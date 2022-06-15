Language Selection

Boot-Level Attacks on Freedom

Submitted by Roy Schestowitz on Thursday 14th of July 2022 02:18:33 AM Filed under
GNU
Hardware

  • “Security expert” Matthew Garrett blows up Windows by enabling the Microsoft 3rd Party UEFI CA certificate, then says the Bitlocker Backdoor (for police) saved his data from the TPM. – BaronHK's Rants

    My God, this guy couldn’t get better with a bag of chips.

    I don’t even have to make much effort to blog about Matthew Garrett FAILs. All I have to do is screenshot the Nitter instance I use.

    [...]

    Of course, back to Bitlocker…. If Microsoft has your decryption key, they can be compelled to give it to the police, which makes it a backdoor that they admit to having. There very well can be others that they don’t admit to having.

    But if you use Windows at all, the Telemetry, Windows Defender, and Smartscreen are telling them all of the stuff on your computer anyway, and all of your keystrokes. So if you have anything you’re not supposed to have, they can tell law enforcement, and then get themselves compelled to hand over your decryption recovery key if it is in your Microsoft account. Due to being the default, it almost certainly is.

    Then you may be in court with your life ruined spending your last pennies on a lawyer in some last ditch effort to stay out of prison.

  • Closing in on fully free BIOSes with the FSF tech team

    I work on the Free Software Foundation (FSF) tech team. With just three people, we maintain the software and hardware infrastructure for GNU and FSF, and virtual machines for several other important free software projects. We run our own hardware, not relying on any so-called "cloud" services. And we run free software in all possible ways. That includes fifteen servers in two data centers and in our Boston office, over a hundred virtual machines, and ten workstations and laptops, all running GNU/Linux. Every one of those has a freedom-respecting BIOS, but that wasn't always the case...

    A move to freedom

    The BIOS is a computer's Basic Input/Output System, which initializes the hardware enough so that it can be passed off to another program like a boot loader. The FSF turned its free BIOS advocacy into an official Free BIOS campaign in 2005. In 2009, a new server was deployed, dubbed "Columbia," to a data center at the Massachusetts Institute of Technology (MIT). It had a nonfree BIOS. Why? We are not certain, but a prior FSF sysadmin was a Coreboot contributor and had contributed fixes to an extremely similar motherboard. They seemed to have plans to help get Coreboot ported to Columbia's motherboard and install it. Unfortunately, that work was never completed. It was not a good idea, nor was it within FSF policy, to deploy it for uses other than Coreboot development until after it had a free BIOS. Shortly after that, two more servers were deployed, also with nonfree BIOS.

Servers and Clown Computing Hype: Kubernetes, Canonical, and SUSE

  • Kubernetes Gateway API Graduates to Beta

    We are excited to announce the v0.5.0 release of Gateway API. For the first time, several of our most important Gateway API resources are graduating to beta. Additional, we are starting a new initiative to explore how Gateway API can be used for mesh and introducing new experimental concepts such as URL rewrites. We'll cover all of this and more below.

  • Introducing Ubuntu for Google Cloud’s Arm-based T2A virtual machines

    Canonical and Google Cloud today announce an optimised Ubuntu image for the preview of Tau T2A virtual machines (VMs) on Compute Engine. Google Cloud users will benefit from running Ubuntu, a popular cloud operating system, on a secure, scalable, and highly cost-effective cloud infrastructure. The Ampere® Altra® Arm-based T2A VMs are ideal for computing workloads including microservices, application servers, machine learning (ML), open source databases, and in-memory caches. Canonical has had a long-term strategy for Arm architecture for a decade. At Computex 2012, MiTAC demonstrated their first Arm Server, running Ubuntu. Ubuntu 14.04 LTS was also the pioneer in supporting Armv7-A Cortex-A15 chip and Armv8 SoCs. Since the start of our Arm journey, Canonical has been focused on solving challenges such as: mixed x86 and Arm environments; multiple SoCs; provisioning large deployments; and mixed public and private cloud deployments. Continuing this strategy, Canonical and Ampere have collaborated to bring SOC certified Ubuntu images to the market at launch. Today, the availability of optimised Ubuntu for T2A VMs enables developers to better address these challenges.

  • SUSECON 2022 Fujitsu Presentations Available Now
  • Harvesting the Benefits of Cloud-Native Hyperconvergence

Videos: FLOSS Weekly, 'Too Many' GNU/Linux Distros, and Debian 11.4.0 "Bullseye" Overview

today's howtos

  • How to Install Magento 2.4.4 on Ubuntu 22.04 - RoseHosting

    Magento is an open-source e-commerce platform written in PHP that uses multiple PHP frameworks such as Symfony and Laminas. The platform is flexible and has a large variety of features to build an online store. Magento offers a community and enterprise edition. The community edition is available free of charge and is designed primarily for individuals and/or small businesses. The enterprise edition is the paid version of Magento. Compared to the community edition, the enterprise edition has advanced custom features and functionalities and is mainly aimed at medium to large businesses. In this tutorial, we will show you how to install the Magento 2.4.4 community edition on Ubuntu 22.04 server, which can be done easily if you follow it step by step.

  • Enable compiler warnings with CMake - PragmaticLinux

    C and C++ compiler toolchains make it possible for us software geeks to build amazing things. Did you know that both GCC and Clang offer build-in functionality that aids us in becoming better developers and creating higher quality software? I’m talking about compiler warnings. This article explains how you can enable compiler warnings, when using CMake to generate the build environment.

  • How to Set Up a TFTP Server on Linux

    TFTP (Trivial File Transfer Protocol) was first described in 1980. It is a fairly old protocol published in June 1981 as TFTP Protocol revision 2 in RFC 783 (Request For Comments) by Karen R. Sollins. In the early days, the main goal of TFTP was to send and receive files over a network. In particular, it was used to transfer the files needed during boot to enable systems to boot over a network. Here's how you can set up a TFTP server on a Linux machine.

  • How to install Darktable 4.0 on a Chromebook

    Today we are looking at how to install Darktable 4.0 on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  • How to install Godot game engine on Pop!_OS 22.04 - Invidious

    In this video, we are looking at how to install Godot game engine on Pop!_OS 22.04.

  • Bash Command Line Chain Operators in Linux with Examples

    Here learn about chain operators in Linux with examples. Linux command chaining is very useful if you want to execute multiple commands at one goal.

  • Download RPM Package Using DNF without Installing it
  • How to Delete History in Linux Easily

Mozilla: Performance and More

  • Reworking our Visual Metrics Processing System – Mozilla Performance

    Our visual metrics processing system used to use two separate machines to produce visual metrics from our pageload tests. In this post, I’ll describe how we moved to a single-machine system that also brought about many other benefits for us. Note: If you’ve never heard of visual metrics before, they can be summed up as performance metrics processed from a video recording of a pageload. You can find more information about these from this article titled Improving Firefox Page Load, by Bas Schouten.

  • Migrating to Browsertime for Performance Testing – Mozilla Performance

    Originally, we used a Web Extension for doing performance testing on Firefox in our Raptor test harness. But, we needed to add new features such as visual metrics, so in this post, I’ll briefly describe the steps we took to migrate Raptor to Browsertime. We now have enabled Browsertime by default in our Raptor harness both locally, and in Continuous Integration (CI) but for some time, we needed to use the flag `–browsertime` to enable it. This work started with Nick Alexander, Rob Wood, and Barret Rennie adding the flag in bug 1566171. From there, others on the Performance team (myself included), began testing Browsertime, preparing the Raptor harness, and building up the infrastructure required for running Browsertime tests in CI. Our primary motivation for all of this work was obtaining visual metrics. If you’ve never heard of visual metrics before, they can be summed up as performance metrics processed from a video recording of a pageload. You can find more information about these from this article titled Improving Firefox Page Load, by Bas Schouten. Initially, our visual metrics processing system used a two-machine system where one machine would run the test and the other would process the video recordings to obtain the metrics. This worked well for some time until we found some issues with it that were a large point of friction when it came to using our tooling. In Reworking our Visual Metrics Processing System, I describe these issues and how we overcame them. It suffices to say that we now use a single machine in CI, and that those issues were resolved.

