Trusting the Evil Maids

posted by Roy Schestowitz on Feb 23, 2026

Alex Oliva (GNU Linux-Libre) correctly points out that trusting binary blobs from untrustworthy companies (known for back-dooring things, based on their track record) is misguided if not foolish (the latter is more crude a term, but still deserving). This morning in IRC we discussed again in simple terms what it means to have IBM's LVFS (Linux Vendor Firmware Service) running as root.

In very very very simple terms that every user can understand, having things like these running in the background is like having a giant back door available all the time, allowing an intruder to remotely control everything on your computer; not to mention what happens in case of system breach in the controlling party of LVFS (previously Linux Foundation) or any OEM/vendor that pipes things through it.

Oliva is right. Allowing some blobs to be pushed and pulled passively - without warning and with neither user consent nor audit - seems rather insane.

Speaking of "evil maids", suppose you are specifically targeted. If you purchase or order a computer anonymously, it's hard to compromise only your machine. However, once connected and authenticated, letting oneself be remotely controlled at such a low level seems insane. We expressed concerns like these in relation to WordPress 13 years ago, but this is much worse because Automattic does not get root-level access to your physical server.

In short, whatever Oliva said seems appropriate and timely. Don't listen to liars and frauds who lie to courts. They warn us about "Evil Maids", but they themselves are those Evil Maids. █

Image source: Myosotis

Other Recent Techrights' Posts

Security and blobs, by Alex Oliva (GNU Linux-Libre): Reprinted with permission from Alex Oliva
Techrights Thanks Every Single EPO Worker Who Went on Strike Today: We have so much in common
EPO Staff Union: The Strike Actions and Other Industrial Actions "Have Already Delivered Measurable Gains.": SUEPO Munich has just issued a statement to staff
Based on Insider Leaks, Asha Sharma's Job is to Kill XBox While Talking About "AI": They cite SneakerSO
Linux Kernel 7.0 Release Candidate Comes Out, Stallman Turns 73 in Three Weeks: It predates Microsoft and Apple
In Greenland, Firefox's Gecko and KHTML (KDE, But Bastardised by Apple) Bigger Than Chrome: Are those Danes recognising the risk of monoculture?
IBM Layoffs Definitely Still Happening: Contrary to what some apologists try to say
Don't Use the Future Tense to Discuss the Slop Bubble: Wall Street does not react to reality; it reacts to panic, which is related to expectations
The Broken Window Industry and Its Ongoing Desires to Make Technology Less Dependable: Reliable computing is becoming harder to find
Kyndryl Fell by About 50% in One Day, IBM Fell 23% in 20 Days: the IBM Titanic
Trusting the Evil Maids: Don't listen to liars and frauds
Aaron Swartz Has Already Explained What Reddit/Conde Nast Meant to Him and Why We Should All Avoid Reddit If We Value Software Freedom: Aaron Swartz did not start Reddit
Valnet's Good Legacy of GNU/Linux Advocacy in Journalism Form: Let's hope they carry on like this
Coders and Thinkers: I used to be a hyper-productive coder; these days I do more thinking and writing
Slop (So-called 'genAI') is Not a Skill, Slop Gets You Suspended or Even Sacked, It Can Eventually End Your Career: Benj Edwards, a so-called 'Senior' so-called 'AI' so-called 'Reporter'
Quitting Reddit (Social Control Media Controlled by Conde Nast): There is a new post in Reddit
There is No Such Thing as "AI Skills", "AI Competency", "AI Fluency" Etc.: Slop does not give anybody an advantage
Links 23/02/2026: "What Boston Will Cost Me" and Women as Hostages: Links for the day
IRC Usage Levels Seem to be Rebounding This Year: it looks like the total count (tally) of users increased a lot lately
Microsoft Tricked the Media Into Lying About Microsoft Layoffs in January. Now It Does the Same (in February).: Microsoft has got the media by the wallet (or balls)
Free Software Projects Become Slow Due to Slop: It does not improve efficiency or productivity, it reduces both
EPO Strike Has Begun (or Resumed): The EPO status quo is untenable
Links 23/02/2026: US Surrenders to Climate Change (to Benefit Oil Companies and Slop), UK Court of Appeal to Hear Mazur: Links for the day
GAFAM Jobs No Longer Lucrative: Those days are long gone
Germans Recognise the Contagion is Digital, Not Racial: How to dismantle or neutralise those weapons? Turn them off
Free Software (or Software Freedom) Ain't No Religion: It's hardly surprising that some of the loudest opponents of Software Freedom and its luminaries also disregard or bend facts
Dr. Andy Farnell Explains Why the Slop Industry is Like Trespassers and Thieves: interesting new article about robots.txt files
The Demise of the Solicitors Regulation Authority (SRA) and Profession Based Around Bullying With SLAPPs and Empty Threats: For press to survive and thrive in the UK we need the hired gun to be submerged
Gemini Links 23/02/2026: Imperfect Journal, Evil, and "Progress Goes Boing!": Links for the day
“Power is a Thing of Perception. They Don't Need to be Able to Kill You. They Just Need You to Think They are Able to Kill You” ― Julian Assange: When leadership becomes corrupt enough to lose a sense of authority its days are numbered; it'll be replaced
IBM Has Already Admitted 2026 Mass Layoffs (in 4Q Earnings Call): We showed this earlier this month, but some people bring that up again
Reasons to Go on Strike in the European Patent Office (EPO): If you live in Europe and don't work for the EPO, you can still help
First speech of Chanellor Hitler, Andreas Tille & Debian denounce Branden Robinson: Reprinted with permission from Daniel Pocock
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, February 22, 2026: IRC logs for Sunday, February 22, 2026
More and More Projects Quit Microsoft GitHub This Year, XBox Will See the Same: Microsoft GitHub's embrace of slop as "strategic" gives us a clue of what'll happen to XBox very soon
Google "Intelligence": Despite Slam-Dunk or "Smoking Gun" Proof, Drug Abuse in EPO Leadership is "Unverified Allegations": Google's slop (so-called 'AI') lacks intelligence
8,000 Pages/Articles Per Year: We're eager to maintain a good production/publication pace and illuminate the sinister attempts to interfere with Freedom of the Press in the UK
Gemini Links 22/02/2026: Okonomiyaki and Midcrunch Crisis: Links for the day
Freedom Means Accepting He or She Who is Different: In the Debian community we're sadly seeing some authoritarian overreach this month
New XBox CEO Typecast in Social Control Media: Microsoft apologists will fall back on (or shuffle between) the "racist" and "sexist" angle
Sites Without JavaScript Deserve Your Visits: We're not arguing that the Web should be as simple or barebones like Gemini Protocol/GemText
EPO Strikes Are Already Working: Campinos is already going "into hiding"
Microsoft Windows Falls to Another New All-Time Low in Guatemala, It is a Bottomless Pit: Maybe users come to realise that Windows means back doors and those doors are open to a regime that ought not be trusted
"XBox" Will Become Slop After Mass Layoffs: When all else fails, "AI it"
Links 22/02/2026: Hardware Price Hikes Across the Board, "Microsoft Issues Statement on Potential Layoffs": Links for the day
Microsoft "Layoffs Incoming": This transition isn't about promoting games; it's about canning the console
Links 22/02/2026: "Bloat of Modern Fitness Apps" and Wikipedia Deprecates Archive.today: Links for the day
Our IRC 5-Year Anniversary (for Self-Hosted) is Fast Approaching: A week from now it's March already
Gemini Links 22/02/2026: Dream Job Gone and Slop in Taskwarrior: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, February 21, 2026: IRC logs for Saturday, February 21, 2026
GNU/Linux Grew a Lot in Nicaragua: We've not noticed until today
Techrights Has Over 1,000 Good Articles 'in the Tank': Drafts, notes, and lengthy documents
New Article Challenges Solicitors Regulation Authority (SRA) for Choosing the Wrong SLAPP Cases to Investigate: The one point we can agree on is that SRA does not know how to correctly select the worst culprits/offenders
The Brand 'Watsonx' is a Terrible Name for IBM 'Hey Hi' (Chatbots) Because Watson Agreed With Adolf Hitler: Almost a century has passed and IBM still believes that selling "intelligence", chatbots in particular, should be done under the name "Watson"
Why IBM is Still Scary and Dangerous: Keep a distance from "Big Blue" Bully
Measuring the Growth of Our Mission and Community: Something between experiment and prototype
Richard Stallman in the United States - Part III - Georgia Tech Did a Fine Job Upholding Free Speech Principles: The real problem was social control media (toxic)
Debian's Master is Deleting Criticism of SystemD and Other Things (On-Topic and Published by Debian Developers), Resorts to the Excuse Messages Are "Too Long": Censorship serves nobody except the masters that control this censorship
Digg's Latest Incarnation Already Failed, It's Infested With LLM Slop: Many submissions go to slopfarms and some get summarised by slop
Gemini Links 21/02/2026: Veganism and DeskPi RackMate T0: Links for the day
On The Web, XBox Already a Dying Breed: Down to about 0.05% on large machines, based on statCounter [...] Microsoft will never publicly admit or say how many billions it lost on the XBox
2026 a Year of 'Top-Down' Microsoft Layoffs (Management First): Stay tuned for what comes next
Your "Likes" Aren't Yours and They're Mostly "Worthless Clicks": Social hermits are not popular, irrespective of how many "Facebook friends" or "likes" they get
Waggener Edstrom/Frank Shaw Lied, There Are Definitely Microsoft Layoffs: Microsoft never issued a formal statement, it made allusions by proxy
Microsoft-Controlled Media With Embargo and Press Operatives: This won't be the last example of media manipulation for narrative control or face-saving "damage control"
Slop Hype Makes Our Core Technology Less Reliable and Far Less Resilient (We Pay for the Catastrophe That Follows): Only slop-free projects can be trusted
Going for 1,000 (Days of Uptime): universal records are vastly better
Firefox is No-Go in China, Not Even 1% "Market Share" Anymore: Given Mozilla's utterly rubbish marketing these days (politics over technical aspects), set aside the cheerleading for slop, there's hardly a chance of Mozilla Firefox reaching or exceeding 10% again
EPO "Cocaine Communication Manager" - Part III - It's in His Eyes: Workers are free to draw their own conclusions
Links 21/02/2026: Tensions Over Iran and Illegal Cheeto Tariffs, Presidential Approval Sags: Links for the day
Links 21/02/2026: "Moving Away From Cloudflare", Many Layoffs or Shutdowns in Games (Including XBox/Microsoft): Links for the day
GNU Linux-libre is a Grown-Up Today: "before that, every distro that wanted to respect its users' freedom had to remove itself all of the binary blobs that were distributed as part of the kernel Linux's so-called sources"
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, February 20, 2026: IRC logs for Friday, February 20, 2026
Gemini Links 21/02/2026: "The Evil of Action" and Slop Bots Causing Great Harm Online (Not Just the Web): Links for the day