Announcement

Collapse
No announcement yet.

FSF Talks Up Libreboot As New Coreboot Downstream

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • FSF Talks Up Libreboot As New Coreboot Downstream

    Phoronix: FSF Talks Up Libreboot As New Coreboot Downstream

    Libreboot is a de-blobbed version of Coreboot designed to run on the Free Software Foundation's first endorsed laptop...

    http://www.phoronix.com/vr.php?view=MTc1NTc

  • #2
    Why?

    Just Why..?

    Comment


    • #3
      Originally posted by Britoid View Post
      Why?

      Just Why..?
      Free Software Fundamentalism. Thats why.

      Comment


      • #4
        Originally posted by 89c51 View Post
        Free Software Fundamentalism. Thats why.
        No. It's about money
        http://shop.gluglug.org.uk/product/i...-x60-coreboot/

        Almost 200 GBP for such thing?

        Comment


        • #5
          The Gluglug X60 has also been renamed to the Libreboot X60.
          Better names, yes. Open Source projects frequently suffer from having really bad names.

          Comment


          • #6
            Originally posted by michal View Post
            No. It's about money
            http://shop.gluglug.org.uk/product/i...-x60-coreboot/

            Almost 200 GBP for such thing?
            And freedom.
            Avoiding back-doors. Put there by government or corporations.

            And control, you should be in control over your computer not some government or corporation.

            Comment


            • #7
              FSF gives power to the users

              Originally posted by Britoid View Post
              Why?

              Just Why..?
              Why? To provide users the option to run a entirely free software stack from top to bottom, of cource. If you want or need to be able read or to compile every single piece of software that is running on your system, here's your choice.

              You need to be absolutly sure with regards to security? Need to be able to audit or change every line of code running? Or are just a purist that just wants to be able to do it for political or moral reasons? Pick this, a deblobed kernel and one of those distros the FSF recommends.

              If you don't? Well, don't use it. Pick coreboot or use the UEFI bloat that ships with your mashine and be happy. But you do have the choice.

              Comment


              • #8
                Originally posted by plonoma View Post
                And freedom.
                Avoiding back-doors. Put there by government or corporations.
                I don't have any guarantee that there is no backdoor in this computer until I don't spend time and money on auditing software.

                Anyway there are still software bugs that can be used to exploit OS, so I doubt if any government or corporation would spend money on backdoors. It's cheaper to have large collection of exploits.

                Comment


                • #9
                  Originally posted by plonoma View Post
                  Avoiding back-doors.
                  Except those that might be left in the firmware of the embedded controller - that one is still binary only (but glossed over by the FSF and gluglug)

                  Comment


                  • #10
                    Originally posted by 89c51 View Post
                    Free Software Fundamentalism. Thats why.
                    Not neccesarily. As shown recently, plenty can be hidden within bios, uploadable firmware blobs and onboard flash.

                    Having such open option is not bad, even if not everyone would use it at the moment.

                    Comment


                    • #11
                      Originally posted by michal View Post
                      I don't have any guarantee that there is no backdoor in this computer until I don't spend time and money on auditing software.
                      That is true, but at least you _can_ spend time and money to audit software, if you have access to the source code. If it's blob, you can just trust your vendor.

                      You probably won't spend time and money for your media center in your living room or your gaming rig. But let's say, for example, you are a company developing bleeding edge somethings you need to keep a trade secret for the time being. If it's big enough a deal, you'd probably be willing to spend money to make your system is secure from certain agencies that consider it "terrorism" that you're developing something their nation's companies do not have. If you can't get the source code, throwing an infinite amount of money and security experts on it still would not help a bit.

                      Originally posted by michal View Post
                      Anyway there are still software bugs that can be used to exploit OS, so I doubt if any government or corporation would spend money on backdoors. It's cheaper to have large collection of exploits.
                      Maybe, maybe not. You don't know. The NSA considered it even worth it to mess with Cisco's hardware directly. Using a custom firmware would actually be much more sneaky and easier to implement. Of cource, if you want to do it right - just use every route you can to brach a system.
                      But okay, let's say it is only bugs they would exploit. Great! Luckily, bugs can be fixed, software can be patched. Oh, you have an exploitable bug in a firmware blob/driver blob/proprietary software? Sorry, you're out of luck.

                      Comment


                      • #12
                        Originally posted by emerge-e-world View Post
                        That is true, but at least you _can_ spend time and money to audit software, if you have access to the source code. If it's blob, you can just trust your vendor.

                        You probably won't spend time and money for your media center in your living room or your gaming rig. But let's say, for example, you are a company developing bleeding edge somethings you need to keep a trade secret for the time being. If it's big enough a deal, you'd probably be willing to spend money to make your system is secure from certain agencies that consider it "terrorism" that you're developing something their nation's companies do not have. If you can't get the source code, throwing an infinite amount of money and security experts on it still would not help a bit.


                        Maybe, maybe not. You don't know. The NSA considered it even worth it to mess with Cisco's hardware directly. Using a custom firmware would actually be much more sneaky and easier to implement. Of cource, if you want to do it right - just use every route you can to brach a system.
                        But okay, let's say it is only bugs they would exploit. Great! Luckily, bugs can be fixed, software can be patched. Oh, you have an exploitable bug in a firmware blob/driver blob/proprietary software? Sorry, you're out of luck.
                        If you have something that "important" it shouldn't be in postion to be accessed by anyone that doesn't have physical access to the machine(s) it's on. If some gov. org wanted your crap that badly, open source firmware is not gonna stop them from getting it. So whoever said this was "Free software fundamentalism", was perfectly right IMO, as open sources != perfectly secure as some of you people think it does. See the recent OpenSSL debacle for proof.
                        Last edited by rstat1; 08-05-2014, 05:02 PM.

                        Comment


                        • #13
                          I just don't understand how some of the big vendors didn't took advantage of this recent NSA debacle. One can advertise laptops with Core/LibreBoot and Linux as NSA free, and earn big money on the people fear.

                          Comment


                          • #14
                            Originally posted by pgeorgi View Post
                            Except those that might be left in the firmware of the embedded controller - that one is still binary only (but glossed over by the FSF and gluglug)
                            Exactly. Hard drives, network controllers, baseband modems, all have embedded processors that can be exploited by a sufficiently motivated attacker. All of those run their own, closed-source code.

                            That's not to say that a laptop based on free software isn't a laudable goal or that there isn't a security advantage, it's just that the claim of "only free software" is not true by a long shot. I'd still like to see support for newer hardware though.

                            Comment


                            • #15
                              Originally posted by BlackStar View Post
                              Exactly. Hard drives, network controllers, baseband modems, all have embedded processors that can be exploited by a sufficiently motivated attacker. All of those run their own, closed-source code.

                              That's not to say that a laptop based on free software isn't a laudable goal or that there isn't a security advantage, it's just that the claim of "only free software" is not true by a long shot. I'd still like to see support for newer hardware though.
                              Well, the next step is to make a laptop with that GPLv3 gpu

                              For ethernet : http://www.ethernut.de/
                              For basic USB : http://www.obdev.at/products/vusb/index.html (maybe something better exists ?)

                              And who needs superIO nowadays

                              Comment

                              Working...
                              X