On 21.09.2017 18:12, Edward Bartolo wrote:
> Excuse me for interrupting this conversation, but, what is the point
> of making sure a browser is secure knowing there is a complete HIDDEN
> OS running all the time?

Not everybody uses (recent) x86 :p

We can't take care of everything at once, and IME backdoors probably
aren't available to everyone (and exploitable everywhere).

> The fact that even GNU/Linux cannot get rid of such an OS is
> depleting me of motivation to seek a more secure system.

Look for ARM or PPC.

I'm pretty busy in embedded world, and I'm quite sure there're no
such backdoors, if you build your own boards (or use common SoMs).

> Sorry for my intrusive rant.

I can understand your frustration, but we aren't completely lost.
We just have a lot of work to do and need to carefully revise
our systems.

Librezilla is one of many projects where we need all hands on deck
for a while - until the big threats are out. After the initial phase,
the load will go down heavily (we yet have to decide whether we stay on
esr52 and maintain it in our fork - and *intentionally* ignore all these
fancy future (mis)features, or base on mainline and drop all the
unwanted stuff).


--mtx

--

mit freundlichen Grüßen
--
Enrico, Sohn von Wilfried, a.d.F. Weigelt,
metux IT consulting
+49-151-27565287