12.09.13
Posted in GNU/Linux, Kernel at 3:21 pm by Dr. Roy Schestowitz
Summary: The ‘security’ boasted by restricted boot is shown to be a sham; other booting systems ought to be promoted at UEFI’s expense
THE malicious thing which is UEFI (with or without restricted boot) has been covered here a lot. It needs to be shunned and those behind it should be investigated for collusion. It’s not secure, as Torvalds predicted (with strong words at times).
As part of his ongoing investigation of UEFI, Dr. Garrett found serious flaws in restricted boot. As Phoronix put it the other day, “Matthew Garrett has written an insightful blog post about security issues pertaining to the Linux kernel’s kexec functionality that could defeat any security benefits provided by Secure Boot. Using kexec could even allow you to boot a Windows kernel.”
UEFI is a sham that hardly offers any benefits to ordinary users; all it does in practice is harm. We need to embrace something like Coreboot [1] instead. The “UEFI” label (which computer makers don’t even make visible) should be read as “defective out of the box”. █
Related/contextual items from the news:
-
After landing hardware support improvements last week for Coreboot, the open-source BIOS firmware replacement now has another new feature: ACPI power limiting and it’s been implemented for Intel Haswell CPUs.
Permalink
Send this to a friend
11.28.13
Posted in GNU/Linux, Kernel at 7:17 pm by Dr. Roy Schestowitz
Summary: Programmable devices running GNU/Linux are selling well and spreading to many areas of computing
Linux has been a star in embedded systems for quite a few years, but rarely were devices with Linux (and sometimes GNU utilities/toolchain on them) hacker-friendly; they were inflexible and locked-down to the point is being single-purpose machines.
Raspberry Pi et al. represent an exciting trend [1]. They are tied to Free languages [2], they are definitely programmable, they enjoy diversity and competition [3], and they do a variety of interesting things, from simple [4] to complex [5] (whole desktop operating systems), impacting every aspect of computing from servers [6] to robotics [7]. Raspberry Pi, which is a British product, is selling very well [8-11] and attracts funding [12], so this trend of affordable hackable computing will hopefully not fade away. The more freedom-respecting devices are out there, the more ethics-aware software will be run in our society, benefiting all. When devices are running secret code that cannot be changed we are simply left with back doors and security holes. █
Related/contextual items from the news:
-
Whereas Raspberry Pi was the pioneer of very small Linux systems, the Arduino is the 800-pound gorilla in the micro-controller arena.
-
We’re pleased to announce PyPy 2.2, which targets version 2.7.3 of the Python language. This release main highlight is the introduction of the incremental garbage collector, sponsored by the `Raspberry Pi Foundation`_.
-
The Gertduino expansion board for the Raspberry Pi computer is now available. Created by Gert van Loo, the Gertduino is a Raspberry Pi add-on and it includes the same functionality as an Arduino-Uno but with some extra features like dual Atmel Atmega MCUs, -328 and -48.
-
Pets are great company to have, but they need looking after when you are away. That’s what the Raspberry Pi-powered open-source PetBot aims to do, never leaving your precious pooch alone.
-
As a result of the prior musings about crowdfunding and the rather shaky VAT status of the whole sector I have been thinking quite a bit about crowdfunding and where it might be useful and how we could get involved in some way. For our normal consultancy business we have no need of capital investments and we don’t produce anything that lends itself to the crowdfunding model, however I did come up with a project I have been wanting to do for quite a long time. Allow me to introduce it by way of a little video . . .
-
A startup called the Citizen Web Project has raised over $23,000 in crowdsourcing funds for an alpha-stage fork of Arch Linux intended for hosting easily-administered web services on low-end hardware. Initially available for the Raspberry Pi, ArkOS is designed for securely self-hosting websites, email, social networking accounts, and cloud services via an open source “Genesis” server gateway application.
In the same spirit of self-reliance behind ArkOS itself, chief developer and Citizen Web Project founder Jacob Cook is hosting his own crowdsourcing campaign. So far, the project has raised over $23,000 on the way to a goal of $45,000, with 21 days left.
-
RobotBits.co.uk has begun selling an open source mobile robotics kit from Frindo.org available with an Arduino Duo, or as an under-$100 model that lets you add your own Arduino and/or Raspberry Pi. The Frindo robotics platform, which appears to be about 100mm in diameter, is billed as being more robust than most low-cost educational robots, and is optionally available with a motor controller board and sensor bundle.
-
-
-
-
It took us almost exactly a year to sell the first million Raspberry Pis. Going on that basis, we calculated that we might, if we were lucky, reach the second million around January 2014, or slightly afterwards – we were confident we’d get there by the end of February 2014. So it was a bit of a shock at the end of last week when we got the latest sales figures and discovered that the 2,000,000th Raspberry Pi was sold in the last week of October. We don’t know who owns it – if you bought one between October 24 and October 31st, it might be yours. (It could even be the one we gave to Prince Andrew when he visited on Halloween.)
-
When the Raspberry Pi was developed, founder Eben Upton envisioned that the low-cost computer would do its finest work in the classroom, teaching kids about computing. But as more units sold, Raspberry Pi developed a strong, distinctive niche among adult makers, a fruitful group that nonetheless doesn’t really have much in common with a younger age bracket that can be hard to reach.
Permalink
Send this to a friend
11.27.13
Posted in GNU/Linux, Kernel at 10:45 am by Dr. Roy Schestowitz
Summary: NVIDIA’s drivers still cannot be trusted and NVIDIA’s assurance of performance improvements isn’t enough
NVIDIA, the world’s most proprietary GPU maker (which artificially cripples Linux drivers), is trying to appeal to gamers on GNU/Linux [1], perhaps with some performance gains [2] but hardly with any source code. NVIDIA, which already left back doors in Linux some years ago (severe flaw in the driver), should try harder than that. Freedreno [3] recognises the value of source code, Mesa 10.0 is coming [4] with an open door to public participation [5], and even Intel, the company behind restricted boot through UEFI, is giving source code to buyers of physical hardware [6]. There is nothing detrminetal when it comes to releasing source code to accompany hardware one sells (hardware which requires placing binaries in one’s computer with ‘root’ privileges). NVIDIA should wake up already and become respectful to software freedom, or at least those who want reassurance that NVIDIA’s blobs are not just Linux back doors. We already know that the NSA wanted back doors in Linux and it was eager to even bribe companies to help achieve this. NVIDIA is an American company.
Those who chastised Richard Stallman for rejecting proprietary components in his computers have hopefully changed their views after the NSA leaks/scandals. █
Related/contextual items from the news:
-
-
-
The Freedreno open-source graphics driver project that’s a clean-room reverse-engineered implementation of the Qualcomm Adreno graphics core on the company’s ARM SoCs keeps reaching new milestones. While the driver is mostly just worked on by Rob Clark and without any support from Qualcomm, it’s quickly becoming the flagship open-source ARM graphics driver for the Linux desktop.
-
-
If you really want to contribute to Mesa you should at least have some C\C++ experience, if you don’t buy yourself a book and go for it. Knowledge of OpenGL would also obviously be useful The OpenGL SuperBible is generally the most recommended book on OpenGL.
-
Intel’s open-source Linux graphics driver for supporting Broadwell is continuing to move along ahead of the availability of the new Intel processors in a few months time.
While Intel only open-sourced the Broadwell graphics driver changes earlier this month and began pushing the code forward into the Linux kernel, Mesa, libdrm, and xf86-video-intel drivers, the support is moving along nicely.
Permalink
Send this to a friend
11.26.13
Posted in GNU/Linux, Kernel at 11:25 am by Dr. Roy Schestowitz
Funding still provided in exchange less benign agenda than easy printing (e.g. restricted boot, TPM, Tivoization)
Summary: The Linux Foundation is starting another “Membership Drive”, which seeks to collect money from people rather than from massive corporations
AS we have pointed out on numerous occasions before, the weakness of the Linux Foundation is that it’s very open to businesses, which also makes it vulnerable to entryism, even by Microsoft and companies it takes over. Just watch this latest Microsoft marketing/revisionism from Mary Jo Foley at ZDNet/CBS, trying hard to matchmake FOSS and Microsoft.
In order for the Linux Foundation not to merely serve agencies like the NSA through Intel, IBM and other NSA collaborators (some of which receive money from the CIA to do this) we need to hope for a people-run Linux Foundation. This requires changing the financial strings. Community influence (people, not corporations) can only ever come through money, as sad as it may seem, and to the Linux Foundation’s credit, it does come out with an appeal for people’s money [1,2,3] (original post in [4]). Whether a donation would be wise to give is rather hard to tell; the FSF, for example, is already people-leaning, whereas with the Linux Foundation it’s doubtful and it may be too late for the attached strings to be undone. Just watch how OIN, for instance (another corporations-funded front), welcomes surveillance companies into its ranks. A serious privacy violator, Dropbox, is now in there too. As a Microsoft booster put it: “The Open Invention Network (OIN) has revealed Dropbox is its latest licensee, potentially shielding the cloud document-sharing service from patent attackers.”
When it comes to defending the voice of people, “Linux Voice” should be a good choice [5]. It’s about service, not just profits. If “Linux Voice” is like independent press, then think of the Linux Foundation as the corporate press, appeasing and appealing to businesses in order for them to provide financial support (with strings attached of course, as businesses are not charities).
The Linux Foundation is a good organisation, but if it becomes increasingly dependent on funding from companies with weak/no ethics, then we have a real problem in our hands. █
Related/contextual items from the news:
-
In honor of the open-source operating system’s longtime penguin mascot, the Linux Foundation is taking a conservation-friendly approach to its latest membership drive.
-
-
You can help two birds with one donation this holiday season. The Linux Foundation, the non-profit organization dedicated to accelerating the growth of Linux and other open-source collaborative development projects such as OpenDaylight, announced its 2013 Holiday Individual Membership Drive. In it, the group will donate $25 to the World Wildlife Fund for emperor penguins for every new member who joins, today through 11:59 PM. PT on December 10, 2013.
-
The Linux Foundation today is kicking off its Holiday Individual Membership Drive. We will be donating $25 to the World Wildlife Fund for the emperor penguin for each individual member who joins The Linux Foundation today through December 10, 2013.
-
Our plan to give 50% of our profits back to the community has got a lot of people talking. Everyone likes the idea, but some people are wondering how it’s going to work. It’s important to note that this plan isn’t just a short term gimmick — no, it’s a crucial part of what Linux Voice will be about over the years. A thriving Linux and Free Software community is good for all of us!
Permalink
Send this to a friend
11.25.13
Posted in GNU/Linux, Kernel, Microsoft, Security, Ubuntu, Virtualisation at 4:14 am by Dr. Roy Schestowitz
We need Freedo
Summary: Involvement in Linux development from the NSA and close corporate partners means that in order to restore real trust some code may need washing away (Linux-libre style)
THE news last week claimed that the US Defense Department was embracing FOSS [1,2]. We already know that it uses RHEL extensively and this may actually have strings attached to it. See, there is always aspiration to put control of the software at the hands of US corporations (and by extension bureaucrats who can compel those corporations to comply with surveillance desires); for others, there are back doors.
The other day we saw how a leading GNU/Linux vendor worked to promote and to spread UEFI ‘secure boot’, which is all about remote control (unless the signatures are maintained by the physical owner of the computer). UEFI ‘secure boot’ — like TPM — is about control by remote entities like Microsoft. Never forget that man from Microsoft (who still lives around there) manages Ubuntu now. Another man from Microsoft is now speaking on behalf of a Linux Foundation project (there are other people, but he is their manager). This really is a cause for concern because even “Linux” technologies are turning somewhat hostile towards users. When companies like Intel and IBM call the shots and when companies like Red Hat try to appease the Pentagon we just simply cannot assume that Linux will remain user-serving (as a matter of priority).
There are some news these days about Italy [3,4], Switzerland [5] and several other European nations moving to Free/Open Source software (this may include GNU/Linux) for control and autonomy, but they should keep a close eye on those who steer Linux development (and the government they lobby to oversee them amicably in particular). Yesterday when I had a discussion about this subject someone suggested embracing Hurd, but I on the other hand thought that perhaps Linux-libre should start removing NSA-sourced components (if they can be traced back to the NSA, as it is not just SELinux and some was submitted by @redhat.com addresses) and other suspicious or user-hostile code.
Even as Linux advocates we should recognise that there is a diversity of interests and the agenda of the NSA is to spy on everything and everyone, not to protect our privacy and security. █
Related/contextual items from the news:
-
As far as technology trends in the federal government go, the use of open source is on a multi-year hot streak. Alongside movements such as the cloud, open source is one of those agency options like an oasis – or perhaps a mirage — in a funding desert, promising savings and efficiencies.
-
The Defense Department, looking for ways to cut costs and share information, is slowly but surely embracing open source software, sister publication FCW’s Amber Corrin reports.
“The problem with proprietary solutions is the limited set of folks who can use them, rather than opening the core components to the community to drive…and just be the experts and the integrators,” Andy Goodson, program manager for Lockheed Martin’s Distributed Data Framework, told FCW. DDF is a newly open source software search engine for intelligence.
-
It’s no hidden fact that the European Union has a special love for free and open source software for all the merits these have to offer and for the huge cost savings EU’s various organizations get to make from these. In the past, several member countries have made the switch from Windows to Linux in a drive to make their systems more secure and save costs. Their governments and educational institutions have also moved on from using proprietary and expensive day-to-day software such as Microsoft Office to using OpenOffice and LibreOffice, software that get the same work done and are absolutely free. Now it is Italy’s turn to follow on the same path.
-
We take a first reading of the recent modification to the fundamental law that governs the digital aspects of the Public Administration in Italy. These modifications require Public Administrations to prefer internally made solutions and FOSS solutions over proprietary ones, mandate an increased degree of interoperability and strengthen the push for open data.
-
Lausanne, Switzerland’s fourth-largest city, is considering a switch to open source desktop PCs. “The time has come to evaluate a migration, by launching a pilot project on 5 workstations”, the city announced on 14 November. “Free and open source software is becoming more mature, user-friendly and compatible with other environments.”
Permalink
Send this to a friend
11.23.13
Posted in GNU/Linux, Kernel, Microsoft, Novell at 3:12 pm by Dr. Roy Schestowitz
Summary: Why K. Y. Srinivasan has become somewhat of a Microsoft mole inside the Linux world
Microsoft loves to abduct companies, fire ‘disobedient’ staff, and bring in its own moles. VMware and Yahoo are good examples of this. The strategy is used a lot by Microsoft, quite consciously too.
“Microsoft never needs to be allowed to join, it just needs to abduct companies which are already in.”Right now we learn that a “Winamp Petition Emerges as Microsoft Considers Purchase”. Win is short for Windows, so it would not be too shocking if Microsoft took over to exploit (and ruin) the brand. But there are problems close to home, involving Linux in particular. There are more Elop-type threats — ones which turn Linux leaders (like Nokia) into Linux foes that go as far as patent litigation against Linux. Now that people from Microsoft are becoming managers in the Linux Foundation (and managers of distributions like Ubuntu) we must pay attention. Nokia is a Linux Foundation member too, so with its surrender to Microsoft (like Novell) there are more Trojan horses (steering power) for the monopolist inside the foundation. Microsoft never needs to be allowed to join, it just needs to abduct companies which are already in.
There is another longtime mole which deserves to be named now that there is this new puff piece and shameless PR for the company that attacks Linux. The puff piece comes from EFY Times and it’s basically a softball monologue for Microsoft, courtesy of K. Y. Srinivasan from Novell (his online profiles are still out of date). He now receives his salary directly from Microsoft and he is always whitewashing Microsoft and trying to match-make Linux with it (his focus is proprietary Hyper-V, which he and Novell helped Microsoft interject into Linux). Watch how Microsoft is grooming him in an attempt to make Microsoft seem Linux-friendly (article by Kerry Godes from Microsoft’s marketing team). To quote K. Y. Srinivasan: “It’s all part of our larger vision, which is to ensure that anything our customers want to run, they can run on Windows Server Hyper-V and in Windows Azure. This is what customers tell us they want.”
So in other words, it is about taxing and controlling (and spying on) GNU/Linux by making Microsoft its seller. It is also about running GNU/Linux merely as a guest on Windows hosts, using proprietary software of course. So much for friendship with Linux… █
Permalink
Send this to a friend
11.17.13
Posted in GNU/Linux, Kernel, Security at 9:07 am by Dr. Roy Schestowitz
Why did Linus Torvalds keep quiet about it?
Summary: The NSA asked Linus Torvalds, the founder of Linux, to put back doors inside Linux
Time to ban the NSA from Linux development? Probably.
The NSA has been subverting standards to make the world less secure for everyone (using pseudo-encryption everywhere) and now we understand Torvalds’ weird dodging from the question about NSA requests for back doors [1, 2], not to mention past attempts at back door inside Linux. Linus Torvalds’ father, who is an MEP (here is his Web site), finally does what his son, who is based in the US and is now a US citizen, did not do. He has just revealed that the NSA did ask Linus to backdoor Linux [1] (like Windows).
In light of these revelations we probably should ban the NSA from getting involved in Linux, including SELinux. The NSA has been abusing the whole world (even allies) and breaking the law, so why trust it? Moreover, as revealed in the news some days ago [2,3], there may already be some back doors in Linux, but they are well disguised. █
Related/contextual items from the news:
-
The NSA has asked Linus Torvalds to inject covert backdoors into the free and open operating system GNU/Linux. This was revealed in this week’s hearing on mass surveillance in the European Parliament. Chalk another one up of the United States NSA trying to make information technology less secure for everyone.
-
-
Permalink
Send this to a friend
11.14.13
Posted in Kernel, Microsoft, Virtualisation, VMware at 3:27 am by Dr. Roy Schestowitz
Summary: Nicolas (Neela) Jacques is appointed by the Linux Foundation to be Executive Director, overseeing efforts that involve GNU/Linux vendors
MICROSOFT ENTRYISM is a serious problem. We already know what impact it has had on Yahoo! and Nokia. Microsoft also occupied VMware after EMC’s Tucci foolishly let Ballmer do this (almost all the top executives were Microsoft executives bringing in former colleagues). The Ubuntu project too is now steered by a former Microsoft employee (who still lives in Seattle, just like Elop) as the project angers more and more people [1, 2].
Among the VMware managers who are former Microsoft employees there is this guy who, after the Linux Foundation let Microsoft get closee (to OpenDaylight), becomes the Executive Director. “Until now, the OpenDaylight Project has not had its own Executive Director, but that has changed,” says this article. So now we have a former Microsoft manager in charge of a Linux Foundation initiative. Wonderful! What could possibly go wrong? █
Permalink
Send this to a friend
« Previous entries Next Page » Next Page »
Content is available under CC-BY-SA