Windows has required code signing for kernel drivers since Vista on x64.
Also, OSX doesn't require the kexts to be signed by Apple themselves - the requirement is that the kext is signed by a certificate that is blessed by Apple's CA. There are plenty of third party kexts out there.
Also, you can modify the bootloader's kernel parameters to disable kext signing and you will be back where you were on 10.9 security-wise.
A much bigger problem is how Microsoft is no longer requiring Windows 10 compatible PCs to ship with a way to disable Secure Boot.
Windows code signing is performed using a certificate available from the usual certificate authorities (Verisign, Thawte, etc, etc) that you pay to verify your identity and issue you a signing certificate.
Apple is the only one that enables OSX signing and it's done in conjunction with your Apple ID that you pay Apple a yearly fee to enable developer abilities on.
The fact that this became a back and forth of people arguing which is worst just highlights the fact that this sort of low level infrastructure needs to be free and open.
Id be curious to know of an instance where apple abuses their power and denied a competitor the ability to sign a binary.
Personally I'd much rather have someone like apple be able to have some kind of audit where by malicious extensions can be revoked. There might be some super clever way that you could do this with the block chain or the like, but ultimately I don't know how this doesn't come down to a person somewhere deciding.
As it stands now most package managers already require signatures before installing applications. We already put trust in the people who maintain the repositories- and whose keys we've decided to use for verifying code. My issue isn't so much with who polices it, my concern is how easy can I override it.
I would have absolutely no problem with Ubuntu shipping with this exact same feature, assuming that I can also add in other sources of trust and self sign extensions I want to place in.
My point is that the problem isn't whether someone can make these decisions or not. It's good to have people make them, and that extra level of protection can mean a lot. None of that is a problem- the real issue is Apple attempting to enforce exclusive trust.
"Id be curious to know of an instance where apple abuses their power and denied a competitor the ability to sign a binary."
This will happen the instant it becomes opportune, Apple being a business, having shareholders and all that. No precedent is needed (they surely have used their power to deny stuff that is not "malicious" in the App Store before).
>Also, OSX doesn't require the kexts to be signed by Apple themselves - the requirement is that the kext is signed by a certificate that is blessed by Apple's CA. There are plenty of third party kexts out there.
I'm curious who has Apple blessed to do so, and what those kexts are?
Maybe go see a doctor about that. Just because I'm asking a question and then not committing righteous suicide because of how great my first world problems are, doesn't mean I actually expressed an opinion about driver signing in general, one way or another.
I'm now very fond to see old ambitious project being alive without trendy interest and funding. I don't even think HURD is as revolutionary as it was when it started, but still a very (very very) nice contribution to biodiversity. And, of course, the OSS spirit embedded within.
I suggest people to look for Samuel Thibault past talks about HURD to see how different layering of components open for fine usages (mounting remote .isos from FTP without suffering too much).
The need for the GNU project and philosophy is still great, I'm not sure there's a need for the Hurd though. We already have a popular, well-supported (by companies and individuals) kernel which is available under the GPL (and another which is available under the BSD licence, which provides useful competition). I think it would be better if the GNU project put their full weight behind Linux rather than trying to work on their own kernel which isn't getting any traction.
Linux has plenty of issues. It's more modular than it was it's a source-level monolith which means very poor support for old drivers that weren't merged into the tree for whatever reason. The recent tight coupling to systemd is making it much more so.
The HURD design was always more elegant, and should result in a more stable and secure system. That's absolutely a project worth pursuing.
Hurd developer here. You are spot-on. The Hurd solves a problem today that Linux (and all the other monolithic systems) will never solve: Fault containment.
Got it, but that's systemd requiring the coupling not Linux (which I assumed you meant "the kernel"). If we're talking about distros, then yes, there is a very high coupling of the ecosystem to systemd. The kernel continues to be unaffected, mostly.
I'm pretty sure Hurd development is still limping along because individuals are interested in working on it, not because GNU is allocating resources that would otherwise be devoted to Linux.
> The need for the GNU project and philosophy is still great, I'm not sure there's a need for the Hurd though. We already have a popular, well-supported (by companies and individuals) kernel which is available under the GPL (and another which is available under the BSD licence, which provides useful competition)
In 2017 or 2018 Microsoft releases "Microsoft Linux with containerized Office-by-wine-who-cares-how and selected applications available from the App Store"
Then Microsoft ships another version of Microsoft Linux and breaks user-space, breaks ABI, other libraries, and brings in encryption-which-only-runs-Microsoft-signed-libraries-and-tools and other hassles which is effectively a fork of Linux kernel + most other tools.
Microsoft becomes just like Apple - a leech on GNU and FOSS.
Confusion is total, people are working on "free you see but not free" software. "Well free for me, developer, my employer, not for you user."
What does the Hurd have to do with the GNU Project as a whole? Haven't other kernels filled the role?
It's possible to separate what the GNU Project does now from what it was originally slated to do 30+ years ago. Providing a solid userspace and suite of libraries is no less important than providing a specific kind of microkernel.
I wonder why still so many people fall for the bullshit around GNU.
You can turn off the kernel needing signed kernel extensions. It is a big annoyance - so much is true. You don't tell the reason why Apple is doing it - Security. That's the reason why Linux is also adopting it [1]. You do this to put Apple as the big evil in contrast to our saviour GNU (and RMS is Jesus or what?). But the thing is that you don't need GNU for a system with free software. Nobody needs Hurd when we have Linux. We also don't need GCC anymore as we have LLVM+Clang. The GNU project doesn't like that as they're becoming less and less needed.
... and there's the inevitable downvote for criticising Apple. If you disagree with my assertion that Apple is providing a need for software freedom in 2015, please post it. I'd love to discuss it; voting buttons are no substitute for discourse.
Do you need a minimum karma level for that? I don't ever have any down arrows and have always wondered. I'm near 500 karma so kinda surprised. Probably in some faq that I'm too lazy to lookup
Many years ago you did not need any karma to down-vote anything. That has changed a long time ago and for years I refrained to get higher karma just to regain the ability to down-vote.
It seems there is a 500 karma threshold for down-voting comments and another one to down-vote posts.
Edit: And another karma level to down-vote comments beaten to death.
Many people prefer Apple hardware, and OS X gives a better experience on Apple hardware than Linux. (Ubuntu doesn't even provide a correct keyboard layout for my keyboard!)
Yes, Apple hardware is nice (although the XPS13 and X1 push them pretty hard.
But I'd have thought that if there was a group that'd see beyond that and ask fundamental questions about openness, digital rights, etc. it'd be developers.
i'm chuckling a bit. but then the whole GNU ecosystem is about catering to a tiny minority with special priorities... inside of an even tinier minority of users of open source OSes. I'm sure I am just an outsider who doesn't really understand the needs or the motivations...
Linux does well in the server world, and Apple get a lot of attention, but even then, between them, they account for something like 4% of OS installs.
I'm also not sure there is much need for GNU. The licenses are absolutely awful for things that claim to be free... sometimes if something is using LGPL with exceptions it will see some serious reuse (Qt as an example) but the GPL license is a great way to stop a project ever reaching its full potential due to its viral nature.
Wow. Thanks for bringing back visions of the 1990s.
These arguments were tiresome then; they are boring now.
You are conflating GNU, GPL and LGPL.
The GNU system may never be as successful as you think. But portions like The GNU Compiler Collection (gcc, go, etc.) and GnuPG (GNU Privacy Guard) and thinks like GNU Emacs are thestandard which others are measured against.
Second the "absolutely awful" licenses; being under the GPL has certainly hindered Linux adoption. And Samba. And ...
The GPL and LGPL are amongst the, if not the, most successful software licences in history. What's more they are one of the few that has resulted in morefreedom.
Things such as Netgear's WRT-54G are classic examples of where these "awful licences" have changed the world for the better.
The GPL in practice hasn't always resulted in more freedom compared to other licenses. For example, GCC is purposefully designed to be non-modular, to prevent people from developing proprietary front ends. You may agree or disagree with the trade-off, but observe the LLVM project: you have the freedom to manipulate IR outside the compiler. With GCC, you have permission to manipulate IR outside the compiler, but they've gone out of their way to make it difficult for you, so you might as well give up. LLVM's license makes the idea of impeding proprietary front ends a non-starter.
But that is not a result of the licensing, it is a result of a design decision. While it may very well be that such a design decision was made to avoid GCC being used with proprietary front-ends (along with the fact that GCC is simply an older project), it does not provide an argument against GPL, at best against some choices made by the FSF. And after all, the LLVM license is the reason why people have to hope that Apple will open Swift, as opposed to that being a fait accompli. And the LLVM license is the reason why hardware vendors will be able to build proprietary back-ends. In my book neither of these facts increases freedom.
as much as i dislike GPL, i think that the success of LLVM/Clang comes from being a much superior platform to GCC. having built languages targetting both GCC was frought with "Who on earth implements this like this" moments. LLVM was painless, everything was obvious and the level of obfuscation is minimal... the documentation was helpful occasionally, rather than vitally necessary.
re: GPL/LGPL being the most successful software licenses, that seems to be changing in favour of permissive licenses like MIT/BSD/Apache
Back in 2013, Aaron Williamson of the Software Freedom Law Center did an analysis of licenses used on Github. The MIT license outnumbered all variations of GPL + LGPL licenses combined, second to MIT on the list was BSD (of course, it should be mentioned that most repositories on Github lacked any identifiable license at all)
Martin Thoma analyzed PyPi (Python Package Index) metadata in January and also found that no license was the top category, but where there is a license, MIT/BSD/Apache licenses outnumbered GPL/LGPL by quite a bit.
That shouldn't be very surprising. I tend to licence small projects under MIT style licences because of the relatively small investment of effort. But if I was starting a much bigger project I would seriously consider something like GPL. It would be interesting to see how the use of licences scales with project size and longevity, rather than pure project count.
It seems perfectly plausible that debian packages are mostly GPL while github is mostly MIT. (Eg Github first became popular in the ruby/rails community which tends to skew more MIT and corporate-friendly). I don't at all see the implication that the difference means someone's trying to lie with statistics.
The lies comes from people who uses the statistic to prove a change in society. The statistics is, as always, just data that is relevant in a specific context.
As to why github is mostly MIT, a reason I read is that github replaced private cvs, ftp and folders on ones laptop with a web service that has the dual functionality of work platform and collaboration platform. It follow the same path when people moved away from using office programs and started to use google docs.
I don't think Richard Fontana did the analysis, in his 2012 presentation entitled "The decline of the GPL and what to do about it" [1], he does refer to an analysis of Debian packages but that was done by John Sullivan (which was prompted by and counter to two analyses showing GPL's decline which were done by Matthew Aslett)
i'll always concede that these technologies are extremely relevant in the web backend space, but for the most part their are bizarre curios that some technical people know about and even fewer actually use.
gcc has done okay, and its a fantastic project in many ways... some of the optimisations its capable of are really quite smart. that being said though it has usually been held up as example of how hairy compilers can be. there was a period where gcc saw some real use from apple and sony, but other than that its always been considered the outsider in practice... at least during my career. maybe in the dark and distant past when it was even harder to use GNU/Linux and Unices then it compared favorable against borland and the ms vc 5 compiler... but i doubt that is true.
I'm never going to be onside with licenses like GPL when there are MITs and BSDs which do not impose draconian restrictions to help further a philosophy instead of being actually free. The single most common reason I hear not to use a library, borne from practicality, is that it is GPL or LGPL licensed.
The fact that you cite something that, to a close approximation, nobody has heard of as an example of how this stuff has made the world better is a brilliant example of what I am talking about.
Open source is great in lots of ways, but I'm convinced it would be better if its proponents and contributors were a little more in touch with reality.
The single most common reason I hear not to use software is that they are proprietary and demand money up front for using it. Every time torrents and piracy is brought it, software is in the middle of the discussion.
Equally convince that you are about your reality, so am I that opponents to GPL are exclusive those who wish to add restrictions on software. Those who only wish to share software and doesn't add restrictive licenses to their work can treat GPL, MIT and BSD as equivalent. It would be nice if the vocal minority would in this regard be "little more in touch with reality" and be upfront about their intension.
do you realise i develop for these platforms amongst others?
i don't just pull my opinion out of my arse, at least not entirely... :)
your source of figures is very dodgy. you need to account for the devices that aren't brand new, and especially third world and the millions and millions of cheap androids and desktop pcs. looking at america or limiting to new purchases is very special and has nothing to do with the wider market (its not uncommon for people to have a "who buys these things new? what a bunch of idiots" mentality in poorer parts of the world). Apple do much better in the US than anywhere else, and new purchases are not the majority of devices in use in the wild.
A law that prohibits slavery was just the first - and now after thinking about it a very good - analogy for the situation at hand. A better one is welcome :)
I wasn't advertising any political goals. I just thought that the idea behind the GPL wasn't understood and wanted to make it clearer.
No, the GPL inhibits the power to make use of software. Its not really the same...
Freedom is something we are born with, and I am free to do what I want with any software. The GPL asserts rights based on societal understanding to the contrary. Most nice licenses just ask for credit if its appropriate.
This idea that having priority in solving a problem entitles you to something is harmful for the whole of society for the whole of the future.
The only way you can consider this "quite similar" is if you are using a rhetorical flourish to manipulate the listener emotionally. Which is, of course, what is being done here, and not for the first time on this particular topic.
Just remember, hyperbole serves no master. Employ it at the risk of having it employed right back against you.
The way I consider it quite similar is that the freedom to own slaves isn't a real freedom, neither is the freedom to use my code to restrict other people's freedom in computing.
Can't you just accept that other people are honestly seeing something that you're (not seeing/see but don't agree with) rather than accusing people who disagree with you on this of being cynically dishonest?
Are drivers licenses also a form of slavery because you're not allowed to drive with out one, and in order to keep it you have to follow most of the rules of the road?
Most people would say that it's ridiculous to compare drivers licenses to slavery, even libertarians will tell you it's a loss of freedom but few would compare it to slavery, because for the most part drivers licenses and slavery have nothing in common.
Slavery is discussed in political philosophy all the time, even in "Anarchy, State, and Utopia" by Nozik (with which I happen to disagree, but that's nor here nor there). I did not read the first message as an hyperbole, but simply as a consequence of the fact that "enjoying freedoms while preventing others from enjoying them" brings slavery to mind quite often. It's an unfortunate, possibly unnecessary metaphor, but not necessarily a piece of rhetoric (although, like everything under the sun, it surely has been used to that effect as well).
- mobile phones (hello android, meego, maemo, webos, etc)
- smart televisions
- smart dvd/blue ray players
- etc
You see Linux out in force on all of the above mentioned hardware platforms.
The global Linux installbase absolutely dwarfs Windows in comparison by the simple nature that Linux runs on more hardware architectures than any general purpose operating system ever created (which rules out iTron, eTron, and the tron variants).
Pretty much all of the new IoT "smart devices" are some Linux variant as well. I could go on and on, but really think you miss the forest for the trees here.
Yes Windows beats the snot out of Linux on the Desktop. The desktop is quickly becoming irrelevant as the world becomes more connected.
Don't confuse the very privileged western society that I'd guess you have direct experience of, with the whole world. Its not the same.
America and new purchases are the tip of the iceberg of the market... maybe those kinds of statistics will be accurate in 15 years time when everything trickles down. Nobody has a mobile phone with a fancy OS to a reasonable approximation, and if they do they are all androids (which you can call it linux all you want, but Google did a whole pile of work to make it viable and has locked up and made it difficult to work with the usual tools people associate with that environment)
I like to think of it this way: if I'm writing an open-source library that I want others to include in their projects, the best way to get adoption (or to just make fellow dev's lives easier) is MIT/BSD/similar-style licensing. I personally don't mind if people cut or carve up my code, use it in closed-source, etc as long as they keep my name on it.
When it comes to building an actual app that's open-source (and not meant to be included in other projects), GPL is a really great way to go. In my mind, it protects the end-users of the app such that it can never be infected by closed-source software, via me or by anyone else, as long as it stays GPL.
For things like protecting a project against the hooked tentacles of the US government's spy machine, it's a great tool. Sure I can put in backdoors, but everyone in the world will see it.
If you like other people controlling your computer/data and only being able to work with their permission, then no, I guess you don't need free software.
Market share on desktops might be low, though I don't actually care. I care that when microsoft or apple decide you can't install software outside of their app stores, when they decide you can only use DRM enabled video players, etc, that there's somewhere to turn.
I down voted because of the strong statements that didn't seem fact checked before posting. Also posting an exact percentage of 4% when you didn't look. I don't care much for Apple but they are owning "Consumer" OS metrics right now.
I myself use Linux and Windows machines. I prefer my own hackery terminals and tiled window manager for my desktop so I am in that tiny minority. I do not support most of RMS (Richard Stallman) says but Absolutly GNU has been a technology changer and all Open Source which effects all operating systems today owe a debt to GNU and that license.
So please don't just post bah humbug without backing up why you would say such harsh things about anything. The more you disagree the more that is needed to be communicated on the your part to start a conversation.
Between this, OpenBSD, Haiku/BeOS, Linux and DragonflyBSD are my fav in term of news and interesting things to read. The dude from DragonflyBSD was over at Slashdot talking about batchprocess vs msg passing pro, con, when to use it.
Do we need some new terminology? There does not seem to be a word for the kind of thing Hurd is. "Replacement for the Unix kernel" seems a bit wordy. It's a thing that does what ordinary folk expect a kernel to do. So technically, it's a kind of virtual kernel, I suppose, but that would be far too easy to misunderstand.
On a completely different note, just what is it about some software projects that stretches them out over such huge time scales? Hurd, Perl 6, LaTeX 3, etc.
Well, I said it's a virtual kernel. That's virtual in the sense of "same interface, different implementation". A virtual X is not an X; it's just handled like an X. A virtual file is not a file. Virtual memory is not memory. Virtual reality is not reality. Etc.
Since it is not a kernel, but is supposed to replace one, virtual kernel would seem to be an accurate term. However, it's too easy to misunderstand, due largely to horribly incorrect usages like "virtual bank" and "virtual classroom" that have been floating around for a while. Alas!
How much does semver make sense for an OS kernel? It makes more sense to split out function calls into families based on purpose and stability, and declare that this family of functions is stable, this family is not, and focus on keeping the kernel running in a stable fashion regardless of the declared version number.
If anything, that makes even more sense for a microkernel, with different function call families being provided by different servers.
I never understood that. Under semver 0.6.0 → 0.7.0 has exactly the same semantics as 0.6.0 → 0.6.1 (because MAJOR==0). So why insist on the extra number?
quote: Also note that you cannot run the Hurd "in isolation": you'll need to add further components such as the GNU Mach microkernel and the GNU C Library (glibc), to turn it into a runnable system.
Of course making it easy is a ton of work.
If they want to gain some traction maybe they should work on a version of the OS in Rust. That would be interesting. glibRust.
To be fair, Linux isn't "easy" without a bootloader and an init program to run. HURD is a little less "easy" since unlike Linux it's not a runnable kernel, it's a layer on top of the Mach (micro)kernel.
Of course, in practice it's a distro's job to make things easy. There's a version of Debian running HURD, but I don't know how up-to-date it is: https://www.debian.org/ports/hurd/
Yesterday I learned from one of my colleagues that the newer versions of OSX will only run kernel extensions signed by Apple.
The need for the GNU project is as great now as it was in the 1980s.