Language Selection

English French German Italian Portuguese Spanish

Security: Intel Management Engine (ME), Snyk FUD, and Latest Security Updates

Filed under
Security
  • Replacing x86 firmware with Linux and Go

    The Intel Management Engine (ME), which is a separate processor and operating system running outside of user control on most x86 systems, has long been of concern to users who are security and privacy conscious. Google and others have been working on ways to eliminate as much of that functionality as possible (while still being able to boot and run the system). Ronald Minnich from Google came to Prague to talk about those efforts at the 2017 Embedded Linux Conference Europe.

    He began by noting that most times he is talking about firmware, it is with his coreboot hat on. But he removed said "very nice hat", since his talk was "not a coreboot talk". He listed a number of people who had worked on the project to "replace your exploit-ridden firmware with a Linux kernel", including several from partner companies (Two Sigma, Cisco, and Horizon Computing) as well as several other Google employees.

    The results they achieved were to drop the boot time on an Open Compute Project (OCP) node from eight minutes to 20 seconds. To his way of thinking, that is "maybe the single least important part" of this work, he said. All of the user-space parts of the boot process are written in Go; that includes everything in initramfs, including init. This brings Linux performance, reliability, and security to the boot process and they were able to eliminate all of the ME and UEFI post-boot activity from the boot process.

  • Interview: Why are open-source security vulnerabilities rising? [Ed: Snyk is a FUD firm. It has been smearing Free software a lot lately in an effort to just sell its services.]
  • Security updates for Wednesday

More in Tux Machines

Mozilla Adware

  • Mozilla Angers Firefox Users After Force-Installing Mr. Robot Promo Add-On
    Mozilla took a bit of heat this week after the organization force-installed a Mr. Robot promotional add-on in some Firefox browsers. The add-on, called Looking Glass, was intended to promote the season 3 finale of Mr. Robot that aired on Wednesday, December 13, but the whole media stunt failed miserably.
  • Firefox is on a slippery slope
    This extension was sideloaded into browsers via the “experiments” feature. Not only are these experiments enabled by default, but updates have been known to re-enable it if you turn it off. The advertisement addon shows up like this on your addon page, and was added to Firefox stable. If I saw this before I knew what was going on, I would think my browser was compromised! Apparently it was a mistake that this showed up on the addon page, though - it was supposed to be silently sideloaded into your browser! There’s a ticket on Bugzilla (Firefox’s bug tracker) for discussing this experiment, but it’s locked down and no one outside of Mozilla can see it. There’s another ticket, filed by concerned users, which has since been disabled and had many comments removed, particularly the angry (but respectful) ones.

Review: Daphile 17.09

Daphile is a minimal Linux distribution which is designed to be run on a computer dedicated to playing music. Daphile can be run on headless machines and its media controls are managed through a web-based interface. Basically, Daphile is intended to be run on a computer we can stick in the corner of a room and use it as a media centre without worrying about managing software, tweaking settings or navigating desktop environments. Daphile can be run from a CD or USB thumb drive for maximum portability and does not need to be installed directly on a hard drive to work. Daphile reportedly has the ability to rip audio CDs, play audio files from a local drive or stream music across network shares (Samba, NFS, FTP and OpenSSH services are supported). This gives us a pretty good range of media sources for our music collection. Under the hood, Daphile has its roots in Gentoo, though the operating system is somewhat stripped down and we cannot use Gentoo's package management utilities. Daphile runs the Busybox userland tools and a light web server, and very little else. In fact, Daphile does not provide a login interface to allow us to tinker with the operating system. The operating system is dedicated entirely to the task of playing music and our sole access to the media controls are through its web interface. The distribution is available in 32-bit and 64-bit builds and the ISO file we download for Daphile is 195MB in size. While Daphile is capable of running entirely without a screen, when we do boot from Daphile's media the distribution displays the distribution's IP address, which it obtains over DHCP. We can connect to the IP address using any modern web browser which automatically gives us access to Daphile's media controls, there is no user authentication built into the web interface. Read more

Android Leftovers

Linux Mint Releases Last KDE Edition "Sylvia"

​Mint fans rejoice as the latest version of Linux Mint 18.3 Sylvia with the KDE desktop is available to download on Linux Mint’s official website. The sad part is that this will be the last offering from Linux Mint that will feature the KDE desktop environment. Read
more