The Fundamental Security Question
Can we really consider a system secure if the Linux kernel is not blob free? If so, then how do we determine which kernels are blob free? It's certainly not obvious from https://www.kernel.org/ . If the foundation of your operating system is not secure then how can you consider your computer secure?
|
The blobs are there to make certain devices actually work. It isn't exactly a security issue as the blobs are proprietary software that is loaded into the device to make it work. Sometimes these are just patches to the default load, but not always. From a security standpoint, they are undesirable... but that means not using the hardware which may be built into the motherboard. Not using the hardware sometimes also means that the motherboard is useless.
If you don't want the blobs, don't use the devices that need them. At that point, the drivers will not be loaded, and without the drivers, neither are the blobs. This is the same issue with using a BIOS or UEFI software to boot the system. They too are "blobs" that you don't usually get to examine (especially the UEFI code). |
I never suggested Linux or any other OS to be a secure system.
What OS do you think is secure? |
How would we know what devices were not dependent on propietary "blob only" drivers? This would be useful since a chain is only as strong as it"s weakest link ... and kernel's with alien blobs are a security weakness.
On the other hand: Quote:
Quote:
|
I think that firmware is, in general, not a security vulnerability. I would say that compiled blobs like Nvidia and ATI blobs are much more of a risk.
There is only so much you can do in firmware, as it is very low level. Also, it usually cannot be readily replaced by a C program. I wouldn't worry too much about the firmware that comes with the kernel. As for Tor + HTTPS, like I've said before, all the NSA need to do is generate or obtain a fake SSL certificate. Check the diagram the EFF posted and see for yourself. Tor was likely designed with the help of the NSA, and that's why they are pushing it. |
Quote:
Quote:
Are you referring to the issue with exit nodes on the TOR network? Quote:
Diaspora ( https://en.wikipedia.org/wiki/Diaspo...ial_network%29 ) and Freenet ( https://en.wikipedia.org/wiki/Freenet ) are examples of projects working towards privacy, free speech, personal security, and freedom from having the government misprofile / persecute innocent people. |
The link is on the prism vs tor site, it's a bit hidden because every word is a link, much like a blog:
https://www.eff.org/pages/tor-and-https Freenet is better, but it runs on Java :( I'm not sure if a blob-free kernel is possible without major breakage. Firmware being as low level as it is, it is very difficult to replace. Would it even be different from the original firmware ... it would have to be pretty close if you want the same functionality. The firmware that is most dangerous, and can possibly pose a security threat is the BIOS, especially now that they have EFI, which can do a lot more than older ones. That is one thing I would like to be FLOSS. |
From a DoD standpoint (now historical, as I no longer work there), EFI would be MUCH MUCH worse than the old BIOS from a security perspective.
There was nearly nothing the standard BIOS could do. The worst effect is the sometimes possibility to burn a new BIOS into the eprom. Why? simple. A classified system used to be declassified by removing the disk, and turning it off for 10 minutes, and removing the battery. With current BIOS systems that gets tougher as EPROMS retain information even after the battery is removed. With EFI it gets even worse. The memory records activity of the system. So now, declassifying a system comes down to destroying the motherboard. May as well as melt the entire system. A very expensive situation. |
There is coreboot:
http://www.coreboot.org/Welcome_to_coreboot But the list of supported mobos/chipsets is not very long. |
The bottom part of my messages have a signature. It is not meant to be part of the original poster's issue.
Maybe I ought to highlight that better? The NSA may be (is) less capable than some other governments efforts to decrypt. Other governments may be funding this work to gain military advantages or corporate gain but they may also be using this for data Pearl Harbor. |
Quote:
And please get your incessant urge to turn everything into a conspiracy under control for once. |
On the other hand, it would be a bit of ignorance to assume the government is populated entirely by people who will deal without bias with essentially private information on everyone. In my youtube reference it was put forth by an x-NSA individual how the government could set parameters on desired information. In fact the government already has the tools according to the video of the three witnesses. They could discard the majority of information by computer without any human access thereby protecting the large part of the population. This would better preserve the right to privacy without really sacrificing national security (and keep the government from violating the requirement for a warrant, which they are doing).
H_TeXMeX_H gave a nice link: http://www.coreboot.org/Welcome_to_coreboot , I'm not sure there is a blob free linux to go along with coreboot BIOS (and associated hardware) ... it would be a perfect marriage. |
Quote:
|
No and not the Nuclear Rocket scientists League either, the other NRL, the Naval Research Laboratory.
|
Well, either way, the design of Tor be it intentional or non-intentional, allows for spying at the ISP level. HTTPS cannot protect against this, because generating an SSL certificate isn't that difficult with plenty of computing power, and extremely easy when you have a three letter agency badge.
|
All times are GMT -5. The time now is 05:53 AM. |