02.01.16
Posted in GNU/Linux, Hardware, Kernel at 12:07 pm by Dr. Roy Schestowitz
Summary: A few remarks about a new defect which is starting to attract media attention this morning, serving to highlight the lesser-discussed dangers of UEFI/EFI
TECHRIGHTS has been a rather prominent longtime critic of UEFI. We even got invited to speak to the top executives behind UEFI, involving several people on a conference call. They were hoping to silence/suppress my criticism by speaking to me for about an hour, but they didn’t have anything substantial to say in order for me to change my mind. In fact, they only revealed other issues (throughout the conversation) which I later wrote about. The Wiki has plenty of details about that and it also covers examples or remote bricking of PCs (via UEFI). Truly nasty if not malicious, too.
“Stuff like UEFI also gives governments stricter controls over people (like dissidents).”There is a newly-discovered issue involving systemd and EFI/UEFI. This has shown up in several prominent online forums and also in bug reports for almost a week (or longer). I had mentioned it online for a while, but only earlier today did I decide I have enough of a confirmation regarding this severe problem. It is now mentioned in news sites, too [1,2,3], so I wanted to very quickly remark on it (due to lack of time), noting that here again we have an example of remote bricking by means of UEFI — a subject that the NSA previously warned about (accusing China, warning that it had attempted to do something similar).
Don’t accept UEFI. Like DRM, TPM and many other malicious ‘features’, it is intended to give corporations control over the users, rather than enable the users to control their computers better. Stuff like UEFI also gives governments stricter controls over people (like dissidents). █
Related/contextual items from the news:
-
Running rm -rf / on any UEFI Linux distribution can potentially perma-brick your system.
As a public service announcement, recursively removing all of your files from / is no longer recommended. On UEFI distributions by default where EFI variables are accessible via /sys, this can now mean trashing your UEFI implementation.
-
It’s fairly stupid to run such a command, but usually not destructive to anything but the Linux installation. However, as it turns out, on MSI laptops it’s possible to completely wipe the EFI boot partition from inside Linux.
-
Running rm -rf / on any UEFI Linux distro can potentially perma-brick your system, Windows PCs also vulnerable
Permalink
Send this to a friend
01.17.16
Posted in GNU/Linux, Hardware, Microsoft, Vista 10, Windows at 6:28 am by Dr. Roy Schestowitz
Can’t compete? Then cheat…
“I’m thinking of hitting the OEMs harder than in the past with anti-Linux. … they should do a delicate dance”
–Joachim Kempin, Microsoft OEM Chief
Summary: After scheming to make new hardware incapable of booting GNU/Linux (in the name of UEFI ‘security) the company now attempts to tie up hardware (processors) with malicious new malware called Windows 10 (more like Vista 10, with the user-hostile ‘features’ of Vista)
“Want Freedom To Choose Your Hardware? Choose GNU/Linux.”
That’s the message from Robert Pogson. Some days ago we became aware of a nasty little scheme from Microsoft. The abusive monopolist, Microsoft, is calling monopoly abuse “innovation”. In additional to more DRM and antifeatures, including mass surveillance in real time, the company goes further as “Upcoming Intel And AMD CPUs Will ONLY Support Windows 10,” to quote FOSS Bytes. “In the latest change to its update policy,” wrote the author, “Microsoft has announced that older versions of Windows like Windows 7 and Windows 8.1 will lose support on the Intel 6th generation Core processors, also known as Intel Skylake. So, if you have just bought a new PC, you should consider upgrading to Windows 10 within the next 18 months.”
“Does anyone really think there is a ‘new’ Microsoft which is benevolent?”And Microsoft later expresses shock that people generally dislike it, some more than others.
Microsoft Peter shows how, after UEFI lockout of GNU/Linux (which he wrote about last year, arguably breaking the news), the historically abusive Intel helps Microsoft impose NSA-friendly spyware on everyone. “Microsoft Will Not Support Upcoming Processors Except On Windows 10,” says another report and “New hardware must have the latest Windows,” wrote a Microsoft booster. Microsoft’s influence over OEMs may be diminishing, the development teams may be shrinking (based on our confidential sources they are!), so the company is now limiting the scope of its operating system using hardware manufacturers/chipmakers, i.e. doing exactly the opposite of Linux (whose hardware support is always broadening).
Moreover, as revealed by this new report from The Register, Microsoft is really trying to piss people off and make Vista 10 synonymous with malware. Watch what they are doing right now:
Microsoft’s relentless campaign to push Windows 10 onto every PC on the planet knows no bounds: now business desktops will be nagged to upgrade.
When Redmond started quietly installing Windows 10 on computers via Windows Update, it was aimed at getting home users off Windows 7 and 8. If you were using Windows Pro or Enterprise, or managed your machines using a domain, you weren’t supposed to be pestered with dialog boxes offering the free upgrade.
[...]
Microsoft claims it’s doing this because many small businesses – the sort of organizations that run Windows Pro, use a domain, but leave automatic updates on – want an easy way to install the new operating system. If companies really want this software, you’d think they’d install it themselves – or opt in for it, rather than having to opt out repeatedly.
You can try your luck following these instructions to halt the upgrade – until Microsoft changes the rules again. Windows Enterprise edition in large corporations will avoid the automatic, virtually mandatory, upgrade.
Does anyone really think there is a ‘new’ Microsoft which is benevolent? iophk has been writing to us for a number of days about this kind of topic. He said quite a lot of things about what Microsoft plans to do to R right now (or some time in the near future).
“Attacks against R continue with “Microsoft R Open {sic}”,” he said, “with the announcement of vaporware” (we wrote about this some days ago). █
“Stewart Alsop, industry gadfly, presented Gates with the “Golden Vaporware” award, saying, “The delay of Windows was all part of a secret plan to have Bill turn thirty before it shipped.”
–Barbarians Led by Bill Gates, a book composed
by the daughter of Microsoft’s PR mogul
Permalink
Send this to a friend
07.21.15
Posted in GNU/Linux, Hardware, Microsoft at 3:11 pm by Dr. Roy Schestowitz
Microsoft doesn’t know what it’s doing (except rebooting)
Summary: Warning signs over Microsoft hosting, as well as reliance on Microsoft for maintenance of hardware
THE lying, dishonest and corrupt company says that it “loves Linux”. How ridiculous a statement. Microsoft clearly targets dumb people who are willing to give Microsoft control over GNU/Linux instances. Will Microsoft find enough dumb people? It remains to be seen. As a famous saying goes, never underestimate the power of dumb people in large numbers.
Yet another British ‘cloud’ site now promotes/advertises Microsoft as a GNU/Linux host. The article (if it can be called that), essentially an advertisement from Clare Hopping, says that “Azure customer support for Linux and other open source technologies were focused on determining whether customer problems were with the Azure platform or not. If not, then it would be left to the developer or the third party platform to solve issues.”
“Microsoft recently left British members of Parliament without access to E-mail for several days.”Is this the kind of host people were really looking for? There are many fine GNU/Linux hosts and Microsoft cares about GNU/Linux like BP cares about turtles in the Gulf of Mexico. Embrace (devour), extend (stab), extinguish (swallow) is what this move from Microsoft is all about. Watch a Microsoft advocacy site (the “Windows Club”) promoting this utter nonsense which includes full surveillance on every file (Microsoft uses “child pornography” as an excuse for this).
People ought to know by now never to rely on Microsoft for anything at all. Microsoft gained traction not because of technical merit; bribery, blackmail etc. had a lot more to do with it. It’s a company of organised crime and collusion with covert agencies that break the law, too.
According to this report, many people are still pursuing compensation for damages caused by the horrible Xbox 360 console. “No matter how hard Microsoft tries,” explained the author, “it can’t defeat a judicial order requiring it to face a proposed class-action lawsuit claiming that the Xbox 360 renders gaming discs unplayable because the console scratches them.
“The decision (PDF) Monday by the 9th US Circuit Court of Appeals sets the stage either for litigation over the allegations or a Supreme Court showdown.”
Microsoft, of course, is trying to dodge responsibility. Does anyone consider such a company to be a reliable host? Microsoft recently left British members of Parliament without access to E-mail for several days. Prior to that Microsoft had blackmailed British politicians. Microsoft cannot even fix their E-mail hosting (time-critical) in less than 3 days! If this is how Microsoft treats British members of Parliament, why would it do any better for ordinary members of the public? █
Permalink
Send this to a friend
07.14.15
Posted in Hardware, Microsoft, Security at 12:54 pm by Dr. Roy Schestowitz
Summary: The insecurity and abundant complexity/extensibility of UEFI is already exploited by crackers who are serving corrupt regimes and international empires
TECHRIGHTS has spent many years writing about dangers of Microsoft back doors and about 3 years writing about UEFI which, according to various citations we gathered, enables governments to remotely brick (at hardware level) computers at any foreign country, in bulk! This is a massive national security threat and Germany was notable in reacting to it (forbidding the practice). Among our posts which cover this:
Today we learn that UEFI firmware updates spread to the most widely used GNU/Linux desktop distribution and yesterday we learned that “HackingTeam has code for UEFI module for BIOS persistency of RCS 9 agent (i.e. survives even HD replace)…”
Rik Ferguso wrote this with link to the PowerPoint presentation, pointing to leaked E-mails via Wikileaks. The push back against UEFI ought to be empowered by such revelations, perhaps in the same way that these leaks now threaten to kill Adobe Flash for good. █
Permalink
Send this to a friend
03.25.15
Posted in Hardware, Microsoft at 3:39 am by Dr. Roy Schestowitz
Summary: UEFI makes computers more prone to infections, according to some security experts
THE abusive Intel spreads UEFI to help the abusive Microsoft by means of lockout (there have been many articles about that as of late). It serves to protect the Windows monopoly and protect Intel’s monopoly (with UEFI patents that we highlighted previously). Our posts about UEFI contain a lot of examples of that. UEFI ‘secure’ boot is not really about security and in some ways it makes security even worse, as we showed on numerous occasions before. UEFI can enable espionage agencies (such as GCHQ, NSA and so on) to remotely brick PCs, rendering them unbootable (no matter the operating system). Remember Stuxnet.
There are several new reports which say that UEFI has got additional ways in which it makes computers less secure. To quote the British media: “The high amount of code reuse across UEFI BIOSes means that BIOS infection can be automatic and reliable.”
To quote some US media: “Though such “voodoo” hacking will likely remain a tool in the arsenal of intelligence and military agencies, it’s getting easier, Kallenberg and Kovah believe. This is in part due to the widespread adoption of UEFI, a framework that makes it easier for the vendors along the manufacturing chain to add modules and tinker with the code.”
Next time Intel or Microsoft insist that UEFI is needed for ‘security’ we should have stronger arguments with which to debunk such myths. It’s marketing of monopolies disguised as “advancement”. █
Permalink
Send this to a friend
03.12.15
Posted in FSF, Hardware at 11:08 pm by Dr. Roy Schestowitz
To what extent do the ideas of free software extend to hardware? Is it a moral obligation to make our hardware designs free, just as it is to make our software free? Does maintaining our freedom require rejecting hardware made from nonfree designs?
Free software is a matter of freedom, not price; broadly speaking, it means that users are free to use the software and to copy and redistribute the software, with or without changes. More precisely, the definition is formulated in terms of the four essential freedoms.
- The freedom to run the program as you wish, for any purpose.
- The freedom to study the program’s source code, and change it so it does your computing as you wish.
- The freedom to make exact copies and give them or sell them to others.
- The freedom to make copies of your modified versions and give them or sell them to others.
Applying the same concept directly to hardware, free hardware means hardware that you are free to use and to copy and redistribute with or without changes. But, since there are no copiers for hardware, aside from keys, DNA, and plastic objects’ exterior shapes, is the concept of free hardware even possible? Well, most hardware is made by fabrication from some sort of design. The design comes before the hardware.
Thus, the concept we really need is that of a free hardware design. That’s simple: it means a design that permits users to use the design (i.e., fabricate hardware from it) and to copy and redistribute it, with or without changes. The design must provide the same four freedoms that define free software. Then “free hardware” means hardware with an available free design.
People first encountering the idea of free software often think it means you can get a copy gratis. Many free programs are available for zero price, since it costs you nothing to download your own copy, but that’s not what “free” means here. (In fact, some spyware programs such as Flash Player and Angry Birds are gratis although they are not free.) Saying “libre” along with “free” helps clarify the point.
For hardware, this confusion tends to go in the other direction; hardware costs money to produce, so commercially made hardware won’t be gratis (unless it is a loss-leader or a tie-in), but that does not prevent its design from being free/libre. Things you make in your own 3D printer can be quite cheap, but not exactly gratis since you will have to pay for the raw materials. In ethical terms, the freedom issue trumps the price issue totally, since a device that denies freedom to its users is worth less than nothing.
The terms “open hardware” and “open source hardware” are used by some with the same concrete meaning as “free hardware,” but those terms downplay freedom as an issue. They were derived from the term “open source software,” which refers more or less to free software but without talking about freedom or presenting the issue as a matter of right or wrong. To underline the importance of freedom, we make a point of referring to freedom whenever it is pertinent; since “open” fails to do that, let’s not substitute it for “free”.
Is Nonfree Hardware an Injustice?
Ethically, software must be free; a nonfree program is an injustice. Should we take the same view for hardware designs?
We certainly should, in the fields that 3D printing (or, more generally, any sort of personal fabrication) can handle. Printer patterns to make a useful, practical object (i.e., functional rather than decorative) must be free because they are works made for practical use. Users deserve control over these works, just as they deserve control over the software they use.
Distributing a nonfree functional object design is as wrong as distributing a nonfree program.
Be careful to choose 3D printers that work with exclusively free software; the Free Software Foundation endorses such printers. Some 3D printers are made from free hardware designs, but Makerbot’s hardware designs are nonfree.
Must we reject nonfree digital hardware?
Is a nonfree digital hardware(*) design an injustice? Must we, for our freedom’s sake, reject all digital hardware made from nonfree designs, as we must reject nonfree software?
Due to the conceptual parallel between hardware designs and software source code, many hardware hackers are quick to condemn nonfree hardware designs just like nonfree software. I disagree because the circumstances for hardware and software are different.
Present-day chip and board fabrication technology resembles the printing press: it lends itself to mass production in a factory. It is more like copying books in 1950 than like copying software today.
Freedom to copy and change software is an ethical imperative because those activities are feasible for those who use software: the equipment that enables you to use the software (a computer) is also sufficient to copy and change it. Today’s mobile computers are too weak to be good for this, but anyone can find a computer that’s powerful enough.
Moreover, a computer suffices to download and run a version changed by someone else who knows how, even if you are not a programmer. Indeed, nonprogrammers download software and run it every day. This is why free software makes a real difference to nonprogrammers.
How much of this applies to hardware? Not everyone who can use digital hardware knows how to change a circuit design, or a chip design, but anyone who has a PC has the equipment needed to do so. Thus far, hardware is parallel to software, but next comes the big difference.
You can’t build and run a circuit design or a chip design in your computer. Constructing a big circuit is a lot of painstaking work, and that’s once you have the circuit board. Fabricating a chip is not feasible for individuals today; only mass production can make them cheap enough. With today’s hardware technology, users can’t download and run John H Hacker’s modified version of a digital hardware design, as they could run John S Hacker’s modified version of a program. Thus, the four freedoms don’t give users today collective control over a hardware design as they give users collective control over a program. That’s where the reasoning showing that all software must be free fails to apply to today’s hardware technology.
In 1983 there was no free operating system, but it was clear that if we had one, we could immediately use it and get software freedom. All that was missing was the code for one.
In 2014, if we had a free design for a CPU chip suitable for a PC, mass-produced chips made from that design would not give us the same freedom in the hardware domain. If we’re going to buy a product mass produced in a factory, this dependence on the factory causes most of the same problems as a nonfree design. For free designs to give us hardware freedom, we need future fabrication technology.
We can envision a future in which our personal fabricators can make chips, and our robots can assemble and solder them together with transformers, switches, keys, displays, fans and so on. In that future we will all make our own computers (and fabricators and robots), and we will all be able to take advantage of modified designs made by those who know hardware. The arguments for rejecting nonfree software will then apply to nonfree hardware designs too.
That future is years away, at least. In the meantime, there is no need to reject hardware with nonfree designs on principle.
*As used here, “digital hardware” includes hardware with some analog circuits and components in addition to digital ones.
We need free digital hardware designs
Although we need not reject digital hardware made from nonfree designs in today’s circumstances, we need to develop free designs and should use them when feasible. They provide advantages today, and in the future they may be the only way to use free software.
Free hardware designs offer practical advantages. Multiple companies can fabricate one, which reduces dependence on a single vendor. Groups can arrange to fabricate them in quantity. Having circuit diagrams or HDL code makes it possible to study the design to look for errors or malicious functionalities (it is known that the NSA has procured malicious weaknesses in some computing hardware). Furthermore, free designs can serve as building blocks to design computers and other complex devices, whose specs will be published and which will have fewer parts that could be used against us.
Free hardware designs may become usable for some parts of our computers and networks, and for embedded systems, before we are able to make entire computers this way.
Free hardware designs may become essential even before we can fabricate the hardware personally, if they become the only way to avoid nonfree software. As common commercial hardware is increasingly designed to subjugate users, it becomes increasingly incompatible with free software, because of secret specifications and requirements for code to be signed by someone other than you. Cell phone modem chips and even some graphics accelerators already require firmware to be signed by the manufacturer. Any program in your computer, that someone else is allowed to change but you’re not, is an instrument of unjust power over you; hardware that imposes that requirement is malicious hardware. In the case of cell phone modem chips, all the models now available are malicious.
Some day, free-design digital hardware may be the only platform that permits running a free system at all. Let us aim to have the necessary free digital designs before then, and hope that we have the means to fabricate them cheaply enough for all users.
If you design hardware, please make your designs free. If you use hardware, please join in urging and pressuring companies to make hardware designs free. █
Copyright 2015 Richard Stallman. Released under Creative Commons Attribution No Derivatives 3.0 license.
Permalink
Send this to a friend
02.17.15
Posted in Free/Libre Software, Hardware at 5:36 am by Dr. Roy Schestowitz
Summary: The Trojan horse that Microsoft uses to cement its monopoly on desktops and laptops (making it hard or impossible to install and run GNU/Linux) is also being misused to block Coreboot
LAST WEEK we saw numerous reports about UEFI being used to attack, impede — or whatever one wishes to call it — Coreboot. It’s an attack on computing freedom at the very core, but given the long history of Intel crimes, we were hardly shocked by it. We included relevant links in our daily links, but citing [1], the biggest UEFI apologist writes [2] that this is justified in the name of ‘security’, erroneously assuming that it was ever about security rather than domination and control over the user. We have already shown, on numerous occasions in fact (even earlier this year), that UEFI achieves the very opposite of security, enabling even remote bricking of entire motherboards (Intel seems more interested in intel’ agencies than in actual purchasers of hardware). As the apologist is cited by FOSS sites we just thought it is worth pointing out again. People whose job is to write code for UEFI (and a lot of money is being paid for this) have a bit of an undeclared conflict of interest when writing about UEFI.
One solution, as we have pointed out before, is to avoid UEFI, which still helps Microsoft attack GNU/Linux. One effective way to achieve this is to boycott Intel, which deserves a boycott for many other reasons (much bigger and more compelling reasons than this). █
Related/contextual items from the news:
-
Even if you’re rocking the most open of open-source operating systems, chances are your laptop isn’t really that “free,” betrayed by closed firmware binaries lurking deep within the hardware itself.
Modern UEFI firmware is a closed-source, proprietary blob of software baked into your PC’s hardware. This binary blob even includes remote management and monitoring features, which make it a potential security and privacy threat.
You might want to replace the UEFI firmware and get complete control over your PC’s hardware with Coreboot, a free software BIOS alternative—but you can’t in PCs with modern Intel processors, thanks to Intel’s Boot Guard and the “Verified Boot” mode PC manufacturers choose.
-
PC World wrote an article on how the use of Intel Boot Guard by PC manufacturers is making it impossible for end-users to install replacement firmware such as Coreboot on their hardware. It’s easy to interpret this as Intel acting to restrict competition in the firmware market, but the reality is actually a little more subtle than that.
UEFI Secure Boot as a specification is still unbroken, which makes attacking the underlying firmware much more attractive. We’ve seen several presentations at security conferences lately that have demonstrated vulnerabilities that permit modification of the firmware itself. Once you can insert arbitrary code in the firmware, Secure Boot doesn’t do a great deal to protect you – the firmware could be modified to boot unsigned code, or even to modify your signed bootloader such that it backdoors the kernel on the fly.
Permalink
Send this to a friend
01.07.15
Posted in Hardware at 7:29 pm by Dr. Roy Schestowitz
Summary: How journalists, analysts and even developers carry water for Intel, usually in exchange for some monetary incentives
MANY of Intel‘s crimes have been covered here in Techrights at one point or another. The company has excellent PR operations that help conceal a great level of abuse and corruption. It’s the same with IBM. Watch this disgusting new puff piece from The Verge and this necessary response to it (“Delusional Media Hypes Intel Partnership With Anita Sarkeesian”) which says: “The Verge lies about us all the time. Hell, as I always cite, one of their former workers actually threatened to go GamerGate hunting at Comic Con. Unsurprisingly, he never caught any flack. Anti-GamerGate has gotten away with everything short of the high crimes like murder and rape, but I’m pretty sure the media would turn a blind eye towards that as well. Because after I just saw Intel co-sign Anita Sarkeesian and IGDA, I’m certain that I’m living on a different planet than these people.”
Intel’s role in GamerGate has already caused one of the leading Linux developers, who was clearly the face of UEFI on Linux, to boycott Intel and cease development of anything Intel-related.
“UEFI can be used for remote bricking (hardware sabotage) by the NSA and the likes of it.”Not only people like Anita Sarkeesian are potentially bribed by Intel for positive publicity that fools the public. Once upon a time the Gartner Group was used as marketing for Intel (false prophecies disguised as recommendations) and Gartner is now seeing the Wintel monopoly on the dive. Only a small portions of computers that are shipped are desktops or laptops with x86 chipsets, so Robert Pogson has visualised some numbers:
Crippling Wintel
[...]
Gartner has built their business on Wintel and now they see 8% growth for the competition as something hopeful… Meanwhile, smartphones have explosive growth and thin clients are doing well too.
In order to further reinforce the Wintel monopoly Intel has made UEFI restricted boot. UEFI can be used for remote bricking (hardware sabotage) by the NSA and the likes of it [1, 2, 3]. Some involved developers deem it necessary to state that they are now working for the government, perhaps realising how controversial their work is. As one put it last year: “At no point have I been contacted with warrants of any kind, or any similar instrument, or in any way, from governmental or non-governmental entities, about inclusion of any kind of malware or backdoor in Fedora’s signed secure boot binaries, including shim, grub2, the kernel, and pesign, nor have I at any time been approached about disclosure of our signin keys. I am also not aware of anyone else involved in our signing that has been contacted with warrants of any kind, or any similar instrument, or in any way, from governmental or non-governmental entities, about inclusion of any kind of malware or backdoor in Fedora’s signed secure boot binaries, including shim, grub2, the kernel, and pesign, nor have I at any time been approached about disclosure of our signing keys.”
In a better world, this whole idiotic ‘secure’ boot would not exist. People don’t need it and the risk introduced by it (sabotage or prevention of access to one’s own PC) is great. As always, we urge readers to boycott UEFI and, where possible, also avoid Intel. █
Permalink
Send this to a friend
« Previous entries Next Page » Next Page »
Content is available under CC-BY-SA