if your network card is proprietary, closed hardware, has access to network, has DMA, has drivers, what makes you think it doesn't connect to (((their))) servers and doesn't send all your data, including encryption password, keystrokes etc?
why isn't FSF doing their own network cards? I can imagine development and production of CPU or chipsets could be hard, but network cards are easy and simple, protocols are well documented, so what's stopping them?
Other urls found in this thread:
8ch.net
fsf.org
tehnoetic.com
security.stackexchange.com
fsf.org
static.fsf.org
fsf.org
savannah.nongnu.org
twitter.com
any differences between pci/pcie/usb2.0/usb3.0 network cards? in terms of botnet
The fact that I have an OpenBSD box acting as a router and no weird packets are showing up there.
You want something obscure and that requires authentication so ME has a hard time connecting. So probably running a private socks proxy with authentication and blocking all traffic not going through that proxy.
What (((network card))) do you use on your router? is it proprietary and closed source? what if the card hides those packets from you and you OS? What if there is special symbol in packet that makes all those proprietary cards to hide those packets and just send them quietly?
this is good to protect from ME. but what if the network card itself is the botnet? how do you protect?
...
It's just 3 wires, mang.
>What (((network card))) do you use on your router? is it proprietary and closed source?
There is no such thing as open source hardware. You can't ever verify that you got any given design without destructively analyzing the silicon with an electron microscope.
Which network card? Remember, there are at least three interfaces in the setup we were talking about.
The only possible weakness is if both these conditions are true
1. The network card in the workstation can read arbitrary portions of RAM, which is supposed to be prevented by the DMA controller.
2. The inward facing network card in the router(s) can talk to the outward facing network card in the router(s) without assistance from the OS.
The only way to mitigate against that weakness that I can think about is to build your own router or network card based on GPIO (FPGA or SoC) to provide isolation or ensure only the OS can send packets.
What makes you think serial devices don't have a built in backdoor? They wouldn't dare include one in GPIO because as it is used to control things like motors, DACs, etc., sending clandestine data without knowing if the receiving end is going to be compatible with the backdoor could mean interrupting the intended functioning of the interface. However, I agree it's probably better than ethernet because it's an older technology, and thus less likely to have a backdoor devised before the first devices began coming out.
If older Intel/Realtek/Broadcom etc. NIC drivers work fine, is it better to stick with them rather than upgrading to the latest ones?
Yeah the serial ports are very specialized now and mostly used for serial console applications, rather than actual data transfer like in the dialup days. So there's no good reason to backdoor them, espcially since they're absent from the majority of consumer gear. I had to buy pic-related to connect to the board from my laptop (but I'm going to get another SBC soon to replace laptop, and won't need this any longer). Besides that, well the chips have very little room for a backdoor. They're probably smaller (fewer transistors) than an average 8-bit CPU?
But the GPIO stuff is interesting too, and it might be possible to drive those at higher speed.
try reading the changelogs to see why it was updated. if its not a security thing and it works for you then theres no point in touching it.
bet that it takes a hour to load this page with that thing
Good luck finding those. Very rarely do drivers or firmware come with changelogs these days, rather it's "hurr it's new version x.xx.xxxx, take it or leave it, kthxbai".
Nah, it's quite a bit faster than that. I use this script for serial console:
#!/bin/sh -xecu -l /dev/cuaU0 -s 115200
The default speed for /usr/bin/cu is 9600, but I guess they do that for maximum compatibility. In any case, that's very old speeds. My first modem was 14.4K and could download 1.44 MB in around 15 minutes. I used to download floppy disk images from dialup BBS, so it was pretty easy to estimate how long it would take. ^_^
Anyway use Lynx and/or turn off images and you'll be able to browse fine. There's some SSL overhead of course, but the page itself is pretty small. Here's what Lynx reports (mind you it's compressed):
URL: 8ch.net
The FSF doesn't really do anything, except transfer money from goyim to a few Jew lawyers.
ok then. guess that its fine if freedoms are important and you only transfer text or have time to wait if you download other things.
must have changed then. they used to be on the same page where you get the driver and sometimes it would even be shown in the installer
...
No, absence of proof doesn't mean they're just too good.
it's always better to use old hardware
don't be a goy and don't fall into MUH PERFORMANCE MUH BENCHMARKS meme
The FSF is focusing only on software. They will happily partner with initiatives that are interested in documented hardware platforms.
But they are. As well as open source sound cards and other cards.
No evidence to suggest such a thing.
Please point me to FSF-approved network equipment.
i use ath9k, it has literally 0 firmware and literally 100% open source drivers
It has firmware, you just don't need to upload it on every power up from the host. Don't fall into stallmanisms -because I don't see it, it means it isn't there-.
Yeah nah. That's a strawman.
How is it a strawman? Having binary blobs on your system that you have to upload to the device isn't any worse for security than the device having blobs on its internal flash memory. If anything it's worse, because it means it's harder to reverse engineer the firmware, since you have to somehow get it out of the device first or find a copy on the Internet.
It’s trivially easy to detect that kind of activity. If it was happening it would have been discovered by now by someone like user with the openbsd router. OP makes it seem like a network card could make clandestine links without anyone noticing but OP doesn’t know computers too well.
There is another side to this...
If device firmware can be updated easily (not needing a PIC or AVR programmer or whatever directly connected to it), then that opens the possibility of injecting malicious firmware into the system, for rootkits to bury themselves deep. Kaspersky found such rootkit on some HDD controller firmware like 5 years ago.
But if firmware isn't writable easily, then it's almost like having the code in ROM, so it can't be used for such subversions.
Primarily because
* I use open drivers that I've audited, so if there was a backdoor of any sort, it would have to be entirely in the driver.
* it's trivially easy to detect this kind of suspicious traffic (and I do audit my network traffic)
* everything communicates through SSL so nothing reaches the network card until it's already encrypted and signed, so even if my network card was backdoor'd, it can't MITM me to get my encryption password or keystrokes in the first place.
Tinfoil hatters are the worst because they almost all tend to be horribly ignorant to any and all technical details.
It took like 5 seconds
fsf.org
bwahaha $34 for a rebranded chingchong 4.0 BT dongle
You are assuming the code didn't come with a backdoor in the first place.
Additionally if the code is uploaded to the microcontroller's ram on every boot and it has no flash, then there's no risk of a permanent backdoor.
The problem comes when the device has flash and it's easily writable (whether it requires a boot-time firmware upload or not). But here's the thing, almost every device with a flash chip has a writable firmware, because manufacturers like to keep the option to provide updates to their client's devices to fix bugs without having to open the device, and most importantly, because it's actually easier and cheaper to have the small internal rom bootloader in the micro write to the flash chip than to have a connector on the board with a shit ton of pins to provide access to the flash. Some micros will have a JTAG pin that allows access to the flash without cooperation from the micro's CPU core, but that still requires the write pin being connected to the micro. So given that the write pin will be connected on about every device, even if the firmware is not intended to be modified, as long as you can run arbitrary code on the device (through a buffer overflow exploit for example), you can write to the flash and modify the firmware.
If you have an old computer that does not support IOMMU (or it is disabled), then the network card has access to pretty much anything on the system RAM. If you have an IOMMU and it is enabled, then there are a myriad of exploits which could be done to get access to system RAM (see security.stackexchange.com
At this point it's clear the FSF's purpose is to milk as much money as they can from people before Stallman dies and everybody stops giving a shit about free software.
None of the money goes to developers. It all goes to a few lawyers and managers who sit around all day doing jack shit. And it shows.
Stallman doesn't believe that "I don't see it, it means it isn't there". That's just your own strawman argument of Stallman's actual beliefs.
He says proprietary firmware is ok as long as it can't be changed, because then it's indistinguishable from hardware. But he ignores the fact there's no way to know it can't be changed without decapping the damn chip and reversing it with an electron microscope, and then doing a vulnerability analysis. He ignores the fact firmware can spy on you even if it can't be changed. He ignores the fact that sufficiently complicated hardware can spy on you just like software can. He ignores pretty much all practical matters except muh for freedumbs.
I'd rather know the government is not spying on me than being autistically proud my main CPU is running free software while my memory controller is owned by the NSA from the factory.
Technoethic isn't an initiative by the FSF or Stallman. It is an initiative by someone who is not associated with the FSF.
Yeah, that's my point. They aren't spending their money on any useful hardware or software development or jailbreaking, only kike lawyers who haven't ever achieved anything.
The FSF aren't going to spend their money on developing hardware because that's not their mission. They spend their money on developers programming for GNU.
Source? I thought the GNU devs were all volunteers. Maybe I'm misremembering that accounting sheet somebody posted on another thread.
you started off reasonable but then went full retard. i dont want hardware backdoors OR software backdoors, so obviously i run code that i have the source for.
usually people just use proprietary software because they're too brainlet for otherwise. and then they make retarded justifications like you just made and start throwing around "stallmanisms", "stallman this stallman that". actually RMS has absolutely nothing with the need for compiling from source
fsf.org
The GNU project isn't going to reject programming work that conforms to their standards. People who wish to volunteer for GNU are able to do so.
let me guess, you check the port numbers and nothing else aside from looking for a "I AM HACKING YOU >:)" string, and dont even look inside the HTTPS data that was used to make this post
Please define (or at least describe more elaborately).
Thier ulterior motive
And asking people to support shady political bureaucrats
That doesn't say they give the projects any of the money from the donations given to the FSF. It just means they let the projects run any donations they manage to get themselves through the FSF for tax purposes.
it's not easy if the network chip hides those packets from you and your operating system. there is only few network chip producers, why wouldn't alphabets contact them and force to implement a special function, that a specific flag in a packet will hide it from hardware that uses the network chip, but network chip will pass the packet to destination?
Your comprehension is lacking.
Yes. It means exactly what I said. If the FSF gave THEIR money to the projects, what would that 10% fee be over? Nothing, they'd just give you less money, not charge you a % of anything.
It sates what you can spend the money on, because non profits are legally required to spend their money according to certain regulations and laws (it can't grow it's money reserves too much for example, since the whole point is to spend all the income and not have any profit), in exchange for not paying taxes. So if you run YOUR donations through the FSF to avoid paying taxes, you have to meet the nonprofit regulations that apply to the FSF (since the FSF is a nonprofit). Or you could create your own non-profit yourself and avoid paying that 10% to the kikes running the racket called the FSF.
Why do you think it's called FISCAL sponsorship? Fiscal means taxes. If it just meant they gave you some money to develop shit, it would be called financial sponsorship, not fiscal sponsorship.
What does the distinction between financial sponsorship and fiscal sponsorship have any relevance to the fact that the FSF spend their money paying developers to develop software?
There are various ways to analyze ethernet signals. You can use a digital oscilloscope. You can analyze the spectrum and reconstruct the signal with an rtl-sdr. You can use an FPGA. Maybe the GPIO on a RPi would be fast enough, especially if you configure the card to use a low speed. You can hook it up to a DDR data line and use an address decoder and read data from that address.
What you posted is not proof of your claimed "fact" nigger. They might give money to develop software, dunno, but the link you posted as proof is about something else. I already explained the distinction and why it is important in the post you responded to. If you're going to keep insisting "fiscal sponsorship" means they give you money rather than taking your money and giving you 90% of it then believe as you wish.
If you actually believe your claim, you can verify your hypothesis in two months with 500 dollars in hardware, become famous as the researcher who detected an NSA backdoor on every device with an ethernet chip, and get your money back with interest and a six figure job reversing malware or consulting, so proof of concept or gtfo.
The link I posted proves that the FSF pay developers to develop software. You can choose to get fiscal sponsorship by the FSF. The page shows that the FSF also pay developers to develop software regardless of whether you have a fiscal sponsorship with the FSF.
No it doesn't.
You proved that much. It just doesn't mean what you think it means.
I don't think so. Which specific sentences shows that, according to you?
The quote I made says so. You are misinterpreting the quote I made as "when you are fiscally sponsored by the FSF, then the amount of donations you receive is the maximum you use to pay developers". This is not a good interpretation of the quote. The quote is simply giving examples of what a sponsored project is allowed to spend their money on. A fiscally sponsored project has access to the whole FSF fund and can use it when they can properly justify it to the FSF.
So you are admitting you pulled the
claim out of your ass?
Let's analyze the sentence you presented.
This just says what projects spend money on. It doesn't say where that money comes from or who raises it.
This means that if you're using fiscal sponsorship, the FSF must approve your project expenditures, but in principle they're decided by the project developers themselves through a pre-determined representative. The reason they need to do this is to make sure you don't get them in legal trouble by spending money in things a non-profit shouldn't be spending on.
This means they take 10% from you to make up for the resources spent on giving your project fiscal sponsorship.
So... How do these sentences support your claim that a fiscally sponsored project has access to the whole FSF fund and can use it when they can properly justify it to the FSF?
In fact, let's look at the financials. Attached is the relevant section from static.fsf.org
IF they gave any money to projects, it would be in sections 2, 3, 11g or 14.
But as you can see, from a total of 1.2 million, two employees (John Hsieh and John Sullivan from other parts of the report) get 200k, other nondescript employees get 550k, other random office and upkeep expenses amount to about 400k, and only 30k are fees for services for non employees, which could mean money given to devs to work on a project or could mean money given to contractors to remodel the roof or fix the plumbing.
Now, what do the employees do? Are they the coders working on projects receiving "fiscal sponsorship"? No.
List of employees (fsf.org
Richard M. Stallman, President
John Sullivan, Executive Director
John Hsieh, Deputy Director, Clerk
Andrew Engelbrecht, Senior Systems Administrator
Donald Robertson, Licensing and Compliance Manager
Jeanne Rasata, Assistant to the President
Matt Lavallee, Operations Assistant (He mails your orders from the FSF shop, picks up the phone when you call, and does all kinds of other useful things.)
Ruben Rodriguez, Chief Technology Officer (Ruben started his career developing free software for research centers and universities, then founded the Trisquel project and other nonprofits. He has been collaborating with the FSF tech team since 2008, and finally joined as a senior systems administrator in 2015.)
Craig Topham, Copyright & Licensing Associate
Dana Morgenstein, Outreach & Communications Coordinator
Ian Kelling, Senior Systems Administrator
Michael McMahon, Web Developer
So as you can see, lots of assistant assistants and coordination coordinators. No much development to speak of except a few sysadmins to keep the FSF/GNU site working and maybe Savannah and some random Apache servers giving out a tar.gz file once a month.
Now the question is, are they paying you to come shill for them here or something? Is your salary somewhere on that balance sheet or is it an under the table thing?
And frankly, I'm not even sure if the GNU site and their associated repos is maintained by any of these people -the site doesn't say-.
After some additional research I found Savannah is not run by them either.
>This project is not part of the GNU Project. - savannah.nongnu.org
No I'm not, you're simply misunderstanding what I'm saying. In the 2017 financials, the FSF spent $201,202 on "COLLABORATIVE DEVELOPMENT AND DISTRIBUTION OF AN OPERATING SYSTEM" which includes "THE FSF SUPPORTS GNU WITH RESOURCES FOR COORDINATION, PLANNING,SOFTWARE DEVELOPMENT INFRASTRUCTURE, WEB AND DOWNLOAD HOSTING,COPYRIGHT STEWARDSHIP, PROGRAMMING WORK, AND PUBLIC PROMOTION."
heh, today I learned that Stallman has a tard-wrangler. Everyone else of the lower positions has an email address with name, hers just is "[email protected]". They even have their quota tranny with jewish surname.
Nice moving the goalposts. We went from
to
The thing you posted comes from the same document I posted the other stuff. Both cover the 2016-2017 fiscal year. And guess what: it just means what I already said, except disaggregated in a different way, by goals supposedly accomplished and not in what assets or expenses the money was spent on. They pay the lawyers, managers and system admins I mentioned to "support gnu" which in practice means keeping the fsf.org and gnu.org sites online and hosting a few tar.gz source code downloads on the gnu.org site for various GNU projects, and supposedly provide legal defense too, although the only publicly documented case of the lawyers actually doing something besides writing the GPL was a lawsuit in 2008 against Cisco, and even then it's not clear they did anything, because the FSF was being defended by another nonprofit, the Software Freedom Law Center.
And I know it says they do, among other things, "programming work", but that's just part of a general bullshit mission statement. Show me which employee or contractor actually does the programming. The list of employees is public, so it should be easy for you to dig there, and as I explained there isn't much money left over possibly given to contractors (30k in the last published financial statement) but if you have any evidence that was money paid for code (as opposed to the myriad of other "services" it could be used to pay for, considering what the rest of the one and a half million went to) then present it to us.
seems like all these open source companies are just a nice way to profit from work that others did for free. they dont really need millions for anything since the hosting can be cheap or even free but they are kikes with bains so of course they will take the easy money that idiots give them.
So what you're saying is that you know the activities of the FSF better than the FSF are reporting to the IRS. protip: the FSF pay programmers to develop software.
Better than the FSF? Nah. Better than the accountant who wrote the report? Maybe.
Woah, woah, hold on there cowboy! They never said anything about programmers.
They said PROGRAMMING WORK. They're talking about the javascript code Michael McMahon wrote to turn the background red when you hover the mouse cursor over a menu item on the FSF's web page.
but they pay way more to the leader kikes that havent made any code in the last 30 years.
Anything that doesn't have my designated Tor guard as the destination IP.
Do you have any idea what the bandwidth, storage needs, and processing requirements would be to have every single bit of data from every single computer in the world transmitted to once place for analysis would be? You are simply a paranoid idiot.
Lol what a bluepilled faggot. They don't need to transfer everything. Just transferring a list of the windows that have focus most of the time and their most common words in their titles along with a count for certain keywords typed in (including passwords) would be a good start. Throw in a list of plugged in mass storage devices and you're set.
I hope you guys are aware that FSF was primarily made to protect against harmful legislature in the US. Its entire purspose IS to give money to (((lawyers))), albeit one that most of the time have our interest in mind.
Its like donating to an animal shelter and being pissed they aren't giving money back to the puppy mills (best example I can think of)
basically what I'm trying to say is donate directly to a program you like like