Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Can we really consider a system secure if the Linux kernel is not blob free? If so, then how do we determine which kernels are blob free? It's certainly not obvious from https://www.kernel.org/ . If the foundation of your operating system is not secure then how can you consider your computer secure?
The blobs are there to make certain devices actually work. It isn't exactly a security issue as the blobs are proprietary software that is loaded into the device to make it work. Sometimes these are just patches to the default load, but not always. From a security standpoint, they are undesirable... but that means not using the hardware which may be built into the motherboard. Not using the hardware sometimes also means that the motherboard is useless.
If you don't want the blobs, don't use the devices that need them. At that point, the drivers will not be loaded, and without the drivers, neither are the blobs.
This is the same issue with using a BIOS or UEFI software to boot the system. They too are "blobs" that you don't usually get to examine (especially the UEFI code).
How would we know what devices were not dependent on propietary "blob only" drivers? This would be useful since a chain is only as strong as it"s weakest link ... and kernel's with alien blobs are a security weakness.
On the other hand:
1. Terrorists do want to murder us. If the NSA is halfway competent, Big Data should help detect plots.
I think that firmware is, in general, not a security vulnerability. I would say that compiled blobs like Nvidia and ATI blobs are much more of a risk.
There is only so much you can do in firmware, as it is very low level. Also, it usually cannot be readily replaced by a C program.
I wouldn't worry too much about the firmware that comes with the kernel.
As for Tor + HTTPS, like I've said before, all the NSA need to do is generate or obtain a fake SSL certificate. Check the diagram the EFF posted and see for yourself. Tor was likely designed with the help of the NSA, and that's why they are pushing it.
Tor was likely designed with the help of the NSA, and that's why they are pushing it.
"Tor is free and open source for Windows, Mac, Linux/Unix, and Android" <-- from the TOR website. It doesn't matter who started it ... if it works and is community developed then it will evolve, we hope
I'm not sure if a blob-free kernel is possible without major breakage. Firmware being as low level as it is, it is very difficult to replace. Would it even be different from the original firmware ... it would have to be pretty close if you want the same functionality.
The firmware that is most dangerous, and can possibly pose a security threat is the BIOS, especially now that they have EFI, which can do a lot more than older ones. That is one thing I would like to be FLOSS.
Last edited by H_TeXMeX_H; 06-14-2013 at 08:41 AM.
The bottom part of my messages have a signature. It is not meant to be part of the original poster's issue.
Maybe I ought to highlight that better?
The NSA may be (is) less capable than some other governments efforts to decrypt. Other governments may be funding this work to gain military advantages or corporate gain but they may also be using this for data Pearl Harbor.
On the other hand, it would be a bit of ignorance to assume the government is populated entirely by people who will deal without bias with essentially private information on everyone. In my youtube reference it was put forth by an x-NSA individual how the government could set parameters on desired information. In fact the government already has the tools according to the video of the three witnesses. They could discard the majority of information by computer without any human access thereby protecting the large part of the population. This would better preserve the right to privacy without really sacrificing national security (and keep the government from violating the requirement for a warrant, which they are doing).
Well, either way, the design of Tor be it intentional or non-intentional, allows for spying at the ISP level. HTTPS cannot protect against this, because generating an SSL certificate isn't that difficult with plenty of computing power, and extremely easy when you have a three letter agency badge.