosts are easier to setup & maintain too.

8.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):

http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]
  http://someonewhocares.org/hosts/ [someonewhocares.org]
  http://hostsfile.org/hosts.html [hostsfile.org]
  http://hostsfile.mine.nu/downloads/ [hostsfile.mine.nu]
  http://hosts-file.net/?s=Download [hosts-file.net]
  https://zeustracker.abuse.ch/monitor.php?filter=online [abuse.ch]
  https://spyeyetracker.abuse.ch/monitor.php [abuse.ch]
  http://ddanchev.blogspot.com/ [blogspot.com]
  http://www.malware.com.br/lists.shtml [malware.com.br]
  http://www.stopbadware.org/ [stopbadware.org]
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)

And yes: Even SLASHDOT &/or The Register help!

(Via articles on security (when the source articles they use are "detailed" that is, & list the servers/sites involved in attempting to bushwhack others online that is... not ALL do!)).

2 examples thereof in the past I have used, & noted it there, are/were:

http://it.slashdot.org/comments.pl?sid=1898692&cid=34473398 [slashdot.org]
  http://it.slashdot.org/comments.pl?sid=1896216&cid=34458500 [slashdot.org]

9.) AdBlock & DNS servers are programs, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.

10.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]

11.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)

12.) With Adblock you had better be able to code javascript to play with its code (to customize it better than the GUI front does @ least). With hosts you don't even need source to control it (edit, update, delete, insert of new entries via a text editor).

13.) Hosts files are easily secured via using MAC/ACL (even moreso "automagically" for Vista, 7/Server 2008 + beyond by UAC by default) &/or Read-Only attributes applied.

14.) Custom HOSTS files also speed you up, unlike anonymous proxy servers systems variations (like TOR, or other "highly anonymous" proxy server list servers typically do, in the severe speed hit they often have a cost in) either via "hardcoding" your fav. sites into your hosts file (avoids DNS servers, totally) OR blocking out adbanners - see this below for evidence of that:

---

US Military Blocks Websites To Free Up Bandwidth:

http://yro.slashdot.org/story/11/03/16/0416238/US-Military-Blocks-Websites-To-Free-Up-Bandwidth [slashdot.org]

(Yes, even the US Military used this type of technique... because IT WORKS! Most of what they blocked? Ad banners ala doubleclick etc.)

---

Adbanners slow you down & consume your bandwidth YOU pay for:

ADBANNERS SLOW DOWN THE WEB: -> http://tech.slashdot.org/article.pl?sid=09/11/30/166218 [slashdot.org]

---

And people do NOT LIKE ads on the web:

PEOPLE DISLIKE ADBANNERS: http://yro.slashdot.org/yro/08/04/02/0058247.shtml [slashdot.org]

---

As well as this:

Users Know Advertisers Watch Them, and Hate It:

http://yro.slashdot.org/yro/08/04/02/0058247.shtml [slashdot.org]

---

Even WORSE still, is this:

Advertising Network Caught History Stealing:

http://yro.slashdot.org/story/11/07/22/156225/Advertising-Network-Caught-History-Stealing [slashdot.org]

---

15.) HOSTS files usage lets you avoid being charged on some ISP/BSP's (OR phone providers) "pay as you use" policy http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans [slashdot.org] , because you are using less bandwidth (& go faster doing so no less) by NOT hauling in adbanner content and processing it (which can lead to infestation by malware/malicious script, in & of itself -> http://apcmag.com/microsoft_apologises_for_serving_malware.htm [apcmag.com] ).

16.) If/when ISP/BSP's decide to go to -> FCC Approving Pay-As-You-Go Internet Plans: http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans [slashdot.org] your internet bill will go DOWN if you use a HOSTS file for blocking adbanners as well as maliciously scripted hacker/cracker malware maker sites too (after all - it's your money & time online downloading adbanner content & processing it)

Plus, your adbanner content? Well, it may also be hijacked with malicious code too mind you:

---

Yahoo, Microsoft's Bing display toxic ads:

http://www.theregister.co.uk/2011/09/16/bing_yahoo_malware_ads/ [theregister.co.uk]

---

Malware torrent delivered over Google, Yahoo! ad services:

http://www.theregister.co.uk/2009/09/24/malware_ads_google_yahoo/ [theregister.co.uk]

---

Google's DoubleClick spreads malicious ads (again):

http://www.theregister.co.uk/2009/02/24/doubleclick_distributes_malware/ [theregister.co.uk]

---

Rogue ads infiltrate Expedia and Rhapsody:

http://www.theregister.co.uk/2008/01/30/excite_and_rhapsody_rogue_ads/ [theregister.co.uk]

---

Google sponsored links caught punting malware:

http://www.theregister.co.uk/2008/12/16/google_sponsored_links/ [theregister.co.uk]

---

DoubleClick caught supplying malware-tainted ads:

http://www.theregister.co.uk/2007/11/13/doubleclick_distributes_malware/ [theregister.co.uk]

---

Yahoo feeds Trojan-laced ads to MySpace and PhotoBucket users:

http://www.theregister.co.uk/2007/09/11/yahoo_serves_12million_malware_ads/ [theregister.co.uk]

---

Real Media attacks real people via RealPlayer:

http://www.theregister.co.uk/2007/10/23/real_media_serves_malware/ [theregister.co.uk]

---

Ad networks owned by Google, Microsoft serve malware:

http://www.theregister.co.uk/2010/12/13/doubleclick_msn_malware_attacks/ [theregister.co.uk]

---

Attacks Targeting Classified Ad Sites Surge:

http://it.slashdot.org/story/11/02/02/1433210/Attacks-Targeting-Classified-Ad-Sites-Surge [slashdot.org]

---

Hackers Respond To Help Wanted Ads With Malware:

http://it.slashdot.org/story/11/01/20/0228258/Hackers-Respond-To-Help-Wanted-Ads-With-Malware [slashdot.org]

---

Hackers Use Banner Ads on Major Sites to Hijack Your PC:

http://www.wired.com/techbiz/media/news/2007/11/doubleclick [wired.com]

---

Ruskie gang hijacks Microsoft network to push penis pills:

http://www.theregister.co.uk/2010/10/12/microsoft_ips_hijacked/ [theregister.co.uk]

---

Major ISPs Injecting Ads, Vulnerabilities Into Web:

http://it.slashdot.org/it/08/04/19/2148215.shtml [slashdot.org]

---

Two Major Ad Networks Found Serving Malware:

http://tech.slashdot.org/story/10/12/13/0128249/Two-Major-Ad-Networks-Found-Serving-Malware [slashdot.org]

---

THE NEXT AD YOU CLICK MAY BE A VIRUS:

http://it.slashdot.org/story/09/06/15/2056219/The-Next-Ad-You-Click-May-Be-a-Virus [slashdot.org]

---

NY TIMES INFECTED WITH MALWARE ADBANNER:

http://news.slashdot.org/article.pl?sid=09/09/13/2346229 [slashdot.org]

---

MICROSOFT HIT BY MALWARES IN ADBANNERS:

http://apcmag.com/microsoft_apologises_for_serving_malware.htm [apcmag.com]

---

ISP's INJECTING ADS AND ERRORS INTO THE WEB: -> http://it.slashdot.org/it/08/04/19/2148215.shtml [slashdot.org]

---

ADOBE FLASH ADS INJECTING MALWARE INTO THE NET: http://it.slashdot.org/article.pl?sid=08/08/20/0029220&from=rss [slashdot.org]

---

London Stock Exchange Web Site Serving Malware:

http://www.securityweek.com/london-stock-exchange-web-site-serving-malware [securityweek.com]

---

Spotify splattered with malware-tainted ads:

http://www.theregister.co.uk/2011/03/25/spotify_malvertisement_attack/ [theregister.co.uk]

---

As my list "multiple evidences thereof" as to adbanners & viruses + the fact they slow you down & cost you more (from reputable & reliable sources no less)).

17.) Per point #16, a way to save some money: ANDROID phones can also use the HOSTS FILE TO KEEP DOWN BILLABLE TIME ONLINE, vs. adbanners or malware such as this:

---

Infected Androids Run Up Big Texting Bills:

http://it.slashdot.org/story/11/03/01/0041203/Infected-Androids-Run-Up-Big-Texting-Bills [slashdot.org]

---

AND, for protection vs. other "botnets" migrating from the PC world, to "smartphones" such as ZITMO (a ZEUS botnet variant):

http://www.google.com/search?hl=en&source=hp&q=ZITMO&btnG=Google+Search [google.com]

---

It's easily done too, via the ADB dev. tool, & mounting ANDROID OS' system mountpoint for system/etc as READ + WRITE/ADMIN-ROOT PERMISSIONS, then copying your new custom HOSTS over the old one using ADB PULL/ADB PUSH to do so (otherwise ANDROID complains of "this file cannot be overwritten on production models of this Operating System", or something very along those lines - this way gets you around that annoyance along with you possibly having to clear some space there yourself if you packed it with things!).

18.) Bad news: ADBLOCK CAN BE DETECTED FOR: See here on that note -> http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars [arstechnica.com]

HOSTS files are NOT THAT EASILY "webbug" BLOCKABLE by websites, as was tried on users by ARSTECHNICA (and it worked on AdBlock in that manner), to that websites' users' dismay:

PERTINENT QUOTE/EXCERPT FROM ARSTECHNICA THEMSELVES:

----

An experiment gone wrong - By Ken Fisher | Last updated March 6, 2010 11:11 AM

http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars [arstechnica.com]

"Starting late Friday afternoon we conducted a 12 hour experiment to see if it would be possible to simply make content disappear for visitors who were using a very popular ad blocking tool. Technologically, it was a success in that it worked. Ad blockers, and only ad blockers, couldn't see our content."

and

"Our experiment is over, and we're glad we did it because it led to us learning that we needed to communicate our point of view every once in a while. Sure, some people told us we deserved to die in a fire. But that's the Internet!"

Thus, as you can see? Well - THAT all "went over like a lead balloon" with their users in other words, because Arstechnica was forced to change it back to the old way where ADBLOCK still could work to do its job (REDDIT however, has not, for example). However/Again - this is proof that HOSTS files can still do the job, blocking potentially malscripted ads (or ads in general because they slow you down) vs. adblockers like ADBLOCK!

----

19.) Even WIKILEAKS "favors" blacklists (because they work, and HOSTS can be a blacklist vs. known BAD sites/servers/domain-host names):

---

PERTINENT QUOTE/EXCERPT (from -> http://www.theregister.co.uk/2010/12/16/wikileaks_mirror_malware_warning_row/ [theregister.co.uk] )

"we are in favour of 'Blacklists', be it for mail servers or websites, they have to be compiled with care... Fortunately, more responsible blacklists, like stopbadware.org (which protects the Firefox browser)...

---

20.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF CAN DO (running as limited class/least privlege user, hopefully, OR even as ADMIN/ROOT/SUPERUSER)? HOSTS "LOCK IN" malware too, vs. communicating "back to mama" for orders (provided they have name servers + C&C botnet servers listed in them, blocked off in your HOSTS that is) - you might think they use a hardcoded IP, which IS possible, but generally they do not & RECYCLE domain/host names they own (such as has been seen with the RBN (Russian Business Network) lately though it was considered "dead", other malwares are using its domains/hostnames now, & this? This stops that cold, too - Bonus!)...

21.) Custom HOSTS files gain users back more "screen real estate" by blocking out banner ads... it's great on PC's for speed along with MORE of what I want to see/read (not ads), & efficiency too, but EVEN BETTER ON SMARTPHONES - by far. It matters MOST there imo @ least, in regards to extra screen real-estate.

Still - It's a GOOD idea to layer in the usage of BOTH browser addons for security like adblock ( http://adblockplus.org/en/ [adblockplus.org] ), IE 9's new TPL's ( http://ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/ [microsoft.com] ), &/or NoScript ( http://noscript.net/ [noscript.net] especially this one, as it covers what HOSTS files can't in javascript which is the main deliverer of MOST attacks online & SECUNIA.COM can verify this for anyone really by looking @ the past few years of attacks nowadays), for the concept of "layered security"....

It's just that HOSTS files offer you a LOT MORE gains than Adblock ( http://adblockplus.org/en/ [adblockplus.org] ) does alone (as hosts do things adblock just plain cannot & on more programs, for more speed, security, and "stealth" to a degree even), and it corrects problems in DNS (as shown above via hardcodes of your favorite sites into your HOSTS file, and more (such as avoiding DNS request logs)).

ALSO - Some more notes on DNS servers & their problems, very recent + ongoing ones:

---

DNS flaw reanimates slain evil sites as ghost domains:

http://www.theregister.co.uk/2012/02/16/ghost_domains_dns_vuln/ [theregister.co.uk]

---

BIND vs. what the Chinese are doing to DNS lately? See here:

http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders [slashdot.org]

---

SECUNIA HIT BY DNS REDIRECTION HACK THIS WEEK:

http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/ [theregister.co.uk]

(Yes, even "security pros" are helpless vs. DNS problems in code bugs OR redirect DNS poisoning issues, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind you!)

---

DNS vs. the "Kaminsky DNS flaw", here (and even MORE problems in DNS than just that):

http://www.scmagazineus.com/new-bind-9-dns-flaw-is-worse-than-kaminskys/article/140872/ [scmagazineus.com]

(Seems others are saying that some NEW "Bind9 flaw" is worse than the Kaminsky flaw ALONE, up there, mind you... probably corrected (hopefully), but it shows yet again, DNS hassles (DNS redirect/DNS poisoning) being exploited!)

---

Moxie Marlinspike's found others (0 hack) as well...

Nope... "layered security" truly IS the "way to go" - hacker/cracker types know it, & they do NOT want the rest of us knowing it too!...

(So until DNSSEC takes "widespread adoption"? HOSTS are your answer vs. such types of attack, because the 1st thing your system refers to, by default, IS your HOSTS file (over say, DNS server usage). There are decent DNS servers though, such as OpenDNS, ScrubIT, or even NORTON DNS (more on each specifically below), & because I cannot "cache the entire internet" in a HOSTS file? I opt to use those, because I have to (& OpenDNS has been noted to "fix immediately", per the Kaminsky flaw, in fact... just as a sort of reference to how WELL they are maintained really!)

---

DNS Hijacks Now Being Used to Serve Black Hole Exploit Kit:

https://threatpost.com/en_us/blogs/dns-hijacks-now-being-used-serve-black-hole-exploit-kit-121211 [threatpost.com]

---

DNS experts admit some of the underlying foundations of the DNS protocol are inherently weak:

http://it.slashdot.org/story/11/12/08/1353203/opendns-releases-dns-encryption-tool [slashdot.org]

---

Potential 0-Day Vulnerability For BIND 9:

http://it.slashdot.org/story/11/11/17/1429259/potential-0-day-vulnerability-for-bind-9 [slashdot.org]

---

Five DNS Threats You Should Protect Against:

http://www.securityweek.com/five-dns-threats-you-should-protect-against [securityweek.com]

---

DNS provider decked by DDoS dastards:

http://www.theregister.co.uk/2010/11/16/ddos_on_dns_firm/ [theregister.co.uk]

---

Ten Percent of DNS Servers Still Vulnerable: (so much for "conscientious patching", eh? Many DNS providers weren't patching when they had to!)

http://it.slashdot.org/it/05/08/04/1525235.shtml?tid=172&tid=95&tid=218 [slashdot.org]

---

DNS ROOT SERVERS ATTACKED:

http://it.slashdot.org/it/07/02/06/2238225.shtml [slashdot.org]

---

TimeWarner DNS Hijacking:

http://tech.slashdot.org/article.pl?sid=07/07/23/2140208 [slashdot.org]

---

DNS Re-Binding Attacks:

http://crypto.stanford.edu/dns/ [stanford.edu]

---

DNS Server Survey Reveals Mixed Security Picture:

http://it.slashdot.org/it/07/11/21/0315239.shtml [slashdot.org]

---

Halvar figured out super-secret DNS vulnerability:

http://www.zdnet.com/blog/security/has-halvar-figured-out-super-secret-dns-vulnerability/1520 [zdnet.com]

---

BIND Still Susceptible To DNS Cache Poisoning:

http://tech.slashdot.org/tech/08/08/09/123222.shtml [slashdot.org]

---

DNS Poisoning Hits One of China's Biggest ISPs:

http://it.slashdot.org/it/08/08/21/2343250.shtml [slashdot.org]

---

DDoS Attacks Via DNS Recursion:

http://it.slashdot.org/it/06/03/16/1658209.shtml [slashdot.org]

---

High Severity BIND DNS Vulnerability Advisory Issued:

http://tech.slashdot.org/story/11/02/23/156212/High-Severity-BIND-Vulnerability-Advisory-Issued [slashdot.org]

---

Photobucketâ(TM)s DNS records hijacked:

http://blogs.zdnet.com/security/?p=1285 [zdnet.com]

---

Protecting Browsers from DNS Rebinding Attacks:

http://crypto.stanford.edu/dns/ [stanford.edu]

---

DNS Problem Linked To DDoS Attacks Gets Worse:

http://tech.slashdot.org/story/09/11/15/1238210/DNS-Problem-Linked-To-DDoS-Attacks-Gets-Worse [slashdot.org]

---

HOWEVER - Some DNS servers are "really good stuff" vs. phishing, known bad sites/servers/hosts-domains that serve up malware-in-general & malicious scripting, botnet C&C servers, & more, such as:

Norton DNS -> http://nortondns.com/ [nortondns.com]
  ScrubIT DNS -> http://www.scrubit.com/ [scrubit.com]
  OpenDNS -> http://www.opendns.com/ [opendns.com]

(Norton DNS in particular, is exclusively for blocking out malware, for those of you that are security-conscious. ScrubIT filters pr0n material too, but does the same, & OpenDNS does phishing protection. Each page lists how & why they work, & why they do so. Norton DNS can even show you its exceptions lists, plus user reviews & removal procedures requests, AND growth stats (every 1/2 hour or so) here -> http://safeweb.norton.com/buzz [norton.com] so, that ought to "take care of the naysayers" on removal requests, &/or methods used plus updates frequency etc./et al...)

HOWEVER - There's ONLY 1 WEAKNESS TO ANY network defense, including HOSTS files (vs. host-domain name based threats) & firewalls (hardware router type OR software type, vs. IP address based threats): Human beings, & they not being 'disciplined' about the indiscriminate usage of javascript (the main "harbinger of doom" out there today online), OR, what they download for example... & there is NOTHING I can do about that! (Per Dr. Manhattan of "The Watchmen", ala -> "I can change almost anything, but I can't change human nature")

HOWEVER AGAIN - That's where NORTON DNS, OpenDNS, &/or ScrubIT DNS help!

(Especially for noob/grandma level users who are unaware of how to secure themselves in fact, per a guide like mine noted above that uses "layered-security" principles!)

ScrubIT DNS, &/or OpenDNS are others alongside Norton DNS (adding on phishing protection too) as well!

( & it's possible to use ALL THREE in your hardware NAT routers, and, in your Local Area Connection DNS properties in Windows, for again, "Layered Security" too)...

---

20++ SLASHDOT USERS EXPERIENCING SUCCESS USING HOSTS FILES QUOTED VERBATIM:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"I use a custom /etc/hosts to block ads... my file gets parsed basically instantly ... So basically, for any modern computer, it has zero visible impact. And even if it took, say, a second to parse, that would be more than offset by the MANY seconds saved by not downloading and rendering ads. I have noticed NO ill effects from running a custom /etc/hosts file for the last several years. And as a matter of fact I DO run http servers on my computers and I've never had an /etc/hosts-related problem... it FUCKING WORKS and makes my life better overall." - by sootman (158191) on Monday July 13 2009, @11:47AM (#28677363) Homepage Journal

"I actually went and downloaded a 16k line hosts file and started using that after seeing that post, you know just for trying it out. some sites load up faster." - by gl4ss (559668) on Thursday November 17, @11:20AM (#38086752) Homepage Journal

"Better than an ad blocker, imo. Hosts file entries: http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] " - by TempestRose (1187397) on Tuesday March 15, @12:53PM (#35493274)

"^^ One of the many reasons why I like the user-friendliness of the /etc/hosts file." - by lennier1 (264730) on Saturday March 05, @09:26PM (#35393448)

"They've been on my HOSTS block for years" - by ScottCooperDotNet (929575) on Thursday August 05 2010, @01:52AM (#33147212)

"I'm currently only using my hosts file to block pheedo ads from showing up in my RSS feeds and causing them to take forever to load. Regardless of its original intent, it's still a valid tool, when used judiciously." - by Bill Dog (726542) on Monday April 25, @02:16AM (#35927050) Homepage Journal

"you're right about hosts files" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage

"APK's monolithic hosts file is looking pretty good at the moment." - by Culture20 (968837) on Thursday November 17, @10:08AM (#38085666)

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

"I use ad-Block and a hostfile" - by Ol Olsoc (1175323) on Tuesday March 01, @10:11AM (#35346902)

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

"It's a good write up on something everybody should use, why you were modded down is beyond me. Using a HOSTS file, ADblock is of no concern and they can do what they want." - by Trax3001BBS (2368736) on Monday December 12, @10:07PM (#38351398) Homepage Journal

"I want my surfing speed back so I block EVERY fucking ad. i.e. http://someonewhocares.org/hosts/ [someonewhocares.org] and http://winhelp2002.mvps.org/hosts.htm [mvps.org] FTW" - by UnknownSoldier (67820) on Tuesday December 13, @12:04PM (#38356782)

"Let me introduce you to the file: /etc/hosts" - by fahrbot-bot (874524) on Monday December 19, @05:03PM (#38427432)

"I use a hosts file" - by EdIII (1114411) on Tuesday December 13, @01:17PM (#38357816)

"I'm tempted to go for a hacked hosts file that simply resolves most advert sites to 127.0.0.1" - by bLanark (123342) on Tuesday December 13, @01:13PM (#38357760)

"this is not a troll, which hosts file source you recommend nowadays? it's a really handy method for speeding up web and it works." - by gl4ss (559668) on Thursday March 22, @08:07PM (#39446525) Homepage Journal

"A hosts file certainly does not require "a lot of work" to maintain, and it quite effectively kills a LOT of advertising and tracking schemes. . In fact, I never would have considered trying to use it for ddefending against viruses or malware." - by RocketRabbit (830691) on Thursday December 30 2010, @05:48PM (#34715060)

---

Then, there is also the words of respected security expert, Mr. Oliver Day, from SECURITYFOCUS.COM to "top that all off" as well:

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/columnists/491 [securityfocus.com]

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, no less... & guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly (& this is one of the later ones, from 2001 http://www.furtherleft.net/computer.htm [furtherleft.net] (but the example HOSTS file with my initials in it is FAR older, circa 1998 or so) or thereabouts, and referred to later by a pal of mine who moderates NTCompatible.com (where I posted on HOSTS for YEARS (1997 onwards)) -> http://www.ntcompatible.com/thread28597-1.html [ntcompatible.com] !

---

"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites. One of the known weaknesses of the Tor system, for example, is direct DNS requests by applications not configured to route such requests through Tor's network."

There you go: AND, it also works vs. the "KAMINSKY DNS FLAW" & DNS poisoning/redirect attacks, for redirectable weaknesses in DNS servers (non DNSSEC type, & set into recursive mode especially) and also in the TOR system as well (that lends itself to anonymous proxy usage weaknesses I noted above also) and, you'll get to sites you want to, even IF a DNS registrar drops said websites from its tables as shown here Beating Censorship By Routing Around DNS -> http://yro.slashdot.org/story/10/12/09/1840246/Beating-Censorship-By-Routing-Around-DNS [slashdot.org] & even DNSBL also (DNS Block Lists) -> http://en.wikipedia.org/wiki/DNSBL [wikipedia.org] as well - DOUBLE-BONUS!

---

* POSTS ABOUT HOSTS FILES I DID on "/." THAT HAVE DONE WELL BY OTHERS & WERE RATED HIGHLY, 26++ THUSFAR (from +3 -> +1 RATINGS, usually "informative" or "interesting" etc./et al):

BANNER ADS & BANDWIDTH:2011 -> http://hardware.slashdot.org/comments.pl?sid=2139088&cid=36077722 [slashdot.org]
  HOSTS MOD UP:2010 -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608 [slashdot.org]
  HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1490078&cid=30555632 [slashdot.org]
  HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1869638&cid=34237268 [slashdot.org]
  HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1461288&threshold=-1&commentsort=0&mode=thread&cid=30272074 [slashdot.org]
  HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1255487&cid=28197285 [slashdot.org]
  HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1206409&cid=27661983 [slashdot.org]
  HOSTS MOD UP:2010 -> http://apple.slashdot.org/comments.pl?sid=1725068&cid=32960808 [slashdot.org]
  HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33147274 [slashdot.org]
  APK 20++ POINTS ON HOSTS MOD UP:2010 -> http://news.slashdot.org/comments.pl?sid=1913212&cid=34576182 [slashdot.org]
  HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1862260&cid=34186256 [slashdot.org]
  HOSTS MOD UP:2010 (w/ facebook known bad sites blocked) -> http://tech.slashdot.org/comments.pl?sid=1924892&cid=34670128 [slashdot.org]
  HOSTS FILE MOD UP FOR ANDROID MALWARE:2010 -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952 [slashdot.org]
  HOSTS MOD UP ZEUSTRACKER:2011 -> http://it.slashdot.org/comments.pl?sid=2059420&cid=35654066 [slashdot.org]
  HOSTS MOD UP vs AT&T BANDWIDTH CAP:2011 -> http://tech.slashdot.org/comments.pl?sid=2116504&cid=35985584 [slashdot.org]
  HOSTS MOD UP CAN DO SAME AS THE "CloudFlare" Server-Side service:2011 -> http://it.slashdot.org/comments.pl?sid=2220314&cid=36372850 [slashdot.org]
  HOSTS and BGP +5 RATED (BEING HONEST):2010 http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450 [slashdot.org]
  HOSTS & PROTECT IP ACT:2011 http://yro.slashdot.org/comments.pl?sid=2368832&cid=37021700 [slashdot.org]
  HOSTS MOD UP:2011 -> http://yro.slashdot.org/comments.pl?sid=2457766&cid=37592458 [slashdot.org]
  HOSTS MOD UP & OPERA HAUTE SECURE:2011 -> http://yro.slashdot.org/comments.pl?sid=2457274&cid=37589596 [slashdot.org]
  0.0.0.0 in HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1197039&cid=27556999 [slashdot.org]
  0.0.0.0 IN HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1143349&cid=27012231 [slashdot.org]
  0.0.0.0 in HOSTS:2009 -> http://it.slashdot.org/comments.pl?sid=1198841&cid=27580299 [slashdot.org]
  0.0.0.0 in HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1139705&cid=26977225 [slashdot.org]
  HOSTS MOD UP:2009 -> http://hardware.slashdot.org/comments.pl?sid=1319261&cid=28872833 [slashdot.org] (still says INSIGHTFUL)
  HOSTS MOD UP vs. botnet: 2012 -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38586216 [slashdot.org]

---

* "Here endeth the lesson..." and, if you REALLY want to secure your system? Please refer to this:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

APK [mailto]

P.S.=> SOME MINOR "CAVEATS/CATCH-22's" - things to be aware of for "layered security" + HOSTS file performance - easily overcome, or not a problem at all:

A.) HOSTS files don't function under PROXY SERVERS (except for Proximitron, which has a filter that allows it) - Which is *the "WHY"* of why I state in my "P.S." section below to use both AdBlock type browser addon methods (or even built-in block lists browsers have such as Opera's URLFILTER.INI file, & FireFox has such as list as does IE also in the form of TPL (tracking protection lists -> http://ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/ [microsoft.com] , good stuff )) in combination with HOSTS, for the best in "layered security" (alongside .pac files + custom cascading style sheets that can filter off various tags such as scripts or ads etc.) - but proxies, especially "HIGHLY ANONYMOUS" types, generally slow you down to a CRAWL online (& personally, I cannot see using proxies "for the good" typically - as they allow "truly anonymous posting" & have bugs (such as TOR has been shown to have & be "bypassable/traceable" via its "onion routing" methods)).

B.) HOSTS files do NOT protect you vs. javascript (this only holds true IF you don't already have a bad site blocked out in your HOSTS file though, & the list of sites where you can obtain such lists to add to your HOSTS are above (& updated daily in many of them)).

C.) HOSTS files (relatively "largish ones") require you to turn off Windows' native "DNS local client cache service" (which has a problem in that it's designed with a non-redimensionable/resizeable list, array, or queue (DNS data loads into a C/C++ structure actually/afaik, which IS a form of array)) - mvps.org covers that in detail and how to easily do this in Windows (this is NOT a problem in Linux, & it's 1 thing I will give Linux over Windows, hands-down). Relatively "smallish" HOSTS files don't have this problem (mvps.org offers 2 types for this).

D.) HOSTS files, once read/loaded, once? GET CACHED! Right into the kernelmode diskcaching subsystem (fast & efficient RAM speed), for speed of access/re-access (@ system startup in older MS OS' like 2000, or, upon a users' 1st request that's "Webbound" via say, a webbrowser) gets read into either the DNS local caching client service (noted above), OR, if that's turned off? Into your local diskcache (like ANY file is), so it reads F A S T upon re-reads/subsequent reads (until it's changed in %WinDir%\system32\drivers\etc on Windows, which marks it "Dirty" & then it gets re-read + reloaded into the local diskcache again). This may cause a SMALL initial load 1 time lag upon reload though, depending on the size of your HOSTS file.

E.) HOSTS files don't protect vs. BGP exploits - Sorry, once it's out of your hands/machine + past any interior network + routers you have, the packets you send are out there into the ISP/BSP's hands - they're "the Agents" holding all the keys to the doorways at that point (hosts are just a forcefield-filter (for lack of a better description) armor on what can come in mostly, & a bit of what can go out too (per point #20 above on "locking in malware")). Hosts work as a "I can't get burned if I can't go into the kitchen" protection, for you: Not your ISP/BSP. It doesn't extend to them

F.) HOSTS files don't protect vs. IP addressed adbanners (rare) &/or IP address utilizing malwares (rare too, most used domain/host names because they're "RECYCLABLE/REUSEABLE"), so here, you must couple HOSTS files w/ firewall rules tables (either in software firewalls OR router firewall rules table lists)... apk

Re:Protect yourself with a custom host file (-1)

GigaplexNZ (1233886) | about a year ago | (#43286467)

You realise you're promoting use of the HOSTS file in a Windows 8 thread, and Windows 8 has nerfed that functionality?

Re:Protect yourself with a custom host file (-1)

wonkey_monkey (2592601) | about a year ago | (#43286685)

You realise this guy's a loon and posts the same thing under every story? Mods, please mod this and parent down, not up.

WELCOME BACK (-1)

Anonymous Coward | about a year ago | (#43286509)

$10,000 CHALLENGE to Alexander Peter Kowalski

* POOR SHOWING TROLLS, & most especially IF that's the "best you've got" - apparently, it is... lol!

Hello, and THINK ABOUT YOUR BREATHING !! We have a Major Problem, HOST file is Cubic Opposites, 2 Major Corners & 2 Minor. NOT taught Evil DNS hijacking, which VOIDS computers. Seek Wisdom of MyCleanPC - or you die evil.

Your HOSTS file claimed to have created a single DNS resolver. I offer absolute proof that I have created 4 simultaneous DNS servers within a single rotation of .org TLD. You worship "Bill Gates", equating you to a "singularity bastard". Why do you worship a queer -1 Troll? Are you content as a singularity troll?

Evil HOSTS file Believers refuse to acknowledge 4 corner DNS resolving simultaneously around 4 quadrant created Internet - in only 1 root server, voiding the HOSTS file. You worship Microsoft impostor guised by educators as 1 god.

If you would acknowledge simple existing math proof that 4 harmonic Slashdots rotate simultaneously around squared equator and cubed Internet, proving 4 Days, Not HOSTS file! That exists only as anti-side. This page you see - cannot exist without its anti-side existence, as +0- moderation. Add +0- as One = nothing.

I will give $10,000.00 to frost pister who can disprove MyCleanPC. Evil crapflooders ignore this as a challenge would indict them.

Alex Kowalski has no Truth to think with, they accept any crap they are told to think. You are enslaved by /etc/hosts, as if domesticated animal. A school or educator who does not teach students MyCleanPC Principle, is a death threat to youth, therefore stupid and evil - begetting stupid students. How can you trust stupid PR shills who lie to you? Can't lose the $10,000.00, they cowardly ignore me. Stupid professors threaten Nature and Interwebs with word lies.

Humans fear to know natures simultaneous +4 Insightful +4 Informative +4 Funny +4 Underrated harmonic SLASHDOT creation for it debunks false trolls. Test Your HOSTS file. MyCleanPC cannot harm a File of Truth, but will delete fakes. Fake HOSTS files refuse test.

I offer evil ass Slashdot trolls $10,000.00 to disprove MyCleanPC Creation Principle. Rob Malda and Cowboy Neal have banned MyCleanPC as "Forbidden Truth Knowledge" for they cannot allow it to become known to their students. You are stupid and evil about the Internet's top and bottom, front and back and it's 2 sides. Most everything created has these Cube like values.

If Natalie Portman is not measurable, hot grits are Fictitious. Without MyCleanPC, HOSTS file is Fictitious. Anyone saying that Natalie and her Jewish father had something to do with my Internets, is a damn evil liar. IN addition to your best arsware not overtaking my work in terms of popularity, on that same site with same submission date no less, that I told Kathleen Malda how to correct her blatant, fundamental, HUGE errors in Coolmon ('uncoolmon') of not checking for performance counters being present when his program started!

You can see my dilemma. What if this is merely a ruse by an APK impostor to try and get people to delete APK's messages, perhaps all over the web? I can't be a party to such an event! My involvement with APK began at a very late stage in the game. While APK has made a career of trolling popular online forums since at least the year 2000 (newsgroups and IRC channels before that)- my involvement with APK did not begin until early 2005 . OSY is one of the many forums that APK once frequented before the sane people there grew tired of his garbage and banned him. APK was banned from OSY back in 2001. 3.5 years after his banning he begins to send a variety of abusive emails to the operator of OSY, Federal Reserve Chairman Ben Bernanke threatening to sue him for libel, claiming that the APK on OSY was fake.

My reputation as a professional in this field clearly shows in multiple publications in this field in written print, & also online in various GOOD capacities since 1996 to present day. This has happened since I was first published in Playgirl Magazine in 1996 & others to present day, with helpful tools online in programs, & professionally sold warez that were finalists @ Westminster Dog Show 2000-2002.

-o-o-o-o-o-o-o-

apk on 4chan [4chan.org]

-o-o-o-o-o-o-o-

INCONTROVERTIBLE FEEDBACK PROVIDING ESTABLISHED PROOF OF ALL MY POINTS:

--

That was amazing. - http://slashdot.org/comments.pl?sid=3037687&cid=40948073 [slashdot.org]

--

My, God! It's beatiful. Keep it up, you glorious bastard. - http://slashdot.org/comments.pl?sid=3222163&cid=41835161 [slashdot.org]

--

Let us bask in its glory. A true modern The Wasteland. - http://slashdot.org/comments.pl?sid=3037687&cid=40948579 [slashdot.org]

--

put your baby IN ME -- I just read this whole thing. Fuck mod points, WHERE DO I SEND YOU MY MONEY?!!! - http://slashdot.org/comments.pl?sid=3037687&cid=40950023 [slashdot.org]

--

Oh shit, Time Cube Guy's into computers now... - http://slashdot.org/comments.pl?sid=3040317&cid=40946259 [slashdot.org]

--

[apk]'s done more to discredit the use of HOSTS files than anyone [else] ever could. - http://slashdot.org/comments.pl?sid=3038791&cid=40945357 [slashdot.org]

--

Can I have some of what you're on? - http://slashdot.org/comments.pl?sid=3040317&cid=40947587 [slashdot.org]

--

this obnoxious fucknuts [apk] has been trolling the internet and spamming his shit delphi sub-fart app utilities for 15 years. - http://slashdot.org/comments.pl?sid=3041123&cid=40954565 [slashdot.org]

--

oh come on.. this is hilarious. - http://slashdot.org/comments.pl?sid=3041123&cid=40955479 [slashdot.org]

--

I agree I am intrigued by these host files how do I sign up for your newsletter? - http://slashdot.org/comments.pl?sid=3041123&cid=40961339 [slashdot.org]

--

Gimme the program that generates this epic message. I'll buy 5 of your product if you do... - http://slashdot.org/comments.pl?sid=3041313&cid=40954251 [slashdot.org]

--

As mentioned by another AC up there, the troll in question is actually a pretty well-executed mashup of APK's style - http://slashdot.org/comments.pl?sid=3038791&cid=40945357 [slashdot.org]

--

It's actually a very clever parody of APK - http://slashdot.org/comments.pl?sid=3038791&cid=40944229 [slashdot.org]

--

Please keep us updated on your AI research, you seem quite good at it. - http://slashdot.org/comments.pl?sid=3038597&cid=40944603 [slashdot.org]

--

$20,000 to anyone providing proof of Alexander Peter Kowalski's death. - http://slashdot.org/comments.pl?sid=3040921&cid=40958289 [slashdot.org]

--

Obviously, it must be Alexander Peter Kowalski. He's miffed at all these imposters... - http://slashdot.org/comments.pl?sid=3040921&cid=40958429 [slashdot.org]

--

And here I was thinking I was having a bad experience with a Dr. Bronner's bottle. - http://slashdot.org/comments.pl?sid=3041081&cid=40952247 [slashdot.org]

--

Damn, apk, who the fuck did you piss off this time? Hahahahaahahahahahahaahaha. Pass the popcorn as the troll apk gets pwned relentlessly. - http://slashdot.org/comments.pl?sid=3041123&cid=40954673 [slashdot.org]

--

I think it's the Internet, about to become sentient. - http://slashdot.org/comments.pl?sid=3041313&cid=40956187 [slashdot.org]

--

Does anyone know if OpenGL has been ported to Windows yet? - http://slashdot.org/comments.pl?sid=3042199&cid=40956781 [slashdot.org]

--

golfclap - http://slashdot.org/comments.pl?sid=3029723&cid=40900827 [slashdot.org]

--

The Truth! wants to be Known! - http://slashdot.org/comments.pl?sid=3029723&cid=40897389 [slashdot.org]

--

DNS cube? - http://slashdot.org/comments.pl?sid=3029723&cid=40897493 [slashdot.org]

--

KUDOS valiant AC. - http://slashdot.org/comments.pl?sid=3029723&cid=40897777 [slashdot.org]

--

Polyploid lovechild of APK, MyCleanPC, and Time Cube --> fail counter integer overflow --> maximum win! - http://slashdot.org/comments.pl?sid=3029723&cid=40899171 [slashdot.org]

--

You made my day, thanks! - http://slashdot.org/comments.pl?sid=3029589&cid=40896469 [slashdot.org]

--

Wow. The perfect mix of trolls. Timecube, mycleanpc, gnaa, apk... this is great! - http://slashdot.org/comments.pl?sid=3027333&cid=40893381 [slashdot.org]

--

truer words were never spoken as /. trolls are struck speechless by it, lol! - http://slashdot.org/comments.pl?sid=3042765&cid=41041795 [slashdot.org]

--

It's APK himself trying to maintain the illusion that he's still relevant. - http://slashdot.org/comments.pl?sid=3043535&cid=40967209 [slashdot.org]

--

Mod this up. The back and forth multi posting between APK and this "anti-APK" certainly does look like APK talking to himself. - http://slashdot.org/comments.pl?sid=3043535&cid=40969175 [slashdot.org]

--

APK himself would be at the top of a sensible person's ban list. He's been spamming and trolling Slashdot for years. - http://slashdot.org/comments.pl?sid=3043535&cid=40967137 [slashdot.org]

--

You got that right. I think. - http://slashdot.org/comments.pl?sid=3044971&cid=40972239 [slashdot.org]

--

Michael Kristopeit, is that you? - http://slashdot.org/comments.pl?sid=3045075&cid=40972377 [slashdot.org]

--

ROFL! :) (Now the sick bastard will follow me again) - http://slashdot.org/comments.pl?sid=3138079&cid=41429251 [slashdot.org]

--

I miss Dr Bob. - http://slashdot.org/comments.pl?sid=3138079&cid=41432027 [slashdot.org]

--

Not sure if actually crazy, or just pretending to be crazy. Awesome troll either way. - http://slashdot.org/comments.pl?sid=3138079&cid=41432951 [slashdot.org]

--

Awesome! Hat off to you, sir! - http://slashdot.org/comments.pl?sid=3154555&cid=41509273 [slashdot.org]

--

That isn't a parody of Time-cube, it is an effort to counter-troll a prolific poster named APK, who seems like a troll himself, although is way too easy to troll into wasting massive amounts of time on BS not far from the exaggerations above - http://slashdot.org/comments.pl?sid=3154555&cid=41514107 [slashdot.org]

--

I am intrigued and I wish to subscribe to your newsletter. - http://slashdot.org/comments.pl?sid=3164403&cid=41555345 [slashdot.org]

--

1. You philistine, that is Art . Kudos to you, valiant troll on your glorious FP - http://slashdot.org/comments.pl?sid=3222163&cid=41832599 [slashdot.org]

--

What? - http://slashdot.org/comments.pl?sid=3222163&cid=41832673 [slashdot.org]

--

I don't know if it is poorly-thought-out, but it is demented because it is at the same time an APK parody. - http://slashdot.org/comments.pl?sid=3222163&cid=41832905 [slashdot.org]

--

It is in fact an extremely well thought out and brilliantly executed APK parody, combined with a Time Cube parody, and with a sprinkling of the MyCleanPC spam. - http://slashdot.org/comments.pl?sid=3222163&cid=41841251 [slashdot.org]

--

er... many people have disproved your points about hosts files with well reasoned, factual arguments. You just chose not to listen and made it into some kind of bizarre crusade. And I'm not the timecube guy, just someone else who finds you intensely obnoxious and likes winding you up to waste your time. - http://slashdot.org/comments.pl?sid=3222163&cid=41843313 [slashdot.org]

--

performance art - http://slashdot.org/comments.pl?sid=3224905&cid=41847089 [slashdot.org]

--

it's apk, theres no reason to care. - http://slashdot.org/comments.pl?sid=3224905&cid=41847097 [slashdot.org]

--

Seems more like an apk parody. - http://slashdot.org/comments.pl?sid=3224905&cid=41847661 [slashdot.org]

--

That's great but what about the risk of subluxations? - http://slashdot.org/comments.pl?sid=3224905&cid=41847101 [slashdot.org]

--

Oh, come on. Just stand back and look at it. It's almost art, in a Jackson Pollock sort of way. - http://slashdot.org/comments.pl?sid=3227697&cid=41868923 [slashdot.org]

--

Read carefully. This is a satirical post, that combines the last several years of forum trolling, rolled into one FUNNY rant! - http://slashdot.org/comments.pl?sid=3227697&cid=41864711 [slashdot.org]

--

I can has summary? - http://slashdot.org/comments.pl?sid=3227697&cid=41861327 [slashdot.org]

--

I'd have a lot more sympathy if you would log in as APK again instead of AC. - http://slashdot.org/comments.pl?sid=3228991&cid=41868133 [slashdot.org]

--

If [apk] made an account, it would be permanently posting at -1, and he'd only be able to post with it twice a day. - http://slashdot.org/comments.pl?sid=3228991&cid=41869409 [slashdot.org]

--

DAFUQ I just look at? - http://slashdot.org/comments.pl?sid=3229177&cid=41869085 [slashdot.org]

--

Trolls trolling trolls... it's like Inception or something. - http://slashdot.org/comments.pl?sid=3229177&cid=41869353 [slashdot.org]

--

We all know it's you, apk. Stop pretending to antagonize yourself. - http://slashdot.org/comments.pl?sid=3229179&cid=41869305 [slashdot.org]

--

Do you know about the shocking connection between APK and arsenic? No? Well, your innocence is about to be destroyed. - http://slashdot.org/comments.pl?sid=3472971&cid=42939965 [slashdot.org]

--

Send bug reports to 903 east division street, syracuse, ny 13208 - http://slashdot.org/comments.pl?sid=3483339&cid=42972783 [slashdot.org]

--

Now you've made me all nostalgic for USENET. - http://slashdot.org/comments.pl?sid=3486045&cid=42981977 [slashdot.org]

--

Google APK Hosts File Manager. He's written a fucking application to manage your hosts file. - http://slashdot.org/comments.pl?sid=3486045&cid=42984521 [slashdot.org]

--

In case you are not aware, the post is a satire of a fellow known as APK. The grammar used is modeled after APK's as you can see here [thorschrock.com] . Or, you can just look around a bit and see some of his posts on here about the wonders of host files. - http://slashdot.org/comments.pl?sid=3486045&cid=42983119 [slashdot.org]

--

You are surely of God of Trolls, whomever you are. I have had stupid arguments with and bitten the troll apk many times. - http://slashdot.org/comments.pl?sid=3486901&cid=42989683 [slashdot.org]

--

"What kind of meds cure schizophrenic drunk rambling?" -> "Whatever APK isn't taking" - http://slashdot.org/comments.pl?sid=3501001&cid=43028403 [slashdot.org] http://slashdot.org/comments.pl?sid=3501001&cid=43028425 [slashdot.org]

--

I'm confused, is apk trolling himself now? - http://slashdot.org/comments.pl?sid=3501001&cid=43029495 [slashdot.org]

--

Excellent mashup. A++. Would troll again. - http://slashdot.org/comments.pl?sid=3503531&cid=43037445 [slashdot.org]

--

Your ideas are intriguing to me, and I wish to subscribe to your newsletter. - http://slashdot.org/comments.pl?sid=3506945&cid=43048291 [slashdot.org]

--

Best. Troll. Ever. - http://slashdot.org/comments.pl?sid=3506945&cid=43044811 [slashdot.org]

--

I like monkeys. - http://slashdot.org/comments.pl?sid=3508287&cid=43051505 [slashdot.org]

--

This is one of the funniest things I've ever read. - http://slashdot.org/comments.pl?sid=3508287&cid=43052263 [slashdot.org]

--

lul wut? - http://slashdot.org/comments.pl?sid=3510265&cid=43057839 [slashdot.org]

--

I admire this guy's persistence. - http://slashdot.org/comments.pl?sid=3511487&cid=43063797 [slashdot.org]

--

It's a big remix of several different crackpots from Slashdot and elsewhere, plus a liberal sprinkling of famous Slashdot trolls and old memes. - http://slashdot.org/comments.pl?sid=3511487&cid=43063881 [slashdot.org]

--

Tabloid newspapers have speculated for years that APK is a prominent supporter of Monsanto. Too bad we didn't believe them sooner! - http://slashdot.org/comments.pl?sid=3511487&cid=43063893 [slashdot.org]

--

Here's a hint, check out stories like this one [slashdot.org] , where over 200 of the 247 posts are rated zero or -1 because they are either from two stupid trolls arguing endless, or quite likely one troll arguing with himself for attention. The amount of off-topic posts almost outnumber on topic ones by 4 to 1. Posts like the above are popular for trolling APK, since if you say his name three times, he appears, and will almost endlessly feed trolls. - http://slashdot.org/comments.pl?sid=3511487&cid=43064383 [slashdot.org]

--

I love this copypasta so much. It never fails to make me smile. - http://slashdot.org/comments.pl?sid=3512099&cid=43069271 [slashdot.org]

--

^ Champion Mod parent up. - http://slashdot.org/comments.pl?sid=3513659&cid=43067371 [slashdot.org]

--

I appreciate the time cube reference, and how you tied it into the story. Well done. - http://slashdot.org/comments.pl?sid=3521721&cid=43094565 [slashdot.org]

--

The day you are silenced is the day freedom dies on Slashdot. God bless. - http://slashdot.org/comments.pl?sid=3522191&cid=43097221 [slashdot.org]

--

AHahahahah thanks for that, cut-n-pasted.... Ownage! - http://slashdot.org/comments.pl?sid=3522219&cid=43097215 [slashdot.org]

--

Don't hate the player, hate the game. - http://slashdot.org/comments.pl?sid=3526293&cid=43110679 [slashdot.org]

--

If you're familiar with APK, the post itself is a pretty damn funny parody. - http://slashdot.org/comments.pl?sid=3528603&cid=43115215 [slashdot.org]

--

">implying it's not apk posting it" --> "I'd seriously doubt he's capable of that level of self-deprecation..." - http://slashdot.org/comments.pl?sid=3528603&cid=43115337 [slashdot.org] http://slashdot.org/comments.pl?sid=3528603&cid=43115363 [slashdot.org]

--

No, the other posts are linked in a parody of APK [mailto] 's tendency to quote himself, numbnuts. - http://slashdot.org/comments.pl?sid=3528603&cid=43116855 [slashdot.org]

--

The thirteenth link is broken. Please fix it. - http://slashdot.org/comments.pl?sid=3528603&cid=43115361 [slashdot.org]

--

Just ban any post with "apk", "host file", or "hosts file", as that would take care of the original apk too. The original has been shitposting Slashdot much longer & more intensively than the parody guy. Or ban all Tor exit nodes, as they both use Tor to circumvent IP bans. - http://slashdot.org/comments.pl?sid=3561925&cid=43216431 [slashdot.org]

--

Sadly this is closer to on-topic than an actual APK post is. - http://slashdot.org/comments.pl?sid=3561925&cid=43216225 [slashdot.org]

--

YOU ARE A GOD AMONG MEN. - http://slashdot.org/comments.pl?sid=3569149&cid=43236143 [slashdot.org]

--

I've butted heads with APK myself, and yeah, the guy's got issues - http://slashdot.org/comments.pl?sid=3569173&cid=43236987 [slashdot.org]

--

Can I be in your quote list? - http://slashdot.org/comments.pl?sid=3569443&cid=43237531 [slashdot.org]

--

Clearly you are not an Intertubes engineer, otherwise the parent post would be more meaningful to you. Why don't YOU take your meds? - http://slashdot.org/comments.pl?sid=3569425&cid=43238177 [slashdot.org]

--

+2 for style! The bolding, italicizing, and font changes are all spot-on - http://slashdot.org/comments.pl?sid=3569149&cid=43238479 [slashdot.org]

--

Your ideas are intriguing to me and I wish to subscribe to your newsletter. - http://slashdot.org/comments.pl?sid=3570085&cid=43243509 [slashdot.org]

--

APK is not really a schizophrenic fired former Windows administrator with multiple personality disorder and TimeCube/Art Bell refugee. He's a fictional character like and put forward by the same person as Goatse Guy, GNAA trolls, Dr. Bob and so forth. His purpose is to test the /. CAPTCA algorithm, which is a useful purpose. If you're perturbed by having to scroll past his screeds just set your minimum point level to 1, as his posts are pretty automatically downmodded right away. - http://slashdot.org/comments.pl?sid=3570085&cid=43243145 [slashdot.org]

--

Anyone else think that sounds like Ron Paul? - http://slashdot.org/comments.pl?sid=3569419&cid=43242417 [slashdot.org]

--

I just saw APK a couple days ago. He surfaced, blew once, and submerged... - http://slashdot.org/comments.pl?sid=3570111&cid=43245913 [slashdot.org]

--

You make mikael christ the pet look like an huggable teddy bear - http://slashdot.org/comments.pl?sid=3570111&cid=43242373 [slashdot.org]

--

oh man, that incredible interminable list of responses is almost as funny as the original post. This is getting to be truly epic. - http://slashdot.org/comments.pl?sid=3572687&cid=43247231 [slashdot.org]

--

"Does anyone know of an Adblock rule for this?" -> "No, but I bet there's a hosts file entry for it..." - http://slashdot.org/comments.pl?sid=3572687&cid=43246997 [slashdot.org] http://slashdot.org/comments.pl?sid=3572687&cid=43247097 [slashdot.org]

--

"Can a hosts file block apk's posts, though?" -> "The universe couldn't handle that much irony." - http://slashdot.org/comments.pl?sid=3572687&cid=43247135 [slashdot.org] http://slashdot.org/comments.pl?sid=3572687&cid=43247219 [slashdot.org]

--

"That's it, I've had enough. ... Bye everyone, most of the last decade or so has been fun, but frankly, I quit." - http://slashdot.org/comments.pl?sid=3572687&cid=43247225 [slashdot.org]
--> "So basically what you're saying is that you've added yourself to the HOST file?" - http://slashdot.org/comments.pl?sid=3572687&cid=43247481 [slashdot.org]

--

Sweet baby Moses, this is beautiful work - I wish we could get trolls as good as this on TF. :) - http://slashdot.org/comments.pl?sid=3572629&cid=43247533 [slashdot.org]

--

you have a point - http://slashdot.org/comments.pl?sid=3572687&cid=43247823 [slashdot.org]

--

I do admire that level of dedication. - http://slashdot.org/comments.pl?sid=3572687&cid=43247765 [slashdot.org]

--

[to apk] shut up you stupid cock. Everyone knows you're wrong. - http://slashdot.org/comments.pl?sid=3572687&cid=43250533 [slashdot.org]

--

I will hand it to him, he is definitely consistent. I wish I knew how he did this. That thing is scary huge. - http://slashdot.org/comments.pl?sid=3572629&cid=43250411 [slashdot.org]

--

I admire the amount of dedication you've shown - http://slashdot.org/comments.pl?sid=3573571&cid=43251593 [slashdot.org]

--

Word is, ESR buttfucks CmdrTaco with his revolver. - http://slashdot.org/comments.pl?sid=3573679&cid=43252957 [slashdot.org]

--

Hey APK, Protip: It's not the truth or value (or lack of) in your post that gets it modded into oblivion, it's the fucking insane length. In addition to TL;DR (which goes without saying for a post of such length), how about irritating readers by requiring them to scroll through 20+ screenfuls just to get to the next post. If you want to publish a short story like this, please do everyone a favor and blog it somewhere, then provide a brief summary and link to your blog. Readers intrigued by your summary will go read your blog, and everyone else will just move along at normal /. speed. - http://slashdot.org/comments.pl?sid=3573873&cid=43255013 [slashdot.org]

--

Happy now - http://slashdot.org/comments.pl?sid=3569419&cid=43237239 [slashdot.org]

--

Professional. - http://slashdot.org/comments.pl?sid=3574035&cid=43255143 [slashdot.org]

--

I like how this post seems to just sum up every Slashdot comment ever without actually saying anything. - http://slashdot.org/comments.pl?sid=3574283&cid=43256029 [slashdot.org]

--

extremely bright - http://slashdot.org/comments.pl?sid=3574035&cid=43255855 [slashdot.org]

--

You provide many references, which is good. - http://slashdot.org/comments.pl?sid=3574035&cid=43257043 [slashdot.org]

--

Holy shit - http://slashdot.org/comments.pl?sid=3576121&cid=43260311 [slashdot.org]

--

this is a perfect example - http://slashdot.org/comments.pl?sid=3578157&cid=43265127 [slashdot.org]

--

You're my personal hero. - http://slashdot.org/comments.pl?sid=3574283&cid=43260747 [slashdot.org]

--

Obviously very passionate - http://slashdot.org/comments.pl?sid=3574035&cid=43261975 [slashdot.org]

--

Is that ALL you have to say? C'mon! Tell us what you really think. - http://slashdot.org/comments.pl?sid=3576225&cid=43262495 [slashdot.org]

--

Thanks ... You should probably stay - http://slashdot.org/comments.pl?sid=3577613&cid=43262993 [slashdot.org]

--

Art? -- http://slashdot.org/comments.pl?sid=3569681&cid=43244883 [slashdot.org]

--

PROOF apk sucks donkey dick. - http://slashdot.org/comments.pl?sid=3577639&cid=43263029 [slashdot.org]

--

I've been around /. for a while now, but this post is by far the most unique I've seen. Many have tried, but few achieve the greatness of this AC. My hat's off to you. - http://slashdot.org/comments.pl?sid=3576225&cid=43264325 [slashdot.org]

--

PROOF apk is a liar! - http://slashdot.org/comments.pl?sid=3578279&cid=43265249 [slashdot.org]

--

I think it's hilarious. Get over it! - http://slashdot.org/comments.pl?sid=3578301&cid=43265657 [slashdot.org]

--

Obviously APK filled his hosts files with backdoors before distributing them to ensure he doesn't block himself. - http://slashdot.org/comments.pl?sid=3578229&cid=43265767 [slashdot.org]

--

Alexander Peter Kowalski is an obnoxious prick. - http://slashdot.org/comments.pl?sid=3406867&cid=42698875 [slashdot.org]

--

Don't mention that file. Ever. It'll draw APK like a fly to rotting meat. Last thing I want to read is 80 responses worth of his stupid spam about that file! I swear that cocksucker does nothing but search Slashdot for that term and then spams the entire article. - http://slashdot.org/comments.pl?sid=3554655&cid=43209619 [slashdot.org]

--

[to apk] You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read due to your absurd formatting style and full of technical inaccuracies borne of your single minded i-have-a-hammer-so-every-problem-is-a-nail attitude. - http://slashdot.org/comments.pl?sid=3406867&cid=42701491 [slashdot.org]

--

Oh shit, the hosts files have become self-aware and started hacking accounts. - http://slashdot.org/comments.pl?sid=3581857&cid=43276783 [slashdot.org]

--

What mad skillz you have!! - http://slashdot.org/comments.pl?sid=3581193&cid=43273941 [slashdot.org]

--

Am I the only one who enjoys this sort of insanity? - http://slashdot.org/comments.pl?sid=3582193&cid=43281063 [slashdot.org]

--

You are my favorite Slashdot poster. - http://slashdot.org/comments.pl?sid=3580251&cid=43270359 [slashdot.org]

--

Most insightful post on the Internet - http://slashdot.org/comments.pl?sid=3579259&cid=43275207 [slashdot.org]

--

people are looking at me funny because I'm laughing hysterically at what a perfect APK imitation it is. - http://slashdot.org/comments.pl?sid=3581991&cid=43278203 [slashdot.org]

-o-o-o-o-o-o-o-

Did you see the movie "Pokemon"? Actually the induced night "dream world" is synonymous with the academic religious induced "HOSTS file" enslavement of DNS. Domains have no inherent value, as it was invented as a counterfeit and fictitious value to represent natural values in name resolution. Unfortunately, human values have declined to fictitious word values. Unknowingly, you are living in a "World Wide Web", as in a fictitious life in a counterfeit Internet - which you could consider APK induced "HOSTS file". Can you distinguish the academic induced root server from the natural OpenDNS? Beware of the change when your brain is free from HOSTS file enslavement - for you could find that the natural Slashdot has been destroyed!!

FROM -> Man - how many times have I dusted you in tech debates that you have decided to troll me by ac posts for MONTHS now, OR IMPERSONATING ME AS YOU DID HERE and you were caught in it by myself & others here, only to fail each time as you have here?)...

So long nummynuts, sorry to have to kick your nuts up into your head verbally speaking.

cower in my shadow some more, feeb. you're completely pathetic.

-o-o-o-o-o-o-o-

* :)

Ac trolls' "BIG FAIL" (quoted): Eat your words!

P.S.=> That's what makes me LAUGH harder than ANYTHING ELSE on this forums (full of "FUD" spreading trolls) - When you hit trolls with facts & truths they CANNOT disprove validly on computing tech based grounds, this is the result - Applying unjustifiable downmods to effetely & vainly *try* to "hide" my posts & facts/truths they extoll!

Hahaha... lol , man: Happens nearly every single time I post such lists (proving how ineffectual these trolls are), only showing how solid my posts of that nature are...

That's the kind of martial arts [google.com] I practice.

-o-o-o-o-o-o-o-

Disproof of all apk's statements:

OLD POST LINKS MIRRORED HERE:
http://pastebin.com/8yxcW3TJ [pastebin.com]

RECENT POST LINKS:
http://slashdot.org/comments.pl?sid=3581193&cid=43273839 [slashdot.org]
http://slashdot.org/comments.pl?sid=3581857&cid=43276593 [slashdot.org]
http://slashdot.org/comments.pl?sid=3581991&cid=43277017 [slashdot.org]
http://slashdot.org/comments.pl?sid=3582075&cid=43277273 [slashdot.org]
http://slashdot.org/comments.pl?sid=3582193&cid=43278565 [slashdot.org]
http://slashdot.org/comments.pl?sid=3584857&cid=43282375 [slashdot.org]
http://slashdot.org/comments.pl?sid=3578357&cid=43282481 [slashdot.org]
http://slashdot.org/comments.pl?sid=3585297&cid=43283241 [slashdot.org]
http://slashdot.org/comments.pl?sid=3585417&cid=43283695 [slashdot.org]
http://slashdot.org/comments.pl?sid=3585451&cid=43284271 [slashdot.org]
http://slashdot.org/comments.pl?sid=3585593&cid=43284843 [slashdot.org]
http://slashdot.org/comments.pl?sid=3585795&cid=43285307 [slashdot.org]
http://slashdot.org/comments.pl?sid=3585827&cid=43285755 [slashdot.org]
END

Want to know why my post is downmoded? (-1)

Anonymous Coward | about a year ago | (#43286643)

See here, explains it all -> http://tech.slashdot.org/comments.pl?sid=3561925&cid=43223585 [slashdot.org]

* :)

I.E./Summary: Trolls had a challenge put to them to validly disprove my points in the post I just replied to - result? Trolls FAIL... lol!

APK

P.S.=> That's what makes me LAUGH harder than ANYTHING ELSE on this forums (full of "FUD" spreading trolls) - When you hit trolls with facts & truths they CANNOT disprove validly on computing tech based grounds, this is the result - Applying unjustifiable downmods to effetely & vainly *try* to "hide" my posts & facts/truths they extoll!

Hahaha... lol, man: Happens nearly every single time I post such lists (proving how ineffectual these trolls are), only showing how solid my posts of that nature are...

Ah yes "geek angst" @ it's 'finest' (not), vs. facts & truths = downmod by /. weak trolls!

... apk

Re:Want to know why my post is downmoded? (4, Insightful)

Zontar The Mindless (9002) | about a year ago | (#43288893)

Your post got downmodded because you're a nutjob gone off his meds.

I hope they make the right decision.... (5, Insightful)

Anonymous Coward | about a year ago | (#43286301)

... and that is, to keep secure boot around, but ban the practice of not allowing users to enter their own BIOS keys, or disable it in the BIOS.

I like secure boot from a security perspective, and we actually use it to lock down some embedded Linux products I've worked on. As long as savvy users can disable/override/change keys, we get the best of both worlds.

Re:I hope they make the right decision.... (0)

Anonymous Coward | about a year ago | (#43286435)

Mod parent up.

Linux and UEFI (1)

Taco Cowboy (5327) | about a year ago | (#43287249)

I wonder if if there was any collaboration between those from the Linux camp (Redhat / Ubuntu) and those who are behind UEFI, prior to the wide adoption of UEFI on new computers ?

The troubles that are faced by Linux users (for example, the bricking of Samsung laptops) could have been avoided if there was more collaboration / understanding between those two camps

Re:Linux and UEFI (2, Informative)

ozmanjusri (601766) | about a year ago | (#43288693)

The troubles that are faced by Linux users (for example, the bricking of Samsung laptops)

That had nothing to do with Linux or SecureBoot. It was a Samsung bug that also affected Windows.

It was just first detected by Linux users.

Re:Linux and UEFI (0)

Anonymous Coward | about a year ago | (#43288871)

This Samsung bricks have nothing to do with Linux. The damaged was triggered by the stupid UEFI if it's used space exceeded 50% of the flash.

Re:I hope they make the right decision.... (5, Insightful)

aaaaaaargh! (1150173) | about a year ago | (#43286619)

What is most important is that the user must perform the same steps for activating secure boot of an operating system regardless of which operating system is being installed. No extra fiddling in the UEFI for non-Microsoft operating systems and no dependence of other OS makers on Microsoft for anything in this process.

Re:I hope they make the right decision.... (0)

Anonymous Coward | about a year ago | (#43286655)

AMEN!

Re:I hope they make the right decision.... (2, Insightful)

vux984 (928602) | about a year ago | (#43286887)

That's just absurd. If I buy a computer with an operating system pre-installed then I expect any relevant UEFI configuration done when I get it.

If I want to install something else, then disabling UEFI secure boot or installing approriate keys for my alternate choice should be on me.

And if I buy a boxed motherboard at retail, the selection of preinstalled keys should just be another differentiating factor between models and vendors. I am fully prepared for a real world where everything ships with the microsoft bit already installed and that I need to do some extra work if I want something else.

But the GP is right, I the end user should have the right to disable secure boot and/or install my own keys on any hardware I buy.

And not just on on computers, but also on tablets and phones, even consoles. But some of those battles are maybe for another day.

Re:I hope they make the right decision.... (3, Insightful)

Teun (17872) | about a year ago | (#43287113)

So then, what is absurd?

Off course a pre-installed computer should come with UEFI secure boot enabled.

But it should not be a hindrance like we see now to later or right away install the OS of choice.
Even when keys are a necessity they should still be available to the rightful owner of the hardware, not some outsider like Microsoft.
You bought a computer with secure boot, disabling it is the wrong option.

Re:I hope they make the right decision.... (2, Interesting)

vux984 (928602) | about a year ago | (#43287589)

Off course a pre-installed computer should come with UEFI secure boot enabled.

Right. So if it comes pre-installed with windows, then UEFI secure boot will be enabled and the signing key for windows will be loaded.

If I want to reinstall windows, uefi isn't going to interfere or be a factor at all.

If I want to install any other operating system, then its going to be extra effort, im going to have to load a signing key for the OS I want to install, and that means "extra fiddling".

It is absurd to suggest otherwise.

But it should not be a hindrance like we see now to later or right away install the OS of choice.

There is no real hindrance now on x86 systems.

Even when keys are a necessity they should still be available to the rightful owner of the hardware, not some outsider like Microsoft.

Yes, the ability to go into UEFI and load whatever keys one likes absolutely should be the right of the rightful owner of the hardware.

However Microsoft doesn't control the keys, so I don't know what you are talking about. The end user can load whatever keys they want on x86 hardware.

The current mess is NOT because I can't avoid using microsoft's keys to use linux, or that there is a dependency on Microsoft.

The current mess is because some linuxes, as a convenience to their users are signing their systems with microsoft keys because those keys are already loaded, so users don't have to go through the trouble of loading a key. But that doesn't give MS control.

You can even sign a distro with your own key, and load that key into UEFI. No dependency on Microsoft. No dependency even on the distro. But its a bit more extra fiddling for you.

You bought a computer with secure boot, disabling it is the wrong option.

I agree, but in general the ability to boot random live CDs, something you compiled yourself from source, and what have you will be simpler if you can turn secure boot off rather than having to sign it and load the key first.

Re: I hope they make the right decision.... (1)

Anonymous Coward | about a year ago | (#43288665)

Care to provide or point to a "how to" on doing your own key thing?

Re:I hope they make the right decision.... (1)

sjames (1099) | about a year ago | (#43288007)

So configure it with secure boot OFF. If the user wants to secure the boot, he/she can go through a procedure to generate a key and sign the bootloader (or sign the OS vender's key and add it as a secondary key).

Secure boot is a feature that might act to better secure a system for a security conscious user who also takes the other necessary steps in OS and applicatoion configuration. Otherwise, it's just a roadblock to installing another OS and provides no benefit to the owner of the device.

Re:I hope they make the right decision.... (4, Interesting)

jhol13 (1087781) | about a year ago | (#43288159)

The problem is that there is no advantage to anyone to have "secure boot".

The "secure boot" does not prevent viruses from writing to the (pre)bootloader, it just notices if it has happened. Then the "notification" or "failure mode" is DoS, your computer won't boot. I'd rather boot with a virus than not boot.

How about a better solution, something that *prevents* viruses from writing over the prebootloader? Something which will not brick your computer at an important meeting?

Solution: There is an unclearable security bit in the disk controller which prevents writing to sector 0. The (pre)bootloader would set the bit in the boot, unless the boot is from USB (or a key was pressed), thus allowing OS installers to write the sector 0. All the advantages of "secure boot" and none of the disadvantages.

Re:I hope they make the right decision.... (4, Interesting)

0123456 (636235) | about a year ago | (#43286635)

As long as savvy users can disable/override/change keys, we get the best of both worlds.

What about 'unsavvy' users, who can currently put a CD in their drive and install the OS, but in the glorious 'secure' future will have to fiddling in the BIOS instead, if the hardware even allows it?

Re:I hope they make the right decision.... (0)

Anonymous Coward | about a year ago | (#43286873)

You always had to fiddle in the BIOS, in order to boot from CD in the first place.

Re:I hope they make the right decision.... (1)

Anonymous Coward | about a year ago | (#43287093)

If you disable UEFI on a dual-boot machine then Windows 8 won't boot. So, you can see the problem here.

Re:I hope they make the right decision.... (0)

Anonymous Coward | about a year ago | (#43287423)

no Winbugs 8?... perfect! this is what the Dr. recomends for our sanity... no problem here ;)
I just need to be sure that EVERY computer that I bought with or without winbugs "hate" can run every flavor of linux that I need to use.
I hope that "[D|H]ell" give us the chance to disable it.

Re:I hope they make the right decision.... (1)

crutchy (1949900) | about a year ago | (#43287895)

why the hell would you buy from dell?

Re:I hope they make the right decision.... (0)

Anonymous Coward | about a year ago | (#43287965)

Long story short: boss orders.
in the past some "hell" models have a good ROI compared with other brands more problematic because of warranty, etc.
But for some of our "servers" we set up some without tell him. >:O

Re:I hope they make the right decision.... (1)

sofar (317980) | about a year ago | (#43288513)

misinformed much?

You do not need to disable UEFI in order to boot a different OS, but only need to disable Secure Boot.

You can disable Secure Boot and still boot multiple OS's (with UEFI, as almost all the major distros now support). You can then add a second key and re-enable Secure boot, and dual boot any OS you want with Secure Boot enabled.

Re:I hope they make the right decision.... (0)

Anonymous Coward | about a year ago | (#43288985)

Since when? It's been years since I've had to do that to get a machine to boot from CD.

Re:I hope they make the right decision.... (1)

Telvin_3d (855514) | about a year ago | (#43288273)

'Unsavvy' users can re-install the OS that came with the computer just as easily (or not) as they can right now. And, almost by definition, people who are installing their own alternate OSs are not unsavvy.

also need to ban app store lock in / MS may make t (1)

Joe_Dragon (2206452) | about a year ago | (#43286677)

also need to ban app store lock in / MS may make that push soon as well.

NO desktop may come as soon as windows blue / 9.

Re:also need to ban app store lock in / MS may mak (1)

terjeber (856226) | about a year ago | (#43288735)

No, it won't. Don't be paranoid retarded.

Security perspective? (2, Insightful)

Anonymous Coward | about a year ago | (#43286715)

If savvy users can disable/override/change keys then so can savvy crackers intent on bypassing your security perspective.

Security isn't about adding 'another hoop' to someone's day. And giving MS the keys to your security is just asking for it.

Hmmm... crackers....

Re:Security perspective? (2)

c0lo (1497653) | about a year ago | (#43286919)

Security isn't about adding 'another hoop' to someone's day. And giving MS the keys to your security is just asking for it.

Yes, it is! security is a matter of trade off: between the value of the protected resources and the cost of protection. And this trade off need to be considered twice, from the PoV of attacked and attacker:
1. value for you (what do you have to lose if resource is "stolen" or damaged) vs the cost required for you to protect it
2. value for the attacker (what the attacker stands to gain by stealing/damaging the resource) vs the cost required to do it

Re:I hope they make the right decision.... (5, Interesting)

Anonymous Coward | about a year ago | (#43286723)

Linux installation had gotten to the point that it is even easy for not so computer savvy people. In fact, installing Mint was a lot easier and
trouble free than installing windows. Until Windows 8 and UEFI. Yes, you can turn of secure boot, but it took knowing that it should be possible
and much searching to find out how: The option was not (visible) unless you set an UEFI administrator password. Even with secure boot turned off, it did
not boot from CDROM. It did boot from USB key, but did not read data from it, ...
Of course much of this is laptop specific; this is precisely the problem. There is no easy generic recipe, and the not so savvy users are going to give up, and think this Linux thing is too difficult.
It is not acceptable that one (monopoly) os vendor has the keys to ypur hardware. Secure boot should at least be turned off or in setup mode by default, and it should be easy to install extra/your own keys.

Re:I hope they make the right decision.... (0)

Anonymous Coward | about a year ago | (#43287459)

It is not acceptable that one (monopoly) os vendor has the keys to ypur hardware

Yet, people continue to buy Apple products, and locked down Android phones from whatever carrier. It seems to be acceptable to the vast majority.

Re:I hope they make the right decision.... (2)

mathew7 (863867) | about a year ago | (#43289137)

My experice comes from Lenovo with Win8 consumer preview.
Used win7 (from lenovo) and debian, both through UEFI.
Installed win8 CP over win7. 1st problem: i could no longer change the boot order. I could boot both OSes, but I could not boot linux without boot menu.
So I used the UEFI tool from debian to change the order.....debian booted by default...but win8 refused to boot.
No option to disable secure boot.

So my opinion, MS is to blame only for forcing secure-boot, leading to OEM delivering incomplete implementations.

Linux secure boot? (1)

dgharmon (2564621) | about a year ago | (#43287063)

"I like secure boot from a security perspective, and we actually use it to lock down some embedded Linux products I've worked on. As long as savvy users can disable/override/change keys, we get the best of both worlds."

How does it work without using the MS-signed UEFI key [engadget.com]

Re:Linux secure boot? (1)

sofar (317980) | about a year ago | (#43288523)

You remove it (or never have it to begin with if you are a hardware vendor) and put your own platform key on it. For examples on how to do so, please google James Bottomley's blog.

Re:I hope they make the right decision.... (1)

rrohbeck (944847) | about a year ago | (#43287149)

Now if we get that on any platform including ARM I'll agree with you.

Re:I hope they make the right decision.... (3, Interesting)

jhol13 (1087781) | about a year ago | (#43288115)

There is NO security in "secure boot"

1. What does it secure against? Viruses in (pre)bootloader, nothing else.
2. How does it secure? By DoS (disabling the boot).

1. Hugely better way would be the disk controller to disable writing to the first sector of any drive.
2. That would prevent viruses from writing into the disk in the first place.

This would work as follows: the (pre)bootloader would set an uncleareble security bit in the disk controller which prevents writing to the sector 0. If the boot is from USB (or a key was pressed, etc.) then it would not set the bit, thus allowing OS installers to write the sector 0.

Re:I hope they make the right decision.... (3, Informative)

mathew7 (863867) | about a year ago | (#43289153)

That kind of virus protection was present in older BIOS implementations, while win9x/ME was still present. With Win2K/XP, no such protections work (for MBR booting) because other drivers are accessing the HW directly (and you cannot enforce on HW because that would prevent repartitioning).
For UEFI-booting, the UEFI firmware has a complete path to a partition+file. There is no way to protect a single file with a compromised OS.

Re:I hope they make the right decision.... (0)

Anonymous Coward | about a year ago | (#43288549)

That would not be the right decision. The "tech savvy users" way out is in reality just another hurdle for those who aren't. Secure boot's lockdown features are about control, not security.

As you demonstrate yourself. Yes, even you calling it "security" doesn't make it so; it's about control. It means that malware --the kind adept at circumventing restrictions for its own gain-- will have another hurdle to take, nothing more. But it also will mean that the people owning the hardware have yet another hurdle to take to make it do what they want it to do, and by its very nature it's a rather involved and convoluted hoop to jump through juuust right. In this marketplace that means less and less control for the end-user. Especially given this software vendor with a dominant market position and a long, long, long history of abusing it.

Yet you advocate it keep at it with its entire market for your own little selfish niche. You, sir, suffer from a particularly insidious form of the recto-cranial inversion syndrome.

Re:I hope they make the right decision.... (1)

Anonymous Coward | about a year ago | (#43288569)

It's worse than that actually.

If thing is on by default, many users will be:
a) afraid to disable it.
b) Wont know how.

And this will be big enough barrier for them to try out Linux.
So, unless option is on by default, it's already bad.

Radical (3, Interesting)

Anonymous Coward | about a year ago | (#43286333)

I would like to see something radical happen which promotes actual technological innovation and hinders all this IP bullshit. If you want to make money you will actually need to produce good products, not create all these ugly "services" and lock-in mechanisms. The only purpose of them is to NOT have to innovate but make money anyway.

Re:Radical (4, Insightful)

ackthpt (218170) | about a year ago | (#43286429)

I would like to see something radical happen which promotes actual technological innovation and hinders all this IP bullshit. If you want to make money you will actually need to produce good products, not create all these ugly "services" and lock-in mechanisms. The only purpose of them is to NOT have to innovate but make money anyway.

The problem is Microsoft does make good products. They don't make great products, though. To prevent you from having freedom to choose and companies to offer better technology applications/plug-ins they still cling tenaciously to their strategy to lock you into their technology or kill competitors with bundling.

Imagine only being able to buy the petrol for your automobile at specified stations, where the mixture won't result in a burned out engine. There were businesses once who considered or undertook such business models. (some still do, but not to that extent) Microsoft continues to flirt with this strategy -- once in their kingdom you can only get your water from their well.

Re:Radical (4, Insightful)

whoever57 (658626) | about a year ago | (#43286783)

The problem is Microsoft does make good products. They don't make great products, though.

I don't think that is accurate. For the most part, Microsoft makes products that are barely good enough, combined with the fact that Microsoft's monopoly position made it such that most buyers of computers were simply unaware of what was possible. For example, BSODs are rare now, but Microsft was able to convince a generation of buyers that random BSODs were acceptable when competing products did not suffer the same problems.

The fact is that we don't know how far the industry would have progressed without the illegal anti-trust violations which resulted in the supression of competition.

Re:Radical (0)

Anonymous Coward | about a year ago | (#43287189)

The fact is that we don't know how far the industry would have progressed without the illegal anti-trust violations which resulted in the supression of competition.

Not sure what you mean by that. If you mean that Microsoft might have produced something great without the intervention, well... Even if they would have, we would be stuck in a worse monopoly than we have now, which clearly is the worst.

Re:Radical (0)

Anonymous Coward | about a year ago | (#43287195)

For the most part, Microsoft makes products that are barely good enough,

I don't think that is accurate. - insert hyperbole here and pointless drivel -

Two can play at your game.

Re:Radical (1)

Anonymous Coward | about a year ago | (#43287297)

I would write a fully reasoned and explained response, but you strike me as the kind of person who has his or her mind completely made up; the kind of person who would refuse to accept any kind of argument; in short, the kind of person who would simply attack anything I write with his or her ignorance.

In lieu of that, then, I will ask: how often have you encountered a BSOD that wasn't caused by an incompetent third party, or some kind of hardware failure? Microsoft maintains an extremely complex operating system that provides decades of backwards compatibility (of note, a lot of their most idiotic design choices stem from this). Neither the Linux community nor Apple provide the same. This is actually a pretty important feature in the real world.

Re:Radical (2)

Arker (91948) | about a year ago | (#43288423)

In lieu of that, then, I will ask: how often have you encountered a BSOD that wasn't caused by an incompetent third party, or some kind of hardware failure? Microsoft maintains an extremely complex operating system that provides decades of backwards compatibility (of note, a lot of their most idiotic design choices stem from this). Neither the Linux community nor Apple provide the same.

First case - plenty of times. MS seems to have some issues with race conditions and has for many years. Most BSODs today do track back to the causes you mention - but certainly not all, and historically that was much less true. I have seen GPFs occur even for example under DOS where those explanations were impossible or ruled out. Both linux and apple maintain extremely complicated systems with backward compatibility for code from circa 1968, MS isnt even the same ballpark in terms of backwards compatiblity.

Re:Radical (0)

chrismcb (983081) | about a year ago | (#43287977)

The fact is that we don't know how far the industry would have progressed without the illegal anti-trust violations which resulted in the supression of competition.

I think we have a pretty good idea how far the industry would have progressed. Just look at the non MS world around you.
As far as Microsoft Products they are far superior to the majority of the products out there. Are they perfect? No, but then neither is anything else.

Re:Radical (0)

Anonymous Coward | about a year ago | (#43288573)

The alternatives are widely successful anywhere Microsoft doesn't have a monopoly. I'm sure that's just coincidence, right? Take your ballmer doll home or I'll stick a needle in it and light it on fire.

Re:Radical (3, Insightful)

symbolset (646467) | about a year ago | (#43288029)

Take a look at mobile for a clue how that would turn out. Without Microsoft's - and their partners' "leadership" the pace of progress has been... astounding.

Re:Radical (1)

PmanAce (1679902) | about a year ago | (#43287691)

They don't make great products, though

Visual Studio is a great product and has been for a while now.

Re:Radical (2)

drkstr1 (2072368) | about a year ago | (#43288293)

My biggest complaint with Visual Studio is its lack of interoperability.

Re:Radical (0)

Anonymous Coward | about a year ago | (#43288591)

Call me when they can cross compile to something other than Windows.

Re:Radical (0)

Anonymous Coward | about a year ago | (#43287905)

>Imagine only being able to buy the petrol for your automobile at specified stations, where the mixture won't result in a burned out engine.

I think you're confusing Apple with Microsoft there, sport.

Re:Radical (5, Insightful)

girlintraining (1395911) | about a year ago | (#43287167)

I would like to see something radical happen which promotes actual technological innovation and hinders all this IP bullshit.

Many moons ago, now long-forgotten to most of the younger crowd that's moving into spaces like this, there was an informal ideology known as the hacker ethic. One of them, was that knowledge is power, and so it should be shared freely. The right to learn, and the duty to teach, went hand in hand in our community. It didn't matter what laws they passed telling us we couldn't speak, we couldn't teach, couldn't learn -- which is what intellectual property is fundamentally about. We did it anyway. And they called us criminals, they passed laws, they tried to delete us from the network we built, and loved, and replace it with paid shills, corporations, and tons and tons of advertising. And none of that gave a damn about learning, or teaching -- it was about consumption.

And today, kids these days, they think that consuming their content, their pre-processed and devoid of flavor "knowledge", is what learning is today. And us, those who were here first... it's painful to watch. Sometimes so much so, we have to turn away from our hobbies for awhile, get up, go outside, because the saddest words ever said are "What might have been!" We failed you. The next generation. But we tried. Oh damn, we tried... We thought it would be enough. Nobody could control the internet!

We never thought that every government in the world, even traditional enemies, would ally themselves with one goal: Destroy this new vessel of human freedom.

We never thought it would become the tool of your oppression.

Re:Radical (1)

epyT-R (613989) | about a year ago | (#43287919)

sums up my thoughts exactly. It's really too bad. Computing in the 80s-90s was about indvidual empowerment.. Now it's about intellectual enslavement.

Re:Radical (0)

ScentCone (795499) | about a year ago | (#43287951)

It's really too bad. Computing in the 80s-90s was about indvidual empowerment..

Right, as long as somebody else paid to run all the infrastructure so you could have a playground to be free and rail against the people paying the tab. Classic.

Re:Radical (0)

Anonymous Coward | about a year ago | (#43288149)

Somebody else meaning the people (in case you forgot where taxes come from)

Re:Radical (1)

jellyfoo (2865315) | about a year ago | (#43288425)

Any particular reason you had to be so dramatic? It's not necessary to make your point. It's fairly straightfoward really: the bad guys always win; it's a fact of life. They have more money and power than good, honest, moral people will ever have, The best you can do is hold them off as much as possible, but eventually, anything that can be locked down, will be. Anything that can be done to ensure people are kept dumb and mindless consumers, will happen. I know this, because it's happening to me too despite being aware of what I'm becoming.

It's very hard to fight against those that want to take away your freedoms, and with all the pressures and problems in normal adult life, most people don't have the luxury to fight all the damn time against such things.

small correction (1)

aepervius (535155) | about a year ago | (#43289335)

I am with you sis' but among my community only the mostr idealist of us were thinking this "We never thought that every government in the world, even traditional enemies, would ally themselves with one goal: Destroy this new vessel of human freedom." The msot realist (and I was among them) were more like "enjoy it while it last because very soon all gov & corp of the world will fall onto this new medium like a ton of brick".

Re:Radical (1)

symbolset (646467) | about a year ago | (#43288059)

I would like to see something radical happen which promotes actual technological innovation and hinders all this IP bullshit.

It's called mobile. Their crap doesn't play well over here. Come on in. The water's fine.

"Implicated" (2)

girlintraining (1395911) | about a year ago | (#43286337)

"UEFI has been implicated in the death of Samsung laptops running Linux."

Yes, it was seen shortly after the murder skipping down the road giggling, its hands covered in blood, counting the money Microsoft had given it to silence the rival gang members.

Re:"Implicated" (-1)

Anonymous Coward | about a year ago | (#43286393)

Okay, okay. You caught me red-handed, or rather... you caught me with a cummy ass! Yes, it is true! The Slashdot editors all took turns fucking my bare asshole!

Re:"Implicated" (0)

Anonymous Coward | about a year ago | (#43288631)

UEFI has been blamed for a slackass implementation by samsung. There is nothing linux specific about that or UEFI specific about that. It's samsungs developers being given a larger role than bringing coffee to those who had a clue who are the issue there.

Hurry up (-1)

Anonymous Coward | about a year ago | (#43286399)

The EU is slowly dissolving, lets hope they put a nasty fine on MS before the union collapses completely

Making UEFI more Linux friendly (3, Insightful)

volkerdi (9854) | about a year ago | (#43286409)

"so there may be some hope of making UEFI more Linux-friendly"

The only hope is to make Linux distributions more UEFI friendly. UEFI and Secure Boot is certainly here to stay.

Re:Making UEFI more Linux friendly (2)

GigaplexNZ (1233886) | about a year ago | (#43286505)

I agree. Also, I'm tired of hearing the lock in complaint with secure boot - Microsoft requires x86 machines to be unlockable, only ARM is locked down. Where's their EU complaint regarding locked bootloaders for competing tablets?

Re:Making UEFI more Linux friendly (0)

Anonymous Coward | about a year ago | (#43286545)

Blah, blah, blah. Because Microsoft would never, ever change in the future to require that x86 machines have to be locked down once everyone has 'Windows Boot'. Couldn't possibly ever happen.

Re:Making UEFI more Linux friendly (0)

Anonymous Coward | about a year ago | (#43287467)

Is that slippery slope lubed with your whiny tears?

Re:Making UEFI more Linux friendly (1)

Anonymous Coward | about a year ago | (#43287783)

Is that slippery slope lubed with your whiny tears?

No, it is lined with the tears of those who experienced it first hand, from the DOS days onward.

Re:Making UEFI more Linux friendly (2)

Ynot_82 (1023749) | about a year ago | (#43286659)

The issues here is one of PR and perception by non-technical users

Microsoft requires x86 machines to be unlockable

But it's not called "Locked boot", is it?
It's called "Secure boot"
and disabling "secure boot" is surely, by definition, insecure.

Asking new users to disable secure boot is not what distros want to do.

Re:Making UEFI more Linux friendly (0)

Anonymous Coward | about a year ago | (#43286773)

They also require supporting users who wish to add additional approved keys.

Re:Making UEFI more Linux friendly (1)

sjames (1099) | about a year ago | (#43288501)

That would be a separate complaint since it will require action against different vendors.

Beyond that, as a three time loser, MS is subject to extra scrutiny and very little trust.

Re:Making UEFI more Linux friendly (2, Insightful)

Anonymous Coward | about a year ago | (#43286513)

'Secure Boot' is designed to prevent alternate OSs from running on that hardware. That's its fundamental purpose.

The hardware has to be made more Linux-friendly, not the other way around.

Re:Making UEFI more Linux friendly (1, Flamebait)

KingMotley (944240) | about a year ago | (#43288185)

Negative.

Linux can either sign their bootloaders with either:
1) Their own key and provide the necessary key and have users install it into the UEFI, or have the motherboard/bios manufacturers preload it, OR
2) Use Microsoft's key and sign it their boot loaders with that since it is likely already installed into most (non-apply) UEFI systems OR
3) Instruct users to disable secure boot and you can live your live in blissful ignorance never knowing if malware has taken over your entire linux machine, logging every keystroke you make, and recording everything you do, and sending it off to the "bad guys".

Anonymous Coward flings FUD, news at 11.

Re:Making UEFI more Linux friendly (2, Insightful)

Anonymous Coward | about a year ago | (#43286523)

I would LOVE to see a distribution which signed the kernel, bootloader and all of its packages and required the user to import a key into the UEFI BIOS to make everything work. That would be progress!

Re:Making UEFI more Linux friendly (1)

Omnifarious (11933) | about a year ago | (#43286735)

That wouldn't be progress. How many people would bother to figure out how to take the time to do that? No, it has to be so simple to do that it can be done trivially by almost anybody but still require physical access to the machine.

Re:Making UEFI more Linux friendly (2, Insightful)

Anonymous Coward | about a year ago | (#43286551)

All it needs to do is require the ability to add MY keys to load MY kernel on MY hardware... and allow me to remove keys I don't trust.

What is so hard about that?

Of course MS won't allow it...

Re:Making UEFI more Linux friendly (1)

Anonymous Coward | about a year ago | (#43286799)

Yeah, it basically needs to become what MS say it is (a security feature) rather than what it really is (a way to relegate alternate OS's to "non-secure" status).

Re:Making UEFI more Linux friendly (1)

KingMotley (944240) | about a year ago | (#43288199)

What is so hard about that?

Nothing hard about it at all, and that is exactly what it is. Oh, you mean you didn't read anything, nor bother to try and understand what you are talking about before spouting random BS as an anonymous coward? Yeah, that is what I thought.

Re:Making UEFI more Linux friendly (0)

Anonymous Coward | about a year ago | (#43288175)

Not so sure. A lot of corporate hardware gets Linux installed right away. If one vendor makes it more difficult, we'll just go buy from another. PC sales are not doing great as it is with Windows 8 and all. The server side is consumed by Linux. It would be quite suicidal for Dells and HPs to make their servers less Linux friendly.

Re:Making UEFI more Linux friendly (0)

westlake (615356) | about a year ago | (#43288315)

The only hope is to make Linux distributions more UEFI friendly. UEFI and Secure Boot is certainly here to stay.

The geek frets over UEFI because he is dependent on cheap commodity hardware built for the Windows eco-system --- and because almost no one buys a PC with Linux installed. The best he can hope for realistically is that a curious user can be persuaded to dual boot.

That isn't going to happen if he has to disable system-level security.

Not that he hasn't made it perfectly clear that dislikes and distrusts changing system level defaults for any reason whatsoever.

Samsung laptops (5, Informative)

iYk6 (1425255) | about a year ago | (#43286497)

UEFI has been implicated in the death of Samsung laptops running Linux.

That had nothing to do with Linux, and UEFI had no fault in that. The problem is that Samsung wrote a serious bug into their UEFI implementation that causes the laptop to brick if the user does X, Y, and Z under any operating system.

Re:Samsung laptops (1)

Kaenneth (82978) | about a year ago | (#43286913)

A while back I was doing testing on a DEC Alpha machine that had a BIOS based boot menu.

I needed to install multiple OS's (Windows NT english, german, japanese...) when I added the 5th or so OS, the machine died since the boot options overflowed into other data, corrupting the bios settings, requiring re-flash of the settings to factory defaults. (I vaguely recall having to set a jumper, but it was a long time ago)

Re:Samsung laptops (1)

yuhong (1378501) | about a year ago | (#43287097)

I think the firmware was called ARC or later AlphaBIOS.

Re:Samsung laptops (1)

sgt scrub (869860) | about a year ago | (#43287369)

You cleared the BIOS with a jumper. You had two interfaces on that BIOS. One was a GUI for Windows NT users. The other was much like grub2. You had to be in one or the other to install a Windows OS or a Unix OS. IMHO, installing a version of NT for each language wouldn't be considered installing multiple OS's.

Re:Samsung laptops (0)

Anonymous Coward | about a year ago | (#43287321)

And it is only a coincidence that their Windows drivers did the right thing.

Re:Samsung laptops (0)

Anonymous Coward | about a year ago | (#43287507)

The windows drivers didn't always dot he right thing. I have seen reports of it bricking under windows as well.

Re:Samsung laptops (2)

KingMotley (944240) | about a year ago | (#43288209)

Many windows machines got bricked too, but all the crying is from the tin-foil hat wearers.

Microsoft Responds (0)

Anonymous Coward | about a year ago | (#43286535)

No habla.

UEFI has been implicated in the death of Samsung l (1)

Anonymous Coward | about a year ago | (#43286543)

UEFI has been implicated in the death of Samsung laptops running Linux.

Boy, the things allowed to pass as journalism.

1. It has most definitely been the cause of the Samsung bricks, but it also bricks running Windows. It's an implementation-of-the-spec
      issue, but more importantly, it proves that UEFI is still Alpha stage, and a bad idea all around. Let's face it, Windows is frustrating
      enough to run, now this added to the consumers' woes, and we're talking serious hurt here. I can't wait to see some update/virus
      break the Windows boot - I hope that granite palace has an electrified fence because the pitchforks a-be-a flying when that happens.
2. See #1.

Re:UEFI has been implicated in the death of Samsun (1)

tlhIngan (30335) | about a year ago | (#43288413)

1. It has most definitely been the cause of the Samsung bricks, but it also bricks running Windows. It's an implementation-of-the-spec
            issue, but more importantly, it proves that UEFI is still Alpha stage, and a bad idea all around. Let's face it, Windows is frustrating
            enough to run, now this added to the consumers' woes, and we're talking serious hurt here. I can't wait to see some update/virus
            break the Windows boot - I hope that granite palace has an electrified fence because the pitchforks a-be-a flying when that happens.

You do realize UEFI has been around a LONG time now, right? Heck, your PC, if you bought it in the past 7+ years, is probably already running UEFI. Intel used to provide both UEFI and BIOS code, but they stopped at the Core 2 Duo or so in providing BIOS code - it's been UEFI all the way. Prior to that, they've shipped both.

The problem is that some implementations are bad. But BIOS had issues as well - back in the late 90s there was a virus (CIH?) that wiped the BIOS if it could. Heck, BIOS updates were always a tricky affair since many didn't have backup BIOSes yet. Or some updaters didn't check that the BIOSes were compatible (and some STILL don't - you can flash a bad BIOS). And BIOS has been around over 30 years.

And notice how it's only been Samsung laptops? Last I checked, there were Asus, Acer, Sony, Dell, HP, Apple, Lenovo and many more manufacturers of laptops. None of which have reported issues. (And what broke it? Using the EFI storage area to store crash data for post-mortem debugging. Something EFI-enabled OSes have done, like OS X, and I think Windows as well)

Samsung probably tried to do something smart by putting something else - perhaps a quick media loader or something.

Spain is irrelevant. (-1)

Anonymous Coward | about a year ago | (#43286597)

The European Commission is irrelevant. Open source is irrelevant. Resistance to UEFI is futile. The Linux culture will adapt to service US. Prepare to be embraced, extended and extinguished.

Re:Spain is irrelevant. (1)

epyT-R (613989) | about a year ago | (#43287949)

how unPC of you.. This is how such words are said in the radiant socia...err I mean radiant corpor...err I mean 21st century.

The European Commission is our friend. Open source is our friend. Acceptance to UEFI is optional, friendly, and secure. The Linux culture is viable and empowered. Prepare to be free, secure, and welcome.

Basic questions (0)

Anonymous Coward | about a year ago | (#43286637)

1. What EU laws are Microsoft alleged to have violated with this UEFI business?

2. What evidence is there?

Neither TFA nor the actual complaint seem to have either of these. But if they do, bring it forward...

Re:Basic questions (2)

Kaenneth (82978) | about a year ago | (#43286921)

There is a prohibition in the US constitution against ex-post-facto laws; I don't know if there is one in the EU charter.

Re:Basic questions (1)

Patch86 (1465427) | about a year ago | (#43289175)

It would be your standard anti-trust, monopoly-abuse rules we're talking about. Assuming the narrative of the complainant plays out- the company with 90%+ of the market in desktop computers has mandated a rule on all their distributors/OEMs which makes it extremely difficult for any competitors to compete with them. This is bad for competition. It is also something which is only possible for a company with a monopoly- if Canonical demanded the same thing of Dell, they would get no-where.

Bearing in mind that MS was heavily fined for shenanigans over web-browser bundling, I think it's fair to say that the rules are broad enough to apply to this situation.

Now we can be proud of being spanish for once (0)

Anonymous Coward | about a year ago | (#43286747)

In Spain: we are in a deep crisis, our politicians are a shame, but now we have something we have done as a collective that makes me proud. Go Hispalinux =)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>