From owner-freebsd-questions@FreeBSD.ORG Thu Jun 7 13:43:50 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CC7A9106566C for ; Thu, 7 Jun 2012 13:43:50 +0000 (UTC) (envelope-from remailer@dizum.com) Received: from smtp.zedz.net (outpost.zedz.net [194.109.206.210]) by mx1.freebsd.org (Postfix) with ESMTP id 599488FC17 for ; Thu, 7 Jun 2012 13:43:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.zedz.net (Postfix) with ESMTP id F23C41AA62F for ; Thu, 7 Jun 2012 15:43:47 +0200 (CEST) Received: from smtp.zedz.net ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7fAG9nOWuKpg for ; Thu, 7 Jun 2012 15:43:41 +0200 (CEST) Received: by smtp.zedz.net (Postfix, from userid 1003) id F193C1AA643; Thu, 7 Jun 2012 15:43:21 +0200 (CEST) From: Nomen Nescio Comments: This message did not originate from the Sender address above. It was remailed automatically by anonymizing remailer software. Please report problems or inappropriate use to the remailer administrator at . To: freebsd-questions@freebsd.org In-Reply-To: <4FD06872.1080709@my.gd> Message-ID: <008d3aaa09c7e24727421c66f08b4378@dizum.com> Date: Thu, 7 Jun 2012 15:43:21 +0200 (CEST) Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jun 2012 13:43:51 -0000 > > But my point is that MS doesn't issue the updates, they have to ask the > > BIOS vendors to do so, and then the MB vendors have to take the update, > > and then the users have to install the update. The incentive at each > > level is generally very small. It does create some confusion, but is > > hardly an enforcement mechanism. It would disable older versions of > > FreeBSD on newer hardware, but not much else. This can be automated. Many mobo manufacturers have software that searches for new BIOS and flashes it "for" you. All they have to do is get on board and make this automatic like Windows Updates. Don't think they haven't thought this far ahead. I believe some offer this now. > > A previous poster has pointed out that MS can't revoke a certificate > > belonging to RH, but I suppose the could ask the BIOS vendors to treat > > it as revoked. I don't know what the response would be. MS and Intel are running this. If Verisign is just a trusted 3rd party (without administrative duties) they can well defer to the Microshaft Mafia and do as they're told. It wouldn't be the first time. For example, did everybody already forget the Microshaft Mafias' initiation of the FBI server raids on the botnet? Many innocent companies and peoples hosting got screwed during this takeover. But it was all in the name of "justice". If we can get a few Russian hackers then it's well worth damaging your business and property. We're from Microshaft Mafia and the FBI and we're here to help. > This is akin to, for example, Sony's race against Homebrewers on the > good ol' PSP. > > When hackers found a hardware flaw that enabled them to install custom > firmware, Sony had to release new versions of the consoles with fixed > hardware. > > The old ones were still exploitable but the new ones weren't. That is a little different, possibly. For one thing, Sony detected whether you had the updates they wanted you to install and if you don't have them installed you can't play on their PlayStation network. For 99.99% of PlayStation users this is the whole point of buying their console. So if you don't upgrade all you have is a box for playing local games which most people don't seem to want to do. All the Intel and Microshaft Mafia have to do is a similar thing, and make your PC or Windows stop working unless you install their updates, or tell the FBI your PC is possibly "infected" and part of a Russian botnet etc. and you won't be allowed on the internet until you upgrade your system to a safe level to avoid these horrible threats. This idea was floated publicly even unrelated to so-called "secure boot". Windows activation can check the firmware level and Intel's management BIOS is connected to the net even when your new PC is shut off (as long as it is plugged in). If you go along with this they can do whatever you want. You're submitting to true remote management/control over YOUR hardware and life. This is the beginning of a lot of bad Big Brother stuff and if people accept it now they get what they deserve tomorrow. Say "NO" to the Intel/Microshaft Mafia. Say "NO" to "Secure" boot. Run MIPS and Alpha hardware if you have to, just DUMP INTEL AND THE MICROSHAFT MAFIA.