InactiveUser 188 Posted ... Lenovo is now using rootkit-like techniques to install their software on clean Windows installs, by having the BIOS overwrite windows system files on bootup.(from https://news.ycombinator.com/item?id=10039306) Starting with Windows 8, Microsoft even facilitates this process: in Windows 8+ any PC vendor can include an .EXE in Firmware/BIOS, and Windows will look for this on each boot, and run it right before you log in. This is called "Windows Platform Binary Table". This is something Windows does, and there is no way to turn this off. To me, this is the bigger story, because vendors may now start to use this method to install anything, making a clean windows install impossible.(from https://news.ycombinator.com/item?id=10046957. More info on Windows Platform Binary Table) My thoughts on this: Proprietary software makes free and secure computing impossible. "Just install Linux" doesn't fix anything: Your BIOS/UEFI still runs proprietary code, doing stuff behind your back and against your will. "Just install a free BIOS (coreboot)" doesn't fix anything either: Recent intel CPUs are managed by a "separate CPU within the CPU". That separate CPU (Intel Management Engine) has its own, proprietary, irreplacable firmware.It has DMA (= direct memory) access to the entire system memory and can access the networking adapters in a way transparent to the OS.(from http://www.coreboot.org/Binary_situation) Under the guise of providing new feautures for "convenience" and even "security" (see Secure Boot), hardware companies turn free computers into proprietary appliances. What can we do?Support alternative vendors such as System76, ThinkPenguin and PurismSupport "open hardware" projects such as Novena, with the hope of carving out a niche for truly free, open source and secure computingSupport organizations such as FSF and EFFEngage politically! Lobby against freedom-inhibiting developments such as compulsory non-free routers 6 encrypted, Lee47, OmniNegro and 3 others reacted to this Quote Hide InactiveUser's signature Hide all signatures all of my content is released under CC-BY-SA 2.0 Share this post Link to post
wer 14 Posted ... What can we do?Support alternative vendors such as System76, ThinkPenguin and PurismSupport "open hardware" projects such as Novena, with the hope of carving out a niche for truly free, open source and secure computingSupport organizations such as FSF and EFFEngage politically! Lobby against freedom-inhibiting developments such as compulsory non-free routers I'd replace Purism with Libreboot.I know, Libreboot is running mainly on Lenovo laptops but they have been freed of all proprietary firmware. This is what I'd call free. I read a lot about Purism and I liked the enthusiasm at first but I am afraid that this is looking more and more like a charade to me. Purism's goals are noble but sound like an individual promising world peace. I'd love to be proven wrong and I am not an expert but most of the experts who have been working years on this subject aren't anywhere near what Purism is talking about. I don't trust the latest hardware because more and more backdoors seem to be implemented. I use older hardware, my latest laptop is from 2010. 1 InactiveUser reacted to this Quote Share this post Link to post
InactiveUser 188 Posted ... I agree with you about Purism, there are a lot of question marks and unfulfilled promises. I chose to include it in my (non-exhaustive) list because supporting any alternative vendor helps in the sense that it shows demand for alternatives. None of the projects I listed are truly free: the Novena comes closest, but even they had to reverse-engineer the 3d/video drivers.Once we show demand in the millions, we can push hardware companies to build stuff that doesn't require reverse engineering. If Purism and all their publicity helps us get to such numbers - even if Purism are mostly hype with little substance - I'm fine with that. 1 LZ1 reacted to this Quote Hide InactiveUser's signature Hide all signatures all of my content is released under CC-BY-SA 2.0 Share this post Link to post
wer 14 Posted ... I just wanted to add a link where one can buy preconfigured libreboot computers:http://minifree.org (fka gluglug) I agree with you about Purism, there are a lot of question marks and unfulfilled promises. I chose to include it in my (non-exhaustive) list because supporting any alternative vendor helps in the sense that it shows demand for alternatives. None of the projects I listed are truly free: the Novena comes closest, but even they had to reverse-engineer the 3d/video drivers.Once we show demand in the millions, we can push hardware companies to build stuff that doesn't require reverse engineering. If Purism and all their publicity helps us get to such numbers - even if Purism are mostly hype with little substance - I'm fine with that. If they would help the cause I'd be all in. Hell, I almost preorderd one of the Librem but I went for the libreboot (fortunately).I am having mixed feelings because it looks like it is all about money. It is most of the time. Yesterday there has been a tweet from Purism making fun of libreboot computers (the account has been closed now & there has been an apology). This is not the first time I am getting the impression that Purism is all talk and no action. The good thing is that some of the projects like coreboot, libreboot and companies dedicated to building Linux friendly laptops/computers are getting more attention. I hope that more people care but I fear that the demand will not grow enough for big companies to build laptops respecting your freedom a little more. On the contrary. Look at Snowden and his leaks. Most people don't want to hear about him anymore. I am asking myself - why? 1 InactiveUser reacted to this Quote Share this post Link to post
LZ1 672 Posted ... Hello ! Slight thread necro here, but I think it's worth it, due to the good content OP posted, which deserves more attention. I just wanted to add to it: A security researcher found exploitable SMM code in Lenovo Thinkpads. The problem is: this stuff runs like 2 layers below the BIOS. Meaning that virusscans, changing the OS and even firewall/networking rules don't work. So even if Lenovo did fix these things, it still shows the importance of fighting for our hardware & software freedoms. 1 InactiveUser reacted to this Quote Hide LZ1's signature Hide all signatures Hi there, are you new to AirVPN? Many of your questions are already answered in this guide. You may also read the Eddie Android FAQ. Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you. Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily. Share this post Link to post
Kepler_452b 77 Posted ... Good God; I had no idea it had gotten so bad. I haven't bought a laptop in many years, but I will be needing a replacement soon. Could someone please suggest a late model laptop that would be free of snooping. Unfortunately I never learned linux so I need to run Win 7 and can install my own OS. Any suggestions will be much appreciated. Thanks. Quote Share this post Link to post
LZ1 672 Posted ... Good God; I had no idea it had gotten so bad. I haven't bought a laptop in many years, but I will be needing a replacement soon. Could someone please suggest a late model laptop that would be free of snooping. Unfortunately I never learned linux so I need to run Win 7 and can install my own OS. Any suggestions will be much appreciated. Thanks.That's a tall order. The problem is that even if you ran Linux, there's still software which runs on the various pieces of hardware in the laptop. This software is called firmware. In principle, we don't knowwhat this firmware does, if it's not open. Maybe you should take a crack at Linux anyhow, it's not too late. You could download a distro like Ubuntu or Linux Mint and burn it to a CD. This CD could then be used as a"live CD", which would let you try out the OS without actually installing it. Alternatively, you could download virtualbox and run a Linux distro in there. You don't have to be a command-line guru to use it. There's options to buy laptops pre-installed with Linux Heck, you don't even need to install anything. You can just try it in your browser! As the OP said, providers like ThinkPenguin provide laptops which are perhaps less prone to snooping. But really, it's kind of an oxymoron to not want snooping, yet insist on running Windows, sorry. Windows is governed by Microsoft & is closed-source. MS being MS, it most likely has backdoors; just check Windows 10 I recommend you watch this. 2 OmniNegro and Just a Fred reacted to this Quote Hide LZ1's signature Hide all signatures Hi there, are you new to AirVPN? Many of your questions are already answered in this guide. You may also read the Eddie Android FAQ. Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you. Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily. Share this post Link to post
OmniNegro 155 Posted ... I suggest people read up on UEFI to see how *Expletive Deleted* their motherboards are in reality.https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface I will not mention my specific complaints here. The forums does not need the encyclopedia of things I dislike about it. You can read and see what irritates you if you like. But I will say that I really do agree with Linus Torvalds about some of the issues. Lenova is not doing anything uncommon among system makers. They are using UEFI as a club to bash our security into dust. Shame on the entire world. 1 OpenSourcerer reacted to this Quote Hide OmniNegro's signature Hide all signatures Debugging is at least twice as hard as writing the program in the first place.So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it. Share this post Link to post
sigmund_freud 2 Posted ... sorry, my hardware knowledge is very basic. but so is it the same on Apple computers, as well? is it the UEFI abuse that's the problem? Quote Share this post Link to post
OmniNegro 155 Posted ... Alright. I will attempt a brief and mostly non-technical explanation. UEFI is the successor to BIOS. BIOS was used for decades to handle the motherboard and all the hardware attached to it. But as time went on, BIOS became really complex. Now instead of Asus and Dell (Just two random PC makers. All others could be listed here.) each having to make separate BIOS for their systems, they can use UEFI and a few tiny specific modules for their hardware to work with it. There are unfortunately many failures with UEFI. A notable one is on Apple systems as well. UEFI is being used to tell you what software you can install and run on your system. At this time, I think there are exactly three identifiers that a bootloader can choose from for UEFI to allow it to boot. The short versions of the names is Microsoft Windows, Red Hat Enterprise Linux, and Apple OSX. (I am sure I am off by a bit on the exact choice of words for the options here, but this is enough for any Human to figure out what I meant.) So UEFI is actually designed to require most free operating systems to lie and say they are one of these three non free operating systems. And that has already caused some legal problems for Linux distributions. And this is just for the bootloader. There is plenty more problems with UEFI that can and will be a problem later. @sigmund_freud So far, the problem this thread is about has not been found on an Apple system. They may be fine. Quote Hide OmniNegro's signature Hide all signatures Debugging is at least twice as hard as writing the program in the first place.So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it. Share this post Link to post
OpenSourcerer 1435 Posted ... Alright. I will attempt a brief and mostly non-technical explanation. UEFI is the successor to BIOS. BIOS was used for decades to handle the motherboard and all the hardware attached to it. But as time went on, BIOS became really complex. Now instead of Asus and Dell (Just two random PC makers. All others could be listed here.) each having to make separate BIOS for their systems, they can use UEFI and a few tiny specific modules for their hardware to work with it. There are unfortunately many failures with UEFI. A notable one is on Apple systems as well. UEFI is being used to tell you what software you can install and run on your system. At this time, I think there are exactly three identifiers that a bootloader can choose from for UEFI to allow it to boot. The short versions of the names is Microsoft Windows, Red Hat Enterprise Linux, and Apple OSX. (I am sure I am off by a bit on the exact choice of words for the options here, but this is enough for any Human to figure out what I meant.) So UEFI is actually designed to require most free operating systems to lie and say they are one of these three non free operating systems. And that has already caused some legal problems for Linux distributions. And this is just for the bootloader. There is plenty more problems with UEFI that can and will be a problem later. @sigmund_freud So far, the problem this thread is about has not been found on an Apple system. They may be fine. You can compare the BIOS-UEFI thing to how cell phones evolved. First you had a handheld device capable of calling and being called on the go. If you were to implant a fully featured CPU into it and write a versatile OS for it, you'd get a smartphone.Same with UEFI. Don't let it just start up the computer and load the next OS. Let it be a computer itself. Let it be.. UEFI. 1 OmniNegro reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
sigmund_freud 2 Posted ... thank you so much for your replies, i kind of get it now! Quote Share this post Link to post
LZ1 672 Posted ... thank you so much for your replies, i kind of get it now!If you have other questions, please don't hesitate to ask Quote Hide LZ1's signature Hide all signatures Hi there, are you new to AirVPN? Many of your questions are already answered in this guide. You may also read the Eddie Android FAQ. Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you. Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily. Share this post Link to post
flat4 79 Posted ... Any of you using this on a lenovo, I use a lenovo T540p Quote Hide flat4's signature Hide all signatures pFsense it works Share this post Link to post
LZ1 672 Posted ... The guy who found the vulnerability shows that other vendors have the same one: http://www.scmagazine.com/uefi-driver-flaw-discovered-on-lenovo-and-hp-laptops-also-affects-gigabyte-motherboards/article/507595/ 1 OmniNegro reacted to this Quote Hide LZ1's signature Hide all signatures Hi there, are you new to AirVPN? Many of your questions are already answered in this guide. You may also read the Eddie Android FAQ. Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you. Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily. Share this post Link to post
OpenSourcerer 1435 Posted ... The guy who found the vulnerability shows that other vendors have the same one: http://www.scmagazine.com/uefi-driver-flaw-discovered-on-lenovo-and-hp-laptops-also-affects-gigabyte-motherboards/article/507595/ Let's pretend we didn't suspect it and we're so shocked and surprised, like Oh my, we didn't know that, how could it be, we really didn't see that coming, god help us all!!!1!!!111!!! Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
LZ1 672 Posted ... Hehe, well for some people it is shocking Quote Hide LZ1's signature Hide all signatures Hi there, are you new to AirVPN? Many of your questions are already answered in this guide. You may also read the Eddie Android FAQ. Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you. Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily. Share this post Link to post
OmniNegro 155 Posted ... In every single implementation I have heard of, UEFI sounds like a rootkit at best. So I cannot understand how anyone would be surprised by this. Quote Hide OmniNegro's signature Hide all signatures Debugging is at least twice as hard as writing the program in the first place.So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it. Share this post Link to post
LZ1 672 Posted ... In every single implementation I have heard of, UEFI sounds like a rootkit at best. So I cannot understand how anyone would be surprised by this.Well I suppose it's a bit like with Snowden. Many people always suspected something bad was going on. But then they got actual evidence, which was still shocking. 1 OmniNegro reacted to this Quote Hide LZ1's signature Hide all signatures Hi there, are you new to AirVPN? Many of your questions are already answered in this guide. You may also read the Eddie Android FAQ. Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you. Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily. Share this post Link to post
flat4 79 Posted ... In every single implementation I have heard of, UEFI sounds like a rootkit at best. So I cannot understand how anyone would be surprised by this.Not surprise just didn't care but I like to explore this different boot options. Sent from my SAMSUNG-SM-N920A using Tapatalk 1 OmniNegro reacted to this Quote Hide flat4's signature Hide all signatures pFsense it works Share this post Link to post
Kepler_452b 77 Posted ... Not surprise just didn't care but I like to explore this different boot options. Sent from my SAMSUNG-SM-N920A using TapatalkThen you might like this boot option: NSA and other TLOs can boot your cell phone camera, mic and GPS with your phone turned "off". Quote Share this post Link to post
Kepler_452b 77 Posted ... That leaves the only option for real privacy is to remove the battery from your phone. Very very annoyingly (and probably not coincidentally), most cell manufacturers are emulating IPhone in not allowing battery removal. FUCK!!! Quote Share this post Link to post
OpenSourcerer 1435 Posted ... most cell manufacturers are emulating IPhone in not allowing battery removal. FUCK!!! I don't know why they do that. I can imagine it having something to do with costs and what people do with broken phones.Most people just buy one of the newest phones if their old one breaks. I think they realized it costs less if they produce spare parts for guarantee cases only rather than offering it for everyone. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
LZ1 672 Posted ... It may indeed be cheaper, due to unibody design. Quote Hide LZ1's signature Hide all signatures Hi there, are you new to AirVPN? Many of your questions are already answered in this guide. You may also read the Eddie Android FAQ. Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you. Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily. Share this post Link to post