back to article Macs to Linux fans: Stop right there, Penguinista scum, that's not macOS. Go on, git outta here

The knickers of the Linux world have become ever so twisty over the past few days as Penguinistas fell foul of the security hardware in their pricey Apple hardware. Reports are coming in of Linux fans struggling to get their distribution of choice to install on the latest Cupertino cash cows with fingers pointed at the …

  1. Anonymous Coward
    Anonymous Coward

    Yet another reason not to touch Apple's vastly overpriced offerings.

    1. Paul Crawford Silver badge

      Indeed, either look for something liker one of the Linux friendly lot like Entroware, System76, Purism, etc, or others like Dell that dabble a bit. Or even a cheap HP and wipe the supplied OS.

      Edited to add - search for "HP 255 G6 Laptop 3KX70ES" comes with FreeDOS and can be had for £210 (not very fancy hardware spec through).

      1. Anonymous Coward
        Anonymous Coward

        "HP 255 G6 Laptop 3KX70ES" comes with FreeDOS"

        Most, if not all, HP business laptops can be ordered with FreeDOS. Only a few preselected FreeDOS models are available in the channel - because they don't sell, but any HP vendor should be able to custom order a computer to your specifications.

        The HP 2xx is the entry level stuff with very plastic-y feel and poor specs all around. I wouldn't bother mainly because of a poor touchpad. It's the 800 series that gets my money (and I require docking).

        1. JohnFen

          "I wouldn't bother mainly because of a poor touchpad."

          Hmmm, I loathe touchpads and keep them permanently disabled. A dodgy touchpad wouldn't factor into my purchasing decision at all.

          1. onefang

            "Hmmm, I loathe touchpads and keep them permanently disabled."

            When I know I'll be using a laptop, I carry a mouse with me. Touchpads loathe me and my long strong fingernails. My home keyboard has deep gouges in some of the keys, a touchpad doesn't stand a chance. For the same reason I've learned to cope with capacitive touch screens, much prefer the older resistive style.

            1. Anonymous Coward
              Anonymous Coward

              "Hmmm, I loathe touchpads and keep them permanently disabled."

              When I know I'll be using a laptop, I carry a mouse with me.

              Well, who wouldn't prefer a proper mouse over touchpad or a pointing stick?

              But whenever you're not seated at a desk, a mouse is a cumbersome device. At the rack aisle or cross connection cabinets, cars, aeroplanes... you're usually condemned to use the laptop at your...lap.

              1. Eltonga
                Happy

                When I know I'll be using a laptop, I carry a mouse with me.

                At the rack aisle or cross connection cabinets, cars, aeroplanes... you're usually condemned to use the laptop at your...lap.

                I know it has fallen out of fashion, but I love to use trackballs, which with the "recent" wireless updates, are generally unobtrusive and always require a lot less real estate than a mouse.

                1. JohnFen

                  Re: When I know I'll be using a laptop, I carry a mouse with me.

                  "I love to use trackballs"

                  I agree! Trackballs continue to rule the roost.

                2. aqk
                  Coffee/keyboard

                  Re: When I know I'll be using a laptop, I use a Lenovo..

                  Lenovo inherited IBM's red Thinkpad "G-spot", which is very useful, once you get used to it.

              2. Dave559

                "Well, who wouldn't prefer a proper mouse over touchpad or a pointing stick?"

                These are Macs we're talking about: Apple's touchpads really are genuinely lovely, and can be stimulated in many ways with as many, or as few, fingers as you desire…

                (Yes, cheap, shitty, craptops do often have cheap, shitty, touchpads, though.)

                1. JohnFen

                  Re: "Well, who wouldn't prefer a proper mouse over touchpad or a pointing stick?"

                  "Apple's touchpads really are genuinely lovely"

                  If the inherent problems with touchpads don't bother you, then you're right, Apple's are the best. But if you're like me, if the touchpad is placed below the keyboard then you're going to be touching it all the time when you're typing. For people like me, Apple's touchpads suck just as hard as everyone else's.

              3. JohnFen

                "But whenever you're not seated at a desk, a mouse is a cumbersome device."

                Mice aren't the only alternative. There are tiny thumb balls that clip to your laptop, etc., as well. But even if they were, using a mouse when not seated at a desk is still less cumbersome than a touchpad. The problem I have with touchpads is their location under the keyboard -- I'm forever touching the damned things when I'm trying to type. Turning on the functionality to disable the touch pad when typing doesn't actually improve things much, as it means I have to remember to intentionally pause when moving between typing and touching.

                I can't think of a more obnoxious input device than a touchpad. I even prefer the old-school mouse nubs over that.

            2. Tigra 07
              Coffee/keyboard

              RE: onefang

              "Touchpads loathe me and my long strong fingernails. My home keyboard has deep gouges in some of the keys"

              Is your keyboard made of butter, or is that you Wolverine?

              1. James 51

                Re: RE: onefang

                @Tigra 07 There was a lady at my former place of employment who had nails that were several centimetres long. I don't know if they were real or not but virtually the keys on her keyboard had the letters scratched off.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: RE: onefang

                  "virtually the keys on her keyboard had the letters scratched off."

                  That's all very well for any touch typists out there, but how will I find the "any" key if I borrow her keyboard then?

                2. Anonymous Coward
                  Anonymous Coward

                  Re: RE: onefang

                  (smile). I used to have strong, centimetre-long nails that I could type with when younger (many many many moons ago). My party trick was to pick up an empty corrugated cardboard box (like the ones listing paper came in) with one hand and suddenly strike the box nails-first with my other hand - they'd go straight through, without injury to my nails. Never did get any hassle from the lads, for some reason..

              2. onefang

                Re: RE: onefang

                "Is your keyboard made of butter, or is that you Wolverine?"

                While my quick healing and long strong claws lean more to the Wolverine side, I keep them blunt. It's safer for all that way. And in this current heatwave, a keyboard made of butter would just be a sticky puddle on the floor.

                1. Tigra 07
                  Happy

                  Re: RE: onefang

                  "While my quick healing and long strong claws lean more to the Wolverine side, I keep them blunt. It's safer for all that way. And in this current heatwave, a keyboard made of butter would just be a sticky puddle on the floor."

                  A sticky, delicious puddle...

                  1. Spiz

                    Re: RE: onefang

                    Which child is running through all of these posts and downvoting? This doesn’t even have any content one could be offended by!

                    1. onefang
                      Trollface

                      Re: RE: onefang

                      "Which child is running through all of these posts and downvoting? This doesn’t even have any content one could be offended by!"

                      Long fingernails on a man is apparently an offense against nature. I always get at least one downvote when I mention it. On the other hand, no one has ever managed to explain to me why long fingernails on males is an evil sin, while long fingernails on females is an entire industry.

                      Here's a hint to the fashion industry, follow the example of the razor industry from the early 20th century, who made female pubic hair a sign of the devil, to sell twice as many razors. Make long fingernails on males fashionable, and sell twice as many fake nails.

                      I wonder how many downvotes I can get by mentioning long fingernails on men, long toenails, being barefoot, and the Dvorak keyboard? I'm sure I left something out.

                      1. Anonymous Coward
                        Anonymous Coward

                        Re: RE: onefang

                        OneFang,

                        You left out Hitler and his friends ;)

                        Godwin's Law kicks in at some point, if you wait long enough !!!

                        1. onefang

                          Re: RE: onefang

                          "Godwin's Law kicks in at some point, if you wait long enough !!!"

                          I guess that's the end of the sub thread with my name on it then.

                  2. onefang

                    Re: RE: onefang

                    "A sticky, delicious puddle..."

                    Hey, if you want to lick it up off my floor, be my guest. My floor could use a good cleaning.

              3. Paul 33

                Re: RE: onefang

                Can't believe nobody picked up on this but, Wolverine's claws came out from between his knuckles and were not nails.

                Sabretooth on the other hand, his claws were nails.

                </comic geek mode>

                1. Tigra 07
                  Trollface

                  Re: Paul 33

                  How dare you correct me Paul. Where's the El Reg safe space? I feel quite unwell...

        2. Anonymous Coward
          Anonymous Coward

          HP is terrified

          that people might order naked PCs to install non-Windows10 OS. Microsoft would definitely not like the idea. This is why they only show few (very) low-specs models associated with the word Linux.

          1. bombastic bob Silver badge
            Mushroom

            "secure" boot is *EVIL*

            Just plain *EVIL*. It's designed to LOCK OUT COMPETITION.

            It needs ANTI-TRUST action, PRONTO, if users can NOT unlock it.

            1. werdsmith Silver badge

              Re: "secure" boot is *EVIL*

              The consumer can simply buy something else.

              1. Teiwaz

                Re: "secure" boot is *EVIL*

                The consumer can simply buy something else.

                They can, as long as there is something else to actually buy that isn't something else but also exactly the same.

                If in a vast majority of PC buys, the user intends to use what's bundled and not tweak, then that may well become the norm, and from the norm, quickly all that's available as why carry alternate stock or offer custom configs that few ask for.

                It is mostly how we ended up with Windows bundled with every new PC in the first place for the last few decades.

                1. werdsmith Silver badge

                  Re: "secure" boot is *EVIL*

                  The consumer can simply buy something else.

                  They can, as long as there is something else to actually buy that isn't something else but also exactly the same.

                  WTF?

                  A laptop that can run linux? There are plenty.

                  I think this is just another whinge trigger. Seriously, I can get by perfectly without needing a Macbook to run linux and I doubt I'll ever need to give it another thought. If I do I'll be sure to get the right help.

                  1. Teiwaz

                    Re: "secure" boot is *EVIL*

                    WTF?

                    A laptop that can run linux? There are plenty.

                    I think this is just another whinge trigger.

                    Yes, today. Well, there was a time when buying a laptop or even a desktop PC there really wasn't as much of a convenient choice.

                    Even today, I hear so called linux afficionados on one hand curse MS and hardware OEMS for not offering them the option while rubbishing known vendors who do supply pre-linuxed machines because economies of scale favour the big players platforms.

                    If the market can be almost locked down once through monopolist shenanigans, or simply economising stock on a 'standard' platform and secure lockdown it can happen again.

                2. JLV

                  Re: "secure" boot is *EVIL*

                  >It is mostly how we ended up with Windows bundled with every new PC in the first place for the last few decades.

                  and with systemd ;-)

              2. Antonius_Prime

                Re: "secure" boot is *EVIL*

                They're buying it wrong...

            2. Chronos

              Re: "secure" boot is *EVIL*

              Not often I agree with Shouty McShoutface - and this is no exception. If you buy into the Apple ecosystem, you only have yourself to blame when you realise it really isn't your hardware. You may now own the materials it is made from but the fancy shiny it is wrapped in and the firmware remains licensed

              The problem right now is that x86-64 is no more trustworthy with IME and PSP, not to mention the speculative execution flaws. If only there were someone making thin'n'light machines with Coreboot on them...

              Oh, wait...

              1. justAnITGuy

                Re: "secure" boot is *EVIL*

                "The problem right now is that x86-64 is no more trustworthy with IME and PSP, not to mention the speculative execution flaws. If only there were someone making thin'n'light machines with Coreboot on them...

                Oh, wait..."

                Yeah. Do let us all know how you get on with the TSA when they want to know what you've got on the Purism device/s.

                1. Chronos
                  Facepalm

                  Re: "secure" boot is *EVIL*

                  Yeah. Do let us all know how you get on with the TSA when they want to know what you've got on the Purism device/s.

                  I'll moon them from afar. I'm not subject to the laws of The Land of the "Free," nor do I have any immediate, i.e. in this lifetime, plans to visit which is a shame because there are many things about your country I would absolutely love to experience. Your barbaric penal system is not one of them, though.

                  1. Michael Habel

                    Re: "secure" boot is *EVIL*

                    Can't do the time? ... Don't do the crime, and you shouldn't have a thing to fear. Or can you kust murder a Schoolyard full of children, and just walk it off, where you happen to live? If so I sure as Hell do NOT want to ever vist your country either.

                  2. Anonymous Coward
                    Anonymous Coward

                    Re: "secure" boot is *EVIL*

                    Our barbaric penal system is a result of real criminals. Name every heinous, violent crime in your country and we'll match it 20:1. The bright side is that from a pure landmass perspective, we'll also match you 50:1. Don't sweat it. It's not as dangerous or uncivil as all of the chicken littles would have you believe.

                    1. ROC

                      Re: "secure" boot is *EVIL*

                      The USofA does seem to be far behind with acid attacks from mopeds...

              2. Stevie

                Re: "secure" boot is *EVIL* 4 Chronos

                Intersting link there.

                But once again no mention of price without a frustration-inducing hunt.

                1. Rhyd

                  Re: "secure" boot is *EVIL* 4 Chronos

                  Click product, scroll a bit, click Buy button, see price.

                2. Down not across

                  Re: "secure" boot is *EVIL* 4 Chronos

                  Intersting link there.

                  But once again no mention of price without a frustration-inducing hunt.

                  Like clicking the "Buy" button to find out the price?

                  More frustrating was trying to find the resolution of either the 13.3" or 15" screen as the specs declined to mention it. Finding some reviews enlightened about the missing specifications, and were not necessarily glowing in terms of hardware itself. I love the idea, but the hardware does not appear to live up to the price tag. Shame.

                3. IsJustabloke
                  Facepalm

                  Re: "secure" boot is *EVIL* 4 Chronos

                  But once again no mention of price without a frustration-inducing hunt

                  yes, that "SHOP NOW" button was very well hidden in the middle of the page... 4 clicks later and I arrived at abase price of around $1200 us

                  You're welcome.

              3. deadlockvictim

                it really isn't your hardware

                Previous Commentard» it really isn't your hardware

                The hardware is yours. There are patents and the like to hinder the theft of intellectual property but it *is* yours. You can throw the laptop off a cliff and Apple's primary concern would be about pollution. They will hope that you buy a new Apple product as well.

                Apple's line stands with usage. If you use it as intended, they will look after you, often very well. Do things that are not intended, like installing other OSs, then they won't support you and support from Apple is often a reason people buy into the Apple ecosystem. Apple see their products as tasteful appliances ("I want it to just work"). It is the Jobsian mindser and this has been standard in Apple now for quite a while. I personally prefer Woz-ian view myself but this mindset hasn't really been present in Apple since the G5 and that was over 10 years' ago.

                1. Aitor 1

                  Re: it really isn't your hardware

                  I disagree.

                  There is a full OS running on a hidden chip inside the processor. I have no access to that OS.

                  There are plenty of secure or "not owned by me" processes, devices, etc running in my device.

                  Apple can decide to lock me out with an update because it does not detect the correct signature in the screen or the battery, etc.

                  Would you say your house is your house if you could not go to the basement or the attic? I wouldn't.

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: it really isn't your hardware

                    There is a full OS running on a hidden chip inside the processor. I have no access to that OS.

                    Same as with every Intel chip too. Search Intel ME.

                  2. JDX Gold badge

                    Re: it really isn't your hardware

                    "I disagree.

                    There is a full OS running on a hidden chip inside the processor. I have no access to that OS.

                    There are plenty of secure or "not owned by me" processes, devices, etc running in my device.

                    Apple can decide to lock me out with an update because it does not detect the correct signature in the screen or the battery, etc.

                    Would you say your house is your house if you could not go to the basement or the attic? I wouldn't.

                    You are not legally allowed to do several things in your house, depending where you live. You own your gas plumbing but you have to get someone certified to work on it. You own your house but you can't arbitrarily modify it without permission. You own your garden but you may not build structures in it freely. You own your trees but you might not be legally allowed to fell them or work on them due to preservation orders or ecological requirements. If your attic has asbestos then you might (not sure) legally be forbidden to enter it.

                    More closely related to your argument... do you own a car? In your car there is a full OS running in a locked-down fashion with secure processes and devices. I'm pretty sure hacking into it would invalidate your warranty and insurance which might make your vehicle non road-legal(?)

                    1. JohnFen

                      Re: it really isn't your hardware

                      "You are not legally allowed to do several things in your house, depending where you live."

                      True, but you are restricted from doing those things because they pose risks to your neighbor's property. That line of reasoning in no way holds when it comes to your computer.

                2. JohnFen

                  Re: it really isn't your hardware

                  "There are patents and the like to hinder the theft of intellectual property but it *is* yours."

                  No, it's not. When you are prevented from engaging in perfectly legal activities with your hardware, it isn't your hardware anymore no matter what the law may technically say about it.

            3. nematoad Silver badge

              Re: "secure" boot is *EVIL*

              "It is your hardware after all."

              Is it? I think that with this play Apple ventures to disagree.

              We knew that Secure boot could be abused so who is surprised at this turn of events?

            4. Anonymous Coward
              Anonymous Coward

              Re: "secure" boot is *EVIL*

              @Bob

              Yes, competition is good. I like the way you practice what you preach: both the the lower case letters and the upper case letters compete to appear in your posts.

              ;-)

            5. h4rm0ny

              Re: "secure" boot is *EVIL*

              Users can unlock it.

              At least if it's Windows where, as the article states, a physically present user must be able to disable it to get Windows certification. That's been the case since the start. Secure Boot is a very valuable security feature.

              It's Apple's version that's the problem.

              1. Doctor Syntax Silver badge

                Re: "secure" boot is *EVIL*

                "At least if it's Windows where, as the article states, a physically present user must be able to disable it to get Windows certification."

                It's Microsoft's certification and they could change it at will. Now they have their own Linux Subsystem for Windows (whimsically known by a reversed acronym, WSL) they might.

          2. Anonymous Coward
            Anonymous Coward

            Re: HP is terrified

            "that people might order naked PCs to install non-Windows10 OS. Microsoft would definitely not like the idea."

            Clearly you missed this bit of the article:

            "Microsoft also has a Secure Boot implementation. However, for a PC to be certified for Windows 10, it "must allow the user to completely disable Secure Boot"."

            1. Anonymous Coward
              Anonymous Coward

              Re: HP is terrified

              Is the reason that HP (and other Windows PC manufacturers) are terrified not more that if they sell too great a proportion of laptops without Windows 10 pre-installed, then they lose the preferential (and I'm sure in absolutely no way anti-competitive) "special pricing deal" for Windows that they get from Microsith?

            2. Anonymous Coward
              Anonymous Coward

              Re: HP is terrified

              For Windows 10 this is no longer mandatory and PC manufacturers could be "persuaded" to remove this possibility (nice PC business you have here, let's talk about the cost of Windows licenses which could be lower if... and nobody needs it anyway, look at our Windows Store for really secure Linux distros etc.).

              Why do you think they push so hard WSL, it's to shield them from legal liability when they will lock down computers completely.

            3. Michael Habel

              Re: HP is terrified

              Yes to wit the "Answer" is those ~Systems~ usually already have the added MicroSoft Tax allready attached to them. So they already have about as much Money, as they are likely to make off of you. Till you either formally updated to the next OS (e.g. From XP to 7), or you buy a newer bit of Kit again with WinX as the pre-install.

              Which isn't quite the same as pecuring a "Necked PC" that has say FreeDOS as its shipping and, dare one say disposable OS installed.

              What with the way MicroSoft is taking Windows Operating System X, to an ever encroching "SAAS" subscription model. Which itself may never actually come to pass. For if it did, it would surly kill of Windows as a going concern. At, least for those outside of the Corporate sphere. Again which is why this hasn't already happend, unlike with say Office, which very quickly did.

        3. Paul Crawford Silver badge

          HP 2xx is the entry level stuff with very plastic-y feel

          Is very true, but then I was looking for an almost disposable laptop for friends who kept trashing their own both logically (viruses, etc) and physically ("Oh, the screen is broken after I stood on it. Last two times I stood on it the screen was OK"). So a low cost model and Linux was one route. The other being a Chromebook but then you are ALWAYS slurped by Google.

      2. JLV

        Uh uh. System 76, for one, had a bunch of users complaining about build quality. On a forum dedicated to laptop Linux. Do your research carefully, wise penguins.

        I spend enough time in bash, Ubuntu, browsers and text editors that going off Apple is a distinct option for me if their gear doesn’t shape up a bit from its current style-over-substance, no repairs or upgrading.

        But I’d want something well built and just because something is sold with Linux preinstalled doesn’t mean it can’t be more Acer than Toughbook.

    2. JDX Gold badge

      I don't get why Linux people would want to buy Apple products anyway if they have that opinion of them being vastly overpriced. Certainly not why they would want to dual-boot Linux rather than run it in a VM.

      Even Windows users are generally advised to use VM since the tech is so good these days, BootCAmp being for games and other specialist resource-hungry applications.

      Is there a good use-case for this?

  2. Dwarf

    SecureBoot Bites Again

    Wasn't this raised as a concern when SecureBoot first came out - at the will of another, the ability to install your chosen OS can be removed - the finger was pointed at MS then, but it seems that Apple is first there.

    Presumably the lack of the MS cert will also stop Windows installs onto Mac too ??

    So, back to the "its my hardware, I'll do what I want" position. As long as I decide which certs I want the BIOS to support - by loading them from whatever media I need, then its my choice what OS and desktop I stare at for the next couple of years of my life.

    1. Paul Crawford Silver badge

      Re: SecureBoot Bites Again

      it seems that Apple is first there

      Not quite. Microsoft' ill-fated Windows RT tablets did not allow other OS to be booted, the requirement mentioned is only for x86-based machines.

      1. Anonymous Coward
        Anonymous Coward

        Re: SecureBoot Bites Again

        And iOS came first anyway....

        1. cream wobbly

          Re: SecureBoot Bites Again

          Yeah, I never could get the ZX81 ROM to work on my Commodore 64.

          If you don't want a Mac, don't buy a Mac. You're very welcome.

          1. ibmalone

            Re: SecureBoot Bites Again

            Yeah, I never could get the ZX81 ROM to work on my Commodore 64.

            If you don't want a Mac, don't buy a Mac. You're very welcome.

            Just checking, but you do realise that:

            a. The Mac is Intel hardware that would be capable of running Linux if they hadn't locked it out. Unlike the difference between ZX81 and Commodore.

            b. Linux is a multi-architecture system anyway.

            Though if buying a machine for Linux I don't see much reason to go Mac. Dell XPS if you need the screen, otherwise Thinkpad hardware is perfectly fine.

            1. Doctor Syntax Silver badge

              Re: SecureBoot Bites Again

              "but you do realise that"

              Probably a Mac extreme fanboy unable to distinguish between Mac & MacOS; realisation optional.

              1. ibmalone

                Re: SecureBoot Bites Again

                "but you do realise that"

                Probably a Mac extreme fanboy unable to distinguish between Mac & MacOS; realisation optional.

                Some mini stalking (don't worry, the restraining order is on its way) suggests cream wobbly is fairly OS agnostic, just incautious with analogy on this occasion.

          2. DJV Silver badge

            "I never could get the ZX81 ROM to work on my Commodore 64"

            Back in the 1980s I wrote a small Spectrum program that would change the display to two shades of blue and display "**** Commodore 64 Basic V2 ****" followed by "64K RAM SYSTEM 38911 BYTES FREE" and then "READY." and a loop that generated what looked like a flashing cursor. Leaving that running in the computer depts of department stores confused a good number of people. I once managed to convince someone that a Spectrum running the program had had a C64 ROM installed by mistake.

      2. HausWolf

        Re: SecureBoot Bites Again

        To be fair, the RT tablet hardly allowed an MS operating system to boot either.

    2. bazza Silver badge

      Re: SecureBoot Bites Again

      Presumably the lack of the MS cert will also stop Windows installs onto Mac too ??

      It includes the certificate MS uses to sign Windows. It does not include the certificate (also issued to Microsoft) that everyone else has been using for Linux. The two certificates have broadly similar names!

      Or at least, that's my reading of the situation. May be wrong!

      1. keithzg

        Re: SecureBoot Bites Again

        Yeah but who cares about Windows :P

        (In all seriousness, the same thought occurred to me.)

    3. bombastic bob Silver badge
      Mushroom

      Re: SecureBoot Bites Again

      new name needed:

      *EVIL* *BOOT*

      1. Anonymous Coward
        Anonymous Coward

        Re: SecureBoot Bites Again

        How about: "Sucker Boot", or maybe "Sicker Boot" (but that possibly does sound slightly too much like "Sicherboot")?

  3. Anonymous Coward
    Anonymous Coward

    Great plan Timmy.

    Sure why not antagonize a community that has all of the skills necessary to bypass your platform security hardware while also suing you at the same time?

    The IOS jailbreak community had largely fallen apart, so why not stir up trouble by blocking a free 3rd party OS that does not compete with you in any of your core markets?

    Especially when the core of your OS is built from code they built...

    At least if they do get forced to re-do 3rd party support in secure boot it might enable securely booting something from the network without having to suffer through ugly command line headaches in the process.

    and speaking of headaches, here is an Aspirin for you, straight from Dr Science himself.

    1. Anonymous Coward
      Anonymous Coward

      Re: Great plan Timmy.

      Well I guess that Apple would say, "get you code properly certificated like we and Microsoft do, and then we'll think about supporting it, but only RedHat and Ubuntu maybe" (or something like that). It's an understandable view point - in any other domain, certificates that are no longer trusted should be revoked (or not included at all).

      I'm not saying that's right, merely understandable. My question would be, just how many problems have actually been caused by Macs supporting non-secure boot, and only then when explicitly configured so? Not many or zero I strongly suspect.

      Still, if a user can configure it so, then presumably malware could (in principal) do so also as a prelude for some kind of boot-time attack. Given that MacOS hasn't really got anything like Windows Domain Group Policies, by which a company admin could prevent a whole userbase disabling secure boot using the BCA, taking measures in hardware that stop secure boot being bypassed altogether is Apple's only guaranteed way of enforcing secure boot in an enterprise setting.

      Perhaps they're chasing some juicy USG contracts. If the US government gets nervous about the possibility of secure boot bypasses, and Apple are selling hardware where you really, genuinely cannot do that, it might make Apple's hardware Uncle Sam's #1 choice for all purposes. That's a bigger market than penguinistas.

      Oh, and Darwin is not based on Linux in anyway whatsoever AFAIK. It has far more in common with FreeBSD (which presumably won't boot either now).

      1. Dave 126 Silver badge

        Re: Great plan Timmy.

        > Still, if a user can configure it so, then presumably malware could (in principal) do so also as a prelude for some kind of boot-time attack.

        I guess a hardware switch or jumper could allow a user to do things that malware can't. Still, as you say, it's not worth the effort.

        1. dajames

          Re: Great plan Timmy.

          >> Still, if a user can configure it so, then presumably malware could (in principal) do so also as a prelude for some kind of boot-time attack.

          > I guess a hardware switch or jumper could allow a user to do things that malware can't. Still, as you say, it's not worth the effort.

          It's not a matter of not being worth the effort. The main reason for Secure Boot is to prevent the user from hacking the OS to circumvent DRM, not to stop malware. A switch or jumper such as you suggest is the last thing they want.

      2. Peter Gathercole Silver badge

        Re: Great plan Timmy. @AC

        You've missed the critical point here.

        It is not down to the Linux community to get their code certified, it is for Apple to include the existing certificates that Linux can use into the certificate store in the secure boot system.

        If apple do not want to include a certificate Linux installs can use, there's pretty much nothing that the Open Source community can do to make Linux run without breaking secure boot.

        This was evident when the original Palladium security system was being mooted back in 2002. Some people, like Ross Anderson spotted this, and rang the warning bells, but not too many people heeded the warnings.

        Just because Windows 10 currently requires a PC to have the ability to turn Secure Boot off, this may change in the future, and having secure boot even present means that at some point, it could be enabled, restricting the choice of every owner of a PC with it in.

        I agree that you can choose to not buy Apple hardware. But generally speaking, it's nicely engineered (or has been in the past, not so sure now) and used to be a good choice if you were prepared to pay the premium.

        1. Caffeinated Sponge

          Re: Great plan Timmy. @AC

          Um, I may be guilty of reductionism here, but surely you are essentially arguing for the abolition of security certificates altogether?

          The whole system is based on Trust, it really shouldn’t be a wake up if a certificate issued to Microsoft for Windows which is now deprecated in favour of a newer certificate was being used to sign for something that wasn’t Windows and had nothing to do with Microsoft, then there might be a problem in the post?

          The obvious solutions are to steal the new certificate or obtain legitimate certificates that actually apply to the product...

          1. JohnFen

            Re: Great plan Timmy. @AC

            "surely you are essentially arguing for the abolition of security certificates altogether?"

            I think he's arguing that it should be possible to either turn the system off or to install your own certs.

            "The whole system is based on Trust"

            There is no cert I trust more than one I've created myself.

          2. Peter Gathercole Silver badge

            Re: Great plan Timmy. @Caffinated Sponge

            My previous post on this was a little incomplete. I had not realized that on Intel Secure Boot systems, there is a 'shim' bootloader signed against a Microsoft certificate that can isolate grub and the kernel from Secure Boot. This shim will do additional signature checking, and have certificates maintained by the sysadmin to allow locally compiled versions of grub to be booted. So only the shim needs to be signed against a certificate in the Secure Boot in the UFEI.

            But my original point is that the certificates installed in the Secure Boot system are entirely under the control of the hardware vendor. For the UEFI used on Intel systems to boot Windows, the main certificate holder is Microsoft. Microsoft has come up with this method to allow some Linux distributions to sign against the shim certificates, and allowed them to get grub or other bootloader signed with the shim certificate.

            UEFI does have a facility to install new certificates, but I think many systems have this disabled so the only certificates that can be used are those that were installed when the system was created.

            I suspect that on latest Apple hardware, the only certificate holder is Apple, and only Apple certificates are installed.

            If Apple choose not to sign the shim bootloader, then you can't run Linux. It's nothing the Linux community can change, it's completely at Apple's discretion.

            I think that the cryptography involved in signing with a certificate is sufficiently advanced that you can't 'steal' a certificate. There is magic (read - a cryptographic checksum) in the signature that will check that the code that contains the certificate signature has not been tampered with. So the only solution is to obtain a correct signature for your code. If Apple don't want to grant one, then tough.

            I can totally see why some people want to be able to prove that their system is secure, and is only running software from a recognized source (I won't say trusted, because I think that some OS vendors have abused any trust that they once may have had), but the mechanism used is a double-edged sword which allows these organizations to eliminate rival and alternative OS installations.

            So far Microsoft have been prepared to play fair. But there is absolutely nothing that says that they will remain that way. Remember, the last E in EEE is Extinguish...

            1. JohnFen

              Re: Great plan Timmy. @Caffinated Sponge

              "But my original point is that the certificates installed in the Secure Boot system are entirely under the control of the hardware vendor. "

              Yes, this is a serious problem, and is why being able to completely disable Secure Boot is mandatory for any machine I buy. Then I can just leave it turned off and don't have to worry about it anymore.

      3. Doctor Syntax Silver badge

        Re: Great plan Timmy.

        "Oh, and Darwin is not based on Linux in anyway whatsoever AFAIK. It has far more in common with FreeBSD (which presumably won't boot either now)."

        I'd assumed that either FreeBSD or maybe the open source community sensu lato was intended.

      4. JohnFen

        Re: Great plan Timmy.

        "I'm not saying that's right, merely understandable."

        I don't think it's even understandable.

      5. Michael Habel

        Re: Great plan Timmy.

        And, here I thought the main difference (per-se), between *nux, and BSD, was the GPL, or a lack therof. Which made, or makes BSD more atractive to the like of Apple, and S0NY. (i.e. The underlying OS on PSP, PS3, Vita, and PS4).

    2. JLV

      Re: Great plan Timmy.

      >Especially when the core of your OS is built from code they built...

      Macos's core is Mach, userland and utilities is a lot of BSD. Not Linux. I assume Darwin carries Mach plus BSD, minus the window manager and end user apps.

    3. Chronos

      Re: Great plan Timmy.

      Especially when the core of your OS is built from code they built...

      No, no, no! It's a drunken skip shag between the Mach microkernel and the BSD userland and nothing to do with Linux or GNU at all. I can see why abandoned big cats for their code-names; some people obviously couldn't resist lion about it...

    4. Smirnov

      Especially when the core of your OS is built from code they built...

      FYI: Mac OS X is not built on Linux. If anything it took a few things from FreeBSD, amongst NextStep and others:

      https://en.wikipedia.org/wiki/Darwin_(operating_system)

    5. JohnFen

      Re: Great plan Timmy.

      "Sure why not antagonize a community that has all of the skills necessary to bypass your platform security hardware"

      Honestly, I'm not sure that anything more than a small percentage of that community cares about this when it comes to Apple hardware.

    6. JDX Gold badge

      Re: Sure why not antagonize a community

      How big is the Linux community who wants to dual boot Linux on a Mac? Probably pretty small. I doubt Apple care about antagonizing them, or the wider Linux community who have no interest in their products.

  4. Anonymous Coward
    Anonymous Coward

    Walled garden

    It's getting more like a high security unit complete with razor wire and goon towers.

  5. DeKrow

    Why Linux on Apple Hardware?

    What reasons do people have for purchasing expensive Apple hardware to then go and install Linux on it?

    One of the reasons I've heard for the justification of the inflated Apple pricing is that it buys you into the convenient, interoperable Apple ecosystem.

    Surely, if you want to run Linux, and have a budget that stretches to an Apple laptop, it would also cover a range of both more powerful and at least nearly-as-stylish non-Apple laptops.

    Dual-booting is the only option that makes sense to me. Needing the Apple ecosystem on one hand, but also the flexibility of Linux on the other.

    1. JohnFen

      Re: Why Linux on Apple Hardware?

      Yes, that baffles me as well.

      1. Dave 126 Silver badge

        Re: Why Linux on Apple Hardware?

        There was once a time when the MacBook Air didn't have any non Apple equivilents for several years And it suited Linus Torvalds - light and quiet being his priorities. At the time he lamented Apple's competitors for not being able to release a similar machine.

        These days he uses a Dell XPS 13 Developer Edition, but likes the look of offerings from Lenovo too.

        Non Apple Laptop vendors have really upped their game in recent years, with high Res screens (sometimes s 16:10 or 4:3, at last) and track pads which aren't terrible.

        1. keithzg

          Re: Why Linux on Apple Hardware?

          3:2 screens, too; I dual-boot ChromeOS and Kubuntu on a Pixelbook, as I did previously on a Chromebook Pixel, and it's quite great.

        2. Andraž 'ruskie' Levstik

          Re: Why Linux on Apple Hardware?

          There's a laptop with 16:10??? Where!!!

          1. Solviva

            Re: Why Linux on Apple Hardware?

            Microsoft's' surface laptop book 2 thingy with the rather obnoxious hinge had a 15" 4:3 display.

            Likewise I'd also like to know who has suddenly resumed production of 16:10 laptops after 9(?) years of 16:9 screens...

            1. Dave 126 Silver badge

              Re: Why Linux on Apple Hardware?

              > There's a laptop with 16:10??? Where!!

              Shit, I feel terrible now for misremembering and getting your hopes up.

              Huawei Matebook Pro is 3:2, like MS's offerings. Sorry again, I thought it was 16:10. Still, discrete Nvidia GPU etc .

            2. MarkElmes

              Re: Why Linux on Apple Hardware?

              Actually, its a 3:2 display, and it's nearly damn perfect, an amazing laptop for anyone in the market for one in that price range

        3. rg287 Silver badge

          Re: Why Linux on Apple Hardware?

          There was once a time when the MacBook Air didn't have any non Apple equivilents for several years And it suited Linus Torvalds - light and quiet being his priorities. At the time he lamented Apple's competitors for not being able to release a similar machine.

          Absolutely. People forget that when the Macbook Air came out, this was their advert. No words. They didn't need to explain to you why you needed it. The product just spoke for itself - it was a beautifully designed all-metal unibody that you could fit in a standard manilla envelope. At a time when laptops were hulking slabs of plastic that looked like this.

          And we all stood there with our jaws dropping going How slim?. That's amazing. It had a great screen for the time, excellent battery life, looked pretty, offered the best build quality on the market and weighed next to nothing (compared to anything else on the market).

          How times have changed. Apple are hawking basically the same thing, but the rest of the world has caught on.

          1. JohnFen

            Re: Why Linux on Apple Hardware?

            "They didn't need to explain to you why you needed it. The product just spoke for itself "

            I guess, for people who are more into aesthetics than functionality. For me, that ad fell completely flat because it gave me exactly zero information that I needed to know in order to make a buying decision. Who knows? If it had actually been informative, I might have looked closer into buying one.

      2. gnwiii

        Re: Why Linux on Apple Hardware?

        In the past, Apple hardware has generally been reliable and there is a large community of linux on Apple hardware users so linux bugs affecting Apple hardware get more attention. If your livelihood depends on having a reliable linux laptop, paying extra for top quality makes good business sense. Thinkpads are also popular with linux professionals for the same reason. In general, the reliability of high-end systems from major vendors has been catching up with Apple's laptops, so I would be surprised if fewer people are running linux on Apple hardware in the future.

    2. SVV

      Re: Why Linux on Apple Hardware?

      It's a particularly tragic intersection point on the Venn diagram of "ways of trying much too hard to look cool".

      1. ibmalone

        Re: Why Linux on Apple Hardware?

        It's a particularly tragic intersection point on the Venn diagram of "ways of trying much too hard to look cool".

        As a Linux user I confess one thing I've never thought it could do was make me look cool...

        (Though it did once genuinely prompt the discussion, "What's that?" "I don't know, but I think it must be what Heaven looks like." That was obviously Compiz Fusion era, before it was decreed that nay, ye shall have gnome shell and like it.)

    3. Anonymous Coward
      Anonymous Coward

      Re: Why Linux on Apple Hardware?

      > What reasons do people have for purchasing expensive

      > Apple hardware to then go and install Linux on it?

      It avoids having to pay for a bundled copy of Windows.

      Yes you may be able to get other laptops witout Windows pre-installed, but they are not common.

      Some Linux users may be happier to pay for a MacOS they won’t use, rather than a Windows they won’t use.

      1. Updraft102

        Re: Why Linux on Apple Hardware?

        It avoids having to pay for a bundled copy of Windows.

        ...

        Some Linux users may be happier to pay for a MacOS they won’t use, rather than a Windows they won’t use.

        The crapware that comes with Windows (and gets wiped just as easily) offsets that, perhaps completely offsetting the license cost. When Dell released one of their laptops years ago with Linux preinstalled, people were shocked that it cost a little more than the Windows version, not less. Without crapware to subsidize it, it cost more, or that was the explanation at least.

        I've bought two low-cost "Windows 10" (Home) laptops in the past year with the intent of installing Linux on them, and both were as cheap or cheaper than Chromebooks with the same specs. The Windows tax was nowhere in evidence. Maybe the tax scales up with more costly notebooks (and certainly it does if it is the Pro edition of Windows), but it appears to me that it's the crapware vendors that paid for those Windows 10 licenses I am not using, not me.

        I don't particularly want to pay Microsoft in any way, but they have demonstrated that the real interest is in monetizing Windows 10 users, and they're not getting to do that.

        1. Adelio

          Re: Why Linux on Apple Hardware?

          Maybe it is because they think they can charge more, not because it costs more

      2. T. F. M. Reader

        Re: Why Linux on Apple Hardware?

        @AC: you may be able to get other laptops witout Windows pre-installed, but they are not common.

        Seems common enough to me... My personal laptop is a high end Lenovo Thinkpad that came with FreeDOS. At work everybody who writes code gets Dells with Ubuntu (official option from Dell). I just got a Dell OptiPlex (desktop) that was listed as "without OS" but came with Ubuntu. I figured "without OS" meant "without OS to pay for".

        This has been normal for many years now. I don't think I ever bought a computer with Windows preinstalled since about 1996, but I agree it was not common 20 years ago.

        [I am weird. I wipe Ubuntu and install Red Hat or Fedora KDE spins - need to do weird tweaks in the BIOS setup to boot from DVD/USB (Dell don't make that easy), but otherwise no problem with EFI.]

      3. Anonymous Coward
        Anonymous Coward

        "It avoids having to pay for a bundled copy of Windows."

        So pay for a bundled copy of macOS? If your hardware comes from the nearest supermarket or consumer electronic stores, yes, it may be difficult to find one without Windows, for the simple reason that otherwise they don't sell through that channel. Through more professional channels you can find plenty of PCs without Windows pre-installed, especially since professionals and companies which buys their own licenses don't really need anything OEM (especially Home editions and assorted crapware).

        But we know even the most greybeard and anarchist Linux aficionado can't resist to Apple bling factor... and show off when he can.

        1. Doctor Syntax Silver badge

          Re: "It avoids having to pay for a bundled copy of Windows."

          "But we know even the most greybeard and anarchist Linux aficionado can't resist to Apple bling factor... and show off when he can."

          Definitely greybeard but resist Apple bling? Easy. Look at the price.

        2. JohnFen

          Re: "It avoids having to pay for a bundled copy of Windows."

          "Through more professional channels you can find plenty of PCs without Windows pre-installed"

          True. Or even better, pick up an old case from a second-hand store, buy the components you want, and assemble it yourself. It's really easy to do these days.

          1. onefang

            Re: "It avoids having to pay for a bundled copy of Windows."

            "True. Or even better, pick up an old case from a second-hand store, buy the components you want, and assemble it yourself."

            Not sure why you need your case to be an old second hand one, new cases are available.

            "It's really easy to do these days."

            I've been doing that since last century. The last computer I bought whole, including operating system (not including phones) was a Mac Mini in 2012. The one before that was an Amiga 1200, back when they where new.

    4. rsole

      Re: Why Linux on Apple Hardware?

      The same reason you may want to run Linux or any operating system on any hardware, the software. It may also be something you want to do to extend the life of older hardware that is no longer supported by Apple.

      Also, If the data on the drive is encrypted then you effectively prevent access without the decryption key so why stop it being booted? Maybe someone else can enlighten me.

      Further to this, if you can turn off secure boot and install and run Linux, then where is the issue. It then becomes like any other computer with no secure boot running.

      1. imski

        Re: Why Linux on Apple Hardware?

        Got an old macbook the PHB discarted.

        New aftermarket battery, installed linux on it, great little machine for around the house use.

        Now I can appreciate Apple isn't too concerned with those enjoying the freebies when the PHB moves on to their next shiny offering...

    5. Updraft102

      Re: Why Linux on Apple Hardware?

      What reasons do people have for purchasing expensive Apple hardware to then go and install Linux on it?

      To have something to run on it after Apple declares it "vintage" and arbitrarily bans it from running the latest version of MacOS?

      Otherwise... yeah... no sense in paying the Apple premium if not for the Apple OS, but that's the practical end of it. On the principle end... if it's my hardware, let me do what I wish with it.

      1. werdsmith Silver badge

        Re: Why Linux on Apple Hardware?

        To have something to run on it after Apple declares it "vintage" and arbitrarily bans it from running the latest version of MacOS?

        By which time the problem will have been worked around.

      2. JohnFen

        Re: Why Linux on Apple Hardware?

        Now that makes sense.

    6. Reuben Thomas

      Re: Why Linux on Apple Hardware?

      I have on three occasions found that Apple hardware was the best value for money for the spec I wanted at the time: 2008 Mac mini (small quiet reasonably beefy desktop), 2011 MacBook Air (lightweight reasonably robust laptop), 2014 MacBook Pro (laptop with lots of memory and powerful CPU).

      In other cases I've bought PC hardware: Samsung NC-10 (small cheap laptop), Tranquil PC ixL (replaced the Mac mini).

      Previously, PC laptops with similar specs to Apple models were more expensive, or didn't have as good support for GNU/Linux: the popularity of Apple kit with GNU/Linux users means that Ubuntu has specific support, and drivers and workarounds for problems were typically straightforward to find; I probably wouldn't buy Apple for the desktop currently, as they have no models with no moving parts.

    7. Anonymous Coward
      Anonymous Coward

      Re: Why Linux on Apple Hardware?

      What about because it's your right to do so if you want. You paid for it, you own it. Want to microwave it? Go ahead. Want to drive a car over it. No worries! Want to make it useful and put linux on it. You can't? If you think about it, this is in line with the whole Apple philosophy that the right-to-repair discussions a.s.o. touch too. And, come to think of it, why you must by software nowadays as a subscription.

      1. Anonymous Coward
        Anonymous Coward

        Re: Why Linux on Apple Hardware?

        What about because it's your right to do so if you want. You paid for it, you own it.

        One only has the right to run Linux on it if Apple have said "it runs Linux". The right then is a consumer right (as opposed to human, god-given or any other kind of right), because one can then argue that you parted with one's money to buy the thing specifically because of Apple's claim, "it runs Linux". If it somehow fails to run Linux, one is fully entitled to complain, get a refund, or expect Apple ot make good.

        However, in this specific case Apple have explicitly said, "it does not run Linux". [Whether or not that has been made sufficiently clear up front on their buying portal is a matter for a separate debate, especially given their previous lengthy history of not specifically standing in the way of penguinistas]. In this circumstance, "it does not run Linux", one has no right whatsoever to have it run Linux, because doing so implies that one somehow has the power to force Apple to change the design of their hardware / software. And that would be lunacy. They have a right to sell whatever they want, they cannot be forced to do something they don't want to do.

        One's only recourse is a purchasing boycott.

        1. JohnFen

          Re: Why Linux on Apple Hardware?

          "One only has the right to run Linux on it if Apple have said "it runs Linux"."

          Bullshit. If we're talking rights, then you have the right to install any operating system you want on any machine you want. The manufacturer has the right to not support your alternate OS.

          Actively preventing you from using your machine in ways you have every right to use it it unsupportable and immoral.

          1. Anonymous Coward
            Anonymous Coward

            Re: Why Linux on Apple Hardware?

            Bullshit. If we're talking rights, then you have the right to install any operating system you want on any machine you want.

            Only if the hardware you've bought has been advertised as being "open" to any old OS. In this case it's been advertised as closed. MacOS and Windows 10 only.

            The manufacturer has the right to not support your alternate OS.

            They have the right to sell anything they want configured any way they want. There is no law obliging Apple to make computers that are PC2017 compliant (or whatever the industry spec for an open PC is). If you don't like it don't buy it. Or buy 50.1% of the shares and make them do it as their boss.

            Actively preventing you from using your machine in ways you have every right to use it it unsupportable and immoral.

            Apart from your mistaken belief that Apple are somehow legally obliged to build a machine to your own tastes, Apple would probably say something about secure boot being a benefit to their customers, and many customers would probably agree that it's the right thing to do.

            1. JohnFen

              Re: Why Linux on Apple Hardware?

              "Only if the hardware you've bought has been advertised as being "open" to any old OS. "

              I don't follow this logic. Can you explain? If I've bought hardware, I own that hardware, and I have the right to do anything I want to it, including installing any OS I want. What it's been advertised as is irrelevant in terms of what I do or do not have the right to do with it.

              "They have the right to sell anything they want configured any way they want. There is no law obliging Apple to make computers that are PC2017 compliant "

              Indeed, I never said otherwise. Also, I am talking about rights, not the law. That absence of such a law means nothing.

              "Apart from your mistaken belief that Apple are somehow legally obliged to build a machine to your own tastes"

              You're putting words in my mouth. I never said (and don't believe) that Apple is legally obligated in such a way. I am asserting that intentionally restricting what I can and cannot do with hardware I own is wrong. I never said "illegal".

              "Apple would probably say something about secure boot being a benefit to their customers"

              And I agree with that stance. I'm not arguing against secure boot. I'm arguing against making it impossible to disable it or install your own certs for it.

    8. Doctor Syntax Silver badge

      Re: Why Linux on Apple Hardware?

      "One of the reasons I've heard for the justification of the inflated Apple pricing"

      The other reason was the reputation of Apple build quality which might have been a reason to buy. As a bystander I can't comment on the validity of the reputation but from comments here & elsewhere it may be that that reason is getting to be a thing of the past so it might be that nothing of value is being lost. OTOH while Apple depend on BSD runtime pissing off the open source community might not be the best move.

  6. oiseau
    Linux

    Forever

    Hello:

    Any Linux fan tempted to drop some big bucks on Apple's latest and greatest would be wise to consider holding off until things settle down, unless virtualization will do the job forever.

    There you go ...

    Doesn't it sound much better?

    Because ...

    If I had been foolish enough to buy one, it would be my hardware, hardware for which I paid for with my money. ie: not a Xmas gift from Cook.

    And also because things will only get worse in Appleland.

    O.

  7. This post has been deleted by its author

  8. Anonymous Coward
    Anonymous Coward

    Secure Boot should be optional

    Microsoft may withhold the permission to run their software without SB but they should not prevent me from using the hardware the way I want, unless of course it's their Surface (which I'll never buy anyway).

    With Apple this is tricky since they sell you the combo hardware+software and they can (successfully) claim it's one integrated product.

    1. James O'Shea Silver badge

      Re: Secure Boot should be optional

      As has been noted elsewhere, secure boot can be disabled. it _is_ optional.

  9. J27

    Apple doesn't care about people who buy their hardware to install other OSes on it. Use it their way or else.

    The second they think they can get away with putting in-house chips in Macs they will and 3rd-party OS support will fall off a cliff.

    1. James O'Shea Silver badge

      Bullshit. See https://support.apple.com/en-us/HT208330 where Apple officially puts on record exactly how to disable secure boot.

  10. avidal

    good

    So it will only run BSD pr0n?

  11. Qwertius

    Gated Community.

    Anyone who's idiot enough to spend $$$ on Apple gear to install Linux -- needs their head tested.

    Linux works perfect fine on everyone else's gear -- so who really gives a toss.

    Frankly - if Apple wants to run a 'Gated community' -- I say let them.

    My guess is that Apple is losing traction in the market.

  12. Anonymous Coward
    Anonymous Coward

    This is a non-news story if I've ever seen one

    I don't get why this is an issue?

    a) if you were in the market for a high end linux machine only a complete nutter would buy a Macbook and try to use it to solely run Linux. If they wanted to have linux on the machine as well, just use Parallels, Virtualbox, etc.

    b) If the issue is about 'what do you do when Apple stop supporting it?.....' well I am writing this on my almost 8 year old Macbook which is still legitimately running on the latest OS from Apple. Tell you what, when the current clutch of Macbooks finally go out of support in n years time, then write a moany post - but don't bother us 'til then, eh?

    c) And as for the old: "I bought it, therefore I can do what I want with it" argument - Apple do not market the Macs as a device which you can run anything on. When you buy it, you know it is an integrated piece of hardware and software. If it manages to run other things, great. So if it fails to run other software, should this really be a surprise or cause to moan about? PCs on the other hand are known to be more flexible and are generally not sold as an integrated device (aside from MS' Surface range, etc). Ergo more fit for loading other OSs onto.. so again I don't see this is a valid argument as you are buying something with a specific purpose and trying to move it away from that. Furthermore, you don't own licenses anyway.

    1. James O'Shea Silver badge

      Re: This is a non-news story if I've ever seen one

      it's worse than that. See https://support.apple.com/en-us/HT208330 for how to disable secure boot. This story is an example of Fake News. El Reg must have been bought by Murdoch's boyz at Faux News.

      1. Michael Habel

        Re: This is a non-news story if I've ever seen one

        Murdoch's boyz at Faux News...

        And, here I am sitting in front of this Terminal, thinking to myself.... (As One does.) That the Rat Shack had pretty much devested Murdochs Boi's of the entire shee-bang, sans the Motion Picture Arm, which I gather will continue on as 20/21st Centery Fox?

  13. herman Silver badge

    Intel NUC i7

    Ayup, instead of a shiny Mac Mini, I now have a shiny Intel NUC i7 on my desk for this very reason.

    Sorry Apple, but you lost a sale and I'll use the spare change for something else.

    1. Dan 55 Silver badge

      Re: Intel NUC i7

      Does the Mac Mini have the same problem? That's be a huge error in something they say is suitable to use as a server.

  14. Anonymous Coward
    Anonymous Coward

    Ah diddums

    Let me find my very smallest violin and play a sad sympathetic dirge.

    Any idiot who spends Apple prices to run a linux box needs all their computing devices removing immediately for their own and the greater society's safety.

    1. Dan 55 Silver badge

      Re: Ah diddums

      A few years back before Jony Ive went mad with his glue gun and the hardware wasn't so locked down, there was a point to using it - it was better than the competition. Now this is not the case, there is more choice available.

      1. Michael Habel

        Re: Ah diddums

        No choice? I'm sure Lenovo, Dell, HP, Acer (Just rolling it off the top of my gulliver), would all just happen to disagree with you. But, yeah those Machines could only just about give you a so-so Hackintosh expreance. Which I'll admit was only mildly usefull back in the glory days of the Third-Gen 40GB iPod. When I needed to use what was then, and Hell probably still is a MacOS Exclusuve Audiobook Chapter breaking Program that allowed me to setup such Audiobooks up with the appropiate Chapters.

        Sadly the iPod has been sitting in a dark dusty drawer for about as many years now. having been replaced by Google Play Music, on Android.

  15. Anonymous Coward
    Anonymous Coward

    I can see Apple's point...

    They've spent a lot of money on security so it makes sense they should only allow secure OSs like Windows and Mac OS to run. The thing that all you so called "experts"* forget is that Linux is insecure by design because the sauce codes** are readily available. That means someone like me could read the sauce codes, and go and replace a load of programmes with insecure ones. Once I'd uploaded the change, literally immediately every Linux installation would become insecure because of the Linux auto update scheme and because of systemd***. The only people who are allowed to touch Windows codes are the US Government and people who've been strongly vetted by Microsoft. I.e. proper experts. Linux, the man who wrote all of Linus, is also one of those 60s hippies who believes in peace and free love. They take all your stuff but the scum never own anything you can use in return. He has an untrustworthy face. And don't get me started on dogs.

    * you're not.

    ** printf.

    *** my car wouldn't start this morning. Coincidence? I don't think so.

    1. TomG

      Re: I can see Apple's point...

      I downvoted your post because you seem to have a problem with dogs.

    2. Anonymous Coward
      Anonymous Coward

      @AC-Re: I can see Apple's point...

      Are you an expert of some sort to affirm Linux is insecure by design ? Could you please enumerate a few strains of Linux malware or design flaws to prove your point ?

      Oh, and if you don't know what you're doing, please don't replace Linux programs, it makes you look bad. Only Windows users set Linux to auto-update since they're conditioned to do it.

      1. Peter Rathlev

        Re: @AC-I can see Apple's point...

        This smells like a troll feeding itself. The first post in the thread comes off as part deliberately ignorant and part trolling for the lulz. I don't think even people who never use any kind of Linux would really be gullible enough to believe it. (The downvotes might point in that direction but might of course also be people who just find it in bad taste.)

        For those (hopefully few) that think the original post made sense: Open source means that you can take the source code, copy it all you want and do with it whatever you desire. But you cannot force anyone else to use your version. Only a few people can actually commit changes to the code that is used to build what people download from repositories. If you use one of the many "distributions" (like Ubuntu or Fedora) then packages are futhermore signed by the distributor.

        If the post had a few more swears it could have been a candidate for FoTW.

    3. Doctor Syntax Silver badge

      Re: I can see Apple's point...

      "secure OSs like Windows"

      ROFLMAO

      "That means someone like me could read the sauce codes"

      Have you considered taking up comedy as a career?

      1. ibmalone

        Re: I can see Apple's point...

        "secure OSs like Windows"

        ROFLMAO

        "That means someone like me could read the sauce codes"

        Have you considered taking up comedy as a career?

        I was under the impression those were early clues that it's a parody, which ramps up towards the end.

    4. Michael Habel

      Re: I can see Apple's point...

      Somehow I really doub't that, this is how Linux updates actually work. I mean Linux goes al the way back to what 1989/90, and NOBODY has had this evil-genuis thought be for you decided to chime in with it?

    5. JohnFen

      Re: I can see Apple's point...

      "That means someone like me could read the sauce codes, and go and replace a load of programmes with insecure ones. Once I'd uploaded the change, literally immediately every Linux installation would become insecure because of the Linux auto update scheme and because of systemd"

      Wow, just about everything you've said here couldn't possible be more wrong.

  16. sabroni Silver badge
    Thumb Up

    However, we can report that Ubuntu runs an absolute treat on a Dell XPS.

    Quality!

    1. Paul Crawford Silver badge

      Re: However, we can report that Ubuntu runs an absolute treat on a Dell XPS.

      In the USA Dell sell the "XPS Developer Edition" that comes with Ubuntu installed and a previous commentard said Linus uses one, so I guess they do check their chips & drivers all play nicely. In the UK they don't sell this specific version.

      However Dell UK do offer various models with Ubuntu pre-installed from a cheap Inspiron to the XPS range.

    2. Not previously required

      Re: However, we can report that Ubuntu runs an absolute treat on a Dell XPS.

      Dell sell both Windows and Linux versions of their XPS laptops. I bought the Windows version and put Suse linux on as well. The only thing that doesn't work on the laptop in Linux is the fingerprint reader. I won't put it in the skip yet. The docking station is a PITA about turning the laptop on all the time. Dell seem very reluctant to support dual boot though. Minus one point to them. Still not going anywhere near a Mac!

      1. Anonymous Coward
        Anonymous Coward

        Re: However, we can report that Ubuntu runs an absolute treat on a Dell XPS.

        >Suse linux on as well. The only thing that doesn't work on the laptop in Linux is the fingerprint reader.

        Suse Leap runs a conservative LTS kernel, perhaps you could try a later kernel* or Tumbleweed to see if the driver has been added or improved ?

        *http://download.opensuse.org/repositories/Kernel:/stable/standard/x86_64/

        Don't own an XPS but hope it helps.

  17. BRYN

    According to OMG Ubuntu your not 100% correct

    https://www.omgubuntu.co.uk/2018/11/apple-t2-chip-cant-boot-linux

    Reported yesterday that it maybe/is possible to pay over the odds for the hardware and to run your free operating system on.

    1. Dan 55 Silver badge

      Re: According to OMG Ubuntu your not 100% correct

      That is mentioned in the article:

      At this point Penguinistas would expect to be able to reach for the Apple Startup Security Utility, which provides the option to boot with No Security. However, according to Apple, this option "does not enforce any requirements on the bootable OS".

      Obviously, this has its downsides, but if you're savvy enough to try to put Linux on a Mac, you should understand the implications.

      The problem is that, according to a posting on StackExchange, changing the Secure Boot option "makes no difference".

  18. Tom 7

    It is not my hardware after all

    and it never will be!

  19. Anonymous Coward
    Anonymous Coward

    apple you dont own you rent

    If you thought you own apple hardware, your an idiot..

  20. 3man

    Old Air

    I shelled out for my first Mac a few years back, a Macbook Air with all the useful ports that Apple removed in the last few years. For what it was (a 2013 model) the price was pretty reasonable as well compared to similar choices. Once MacOS support is dropped along with firmware updates (prob in another 12-18 months or so) it will have a Linux distro of my choice installed on it as it's still mechanically sound and does everything I want / need.

    Can't help thinking that Apple have lost the plot with their decisions since then. I wouldn't touch the new Macbooks with a barge pole, regardless of how shiny they are.

  21. Flywheel
    Pint

    Chromebook + Gallium OS for meeeee

    If you want cheap and cheerful, and don't need blazing performance you could do a lot worse than a cheap Chromebook, purge Chrome and install Gallium OS on it. Works for me!

    1. Waseem Alkurdi

      Re: Chromebook + Gallium OS for meeeee

      And an SSD, in case *God forbid* it uses a hard disk! ^_^

      The build quality though. It, er, sucks.

  22. password1234567890

    To what end?

    We have 4 perfectly usable, yet neglected, 2009 era iMacs at the orifice but only two of them will update from 10.8.5 to el Capitain, updating to sierra, high sierra or mohave has been declared a hardware problem by the scumsucking corporates at Apple. This isn't an issue pour moi, because I prefer several linux distros and the gnome desktop to os x anyway. My only real option at this point to make these machines secure is to install linux, and it makes me wonder if this is part of Apple's current end-game, but to what end I don't know.

    1. Dan 55 Silver badge

      Re: To what end?

      Try this.

      Beware of later OS hardware requirements (i.e. bloat) slowing your machine down.

    2. Anonymous Coward
      Anonymous Coward

      Re: To what end?

      What? You are calling out Apple because your 9 year machine is no longer being updated....

      Er... really?

  23. jms222

    Damned if they do

    We've had the same argument with PCs for years.

    Criticise them for the ease of having bootloader malware then when they do secure boot stuff to guard against it criticise them again.

    Consistency anybody ?

    You simply can't have both the ability to boot any OS that changes from week to week and security against bootloader malware.

    1. Updraft102

      Re: Damned if they do

      Criticise them for the ease of having bootloader malware then when they do secure boot stuff to guard against it criticise them again.

      Consistency anybody ?

      Why would you think it is the same individuals criticizing the lack of secure boot and the presence of secure boot? Some people think it's good, some people don't. The lack of consensus on the issue doesn't suggest that there's any inconsistency-- it just means people don't all hold the same opinion, like a lot of other things.

      As always, the devil can be in the details. Secure boot that is not meant to restrict user choices is a benign thing, and there's no harm in having it there. If you don't like it, turn it off! If it's not meant to restrict user choice, turning it off will actually work.

      In my laptop's UEFI, secure boot "just works" with the Ubuntu signed bootloader. In addition, I can select any bootloader on the system and select it (whitelist) as trusted. The UEFI generates a hash of the bootloader and will refuse to boot if the hash changes on any given boot, just as it would with a signed bootloader that no longer matched its signature.

      It also works just fine with secure boot off. There's nothing "bad" as it is implemented on that laptop.

      The people who do criticize secure boot may think that it is the camel's nose in the tent in terms of locking the system down in terms of OS, as we're discussing here with Apple. I would not be happy with that, but none of the secure boot PCs I've set up thus far have had anything like that. As it has been implemented in PCs I have used, secure boot is an optional security feature that can be effectively disabled (which is apparently not so with the Apple product in question).

    2. Doctor Syntax Silver badge

      Re: Damned if they do

      "You simply can't have both the ability to boot any OS that changes from week to week and security against bootloader malware."

      OK, I think I've worked out what you're saying: W10 is bootloader malware.

    3. JohnFen

      Re: Damned if they do

      "You simply can't have both the ability to boot any OS that changes from week to week and security against bootloader malware."

      But you can provide a secure way of allowing the owner of the machine to decide whether or not they want secure boot.

  24. ForthIsNotDead

    As a non-apple owner...

    Isn't iOS (or what ever their OS is called) 75% Linux/Unix anyway?

    (You can probably tell that I've never owned an apple computer).

    1. James O'Shea Silver badge

      Re: As a non-apple owner...

      macOS is NOT in any way, shape, or form, a Linux derivative. OS X was originally built on NeXTSTEP, which was based on the Mach kernel, plus BSD. https://en.wikipedia.org/wiki/NeXTSTEP

      For some reason, a lot of tuxers seem to think that macOS/OS X is just another Linux distro, except that Apple used to cheat and charge for it. Given how easy it is to find the facts, I can only think that this kind of thing is sheer willful ignorance.

      1. Anonymous Coward
        Anonymous Coward

        Re: As a non-apple owner...

        Isn't Mac OS just Linux anyway?

      2. James O'Shea Silver badge

        Re: As a non-apple owner...

        Or, perhaps, there's a brain-damaged troll trying to stir shit.

    2. Doctor Syntax Silver badge

      Re: As a non-apple owner...

      "Isn't iOS (or what ever their OS is called) 75% Linux/Unix anyway?"

      Linux, no. Substantially Unix, I believe so. There is a difference between Linux and Unix.

    3. nycnikato

      Re: As a non-apple owner...

      100 percent UNIX. 0 Percent Linux.

  25. Anonymous Coward
    Anonymous Coward

    Isn't MACOS just Linux anyway?

    1. Anonymous Coward
      Anonymous Coward

      No - MacOS is FreeBSD

      1. James O'Shea Silver badge

        It's BSD, not necessarily FreeBSD, plus Mach, plus stuff originally thought up at NeXT before the NeXTies conquered Apple when the Steve returned in wrath and glory.

      2. Waseem Alkurdi
        Joke

        Hey what?! I thought macOS was just expensive people's Windows!

  26. GingerOne

    Just can't win!

    Security vulnerabilities rightly get jumped on and vendors berated. but here we have someone trying to make their hardware extra secure and they too get jumped on!

    1. JohnFen

      Re: Just can't win!

      They're not getting jumped on for making it secure. They're getting jumped on for the inability to turn that security off if the owner doesn't want it. That's a huge difference.

  27. chivo243 Silver badge
    Windows

    forever a 2nd hand user

    I will continue being a 2nd hand Mac user. Never bought anything new from Cupertino. All 2nd hand and hand-me-down freebies.

  28. Anonymous Coward
    Anonymous Coward

    I love Apple.

    1. Waseem Alkurdi
      Joke

      And I love BlackBerry (the fruit, not the dead business phone company).

      1. Anomalous Cowturd
        Coat

        I love Blackberry and Apple...

        ...Crumble with custard.

    2. Michael Habel

      ...But, only when they made Ciggerate Packet sized Music Players, that had an IEEE1394 Connection.

  29. Tim99 Silver badge
    Gimp

    Maybe, or maybe not?

    Link: applemust.com.

  30. mark l 2 Silver badge

    If Apple want to sell their computers with the ability to only boot to MacOS for 'security reasons' then that is their prerogative, But that should be made clear in their literature if this is the case. If it is supposed to be able to boot to other OS and doesn't then it is not fit for purpose and needs either fixing or offer customers who bought it for this feature to send it back for a full refund.

    Maybe Apple are thinking that only a small portion of buyers every run another OS on them so it is not worth supporting booting alternative.

    1. Anonymous Coward
      Anonymous Coward

      Nonsense, aside from Bootcamp Apple do not market their computers as running other OSs and it is quite clear that hardware and OS are integrated. Therefore if a user chooses to load another OS on their own head be it.

  31. Portent

    Think Different. ThinkPad.

    'nuff said.

  32. Potemkine! Silver badge

    Apple's motto

    “Everything in Apple, nothing outside Apple, nothing against Apple"

  33. Hyper72

    Let not the truth get in the way of a good hatchet job

    A very damaging article. In fact what you do is to boot into macOS Recovery and disable secure boot/signing. Then install and run Linux at your leisure.

    In fact, very similar to how you would disable secure boot in BIOS on a Windows PC.

    1. WolfFan

      Re: Let not the truth get in the way of a good hatchet job

      It’s el Reg. They hate Apple.and have for a very long time.

    2. Anonymous Coward
      Anonymous Coward

      Re: Let not the truth get in the way of a good hatchet job

      "In fact what you do is to boot into macOS Recovery and disable secure boot/signing. Then install and run Linux at your leisure."

      Except (if I am understanding the issue correctly) when secure boot is disabled Apples T2 chip prevents access to several bits of hardware including the hard drive / ssd.

      Kind of hard to install anything on a drive that cant be accessed.

      1. WolfFan

        Re: Let not the truth get in the way of a good hatchet job

        Except (if I am understanding the issue correctly) when secure boot is disabled Apples T2 chip prevents access to several bits of hardware including the hard drive / ssd.

        Kind of hard to install anything on a drive that cant be accessed.

        Except that you do NOT understand the issue correctly. You can, should you so desire, boot into the recovery mode https://support.apple.com/en-us/HT201255 and then launch the startup security app https://support.apple.com/en-us/HT208330 and disable secure boot while at the same time allowing the ability to boot off an external device.

        In short, yes you can boot a new Mac with a T2 chip from Linux. You can even boot it from a live CD/DVD/SSD/USB thumb drive/whatever. The local tuxers are completely, utterly, totally, incorrect. Apple is NOT locking Linux out.

        Somehow I don't think that El Reg will retract this story. I really don't. I have lost considerable respect for them. I really have.

  34. Anonymous Coward
    Linux

    For Shame!

    I feel the righteous rage of the 3 people who bought Apple products to run a shareware OS

    1. Doctor Syntax Silver badge

      Re: For Shame!

      "a shareware OS"

      I think I've found the source of your confusion. You don't know the difference between shareware (is it still a thing there in Windows land?) and free/open source.

  35. sisk

    Oh for the love of all that's holy, why? Seriously Apple, why? You've already got their money, let them install the OS they want FFS.

    Cripes. This kind of crap is why I won't willing touch anything with an Apple logo.

  36. Anonymous Coward
    Anonymous Coward

    Oh the Irony

    Penguinista's blowing their wads (of cash) on shiny-shiny just so they can load (or not, as it seems) their 'free' hobby OS on it

    That's REALLY sticking it to The Man!

    1. keithpeter Silver badge
      Windows

      Re: Oh the Irony

      "Penguinista's blowing their wads (of cash) on shiny-shiny just so they can load (or not, as it seems) their 'free' hobby OS on it"

      Wish my hobby was worth $3.4 x 10^10.

  37. Chas
    FAIL

    Look before you leap!

    Actually it's perfectly possible to boot Linux on the new Macs fitted with the T2 chip:

    * Start up in the Recovery Console (Command-R).

    * Select Startup Security Utility from the menu.

    * Enable or disable Secure Boot to taste.

    There is nothing so satisfying as pricking the pomposity of the self-righteous with the poignard of truth.

    1. WolfFan

      Re: Look before you leap!

      You’re not the first to point that out. The wild tuxers infesting this forum simply don’t care. They will go on and on bashing Apple because obviously Apple is at least as evil as Microsoft or Google.

      1. JohnFen

        Re: Look before you leap!

        "They will go on and on bashing Apple because obviously Apple is at least as evil as Microsoft or Google."

        I know very few people who believe this to be true or make this case.

      2. sisk

        Re: Look before you leap!

        obviously Apple is at least as evil as Microsoft or Google

        In my opinion Apple is quite a bit more evil than Microsoft (these days anyway) or Google. I mean a business model that is built completely on vendor lock-in is bad enough, but I can't imagine Microsoft releasing a Windows update that causes your computer to quit working because you took it to an unauthorized repair shop or Google removing an app from the Play Store without telling the dev why. Apple has done both of these things (with iOS instead of Windows and the iTunes store instead of Play, obviously) and will probably continue to do so unless ordered not to by a court of law (and then they'll still continue to do so if they think they can get rid of it).

  38. jms222

    Secure boot that can be disabled

    is just an oxymoron.

  39. IsJustabloke
    Trollface

    given Apple's penchant for removing things

    Are they sure they actually have internal storage?

  40. pyite42

    Another trick they used to do... CPU voltage

    I remember last time I tried a Mac laptop that the CPU voltage regulator was undocumented... this meant that under Linux the battery life was minimal and the case got almost too hot to touch.

  41. imanidiot Silver badge
    Coat

    And another rung down

    On the how likely am I to buy an Apple product ranking.

    The solution is simple people: STOP buying Apple. They won't learn from their mistakes if people just keep buying their shit.

  42. Anonymous Coward
    Anonymous Coward

    This is literally like Hitler...

    Well someone had to say it.

  43. Wintermute

    The T2 won't even boot macOS

    Forget Linux. This stupid T2 chip won't even let you boot from an external drive created on other Mac computers. I have an up-to-date macOS external boot drive that works fine on all my non-T2'd Macs, but displays a circle with a diagonal cross "prohibited" when trying to boot from my new Mac Mini 2018. This is very very disappointing.

    1. WolfFan

      Re: The T2 won't even boot macOS

      Yes it will. You haven't turned the external device boot on. Turn that on and yes you can boot from external devices.

  44. Libertarian Voice

    Next ones 's a Dell

    Yeah, I had already decided this a while ago, I am still using my iMac at the moment, but when it decides it has had enough of this world I won't be buying a new one. Don't get me wrong, it has been a good box, and I like osX, but I don't like the direction apple is taking.

  45. This post has been deleted by its author

  46. NLCSGRV

    All part of Apple's obvious hostility to people being able to make decisions about the things they purchase, and own, such as decide who repairs them or what OS is installed. Or are Apple customers now renting their hardware?

  47. Paper

    Why?

    If you own a Mac, you may as well use MacOS. It's basic Unix, does the same kind of things almost. Yes, yes, it's not free. The kind of development you do on them is for non free stuff like iPhone development etc.

    I got my mac and my linuxified PC.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like