Recent reports have shown that Amazon will not disclose exactly what information they gather from the voice activated ‘Amazon Echo’ device.
Hey there freedom folks, happy GNU year to you all! The education and support of software freedom continues. Typically we think of computer software only on Desktop and Laptop computers, in our community this typically means GNU/Linux. But we also use mobile devices where security and privacy are just as important.
While Android is built on a base of free software, most phone comes preloaded with lots of non-free applications. Typically these are from Google and its app store. To that end, the community has developed a free software alternative called F-Droid (https://f-droid.org/) which distrobutes only free software applications. Media playback, business applications, graphics and games – there is something for everyone on F-Droid that respects your freedoms.
This month we will show you why you should choose this software over the non-free programs, how to install and use F-Droid and include some application recommendations to get you on your way. All questions are welcome as we can help out with any issues.
There will also be the usual Gnews segment and afterwards will be dinner at a local restaurant where the conversation can continue.
This is a non technical event and everyone is invited to join us. Event starts at 6:30PM Thursday 18th January at Electron Workshop – 31 Arden Street, North Melbourne.
Hope to see you there!
It has been revealed that there are two major exploits that exist in the vast majority of computers the world over. Unlike most typical exploits that are a result of security issues in software, these newly discovered issues result from purely hardware based problems.
See here for full details of the exploit - https://meltdownattack.com/
Meltdown impacts only those with Intel based processors. It is an issue that allows software to potentially run outside of its defined memory bounds. This means a malicious program has the potential to read private information on your computer such as personal passwords used for website logins, file encryption, banking etc. An equivalent would be if your neighbours could walk into your house unannounced and look around at everything you had. While they wouldn’t directly steal any physical objects they could see all your private details of your life and use them against you if they so wish.
For those running a free software based GNU/Linux system, the community has produced software solution that will mitigate the issues of Meltdown. A good example of how free software can allow us, the users, to control their computing rather than waiting for a controlling company to issue a patch when they see fit. That is if they even produce one for the users system.
Spectre is a similar issue that impacts almost every modern computer build since the mid 90‘s due to a similar functioning hardware flaw. It is much more difficult to be exploited however. This is an exploit that cannot be directly patched since it is related to how computers process instructions. The only way to avoid having this flaw is to either use a computer built before 1995 or wait for the next generation of computer to come along. That said those computers nowadays will mistreat you as they are typically running the Intel (Mis)Management Engine or the AMD Platform Sercurity Processor - both which take control away from you.
There are solutions being developed in the free software community to help prevent these attack vectors from being accessible to malicious players. In the last week - Free software projects such as program compilers like GCC and browsers like those based on Firefox have put into place fixes that should prevent the majority of potential threats. While it is not a perfect fix, it is the most viable.
There are a few long term issues in regards to Meltdown and Spectre that relate to free technology.
The need for Free Hardware Designs is more important than ever (https://www.gnu.org/philosophy/free-hardware-designs.html). Having all designs for computer processors available to everyone to read, modify and share. The functional and ethical benefits of free software can be used to improve hardware design so that it doesn’t mistreat the users and so that potential issues can be studied and fixed before they become an issue.
In the case of Intel (and majority of processor/technology companies), they do not allow anyone outside of their corporate organisation know how these chips work and thus they can intentionally hide these issues from the public, as was the case with these current issues. This is a power play that has put potentially billions of peoples personal information at risk of being leaked and used against them. There also definitely are other issues that are being hidden from the public and in light of these attacks this information is slowly coming out.
These companies have tried to cover up these issues before.
https://www.itwire.com/security/81328-when-f00f-bug-hit-20-years-ago,-intel-reacted-the-same-way.html
With Free Software it is possible to use software that has been audited by others to ensure that it doesn’t not have any malicious features that use these exploits. If any issues are discovered then the users are in control and can actively fix the issue as a community. With Proprietary Non-free software the users are completely hat the mercy of the software developers.
As computer hardware gets ever more complex, it becomes easier for hardware designers to hide malicious functionality. Intentional or not. More we need to demand the need for Free hardware design, it is no longer something that can be ignored. In combination with Free Software, this can ensure that the users have control of the products they own.
As we enter 2018 a stark reminder of the power of online service providers and the restrictive software on their own devices has come to our attention.
It has been brought to our attention that there are now a few hundered applications on the Android platform that are using the microphone on the users phones to listen to what they are watching on TV all without the users knowledge.