Backdoors in the CPU microcode, backdoors in the proprietary firmware of your motherboard / hard drives, backdoor through Intel Management Engine / AMD PSP. They’re all hardware level backdoors that can’t easily be disabled / replaced on newer systems.
There are only a select few of systems out their that can run a fully free BIOS with no IME, but those systems are about 15+ years old. In terms of freedom, we’re fucked. Even if you do switch to GNU/Linux, you’re still not entirely free.
That is all true. The way to fix this is by always being pro-active, it can mean:
Voting with our wallets. Show that you will always spend on the more privacy-respecting option, even if no perfect option exists.
Raising our voices, to family and friends. Elaborate why we need open tech.
Lobbying for open hardware and software initiatives. The goal is to make openness and freedom more profitable than closed tech.
Pro-activeness is important. Assume that our generation was perfectly privacy-demanding, that this was truly a core value that everybody held. If the next generation became lax on this issue, and didn’t care as much, things would start to deteriorate. Totalitarianism would creep in. So the current generation are always the torchbearers of freedom, we have to do our part.
Most of the time, your grub is still there, even the link on your efi partiton. Only the evivars in uefi need to be reminded of their existance far too often.
Windows did an update once that messed up so bad that at least until I booted into a live USB, my bios couldn’t find grub or windows lol, then from the live USB I just chrooted in and reinstalled grub.
Debian uses its own version of the Linux kernel with proprietary parts removed; however, if you want to install it on a machine that does have hardware for which there are no free drivers (which is to say almost any machine out there in the market), you’ll have to install proprietary parts; in the last version, Debian 12, system does that by default.
Intel Management Engine is a CPU-level microprogram that runs with highest priority and does not have open code, so essentially every PC with Intel CPU runs some arbitrary code we cannot verify. Same for AMD Platform Security Processor by the way, so there is no simple escape.
Oh and BIOS is proprietary too, and only a few select machines can have a fully libre BIOS successfully installed on them.
Thereby even if you go to essentially libre version of Linux, there will, almost universally, be pieces of obfuscated code with no disclosure on what they’re doing there.
Isn’t that a hardware problem though? At some point you want your software to work, and years of reverse engineering for it to do so is a long time for it isn’t it?
Well, it’s obviously dictated by hardware and the software that manufacturers release for it. I’m not calling enthusiasts to reverse engineer every single driver, that’s impossible.
The point is, there is a lot of proprietary blobs in everyone’s systems, and it’s not cool. If you ask me, we should obviously shift policies to force manufacturers to open source drivers and management systems.
Didn’t knew about the Debian part I thought they said that they will ship an installer with non-free by default and another installer which you can configure.
Btw I’m on my way to build a new x220 with libreboot and GUIX can we get more free than that? Xd
IME is even worse than that. It runs on a supervisor processor in the chipset that has privileged access to the memory, peripherals, and CPU, and can run when the rest of the system is powered off. IME is how Intel AMT can serve as a KVM-over-IP, and just because you don’t have a CPU with Vpro doesn’t mean all the components aren’t there for an exploited or backdoored ME firmware to remotely log your console or inject keystrokes.
The way WSL1 worked is actually quite interesting: The NT kernel always had the capability to run multiple subsystems, with Win32 only being one of them and there were subsystems available for OS/2, POSIX and later UNIX. WSL1 was pretty much a revival of that feature. So WSL1 is indeed somewhat like Wine, but making heavy use of some features built into the kernel. So yeah, no real boot process happening.
(Also it’s kinda stupid that the ‘S’ in WSL2 still stands for ‘subsystem’, despite not using that feature anymore.)
I liked the WSL1 approach better. I find it ironic that the Windows kernel lacks so many useful features that it simply wasn’t possible to properly implement things like cgroups on top of it, so they just gave up and ran Linux in a VM for WSL2
linuxmemes
Hot
This magazine is from a federated server and may be incomplete. Browse more on the original instance.