12 June 2012


A big flame does not end suddenly, it continues with echoes and as echoes go further away, the more ridiculous they get. You can learn, for example, why do Fedora needs signed binaries for UEFI with Secure Boot: because is too hard for users to enter BIOS and change a setting there.

I encountered myself Linux users who didn't entered BIOS before but they need it for the install to change boot order. In such cases I google myself a nice tutorial and point to that. If they are not able or not willing to follow such simple instructions, then I recommend them to continue using Windows, pay for a specialist to solve their problems or take a computing course. And I don't think I am wrong in doing that, by definition, Fedora user base is defined by voluntary Linux consumers who are computer-friendly and likely collaborators. If they are unable of doing such a little work or unwilling to learn such a simple thing, they will be more pain than useful contributors.

There is this illusionary dream in the Fedora community to gain massive market share (the stats show we are shrinking) by attracting an audience of "girl scouts" type of users, for which we removed usability, lose features day by day and may reduce the freedom in the near future.

From the beginning, being a Free software user required a balance between freedom and convenience, and every of the people involved has his own threshold, but Fedora as a project has a stated mission "to lead the advancement of free and open source software and content as a collaborative community" and "freedom over convenience" was part of our marketing message since the four foundations were defined and even before that.

Back to anecdotes and personal experience, time teaches me is not worthy to invest in people who are not willing or not able to learn: you teach them at first, some will learn and grow into valuable contributors, some will refuse and suffocate you with babysitting requests. Filter ones from the others and your life and work will improve.


  1. Hear hear! It's contradictory for Fedora to have a strict policy about free software and then pay money to a proprietary software company for their "permission" to install an OS.

    Easy to use should not mean dumbing down at every possible level.

  2. Gotta pay for SSL certs don't we (packages, yum, etc)? So why is a $99 Secure Boot certificate any different on the sheer view of keeping people secure?

    If Linus comes out and says "What's the problem?" then I think we should all just try it. Seriously. It's NINTEY NINE DOLLARS. A one time fee for all of the Fedora users to be able to boot WITHOUT MAKING SYSTEM CHANGES and keep their security in said proprietiary OSes.

    "Freedom" is a double edged sword. Freedom to use it where you want, freedom to use with with or without system changes.

    For all we know, Microsoft might wave the $99 fee in support of Open Source, Free software, and being that Fedora is obviously not a hacker trying to find a flaw.

    1. is about software freedom 1: "The freedom to study how the program works, and change it to make it do what you wish" and software freedom 3: "The freedom to improve the program, and release your improvements (and modified versions in general) to the public, so that the whole community benefits", paying a sum (99$ for now) to a third party (which will not automatically accept you) is limiting those two freedoms.

    2. I don't understand... the whole point of the article is that changing a BIOS setting is easy, but it becomes too hard if you want to change the source code ? And what exactly is preventing you to do that ? Having the right to distribute your code is not the same as making it easy to use (30 years of free software have a few example of that).

      I really don't see a problem with the solution of signing a bootloader, it brings security for us and not only for dual boot scenarios and it's easy for everyone (knowing how to access the UEFI settings don't make it interesting). If you don't like it you can disable it.

      I think fedora should just release this bootloader signed with a Fedora key on a separate ISO maybe and let people who don't want to have anything to do with MS just add the Fedora key in their BIOS and use that.

    3. if you modify the Free software on your machine, it won't work any more until you change the BIOS setting or pay for a signature. having a signed bootloader wil also make other software crippled, like the kernel and device drivers.

      the proposed solution for Fedora is to put the signed bootloader in the default download.

  3. Nicu,

    I agree with the "SSL cert" argument. Why does Red Hat / Fedora (and virtually everyone one else that offers a high traffic https site) pay for a commercial SSL cert when they aren't necessarily taking credit cards for payment? Can't users simply get tell their browser to ignore the warning and accept a self-signed certificate? Yes they can, but the cost of a certificate is somewhat reasonable (and there are some free ones under certain situations if you know where to look).

    This is the same for secure booting Linux on UEFI. Yes, users can go into the BIOS and fix it... but the very process of "disabling security" will scare some people away. It is different than going into the BIOS to allow booting from a CD or a USB thumb drive. In fact, the vast majority of machines I've used in the last 5 years... I did not have to go into the BIOS to change boot devices... because many BIOSes now have a hot key (ex. F12 on Dell machines) you an hit at boot to pick the desired boot device. If they ever have an easy hotkey toggle for secure boot or self-signed certs in browsers... your argument might hold water.

    Also this IS NOT a profit center for Microsoft nor Verisign. Why? Because there are hundreds of millions more websites that might be potentially interested in an SSL cert... but how many OS makers? Yes, Linux has a lot of distros... so maybe they could get $99 x 500 per year from this... if everyone were to go the way of RH/Fedora... but I don't see that happening. That would fund about 1.25 employees to do all of the cert work for them so my guess is they will actually lose money on the deal... but that's debatable.

    1. this is not the same since the website is not Free software, is just a website from where you download the Free software.

      signing may NOT be a profit center NOW but is giving final control to our main competitor, they will have the final decision on who is or is not an "approved" Linux distributor.