[clug] Offline snooping

[Scott Ferguson]

Re-sending to the list

On 06/02/14 16:03, Bryan Kilgallin wrote:
> Thanks, Scott:
> 
>> Much of the
>> software used by the NSA is either hidden in commercial proprietary
>> software (Closed Source), or proprietary firmware (i.e. embedded coded
>> used for devices e.g. your hard drive controller, your network card,
>> your BIOS etc).
> 
> How much of a hassle is the firmware problem?

Define hassle? :)

If you want control of your computer you need control of all the code -
that includes the firmware. If you don't have control then you cede it
to others - that is my definition of hassle in this instance.

The owners of the firmware won't share the source code with you, so you
can't examine it (or get someone else to) - more importantly (to me) you
can't know how it works which makes implementing your own versions or
modifying theirs difficult and probably illegal.

Much of your BIOS is unnecessary - Linux doesn't need it. I'd like to be
able to make use of the space taken by wasted code. Likewise with hard
drive firmware (many have drives have the capability to become internet
devices - only code kept secret by proprietary licenses makes that
illegal and/or difficult).

My main objection to firmware is that it often has capabilities I don't
need which makes them a security problem (without access to the source I
can't even determine the extent of the problem). NSA is not the only
threat to security - they just serve to highlight the issues.

> 
>> apropos of firmware, AFAIK Bunny is the only current source of a totally
>> open modern computer (Novena):-
> 
> So far I haven't been able to update software on my OpenMoko phone. Is
> the Novena likely to similarly be a dog?

I don't see the relationship, or understand your problem with the phone,
so I can't give you an answer - except perhaps that when the question
"difficulty" relates to Open Source the main impediment is the operator
(degree of difficulty is contextual, and I don't know the context).
FWIW I wasn't aware of any OpenMoko upgrade problems (but I appreciate
it's common for people to find updating Debian difficult). The 2008.12
(iLook) upgrade?
Note that OpenMoko is not completely open - Novena is, and that Novena
is not being promoted by the developers, they designed and built it for
personal use and are only releasing it because of unsolicited demand -
not as some marketing exercise and not aimed at the average user (expect
no support and you won't be disappointed).

If you read the wiki I linked to you can answer that question yourself
(as I have no idea what constitutes "hard" for you) - if it only serves
to raise more questions then you may find to process difficult.
I expect it also hinges on what you mean by "upgrade" - sometimes people
mean "new fixes for proprietary problems" or "more support for
proprietary devices by "upgrades".  Both could happen with Novena -
though it would only occur if the user decided to defeat the purpose of
it and attach closed devices.

Kind regards