For some reason wifi vendors typically ship devices without any radio firmware at all, but leave it up to the driver to load it. Rendering the device 100% useless without loading some external proprietary blob.
A key difference is that a hard drive can't secretly send information out. I'm fine with an isolated component the rest of the architecture can treat as a black box (even sending only encrypted data to it). But the wifi chip can easily build its own IP packets and leak a bunch of information to the internet or it can have an easily exploitable backdoor.
a hard drive is a huge source of attack vector. In particular if you're running full disk encryption with a very tiny unencrypted ext2 boot/grub2 partition, malicious firmware on a disk can intercept the plaintext keystrokes for a passphrase-unlock on FDE. This is a known intelligence agency attack vector.
This specific platform has all of the tpm module feature set disabled, no? Since the code running inside the tpm is proprietary and closed. To the best of my knowledge super gpl zealot users rarely choose to store a key in the tpm for full disk encryption unlocking purposes.
The problem is that many wifi adapters require loading a binary blob at initialization time. "Burnt-in" firmware is practically the same as hardware, which you already trust since you bought it.
Not so much for the firmware blobs the vendor maintains in the "linux-firmware" kernel.org repository and that are absolutely required for the device to function.
Yes, because the CIA would never lie to us, right?
They would never poison a Russian ex-spy to make Putin look bad?
I don't think this attack was orchestrated by a US entity. Or Russian for that matter. But when an entity that's hell-bent on controlling the worlds information gives a blanket statement about something without proof, I can only assume it's a lie.
It's easy to find information on bad things the CIA did [1], "minor" things of note including classic hits like "imposing a dictatorship in Iran, leading to an Islamic fundamentalist revolution and thus creating a powerful enemy against the US where there wasn't one before" and "trafficking drugs into the US and greatly amplifying America's drug problems", but looking for times where they actually did good for the country leaves me with little if anything.
The CIA's actions aren't done in national defense. They're a subversive organization. The fact the CIA suddenly shifted from being a shadowy government organization that people pretty much only knew about through action movies to being "open" about their ongoing activities within these past few years raises some red flags. Looking at the CIA's history, it's incredible that anyone would sit there and think they're trustworthy. I encounter people trying to say "well that's in the past" pretty often, which is a silly position to take, because why would they have any reason to stop?
I just read Shah of Shahs and I think it was a great little introduction to modern Iran and where the deep-seated resentment of the United States in Iran comes from.
> A party which aggressively blocks and filters anything critical of the government, the installation of key-loggers, face recognition cams, firewalls, and a huge system of monitoring social media
I'm sure you're aware of this, but I'd like to point out that U.S. (and many of its allies) has all those things as well, apart from the aggressive filtering.
The US has no laws requiring firewalls to block or censor content from foreign countries. The US doesn't block VPNs and there is no law against them.
Yes, they try to snoop on communications, but in US domestic citizens and companies can resist with encryption and in the courts, and in general, a warrant is required for legal access. Having the NSA snoop on your conversations or use 0-days to hack isn't the same as being told to put security backdoors by the government and go to jail if you don't.
And "aggressive filtering" is your euphemism for the Great Firewall? I'd call sending to to jail for selling a VPN a little more than "aggressive filtering"
I've lived in China and to call it "aggressive filtering" is a pretty nice way of putting it.
As an "old-school" sysadmin I have the opposite view: it's difficult to find jobs that don't require AWS these days.
I know perfectly well how to provision and scale a large infrastructure and can give you 99,999% availability in any application, BGP if needed.
Yet no one is interested in that. Sure I can write Ansible scripts and Terraform policies, but it's a miniscule part of my skillset and doing it on AWS is just boring compared to building the backend that powers it.
With Ubuntu, every time you want to fix something with your car, you roll it into the garage, pop open the hood and get to work. It's intensive labour, results will vary, and undoing a change can be really difficult.
With NixOS, it's like 3D printing a new car every time. You'll design a model, press a button, and the car gets built from scratch. If you don't like it, tweak the design a bit, and print a new car. If the new car breaks, just go back to the previous known-good one, which is already in your garage. You can even take the design documents to your friend and generate an exactly identical model.
> With Ubuntu, every time you want to fix something with your car, you roll it into the garage, pop open the hood and get to work. It's intensive labour, results will vary, and undoing a change can be really difficult.
You can do it that way, but I wouldn't recommend it. If your Ubuntu system becomes that way, it has become unmaintainable.
All modern server deployment methods describe the deployment in code so you do "print a new car" every time you change something. This includes Ubuntu.
On the desktop, you largely don't need to pop open the hood at all. If you find yourself doing that, you have yourself an experimental system and not production system.
Unfortunately sometimes you do need to pop open the hood to see whats going on. Regarding ubuntu or rather its derivative mint for example I had to fiddle with xorg.conf to allow me to manually set the fans on a card because the desktop was overheating even with reasonable cooling in a small apartment with no ac in the middle of summer.
In case you didn't know nvidia driver doesn't let you manually set the fan without enabling this in xorg.conf or drop a file in /etc/X11/xorg.conf.d Not knowing about xorg.conf.d at the time I merely set xorg.conf and was very confused to find that it continued to overheat and further that my file was not modfified but gone. This happened periorically seemingly at random.
Turns out their driver manager mints gui for installing proprietary drivers had installed the optimus package to enable a laptop with dual gpus to work properly on a desktop and that the post install script for this package was helpfully removing /etc/xorg.conf every time it was run when said useless package was updated.
Moving the snippit to xorg.conf.d was helpful as was finding and removing the useless package but we are still looking at an issue on a relatively recent machine that couldn't be fixed without grep and a xorg config file in a recent version of a ubuntu derivative.
Hard drives don't have that problem.