Conversation

Notices

1. Embed this notice
   Bricky (thatbrickster@shitposter.club)'s status on Tuesday, 15-Aug-2023 22:41:30 JST Bricky
   Speculative execution and its consequences have been a disaster for the computing race.
   https://www.phoronix.com/news/AMD-Zen-1-Zero-Fix-Again
   • Embed this notice
     ロミンちゃん (romin@shitposter.club)'s status on Tuesday, 15-Aug-2023 22:41:29 JST ロミンちゃん

     in reply to
     @thatbrickster 0 days since the last speculative execution exploit.
   • Embed this notice
     mdn (mangeurdenuage@shitposter.club)'s status on Thursday, 17-Aug-2023 17:48:15 JST mdn

     in reply to
     @thatbrickster Proprietary hardware/software have been a disaster for the computing race.
     翠星石 likes this.
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 17-Aug-2023 17:51:07 JST 翠星石

     in reply to

     • Dumb Idiot Retard
     @idiot >What model of Zen laptops have coreboot support?
     None of them as AMD refuses to allow for anything but 100% proprietary UEFI's (digital handcuffs are really good at ensuring this).
     
     AMD has announced that they plan to release seemingly a proprietaried up, GPL infringing version of coreboot, but I don't know how that's going.
   • Embed this notice
     Dumb Idiot Retard (idiot@shitposter.club)'s status on Thursday, 17-Aug-2023 17:51:08 JST Dumb Idiot Retard

     in reply to

     • mdn
     @mangeurdenuage @thatbrickster What model of Zen laptops have coreboot support?
   • Embed this notice
     Bricky (thatbrickster@shitposter.club)'s status on Thursday, 17-Aug-2023 17:51:09 JST Bricky

     in reply to

     • Dumb Idiot Retard
     • mdn
     @idiot I bought an AMD Zen 2 laptop for uni and, while responsiveness was better, I found no significant improvement in battery life compared to my T530. Wish I was confident enough to put CoreBoot/LibreBoot on it.
     
     @mangeurdenuage
   • Embed this notice
     mdn (mangeurdenuage@shitposter.club)'s status on Thursday, 17-Aug-2023 17:51:09 JST mdn

     in reply to

     • Dumb Idiot Retard
     @thatbrickster @idiot
     >Wish I was confident enough to put CoreBoot/LibreBoot on it.
     You can buy a bios chip on ebay for that model and if you fuck up just solder it on the bricked one.
   • Embed this notice
     Dumb Idiot Retard (idiot@shitposter.club)'s status on Thursday, 17-Aug-2023 17:51:10 JST Dumb Idiot Retard

     in reply to

     • mdn
     @mangeurdenuage @thatbrickster Really hard to justify buying new (to me, nevermind new condition) hardware when literally everything has problems like this. PhD candidates sure are eating good though.
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 17-Aug-2023 18:17:18 JST 翠星石

     in reply to

     • :niggy:
     @niggy Ah yes, another one who just believes what the proprietary masters say.
     
     >supporting installing coreboot etc on consumer hardware is bad
     It being possible for users to install the software they want to install is bad?
     
     >just exposes users to persistent firmware implants for a feature they'll never use
     I'm not sure what "persistent firmware implants" is meant to mean, could you clarify?
     
     Firmware is microprocessor instructions burned into a external ROM chip that can technically be cut out and thus replaced (therefore, not as hard as hardware, but not as soft as software, so firmware).
     
     Of course manufacturers have taken to calling their proprietary software "firmware" to trick the users into thinking that what controls the hardware isn't software and how only the manufacturer can update such is normal.
     
     I've heard of plenty of UEFI level malware that bypasses the signing, as such proprietary software developers seem to only be competent enough to implement signing that blocks free software, but not malware (or could it be that their only intention is to block free software and they don't care that their software is full of vulnerabilities that are exploited by malware).
     
     >signed firmware protections are the best thing to happen to hardware in decades
     Hardware that refuses to boot up unless authorized proprietary software (full of vulnerabilities) is present is a good thing?
     
     >maybe could be some niche hardware options for those special enthusiasts, but can't really blame vendors when that market is so minuscule
     The market for decent hardware is huge, it's just that few seems to want to sell to such market.
     
     It'll be trivial to allow the user to upload their own signing keys, or add a setting to disable signature checking (just like what "secureboot" does), or even to add 2 solder pads to the board that need to be shorted to disable signature checking, but of course no manufacturer does that.
   • Embed this notice
     :niggy: (niggy@poa.st)'s status on Thursday, 17-Aug-2023 18:17:19 JST :niggy:

     in reply to

     • 翠星石
     • Dumb Idiot Retard
     @Suiseiseki @idiot supporting installing coreboot etc on consumer hardware is bad and just exposes users to persistent firmware implants for a feature they'll never use, signed firmware protections are the best thing to happen to hardware in decades
     maybe could be some niche hardware options for those special enthusiasts, but can't really blame vendors when that market is so minuscule
   • Embed this notice
     :niggy: (niggy@poa.st)'s status on Thursday, 17-Aug-2023 18:25:35 JST :niggy:

     in reply to

     • 翠星石
     • Dumb Idiot Retard
     • :niggy:
     @Suiseiseki @idiot Chinese/Russian/US intelligence have all been using BIOS implants since the 2000's. Here's an old school NSA TAO wiki page excerpt from ~2010 (public from Snowden docs). UEFI standardization has just made developing this stuff easier
     Attackers who want this are probably more common than the rare enthusiasts that actually want to run coreboot etc, and would be way more common without those protections
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 17-Aug-2023 18:25:35 JST 翠星石

     in reply to

     • :niggy:
     @niggy >Chinese/Russian/US intelligence have all been using BIOS implants since the 2000's.
     I don't see how codemonkey rolled signature checking is meant to stop state level actors from writing UEFI injecting malware (as evidenced by all the articles about UEFI level malware being found on hardware even with such digital handcuffs).
     
     State level actors are less common than free boot software enthusiasts, although such actors all together may have numerically more employees.
     
     If you want to actually stop such attacks, you need a 100% free software BIOS which is checked for vulnerabilities and them maybe optionally the ability for the user to set signing keys.
   • Embed this notice
     :niggy: (niggy@poa.st)'s status on Thursday, 17-Aug-2023 19:42:52 JST :niggy:

     in reply to

     • 翠星石
     @Suiseiseki if you get a modern intel processor OEM system it's designed to be electronically incapable to running unsigned UEFI firmware (intel boot guard)
     These protections aren't 100% perfect but they do seriously work and make attackers lives so much harder, often just not worth the effort
     as example from that same wiki page here's how even NSA's SMEs were affected by storage drives starting to secure vendor-commands/firmware around that time, it fucked them up
     Not even just governments even ransomware groups (eg trickbot) have dipped their toes in UEFI stuff, if vendors allowed installing custom UEFI firmware we'd have ransomware campaigns except granny would have to throw out her physical hardware instead of just reinstalling windows
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 17-Aug-2023 19:42:52 JST 翠星石

     in reply to

     • :niggy:
     @niggy >it's designed to be electronically incapable to running unsigned UEFI firmware (intel boot guard)
     Aside from how the wiring layout and hardware was designed by codemonkeys as well, so state level actors and decently skilled malware writers can bypass intel boot guard (resulting in the only guarding being against your computer booting with free software).
     
     >These protections aren't 100% perfect but they do seriously work and make attackers lives so much harder, often just not worth the effort
     They don't work at all against determined attackers - although attackers may go after easier targets first instead or take a bit longer - so no real security gains have been realized.
     
     >even NSA's SMEs were affected by storage drives starting to secure vendor-commands/firmware around that time, it fucked them up
     Maybe the NSA was stopped from trivially being able to install their own storage drive software, but all that would do is either make them attack something else, or even make them write more advanced infection software (they obviously added more self-hiding features this time after reading wiki page as well).
     
     >if vendors allowed installing custom UEFI firmware we'd have ransomware campaigns except granny would have to throw out her physical hardware instead of just reinstalling windows
     That's what they want you to believe, but it's not the truth.
     
     Despite all the computers with BIOS's without digital handcuffs that are still being used, I haven't heard of any large BIOS ransomware campaigns that infect such computers - it's almost like such ransomware attackers are mostly incompetent and wish to make a quick profit off people who run whatever arbitrary .exe and don't make backups.
     
     Attackers that are more skilled and are willing to play the long game are likely going to be able to bypass intel boot guard just fine - but really they can make more profit doing other things than ransomware with those skills, so they do those other things instead.
     
     I've mentioned multiple ways vendors could allow users to install custom software without "endangering" such a hypothetical granny, as granny isn't going to be uploading her own encryption keys or shorting 2 pads unless she knows what she's doing.
     
     Windows is arguably a sort of ransomware, so reinstalling it would be how to maintain a persistent infection with no BIOS rootkits required - but most people won't be able to figure out how to install windows, let alone granny.
     
     As for the throwing out hardware part, unless something extremely proprietary has been done by hardware manufacturers, just flashing the BIOS chip and any devices with microprocessors and storage (i.e. HDD's) with an external programmer will remove any infection - but of course hardware manufacturers won't tell you how to do that, as it seems they have proprietary interests in ensuring that their malware stays installed instead of being replaced.
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 17-Aug-2023 20:33:18 JST 翠星石

     in reply to

     • 翠星石
     • :niggy:
     @niggy I just see pleroma:emoji_reaction, I'm not sure what you're reacting.
   • Embed this notice
     Dumb Idiot Retard (idiot@shitposter.club)'s status on Thursday, 17-Aug-2023 21:53:03 JST Dumb Idiot Retard

     in reply to

     • 翠星石
     • :niggy:
     @niggy @Suiseiseki >You can't have freedom because
     Hold on let me check my notes here a sec
     Uh
     >le chinese are in my wall
     I HATE the antichrist.
     ロミンちゃん likes this.
   • Embed this notice
     :niggy: (niggy@poa.st)'s status on Saturday, 19-Aug-2023 14:35:29 JST :niggy:

     in reply to

     • 翠星石
     @Suiseiseki I am doing the ❤️ (heart) reaction friend
     翠星石 likes this.