Canonical just announced a new, free, and very cool way to provide thousands of IP addresses to each of your VMs on AWS. Check out the fan networking on Ubuntu wiki page to get started, or read Dustin’s excellent fan walkthrough. Carry on here for a simple description of this happy little dose of awesome.
These distros can vary wildly in design, functionality and sophistication, and are often constantly changing. The differences between them aren’t always obvious either, and the choice can seem overwhelming.
On the other hand, one of the benefits of an open source OS is that you’re free to try as many different distros as you like at no cost. The most popular one, and the closest Linux has to a ‘standard’ OS is Ubuntu, which makes things as simple as possible for those new to Linux.
Other popular distros include Linux Mint, Debian, and Fedora, the last of which Torvalds personally uses on all his PCs. There are lean builds designed to make the most out of underpowered hardware, graphics-intensive builds designed to look as attractive as possible, and everything inbetween.
You may have seen my other post on setting up my KVM GPU Passthrough recently. The help I got was awesome and I got it at least showing a picture, but it was suggested I use the OVMF Bios instead of Seabios because its generally better. After researching, I believe that I should have all OVMF files by default, but when I look I have none. I downloaded one binary for the bios itself, but whenever I try and boot off it in QEMU, I get no video output whereas seabios does. This leads me to believe that there are other parts of OVMF I am missing, or its outputting on the wrong output on my passthroughed GPU. Any help on this would be very much appreciated :)submitted by Jako81624
Reddit: On the LibreM laptop; Purism doesn't believe in user freedom, and doesn't care about your privacy.
That's quite a bold statement to make, considering the equally bold statements made by the company called Purism, which has recently run a successful campaign (https://www.crowdsupply.com/purism/librem-15) for a so-called freedom respecting laptop. Recently, the company has opened yet another campaign for a smaller version of the same design.
For those who don't know what Purism LibreM is: essentially, it's a laptop sold by a company who claims that everything in it is fully free software, respecting the users privacy and “essential freedoms”. For those familiar with the terms “free software” and “open source software”, you could see why this is special (even newsworthy) in a laptop. This article attempts to debunk the outright dishonest and deceitful statements made by Purism over the last few months.
Simply speaking, the LibreM contains a proprietary BIOS. While the company claims that they are using coreboot (http://coreboot.org/) which is technically correct, the generation of Intel hardware that they are using requires proprietary software as add-ons to coreboot. These are:Intel FSP (“Firmware Support Package”) Intel ME (“Management Engine”) Intel VBIOS (“Video BIOS”) Intel CPU microcode updates Intel FSP (Firmware Support Package)
Non-technical summary: Essentially, coreboot only provides basic “callbacks” and executes this mystery binary-only blob, to actually initialize most of the hardware. None of the code is Free Software (source code is withheld by Intel).
Coreboot does very basic hardware initialization; memory (RAM) initialization (“raminit”), CPU initialization, initializing all of the peripherals, and so on. It sounds simple from this summary, but there is a lot of work involved and implementing coreboot support for new hardware can sometimes take months, or even years. On most modern Intel systems (including the generation used by the LibreM), this is handled by binary-only proprietary software provided by Intel, called FSP or “Firmware Support Package”.
The coreboot project has been integrating the FSP blob on a lot of recent Intel hardware, made in the last few years. Efforts have been made to free (reverse engineer) it, but it's a lot of work and will likely take many years; in other words, it's not going to happen any time soon, especially not within the time-frame of the recently started campaign for the Librem13 (as sold by Purism), and it certainly wasn't achieved for their previous Librem15 campaign, either.
Information about the FSP can be found on the coreboot wiki, coreboot mailing lists and can be found in the coreboot git repository using: git grep “fsp”Intel Management Engine (“ME”)
Non-technical sumary: the ME is a proprietary backdoor that comes pre-installed on all modern Intel systems, providing adversaries a way to break into your system. Even most recent coreboot-supported Intel systems have it (because those systems won't boot without it).
This one is extremely controversial, especially within the coreboot community. All recent Intel systems (made in the last 8 or 9 years) has this.
The “Management engine” (and its extension, AMT or “Active Management Technology”) provides businesses (translation: system administrators) with a capability that they have long sought after: the ability to remotely administrate a system, even when it's powered off, before it has even booted into an operating system. This is useful when you want to remotely re-install an operating system, for example.
Using the Management engine, a sysadmin can literally do anything, for example:power control BIOS configuration and upgrade disk wipe system re-installation console access (VNC)
In other words, the Management Engine is a back door into the system, potentially providing remote access to anyone else, including those with malicious intentions.
The ME has full access to RAM.
And guess what? It is proprietary software (meaning, no source code). What's more alarming, is that the ME is cryptographically signed by Intel, and only Intel has the private key. If you try to remove the ME, your system will simply not boot at all; if you try to use a modified ME, the signature check will fail and again, your system will not boot.
While on some older Intel chipsets, it is possible to remove the ME firmware (and disable the ME), this is impossible on the latest generation of Intel hardware that purism is using.
Does this sound scary? Considering that it's a backdoor, has full access to RAM (for instance, it could leak your private encryption keys), has full networking (the ME can use the onboard ethernet NIC or wifi), you could hardly describe any system that comes with the ME as being one that respects the users privacy.
Yet, this is exactly what Purism claims. Their campaign emphasizes that the LibreM is the “first system to respect the users privacy and essential freedoms”, which is already a lie, based on the description of the ME and FSP as outlined above, and based on the fact that companies already existed before it that actually do sell freedom- and privacy-respecting laptops: Gluglug http://shop.gluglug.org.uk/ and Google (only partial; some of their ARM chromebooks contain only free software for hardware initialization, making use of coreboot, while their Intel chromebooks all have the Intel Management Engine which is proprietary, while all Google Chromebooks are vastly superior to the LibreM on a freedom- and privacy-oriented basis, and Google has contributed a lot of code to coreboot (actual code)).Intel Video BIOS
Non-technical summary: it turns on your graphics card/chipset, makes it work and gives you a visual display, so you can see what it is that you are doing on your computer.
All modern video/graphics chipsets require their own initialization code, commonly referred to as a “Video BIOS”. Exactly as implied by the name, the “VBIOS” initializes the video chipset; memory initialization, register initialization, setting up dedicated areas of VRAM (if sharing main system memory), – basically, what coreboot does for the rest of the system. The VBIOS then sets up a text- or framebuffer-mode console, and provides basic callbacks that the OS might use for switching modes, writing text onto the screen, blitting a bitmap, etc.
Again, as with previous descriptions, this one is summarized; there's a lot that a Video BIOS does.
While some systems in coreboot have what is called “Native Graphics Initialization” which, in coreboot terms, means fully free (“open-source”) video initialization code, the video chipsets used in the LibreM laptops do not have this; it is handled by a proprietary (binary-only, sourceless) blob provided by Intel.Intel CPU microcode updates
Non-technical summary: very essential component on all Intel CPUs. Without it, you would not have a functional computer, since this implements the very basic instructions that software can use to tell the CPU what to do and how to behave.
All (or most) Intel (and also AMD) CPUs have built in to them what is called “microcode”. The raw circuitry itself handles a few instructions on its own (simple instructions like add, subtract, jump, etc), but these CPUs are designed to be as generic as possible (circuit-wise); the “microcode” is software which defines which circuits to use, in order to implement more instructions.
CPUs contain built-in microcode, but the circuitry (or the existing microcode) can be buggy, or have security issues. That's where microcode updates come in; these are loaded during boot, and will disable buggy parts of the CPU or patch bugs in the existing microcode.
Microcode is necessary on modern CPUs, owing to their complexity. While some CPU types out there don't use any microcode (not even built-in), most x86 processors do.
The built-in CPU microcode cannot be replaced (short of replacing the entire CPU), but the updates are provided in the firmware image (the “BIOS”), and updated during normal “BIOS updates”. These updates are, of course, proprietary; they lack source code.
While some CPUs can be used without the proprietary updates, the generation of Intel CPUs used in the LibreM laptops will not work at all without the updates. Not only is it proprietary but, like the Management engine, it is also signed (meaning, you couldn't apply your own updates even if you understood how to implement them).Summary: LibreM comes with Shimboot, not Coreboot.
A “shim” is, in software terms, a minimal piece of code that executes something. In the context of coreboot, that is when the coreboot ROM image contains mostly blobs; coreboot is just executing blobs and providing callbacks, but is not actually initializing any of the hardware itself (the blobs do that instead).
LibreM is selling you a laptop with shimboot pre-installed.
Coreboot has a reputation for being “free and open-source”, so it's easy for Purism to simply say that their laptops come with coreboot, because they do; but they neglect or play down the fact that most of it is still blobs. Coreboot's reputation is poisoned in recent years; accepting more and more blobs into the official git repository, and hosting an entire “3rdparty” repository dedicated exclusively to blobs. Newer coreboot systems are becoming more and more “shimboot” than anything else, which is not a far cry from fully proprietary boot firmware.
In other words, LibreM is selling a system with a proprietary BIOS. While they may claim that their “PureOS” GNU/Linux distribution is fully free (open-source) software, this means nothing. Companies have existed for decades that sell laptops, desktops and servers with GNU/Linux pre-installed while the “BIOS” (boot firmware) is still proprietary software.
LibreM is no better than them. The issue, is that they try to claim that their laptops are somehow “freedom-respecting”, more so than those who came before them. This is a lie, and one that Todd Weaver (the director of Purism) should be ashamed of.
Those who want a laptop that respects their freedom (as defined by the GNU project and Free Software Foundation) and privacy, should not purchase a LibreM laptop from Purism. Their laptops fall short of this criteria by a long mile.
This text falls under license: CC-0
A copy of this license can be found here: https://creativecommons.org/publicdomain/zero/1.0/submitted by gulguls
[link] [1 comment]
Robolinux, a Linux distribution based on Debian featuring various flavors that let users run any Windows application, has been upgraded to version 7.9.2 and is now available for download.
Every once in a while, I find myself in a situation where I'm being asked by someone who wants to migrate from a Microsoft Windows operating system if Linux is indeed a new home for Windows refugees.
Apart from philosophical and security concerns, I have over time amassed quite a collection of startup and shutdown scripts on my Slackware boxen. I prefer to be able to have full control over what my machines do and hand crafted and edited scripts have never let me down so far. If it's written correctly, it works and does exactly as it says on the tin. That's the beauty of an old-fashioned operating system like Slackware. You may be running a VPN server, offer VNC or ssh login and whatnot. The most reliable way to control them is via your own scripts - and you will know where you put them, thereby learning more about the system you're using. I'm afraid systemd is more of an abstraction layer that will separate users from understanding what us actually being called, what is actually going on under the hood. It may be fine for professional admins who, once they have learned the new commands, will know what they're doing as they know their Linux, but for a lot of private users this will just be a step towards another 'walled garden' operating system that they don't understand. Of course, many don't want to and only want to use an appliance that does the job, and that is fine. It is dumbing down nevertheless and potentially dangerous, in a time when everyone needs to understand the implications of the technology they're using, not the least to safeguard themselves and their families.
The thing that these challengers have in common is that they're released as open source software, meaning that developers all over the world have helped develop them.