Comments

4

libreleah wrote (edited )

youtube-dl doesn't actually execute the javascript. swiftgeek and i studied this when someone asked in #libreboot IRC (we obviously told them it was off-topic). youtube-dl only uses the javascript to derive a URL to the video, without running the JS code itself. no non-free code is ever executed.

see: https://github.com/rg3/youtube-dl/blob/master/youtube_dl/jsinterp.py

youtube-dl is perfectly ok to use from freedom perspective

5

libreleah wrote (edited )

Not money related. I don't need money to work on X220, just time.

If time were legal tender, I'd be running a budget deficit.

We currently cannot accept donations, for we do not have the legal infrastructure in place to do so. The other issue is that we need a neutral third party, one that will oversee our spending. That is either:

  • FSF handling donations to Libreboot (with GNU membership - they have not yet responded to our application to re-join). This would also mean operating under GNU auspices, answering to Richard Stallman.

  • SFC (software freedom conservancy) membership. This is a separate organization to the FSF, but with the same goals, and one of its founding members is Bradley Kuhn, former FSF leader. They provide financial support to projects, and they help with fundraising. They act as a neutral third party, handling funds for projects. They have several member projects. SFC membership is not just the same as GNU membership; projects get more autonomy, and it's generally a much looser affiliation

I have no problem with money in the project. I use some of the money from Minifree sales to help fund the project..

EDIT: To clarify: I'm uneasy about Libreboot itself, as an independent project, having infrastructure of its own for donations. The probability of corruption and misuse of funds increases, under such a scenario. Further, I believe it would take valuable energy out of the project, on the part of the developers. Organizations like FSF/SFC can handle it much more efficiently than we could.

This is not to say that we in the Libreboot project are "bad". Just human. SFC/FSF are operated by humans too, but they're less biased, and more likely to be impartial and do what's best for the project. If Libreboot itself set up its own independent infrastructure, then there is less of an obstacle to corruption.

I'm not arrogant enough to say that I'm perfect, or naive enough to say that anyone else is. All people on this planet are imperfect, and capable of corruption. Corruption/bias is a big problem when handling public donations. The concept of "oversight" was invented, to mitigate this, but that is also not perfect.

EDIT2: and we've discussed this extensively in #libreboot IRC before, amongst ourselves. The above insight is based on those discussions.

EDIT3: There are other organizations too, but FSF/SFC are the ones that I'd trust. I'm on good speaking terms with Bradley at SFC (or at least, we're both friendly to each other when we talk), and I'm currently on neutral terms with the FSF. Both organizations have libreboot's goals (100% free software) in mind, at heart and in principle and in practise.

5

libreleah wrote

What got me into programming was playing videogames as a kid. Ironically, I can't stand them these days, but I still enjoy working on projects related to computing.

My motivation for libreboot was FSF encouragement. Someone working there at the time (Joshua Gay) convinced me to do something along the lines of libreboot, as part of their RYF criteria, then it evolved into a full-scale project. My initial ambitions were much smaller, just to have fun with coreboot basically.

5

libreleah wrote

get a dedicated vpn provider, they'll optimize for it (performance. encrypted connections especially). it makes little difference in security, in my opinion. the virtual machine is just a pointless extra overhead. VPN provider will typically have you running on bare metal

I highly recommend using one of these VPNs: https://torrentfreak.com/vpn-services-anonymous-review-2017-170304/ (torrentfreak is big on privacy. ignore the other VPN lists, just always look at the torrentfreak list)

4

libreleah wrote

I think that it's a wonderful project, which is of critical importance to Libreboot. The main issue that we currently have is lack of control over the most critical hardware. Actual manufacturing of hardware is expensive, but that's not important yet; what matters is having libre hardware designs. You can't manufacture anything otherwise.

I believe ARM (all vendors), Intel/AMD etc are a waste of time in the long run.

4

libreleah wrote

There's not really any specific advice I can give. If you know how these systems work and you have experience with low-level development then my advice is to just get involved with coreboot. Poke at bits here and there and get your bearings that way. Most people start off on something simple

9

libreleah wrote

See: https://notabug.org/libreboot/libreboot/issues/391

Intel G41/ICH7 :

ASRock G41C-GS R2.0 (Still sold brand new, DIP8 socket)

Foxconn G41S-K

Intel Atom D410 :

Intel D410PT (similar to D510mo)

These could very well be added in the next release. We'll have to look into them first to see what issues they have, if any. But yes, there will be some new systems supported in the next release.

10

libreleah wrote

I haven't had time so I've put sandybridge work on hold. I make no promises.

Sure, you can use a picture of me if you'd like. My photo is on minifree.org and there are some on vimuser.org too, my personal site. Feel free to use whichever one you like.

The incidents which you refer to are now buried. I made peace with the community, after another person (Alyssa) in the libreboot project convinced me that it was the correct thing to do. In the end, it didn't even matter whether my accusations were correct; the chaos just needed to end. One must always choose their battles wisely, and that battle was not worth it under the circumstances of the time.

What sort of project are you interested in? Your statements are somewhat vague. What sort of thing do you want to do, which you want my help with? You can email me the details. For non-trivial matters, email is best: my contact details are on minifree.org

8

libreleah wrote (edited )

It affects libreboot systems the same way as it affects any system. Technically, it has nothing to do with LIbreboot.

There are ways to mitigate it:

  • Make sure to install the latest linux kernel, which has mitigations However, that's not perfect, so I also recommend:

  • Don't run JavaScript on the web (this was already good advice anyway, for freedom reasons). It has always been good advice to not let random code run on your system, especially from random websites which you probably don't trust.

  • Don't let anyone but you execute any code on your system. (if you're a hosting provider, you're screwed. but hosting companies were already a nightmare security-wise before spectre/meltdown anyway)

Just follow good security practises, and you'll be fine. For my own computing, I'm not worried. I think I'm OK security-wise.

EDIT: oh and, fun fact: host your own servers

Either get a static IP from your ISP (maybe even IPv6), or set up an SSH/VPN tunnel through third party that provides IPs.

Never use a VPS! If you're hosting something on a VPS, assume that you're already pwned. VPS hosting was already a bad idea, even before meltdown/spectre. Nowadays, you definitely shouldn't do it. The only thing a VPS is good for is: VPN or SSH tunnel, or downloading things on torrents etc for later retrieval locally. You should be hosting from your own private location, e.g. your home, if you care about security. Take all the right precautions, e.g. ways to detect that the system has been accessed/disassembled, lock the room its in, etc.

10

libreleah wrote

movies: The Man From Earth, Before the Devil Knows You're Dead, Logans Run, Back to the Future, Matilda (1996),

tv shows: Rick and Morty, Sailor Moon, Death Note, Star Trek (most seasons, except TOS. TOS is full of sexism, and I find it painful to watch), The Good Place

I don't play videogames at all, not since I was a child.

Not sure about music. I have no specific tastes and don't really pay attention to artists/genres.

10

libreleah wrote

Intent is irrelevant. What matters is that the ME is demonstrably insecure, and can be used to invade systems against the will of their users. Whether Igor's correct is not relevant, as far as I'm concerned.

AMD is just as bad as Intel nowadays, but some of their chipsets are supported in Libreboot (KCMA-D8 motherboard and KGPE-D16)

I have no strong feelings one way or the other, regarding Qubes OS. I'm not convinced that true isolation is possible in software. I believe that hardware-based isolation (having multiple physical systems) is better. I do my computing in very much the style of Qubes, but with multiple physical systems.

12

libreleah wrote (edited )

I find this question difficult to answer. I tend to look only at the work/accomplishments themselves, while being indifferent towards the individual, since a person is never perfect, and they are not what they do. It will take me time to come up with a list.

EDIT:

Major political figures who I admire: Jeremy Corbyn, current leader of the UK labour party. I like him because not only is he principled, and willing to stand up for his beliefs even in the face of adversity (he was arrested several times for protesting in anti-apartheid marches, in the 1980s), he didn't want the job of being leader of the party. He was just asked to stand in the initial party leadership contest, because no other leftwing candidate was available (the contenders in the contest were all centrists). He wasn't even expecting to win, and doesn't care about power, he just wants to do the Right Thing. People like that are the ones who deserve leadership, because they think for the collective, not themselves.

Chelsea Manning: Despite horrendous treatment in prison, she is still campaigning strongly even now. Getting out of prison, she didn't use it and escape to lead a "comfortable" life. She is straight back into politics. She's also a left winger. She has the exact personality type such that I think she might run for president, one day. I really liked the article she wrote in the guardian, about how Obama wasn't leftwing enough during his tenure: I can't find the link at the moment, but it was spot-on. Perhaps one of you can find it. She was talking about how he was too timid, or something like that. All this, after just being released from prison, thanks to the very man she was criticizing. That takes guts, and strength of character. I agreed with most of what she was saying aswell.

As a fellow trans woman, she has my respect.

Those are political figures, though I'm not currently sure who else to write about.

15

libreleah wrote

UEFI isn't really a "problem", just an unnecessary piece of bloatware (in my opinion). All you really need is basic hardware initialization and some kind of bootloader (in libreboot we use GRUB. on non-libreboot systems, uboot etc are common). The issue is much lower level than UEFI. Nowadays, it's common for systems to not allow modified firmware at all, making libreboot impossible. It goes beyond just UEFI, which is a limited application, and by no means universal. Most of the features on modern Intel systems preventing Libreboot (ME/CSE, intel boot guard, etc) have nothing to do with UEFI

15

libreleah wrote (edited )

Close future for libreboot? Coreboot recently added a few new motherboards that are libreboot candidates, for next release. Swift Geek and Andrew Robbins have been working very hard on the project over the last year (I haven't been as active lately). We might be able to do a new release at some point during 2018.

Other projects: Transit

Libreboot is the only software project that I'm involved with, at present.

I have very little time for projects these days, so I'm mostly just focusing on my own things and not starting anything new at the moment.

16

libreleah wrote

He's one of the most crucially important figures in the history of free software. Without his contributions, most notably the GNU project, it's unlikely that we'd have such a vibrant community as we do now.

Libreboot probably wouldn't exist either, if it wasn't for the hard work put in by RMS and others, in the early days. Free software is always iterative, building upon previous work.

Most notably, I believe that Copyleft was crucial in bringing about the current free software community. Without it, we would have ended up with a fully proprietary world, where only the "reference" code is free, if at all.

I have no strong feelings one way or the other about RMS as a person, outside of his contributions to Free Software.