Tue Mar 19 03:24:17 2024
EVENTS
 FREE
SOFTWARE
INSTITUTE

POLITICS
JOBS
MEMBERS'
CORNER

MAILING
LIST

NYLXS Mailing Lists and Archives
NYLXS Members have a lot to say and share but we don't keep many secrets. Join the Hangout Mailing List and say your peice.

DATE 2012-12-01

HANGOUT

2024-03-19 | 2024-02-19 | 2024-01-19 | 2023-12-19 | 2023-11-19 | 2023-10-19 | 2023-09-19 | 2023-08-19 | 2023-07-19 | 2023-06-19 | 2023-05-19 | 2023-04-19 | 2023-03-19 | 2023-02-19 | 2023-01-19 | 2022-12-19 | 2022-11-19 | 2022-10-19 | 2022-09-19 | 2022-08-19 | 2022-07-19 | 2022-06-19 | 2022-05-19 | 2022-04-19 | 2022-03-19 | 2022-02-19 | 2022-01-19 | 2021-12-19 | 2021-11-19 | 2021-10-19 | 2021-09-19 | 2021-08-19 | 2021-07-19 | 2021-06-19 | 2021-05-19 | 2021-04-19 | 2021-03-19 | 2021-02-19 | 2021-01-19 | 2020-12-19 | 2020-11-19 | 2020-10-19 | 2020-09-19 | 2020-08-19 | 2020-07-19 | 2020-06-19 | 2020-05-19 | 2020-04-19 | 2020-03-19 | 2020-02-19 | 2020-01-19 | 2019-12-19 | 2019-11-19 | 2019-10-19 | 2019-09-19 | 2019-08-19 | 2019-07-19 | 2019-06-19 | 2019-05-19 | 2019-04-19 | 2019-03-19 | 2019-02-19 | 2019-01-19 | 2018-12-19 | 2018-11-19 | 2018-10-19 | 2018-09-19 | 2018-08-19 | 2018-07-19 | 2018-06-19 | 2018-05-19 | 2018-04-19 | 2018-03-19 | 2018-02-19 | 2018-01-19 | 2017-12-19 | 2017-11-19 | 2017-10-19 | 2017-09-19 | 2017-08-19 | 2017-07-19 | 2017-06-19 | 2017-05-19 | 2017-04-19 | 2017-03-19 | 2017-02-19 | 2017-01-19 | 2016-12-19 | 2016-11-19 | 2016-10-19 | 2016-09-19 | 2016-08-19 | 2016-07-19 | 2016-06-19 | 2016-05-19 | 2016-04-19 | 2016-03-19 | 2016-02-19 | 2016-01-19 | 2015-12-19 | 2015-11-19 | 2015-10-19 | 2015-09-19 | 2015-08-19 | 2015-07-19 | 2015-06-19 | 2015-05-19 | 2015-04-19 | 2015-03-19 | 2015-02-19 | 2015-01-19 | 2014-12-19 | 2014-11-19 | 2014-10-19 | 2014-09-19 | 2014-08-19 | 2014-07-19 | 2014-06-19 | 2014-05-19 | 2014-04-19 | 2014-03-19 | 2014-02-19 | 2014-01-19 | 2013-12-19 | 2013-11-19 | 2013-10-19 | 2013-09-19 | 2013-08-19 | 2013-07-19 | 2013-06-19 | 2013-05-19 | 2013-04-19 | 2013-03-19 | 2013-02-19 | 2013-01-19 | 2012-12-19 | 2012-11-19 | 2012-10-19 | 2012-09-19 | 2012-08-19 | 2012-07-19 | 2012-06-19 | 2012-05-19 | 2012-04-19 | 2012-03-19 | 2012-02-19 | 2012-01-19 | 2011-12-19 | 2011-11-19 | 2011-10-19 | 2011-09-19 | 2011-08-19 | 2011-07-19 | 2011-06-19 | 2011-05-19 | 2011-04-19 | 2011-03-19 | 2011-02-19 | 2011-01-19 | 2010-12-19 | 2010-11-19 | 2010-10-19 | 2010-09-19 | 2010-08-19 | 2010-07-19 | 2010-06-19 | 2010-05-19 | 2010-04-19 | 2010-03-19 | 2010-02-19 | 2010-01-19 | 2009-12-19 | 2009-11-19 | 2009-10-19 | 2009-09-19 | 2009-08-19 | 2009-07-19 | 2009-06-19 | 2009-05-19 | 2009-04-19 | 2009-03-19 | 2009-02-19 | 2009-01-19 | 2008-12-19 | 2008-11-19 | 2008-10-19 | 2008-09-19 | 2008-08-19 | 2008-07-19 | 2008-06-19 | 2008-05-19 | 2008-04-19 | 2008-03-19 | 2008-02-19 | 2008-01-19 | 2007-12-19 | 2007-11-19 | 2007-10-19 | 2007-09-19 | 2007-08-19 | 2007-07-19 | 2007-06-19 | 2007-05-19 | 2007-04-19 | 2007-03-19 | 2007-02-19 | 2007-01-19 | 2006-12-19 | 2006-11-19 | 2006-10-19 | 2006-09-19 | 2006-08-19 | 2006-07-19 | 2006-06-19 | 2006-05-19 | 2006-04-19 | 2006-03-19 | 2006-02-19 | 2006-01-19 | 2005-12-19 | 2005-11-19 | 2005-10-19 | 2005-09-19 | 2005-08-19 | 2005-07-19 | 2005-06-19 | 2005-05-19 | 2005-04-19 | 2005-03-19 | 2005-02-19 | 2005-01-19 | 2004-12-19 | 2004-11-19 | 2004-10-19 | 2004-09-19 | 2004-08-19 | 2004-07-19 | 2004-06-19 | 2004-05-19 | 2004-04-19 | 2004-03-19 | 2004-02-19 | 2004-01-19 | 2003-12-19 | 2003-11-19 | 2003-10-19 | 2003-09-19 | 2003-08-19 | 2003-07-19 | 2003-06-19 | 2003-05-19 | 2003-04-19 | 2003-03-19 | 2003-02-19 | 2003-01-19 | 2002-12-19 | 2002-11-19 | 2002-10-19 | 2002-09-19 | 2002-08-19 | 2002-07-19 | 2002-06-19 | 2002-05-19 | 2002-04-19 | 2002-03-19 | 2002-02-19 | 2002-01-19 | 2001-12-19 | 2001-11-19 | 2001-10-19 | 2001-09-19 | 2001-08-19 | 2001-07-19 | 2001-06-19 | 2001-05-19 | 2001-04-19 | 2001-03-19 | 2001-02-19 | 2001-01-19 | 2000-12-19 | 2000-11-19 | 2000-10-19 | 2000-09-19 | 2000-08-19 | 2000-07-19 | 2000-06-19 | 2000-05-19 | 2000-04-19 | 2000-03-19 | 2000-02-19 | 2000-01-19 | 1999-12-19

Key: Value:

Key: Value:

MESSAGE
DATE 2012-12-04
FROM Ruben
SUBJECT Subject: [NYLXS - HANGOUT] Locked Down PCs
http://www.zdnet.com/shimming-your-way-to-linux-on-windows-8-pcs-7000008246/

Getting Linux to boot and install on PCs locked down with Windows 8's
UEFI (Unified Extensible Firmware Interface) Secure Boot is still a
major headache. However, Matthew Garrett, a well-known Linux developer
who's been working on fixing the Secure Boot problem, has just released
a working UEFI boot solution for Linux distributors. This should enable
many more versions of Linux to run on Secure Boot-imprisoned PCs.

Garrett, formerly a Red Hat programmer and now a security developer at
Nebula, an OpenStack private-cloud company, announced on November 30th
that he was "pleased to say that a usable version of shim is now
available for download. … This is intended for distributions that want
to support secure boot but don't want to deal with Microsoft."

This approach is not the same as the one that Garrett devised for use
with Fedora Linux. That approach uses a Fedora-specific key that's based
on a Microsoft/Verisign-supplied Secure Boot key.

While that meant dealing with Microsoft, it was as Garrett had written
earlier, "Easy enough for us [Red Hat] to do, but not necessarily
practical for smaller distributions." It's also, as The Linux Foundation
has found, in its so-far failed attempts to obtain a universal Secure
Boot key for Linux distributions, really not that easy at all.

What Garrett has done with his shim approach is to create a signed
boot-loader that can add keys to its own database. This is built on
SUSE's bootloader design. In the SUSE design, the boot-loader has its
own key database, besides the UEFI specification's key database. The
SUSE boot-loader then executes any second-stage boot-loaders signed with
a key in that database. Since the boot-loader is in charge of its own
key enrollment, the boot-loader is free to impose its own policy,
including enrolling new keys off a Linux distribution's installation
file-system.

Garrett has added the a user-interface to the SUSE second-stage
boot-loader. With this, instead of stopping when a here-to-fore
untrusted key appears, the user can navigate the available file-systems,
choose a key and indicate that they want to add it to the key database.
From that time on, the boot-loader will trust binaries signed with that
key.

What this means is that Linux, or other operating systems, can "take an
existing signed copy of shim and put it on their install media, along
with a file containing their key. If a user attempts to boot then the
boot will fail because the second stage boot-loader isn't signed with a
trusted key, but the user can then use the navigator and select the
distribution's key file. After providing confirmation and rebooting, the
second stage boot-loader's signature will now be recognized and the
installer will boot."

So, for example, with this shim program in place, a user can choose to
trust your distro's key and proceed to boot and install it on their
Windows 8 PC. Additional security can also be added to this approach to
beat back automated attacks.

The shim method is meant for developers to make it easy for end-users to
boot and install Linux. It's not meant for Joe or Jane user at home.
That said, it should lead to many more distributions being easier to use
on Windows 8 PCs.

It does have one disadvantage though for some Linux distributors. Since
the shim is a pre-compiled binary, distributions such as Debian, which
insist on having full source code availability, may choose not to use it.

Last, but not least, as I've long predicted, implementations of UEFI are
making it difficult to boot systems into Linux even when everything else
is set correctly. For example, Garrett himself recently ran into a case
with a Windows 8 Lenovo Thinkcentre M92p, which installed Fedora, but
then wouldn't boot it. In this case, it turned out that UEFI system was
checking the descriptive string for each operating system and refusing
to run any that didn't call itself either "Windows Boot Manager" or "Red
Hat Enterprise Linux."

So, while Garrett's shim will soon be bring many more varieties of Linux
to many more Windows 8 PCs, UEFI Secure Boot will remain a significant
worry for anyone wanting to run Linux or other alternative operating
systems on Windows 8 PCs.

  1. 2012-12-01 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Pizza
  2. 2012-12-01 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Server Update
  3. 2012-12-01 From: "Michael L. Richardson" <mlr52-at-michaellrichardson.com> Re: [NYLXS - HANGOUT] Server Update
  4. 2012-12-01 From: "Michael L. Richardson" <mlr52-at-michaellrichardson.com> Re: [NYLXS - HANGOUT] Server Update
  5. 2012-12-01 Ruben <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Linux on Laptops
  6. 2012-12-02 Ruben <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Strange things that make us unsafe
  7. 2012-12-03 Paul Robert Marino <prmarino1-at-gmail.com> Re: [NYLXS - HANGOUT] Linux on Laptops
  8. 2012-12-03 Ruben <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Linux on Laptops
  9. 2012-12-03 Elfen Magix <elfen_magix-at-yahoo.com> Re: [NYLXS - HANGOUT] Strange things that make us unsafe
  10. 2012-12-03 Ruben <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Linux on Laptops
  11. 2012-12-03 Ruben <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Strange things that make us unsafe
  12. 2012-12-03 Elfen Magix <elfen_magix-at-yahoo.com> Re: [NYLXS - HANGOUT] Linux on Laptops
  13. 2012-12-03 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Linux on Laptops
  14. 2012-12-04 Ruben <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Locked Down PCs
  15. 2012-12-04 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Black friday shopping?
  16. 2012-12-04 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Michael George - Paging you!
  17. 2012-12-04 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] [JobAlerts-at-CyberCoders.com: 15+ new php developer jobs in
  18. 2012-12-04 Ruben <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Linux on Laptops
  19. 2012-12-05 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] [MSchlosser-at-LloydIT.com: MYSQL DATABASE ADMINISTRATOR ( contract
  20. 2012-12-08 Ruben <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Sunday
  21. 2012-12-10 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] what you doing this week
  22. 2012-12-10 From: "Redpill" <red.pill-at-verizon.net> RE: [NYLXS - HANGOUT] what you doing this week
  23. 2012-12-10 From: "Redpill" <red.pill-at-verizon.net> RE: [NYLXS - HANGOUT] what you doing this week
  24. 2012-12-10 Robert Menes <viewtiful.icchan-at-gmail.com> Re: [NYLXS - HANGOUT] what you doing this week
  25. 2012-12-10 Ruben <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] what you doing this week
  26. 2012-12-10 Ruben <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] what you doing this week
  27. 2012-12-10 From: "Redpill" <red.pill-at-verizon.net> RE: [NYLXS - HANGOUT] what you doing this week
  28. 2012-12-10 Ruben <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] what you doing this week
  29. 2012-12-11 Ruben <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Fwd: [conspire] Barnes and Noble ebooks, right to own what you buy
  30. 2012-12-11 From: "Redpill" <red.pill-at-verizon.net> RE: [NYLXS - HANGOUT] what you doing this week
  31. 2012-12-11 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] what you doing this week
  32. 2012-12-11 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] jail
  33. 2012-12-11 einker <eminker-at-gmail.com> Re: [NYLXS - HANGOUT] jail
  34. 2012-12-11 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] jail
  35. 2012-12-11 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] jail
  36. 2012-12-12 Ruben <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] jail
  37. 2012-12-12 From: "Redpill" <red.pill-at-verizon.net> RE: [NYLXS - HANGOUT] what you doing this week

NYLXS are Do'ers and the first step of Doing is Joining! Join NYLXS and make a difference in your community today!