How Secure Boot Could Have Ruined My First Linux Experience And Why IBM Is Making Things Worse.
Historically, using Free and Open Source Software has been a “license to tinker”, and Linux was no exception.
If it didn’t do something you needed it to do, you could patch it with “something I found”.
If that hadn’t been the case, I would have never been able to start using Mandrake Linux in the 1990s.
You see, the family computer had this horrible piece of hardware in it called a “Winmodem”. And let me tell you about those.
Pretty much as the name implies, the manufacturer dropped a Windows driver, which essentially was the modem.
Theoretically, this had benefits, like the modem could be updated by simply installing a new driver, since most of the logic for the thing is in the software, which runs on the computer, in the Windows 98 kernel in my case.
But that benefit hardly ever materialized. If any manufacturer actually sold you a modem and then later updated you to v.90 or v.92 or something, I’m not aware of it.
They left me at K56Flex and x2, two competing specifications written by rival companies, that predated the ITU standard for v.90 and v.92 56k dial up modems.
Fortunately, most ISPs supported one, the other, or both, in which case it would go ahead and work, but the modem itself was STILL a problem.
Because you only had the Windows driver, and because it implemented the entire modem, without Windows, the modem did nothing. You had no Internet access at all. Dead hardware.
Fortunately, I found the source code to a module that I could compile and add to Linux, and it made the modem work well enough, that I could at least get by until I had saved enough to buy a Zoom 56k modem that supported the actual ITU standards.
The Winmodem was a parasite. Even under Windows, the damn thing made the entire system hang whenever it picked up or hung up the phone line, and then while it was running, it stole CPU time for the driver.
So, this is basically my “Richard Stallman and the Printer” story.
Eventually I was able to remove the Winmodem and the (somewhat unstable) out-of-tree driver, but when I needed to patch the kernel, nothing stopped me. Nothing could have stopped me because nobody had lost their mind and thought Microsoft was a security company.
We didn’t have these ridiculous “Security” charades by the purveyor of the least secure software on the planet.
(“Secure” Boot offers no advantages and the GNOME Desktop has even been tarred and feathered by a “Security” Theater screen by people at IBM Red Hat…… I use KDE now.)
While it is much less common now to encounter the need to run unsigned modules, everyone should be allowed to, without Microsoft in their way. Or in the way of even booting the computer.
Unfortunately with IBM Red Hat’s assistance, crazier things than “Secure” Boot are happening.
This includes the outlandish notion that most of the file system should be read-only (“immutable”) and shouldn’t be within the user’s reach because Apple does this with a toy OS.
How is the user supposed to edit flat configuration files to make systemd (their other disaster) behave differently? How is the user supposed to take software they want in /opt and put it in /opt?
I don’t think you can. And the “Transactional Upgrade” system sounds horrible.
An “everything or nothing” upgrade of every package on the system, even if some are broken, and the only thing you can do if some are is roll the entire thing back?
I will never install a distribution with an immutable file system.
These distributions are worse than useless.
Even IBM Fedora, which has been banging this drum the loudest, has had an immutable “spin” forever, says they’ll make it “Workstation” someday, and well, that hasn’t happened.
There’s just no way to make it actually work. Not if you want to configure the system at all, or do something like dnf update –security.
Don’t even get me started on “kernel lockdown”, where even root is somehow not allowed to change kernel variables.
If a user has so seriously misconfigured their system that a vulnerability exists, let them live with that.
But this really has nothing to do with Security. It’s about walling the user off from their own computer to enforce Windows, or at the very least, make Digital Restrictions Malware (DRM) more effective on Linux.
Quit screwing up my laptop.