From mboxrd@z Thu Jan  1 00:00:00 1970
From: John Darrington <john@darrington.wattle.id.au>
Subject: Re: [GNU-linux-libre] Free firmware - A redefinition of the term and
	a new metric for it's measurement.
Date: Mon, 13 Feb 2017 09:42:31 +0100
Message-ID: <20170213084231.GA16213@jocasta.intra>
References: <CAL1_im=_R__Cp2aOAEAne7dveu6aYkg17zu0Pftg+pKAv_JbuA@mail.gmail.com>
	<87tw8bjhqm.fsf@gmail.com>
	<CAL1_imnr2tk9rNK2NyTX4sn8P07cR8x2Ge84M4c=hLYV4Bmy2Q@mail.gmail.com>
	<2c7ae911-863f-4831-f024-060e5f899d3a@alaskasi.com>
	<87k2948d2q.fsf@gmail.com>
	<CAL1_immGW1dj0QnOROOZCuBbiMvN5R6c8JdsVq8QKcQZ1KLVCA@mail.gmail.com>
	<06cfad8d-0222-1c63-522d-013ecd2e6ce8@alaskasi.com>
	<874lzy4lq2.fsf@gmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="qDbXVdCdHGoSgWSk"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35348)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <john@darrington.wattle.id.au>) id 1cdCDc-0001er-Nb
	for guix-devel@gnu.org; Mon, 13 Feb 2017 03:42:46 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <john@darrington.wattle.id.au>) id 1cdCDb-000220-GX
	for guix-devel@gnu.org; Mon, 13 Feb 2017 03:42:44 -0500
Content-Disposition: inline
In-Reply-To: <874lzy4lq2.fsf@gmail.com>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Cc: guix-devel <guix-devel@gnu.org>, Workgroup for fully free GNU/Linux distributions <gnu-linux-libre@nongnu.org>, Christopher Howard <christopher@alaskasi.com>


--qDbXVdCdHGoSgWSk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Feb 12, 2017 at 11:02:29PM -0800, Maxim Cournoyer wrote:
     Hi,
    =20
     Christopher Howard <christopher@alaskasi.com> writes:
    =20
     > On 02/10/2017 08:31 AM, David Craven wrote:
     >> Hi Maxim
     >>=20
     >>> +1. I don't see how having blobs helps security at all.
     >>=20
     >> Well the problem I was getting at is that things are not as fixed as
     >> they may seem.
     >> Quoting wikipedia:
     >>=20
     >>>> Decreasing cost of reprogrammable devices had almost eliminated t=
he market for mask ROM by the year 2000.
     >>=20
     >> Translation: ROM is not RO.
     >>
    =20
     You have a point, although reading the article linked (from Wired), th=
is
     kind of attack requires a lot of effort (to reverse engineer the
     proprietary interfaces used to reprogram the firmware of a HD). At this
     level of seriousness they might as well find other means to get at
     you, such as physically altering one of the device you use without you
     noticing.

If the attacker *is* vendor who supplies the proprietary device then they w=
ould
not have to reverse engineer it.
    =20



--=20
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3=20
fingerprint =3D 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


--qDbXVdCdHGoSgWSk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlihcXYACgkQimdxnC3oJ7PTnQCeODnI53+0wqu20z8HOAKEFmYy
PKcAn1nrgkN8U83yRM3C6vB8Uabxccqe
=eweQ
-----END PGP SIGNATURE-----

--qDbXVdCdHGoSgWSk--