:: Re: [DNG] librezilla: [WAS: Has any…
Góra strony
Delete this message
Reply to this message
Autor: Miroslav Rovis
Data:  
Dla: Enrico Weigelt, metux IT consult
CC: dng@lists.dyne.org
Temat: Re: [DNG] librezilla: [WAS: Has anyone tried waterfox?]
On 170922-16:13+0200, Enrico Weigelt, metux IT consult wrote:
> On 22.09.2017 08:24, Edward Bartolo wrote:
> > Quote: "if you build your own boards"
> >
> > You mean design my own computer motherboards?!
>
> Yes. Daily job in embedded world.
>
> And there're also lots of suitable standard boards, even complete
> machines, you can just buy.


Think Beaglebone Black and previous and later Beableboards (all completely and
truly *open hardware*). Think Raspberry Pie (non-open hardware Broadcom
processor, but RPi is most widespread, potential backdoor not yet (widely)
known). And many other SoC --[S]ystem [O]n [C]hip boards (mostly, except for
a few like the most powerful and cheapest-for-the-offered-power below, open
hardware).
>
> > that would
> > not guarantee me that the actual work horses, the CPU cores, were
> > clean.
>
> The risk is pretty low: these SoCs are optimized on small size and
> low energy consumption. The chips are much smaller, but also have
> lots of peripherals included. They come in thousands of different
> variants. And we do all the low level inits on our own (in bootloader
> and kernel). So, there isn't much room for such hidden malware.
> (the chip vendors usually don't even manage to provide usable
> bootloaders and kernels on their own). This is a *very* different
> situation than w/ x86.
>


Except with Udoo the *fake* open hardware. Based on Intel x86 processor, as I
strongly suspect.

According to:
https://www.linux.com/news/survey/2017/6/hacker-board-survey-results-more-raspberry-pi-please
Udoo is making inroads in the embedded market, because of relatively low price
where no one seems to be able to beat Intel. But look at their manuals, they
are proprietory and partial. Was started by crowdfunding (or somesuch, no time
to re-browse about it) and they had promised open hardware. But they only have
words "open hardware" at one place in one of their manual that I perused (and
which banned any use/citing/disseminating of any info therein w/o
permission, get that!?)...

I have very little doubt Intel put backdoors in Udoo. Why else would Udoo go
back on the promise of Open Hardware, and go dirt cheap in comparison to
competitors?

Equivalent Beagles are significantly more expensive. But they all offer true
open hardware.

(Sadly, currently here it's hard to put together finances for even BBB
--[B]eagle [B]one [B]lack-- since it's not just the board, but the peripherals
necessary for my purposes (BBB itself is around 50$)... Above, I've only
described what I found out earlier in these weeks in my searches ...it's all only
wishfulness, not experience.)

And librezilla sounds interesting... (Upfront to say, I might only contribute
with testing once Alpha is out, very restricted developer skills here.)

But setting it's home to maillist at google is repelling to me.
(
Anything google is a privacy risk, why use it?... Talking about it, also
Beagles have the maillist set to Schmoog groups... but I think participation
there does not have to involve web.

Well, then, if it doesn't involve web, pls. Enrico, make it plain clear to
people they don't have to subscribe to Schmoog groups to participate (because,
i.e. in Beagles groups you can read many figured out they needed to, else they
wouldn't be able to participate)... if/once your project takes off. In case
you, instead, can't, or have no time to, get it somewhere open and free from
privacy risk (would be much better!).
)

If I had the time (I certainly wouldn't use google translate), I'd browse
around to translate for me this piece (by the same author enrico.weigelt@...):

Gefährdeter Datenschutz: Firefox löscht lokale Datenbanken nicht
https://www.heise.de/forum/heise-online/News-Kommentare/Gefaehrdeter-Datenschutz-Firefox-loescht-lokale-Datenbanken-nicht/Fork-now-Librezilla/posting-31071325/show/
I think Datenschutz is data protection, Datenbank is probably data bank, so
probably:

Endangered Data Protection: Firefox does not Protect Local Data Banks

Or...?

And I also thought:

Nach meinen Erfahrungen mit den Mozilla-Leuten sind das offenbar keine Bugs,
sondern Features.
Für Datenschutz und Privatssphäre haben überhaupt kein Verständnis
(wundert auch nicht - saßen ja lang genug mit Google zusammen im Haus).

When I ???[Erfahrungen, communicate]??? with Mozilla people those are (for
them) often no bugs, but features. For data protection and the private sphere
they have no understanding (and that does not wonder -- ????[saßen, they've
been sitting]???? pretty long with Google in the House).

As you can see at least two word missing, understanding not full or even wrong.
And so with the rest of the text.

But Enrico talks about how they censor people who even come with simple
questions about things (I could prove I was censored myself by Mozilla!), and
he talks more, and ends that email with saying how he has already started
*Librezilla*.

Brought that here, because for a while, Germany was looked at as the future
leader in the return of the respect for privacy, by people like Julian Assange
and Edward Snowden... Alas, hasn't been materializing yet...

But... unill, and if, Librezilla reaches Alpha, I think Palemoon is an acceptable
option. My install is from Steve Pusser's repo at SuSE, but I recompiled the
sources without dbus
(
all my Devuan systems are sans-dbus at this time, something unfeasible with
almost any GNU/Linux distro other than Devuan and Gentoo --but currently no
Gentoo here--;

and my Devuans are with pure Alsa, no pulseaudio here, all that
with no issues (well hardly any worth mentioning), audio and video work in my
Palemoon[1], as well as MPlayer, Mencoder, FFmpeg, Vlc, most probably anything
would work that is either non-dbus-depending, or is dbus-disentagleable-from,

and I have to thank *dev1fanboy*'s tutorials for that, because it was his
wisdom enshrined in those pages of his --don't have the link at hand, but
browse my posts on dev1galaxy if anybody is interested; links and all is
there-- I owe dev1fanboy the knowhow for my freedom from dbus, and likely
related to it, from pulseaudio: it's much easier rid yourself of pulseaudio in
a lean and mean system, then in a DE-bloated system
).

---
[1] audio works, but more testing would be needed, haven't tested all, because
of google's intrusivity; they can put most any spyware in videos, and I'm
looking for the knowhow how to safely deal with Youtube videos, a very hard to
gain knowledge, very advanced... not nearly there, not even in my dreams there
yet...

Regards!
--
Miroslav Rovis
Zagreb, Croatia
https://www.CroatiaFidelis.hr