In my opinion it isn't a bad thing because in the future, when Microsoft disallows disabling secure boot, using BIOS vulnerabilities will be the only way to install an unsigned operating system.
What isn't a bad thing? Shitty security in BIOS chips? Instead of reformatting your disk you have to detach eeprom chip that holds bios from mobo and connect it to another system to inspect it for infections / changes. I'm not sure this is even possible for most mobos and it doesn't cost nothing like reformatting disk costs nothing.
EDIT:
> using BIOS vulnerabilities will be the only way to install an unsigned operating system.
Then I would rather not use those systems.
Android phones are already at this level - I could run CyanogenMod but I'd have to first run a random blob I refuse run because there is no way to verify what that blob does. I'm screwed both ways. At these moments I remember Stallman wasn't completely crazy and wish Linux was licensed under GPLv3 so that the phone I bought wasn't tivoized.
Ha. The strange thing about stallman is that his words of 'craziness' magically convert to words of wisdom, but there is always a delay in that process, which can go up to decades. This happens _always_. Joke's on us, despite knowing about this phenomenon, we never adjust for it.
but I'd have to first run a random blob I refuse run because there is no way to verify what that blob does
There's always reverse-engineering... an option which I believe could be far more powerful, and Stallman should've argued for; the ability (and right) to figure out what some software does and modify it is the fundamental key to the freedom he argues for, and while having the source code can certainly help, it's not the only possibility.
The power of RE comes from the fact that, while it's very easy to not release source code, it's nearly impossible to prevent someone from reading the binary on a general-purpose computer regardless of what the legal situation is.
I don't know what you're advocating for here. The ability to reverse engineer is explicitly required by the LGPL, and the GPL necessarily requires a minimum standard that covers the RE-ability of any covered work...
Bingo: I'm far more afraid of hardware that's actually unhackable. Down that road lies the slow death of start ups, activism, DIY programming etc.
I'm actually really happy the tablet revolution didn't pan out as predicted since it leads to the same conclusion: computers where you can't just start coding on them, without which I would never have gotten started.
The War On General Purpose Computing continues. Far too many people are content to sacrifice their future in exchange for a few shiny beads^H^H^H^H^H"smart" devices.
As for tablets: they may not have been the revolution that some people hoped for, but the lock-in to a walled garden happened anyway with the iphone. Apple has done more long-term damage to the computer industry than anybody else by convincing way to many software authors - who should really know better - that paying to write and publish software is sane.
Instead of fighting this when it was small, we are now faced with a future where even the hardware can work against the user who wants a true General Purpose Computer. We've already seen BIOS lockouts such as the recent thinkpad "boot guard" idiocy. It will get really bad once we start to see Intel "SGX" and the "trusted execution environment" it is intended to enable[1]. So now we get to fight at the hardware level, too.
As for using vulnerabilities to root the device - that is not a strategy to fight this, and merely cedes the fight to the people that are afraid of what it means to be "turing complete".
Unfortunately, I suspect that we are too late. Fighting this trend now requires sacrifice. Stop giving any money to any business that uses these anti-user technologies. Yes, that includes Intel and many others. Stop writing software or making embedded products that rely on these kinds of features. Yes, this might mean quitting a nice job. No, I expect instead that the people that should know better will continue supporting the enemy by buying their products. I expect they will stay on as collaborators.
I honestly admit, I'm scared. We're headed towards the world of not owning any tools and basically leasing shiny crap.
Funny thought: will this be the start of the actual professionalization of programming? I.e. you won't be allowed to operate a compiler or a general-purpose computer without proper engineering license? It used to be considered impossible, because hey, everyone can get hands on a computer and a compiler. But if current trends continue, it may soon no longer be the case.
As someone who is a novice to computer architectures, is there some consensus in the research community about what will be a good replacement for the von neumann machines we are currently running? I mean, if you think about it, if we truly want to take control, shouldn't we attempt to break free, at a ground level, from all the technologies coming from (or dominated by) corporate structures (and government agencies)?
x86 (and _64) and even ARM are all primarily developed by govt-influenced companies like Intel, yes? So what are the possibilities of us, all programmers and electronic engineers who want to support personal computing, to get together and develop a crowd-researched, crowd-designed, and (maybe) crowd-funded architecture to last the future. Of course, writing software for that architecture could take decades-centures (unless someone writes a perfect x86 emulation layer on that architecture), but at least that gives us a hope for the future, a backup to fall to if Intel pulls a full on 'google' on us.
So are these just big dreams or is there an actual possibility of something like this happening? Especially if the community secures the funding of some visionary who's rich as Bill Gates (maybe the man himself) and on the side of the public? That way we'll be able to actually build a system from the ground up that is libre and transparent, without having to muck about with reverse engineering on the 'enemy's ground', so to speak, like corebook does.
The problem isn't so much in architectures, but in silicon processes. HomeCMOS (http://homecmos.drawersteak.com/wiki/Main_Page) is notable in being the relatively rare project to look at this layer in the computing stack at all.
Once you can do your own processors, the architecture is alright. To avoid running into licensing issues all the time, projects like RISC-V (http://riscv.org/) can help - or open cores like Leon (SPARCv8), OpenSPARC-T1/2 (SPARCv9), openRISC and several more.
The problem is, the silicon processes were optimized for investment heavy, large scale operations. To ensure the livelihood of general purpose computing we need a "3D printer for logic gates" (for lack of better term), even if it's economically and technologically less efficient (but not too much, obviously).
Assume for a moment that the 3D printer for logic gates is a little too much of a long-shot. So if somehow the funds for a large-scale investment into 'open' RISC-V processors are obtained, it is theoretically possible for a community of hackers to write their own BIOS'es on a these processors? And then eventually the whole stack going up to userspace applications. So the only problem right now is that of funds? What other obstructions will be there to build a completely libre system from the ground up?
EDIT : Also, HomeCMOS doesn't look active as of June 2013.
coreboot works on emulation/qemu-riscv, and the communities have somer (small) overlap. We (at coreboot) intend to support coreboot on real RISC-V hardware as soon as possible.
For the higher software stack, Linux on RISC-V already exists, and from there it's open source, a compiler plus some portability work to get a useful stack.
But that's only the CPU side. Good enough for embedded applications and maybe even servers - but at some point, data has to hit a display.
http://www.miaowgpu.org/ or something like that could help there, but I know next to nothing about it.
is there some consensus in the research community about what will be a good replacement for the von neumann machines we are currently running?
Take this with a grain of salt because my exposure is admittedly limited, but what I've seen of the "research community" is that many of them are pro-DRM, pro-anti-user-security, and are mainly interested in furthering such technologies without considering the wider implications. I once asked someone with a vision of making all systems written with formally-verified provably safe languages what he thought of jailbreaks, console homebrew, and all the other exploits that bring freedom. His response was that they shouldn't exist.
I'm not really pleased with what Intel has been doing with x86 recently, but fortunately it wasn't always that way and a huge amount of software and documentation was created during that time so we don't have to start from nothing at all. IBM released schematics and BIOS listings for all the models of PC up to the AT. Thus it could be better to "fork the PC"; but individuals have designed and built their own CPUs and complete systems before, so a from-scratch design is still quite doable for a crowd:
Jail breaks shouldn't (need to) exist, but physical presence triggered introduction of a new root trust should be a mandatory for locked down hardware.
Jail breaks are always a stop-gap measure, since they're quite obvious against the interest of the system designer, and so they'll work on plugging the holes.
At some point they will develop the safe methods themselves, and if we "shun" public work in that area, only jails will be safe, not the open spaces - which, among many other things, would be a PR nightmare for general purpose computing (Example: Apple and their "safe", filtered appstore).
TPM /could/ be nice, if you personally would control it, instead of some company burning the signing keys into the processor – because then you would be able to make a safe system.
Except for the Enrollment Key, that's how TPMs work.
And the EK is not so much an issue of "control", but of "privacy" - and as long as you control the OS, access to that key (or any other) can be mediated properly.
LC_ALL=C makes grep faster because text matching is normally locale-sensitive, for example 'S' ('\x53' in Big5) is not a substring of '兄' ('\xA5\x53' in Big5).
Europeans are by definition not subject to American laws
This isn't true.
"Richard O'Dwyer, a computing student at Sheffield Hallam University, faces a potential 10-year term in a US jail despite never having been to America or using web servers based in the country."
The United States may occasionally do some shady shit, but the Chinese will frequently conduct blatant theft of intellectual property off your servers. This is why very few tech companies will host within China proper.
