NSA Contributing Low-Level Code to Coreboot UEFI BIOS Alternative

35 risposte [Ultimo contenuto]
zigote
Offline
Iscritto: 03/04/2019
Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

What did you think about it, zigote?

zigote
Offline
Iscritto: 03/04/2019

That it is something people interested in FOSS should consider, especially those looking for "most free" and "most secure" things assuming the two are synonymous.

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

I see. So does that mean that shall we call it the most freecure laptop or something. Westerners seem to like this type of compound. Personally I don't like it very much, though.
I don't still understand the news well so I might send persistent emails to NSA to understand and open it, and other matters, too.
By the way the superlative of "free" is "freest", not "most free".

zigote
Offline
Iscritto: 03/04/2019

off-topic/

> By the way the superlative of "free" is "freest", not "most free".

https://trisquel.info/en/forum/libreshop-x200-sale#comment-139976

/off-topic

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

off-topic/

I think the post was censored and revised by the moderator. What is that bear. I don't remember attaching such a photo. I think I attached a giraffe to the post.

/off-topic

3D6753DD-E216-483C-A692-443B60ED8EF5.jpeg
chaosmonk

I am a member!

I am a translator!

Offline
Iscritto: 07/07/2017

My first question is "Does thew NSA use Coreboot themselves?"

If not, then I can't think of a reason for them to "contribute" other than to try to slip in a backdoor. Unless there's another explanation I'm not seeing, it seems that it would be wise to reject or very very closely scrutinize any contributions by NSA employees.

If the NSA does use Coreboot, then there is another explanation for why they might want to contribute. While they are certainly anti-privacy, they are pro-security when it is *their* security on the line. They might want to improve Coreboot out of their own self interest. That still doesn't mean their contributions should be accepted without scrutiny though. Maybe they could introduce a backdoor that only they know how to protect themselves against, and there is the question of why they would share their improvements with the rest of the Coreboot community when they could instead maintain their own private branch.

I certainly don't think this is something to ignore, but I also don't see a black-and-white distinction between NSA- and non-NSA code in terms of security. An NSA employee or another privacy-hostile developer could probably submit Coreboot patches anonymously. IIRC there are also Google employees who contribute to Coreboot, and although Google does release a lot of their code under free licenses, they are also a privacy-hostile organization. NSA code might warrant some extra scrutiny, but I don't agree with the OP in that link who says

"Better to avoid coreboot and feel secure that the hardware could never subvert my expectations of security and privacy."

as if software is guaranteed to be secure as long as the NSA isn't known to be directly involved.

zigote
Offline
Iscritto: 03/04/2019

> but I don't agree with the OP in that link who says [...]

I think we should note the "/s" after his comment. I suppose it may mean sarcasm.

BTW big tech companies (which we don't like) contribute to Linux too.

chaosmonk

I am a member!

I am a translator!

Offline
Iscritto: 07/07/2017

> I think we should note the "/s" after his comment. I suppose it may mean sarcasm.

Oh, I missed that. I think you're right.

> BTW big tech companies (which we don't like) contribute to Linux too.

Also true.

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

>Also true.

What is the problem??

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

What is this? Is this something kind of bullying by ingnoring? Did I ask something wrong? If so, would you mind indicating my ignorance or stupidness super directly? I would more like it very much.

chaosmonk

I am a member!

I am a translator!

Offline
Iscritto: 07/07/2017

I wasn't talking to you in the first place, and I didn't understand what you were asking, so I didn't know how to respond.

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

Wow, that's remarkable. May I ask one more question? Just one more.
I think you are American. Is it normal manner in the USA? If so, it seems that there is a significant difference in manners from our common sense. You probably don't get mad if you were done the same thing.

EDIT: I am sorry. I made a serious grammatical mistake.
IS IT NORMAL MANNERS IN THE USA?

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

Don't worry. I need not an answer. No wonder if Mr. Stallman didn't understand tonlee's English. It really was doomed to...

EDIT: I'm sorry. I made a serious grammatical mistake.
I DON'T need an answer.

chaosmonk

I am a member!

I am a translator!

Offline
Iscritto: 07/07/2017

> IS IT NORMAL MANNERS IN THE USA?

In a group discussion on a public forum, I consider it normal not to reply to every comment. People have a finite number of minutes in their day, and I believe that they should be allowed to decide how many of those minutes they spend on an online forum. If I were to engage in every discussion on this forum I would not have time to do anything else. It was not my intention to offend you. From my perpsective, it is rude to demand a response to an unsolicited message to a stranger on the Internet, but I understand that you were not trying to offend me.

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

/off topic

It could be convincible. But that depends. Look at the current situations of this forum. Do you think it very active? Would not it depend the activeness? If there were few dozens of new posts a day, I might not have so bad feelings considering the number of your contributions. Besides, how many questions, which users asked specifically you, have you got these 3 or 4 days? Didn't you give prior to other questions which users did not ask you specifically?
If you have done it, (too,) I don't think your this answer was convincible from my common sense.

And, such kind of your, not just you though, explanations could be (poor, I dare to say) excuses to avoid something inconvenient questions. You can avoid those questions with those explanations "by accident", selectively.
It is a story of possibility, but can not I have such a suspected view point since actual conversation during these months? Somehow it seems those inconvenient questions have been ignored, possibly by chance, though.
Well, people know, know. So I don't care about it very much, though.

>It was not my intention to offend you.

I don't know. I would be able to respond only like "ah, really?" or something. So that means in real life, if you do the same thing, you feel that your attitude is rude. I agree. It must be almost equal to picking a fight. Or school girls's bullying. "Let's ignore her!" I don't understand what so fun.

>From my perpsective, it is rude to demand a response to an unsolicited message to a stranger on the Internet,

I don't understand why you are talking about conversation with a stranger now. Where is such a situation in this thread?

>but I understand that you were not trying to offend me.

Of course I was not. I just thought it rude.
I don't need an answer, if you have not such time.

Edit: /off topic

chaosmonk

I am a member!

I am a translator!

Offline
Iscritto: 07/07/2017

> And, such kind of your, not just you though, explanations could be (poor, I dare to say) excuses to avoid something inconvenient questions.

If you clarify what the inconvenient question is I'll do my best to answer it.

chaosmonk

I am a member!

I am a translator!

Offline
Iscritto: 07/07/2017

> Somehow it seems those inconvenient questions have been ignored, possibly by chance, though.

Many of your posts have been ignored, whether or not they contained difficult questions or questions of any kind. See this subthread[1] for why.

In the interest of assuming good faith, I'll answer whatever your question was if you can clarify what that question is. However, this conversation is starting to feel like sea lioning.[2][3]

[1] https://trisquel.info/en/forum/libreshop-x200-sale?page=1#comment-140374
[2] https://en.wikipedia.org/wiki/Sea_lioning
[3] https://wondermark.com/1k62/

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

Off topic/
Thank you very much for sparing your time for such a thing. I might make another thread for it when I have time, or at the right timing. btw so does that mean you have no thought of anything about the inconvenient questions, right? Nothing rings a bell? But I just wrote "possibly". Just it could seem so. So "Clarifying those questions are not inconvenient questions" would be what I will ask you, right? So "If you clarify which questions seemed to be inconvenience, I'll do my best to answer it" or something like that seems to be proper in that context. And how about the rest of writing of my last post? Why did you mention only that part selectively? because of the same reason? I don't need an answer, because of the same reason.
/Off topic

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

Sorry while I was writing, you posted another post. To avoid confusing, I hasten to post it. Brazil vs Argentina started.

chaosmonk

I am a member!

I am a translator!

Offline
Iscritto: 07/07/2017

I just did the same thing.

chaosmonk

I am a member!

I am a translator!

Offline
Iscritto: 07/07/2017

> btw so does that mean you have no thought of anything about the inconvenient questions, right? Nothing rings a bell?

I'm sorry, Masaru. You have asked a lot of questions in this forum. I don't know which one you think I'm avoiding.

> And how about the rest of writing of my last post? Why did you mention only that part selectively?

I don't have time today to respond to everything you said. Rather than not respond at all today, I responded to the part that seemed most important.

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

off-topic
I was waiting your reply but you seem to have forgotten it. And I have remembered about this thread. To prepare for the future, I think I should write this post.

>Many of your posts have been ignored, whether or not they contained difficult questions or questions of any kind. See this subthread[1] for why.
In the interest of assuming good faith, I'll answer whatever your question was if you can clarify what that question is. However, this conversation is starting to feel like sea lioning.[2][3]
[1] https://trisquel.info/en/forum/libreshop-x200-sale?page=1#comment-140374
[2] https://en.wikipedia.org/wiki/Sea_lioning
[3] https://wondermark.com/1k62/

About [1], I always don't mind literally at all continuing with the discussion and this discussion, suspended discussion, of course if you can. If you want to fall silent... again.
Despite I stopped the discussion ([1]) intentionally because as you can see why if you have sane judgement, so I am not sure about bringing it now, here.
About [2] [3], as I have stated it 3,4 times, using words such as "troll", "sea lioning", etc merely make your argument obscure, even, or especially the word "freedom". As I explained, certain kind of the police can call innocent victims "criminals". As I explained, it has serious problems of freedom but you seem still not to understand that seriousness inspite of something. So if you can, I recommend you to use mainly free direct speech for discussion. Those your categorizing sound to be equal to the simple dualism like "communist", "terrorist", etc. As I explained, it causes wars easily and more importantly, people who can seem to be terrorists are calling those people terrorists. If you have an intention to make discussion obscure, I would recommend you to keep using those obscure childish words as always, to evade falling silent, to try to keep your honor or something. Then finally, you can say "I don't understand your English", or something childish something. You seem to underestimate or maybe mocking people's understanding. People know, know.

edit: added "off-topic"

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

off-topic
By the way, I just noticed that almost all of zigote's posts are downvoted one by one. It seems still there is/are creepy downvoters who seem to be aphasia. For good or bad, zigote is one of the few users who gave me sane replies.
I got those reasonable answers per separated questions. (question1 for answer1, question2 for question 2... etc)

GrevenGull
Offline
Iscritto: 12/18/2017

That's me (I downvoted some of your comments as well, as well as upvoting some comments. But yes the most visible is the downvotes on some of Zigote's comments because there are most of them).

I guess it's a bad habit I have from other forums downvoting comments I find illogical and/or toxic. I'll be sure to try to use the downvote button less and the comment button more :)

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

I don't know how many votes (regardless + or -) were summed up to each zigote's post at the moment.
I just noticed suddenly those many posts which as far as I see had downvoted.
I don't care much about it, whether it was you or someone, but I wonder if it was you, why you suddenly downvoted those many posts.
You seem to read posts of this forum quite frequently. I mean, why this timing?? But again I don't care much about it.
So you don't have to reply to this post.

zigote
Offline
Iscritto: 03/04/2019

> By the way, I just noticed that almost all of zigote's posts are downvoted one by one.

Now I have analytics:

- (at least) how many people have seen a particular post
- what their attitude is
- approximately when and (from that) who, correlating it with the status of who appears online

There you have it - an example of a side channel exploit. All the software on the server may be still be FOSS but it has nothing to do with the vulnerability because of poor system design. This is exactly what I explained here (which also got downvoted):

https://trisquel.info/en/forum/question-about-cpu-microcode-under-libre-linux#comment-142078

> For good or bad, zigote is one of the few users who gave me sane replies.

I didn't know there could be something bad in giving sane replies.

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

off-topic
I hasten to predict this because I feel sleepy but if so your above post will get at least -2 again would be a guarantee.

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

>the vulnerability because of poor system design.

I have read that DELL is delivering a special devices to NSA and such kind of institutions. For example the laptop has a physical switch of network connection. I wonder if it has meaning etc but anyway we the people cannot buy the (maybe not very poor system designed) laptop.
Of course it seems that there is no reason that DELL cannot sell the special laptop to us the people. But I have just thought that because they are preventing us from reverse engineering etc to sell those devices (btw it is tax) exclusively?
But if so, it is a security reason so they would be able to implement at least the physical switch on every device they sell.
I mean, I wanted to ask about the possibility that hardware vendors make vulnerability intentionally on their devices which for us the people.

What do you think about the doubt and the special laptop?

>I didn't know there could be something bad in giving sane replies.

Me neither.

zigote
Offline
Iscritto: 03/04/2019

> What do you think about the doubt and the special laptop?

I have neither read, nor heard, nor seen, nor personally inspected such device, so whatever I may think has no importance.

What I have seen (many years ago) is DELL laptop made for military purposes. It was very powerful for that time with a sturdy design. That's all I know.

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

I see.

>so whatever I may think has no importance.

I don't think so though. You guys would be able to guess precisely. As far as I have learned the computer world from here, even if they are using the most secure laptops in the world, I think they cannot erase the doubt as long as they connects them with the internet. It might be a matter of course though.
So it seems to be equal to the nuclear device race. Their weapons turn around. Ridiculous. Real idiots. Anyway thanks.

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

And I remembered, Snowdens... the girls who seem to love me... (that's the responsibility of the power, too)
mutter mutter so people (they) who are used to neglect tiny things because the power has cancelled those mistakes out would have a hard time. It is no use to do their jobs perfectly from now on because there must be already unbelievable number of mistakes (including their colleagues'), besides they are not used to do jobs perfectly so in the first place, such people cannot do it. Maybe they don't know or believe it though. /off- topic ARRRG! I want to finish cleaning soon and do surfing in Barcelona or Cuba or elsewhere!!! off-topic/ Please go to San Francisco or somewhere where you belong voluntarily!!!

GrevenGull
Offline
Iscritto: 12/18/2017

>I don't care much about it

You cared enough to make a comment about it ;)

>but I wonder if it was you, why you suddenly downvoted those many posts.

As I said; it's a bad habit and I'll try to comment more instead of voting.

>You seem to read posts of this forum quite frequently. I mean, why this timing??

I quote something I heard in an Alan Watts talk one time (which I believe again is a quote from someone else): "You don't know when you will fart, you don't say or example "at nine o'clock I will drop fart""

>But again I don't care much about it.

Then why do you ask? :)

>So you don't have to reply to this post.

I'll try to actively engage more in comments instead of voting since you found my votings "creepy".

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

Ah ok, so just a few posts...

>You cared enough to make a comment about it ;)

I don't know if you remember, I have got mad at downvoters and have complained about it quite strongly. (btw no one counter-argued at that time except Abudullar.)
Compared to the case, I don't care quite much about it now, right? I am afraid I really don't care much about it.

>As I said; it's a bad habit and I'll try to comment more instead of voting.

Yes it seems to be better, because basically discussion exists to solve problems, especially when we try to solve the freedom issues. So voting does not seem to proceed discussion efficiently. You should join discussion to solve those problems with words.

>I quote something I heard in an Alan Watts talk one time (which I believe again is a quote from someone else): "You don't know when you will fart, you don't say or example "at nine o'clock I will drop fart""

My understanding cannot understand why the quote explains the reason "why suddenly? this timing?". Why did you quote? Was there something inconvenience?

>Then why do you ask? :)

I wrote "I wonder", I was not asking, wasn't I?

>I'll try to actively engage more in comments instead of voting since you found my votings "creepy".

You seem to want to change your bad habit now, despite so, don't you think it creepy? Anyway if you can engage more in discussion, I think there are more important topics, for example, the freedom issues.

edit: Abudullar. > Abudullar.)

GrevenGull
Offline
Iscritto: 12/18/2017

>I don't know if you remember, I have got mad at downvoters and have complained about it quite strongly. (btw no one counter-argued at that time except Abudullar.)
Compared to the case, I don't care quite much about it now, right? I am afraid I really don't care much about it.

No, I do not remember this. I don't read everything here.

>Yes it seems to be better, because basically discussion exists to solve problems, especially when we try to solve the freedom issues. So voting does not seem to proceed discussion efficiently. You should join discussion to solve those problems with words.

Yes, I agree. If I see something I find illogical and/or toxic from now I'll comment instead of downvote.

>My understanding cannot understand why the quote explains the reason "why suddenly? this timing?". Why did you quote? Was there something inconvenience?

Haha, no perhaps it was not the best quote in that context. But what I meant was that I have no good answer as to why this timing.

>I wrote "I wonder", I was not asking, wasn't I?

Indeed:) my bad.

>You seem to want to change your bad habit now, despite so, don't you think it creepy?

Well, no. But I understand that others may find it creepy, and I realized now (with your help) that I find it more constructive and fun to comment instead of simply voting. Basically the voting thing was a bad and lazy habit. The downvote button is just so so convenient. It's like sugar. Bad for you but tasty.

>Anyway if you can engage more in discussion, I think there are more important topics, for example, the freedom issues.

Agreed!

Masaru Suzuqi -under review-
Offline
Iscritto: 06/06/2018

:)