[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Indirect Tor question



Well, why don't you write your own bios?


On Mon, Sep 9, 2013 at 5:03 PM, Chris <tmail299@xxxxxxxxxxx> wrote:

> > We are not concerned about the price but rather we are concerned about
> our
> > freedoms to share change etc the source code to suit our needs. Furthmore
> > some of us are very paranoid.
>
> Rightly so.
>
> > Also why can't u make a open source bios?
>
> Is that sarcasm or do you genuinely not understand the difficulty of the
> problem? It is a complicated issue. To start off there are only a handful
> of companies which produce a BIOS and they work AMD, Intel, etc. That is
> then licensed to manufacturers. There is coreboot (a free software BIOS)
> although without the support of the likes of Intel/AMD its near impossible
> to port to a given system. There are other problems. Most of the funding
> for coreboot is from the server arena. There not concerned with desktops
> and laptops. Which means it's all the more difficult/expensive.
>
> It's best summer up as a non-trivial issue. A computer is not designed by
> a single person or entity and relies on many different parties to produce.
>
> There are significant financial and technical hurdles to releasing a
> system with a free software BIOS. Google (a huge corporation
> comparatively) has attempted to do it and had much difficulty/resistance.
>
> > What are u hiding from us?
>
> We aren't intentionally hiding anything.. but we also don't have the
> source to our own product. At least not all of it.
>
> > Your NSA backdoor!
>
> There may be a backdoor. The challenge is to find it and work towards its
> removal, or find millions of dollars to fund something that is validatable
> and NSA-free.
>
> >
> > Sent from my Android so do not expect a fast, long, or perfect
> response...
> > On Sep 9, 2013 2:53 PM, "Chris" <tmail299@xxxxxxxxxxx> wrote:
> >
> >>
> >> >> I'm wondering about any and all similar tor-based systems wherein
> >> there
> >> >> is ANY portion that is not opensource.
> >> >
> >> > Scrutiny is a good thing. I suggest using the vrms tool to find
> >> non-free
> >> > software. [10] [11] Parts of this non-free software may come without
> >> > source code being available. From a quick curious look into the Tails
> >> > source code greping for "nonfree", I found "firmware-linux-nonfree".
> >> >
> >> > There may be more good reasons to add such packages than against
> >> adding
> >> > such packages. (Because not adding those may result in such poor
> >> > hardware support, that there aren't enough users in the first place to
> >> > even theoretically provide anonymity.)
> >>
> >> ...
> >>
> >> >
> >> > The development version of Whonix (we'll probably make a new release
> >> > soon) includes a check using vrms (while building from source code),
> >> > which provides safety against installing non-free software.
> >> >
> >> > (Tails aiming to be run on hardware may not be so easily be able to
> >> drop
> >> > all non-free packages. It's much easier for Whonix when aiming at
> >> > Virtual Machines - I am not saying this solves the problem - it leaves
> >> > the user alone with the decision to install such non-free packages on
> >> > the host.)
> >>
> >>
> >> I don't usually chime in on the Tor-talk list although my company is
> >> following Tor / supporting Tor / Tails, etc. We have been working with
> >> the
> >> FSF and other entities to improve the availability of free software
> >> friendly hardware and get the companies designing various pieces to
> >> release the complete set of code. It's a lot of work. Check out
> >> fsf.org/ryf.
> >>
> >> In any case I thought I'd chime in because it's what I work on.
> >>
> >> In any case while you won't find a 100% free x86 system you can avoid
> >> dependence on most non-free firmware. ThinkPenguin (I'm the founder &
> >> CEO)
> >> has a catalog of hardware of which 100% of the catalog is compatible
> >> with
> >> 100% free distributions. That is all core features should work on any
> >> device / system (wireless, sound, ethernet, USB, graphics, etc) without
> >> any non-free firmware. The BIOS in the laptops and desktops are non-free
> >> and there is undoubtedly non-free microcode all over the place (probably
> >> the biggest problem that is unknown to the masses which needs solving).
> >>
> >> The solution to the hardware problem is to focus on increasing demand
> >> for
> >> free software friendly hardware and using that demand to get concessions
> >> from the large cooperations designing the chipsets. I'm not a big fan of
> >> reverse engineering and feel it is in large part a loosing battle. RMS
> >> sparked my attention at 2013 LibrePlanet with a speech he gave. He
> >> talked
> >> about the difficulties of reverse engineering and the need for the
> >> community to design hardware from scratch (essentially). It may seem
> >> unrealistic right now due to cost, the lack of expertise, and how far
> >> behind anything would be once it reached the market although I think the
> >> only thing really holding such projects back is a scattered community.
> >> We
> >> have this community that hasn't shown it's willing to put its money
> >> where
> >> its mouth is. People too concerned about saving a dollar here or there.
> >> Fortunately there is a whole large set of new and less tech savvy users
> >> who care getting on board all the time. They aren't afraid to spend a
> >> little extra. I think from that such challenges may be overcome. If
> >> there
> >> is any hope it probably lies with them.
> >>
> >> What I'd still like to see is more people thinking about how we can get
> >> more people concerned about free software friendly hardware (and
> >> software;
> >> ie Adobe Flash, etc). Right now most companies advertising "Linux"
> >> compatible hardware I'd advise avoiding. The ones who aren't advertising
> >> it seem to be more in tune with cooperating on the release of code (HP
> >> is
> >> a good example; great job on code releases, but never advertise Linux /
> >> GNU on the package). Good PR doesn't make up for the lack of code either
> >> (NVIDIA/AMD w ATI).
> >>
> >> What is extremely disappointing to me is that some of our smaller
> >> competitors aren't helping the situation any. There are things they
> >> could
> >> do easily and aren't. For instance shipping with free software friendly
> >> wifi cards. Even if your going to offer systems with a non-free
> >> dependent
> >> graphics chip (because of performance advantages) there is no reason you
> >> can't ship with a free software friendly wifi card.
> >> --
> >> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> >> To unsusbscribe or change other settings go to
> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> >>
> > --
> > tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> > To unsusbscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> >
>
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsusbscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
Nathan Suchy
If this email was not intended for you delete it and any copies you have of
it. The email was intended for "FirstName LastName". Information in this
email may be confidential and releasing it may be a violation of US law.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk