I’m sure newcomers to high availability on Linux are still being bewildered by reams of readily googlable semi-ancient information floating out there in the ether. So I’m going to try to help remedy this by saying:
This has been a public service announcement. Thank you for reading.
I’ve just been reminded that I never posted the drawing I did during the presentation that Florian and I gave at linux.conf.au 2011.
This PDF is the one I drew during the talk, the only change being the addition of a copyright notice. The “slides” will actually make sense if you were either present at the talk, or if you’ve seen the video.
This PDF is a slightly more polished version, with labels on each panel, which may be more appropriate for a printout and/or may make slightly more sense without the exposition present in the talk.
The drawing was done in Inkscape using a Wacom Intuos 4 tablet, so the originals are SVGs, but I’m operating under the assumption that PDF is still a more widely viewable format. Also, the WordPress upload widget is whining about SVG files being a security risk, and I don’t want to have to convince it otherwise right now. If anyone actually wants the SVGs, please let me know and I’ll sort something out.
One last thing before I forget: both our email addresses have changed since 2011, so don’t believe the drawing on that count. It’s not lying about anything else though
Yesterday Matthew Garret posted Implementing Secure Boot in Fedora, which was subsequently covered by Cory Doctorow in Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users’ computers. I find myself somewhat torn by the whole affair. I understand how the choice by Fedora to cough up $99 to have their shim bootloader signed by Microsoft can be seen as a sellout. But at the same time, if your goal is to ensure your distro is bootable without forcing the user to screw around with their firmware settings, I think Fedora has probably made the least-worst choice, and I think other distros should also consider evaluating this approach.
Immediately, speaking purely practically, a single $99 payment by a distro to cover a (presumably) infrequently updated shim bootloader, and thus have Linux work with UEFI secure boot, is not terribly onerous. Even if many distros did this, I’m not seeing it amounting to much of a revenue stream for Microsoft. And it meets the stated goal (make Linux run on new hardware with minimum user effort or even awareness). So that’s fine as far as it goes.
I’m far less happy about it from a political perspective, where this amounts to supporting another instance of what I’d call The Certificate Cartel, a term I used to apply to SSL CAs.
So, like I said, I find myself somewhat torn by the whole affair.