Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can we really consider a system secure if the Linux kernel is not blob free? If so, then how do we determine which kernels are blob free? It's certainly not obvious from https://www.kernel.org/ . If the foundation of your operating system is not secure then how can you consider your computer secure?
The blobs are there to make certain devices actually work. It isn't exactly a security issue as the blobs are proprietary software that is loaded into the device to make it work. Sometimes these are just patches to the default load, but not always. From a security standpoint, they are undesirable... but that means not using the hardware which may be built into the motherboard. Not using the hardware sometimes also means that the motherboard is useless.
If you don't want the blobs, don't use the devices that need them. At that point, the drivers will not be loaded, and without the drivers, neither are the blobs.
This is the same issue with using a BIOS or UEFI software to boot the system. They too are "blobs" that you don't usually get to examine (especially the UEFI code).
How would we know what devices were not dependent on propietary "blob only" drivers? This would be useful since a chain is only as strong as it"s weakest link ... and kernel's with alien blobs are a security weakness.
On the other hand:
Quote:
1. Terrorists do want to murder us. If the NSA is halfway competent, Big Data should help detect plots.
I think that firmware is, in general, not a security vulnerability. I would say that compiled blobs like Nvidia and ATI blobs are much more of a risk.
There is only so much you can do in firmware, as it is very low level. Also, it usually cannot be readily replaced by a C program.
I wouldn't worry too much about the firmware that comes with the kernel.
As for Tor + HTTPS, like I've said before, all the NSA need to do is generate or obtain a fake SSL certificate. Check the diagram the EFF posted and see for yourself. Tor was likely designed with the help of the NSA, and that's why they are pushing it.
I wouldn't worry too much about the firmware that comes with the kernel.
It would still be nice to have a blob free recipe.
Quote:
Check the diagram the EFF posted and see for yourself
I did a quick look at their website and didn't see the diagram. Do you mean the TOR diagrams?: https://www.torproject.org/about/overview.html.en
Are you referring to the issue with exit nodes on the TOR network?
Quote:
Tor was likely designed with the help of the NSA, and that's why they are pushing it.
"Tor is free and open source for Windows, Mac, Linux/Unix, and Android" <-- from the TOR website. It doesn't matter who started it ... if it works and is community developed then it will evolve, we hope
I'm not sure if a blob-free kernel is possible without major breakage. Firmware being as low level as it is, it is very difficult to replace. Would it even be different from the original firmware ... it would have to be pretty close if you want the same functionality.
The firmware that is most dangerous, and can possibly pose a security threat is the BIOS, especially now that they have EFI, which can do a lot more than older ones. That is one thing I would like to be FLOSS.
Last edited by H_TeXMeX_H; 06-14-2013 at 08:41 AM.
The bottom part of my messages have a signature. It is not meant to be part of the original poster's issue.
Maybe I ought to highlight that better?
The NSA may be (is) less capable than some other governments efforts to decrypt. Other governments may be funding this work to gain military advantages or corporate gain but they may also be using this for data Pearl Harbor.
Tor was likely designed with the help of the NSA, and that's why they are pushing it.
Please get your facts straight: TOR sponsoring is no secret but it was the NRL and not the NSA.
And please get your incessant urge to turn everything into a conspiracy under control for once.
On the other hand, it would be a bit of ignorance to assume the government is populated entirely by people who will deal without bias with essentially private information on everyone. In my youtube reference it was put forth by an x-NSA individual how the government could set parameters on desired information. In fact the government already has the tools according to the video of the three witnesses. They could discard the majority of information by computer without any human access thereby protecting the large part of the population. This would better preserve the right to privacy without really sacrificing national security (and keep the government from violating the requirement for a warrant, which they are doing).
H_TeXMeX_H gave a nice link: http://www.coreboot.org/Welcome_to_coreboot , I'm not sure there is a blob free linux to go along with coreboot BIOS (and associated hardware) ... it would be a perfect marriage.
Please get your facts straight: TOR sponsoring is no secret but it was the NRL and not the NSA.
And please get your incessant urge to turn everything into a conspiracy under control for once.
Well, either way, the design of Tor be it intentional or non-intentional, allows for spying at the ISP level. HTTPS cannot protect against this, because generating an SSL certificate isn't that difficult with plenty of computing power, and extremely easy when you have a three letter agency badge.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.