I was thinking a bit lately, running Linux as my daily driver for the last few days, at least on my desktop PC, about the rationale behind Linux as a secure OS.
Linux is secure because it’s open source so anyone can inspect it and find the back doors and insecure features. That’s the story.
However, a while ago they discovered an open-ssl vulnerability called “heartbleed”, which was there for years, in an open source library, that theoretically everybody could inspect, and yet apparently that didn’t help the slightest bit. How is that possible?
The explanation is quite easy. Yes, there is a huge number of people working on open source projects, but the trick is in how they are grouped. The largest majority is working on redundant high-level stuff, while the “invisible”, low-end, critical features are so obscure, that they are often maintained by either a single developer or a handful of them, and although people could in theory read some cryptographic c library, almost nobody does, because it’s obscure, difficult and unrewarding work. People who maintain those libraries need to have immense expertise, and yet they are usually paid nothing for their work. Nobody really competes for a job that requires a PhD in mathematics, a wizard-level knowledge of c, uses up lots of time, and pays nothing.
Which brings me to the main security issue in Linux: its critical security features are written and maintained by a few unpaid experts, are too obscure to read and understand by the vast majority of Linux developers, and the likely attacker can literally print billions of dollars that will never be tracked or accounted for, and has infinite means of intimidation.
This means Linux is in fact extremely vulnerable. It was proven to have “heart-bleeding” vulnerabilities out there in the open for years, and nobody actually bothered to read the open source code and find them. The vulnerability can be extremely obscure, and you’d need to be a professional cryptanalyst to be able to identify it, and there would be no incentive for you to go through all those mountains of code and find it, because you would assume it’s already been done, which is an easy and pleasant assumption to make, if somewhat unwarranted.
So, what am I saying here? Basically, I’m saying nothing is secure if those attacking the system have control of the hardware design, firmware design, operating system design, and can pay the best experts infinite amounts of money if they comply with their demands, or have them and their families disappear in darkness if they don’t. The idea, that you can simply install Linux instead of Windows and you’re secure, is incredibly naive.
Raspberry Pi 4B has been released recently, and it’s the first such device that might actually be usable as a general-purpose desktop PC.
I don’t know yet what the Geekbench score is, but it has 4GB RAM, can drive two 4K monitors, is 2+ times faster than the 3B+ model, has gigabit Ethernet and USB3, essentially making it an ideal cheap and secure device for running general purpose office/school applications.
I ordered one and will report how it does running Linux desktop and my typical workload. In theory, it’s the first one that actually has enough power to rival a NUC for lightweight HTPC and desktop tasks.
Update after receiving and briefly testing the 4GB unit:
Geekbench 2 (ARM build) is 4830. The score of the 3B+ is 2266.
Subjective speed is comparable to my media player, Core2Duo E6500@2900MHz, which means it’s quite usable, since that used to be my desktop machine; the speed is not up to today’s standards, but it’s not stone age. I’m using it to write this article and the speed is fine, it’s a normal desktop computer.
kde-plasma-desktop package in raspbian made a mess, and is unusable, so I’m using the default raspbian window manager. Raspbian is incredibly breakable; after attempting to install multiple window managers, everything broke in many different ways, for instance raspi-config fails to set a valid boot to GUI or boot to CLI configuration; it just does whatever, and when I startx, it complately bypasses lightdm/sddm and opens whatever (at first Raspbian default GUI, but later Mate desktop, without the ability to switch between the two. It’s simply not ready for “normies”. Window manager switching should either not work at all, or work well, without conflicting daemons/applets, and reliably selectable through either GUI or CLI. I can’t believe I have to even say this.
The video works marginally OK when I use the legacy open-gl driver in raspi-config. 720p video works ok, only 9 dropped frames of 2800. Everything above 720p is not smooth. The mouse moves better now too.
Mate desktop is much, much better than the default Raspbian GUI. Normal things such as the volume buttons actually work. This machine should have Ubuntu Mate as the desktop OS, and Raspbian should be left for tinkering with hardware and emergency use only. Mate desktop, however, is good enough for normal desktop use. For instance, I couldn’t make Raspbian GUI make my mouse work non-sluggish; in mate-desktop-environment it just works. That also goes for the volume control buttons on both keyboards I tested. I could get used to this.
It’s prone to overheating. I got a high temperature icon repeatedly while working at the Raspbian desktop while performing apt-get install of a large dependency tree. The temps were above 80°C with alu heatsink glued to the CPU but plastic top of the case closed. I opened it now and the temps while just typing this are 66°C. I plugged the USB3 powered hub from the desktop to the Pi and it just worked, plug&play, with all the devices.
There’s some super-weird shit going on with overheating. For instance, I forgot a Kingston USB drive in the device, and when I wanted to remove it, it was hot, like, incredibly hot. I can’t remember whether that was the case with 3B+ but this isn’t normal, since the drive was idling, and not copying the universe. The CPU temperature is now 62-66°C, which is about ten degrees more than 3B+ in similar workloads. This CPU needs stronger cooling, and that’s normal since it has the power of an E6500 which has a regular PC heatsink with a fan, and this has a small passive heatsink. The video drivers are generally the weakest spot of the OS so far, from what I can tell. All kinds of artifacting is going on while video is playing; mouse pointer hiding and showing, browser randomly redrawing, that kind of crap. It’s alpha release. I don’t think the hardware acceleration is turned on at all. There needs to be a Raspbian update having the 4B in mind, because from what I recall 3B+ actually has better YouTube video.
To repeat myself, there needs to be an OS fork for Pi devices: one for tinkering with hardware, for which Raspbian is great, and one for desktop use, for classrooms or similar, and that one needs to be polished. Ubuntu-Mate seems like an awesome candidate, although I would also like to see kde-plasma-desktop working.
I am testing it on a 4K 43″ monitor, with a mechanical keyboard and Logitech G602 wireless mouse plugged into a powered USB3 hub, and it’s a very comfortable desktop experience, until I get an idea of playing video. That part just doesn’t work well and needs to be fixed in a Raspbian update. This hub also provides the power for the Pi; I also tried a 45W USB-C Asus laptop brick, and Apple iPad brick. The iPad brick was the only one not providing enough power; I had constant undervolt notifications and at one point device actually crashed during a power peak when starting Mate. Have this in mind; this requires a netbook-level power brick, not a phone or tablet-level one. This is not your old Raspberry Pi that could run from a computer’s USB socket and be fine. The power demands are still nowhere near any kind of a x86 desktop computer, but it matches the small and frugal laptops. The overheating has apparently been resolved once I removed the top cover on the case. It would actually make good use of a slow case fan blowing on it, but a high-RPM small fan would be terribly counterproductive. The solution I would prefer would be this:
Aluminium case design where the entire top part of the case is a heatsink would be quite appropriate for a machine of this power, because if you close it inside an un-ventilated plastic enclosure it will melt itself to death, and if it’s left open it can be damaged in all sorts of ways in a classroom environment. Essentially, I’d install it in a VESA mounted enclosure with a large heatsink, and either extend the GPIO with a flat cable to some accessible spot on the monitor stand, or just forget about GPIO for desktop use; have a 4B model for driving a desktop environment, for coding and web/office stuff, and one small, cheap A-type unit for driving sensors and robotics. You’ll do the development/deployment/testing over a ssh connection in any case, it’s just a matter whether you do the development on a “proper” desktop PC, or a desktop-level Pi. As far as I’m concerned, 4B needs a software update that will fix its video problems, and make a mate-desktop-environment a default option in Raspbian: well tested, polished and not conflicting with the unnecessary LXDE and whatever GUI that used to make sense on the older generations. This one needs a choice between Mate, XFCE and KDE, not between SHIT and CRAP. Yes, this is high praise coming from me, and means the device itself is quite excellent for the intended purpose. With proper cooling, properly implemented video codecs and some OS polishing, this could be the ideal classroom computer: cheap, small, integrated into the monitor for robustness, and fast enough to run everything kids would need to learn. And it’s cheap enough you can equip classrooms with it even in the financially not so well off schools that can’t afford i3 or i5 desktops. So, thumbs up, but with a caveat regarding the OS which is obviously an alpha-release considering the needs of this device. I can hardly wait for Ubuntu Mate to be compiled and tweaked for 4B.
Regarding my recent bout of paranoia regarding Intel kill switch in the CPU, which can basically allow America to brick your Intel-running computer if you are placed on some “black list”, because you’re “politically incorrect”, “enemy of America” or whatever bullshit they are throwing at Julian Assange. Essentially, any American-made CPU, chipset, BIOS etc. is not yours. You’re just allowed to use it while you comply with the guidelines imposed by America, which say that you must at all times be an obedient slave. If not, “American technology” will be taken away from you.
Let me quote some things from Wikipedia:
The Intel Management Engine (ME), also known as the Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel’s processorchipsets since 2008. It is located in the Platform Controller Hub of modern Intel motherboards. It is a part of Intel Active Management Technology, which allows system administrators to perform tasks on the machine remotely. System administrators can use it to turn the computer on and off, and they can login remotely into the computer regardless of whether or not an operating system is installed. The Intel Management Engine always runs as long as the motherboard is receiving power, even when the computer is turned off. The IME is an attractive target for hackers, since it has top level access to all devices and completely bypasses the operating system. Intel has not released much information on the Intel Management Engine, prompting speculation that it may include a backdoor. The Electronic Frontier Foundation has voiced concern about IME. AMD processors have a similar feature, called AMD Secure Technology. The subsystem primarily consists of proprietary firmware running on a separate microprocessor that performs tasks during boot-up, while the computer is running, and while it is asleep. As long as the chipset or SoC is connected to current (via battery or power supply), it continues to run even when the system is turned off. Intel claims the ME is required to provide full performance. Its exact workings are largely undocumented and its code is obfuscated using confidential huffman tables stored directly in hardware, so the firmware does not contain the information necessary to decode its contents. Intel’s main competitor AMD has incorporated the equivalent AMD Secure Technology (formally called Platform Security Processor) in virtually all of its post-2013 CPUs. Several weaknesses have been found in the ME. On May 1, 2017, Intel confirmed a Remote Elevation of Privilege bug (SA-00075) in its Management Technology. Every Intel platform with provisioned Intel Standard Manageability, Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME. Several ways to disable the ME without authorization that could allow ME’s functions to be sabotaged have been found. Additional major security flaws in the ME affecting a very large number of computers incorporating ME, Trusted Execution Engine (TXE), and Server Platform Services (SPS) firmware, from Skylake in 2015 to Coffee Lake in 2017, were confirmed by Intel on 20 November 2017 (SA-00086). Unlike SA-00075, this bug is even present if AMT is absent, not provisioned or if the ME was “disabled” by any of the known unofficial methods. In July 2018 another set of vulnerabilitites were disclosed (SA-00112). In September 2018, yet another vulnerability was published (SA-00125). Critics like the Electronic Frontier Foundation (EFF) and security expert Damien Zammit accused the ME of being a backdoor and a privacy concern. Zammit stresses that the ME has full access to memory (without the parent CPU having any knowledge); has full access to the TCP/IP stack and can send and receive network packets independently of the operating system, thus bypassing its firewall. Intel responded by saying that “Intel does not put back doors in its products nor do our products give Intel control or access to computing systems without the explicit permission of the end user.” and “Intel does not and will not design backdoors for access into its products. Recent reports claiming otherwise are misinformed and blatantly false. Intel does not participate in any efforts to decrease security of its technology.” In the context of criticism of the Intel ME and AMD Secure Technology it has been pointed out that the NSA budget request for 2013 contained a Sigint Enabling Project with the goal to “Insert vulnerabilities into commercial encryption systems, IT systems, …” and it has been conjectured that Intel ME and AMD Secure Technology might be part of that programme. As of 2017, Google was attempting to eliminate proprietary firmware from its servers and found that the ME was a hurdle to that.
The AMD Platform Security Processor (PSP), officially known as AMD Secure Technology, is a trusted execution environment subsystem incorporated since about 2013 into AMD microprocessors. According to an AMD developer’s guide, the subsystem is “responsible for creating, monitoring and maintaining the security environment” and “its functions include managing the boot process, initializing various security related mechanisms, and monitoring the system for any suspicious activity or events and implementing an appropriate response.” Critics worry it can be used as a backdoor and is a security concern. AMD has denied requests to open source the code that runs on the PSP. The PSP is similar to the Intel Management Engine for Intel processors. The PSP itself is an ARM core inserted on the main CPU. In September 2017, Google security researcher Cfir Cohen reported a vulnerability to AMD of a PSP subsystem that could allow an attacker access to passwords, certificates, and other sensitive information; a patch was rumored to become available to vendors in December 2017. In March 2018, a handful of alleged serious flaws were announced in AMD’s Zen architecture CPUs (EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile) by an Israeli IT security company related to the PSP that could allow malware to run and gain access to sensitive information. AMD has announced firmware updates to handle these flaws. While there were claims that the flaws were published for the purpose of stock manipulation, their validity from a technical standpoint was upheld by independent security experts who reviewed the disclosures, although the high risks claimed by CTS Labs where often dismissed by said independent experts.
The fact that both American x86 CPU manufacturers have the same type of a low-level back door makes it highly likely that someone from NSA visited them and politely asked to put it inside and give them unlimited access, or else. Based on what is known, I would hypothesize on what is possible and likely, and state that it is likely that everything except Elbrus CPU produced in Russia, and ARM CPU produced in China from peer-reviewed schematics, is an instrument of American control, which will go dark if America orders it to. This includes Internet/mobile routers and other infrastructure. Notice how I implicitly count everything produced in Europe as essentially American-controlled.
My recommendations? There aren’t really any. If America does indeed utilize this, it will either be against select persons who occupy top positions on their shit lists, like Snowden and Assange, against foreign governments on their shit list, such as Iran, DPRK, Cuba, Venezuela, Russia and China, and they will pretend they hacked their computers using a virus or a Trojan. If they use it against you, it means you’re already fucked in so many ways and on so many layers before that point, that computer vulnerability will be the least of your concerns. But be aware of it and know that buying American means voluntary submission to their control.
Would Russia or China be any better if they happened to be in that kind of a position of power? Of course not.
Considering the current state of affairs where America started using their technology, including Windows and Android, as weapons of economic warfare (read: sanctions), I’ve been looking into Linux again and let me share my findings. The current state of Linux is this:
void fork(void v) {
return fork(v);
}
Essentially, Ubuntu forks Debian, everybody else forks Ubuntu by adding their skin and a few configurations, and they are all pretending there’s variety and choice, and if you’re trying to get anything to boot on an old Macbook with Nvidia graphics, the same thing breaks almost everywhere in the same way, and when it doesn’t break immediately, you don’t know why, you only know it breaks on suspend and not on startx. Sure, I’ll give it the benefit of a doubt and assume it works better on modern hardware (they all actually work on my 15″ Macbook Pro with Intel graphics), but one of the often recommended usage cases for Linux is installing it on old hardware, thus giving it new utility. There’s even a website recommending what distros to install on an old Intel Mac, and they are obviously pulling it out of their collective butts because I tried top two of the distros on their list and none of them managed to boot into GUI. The important thing is that they are all so incredibly certain that Linux is better than Windows and Mac. Also, there’s so much variety, almost as much as in today’s politics. Tons of political parties and they all amount to shit.
How much computer power do we actually need for normal tasks? Does the difference in computational power influence the end-result? Can you tell a difference between an article written on a desktop or a laptop? The last question sounds incredibly silly, I know, and yet when I watch the tech YouTube videos there’s an impression that if you’re a “real pro” or a “power user”, you’ll need “MO PAWAH”. The poor-people tech made for the plebs just won’t cut it, you’ll need the shiny new thingy to keep up with the times. Only the 7nm node size will cut it.
Several things happened recently. First, a new Intel bug was discovered, possibly rendering modern Intel CPU machines vulnerable to attack unless you cripple the CPU by disabling almost everything on it. Second, America embargoed China by limiting access to all kinds of software and hardware technologies, from Android and Windows to x86 and ARM. If we add that to things that are already known, such as the Intel kill switch, and all kinds of technologies that make it theoretically possible for the manufacturer to brick the motherboard of your device remotely, on a low-level of access through the onboard networking hardware, BIOS and the chipset, because America put you on a list of “sanctioned” individuals, for whatever reason.
Microsoft is introducing a “politically correct” spelling-checker into Word. Online censorship is rampant. Witch hunts are out of control. I can easily imagine some AI identifying “politically incorrect” people online, through their cloud service logins, and I can easily imagine hardware and software manufacturers full of “social justice warriors” performing acts of “social activism”, for instance triggering a “stolen device kill switch” on your motherboard remotely if you write too much “right wing” or “racist” content online. If you think this is paranoid, imagine being Snowden or Assange, and imagine what can be done to their computers if they are identified remotely, and if it’s done by someone really powerful, like NSA, or Google, or Microsoft. Now imagine this being automated, delegated to an AI system that will check your login against a list, and then simply “deplatform” you by bricking your PC, because after all, Nazis can’t be allowed to speak.
All of this made me think: what would I do if I was targeted by something like that? Using a web browser made by a huge corporation is a vulnerability. Using cloud services is a vulnerability. Using an operating system made by a company that’s BFF with NSA is a vulnerability. Using Intel, and possibly even AMD CPU is a vulnerability. Using a motherboard with a chipset and a BIOS that isn’t made transparently is a vulnerability. So, if someone decided to brick my computers that run Windows and Mac OS on Intel, and my iPhone and iPad stop working, or at least stop connecting to the Internet and accepting my login into Apple services, what would I use to get online?
It turned out that I have one machine that is most likely to remain working: a Raspberry Pi 3B+ that I have under my desk running Linux, a machine I manually hardened and which runs 24/7 hosting mysql, ssh and apache. However, that’s not all. It also runs a LXDE GUI, with a complement of Office tools. But this is an extremely weak machine. Its CPU is a rounding error between two geekbench measurements of my main desktop PC, and I’m not even exaggerating much. Its “disk drive” is a micro SD card, and the entire computer can fit on my palm. However, there’s a catch. It is basically Android smartphone hardware converted to serve a different purpose and run a different OS. People use Android smartphones to do things online every day and don’t give it a second thought. But can you plug a smartphone board into a monitor, keyboard and mouse, run Linux and do normal tasks, like researching things online, taking screenshots, writing and article in OpenOffice, logging into a CMS and posting the article on your blog? Yes, you can.
In fact, it turns out that this small tiny computer is more powerful than the machines I used to write most of my books on. And I edited them in OpenOffice, printed them as PDF, and then used Linux command line tools to split the PDF into PNG images of individual pages, and then publish those on my website in the online reader form. I did all that on an IBM T43 laptop, which was less powerful than this Raspberry Pi thingy. Of course you can do it, and in fact that’s how I wrote this article; I connected the Raspberry Pi instead of my desktop computer, and used it to drive my usual peripherals. It doesn’t feel slower when you write the document; you can do most things just fine. I used computers with less power and memory for most of my career, because that’s what we had then. It’s actually quite smooth; I installed Gimp from the terminal while writing this article and not even a hiccough. Then I used Gimp to crop a screenshot and save it. It did it just fine. I just got used to computers that do the same things faster, that’s all. Using this thing didn’t degrade me into stone age. I could even plug my external HDD into it and process raw photos from my camera if I had to. I would use dcraw, rawtherapee and gimp instead of lightroom, the way I did for years, and guess what, you wouldn’t be able to tell the difference, because I did it exactly that way for five years and nobody could tell the difference between that and lightroom anyway. I just got suckered into using tools for lazy people, tools that make it very easy, but that don’t actually do anything I couldn’t do manually with some more effort. I could also do just fine without the online cloud services, and guess how I know? Because I was here before they were. I was on the Internet and finding my way around quite well before Google was a twinkle in its authors’ eyes. Some of those tools made things easier, but the price might be too great. Ease and comfort, apparently, can be weaponized as a vector of attack. You make it easy for people to access the same file from several devices and they don’t stop to think that their files are stored on someone else’s computer in unencrypted form. You make it easy for people to connect to other people online and they don’t stop to think and realize that their entire social life is now owned by a company whose primary motive is to sell you to the advertisers, and to control the entire experience as to be more presentable to the advertisers. Also, that they hire fuckwits who studied feminism and social justice and who want to change the world to be more like an American college: meaning, that it requires less thinking, more feeling good about yourself, and excluding everything that gets in the way of feeling good and not having to do any thinking.
However, someone bricking your PC might actually be a lesser concern. A greater concern might be someone blocking your Visa card because you’re on some political list. Also, the banks might not allow you to open an account. You might not be able to get a loan for a house or a car despite your stellar credit rating. Police might track your whereabouts using your phone, because you’re on a list of “extremists”. You might be stopped from boarding a plane. You might be taken off a plane in an islamic country that has you on some shitlist, because you criticised Islam online. Those threats are actually more real, and I’m actually not making those up; that shit actually happens now, as we speak. It’s just far less common than it could be, once the technology proliferates. So, sure, I used a PC made from a phone chip to write an article on the Web, big deal. I can maintain the same kind of online presence with rudimentary technology, and nobody would notice the difference. However, that proves one interesting point: that the advancement of technology in the last two decades was actually much less drammatic than one would think. We just got used to the fat and expensive tools that do basically the same job as the old lightweight free ones. Also, it means that America can cut the rest of the world from their technology, and the rest of the world could do just fine with Raspberry Pi boards made in China for $1, and they would actually be forced to get more creative with resources and possibly find better ways of doing things. Being reduced to simpler computers wouldn’t actually degrade life much, because faster and better computers didn’t upgrade it much. They just made it easier for stupid and incompetent people to think they are advanced, smart, trendy and techy, while in reality they are just stupid consumers.
So, what am I going to do now; continue using Raspberry Pi as my main PC? Hell no. It can only display a 1080p image on my 4K monitor, which makes everything blurry. Also, I have to pay attention to memory use because it only has one gig of ram, and so on. But I know one thing. If America does cut me off from American technology, I will find whatever piece of junk that runs Linux and connect to Russian-Chinese Internet, and I will do just fine. I used to write code on a potato when Web was an experiment on Tim Berners-Lee’s Next cube, I wrote books on computers that couldn’t walk and fart at the same time, and I can do it again if necessary. The only thing that’s actually scary for me is thinking how easy it was for me to get used to the idea of giving up privacy and security just to make things a tiny bit easier and more comfortable. Because of this, I might actually start intentionally giving up various online service that make things unnecessarily easy, but at a hidden cost. I will also give Linux a second chance.
However, if that is scary to me, there’s another thing that should be scary to the Americans, and that’s the idea of a smart person that’s comfortable using Linux tools on a Raspberry Pi instead of a Macbook. Because that person might understand that he can do just fine without all sorts of things that make him a slave. For instance, he might understand that the AGC computer that got people to the Moon was computationally much weaker than the toy I’m writing this article on, and that St. Augustine and Isaac Newton used ink and parchment.
