Category Archives: technology

It’s not really yours

Posted on by
Reply

Regarding my recent bout of paranoia regarding Intel kill switch in the CPU, which can basically allow America to brick your Intel-running computer if you are placed on some “black list”, because you’re “politically incorrect”, “enemy of America” or whatever bullshit they are throwing at Julian Assange. Essentially, any American-made CPU, chipset, BIOS etc. is not yours. You’re just allowed to use it while you comply with the guidelines imposed by America, which say that you must at all times be an obedient slave. If not, “American technology” will be taken away from you.

Let me quote some things from Wikipedia:

The Intel Management Engine (ME), also known as the Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel’s processor chipsets since 2008. It is located in the Platform Controller Hub of modern Intel motherboards. It is a part of Intel Active Management Technology, which allows system administrators to perform tasks on the machine remotely. System administrators can use it to turn the computer on and off, and they can login remotely into the computer regardless of whether or not an operating system is installed.
The Intel Management Engine always runs as long as the motherboard is receiving power, even when the computer is turned off.
The IME is an attractive target for hackers, since it has top level access to all devices and completely bypasses the operating system. Intel has not released much information on the Intel Management Engine, prompting speculation that it may include a backdoor. The Electronic Frontier Foundation has voiced concern about IME.
AMD processors have a similar feature, called AMD Secure Technology.
The subsystem primarily consists of proprietary firmware running on a separate microprocessor that performs tasks during boot-up, while the computer is running, and while it is asleep. As long as the chipset or SoC is connected to current (via battery or power supply), it continues to run even when the system is turned off. Intel claims the ME is required to provide full performance. Its exact workings are largely undocumented and its code is obfuscated using confidential huffman tables stored directly in hardware, so the firmware does not contain the information necessary to decode its contents. Intel’s main competitor AMD has incorporated the equivalent AMD Secure Technology (formally called Platform Security Processor) in virtually all of its post-2013 CPUs.
Several weaknesses have been found in the ME. On May 1, 2017, Intel confirmed a Remote Elevation of Privilege bug (SA-00075) in its Management Technology. Every Intel platform with provisioned Intel Standard Manageability, Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME. Several ways to disable the ME without authorization that could allow ME’s functions to be sabotaged have been found. Additional major security flaws in the ME affecting a very large number of computers incorporating ME, Trusted Execution Engine (TXE), and Server Platform Services (SPS) firmware, from Skylake in 2015 to Coffee Lake in 2017, were confirmed by Intel on 20 November 2017 (SA-00086). Unlike SA-00075, this bug is even present if AMT is absent, not provisioned or if the ME was “disabled” by any of the known unofficial methods. In July 2018 another set of vulnerabilitites were disclosed (SA-00112). In September 2018, yet another vulnerability was published (SA-00125).
Critics like the Electronic Frontier Foundation (EFF) and security expert Damien Zammit accused the ME of being a backdoor and a privacy concern. Zammit stresses that the ME has full access to memory (without the parent CPU having any knowledge); has full access to the TCP/IP stack and can send and receive network packets independently of the operating system, thus bypassing its firewall.
Intel responded by saying that “Intel does not put back doors in its products nor do our products give Intel control or access to computing systems without the explicit permission of the end user.” and “Intel does not and will not design backdoors for access into its products. Recent reports claiming otherwise are misinformed and blatantly false. Intel does not participate in any efforts to decrease security of its technology.”
In the context of criticism of the Intel ME and AMD Secure Technology it has been pointed out that the NSA budget request for 2013 contained a Sigint Enabling Project with the goal to “Insert vulnerabilities into commercial encryption systems, IT systems, …” and it has been conjectured that Intel ME and AMD Secure Technology might be part of that programme.
As of 2017, Google was attempting to eliminate proprietary firmware from its servers and found that the ME was a hurdle to that.

The AMD Platform Security Processor (PSP), officially known as AMD Secure Technology, is a trusted execution environment subsystem incorporated since about 2013 into AMD microprocessors. According to an AMD developer’s guide, the subsystem is “responsible for creating, monitoring and maintaining the security environment” and “its functions include managing the boot process, initializing various security related mechanisms, and monitoring the system for any suspicious activity or events and implementing an appropriate response.” Critics worry it can be used as a backdoor and is a security concern. AMD has denied requests to open source the code that runs on the PSP.
The PSP is similar to the Intel Management Engine for Intel processors.
The PSP itself is an ARM core inserted on the main CPU.
In September 2017, Google security researcher Cfir Cohen reported a vulnerability to AMD of a PSP subsystem that could allow an attacker access to passwords, certificates, and other sensitive information; a patch was rumored to become available to vendors in December 2017.
In March 2018, a handful of alleged serious flaws were announced in AMD’s Zen architecture CPUs (EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile) by an Israeli IT security company related to the PSP that could allow malware to run and gain access to sensitive information. AMD has announced firmware updates to handle these flaws. While there were claims that the flaws were published for the purpose of stock manipulation, their validity from a technical standpoint was upheld by independent security experts who reviewed the disclosures, although the high risks claimed by CTS Labs where often dismissed by said independent experts.

The fact that both American x86 CPU manufacturers have the same type of a low-level back door makes it highly likely that someone from NSA visited them and politely asked to put it inside and give them unlimited access, or else. Based on what is known, I would hypothesize on what is possible and likely, and state that it is likely that everything except Elbrus CPU produced in Russia, and ARM CPU produced in China from peer-reviewed schematics, is an instrument of American control, which will go dark if America orders it to. This includes Internet/mobile routers and other infrastructure. Notice how I implicitly count everything produced in Europe as essentially American-controlled.

My recommendations? There aren’t really any. If America does indeed utilize this, it will either be against select persons who occupy top positions on their shit lists, like Snowden and Assange, against foreign governments on their shit list, such as Iran, DPRK, Cuba, Venezuela, Russia and China, and they will pretend they hacked their computers using a virus or a Trojan. If they use it against you, it means you’re already fucked in so many ways and on so many layers before that point, that computer vulnerability will be the least of your concerns. But be aware of it and know that buying American means voluntary submission to their control.

Would Russia or China be any better if they happened to be in that kind of a position of power? Of course not.

 

Current state of Linux

Posted on by
18

Considering the current state of affairs where America started using their technology, including Windows and Android, as weapons of economic warfare (read: sanctions), I’ve been looking into Linux again and let me share my findings. The current state of Linux is this:

void fork(void v) {
    return fork(v);
}

Essentially, Ubuntu forks Debian, everybody else forks Ubuntu by adding their skin and a few configurations, and they are all pretending there’s variety and choice, and if you’re trying to get anything to boot on an old Macbook with Nvidia graphics, the same thing breaks almost everywhere in the same way, and when it doesn’t break immediately, you don’t know why, you only know it breaks on suspend and not on startx. Sure, I’ll give it the benefit of a doubt and assume it works better on modern hardware (they all actually work on my 15″ Macbook Pro with Intel graphics), but one of the often recommended usage cases for Linux is installing it on old hardware, thus giving it new utility. There’s even a website recommending what distros to install on an old Intel Mac, and they are obviously pulling it out of their collective butts because I tried top two of the distros on their list and none of them managed to boot into GUI. The important thing is that they are all so incredibly certain that Linux is better than Windows and Mac. Also, there’s so much variety, almost as much as in today’s politics. Tons of political parties and they all amount to shit.

 

How frog gets cooked in the cloud

Posted on by
10

How much computer power do we actually need for normal tasks? Does the difference in computational power influence the end-result? Can you tell a difference between an article written on a desktop or a laptop? The last question sounds incredibly silly, I know, and yet when I watch the tech YouTube videos there’s an impression that if you’re a “real pro” or a “power user”, you’ll need “MO PAWAH”. The poor-people tech made for the plebs just won’t cut it, you’ll need the shiny new thingy to keep up with the times. Only the 7nm node size will cut it.

Several things happened recently. First, a new Intel bug was discovered, possibly rendering modern Intel CPU machines vulnerable to attack unless you cripple the CPU by disabling almost everything on it. Second, America embargoed China by limiting access to all kinds of software and hardware technologies, from Android and Windows to x86 and ARM. If we add that to things that are already known, such as the Intel kill switch, and all kinds of technologies that make it theoretically possible for the manufacturer to brick the motherboard of your device remotely, on a low-level of access through the onboard networking hardware, BIOS and the chipset, because America put you on a list of “sanctioned” individuals, for whatever reason.

Microsoft is introducing a “politically correct” spelling-checker into Word. Online censorship is rampant. Witch hunts are out of control. I can easily imagine some AI identifying “politically incorrect” people online, through their cloud service logins, and I can easily imagine hardware and software manufacturers full of “social justice warriors” performing acts of “social activism”, for instance triggering a “stolen device kill switch” on your motherboard remotely if you write too much “right wing” or “racist” content online. If you think this is paranoid, imagine being Snowden or Assange, and imagine what can be done to their computers if they are identified remotely, and if it’s done by someone really powerful, like NSA, or Google, or Microsoft. Now imagine this being automated, delegated to an AI system that will check your login against a list, and then simply “deplatform” you by bricking your PC, because after all, Nazis can’t be allowed to speak.

All of this made me think: what would I do if I was targeted by something like that? Using a web browser made by a huge corporation is a vulnerability. Using cloud services is a vulnerability. Using an operating system made by a company that’s BFF with NSA is a vulnerability. Using Intel, and possibly even AMD CPU is a vulnerability. Using a motherboard with a chipset and a BIOS that isn’t made transparently is a vulnerability. So, if someone decided to brick my computers that run Windows and Mac OS on Intel, and my iPhone and iPad stop working, or at least stop connecting to the Internet and accepting my login into Apple services, what would I use to get online?

It turned out that I have one machine that is most likely to remain working: a Raspberry Pi 3B+ that I have under my desk running Linux, a machine I manually hardened and which runs 24/7 hosting mysql, ssh and apache. However, that’s not all. It also runs a LXDE GUI, with a complement of Office tools. But this is an extremely weak machine. Its CPU is a rounding error between two geekbench measurements of my main desktop PC, and I’m not even exaggerating much. Its “disk drive” is a micro SD card, and the entire computer can fit on my palm. However, there’s a catch. It is basically Android smartphone hardware converted to serve a different purpose and run a different OS. People use Android smartphones to do things online every day and don’t give it a second thought. But can you plug a smartphone board into a monitor, keyboard and mouse, run Linux and do normal tasks, like researching things online, taking screenshots, writing and article in OpenOffice, logging into a CMS and posting the article on your blog? Yes, you can.

In fact, it turns out that this small tiny computer is more powerful than the machines I used to write most of my books on. And I edited them in OpenOffice, printed them as PDF, and then used Linux command line tools to split the PDF into PNG images of individual pages, and then publish those on my website in the online reader form. I did all that on an IBM T43 laptop, which was less powerful than this Raspberry Pi thingy. Of course you can do it, and in fact that’s how I wrote this article; I connected the Raspberry Pi instead of my desktop computer, and used it to drive my usual peripherals. It doesn’t feel slower when you write the document; you can do most things just fine. I used computers with less power and memory for most of my career, because that’s what we had then. It’s actually quite smooth; I installed Gimp from the terminal while writing this article and not even a hiccough. Then I used Gimp to crop a screenshot and save it. It did it just fine. I just got used to computers that do the same things faster, that’s all. Using this thing didn’t degrade me into stone age. I could even plug my external HDD into it and process raw photos from my camera if I had to. I would use dcraw, rawtherapee and gimp instead of lightroom, the way I did for years, and guess what, you wouldn’t be able to tell the difference, because I did it exactly that way for five years and nobody could tell the difference between that and lightroom anyway. I just got suckered into using tools for lazy people, tools that make it very easy, but that don’t actually do anything I couldn’t do manually with some more effort. I could also do just fine without the online cloud services, and guess how I know? Because I was here before they were. I was on the Internet and finding my way around quite well before Google was a twinkle in its authors’ eyes. Some of those tools made things easier, but the price might be too great. Ease and comfort, apparently, can be weaponized as a vector of attack. You make it easy for people to access the same file from several devices and they don’t stop to think that their files are stored on someone else’s computer in unencrypted form. You make it easy for people to connect to other people online and they don’t stop to think and realize that their entire social life is now owned by a company whose primary motive is to sell you to the advertisers, and to control the entire experience as to be more presentable to the advertisers. Also, that they hire fuckwits who studied feminism and social justice and who want to change the world to be more like an American college: meaning, that it requires less thinking, more feeling good about yourself, and excluding everything that gets in the way of feeling good and not having to do any thinking.

However, someone bricking your PC might actually be a lesser concern. A greater concern might be someone blocking your Visa card because you’re on some political list. Also, the banks might not allow you to open an account. You might not be able to get a loan for a house or a car despite your stellar credit rating. Police might track your whereabouts using your phone, because you’re on a list of “extremists”. You might be stopped from boarding a plane. You might be taken off a plane in an islamic country that has you on some shitlist, because you criticised Islam online. Those threats are actually more real, and I’m actually not making those up; that shit actually happens now, as we speak. It’s just far less common than it could be, once the technology proliferates. So, sure, I used a PC made from a phone chip to write an article on the Web, big deal. I can maintain the same kind of online presence with rudimentary technology, and nobody would notice the difference. However, that proves one interesting point: that the advancement of technology in the last two decades was actually much less drammatic than one would think. We just got used to the fat and expensive tools that do basically the same job as the old lightweight free ones. Also, it means that America can cut the rest of the world from their technology, and the rest of the world could do just fine with Raspberry Pi boards made in China for $1, and they would actually be forced to get more creative with resources and possibly find better ways of doing things. Being reduced to simpler computers wouldn’t actually degrade life much, because faster and better computers didn’t upgrade it much. They just made it easier for stupid and incompetent people to think they are advanced, smart, trendy and techy, while in reality they are just stupid consumers.

So, what am I going to do now; continue using Raspberry Pi as my main PC? Hell no. It can only display a 1080p image on my 4K monitor, which makes everything blurry. Also, I have to pay attention to memory use because it only has one gig of ram, and so on. But I know one thing. If America does cut me off from American technology, I will find whatever piece of junk that runs Linux and connect to Russian-Chinese Internet, and I will do just fine. I used to write code on a potato when Web was an experiment on Tim Berners-Lee’s Next cube, I wrote books on computers that couldn’t walk and fart at the same time, and I can do it again if necessary. The only thing that’s actually scary for me is thinking how easy it was for me to get used to the idea of giving up privacy and security just to make things a tiny bit easier and more comfortable. Because of this, I might actually start intentionally giving up various online service that make things unnecessarily easy, but at a hidden cost. I will also give Linux a second chance.

However, if that is scary to me, there’s another thing that should be scary to the Americans, and that’s the idea of a smart person that’s comfortable using Linux tools on a Raspberry Pi instead of a Macbook. Because that person might understand that he can do just fine without all sorts of things that make him a slave. For instance, he might understand that the AGC computer that got people to the Moon was computationally much weaker than the toy I’m writing this article on, and that St. Augustine and Isaac Newton used ink and parchment.

UnGoogle

Posted on by
14

I just uninstalled the Chrome browser, after many years of use; I use Firefox now. Also, I have been using the DuckDuckGo search engine for months. This is my response to Google persecuting non-leftist political voices and acting as a hostile political force. Also, I consistently use adblock, and will do so for as long as they censor and demonetize my favorite youtubers. It is difficult to stop using them completely, for instance I still sync contacts, notes and calendars through google, but it’s a start.

The problem is, the entire Silicon Valley is a leftist cesspool and to really get away from that, one should slowly stop using American services. This would be quite unpleasant to attempt all at once, but honestly, the sooner the better, since everything American you use is just another thing that holds you hostage. Android and Windows were already used as a weapon against Huawei, x86 CPU architecture is a weapon, ARM is a weapon, Internet and GPS are weapons. I get it, everybody got hooked and it will take time to get out of the trap. However, one thing at a time.

Alternatives to Mac OS

Posted on by
Reply

Since Apple seems to be working very hard on alienating their Mac user base by introducing poorly designed “innovative” products with incredibly bad and unreliable keyboards, very breakable display cables, keyboards that rub on the display and abrade coating, and ports that would be excellent if everybody already used them for everything, which is not the case, I think I’m not alone in trying to figure out a plan B in case they just refuse to listen and keep releasing increasingly overpriced unreliable garbage.

Linux would be great on desktop if someone actually worked for real money on making it usable. So far, everybody just spawns distros that aren’t actually fixing the real issues, and I really tried making several of them work for me, but the list of issues is too profound for me to even get into. It’s a steaming pile of garbage designed to look good on screenshots and presentations, but which breaks apart when you try to actually use it. Also, Linux managed to alienate commercial software developers to the point where things don’t seem to have much hope of getting better.

Windows, on the other hand, has another set of flaws: updates are intrusive, frequent and tend to break the system ih a high percentage of cases. Also, it installs stupid games and other software without asking anyone, wasting space and bandwidth and annoying me in the process. Privacy concerns are significant. However, unlike Linux it actually runs all the software I need, and the hardware actually runs much faster under Windows than it does under Linux, no matter what the penguin geeks tell you. Windows 10 actually has the quickest boot out of all 3 desktop OSes, it has greatest hardware compatibility and the only thing it actually misses is the ability to run Unix console and software natively.

Or at least it used to be the case. Enter the Windows Subsystem for Linux (WSL). It’s basically something you turn on in Windows by running the following command in PowerShell (as admin):

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

Then you reboot the system when prompted, and then go to the Windows store and install one of the WSL “distros”, such as Ubuntu, Debian, OpenSUSE, Kali, Arch, Fedora, or whatever. I’m using Ubuntu because I’m familiar with where stuff is. You install this “package”, open it and follow instructions. When it’s done creating your user account, you can install the service packages, for instance mysql-server, apache2, php, python and the like. Every shell application I tried works, except for nmap.

WSL, despite the name, doesn’t have much to do with Linux, since it doesn’t contain the Linux kernel; instead, it uses a translation matrix which translates Linux system calls to something Windows kernel can understand. It actually reports Windows kernel:

Linux DANIJEL-KANTA 4.4.0-17763-Microsoft #379-Microsoft Wed Mar 06 19:16:00 PST 2019 x86_64 x86_64 x86_64 GNU/Linux

Considering how it does its thing, it’s a lesser miracle that it works as well as it does, and it does work well.

All host partitions are mounted in /mnt and are presented as letters, in the usual DOS/Windows fashion.

danijel@DANIJEL-KANTA:~$ ls /mnt 
c  d  e

You can symlink the host directories into your WSL home folder; for instance, Documents, Pictures, Downloads, Dropbox etc., and when you modify them from WSL, the modifications are of course visible from Windows.

danijel@DANIJEL-KANTA:~$ ln -s /mnt/c/Users/danij/Dropbox/ .

Just don’t try to access the WSL directories from Windows because that won’t end well. There are other issues: the terminal in which the WSL runs doesn’t support tabs and has the PowerShell clipboard behavior, which is “standard” only in Windows, and incredibly confusing. Also, the Linux GUI applications don’t run by default. Both those issues can be resolved.

In order to run Linux GUI apps, you need an X11 server. This needs to be installed in Windows. People usually recommend XMing, but I advise against it because of the unreliable clipboard behavior. There is a version of XMing compiled in Visual C++ called VcXsrv, which solves this problem, however LibreOffice hangs when attempting to run in it, so I ended up purchasing X410 app from Microsoft store; it’s commercial and seems to work the best (edit: I had stability issues with it, it just seems to hang for no reason). Also, once you are able to run Linux GUI apps, you can install and run your Linux terminal emulator of choice, such as gnome-terminal, mate-terminal, or whatever. This solves the lack of a multi-tab terminal and gives you the expected Linux keyboard shortcuts.

sudo apt-get install gnome-terminal gedit galculator geeqie

Another problem is that the processes you start don’t detach from the terminal, which would be the preferred behavior. This can be fixed by writing the following /usr/local/bin/run script:

#!/bin/bash 
$1 $2 $3 </dev/null &>/dev/null &

Make it executable with

sudo chmod +x /usr/local/bin/run

and you’re set. Of course, in order for Linux to know where to send the GUI apps, you will need to append the ~/.bashrc file with the following lines:

DISPLAY=:0.0 
export DISPLAY

Also, you will need to apply the dbus fix in order for things to work properly:

sudo apt-get install dbus-x11

You should also cat /etc/machine-id to verify that it’s a valid UUID with no dashes, and if it is, you can now run your Linux GUI apps:

You start them by invoking the “run” script we wrote before:

run gnome-terminal

This works great for almost everything, but I did write a few scripts that make things quicker, such as “edit”:

danijel@DANIJEL-KANTA:~$ cat /usr/local/bin/edit 
#!/bin/bash
run gedit $1

Essentially, such scripts invoke the “run” command with pre-defined parameters: gnome editor and filename in this case. You can make similar scripts for terminal, or LibreOffice writer:

danijel@DANIJEL-KANTA:~$ cat /usr/local/bin/writer  
#!/bin/bash 
run libreoffice --writer $1

The way to open documents is with xdg-open, but of course it doesn’t detach from terminal so you would need to write a /usr/local/bin/open script invoking run:

#!/bin/bash 
run xdg-open $1 $2

As an example, this will open a PDF:

open price_list.pdf

It’s actually awesome that the application you run from WSL doesn’t have to be a Linux app, it can also be a native Windows one, and you can design your run-scripts accordingly. For instance, this version of /usr/local/bin/edit runs the Notepad++ which is Windows-native:

#!/bin/bash 
/mnt/c/Program\ Files\ \(x86\)/Notepad++/notepad++.exe $1

Unfortunately, you would actually need to write such run-scripts unless you want to manually add every Windows application to PATH, because manually typing this shit every time you want to edit something is not an option.

Good news which might eliminate the need for most of these hacks is that Microsoft seems to be working on a new and improved terminal for both WSL and PowerShell, and also on WSL2 which will actually include a Linux kernel.

So, with all those hacks included, is Windows 10 a good replacement for Mac OS? I guess it depends. First of all, Mac is not really a hack-free solution if you want a usable terminal environment. It’s missing almost all useful GNU shell tools out of the box, and those need to be installed via Homebrew or Macports. Also, its terminal needs a bit of tweaking in order to look good and work well. And I still have a Linux virtual machine on my Macbook pro, just in case. And there’s occasionally that odd piece of software that happens to run only on Windows. So, whichever way you decide to go you are unlikely to avoid workarounds and tweaks. Also, Time Machine on a Mac is a lifesaver: if your Mac happens to die without a warning, you can buy a new one and simply restore it from backup, and in a few hours you’ll have a carbon copy of your old machine, fully working. With Windows, 3rd party solutions exist and work well, but the built-in backup system was trash the last time I was unfortunate enough to attempt it, and it failed to do anything useful, forcing me to do a full system rebuild from ground up, taking days to get everything right. This sounds like a little thing, but I assure you it isn’t, especially when you have work to do and your main machine is FUBARed. It’s such a big deal I’d gladly pay a bit more money for a Mac, but if a Mac is built like shit and also overpriced, I might just get annoyed enough to look for alternatives, even if they require 3rd party solutions and hacks. I do use Windows on my desktop machine, and WSL with the aforementioned tweaks works really well, but the real question is what I would do if my Macbook pro suddenly died. I guess I would still wait for Apple to fix their present SNAFU, but I’m preparing just in case they don’t.