[jrockway]

I doubt any major vendor will do this. First off, they don't want to be locked into selling Microsoft-only machines. If they can't pretend Linux is an option, Microsoft can charge them $1000 for a Windows license and there's nothing they can do about it. If they have Linux hanging over Microsoft's head, though, they'll get better pricing on Windows. (Think this won't happen? It already did with XP on netbooks. When Microsoft realized that everyone was happy to get $100 off the price of their laptop to run Firefox under Linux instead of under Windows, they had no choice but to make it nearly free.)

If that doesn't work, the need for booting non-standard Windows images will save us. I've never worked for any company that ran a stock Windows install -- everyone rolls their own. If new machines won't boot this image, guess what, that new machine is bought from some vendor that doesn't do this to them. And the only reason most people use Windows at home is because they use Windows at work. If big companies started migrating away from Windows, Microsoft could be in serious trouble. (Yup, Microsoft Word is much nicer than LibreOffice Writer or AbiWord. But you don't know that if you've never used it. Or, you don't care, because you're writing a memo, not a book. And that's $600 Microsoft loses right there.)

Next, we're forgetting the all-important server market. Nobody uses Windows as a server OS, so all those servers are going to have to be able to run Grub. Since servers are what make the OEMs money (they actually need that quad core chip, you don't), keeping users of that market happy will be the hardware companies' biggest concern. If Intel chips stop booting Linux, guess what, AMD is the new king of the market.

Finally, many of these companies are in markets other than consumer computers, and they won't want to alienate their other partners. If, say, Samsung says "our hardware will only run Windows", then they won't be manufacturing Android phones or Chromebooks anymore. And that's a big deal, because they won't be manufacturing iPhones either, and that means they're out of the mobile market. (Have you ever seen anyone without MVP certification anywhere near a Windows Phone? I didn't think so.)

Basically, Windows is important, but not so important that anyone would want to be the first to go Windows-only in hardware. Hardware companies want to provide nice computers at a nice price. End users mostly want to browse the web. This puts Microsoft in a position to do exactly what the market wants, not what it thinks it can bear. When you're at the top, the only place to go is down. And that is where Microsoft is going.

[dpark]

> If that doesn't work, the need for booting non-standard Windows images will save us. I've never worked for any company that ran a stock Windows install -- everyone rolls their own. If new machines won't boot this image, guess what, that new machine is bought from some vendor that doesn't do this to them.

That's not how this works. It doesn't expect that the entire OS install is signed. It expects that the kernel is signed. "Non-standard" Windows installs don't generally futz with the Kernel. If you work for a company that uses a hacked kernel internally, please let me know, so I can make sure I'm not invested.

> Nobody uses Windows as a server OS

Microsoft's server product(along with its related tools and products) is massively successful. The Internet darlings may not run Windows Server, but many, many companies do.

> If, say, Samsung says "our hardware will only run Windows", then they won't be manufacturing Android phones or Chromebooks anymore.

Why would anyone do that? Even if Samsung sold some hardware that was locked down to only Windows, why would they suddenly stop selling other hardware? There's just no point. They already sell devices that are effectively locked down to Android, but that doesn't preclude them continuing to sell Windows laptops.

[irahul]

> Microsoft's server product(along with its related tools and products) is massively successful. The Internet darlings may not run Windows Server, but many, many companies do.

Yes, and Linux as a server is massively successful. And the internet darlings are one of the biggest customers. If a machine can't boot linux because of the signed kernel requirements enforced at the firmware, those internet darlings would move to machines that can. That isn't a risk intel el al. are going to take, especially with AMD breathing down its back.

[dpark]

Implementing secure boot is a risk that Intel et al are going to take. They've already taken a similar risk to support BitLocker with TPM hardware. None of this will stop Internet darlings from running Linux if they want, though.

[darklajid]

Where do you see the requirement that the kernel has to be signed? I only see them mentioning the boot loader, which should be something entirely different (both on Windows and Linux, as far as I'm aware. I admit that my knowledge about the Windows boot process is incomplete).

If I'm correct (?) your whole reply to that point was a bit over the top, especially the 'tell me where you work so that I can ignore you' part.

Edit: Reading the original source (I recommend it!) confuses me. It says 'unsigned binaries will not load', but still: I'm still reading that as 'will not be loaded by the UEFI firmware' - which should only need to load the bootloader (+ relevant drivers) as far as I understand it?

[bri3d]

I think the idea behind the signed bootloader is that the kernel that the bootloader loads will then be trusted as well. In this way the chain of trust moves up the boot stack and the risk of an early-boot / kernel rootkit can be minimized, especially if the kernel also tries to verify the authenticity of all modules it loads into kernel space (which Windows already does and has for quite some time - please note that I specified "tries").

I don't think this will affect corporate Windows installations as you'd presumably be installing a signed kernel and signed drivers - as the post above yours states, it's very rare to use a non-Microsoft-supplied kernel and unsigned drivers in the corporate environment today.

Signing a Linux bootloader could be perceived as a potential breach of this trusted boot process, as Windows could then potentially be loading in an emulated environment created by a malicious GRUB module or the like. Chances are, nobody subscribing to Trusted Boot will ruin their marketability by either a) not providing a way to disable the trust verification or b) not signing a Linux bootloader. However, that possibility is what has the rash of speculative "Linux won't run anymore!!!" articles running around the internet this week.

More solid info on the trusted boot process can be derived from:

http://lanyrd.com/2011/bldwin/shkft/

[dpark]

You're probably correct. I was just saying that there's no need for the entire Windows installation to be signed, as jrockway implied. Such a requirement would be nearly impossible (and would require scanning the entire OS at startup to verify the signature).

[oopsdude]

FTA, quoting Red Hat's Matthew Garrett:

Secondly, in the near future the design of the kernel will mean that the kernel itself is part of the bootloader. This means that kernels will also have to be signed.

[InclinedPlane]

Sorry, I don't buy it.

No PC OEM has a rational fear of MS doing bad by them, regardless of lock-in. Firstly, MS has no good reason to do that since it would just put the retail price of the PCs too high to sell well, and MS is a volume business and knows it. They're smart enough to know to avoid hurting their own sales. They already know who and how to charge ridiculously high prices per client for software and its not OEMs or retail consumers. Secondly, the OEMs so affected would likely run to the FTC immediately and file complaints of unfair trade practices, and then MS would find itself in a fecal-tornado of bad press and government action that it would surely not enjoy. Thirdly, OEM licenses can only go so high, as then OEMs could just buy and install retail copies of Windows on their machines. In short, this whole fantastical scenario goes against everything that MS has done as a business and everything that MS has done as part of creating and maintaining relationships with OEMs over the past 3 decades, it makes no sense.

As far as the server market, those machines are almost invariably different hardware than commodity PCs. I don't think it's likely that PC component makers or OEMs will opt for Windows-only systems, but I don't think you've put forward a sufficient argument on why that should be the case.

[beagle3]

> No PC OEM has a rational fear of MS doing bad by them, regardless of lock-in. Firstly, MS has no good reason to do that since it would just put the retail price of the PCs too high to sell well, and MS is a volume business and knows it.

Microsoft already prices it differently for different OEMs. They are already in mortal fear than Microsoft will change it, even without the technology to enforce it.

Can't find a link now, but in one of the big computer trade shows, in the morning Asus said they'll be promoting linux on the recent 9" eee. Afternoon, they apologized and said they will only promote Windows, and will in fact redesign it to better fit windows. The difference was apparently made by a call from Microsoft that threatened their volume licensing deal.

> MS would find itself in a fecal-tornado of bad press and government action that it would surely not enjoy.

The government works for Microsoft. MS had some fear of antitrust back in the late 90s, but they've since become one of the largest lobbyists, buying politicians on both sides. They are not touchable by antitrust or any other government action in the foreseeable future.

[kamaal]

Here in India, Microsoft is famous only because the pirated version is freely available from anywhere, thorough anyone at anytime.That's the only reason why everybody uses it all the time.

Take away the free option, and the non industry consumers will just dump their OS. What is stopping Linux from ruling the Desktop market is a awesome UI.

Now, I decide to buy a netbook for browsing and light development. I can save upto 1500 rupees on the OS if I go in for a pre loaded freeDOS version. So this is what I have decided, to buy a good HP netbook which comes close to 15000 rupees. Install Ubuntu LTS version on it. Remain hassle free for the next two years. And spend the saved 1500 rupees on buying a good headphone to listen to music.

I don't see any reason why I must remotely feel the need to use Windows anymore. Unless ofcourse I need to work on a word document. Most of the times OpenOffice is sufficient, if it isn't I just walk upto the next DTP store around my place, pay the guy 20 bucks and get the work done in an hour.

[tbrownaw]

> Nobody uses Windows as a server OS

Which is why my employer really doesn't use Outlook/Exchange for email, or Sharepoint for the intranet, or IIS for the public website, or ActiveDirectory to manage logins and whatever else it does, or ....

Maybe you mean, "nobody uses only Windows as a server OS"? But even tho that would work for my employer (we also have Linux and AIX) and probably all large companies (including Microsoft?), I'm sure there are a ton of smaller ones it doesn't apply to.

[rbanffy]

> Which is why my employer really doesn't use Outlook/Exchange for email, or Sharepoint for the intranet, or IIS for the public website, or ActiveDirectory to manage logins and whatever else it does, or ....

If you really have to live with all that stuff, I'm deeply sorry for you. I use Exchange and AD and it's bad enough.

[roel_v]

Oh come on, seriously? I'm not saying it's the best thing ever, but it works well enough for the majority of small businesses. There is nobody who is really inconvenienced by having to use AD (it's not like most people would even notice). At least it provides a default and standard authentication system, unlike the hacks I've seen where people use rsync to distribute /etc/passwd and /etc/shadow to all machines (and don't get me started on that piece of junk OpenLDAP, I have yet to meet the first person who could build a complete and working centralized auth environment with it.)

[rbanffy]

> I have yet to meet the first person

If you come to Brazil, I can introduce you.

[alrs]

Hi, I'm Lars.

[rfugger]

I doubt any major vendor will do this. First off, they don't want to be locked into selling Microsoft-only machines. If they can't pretend Linux is an option, Microsoft can charge them $1000 for a Windows license and there's nothing they can do about it.

I doubt that secure boot is a factor in this, since it would be easy for vendors to disable by default in the factory if they wanted to install Linux.

The point of the article isn't that the machines will be Windows-only, but that dual booting may no longer be possible. It makes a point of emphasizing that secure booting will likely be easy for the user to disable, although that will disable Windows 8 as well.

[dpark]

> The point of the article isn't that the machines will be Windows-only, but that dual booting may no longer be possible. It makes a point of emphasizing that secure booting will likely be easy for the user to disable, although that will disable Windows 8 as well.

Never going to happen. Win8 will install on machines built for Win7.

Win 8 is not going to refuse to boot on machines that have boot signing disabled.

[wmf]

That's not what we're talking about. We're talking about the Windows 8 Logo Program, which is basically that sticker on a new PC that says it is certified to run Windows 8.

[dpark]

I think we're actually talking about some paranoid hype written about a blog post written about a slide deck.

Maybe Microsoft will require OEMs to support secure boot to be certified for Win8 (fine by me). That doesn't mean that the user won't be able to disable it if they want, and it definitely doesn't mean Win8 won't run when it's turned off.

[caf]

Right, but Windows 8 should still happily boot on a Windows 8 Logo'd PC which has had signed boot disabled by the user for the same reason that it happily boots on non-Logo'd PCs.

[jrockway]

Am I the only person that would pay extra for a computer without all those fucking stickers on it?

[Hyena]

Perhaps we should consider this part of Apple's price premium.

[chaosfox]

This story almost makes me want to buy a Mac. Almost.

[drcube]

They carve their logo into the case instead.

[Luyt]

Ha! That's the first thing I always do with a new computer: remove all those stickers. Some Vista stickers are extremely hard to remove. That being said, my Air came with absolutely no stickers on it.

[slowpoke]

> Yup, Microsoft Word is much nicer than LibreOffice Writer or AbiWord. But you don't know that if you've never used it. Or, you don't care, because you're writing a memo, not a book. And that's $600 Microsoft loses right there.

The very last thing for which I'd consider using MS Word (or any WYSIWYG processor, for that matter) would be writing a book (or any prolonged text which concentrates on the content). Seriously, if you do this you've never even thought about the fact that there are alternatives which are vastly superior for such tasks (one of which being plaintext. Yes, plaintext). I don't get why you would even consider writing a book in a document processor - save for LyX, but that's not exactly a standard word processor.

Sorry for the rant, I mostly agree with you. The general development still scares me though.

[rodh257]

http://en.wikipedia.org/wiki/Comparison_of_Windows_and_Linux... http://www.zdnet.com/blog/microsoft/behind-the-idc-data-wind... http://en.wikipedia.org/wiki/Usage_share_of_operating_system... http://microsoft-news.com/idc-windows-server-dominates-serve...

Estimates of between 40-75% of all servers are Windows based. While Linux is ahead in Web servers (71% market share), they aren't the only type of server going around...

These stats are hard to measure as they can't really account for people who just install free linux distros, but in terms of sold Linux based licenses, Microsoft is ahead. At the very least it shows the that the assertion "no one uses Windows as a server OS" is far from the truth. 5-6 billion dollars revenue a quarter is hardly 'no one'.

[wmf]

they don't want to be locked into selling Microsoft-only machines.

True to some extent, but they can always create Linux models that just don't include the MS public key.

the need for booting non-standard Windows images will save us.

Customized Windows images should have the same signature since the signed components (kernel, drivers, etc.) will be the same.

the all-important server market

This either doesn't apply to servers or the vendors will just create Linux models.

If Intel chips stop booting Linux

To be clear, that is not what we're talking about. This is an optional firmware feature (and I assume it will apply to all logoed PCs regardless of processor type).

[recoiledsnake]

> Nobody uses Windows as a server OS,

This is the problem with getting tech news only from HN.

[palish]

Yes. At my last job, they had 200+ servers, all Windows.

When I tried to bring up Linux as an option, they sort of winced and said "Linux... ehhh... it's hard to get Linux doing what you want."

[th0ma5]

I've actually never heard that, I've heard more like "no one will support it" until RedHat came around, then it was "no one knows how to use it" until I saw IBM use it, then I heard "but there's no software" until I saw Oracle make software for it. That was just in Non-IT businesses. In IT-industry businesses, I never heard Windows discussed too seriously outside of "well, we had to unfortunately because of a client..."

[irahul]

I have never used Windows servers, and I am curious how do you do things which are obvious on Linux on a windows server?

1. Can SQL server deployment be automated? I remember reading somewhere it is mostly GUI administration, though things might have changed with WMI.

2. How do you manage IIS? Say you need to restart IIS on 200+ servers?

3. What is the remote model? Windows doesn't have a decent command line, so ssh will be weird.

Do you write custom code for all this, because I find the ecosystem on Windows sorely lacking.

[FireBeyond]

Two words: Power Shell. Well, one word.

PS is a "decent command line" for Windows, that can handle most of the things you discuss pretty well.

[jrockway]

Why should I learn a new toolchain when I already have one that's just as good but has been around for 30+ years? It's fun to reinvent the wheel, but as a user, sometimes enough is enough. Just give me bash and the coreutils, kthx.

[xyzzyz]

You're completely killing innovation this way. Your bash and coreutils work on Windows, they're just not as useful in that environment. Would you also expect to have bash and coreutils on Lisp Machine?

Also if you don't know this anything about new toolchain, how can you say that your old one is "just as good"?

Caveat: I have been heavy Linux user for past 7 years, but I'm not so quick to dismiss alien technology, especially when it addresses obvious flaws in Unix -- e.g. piping plain text with parsing and printing it again on all stages seems so ancient, I would much rather like to be able to use structured data instead. Also, you could remove the overhead of process initialization if your command line tools are just functions, and not executables. Just sayin'.

[irahul]

PS is just a piece of the puzzle. In fact, if I were to automate things on Windows, I would pick perl/python/ruby(on linux, I use shell scripts only for jobs which are less than 50 lines).

The major question is does the objects which are to be automated lend themselves to automation?

Here is one of the results I found while looking for 'sql server automate'

http://msdn.microsoft.com/en-us/library/ms187061.aspx

If I were talking about MySQL/PostgreSQL, they lend themselves very well to automating. The shell script just calls the relevant programs.

Likewise, if I am automating nginx, shell is just the glue. nginx provides the nut and bolts, and scripting is the wrench.

Unless IIS, SQl server et al. provide similar facilities, powershell isn't going to help.

I haven't used SQL server in a long, long time. My doubts were from some articles I have read:

http://hal2020.com/2011/07/27/porting-microsoft-sql-server-t...

nix DBA’s used shell scripts as their primary management tool, but the SQL Server of that day was not scriptable. Would those DBA’s accept the use of GUI tools?

So it looks like it used to be the case that it wasn't scriptable, but it is now.

[robert_nsu]

You can script and automate IIS and MSSQL using powershell. I'm willing to bet dollars against pesos that if MS hasn't made everything in Windows scriptable via Powershell, they are currently working towards it.

http://msdn.microsoft.com/en-us/library/hh245198(v=SQL.110)....

[charliesome]

#3 is Remote Desktop, not sure on the other 2

[natarius]

I make it short: 1. Of course 2. You write a script. Or simply use something out of the Systems Management Product Family (awesome btw) 3. WMI or Powershell should do the job.

You rarely write custom code when scripting....most use cases a covered by a huge library MS offers. The rest is available through google :)

We have run large Windows Server Farms at my past company (SaaS Business) and maybe 3-4 Linux Servers...the ones causing the most trouble where the Linux ones. One reason: Every dummy can administrate a Windows machine....not so a Linux machine! That fact forced the Ops team to get rid of the Linux machines as quick as the could.

[kamaal]

Every dummy can administrate a Windows machine....not so a Linux machine! That fact forced the Ops team to get rid of the Linux machines as quick as the could.

So you choose a inferior mediocre alternative just because you can hire mediocre folks to handle it(you mentioned 'dummy'). Ultimately having sufficient technical debt to make your miserable for the next decade.

Linux command line isn't very upfront friendly for sure, but its strength lies in automating as much as you can, programatically. When you talk of administration things go beyond cleaning up files and giving access to users. You must have abilities/tools to quickly hack up solutions to programming problems while problems in operations. That's why bash/sed/awk/perl and other Unix text processing utilities are so big on the server side. Unix forms a complete programming ecosystem in itself apart from being an OS.Windows command line is not just weak but literally useless in this area.

Its like saying just because anybody can use notepad, Emacs is useless.

[illumin8]

Unfortunately, this is how business works. If they can hire an operations team full of Windows lusers and pay them $30K a year instead of Linux admins that cost $60K a year, they usually do that.

The thought never crosses their mind that you get what you pay for, and 1 qualified Linux admin can replace an entire team of Windows admins due to automation, scripting, and superior manageability of Linux.

[estel]

What do you think makes it inferior and mediocre?

[rbanffy]

> they sort of winced and said "Linux... ehhh... it's hard to get Linux doing what you want."

I'd say the company you work for has a humongous and probably incurable HR problem. If this is the kind of IT folks they hire, my best advice would be to run away and stay as far from it as possible.

You can also write a very fun book with the stories you probably witness. I'd buy it.

[irahul]

> This is the problem with getting tech news only from HN.

Most of us have worked one or more tech jobs, and HN isn't the source for the assumption that nobody uses Windows as servers. That nobody is far fetched - of course .net shops will most probably be deploying on Windows; for some reasons most of the Java shop do so as well.

But outside that, Linux or BSD is the favored deployment platform. And the OP's argument basically boils down to server vendors can't afford to not boot Linux, not when Linux has a significant market share.

[sciurus]

There's more to life than deploying webapps.

[th0ma5]

I read this as no-one uses Windows (desktop) as a server OS. This is true.

[pointyhat]

I've n ever worked anywhere that doesn't use Windows as a server OS.