Shameless High Availability Googlebait

I’m sure newcomers to high availability on Linux are still being bewildered by reams of readily googlable semi-ancient information floating out there in the ether. ¬†So I’m going to try to help remedy this by saying:

This has been a public service announcement.  Thank you for reading.

Prior Art

I’ve just been reminded that I never posted the drawing I did during the presentation¬†that¬†Florian and I gave at linux.conf.au 2011.

This PDF¬†is the one I drew during the talk, the only change being the addition of a copyright notice. ¬†The “slides” will actually make sense if you were either present at the talk, or if you’ve seen the¬†video.

This PDF is a slightly more polished version, with labels on each panel, which may be more appropriate for a printout and/or may make slightly more sense without the exposition present in the talk.

The drawing was done in Inkscape¬†using a Wacom Intuos 4 tablet, so the originals are SVGs, but I’m operating under the assumption that PDF is still a more widely viewable format. ¬†Also, the WordPress upload widget is whining about SVG files being a security risk, and I don’t want to have to convince it otherwise right now. ¬†If anyone actually wants the SVGs, please let me know and I’ll sort something out.

One last thing before I forget: both our email addresses have changed since 2011, so don’t believe the drawing on that count. ¬†It’s not lying about anything else though ūüôā

That UEFI Secure Boot Thing

Yesterday Matthew Garret posted Implementing Secure Boot in Fedora, which was subsequently covered by Cory Doctorow in¬†Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users’ computers. ¬†I find myself somewhat torn by the whole affair. ¬†I understand how the choice by Fedora to cough up $99 to have their shim bootloader signed by Microsoft can be seen as a sellout. ¬†But at the same time, if your goal is to ensure your distro is bootable without forcing the user to screw around with their firmware settings, I think Fedora has probably made the least-worst choice, and I think other distros should also consider¬†evaluating this approach.

Immediately, speaking purely practically, a single $99 payment by a distro to cover a (presumably) infrequently updated shim bootloader, and thus have Linux work with UEFI secure boot, is not terribly onerous. ¬†Even if many distros did this, I’m not seeing it amounting to much of a revenue stream for Microsoft. ¬†And it meets the stated goal (make Linux run on new hardware with minimum user effort or even awareness). ¬†So that’s fine as far as it goes.

I’m far less happy about it from a political perspective, where this amounts to supporting another instance of what I’d call The Certificate Cartel, a term I used to apply to SSL CAs.

So, like I said, I find myself somewhat torn by the whole affair.