NSA has started adding patches to Coreboot. Every coreboot install will now be an NSA inside. Who knows what kinds of exploits are gonna be in there now.
I guess they couldn't crack it the old fashioned way so they decided that adding "backdoors through bugs" is much more profitable.
I have nothing to hide.
give me your email + password then.
Did coreboot accept the code?
What can I, a normal guy, do to protect my data now.
you don't mind me having write access on your computer then right? What's your credit card number and three digit code?
I do trust my government and I don't have something to hide.
I don't even know what was compromised. Is coreboot a new video game console?
The NSA has contributed to the Linux kernel in the past, like all big tech companies. None of you should be using Linux if this article is triggering your tinfoil hat.
>NSA realizes there are completely botnet free and secure ways to boot
>Contributes said secure code
>People don't use it because muh paranoia
>NSA wins
Based NSA
Enough with the tranny hate Jow Forums!
Now you know a tranny is your only hope of avoiding the NSA botnet.
Based.
just verify the source code you dolt
Get out Leah! If you are more concerned of your gender reassignment surgery than of writing code, you don't belong here.
>
libreboot is worse
Trannyboot kek. My proprietary Insyde BIOS has no backdoors.
NSA kickstarted many things that made *nix and other shit viable since the 70's. Guess we should all go back to IBM's OS then huh?
>NSA has started adding patches to Coreboot.
Maybe they just want to help.
Glowniggers contribute to open source projects all the time. Why don't you retards just audit their contributions if it concerns you?
>can't tell the difference between coreboot and libreboot
Isn't one a fork of the other?
>"heres all that malicious code that will let the nsa spy on people through coreboot! now ill just slip it into their open source repo..."
>"great work johnson youre going to go far!"
>"thanks sir, let me just up it to github"
>commits with the email [email protected]
you understand that the main project still has to read and accept changes just like in systemd and selinux fucking subhuman schizo?
They don't even try to hide it anymore
Based Snowden
I don't get it, it's open source so this is literally the reason idiot children brag about linux in the first place.
cianigger pls. SELinux is shit. AppArmor is great.
What's stopping 3 letter agencies from posing as just an individual, and commiting backdoored code to open source projects?
The issue is it's the WRONG people contributing and if certain individuals are contributing it must always be in malice, never mind the fact you can see what they are contributing to see if it is in malice or not
absolutely nothing
Only sick people would accept patches from NSA.
> duuuurrrr i have no idea how open source works
> DUUUUURRRRrrrrrrr
retard.
you're a motherfucking retard if you think you can catch all the bugs that NSA creates with all these patches.
just because you have the source doesn't mean you're smart enough to figure out all the holes.
> DUUURRR i can't read source code...
you couldn't find them, being a dribbling tard and all. tying your own shoelaces would be a challenge. stay mad, (((user))).
If Coreboot is opensource and auditable this shouldnt be a problem.
Should it?
wife tits or gtfo
>completely botnet free
Not after the NSA gets through with it.
>If Coreboot is opensource and auditable this shouldnt be a problem.
if that were the only requirement, no OS software would ever have bugs. Linux never has any bugs, right
>Jow Forums
>wife
Lol
Just use the latest version before the cianiggers got in. It's not like Coreboot didn't work before it.
Yeah, I get what you are saying. Was just thinking NSA contributions would be very closely scrutinized - probably more than others.
this is impossible to do without source code of the existing binary blobs implemented for low-level components
libreboot is fully free but even they have to use bin-blobs because hardware manufacturers don't release source code
nice try, but all the exploits occur in the code you can't see, which is stuff like the NIC firmware and firmware for storage devices
all the code they are contributing is clean but the way it interfaces with vital components in the system is obfuscated
please learn system architecture before posting in threads like this
>let's accept code from a government agency that interacts with system components that aren't auditable and implicitly trust it
>that's a good idea
Considering my Haswell build now frequently lets some Russian guy get access to my passwords as I update them, I’m not too happy about this.
thanks, you just showed you have no idea what you're talking about
libreboot is specifically fully free with no proprietary components
go shitpost somewhere else you tech illiterate luddite
libreboot
If you're so great at "system architecture" then it would be no problem for you to give an exact example of how that works.
You know, instead of shitting up the thread with generic non-statements like "the way it interfaces with vital components in the system is obfuscated".
Go on, give a thorough and specific example of how this works, preferable backed by a proof of concept.
>trannyboot
If you refuse to use something because you don't like its creators you might as well be living innawoods away from civilizations
>running spaghetti code written by mentally unstable people
what could go wrong
>running propietary code (blobs) written by code monkeys
what could go wrong
fair point
The only reason to backdoor a bios w o uld be to have it phone home info or leak encrytion and im pretty sure that code would be really easy fkr auditors to spot
When you submit thousands of lines of code at once and the backdoor comes from having "&" instead of "&&" in a single if statement, it's really hard to notice.
Let's not forget that they could want coreboot for their own hardware to have better security
Because bugs are the same as backdoors and the fucking NSA programmers automatically make buggier code than the offical team. Makes sense.
Idiot.
What if they make working code, and then add a very subtle bug (such as & instead of &&) which acts as the backdoor?
the code and logic will look absolutely fine, but in very rare occasions which can be controlled by the ones that know how it works, it will ((("bug"))) and act as a backdoor.
The SATA controllers on the SSD/HDD you are interfacing with are closed-source from the firmware level, that's what I'm talking about when I talk about binary blobs.
Look at the diagram and decide for yourself. Do you trust Intel chips to properly handover fucking SMM commands into a black-box ring-2 environment?
The idea of STM is to patch the shit-tier TXT arch that Intel made and nobody used because it was garbage and too tied into IME for anyone to trust, they want to inject this trash so that they have full access to any reads from VT-x/d and you TPM chips. There is NO NEED FOR THAT if you trust the CPU microcode (which I don't).
Literally all STM is designed for is to break a project like Qubes OS completely.
And if you want to test it for yourself, get a laptop, gimp the MEFW and try to patch this in and see what happens. You'll brick your machine because STM relies on known-bad SIMD ME commands (the same commands that broke SGX wil break TPM filtering for example)
Whatever happened to wanting a meritocracy?
it's literally government agents
trannies may be mentally ill freaks but they tend to write decent code
I trust them over Pajeet and agent Bob, ironically enough
nigger, NSA has a budget to insert security bugs and backdoors into open source code. we know this from Snowden archives.
>nsa starts adding patches to everything in the world
Sounds like their strategy is working on you user
Cant we see what those patches are, isnt it open source?
can someone explain to me the need for the second conditional highlighted?
isn't an overlap check redundant?
Surely, the open source community is interested, competent, and united enough to audit all that code and fix bugs, right?
If not, you're just bringing it to yourself.
You don't understand how incompetent the average open sores coder is. Further, you don't understand how often code is reviewed in open sores land - assume "never" as a first-order approximation.
It isn't about the code they are contributing as much as it is about the black-box of microcode implemented in Intel's Silicon.
I would just deny all their merge requests simply for them being NSA
>I would just deny all their merge requests simply for them being NSA
The NSA hires some of the most competent and driven people in the USA. I trust their abilities, just not the orders they're given. Hence why code needs to be doubly, triply audited, but nobody is going to do it because 99.999% of open source users are dumb freeloaders.
Pretty sure user here just found a fucking race condition, TSC is going to be way off because of that second if statement, that's a TOCTOU vuln
Apply DeMorgan on top to receive bottom. It's a rookie-if.
>Open source
Just remove it and recompile
>"I have nothing to hide."
>-- Anonymous
and the merge logic?
>... the Coreboot project, which is an open source alternative to Windows BIOS/UEFI firmware.
what the fuck does BIOS/UEFI have to do with windows? that's embarrasing
What I'm saying is you can replace it with else return true;
What if NSA has xir trannies infiltrated, then wouldn't Libreboot be compromised too?
WTF is the difference between coreboot and libreboot? Both are opensource, right? How can you put spyware in something opensource?
it worked for tor, so why not for open source bootloaders?
all your low iq conspiracy theories do nothing but hold back progress.
Guys, stop freaking out. This is most likely so the NSA can use coreboot internally on their systems. That tends to be the reason for NSA open-source contributions, as can be seen from things like SELinux
It's not hidden and is literally written on a pice of plastic I have on me.
Come and get it if you want.
No, Libreboot is a distribution of Coreboot
Exactly this. Coreboot is small enough that it would be nearly impossible to hide a backdoor in without it being painfully obvious. The NSA probably just wants to make it more secure because it's actually what they use on their machines, like Purism which is coreboot+ME_cleaner
>everyone gets uneasy about optional cipher algo that google didn't even want to use by default anyways for android so it was just essentially for embedded without a MMU
-HOLY SHIT BOTNET OMG OMG 1337 H4X0rxZ :O
-GET DAH FUGG AWAY BICH NIGGA
>when it comes to the only x86 firmware replacement option
-meh do w/e u want mah dude.
>Steals code from raptor engineering
>Stands on 95% of coreboots shoulders and claims 95% of credit
>frames self proclaimed leftist, atheist, jew RHS as patriarchal, homophobic, hateful, biggoted, republican CIS white male, ect.
>shuts down trannyboot repo/source
>revoke all other devs access
>trys to relicense a already GNU project without other commiters permission and inherited coreboot licenses
>REEEEEE DONT GET EMOTIONAL WITH ME THIS IS TOTALLY RATIONAL THOUGH PROCESSESS
>gets donations for gender reassignment
>drops any major project progress
OOOOOOOF
that tranny is living your mind rent free
If you don't like libreboot just compile coreboot without blobs and be done with it
The NSA doesn't have any choice if they want to be able to secure their computers. It's not that they aren't adding their own botnet, idk, but that most current bios/uefi is insecure. Combined with state level, Intel, and Intel level stupidity the security of regular hardware/software is almost non-existent.
How dare you stare at me inferior human!
Do you actually think most of the people wanting a meritocracy aren't just arguing for it from the premise that white dudes are the only people with merit?
damn shitposter btfo lmao you are so PATHETIC dude
GOOD GOY
Yeah, so why not kill two rabbits with one stone?They can improve corebot security and also introduce few "bugs" and then can patch the "bugs" on their own instances effectively improving their systems and backdooring everyone else's.
NSA commits are on github schizo
fuck off to your containment board
sauce on this semen demon
gib me 1 bitcoin or I'll tell your mom what kind of porn you watch