[coreboot] Remote security exploit in all 2008+ Intel platforms

Peter Stuge peter at stuge.se
Fri May 5 14:10:23 CEST 2017


First, thanks to everyone who is working hard to maintain a good tone
on the list. I certainly appreciate that.

While the ME and that it may have issues ;) is not so big news for many
in this community, this is an important news story for IT in general,
as it furthers the goal of platform and firmware openness.


Sometimes I disagree strongly with Ron, but I think he makes a good
point here:

ron minnich wrote:
> I realize feelings are strong about these issues, but calling
> people and projects "corrupt" is unacceptable and, in my view
> anyway, I'd like people who say such things to find another
> project.  I watched the Plan 9 mailling list get destroyed by a few
> bad actors and I don't want to see that happen here.

I don't think saying "corrupt" is neccessarily taboo, but the word
needs to be used carefully, or you may just end up poisoning the
community - *that* is unacceptable.

I would like to take this opportunity to ask a favor of everyone
in this community: Don't allow words to poison you too easily. Stay
strong. I found this graphic very helpful:

http://www.netbooknews.com/wp-content/2011/07/the-pyramid-of-debate-550x417.jpg

Don't fall down the pyramid, and don't let anyone else pull you down.


It's easy to claim that someone else does the wrong<tm> thing even
with good intentions, but you can extrapolate that someone is doing
wrong<tm>, just because they seem to have good intentions.

And keep in mind that while everyone in the coreboot community seeks
open firmware more or less actively, some seek even more open platforms
than others.

As long as someone is investing in improving the firmware status quo,
that is a good thing for all of us, even if the road becomes somewhat
longer than we may like. It's not for me to say what someone else
spends their time developing. I can disagree, and tell them, as they
can with me, but I can't expect them to care.


My personal attitude to Librem as far as an open laptop platform goes
is that it's too little too late, but that that's not really through
any fault of Puri.sm.

Sure, I was disappointed by early communication with the company about
the difficulties of the task they had set for themselves, and I agree
that they have been underestimating the problem. I am guilty of that
too at times. The question is what we do to better ourselves.

Like Ron, I think it's great that Youness is joining the coreboot
community! :)


//Peter



More information about the coreboot mailing list