It’s consistently telling me there’s a problem with my file system. There isn’t.
This is a shame because I find it kinda weird that Ubuntu doesn’t have exec-shield, software that allows you to control DEP policies in a similar manor to EMET. The great thing about Windows is that, through EMET, you can set policies for DEP and ASLR. Ubuntu doesn’t have that.*
It actually doesn’t suck that much since NX is used in literally every process on my system. It’s not that big a deal. But I still would have liked to have tried Fedora.
*Actually Ubuntu can change ASLR policies through
By default (2) it randomizes mmap base, heap, stack, and VDSO page.
So last night I was installing Fedora just to see how it is and my hard drive, which had been clicking for a while, up and died. It just choked then and there.
So today I picked up my new Samsung 830 128GB. Very nice drive, very nice price too – less than a dollar/GB. After two hours of trouble shooting just to realize I hadn’t plugged it in properly I’m now installing Ubuntu and Fedora. I’ll keep them both installed and I’ll hopefully be able to compare the two and pick one for my future usage.
Fedora and Ubuntu are really two of the biggest names in Linux so I’m really interested to see how I adapt.
I’m currently downloading Fedora, which I’ll hopefully have installed and set up soon. I’m going to give Cinnamon a try and see how I like it and see if I can get used to SELinux.
I’m not so unsatisfied with Ubuntu that I need a change but there are features of Fedora that interest me. I’m sure that it merits some use.
I’ll post my thoughts and details on Fedora in the future.
I’ll preface by saying that this is not an official statement on behalf of Canonical as far as I know, simply a post on /r/ubuntu. The user is the Ubuntu Community Manager and his post about SecureBoot pretty much sums up my own opinions.
His post in its entirety:
I think we would all agree that this is terrible that Microsoft are putting other Operating Systems in a position where either (1) they have to sign keys to boot, or (2) we have to ask users to switch off something in their BIOS that has “secure” in the title.
While mal-ware is indeed a threat, and quite nasty, I would have preferred to have seen a means in which a solution can be found that is not controlled by a large corporation who themselves has an Operating System product.
From an Ubuntu perspective, we are going to do everything that we can to ensure our OS boots on the widest range of hardware possible, and the story that Matthew Garrett tells is similar to our experiences in the Ubuntu world. Matthew’s story, and the challenges he has explored are not specific to Fedora, but to all Linux distributions.
I think the problem Microsoft is trying to solve is admirable…mal-ware at that lower level is dangerous, but I think the solution is putting companies like Canonical and Red Hat in a tough spot. 
This hits the nail on the head, really. Microsoft is trying to solve a problem and that’s great but in doing so they are putting distros and Linux users in a difficult place. As he says, it’s now a matter of supporting SecureBoot and paying VeriSign or asking users to disable a security feature.
In my last post about SecureBoot for Linux I was a lot more positive. Let me focus on why there’s more to it than a cool new feature.
SecureBoot is a security technique that prevents untrusted (unsigned) code from starting up before the operating system. Many rootkits start before the OS in order to bypass antiviruses and other forms of protection. SecureBoot will put a stop to this and it should be very effective.
When Windows 8 is released all “Windows 8 Approved” hardware will ship with SecureBoot meaning that only signed software, and that includes operating systems, can boot. So how does Linux fit into this?
Well, an unsigned Linux distro won’t be able to boot. That means they either have to get their own signatures onto the hardware by working with OEMs or they have to pay Microsoft to use their key. (Actually they pay VeriSign, Microsoft provides a subsidy.)
Yep, distro owners now have to pay VeriSign 90 dollars if you want your Linux distro to run. Now, that’s really not a huge deal for anyone running something like Fedora or Ubuntu – Fedora has already stated that they will be doing so. But what about smaller projects? There are hundreds of distros and not all of them are going to be able to just send out 90 dollars – they already have costs for maintaining and developing the system.
Maybe 90 dollars isn’t a huge amount of money but the sheer principal of having to pay VeriSign to run an OS that isn’t theirs to control is pretty backwards.
Look at Hannah Montana Linux. Yes, we can joke and laugh, it’s a bit silly but the idea is that there is a Linux for everyone. Someone out there thought “Hey, I bet some kid out there would really like this and I’m going to go for it” and it’s ideas like that that make Linux so amazing. There is absolute freedom. Anyone can set up their own distro and Microsoft shouldn’t be able to do a damn thing about it.
And yet something like Hannah Montana might not happen in a world dominated by SecureBoot systems. It stops being “this’ll be a fun project that some kids will benefit from.” SecureBoot outright prevents really great systems from being built. It limits that potential. Asking a user to install or dual boot Linux now means asking them to disable security features provided by Windows or the Distro owner has to pay VeriSign.
tl;dr Hannah Montana is the epitome of Linux and Microsoft is trying to kill it.
A recent article highlights the new world of secure-boot Windows computers and how Fedora 18 will be arriving very much around the time of Windows 8.
Secure Boot is a security implementation that aims to prevent untrusted code from running before the OS loads. It’s a powerful new security method and it directly attempts to prevent multiple different attacks that can be (and have already been) used by malware to dig deep into the system.
Implementing Secure Boot in Linux is actually really great. It’s Linux so you know, without a doubt, that limiting a users freedom is absolutely out of the question and they’ll take security to the highest level possible. Users can still use their own kernels (they just have to sign the kernel themselves, it complicates things but not a ton) so don’t worry, you don’t need to turn it off to maintain the same level of freedom as always.
After all of the entirely unjustified hype that Windows 8 Secure Boot would kill Linux or that new hardware would lock you out it’s really great to see that the Distros are working on incorporating this feature and making use of it to the full extent. I do wish it were under better circumstances instead of having to fight not to be locked out of hardware… but it’s not nearly as terrible as what it could have been and we get a neat security feature out of it.
So while Linux has had its hand forced in this situation we do gain a really neat security feature.
It’s lukewarm but I’m happy.