libreleah

4

libreleah wrote (edited )

youtube-dl doesn't actually execute the javascript. swiftgeek and i studied this when someone asked in #libreboot IRC (we obviously told them it was off-topic). youtube-dl only uses the javascript to derive a URL to the video, without running the JS code itself. no non-free code is ever executed.

see: https://github.com/rg3/youtube-dl/blob/master/youtube_dl/jsinterp.py

youtube-dl is perfectly ok to use from freedom perspective

5

libreleah wrote (edited )

Not money related. I don't need money to work on X220, just time.

If time were legal tender, I'd be running a budget deficit.

We currently cannot accept donations, for we do not have the legal infrastructure in place to do so. The other issue is that we need a neutral third party, one that will oversee our spending. That is either:

  • FSF handling donations to Libreboot (with GNU membership - they have not yet responded to our application to re-join). This would also mean operating under GNU auspices, answering to Richard Stallman.

  • SFC (software freedom conservancy) membership. This is a separate organization to the FSF, but with the same goals, and one of its founding members is Bradley Kuhn, former FSF leader. They provide financial support to projects, and they help with fundraising. They act as a neutral third party, handling funds for projects. They have several member projects. SFC membership is not just the same as GNU membership; projects get more autonomy, and it's generally a much looser affiliation

I have no problem with money in the project. I use some of the money from Minifree sales to help fund the project..

EDIT: To clarify: I'm uneasy about Libreboot itself, as an independent project, having infrastructure of its own for donations. The probability of corruption and misuse of funds increases, under such a scenario. Further, I believe it would take valuable energy out of the project, on the part of the developers. Organizations like FSF/SFC can handle it much more efficiently than we could.

This is not to say that we in the Libreboot project are "bad". Just human. SFC/FSF are operated by humans too, but they're less biased, and more likely to be impartial and do what's best for the project. If Libreboot itself set up its own independent infrastructure, then there is less of an obstacle to corruption.

I'm not arrogant enough to say that I'm perfect, or naive enough to say that anyone else is. All people on this planet are imperfect, and capable of corruption. Corruption/bias is a big problem when handling public donations. The concept of "oversight" was invented, to mitigate this, but that is also not perfect.

EDIT2: and we've discussed this extensively in #libreboot IRC before, amongst ourselves. The above insight is based on those discussions.

EDIT3: There are other organizations too, but FSF/SFC are the ones that I'd trust. I'm on good speaking terms with Bradley at SFC (or at least, we're both friendly to each other when we talk), and I'm currently on neutral terms with the FSF. Both organizations have libreboot's goals (100% free software) in mind, at heart and in principle and in practise.

5

libreleah wrote

What got me into programming was playing videogames as a kid. Ironically, I can't stand them these days, but I still enjoy working on projects related to computing.

My motivation for libreboot was FSF encouragement. Someone working there at the time (Joshua Gay) convinced me to do something along the lines of libreboot, as part of their RYF criteria, then it evolved into a full-scale project. My initial ambitions were much smaller, just to have fun with coreboot basically.

5

libreleah wrote

get a dedicated vpn provider, they'll optimize for it (performance. encrypted connections especially). it makes little difference in security, in my opinion. the virtual machine is just a pointless extra overhead. VPN provider will typically have you running on bare metal

I highly recommend using one of these VPNs: https://torrentfreak.com/vpn-services-anonymous-review-2017-170304/ (torrentfreak is big on privacy. ignore the other VPN lists, just always look at the torrentfreak list)

4

libreleah wrote

I think that it's a wonderful project, which is of critical importance to Libreboot. The main issue that we currently have is lack of control over the most critical hardware. Actual manufacturing of hardware is expensive, but that's not important yet; what matters is having libre hardware designs. You can't manufacture anything otherwise.

I believe ARM (all vendors), Intel/AMD etc are a waste of time in the long run.

4

libreleah wrote

There's not really any specific advice I can give. If you know how these systems work and you have experience with low-level development then my advice is to just get involved with coreboot. Poke at bits here and there and get your bearings that way. Most people start off on something simple

9

libreleah wrote

See: https://notabug.org/libreboot/libreboot/issues/391

Intel G41/ICH7 :

ASRock G41C-GS R2.0 (Still sold brand new, DIP8 socket)

Foxconn G41S-K

Intel Atom D410 :

Intel D410PT (similar to D510mo)

These could very well be added in the next release. We'll have to look into them first to see what issues they have, if any. But yes, there will be some new systems supported in the next release.

10

libreleah wrote

I haven't had time so I've put sandybridge work on hold. I make no promises.

Sure, you can use a picture of me if you'd like. My photo is on minifree.org and there are some on vimuser.org too, my personal site. Feel free to use whichever one you like.

The incidents which you refer to are now buried. I made peace with the community, after another person (Alyssa) in the libreboot project convinced me that it was the correct thing to do. In the end, it didn't even matter whether my accusations were correct; the chaos just needed to end. One must always choose their battles wisely, and that battle was not worth it under the circumstances of the time.

What sort of project are you interested in? Your statements are somewhat vague. What sort of thing do you want to do, which you want my help with? You can email me the details. For non-trivial matters, email is best: my contact details are on minifree.org

8

libreleah wrote (edited )

It affects libreboot systems the same way as it affects any system. Technically, it has nothing to do with LIbreboot.

There are ways to mitigate it:

  • Make sure to install the latest linux kernel, which has mitigations However, that's not perfect, so I also recommend:

  • Don't run JavaScript on the web (this was already good advice anyway, for freedom reasons). It has always been good advice to not let random code run on your system, especially from random websites which you probably don't trust.

  • Don't let anyone but you execute any code on your system. (if you're a hosting provider, you're screwed. but hosting companies were already a nightmare security-wise before spectre/meltdown anyway)

Just follow good security practises, and you'll be fine. For my own computing, I'm not worried. I think I'm OK security-wise.

EDIT: oh and, fun fact: host your own servers

Either get a static IP from your ISP (maybe even IPv6), or set up an SSH/VPN tunnel through third party that provides IPs.

Never use a VPS! If you're hosting something on a VPS, assume that you're already pwned. VPS hosting was already a bad idea, even before meltdown/spectre. Nowadays, you definitely shouldn't do it. The only thing a VPS is good for is: VPN or SSH tunnel, or downloading things on torrents etc for later retrieval locally. You should be hosting from your own private location, e.g. your home, if you care about security. Take all the right precautions, e.g. ways to detect that the system has been accessed/disassembled, lock the room its in, etc.

10

libreleah wrote

movies: The Man From Earth, Before the Devil Knows You're Dead, Logans Run, Back to the Future, Matilda (1996),

tv shows: Rick and Morty, Sailor Moon, Death Note, Star Trek (most seasons, except TOS. TOS is full of sexism, and I find it painful to watch), The Good Place

I don't play videogames at all, not since I was a child.

Not sure about music. I have no specific tastes and don't really pay attention to artists/genres.

10

libreleah wrote

Intent is irrelevant. What matters is that the ME is demonstrably insecure, and can be used to invade systems against the will of their users. Whether Igor's correct is not relevant, as far as I'm concerned.

AMD is just as bad as Intel nowadays, but some of their chipsets are supported in Libreboot (KCMA-D8 motherboard and KGPE-D16)

I have no strong feelings one way or the other, regarding Qubes OS. I'm not convinced that true isolation is possible in software. I believe that hardware-based isolation (having multiple physical systems) is better. I do my computing in very much the style of Qubes, but with multiple physical systems.