[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How secure is an installation with with no non-free packages?

On Fri, Sep 13, 2013 at 10:11 AM, adrelanos <adrelanos@riseup.net> wrote:
> [...]
> Yes, the more I dig into one topic, the open questions remain and them
> stronger the conclusion "we're totally screwed" becomes.

We've always been screwed. I'd say, ever since the 6809 faded away,
but what I'd mean is ever since we moved from 8-bit to 32-bit systems.
But, no, the problem is not the increased complexity, it's pushing the
industry into a range of complexity where we have no tools to deal
with the complexity.

Don't let it turn you paranoid or cynical, just learn what you can,
deal with it as you can, and keep doing what you can.

And don't hope there is a magic bullet.

With Intel, it's like our star pitcher has been caught trying to throw
the game.

I could use a war metaphor instead, but the point is not to give up.
It's to adjust our ideas about whom we can trust and start adjusting
our behavior accordingly.

And build tools to help us contain the damage. I'm not sure what we
can do concerning the microcode. The tools we need will require going
against Intel's shrink-wrap agreements, but I think we can claim
unconscionable clauses and such. Probing the microcode and breaking
the key for the update mechanism are high-priority. It's a Pandora's
box, but the NSA has forced our hand.

If the ARM consortium won't help us out here, by avoiding the stupid
excesses Intel has gone to, we'll eventually have to develop several
industrially viable fully open/libre/free CPU cores. (Several, for
specialized target applications, and so that we can avoid the
monoculture issues.)

Joel Rees

Be careful where you see conspiracy.
Look first in your own heart.

Reply to: