PDA

View Full Version : Cyber Wars ! What is Hack Attack ? Check: GCHQ & NSA efforts to control web in post Snowden-era



Cidersomerset
6th January 2015, 07:52
We hear about cyber Wars and Hack Attacks , cyber terrorism all the time. Some
articles that explain the current situation relatively simply for the tech 'savvy'
and not so. The US and China are the top 'spammer's yet like many things at
present 'Russian Hackers' is being blamed as the US mulls over a new cyber security bill.

Criminal activity is always a problem as in any walk of life, but this is an oppurtumiy
by calling it 'cyber Terrorism' and war to get control of the web and justify the NSA
surveillance and get the public back on board the 'Big Brother' is your friend and
protector and not a control freak and bully.

Like anything its a balance and no doubt cyber police will grow over the next few
years , and it will be interesting how things develop.

------------------------------------------------------------------------------------------------


Hack Check: NSA efforts to control web in post Snowden-era

3rfZXD-ZDpk

Published on 5 Jan 2015


The FBI says it had been tracking the hackers who attacked Sony Pictures in November.
Leading to questions over why the agency failed to stop them. Congress is now
expected to mull a cyber-security bill. Even as the NSA turns to recruiting young
hackers, as Marina Portnaya reports.

RT LIVE http://rt.com/on-air

---------------------------------------------------------------------------------------------------


Hack Check: How 'Russian hacker' became global brand

2FuAgQoREpM

Published on 2 Jan 2015


Cyber terrorists, digital crusaders – hackers are as diverse as the causes they trumpet
and the hats they don. In RT’s Hack Check, we’ll venture to a world where spooks,
script kiddies and elite crackers battle to effect change one line of code at a time. READ
MORE: http://on.rt.com/qlpe6l

--------------------------------------------------------------------------------------------------

'Spook First' GCHQ to start recruiting tech graduates to work as spies

dZmw_nr8yzI

Published on 4 Jan 2015


Britain's best and brightest are now being offered an extravagant option for the start of
their careers. The government's proposing that young web experts and tech graduates
work at least two years as spies. Anastasia Churkina's got more details on the
programme.

Snoweagle
6th January 2015, 10:12
Have justed posted brief details of a hack on my computer relating to the dependancies necessary for a hacker to expoit our systems. All hackers require a presence on our systems to instigate a hack. The term "hack" broadly means gaining access to the tools they need which are invariably already present within our operating systems, which we each have installed on our computers.

Microsoft, Apple and Linux are all equipped with these tools for remote hackers to exploit. They come as standard.

Brief outline of my troubles:
http://projectavalon.net/forum4/showthread.php?78754-A-somewhat-more-secure-method-for-text-chatting-on-the-Web-than-Skype-or-iChat

yelik
6th January 2015, 14:15
They are just laying the foundations and planting the seed of thought that allows the PTB to gather support from the unsuspecting politicians and public - yes, spend as much as you like protecting us from these evil cyber terrorist that could take us off the grid and cause chaos.

They are telling us in plain site their intentions and everyone will be keen to comply - complete free will, of the idiots

WhiteFeather
6th January 2015, 14:26
Posted on wrong thread by accident.

Frank V
6th January 2015, 17:49
Have justed posted brief details of a hack on my computer relating to the dependancies necessary for a hacker to expoit our systems. All hackers require a presence on our systems to instigate a hack. The term "hack" broadly means gaining access to the tools they need which are invariably already present within our operating systems, which we each have installed on our computers.

Microsoft, Apple and Linux are all equipped with these tools for remote hackers to exploit. They come as standard.


I am sorry, but I do not and cannot agree that GNU/Linux would be laden with "tools for remote hackers to exploit".

GNU/Linux, as a UNIX system, is designed as a timesharing multiuser operating system. This means that multiple users must be able to log in concurrently, whether locally or remotely. The fact that the operating supports that is not an exploit. It was designed to be like that, and it has the best security one could imagine for controlling and limiting access to your machine.

If a GNU/Linux system does get compromised, then the attacker will commonly install a so-called rootkit, which is not there to give them root access, but rather to hide the fact that they already have that. After all, installing a rootkit comprises of writing to protected system areas and loading compromised modules into the kernel, both of which require root privileges to begin with.

Microsoft Windows is another beast. Not only does Microsoft actively sell exploits to the NSA -- and the NSA pays very big money for that -- before they push out an update to their paying customers, but all NT-based versions of Windows -- i.e. Windows NT 3.x, 4.0, Windows 2000, Windows XP and later -- contain two deliberately built-in backdoors. One backdoor allows Microsoft to remotely install or remove software from your computer without your consent, and the other backdoor allows the NSA to remotely take over your computer for use in cyberwarfare.

Apple OS X also contains at least one known backdoor, which also allows Apple to install and/or remove software from your computer without your consent. Still, code-wise, OS X is significantly better than Microsoft Windows, because it contains a large amount of Free & Open Source Software, taken from the FreeBSD operating system, which itself is a FOSS UNIX clone, just like GNU/Linux.


These backdoors are known about in the mainstream, and they have already been proven to work.

In addition to that, the annual reports from Coverity show that Free & Open Source Software scores consistently and significantly better in terms of code quality and security than a comparable amount of proprietary code. Every software engineer who doesn't own a certain amount of shares in Microsoft Corp. knows that Microsoft Windows has the worst possible operating system design in the world, and this is quite logically explained, because Microsoft Windows was never intended to be an operating system in the first place.

Windows was designed as a graphical user interface with a built-in memory extender for DOS -- a single-tasking and single-user operating system -- and a primitive, cooperative multitasking scheduler. It never took into account that computers would be networked one day. When Microsoft decided to replace the DOS underpinnings of Windows by the NT kernel -- which is based upon the kernel of the more powerful (but bloated) VMS operating system -- they essentially simply adapted the Windows layer to that new kernel, but never converted Windows to something more than a single-user platform. All the security subsystems et al in any modern Windows version are merely bolted-on afterthoughts, just like the networking stack (which Microsoft ripped from BSD Unix).

Microsoft owes its success on the desktop to its cartel deals with hardware vendors -- "you scratch my back and I'll scratch yours" -- so that most brand-name personal computers come pre-installed with Microsoft Windows and covered with Microsoft certification stickers. Several consumer-grade hardware peripheral manufacturers even still refuse to support GNU/Linux by offering drivers, while they do support Microsoft Windows, and in a few cases then also OS X. In the server rooms however, Microsoft's market share is negligible, exactly because IT professionals know that Windows is nothing but a poorly written toy and should not be taken seriously. Stock markets, supercomputers, mainframes, large communication networks, Internet Service Providers et al, all use GNU/Linux or another UNIX-family operating system.

The bottom line is that Free & Open Source Software is still one's best bet at having a stable and secure system. Proprietary software comes in a binary form only, and nobody but the corporation behind it is allowed to see the source code, so one does not know what that code actually does. In addition to that, having the source code out in the open means -- to quote Linus Torvalds, the creator of the Linux kernel -- "more eyeballs to spot the bugs". This is how Free & Open Source Software grows: it has a much larger community of contributors, because it's not restricted to the developers of a particular corporation.

Cidersomerset
6th January 2015, 18:28
Hack Check: Cyber-Germany attracts hacktivists, IT geniuses

rPvcna44jSs

Published on 3 Jan 2015


If Germany's Defence Minister is using her fingerprint to open top-secret doors, the country's
security may now be compromised. German hackers have reconstructed the minister's thumb
print and they say Chancellor Merkel's iris could be next in line. Peter Oliver reports on what's
made Germany a magnet for computer brainiacs.

RT LIVE http://rt.com/on-air

Snoweagle
7th January 2015, 00:54
. . . brief details of a hack on my computer . . .

I am sorry, but I do not and cannot agree that GNU/Linux would be laden with "tools for remote hackers to exploit".

. . . lots of useful information regarding systems and their security and exploits . . . post #5 . . .


Thank you Aragon your opinion is acknowledged with respect. Both here and in the referenced thread listed in my post above #2.

You challenge my assertion that I had been hacked on a basic recommended install of Linux yet you first describe the necessary set up guide to a secure Linux install in your first post, which bears no resemblance to that which is "recommended" (by Debian) for a Linux install out of the box to a non proficient member of the public venturing into it's use.

A little background here. When I embarked on this original install I chose to follow the "numpty" or "newbie", install the average non geek would use, if treated as one would a Microsoft install. "Like for like" if you like. I chose this as I didn't want to fart arse around digging down into the system as you have portrayed in your post. This way I could manage my time and effort using a system that didn't take to much of my time in maintenance. I am familiar to Linux, not as a geek but as a utility for embedded programming by use of some of the code. The system itself can look after itself as far as I am concerned as I have absolutely no interest in embarking in Linux expertise as a profession, leaving that for the "geeks". Am more engineer than programmer.

The system I chose to install was an old single core AMD 64 (957) processor. The install went perfectly. Had some wonderful use out of the system for the first couple of days as I familiarised with the new environment provided by KDE. The machine was performing fantastically. I was extremely pleased. So pleased, I selected to "auto update" the recommended list provided me by the operating system. Then my little piece of heaven came crashing down.

Boot time turned into a gamut of boot errors, all self correcting, initially taking a minute or two, until over a couple of weeks a full blown five minute boot up whilst the hack took hold. Even when the hack was successful, the boot process still suffered. Logging off at the full hack my computer would close down TWO systems, the one I was using, clearly seen by the messages on the screen and a second time whilst the "root hack" logged off as well.
Special note here: There was/is a problem with the Radeon graphics card which only impacts heavy graphical work though satisfactory as a terminal display. The original install dealt with that by the very clever X system but the subsequent "auto update" seemed to have a mind of its own and this I believe is what caused the problem, whether back door or otherwise, it lifted the secrecy veil of what was happening or not happening at boot time and was emminently readable.

Once the hack had settled after a couple of weeks, I clearly wasn't using it for anything specific or valuable as I was monitoring this "new" system and familiarising with the various processes running in the background, so as to prepare for a more secure install without following the guidance of "recommended" as asserted by the install software. I knew differently now. New users will not know this. Nor will they follow your wonderful guidance note listed in your post on the complementary thread listed above. The same wonderful guidance I am already using though it was ingratiating that you wrote that for us anyway.

The hack, and it was a hack, was a systematic attack, not of hostility but of monitoring. It was an "official" hack with standard off the shelf programming libraries, tuned to the settings of the machine in use. All the updates came from the "recommeded repositories" as provided from Debian. There were no Koreans, Chinese or Russians creeping in, these files served the likes of GCHQ or NSA or one of their agencies.

Now, in your attack on me, you have just confirmed in two superbly executed posts across two threads, that making our systems safe requires some or a great deal of technical knowledge of how the various processes making up the system works or interacts with each other.

The first post detailed how to set up a new install to make a linux system secure - Brilliant - nods approval
As I described above I did not do this. I followed the "recommended" method advised by the install software. I did this delibreately to determine the strength of the claim. I did not want to ponce around with anything in the background, have more interesting things to do in life than to become a biological input device at a keyboard:-)

Your second post then alludes to "known" back doors within a number of operating systems.
This is very true. "Known" is the appropriate word. I draw the reader to the image and I recommend you consider the following.
On my most recent install I selected to install an "LVM encrypted drive" and the install went perfectly. No problems then nor now. In the image can be seen a listing of software to be updated as determined by the system I am using. Here I would like to point out, the system has already determined what environment I am using and you would think would be offering me the best to enhance my selected install. Listed you will see the file "libgcrypt11 - LGPL Crypto library - runtime library" as recommended to be installed? Why on earth would I want to install a library of pattern matching software to allow "A. N. Other" to investigate my system. (Gonna love your answer to that):-)

I have no use for it. Only someone with the need to monitor memory usage in respect of my usage would be interested in that. Check this out:
http://ece.gmu.edu/crypto_resources/web_resources/libraries.htm
Each of the other recommended "updates" listed are also tools to facilitate a programmer in the service of gaining entry and control. If you the reader would like to check for yourselves, I recommend you do, you will see all the updates serve the needs of the programmer. Even the simple update for Iceweasal can be considered "a programmers facility" when seen in the context of this list.

I would like to point out out I deeply regret starting this debate within Pauls thread about network security for online chat as this has clearly run now and would have disrupted the tenet of his original thread, though I had to highlight system security based on my very recent experience.

I am very glad that Aragon has supported my claim that security preparation is essential on your operating system.

And to finish off with a grand finale - download Debian, install by the recommended options and then go online and see what you get. Do it yourself and find out. Do your own background checks. Check it for yourself. Ask a programmer or Linux expert.
You will see then that Aragon was indeed correct about keeping your machines safe. Otherwise you will be "hacked" but according to him I wasn't.

There you go, have fun peeps:-)

DeDukshyn
7th January 2015, 03:32
I just skimmed your guys last two posts super fast so I may not have gotten the whole gist.

What I noticed is that Snoweagle's processor (AMD 64 957? was that an Opteron you are referring to? I can't recall the 957 - sure you have name right?) might be quite an old processor. At some point, CPU mfgs started putting some hardware security into the processors themselves, perhaps this CPU was too old to have that feature? Do you mean the AMD FX57? -- that was the choice processor by a long shot in it's day ... hard to believe there was a time where AMD processors stomped all over Intel's ... ;)

Just a thought ...

Frank V
7th January 2015, 08:54
. . . brief details of a hack on my computer . . .

I am sorry, but I do not and cannot agree that GNU/Linux would be laden with "tools for remote hackers to exploit".

. . . lots of useful information regarding systems and their security and exploits . . . post #5 . . .


Thank you Aragon your opinion is acknowledged with respect. Both here and in the referenced thread listed in my post above #2.

You challenge my assertion that I had been hacked on a basic recommended install of Linux yet you first describe the necessary set up guide to a secure Linux install in your first post, which bears no resemblance to that which is "recommended" (by Debian) for a Linux install out of the box to a non proficient member of the public venturing into it's use.

Indeed, I do challenge your assertion, because I believe that you are misinterpreting a number of (for a novice) unusual but rather harmless experiences with your system as something which a typical novice would indeed construe as a hacking attempt.



A little background here. When I embarked on this original install I chose to follow the "numpty" or "newbie", install the average non geek would use, if treated as one would a Microsoft install. "Like for like" if you like. I chose this as I didn't want to fart arse around digging down into the system as you have portrayed in your post.

My technical elaboration higher up was on the premise that you were familiar with all these technical details. Now that it appears that you are not, I must apologize to the other readers for the amount of geek talk I've contributed in this thread.



This way I could manage my time and effort using a system that didn't take to much of my time in maintenance. I am familiar to Linux, not as a geek but as a utility for embedded programming by use of some of the code. The system itself can look after itself as far as I am concerned as I have absolutely no interest in embarking in Linux expertise as a profession, leaving that for the "geeks". Am more engineer than programmer.

The system I chose to install was an old single core AMD 64 (957) processor. The install went perfectly. Had some wonderful use out of the system for the first couple of days as I familiarised with the new environment provided by KDE. The machine was performing fantastically. I was extremely pleased. So pleased, I selected to "auto update" the recommended list provided me by the operating system. Then my little piece of heaven came crashing down.

Boot time turned into a gamut of boot errors, all self correcting, initially taking a minute or two, until over a couple of weeks a full blown five minute boot up whilst the hack took hold.

Correction: that which you believe would have been a hack. What you saw was probably a conflict of certain daemons trying to start up. Updates do go wrong on occasion, and especially with a "rolling release" distribution like Debian.



Even when the hack was successful, the boot process still suffered. Logging off at the full hack my computer would close down TWO systems, the one I was using, clearly seen by the messages on the screen and a second time whilst the "root hack" logged off as well.


I am sorry, but that simply doesn't make any sense at all. I would need to see hard evidence of what was actually going on in order to form an idea of what was wrong with your system, but I do not believe for one minute that you were hacked.



Special note here: There was/is a problem with the Radeon graphics card which only impacts heavy graphical work though satisfactory as a terminal display. The original install dealt with that by the very clever X system but the subsequent "auto update" seemed to have a mind of its own and this I believe is what caused the problem, whether back door or otherwise, it lifted the secrecy veil of what was happening or not happening at boot time and was emminently readable.


Okay, I'm beginning to understand the confusion now. So I'm going to address two separate things from your above paragraph, here-below.

First of all, yes, you are correct that Radeon video cards have always been somewhat problematic, although the tide appears to be shifting, and lately it's the nVidia video adapters which are becoming more problematic.

The thing with the Radeon -- which used to be marketed by ATi, but ATi has in the meantime been acquired by AMD -- is that the proprietary drivers for it were worthless, because ATi had a much smaller team of developers writing driver code for GNU/Linux, as opposed to nVidia, who had many more developers working on their proprietary GNU/Linux drivers. The Radeon drivers rendered the system extremely unstable -- trust me, I've been there.

In the meantime however, AMD has released as much as they could -- i.e. that which is not covered under a non-disclosure agreement that AMD had to sign with ATi as part of the take-over -- as Free & Open Source, so that this technology could find its way into the GPL-licensed radeon driver. nVidia on the other hand does exactly the opposite: their proprietary drivers are of very high quality, but they are also notoriously uncooperative with the Free Software developers, and as such, the GPL-licensed nouveau driver isn't really usable if you want to do anything more with your graphics card than simply show 2D images on the screen.

Now, on account of the second thing you mention, I can already see what was going on and why you thought that the system was hacked. See, most modern distributions install a so-called graphical "splash screen" to hide the boot messages. The software that does this is typically a package named plymouth. However, all that plymouth does is hide those messages, because they are normally still being sent to the physical console at boot-up, and those messages are divided into two parts: kernel messages on the one hand, and messages from the individual daemons being started in userspace by the init process on the other hand. The latter typically have status messages next to them in the form of "[ OK ]" or "[ FAILED ]".

Now, presumably, during that update process, something was installed that conflicted with the version of plymouth on your system. A possibility would be a new graphics driver, which did not allow the console to go into the required framebuffer mode so it could display the graphical splash screen, and instead showed the VGA-style boot-up messages in plain text.

Personally I never install such splash screens, because if something goes wrong during the boot process, then I want to see what it is, so that I can fix it. Alas, the splash screens have been introduced for the newbies who come from the Windows world and require an entirely graphical operating system, even though GNU/Linux is not a graphical system in and of itself. It's a character-mode operating system, with an optional graphical user interface running on top of it in roughly the same manner as that Microsoft Windows 3.x ran on top of MS-DOS.



Once the hack had settled after a couple of weeks, I clearly wasn't using it for anything specific or valuable as I was monitoring this "new" system and familiarising with the various processes running in the background, so as to prepare for a more secure install without following the guidance of "recommended" as asserted by the install software. I knew differently now. New users will not know this. Nor will they follow your wonderful guidance note listed in your post on the complementary thread listed above. The same wonderful guidance I am already using though it was ingratiating that you wrote that for us anyway.

The hack, and it was a hack, was a systematic attack, not of hostility but of monitoring. It was an "official" hack with standard off the shelf programming libraries, tuned to the settings of the machine in use. All the updates came from the "recommeded repositories" as provided from Debian. There were no Koreans, Chinese or Russians creeping in, these files served the likes of GCHQ or NSA or one of their agencies.

No, I'm afraid it was not a hack, but instead it was you panicking over the fact that you suddenly got to see all those nitty-gritty boot-up messages which are normally hidden from sight by the graphical splash screen with its progress bar.



Now, in your attack on me, you have just confirmed in two superbly executed posts across two threads, that making our systems safe requires some or a great deal of technical knowledge of how the various processes making up the system works or interacts with each other.

No, that is not what I have done. As I wrote, GNU/Linux is pretty secure "out of the box", but I gave some extra tips with regard to making it even more secure, because nothing is ever 100% secure, and the spooks do know the dirty tricks -- which mainly boil down to social engineering and getting people to give up their login credentials, et al.



The first post detailed how to set up a new install to make a linux system secure - Brilliant - nods approval

Correction: "to make it even more secure".



As I described above I did not do this. I followed the "recommended" method advised by the install software. I did this delibreately to determine the strength of the claim. I did not want to ponce around with anything in the background, have more interesting things to do in life than to become a biological input device at a keyboard:-)

Your second post then alludes to "known" back doors within a number of operating systems.
This is very true. "Known" is the appropriate word. I draw the reader to the image and I recommend you consider the following.
On my most recent install I selected to install an "LVM encrypted drive" and the install went perfectly. No problems then nor now. In the image can be seen a listing of software to be updated as determined by the system I am using. Here I would like to point out, the system has already determined what environment I am using and you would think would be offering me the best to enhance my selected install. Listed you will see the file "libgcrypt11 - LGPL Crypto library - runtime library" as recommended to be installed? Why on earth would I want to install a library of pattern matching software to allow "A. N. Other" to investigate my system. (Gonna love your answer to that):-)

Encryption is used by many things in the system, such as the login process. This is typically a one-way encryption. Your login credentials are encrypted and compared to the already encrypted data in /etc/shadow, which does not contain your actual password, but a so-called salted and hashed version of it. And that's pretty secure, because the data in /etc/shadow are only readable to processes running with root privileges (such as the login daemon) -- the file is not readable to anyone else -- and even if someone were able to read it still, then the passwords cannot be decrypted again. So the only way to make sure that your login matches your encrypted password is to encrypt that information again and then compare it to what's in /etc/shadow.

However, your system is also supposed to support SSL ("Secure Sockets Layer") for in case you want to connect to a secured website -- e.g. via https, rather than http. If you decide to encrypt an LVM volume on your hard disk, then your system is also going to have to know about encryption technology or it won't be able to create such an encrypted volume in the first place, nor would it be able to make the contents of that volume visible to you again after you log in.

That's what those libraries are for.



I have no use for it. Only someone with the need to monitor memory usage in respect of my usage would be interested in that. Check this out:
http://ece.gmu.edu/crypto_resources/web_resources/libraries.htm
Each of the other recommended "updates" listed are also tools to facilitate a programmer in the service of gaining entry and control.

No, they most certainly are not. I'm afraid you're seeing things. Those are standard libraries which are needed in order to make your system more secure and/or allow you to access secured websites, e.g. for banking purposes or on-line acquisitions. You wouldn't want your bank account details and such transmitted over the web as unencrypted plain text now, would you?

And what do you think you'd be using if you set up PGP ("Pretty Good Privacy") -- or actually, in GNU/Linux, it's called GPG ("GNU Privacy Guard") -- for sending encrypted e-mail, so that the receiver can rest assured that they got the message from you and not from somebody spoofing your identity? Exactly: you'd be using those cryptography libraries.



If you the reader would like to check for yourselves, I recommend you do, you will see all the updates serve the needs of the programmer. Even the simple update for Iceweasal can be considered "a programmers facility" when seen in the context of this list.

I'm afraid that's absolute hogwash. Iceweasel is a web browser -- it is the Debian-specific version of Firefox, created because of a dispute over some licensing issues with regard to Mozilla, the organization behind Firefox, Thunderbird, et al. A web browser does need to have encryption support because it needs to support secure connections via (among other things) https.



I would like to point out out I deeply regret starting this debate within Pauls thread about network security for online chat as this has clearly run now and would have disrupted the tenet of his original thread, though I had to highlight system security based on my very recent experience.

I am very glad that Aragon has supported my claim that security preparation is essential on your operating system.

Please don't put any words in my mouth. I have never confirmed nor asserted that the additional security measures I have proposed -- other than disallowing root logins via SSH, which should normally be disabled "out of the box" already, but one never knows -- would be essential. I have merely tried to offer some -- in my opinion -- very sound advice with regard to keeping your system more secure than it already is.



And to finish off with a grand finale - download Debian, install by the recommended options and then go online and see what you get. Do it yourself and find out. Do your own background checks. Check it for yourself. Ask a programmer or Linux expert.
You will see then that Aragon was indeed correct about keeping your machines safe. Otherwise you will be "hacked" but according to him I wasn't.

There you go, have fun peeps:-)

And indeed, you were not hacked at all.

ThePythonicCow
7th January 2015, 12:07
Aragorn - I agree with your technical analysis above.
Snoweagle - I don't mind at all the discussion that you comments have resulted in, on this thread.

Both - I don't find it surprising that Aragorn's efforts to be technically accurate and to clearly call out technical points of disagreement were felt as personal disagreements by Snoweagle. I see such happen many a time on the forum, and I have seen such happen in my personal life (with me most often playing the role of Aragorn.) I don't have a general solution ... wish I did.

Frank V
7th January 2015, 12:28
Aragorn - I agree with your technical analysis above.
Snoweagle - I don't mind at all the discussion that you comments have resulted in, on this thread.

Both - I don't find it surprising that Aragorn's efforts to be technically accurate and to clearly call out technical points of disagreement were felt as personal disagreements by Snoweagle. I see such happen many a time on the forum, and I have seen such happen in my personal life (with me most often playing the role of Aragorn.) I don't have a general solution ... wish I did.

I share your pain, brother. I come across a lot of these discussions in my personal life as well, and it usually ends with people telling me I'm full of it and doing things their way anyway, and then later on, when they've bumped into that wall I told them not to bump into, me telling them "I don't want to say 'I told you so', but, yeah, I told you so." :p

Frank V
7th January 2015, 12:58
[...]What I noticed is that Snoweagle's processor (AMD 64 957? was that an Opteron you are referring to? I can't recall the 957 - sure you have name right?)

I'm not sure he spelled it out correctly either -- I would have to look it up -- but I believe that number pertains to the socket version. Later AMD processors started using the so-called AM2 socket, but by now it's already something else again as well.


[...]... hard to believe there was a time where AMD processors stomped all over Intel's ... ;)


Personally, whereas microprocessors are concerned, I still prefer AMD over Intel, both for technical and political reasons. I've had some bad experiences with Intel processors and even with an enterprise-grade Intel server motherboard. My AMD machines on the other hand have always worked very well. The box I'm typing this message from is an AMD as well.

Politically, even though Intel submits more code to the development of the Linux kernel than AMD does -- which is in part because Intel also makes graphics hardware for notebooks and also offers GPL-licensed drivers for those -- AMD is actually the company with a bigger heart for Free & Open Source Software.

When they created the AMD64 architecture, they deliberately included registers which the Linux kernel could use as an IOMMU ("input/output memory management unit") without that anyone had asked -- an IOMMU comes in really handy for virtualization purposes. Conversely, Microsoft had to ask AMD to include two normally unused segment registers because Windows needed those in order to switch between processor modes. (Apparently, Microsoft is narcissistic enough to believe that it's easier to redesign the hardware than to rewrite a couple dozen lines of kernel code.)

In addition to that, Intel has also behaved quite monopolistically -- just like Microsoft -- and is one of the corporations involved in the so-called Trusted Computing Platform, which, unlike what its name says, is definitely not to be trusted, as it restricts one in what one can run on one's own computer. It is being advertised as "security" but it's actually intended both for DRM ("digital rights management", also known as "digital restrictions management") and for helping to promote and maintain Microsoft's monopoly in the desktop and notebook market.

The UEFI ("unified extensible firmware interface") firmware with the Secure Boot facility, which replaces the legacy BIOS ("basic input/output system") in newer consumer-grade motherboards, is also specifically designed to enforce Microsoft's monopoly, by making it harder -- not impossible, but harder -- for machines with an UEFI chip to run GNU/Linux.

AMD is also on the UEFI committee, but said committee is primarily driven by Intel and Microsoft -- it is often referred to as "the Wintel monopoly" -- and the UEFI command line interface is clearly inspired upon the Windows NT CMD.EXE and PowerShell syntax.

That all said, on account of video adapter cards however, I still prefer nVidia, after some very bad experiences with a Radeon-based card. nVidia is notoriously uncooperative with the Free Software community by only revealing small parts of its technology to the Linux developers, but their proprietary drivers are generally very, very good. On the other hand, the tide does appear to be changing now that AMD is releasing much of its rewritten-from-scratch driver code for the Radeon drivers, so the Free & Open Source drivers for those are now becoming highly functional, and fairly stable.

ThePythonicCow
7th January 2015, 14:47
and the UEFI command line interface is clearly inspired upon the Windows NT CMD.EXE and PowerShell syntax.
My initial thoughts, on starting to work with Intel's EFI over a decade ago (before it became UEFI), was that it was DOS in a boot rom, recoded presumably for intellectual property reasons.

Frank V
7th January 2015, 15:40
and the UEFI command line interface is clearly inspired upon the Windows NT CMD.EXE and PowerShell syntax.
My initial thoughts, on starting to work with Intel's EFI over a decade ago (before it became UEFI), was that it was DOS in a boot rom, recoded presumably for intellectual property reasons.

Well, it's not really DOS as it runs in the processor's protected mode on x86-32 or long mode on x86-64. But yes, it's pretty much DOS-inspired. And it's also completely useless, because no modern operating system requires a BIOS. GNU/Linux, OS X, OS/2 (now called eComStation), BeOS (and it's FOSS clone, Haiku), or even the NT-based versions of Microsoft Windows, they all have their own built-in routines for accessing the hardware. All the firmware really needs to do is set up the very basic hardware configuration at boot time -- i.e. voltages, et al -- and perhaps regulate the fan speeds and such via the so-called systems management mode (on x86). There is no added value in having an EFI.

Of course, one could argue that the legacy BIOS -- which runs in the x86 processor's real mode -- is outdated, but then again, one could say the same thing about the processor's real mode itself, which was only kept in because of (1) the fact that the legacy BIOS uses it, and (2) the fact that Microsoft kept on selling DOS-based versions of Windows until the year 2000 -- Windows 95, Windows 98 and Windows Millennium Edition all still ran on top of a DOS subsystem, even though that DOS subsystem was integrated with Windows so tightly that one could not substitute it by another DOS from a competing vendor, such as DR DOS (and that was Microsoft's intent all along).

There are many things about modern so-called PC-compatible hardware which are legacy. The Num Lock key, for instance. That's a leftover from the days of the old IBM PC and PC/XT. On a modern day desktop workstation keyboard (and even on many modern notebook keyboards) it is absolutely superfluous, because they all have separate cursor keys. And yet it's still there, and nobody seems to have thought about removing it. There's also a similar thing with the Insert key. It's labeled Ins, even though all modern operating systems default to "insert mode" for editing, so that a push on the Ins key actually switches to "overwrite mode". Only FreeDOS (as the only survivor of the DOS family) still defaults to "overwrite mode".

Either way, it doesn't take all that long to switch an x86 processor into protected mode. When you boot a GNU/Linux system from a boot loader such as GRUB or LILO, it takes only a few milliseconds after pressing Enter/Return before the page tables and descriptor tables are set up and the processor enters protected or long mode. By the time you see the penguins at the top of the screen, it's already long in protected (or long) mode, and the compressed kernel image has already long been expanded and loaded, and is beginning to index and initialize the hardware in the machine.

In fact, if that were still real mode, then you wouldn't even be able to see more than one penguin, because real mode does not support multitasking and therefore also no symmetric multiprocessing -- and then we're not even talking of NUMA yet. Getting into the details of the Linux boot process is interesting but it would derail this thread even more, so let's not go there -- unless you and the other readers would like that, of course, but somehow I don't think that would be the case. :p

So the bottom line is that EFI (or UEFI) offers no benefit whatsoever on x86. But Microsoft were pushing UEFI because of its Secure Boot subsystem, which is now mandatory for all consumer-grade computers which are to feature Microsoft certification stickers for Windows 8 (which is actually Windows NT 6.2) and above, and which requires an installed operating system to be registered to the UEFI with a key... to be purchased from Microsoft -- not that it's expensive, but it's the principle that matters. So that means that Microsoft effectively claims ownership of the computer you paid for with your own money, just because it happens to be an x86 or ARM machine.

And the big joke of the matter is that Windows 8 and above don't even use or require a UEFI, because they can just as easily be booted up from a legacy BIOS -- at least, on x86, because ARM does not have a real mode and therefore requires different firmware. But even then, there would be alternatives, such as CoreBoot, which is entirely Free & Open Source firmware. Alas, many of the manufacturers that supported CoreBoot were paid off to stop supporting it. We've seen a similar scenario with the ratification of MS-OOXML as an international documents standard. Microsoft's liquid assets (and those of its founders) go quite a long way. :-/

Oh well, I'm just ranting. Sorry about that. :-)


:stepping off of my soap box again: :p

Cidersomerset
7th January 2015, 16:09
I'm not commenting on the debate as I come from the non ' tech savvy' and am more
interested with the whole strategic theme that is going on as this information boom
with the web coincided with the end of the cold war and the repositioning of power
over the past 25 years as the main 'bogey' men evaporated behind the iron curtain.

The war on terror that has replaced it and the axis of evil countries that have either
been invaded like Iraq, Afghan and Libya. Or still on the wish list for the mil ind comp.
and the Zionist neo cons and their allies , which countries are Iran, Syria and possible
conflicts with Russia and China although I don't think they really want all out war
however mad and blood thirsty the real puppet masters are. Though events can get
out of hand , the role of the 'five eyes' countries US, UK ,Canada , Australia & New
Zealand.http://en.wikipedia.org/wiki/Five_Eyes set up during the cold war to
coordinate surveillance of the Eastern block countries and others.

Its partly the result of these agreements that are still valid that has kept the
west intel agents still spying and gathering data as if the cold war was still
going. They had to keep it going and the war on terror and cyber crime
has to be hyped up so the relevant departments can still get their funding.

Edward Snowden and others revelations to the extent of this surveillance
has put the intel agencies and governments in a moral as well as diplomatic
dilemma. As although all countries Russia ,China etc spy and intel agencies
are important it is open to abuse and this is where we are now......

Frank V
7th January 2015, 16:21
I'm not commenting on the debate as I come from the non ' tech savvy' and am more
interested with the whole strategic theme that is going on as this information boom
with the web coincided with the end of the cold war and the repositioning of power
over the past 25 years as the main 'bogey' men evaporated behind the iron curtain.

The war on terror that has replaced it and the axis of evil countries that have either
been invaded like Iraq, Afghan and Libya. Or still on the wish list for the mil ind comp.
and the Zionist neo cons and their allies , which countries are Iran, Syria and possible
conflicts with Russia and China although I don't think they really want all out war
however mad and blood thirsty the real puppet masters are. Though events can get
out of hand , the role of the 'five eyes' countries US, UK ,Canada , Australia & New
Zealand.http://en.wikipedia.org/wiki/Five_Eyes set up during the cold war to
coordinate surveillance of the Eastern block countries and others.

Its partly the result of these agreements that are still valid that has kept the
west intel agents still spying and gathering data as if the cold war was still
going. They had to keep it going and the war on terror and cyber crime
has to be hyped up so the relevant departments can still get their funding.

Edward Snowden and others revelations to the extent of this surveillance
has put the intel agencies and governments in a moral as well as diplomatic
dilemma. As although all countries Russia ,China etc spy and intel agencies
are important it is open to abuse and this is where we are now......

Correct, and also, do not forget how the Internet was created. It started out as a US military computer network (called DARPANET), and it was Al Gore -- who's a faithful serf of the Rothschild clan -- who opened it up to the general public. Even to this very day, the USA refuse to relinquish control of the Internet's root servers to any international body.

In other words, what better means of surveillance and control of the general public can you think of -- and what better means of serving the big corporations -- than inviting the unsuspecting populace onto what is essentially a military computer network in disguise? And all the while, they themselves use Tor and similar technologies to hide what they are doing.

Can you say oligarchy? Yes, I think you can.



http://www.cairn-communication.fr/wp-content/uploads/2014/04/yes-we-scan.jpg

Snoweagle
7th January 2015, 21:01
I just skimmed your guys last two posts super fast so I may not have gotten the whole gist.

What I noticed is that Snoweagle's processor (AMD 64 957? was that an Opteron you are referring to? I can't recall the 957 - sure you have name right?) might be quite an old processor. At some point, CPU mfgs started putting some hardware security into the processors themselves, perhaps this CPU was too old to have that feature? Do you mean the AMD FX57? -- that was the choice processor by a long shot in it's day ... hard to believe there was a time where AMD processors stomped all over Intel's ... ;)

Just a thought ...

Sorry to infuse confusion into this, I'd made the note after the processor to mimic an edit, as at the time, typing, my mind was elsewhere and I missed the edit - me bad

The processor is an old AMD single core 754 socket. An old machine yet serves as a server in the corner.